Commit Graph

6567 Commits

Author SHA1 Message Date
Richard Henderson
ff38bca7d6 target/arm: Check PAGE_WRITE_ORG for MTE writeability
We can remove PAGE_WRITE when (internally) marking a page
read-only because it contains translated code.

This can be triggered by tests/tcg/aarch64/bti-2, after
having serviced SIGILL trampolines on the stack.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-12 11:06:24 +01:00
Babu Moger
cdeaed2778 i386: Add missing cpu feature bits in EPYC-Rome model
Found the following cpu feature bits missing from EPYC-Rome model.
ibrs    : Indirect Branch Restricted Speculation
ssbd    : Speculative Store Bypass Disable

These new features will be added in EPYC-Rome-v2. The -cpu help output
after the change.

x86 EPYC-Rome             (alias configured by machine type)
x86 EPYC-Rome-v1          AMD EPYC-Rome Processor
x86 EPYC-Rome-v2          AMD EPYC-Rome Processor

Reported-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com>
Signed-off-by: Babu Moger <babu.moger@amd.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: David Edmondson <david.edmondson@oracle.com>
Message-Id: <161478622280.16275.6399866734509127420.stgit@bmoger-ubuntu>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-04-09 16:02:18 -04:00
Peter Maydell
21c2dd77a6 Revert "target/arm: Make number of counters in PMCR follow the CPU"
This reverts commit f7fb73b8cd.

This change turned out to be a bit half-baked, and doesn't
work with KVM, which fails with the error:
   "qemu-system-aarch64: Failed to retrieve host CPU features"

because KVM does not allow accessing of the PMCR_EL0 value in
the scratch "query CPU ID registers" VM unless we have first
set the KVM_ARM_VCPU_PMU_V3 feature on the VM.

Revert the change for 6.0.

Reported-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Zenghui Yu <yuzenghui@huawei.com>
Message-id: 20210331154822.23332-1-peter.maydell@linaro.org
2021-04-06 11:49:14 +01:00
Pavel Dovgalyuk
ef951ee33f target/alpha: fix icount handling for timer instructions
This patch handles icount mode for timer read/write instructions,
because it is required to call gen_io_start in such cases.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <161700373035.1135822.16451510827008616793.stgit@pasha-ThinkPad-X280>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-04-05 07:32:56 -07:00
Peter Maydell
25d75c99b2 target/xtensa fixes for v6.0:
- make meson.build pick up all available xtensa core definitions;
 - don't modify Makefile.objs in import_core.sh;
 - add sed rule to import_core.sh to make xtensa_modules variable static.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCgAxFiEEK2eFS5jlMn3N6xfYUfnMkfg/oEQFAmBokwkTHGpjbXZia2Jj
 QGdtYWlsLmNvbQAKCRBR+cyR+D+gRMFvD/9RzXL4xqf9jUEUqW5YzvV1+UK7qecx
 P8U1IGdmhZj1wpvU+og/Y5adbhE4DpttKSwi+TRHe2hyduIp8QpgcegSsedLJ2CG
 iJJookfBtfW8k5lBdOJx7U+WzXY78Gfh3te0QnJPyQIuc5TF54h3ZgLG6HHp9MbY
 R97/k1Sy1lO4br5v6AKAGSHWvfzezjFRYSsnW+viGEDlqCeSlZu1/pdM1fdUN4Gb
 sHmrijzDZaYSmX2JkC/YNkGwVU/Rm09ZD64QFl5bvtilZuWqAiXHtgr+y51qwgf0
 jhr56anMr/4fnaN0ggBZs8Yzkj959EP9xLj0nDeD8MZxvOXtFqqivZGlSlJTFvJM
 Ab5Ci1URy+ugMBG5WBuSBtPee/rhaoA0AfRLlzW30vByiLqBMElKwK9i08qkMt0/
 TWa4ylub55rl2Tq00EBtZK4VbgNRXndD+D4jjrO556XHUHIuM9VjAcdT2WcXm0YK
 HXRhUxKL+0+Bvs+QokP0o6lsVai/H7j7XYkbbm3oKBo9tPlnf6cIJDhNNAHB1TpN
 m5wNcI4pjxSSmuEesRK9PR65iss3m5nEKCaQdg67fAg13JVRHe9eDW4v1EY50g1Z
 v3gsBHRg9dYkNsl0xqTjwnP28dQz4sBV6GFGr6IWv4eNkbX0ZkfnOJ9kBSyWvHvd
 dFSbu+SvV1ehqw==
 =8KtK
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/xtensa/tags/20210403-xtensa' into staging

target/xtensa fixes for v6.0:

- make meson.build pick up all available xtensa core definitions;
- don't modify Makefile.objs in import_core.sh;
- add sed rule to import_core.sh to make xtensa_modules variable static.

# gpg: Signature made Sat 03 Apr 2021 17:08:41 BST
# gpg:                using RSA key 2B67854B98E5327DCDEB17D851F9CC91F83FA044
# gpg:                issuer "jcmvbkbc@gmail.com"
# gpg: Good signature from "Max Filippov <filippov@cadence.com>" [unknown]
# gpg:                 aka "Max Filippov <max.filippov@cogentembedded.com>" [full]
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>" [full]
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20210403-xtensa:
  target/xtensa: make xtensa_modules static on import
  target/xtensa: fix meson.build rule for xtensa cores

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-04 21:48:45 +01:00
Max Filippov
30c676134e target/xtensa: make xtensa_modules static on import
xtensa_modules variable defined in each xtensa-modules.c.inc is only
used locally by the including file. Make it static.

Reported-by: Yury Gribov <tetra2005@gmail.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-04-03 08:52:18 -07:00
Max Filippov
84317d57e8 target/xtensa: fix meson.build rule for xtensa cores
import_core.sh tries to change Makefile.objs when importing new xtensa
core, but that file no longer exists. Rewrite meson.build rule to pick
up all source files that match core-*.c pattern and drop commands that
change Makefile.objs.

Cc: qemu-stable@nongnu.org # v5.2.0
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2021-04-03 08:52:18 -07:00
Paolo Bonzini
2008b34a59 hexagon: do not specify Python scripts as inputs
Python scripts are not inputs, and putting them in @INPUT@.  This
puts requirements on the command line format, keeping all inputs
close to the name of the script.  Avoid that by not including the
script in the command and not in the inputs.

Also wrap "PYTHONPATH" usage with "env", since setting the environment
this way is not valid under Windows.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-04-01 10:37:20 +02:00
Paolo Bonzini
a5158a963e hexagon: do not specify executables as inputs
gen_semantics is an executable, not an input.  Meson 0.57 special cases
the first argument and @INPUT@ is not expanded there.  Fix that by
not including it in the input, only in the command.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-04-01 10:37:20 +02:00
Pavel Dovgalyuk
b9e40bac9c target/openrisc: fix icount handling for timer instructions
This patch adds icount handling to mfspr/mtspr instructions
that may deal with hardware timers.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru>
Message-Id: <161700376169.1135890.8707223959310729949.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Stafford Horne <shorne@gmail.com>
2021-04-01 10:37:20 +02:00
Richard Henderson
10b8eb94c0 target/i386: Verify memory operand for lcall and ljmp
These two opcodes only allow a memory operand.

Lacking the check for a register operand, we used the A0 temp
without initialization, which led to a tcg abort.

Buglink: https://bugs.launchpad.net/qemu/+bug/1921138
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210324164650.128608-1-richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-04-01 09:40:45 +02:00
Greg Kurz
9cbcfb5924 target/ppc/kvm: Cache timebase frequency
Each vCPU core exposes its timebase frequency in the DT. When running
under KVM, this means parsing /proc/cpuinfo in order to get the timebase
frequency of the host CPU.

The parsing appears to slow down the boot quite a bit with higher number
of cores:

# of cores     seconds spent in spapr_dt_cpus()
      8                  0.550122
     16                  1.342375
     32                  2.850316
     64                  5.922505
     96                  9.109224
    128                 12.245504
    256                 24.957236
    384                 37.389113

The timebase frequency of the host CPU is identical for all
cores and it is an invariant for the VM lifetime. Cache it
instead of doing the same expensive parsing again and again.

Rename kvmppc_get_tbfreq() to kvmppc_get_tbfreq_procfs() and
rename the 'retval' variable to make it clear it is used as
fallback only. Come up with a new version of kvmppc_get_tbfreq()
that calls kvmppc_get_tbfreq_procfs() only once and keep the
value in a static.

Zero is certainly not a valid value for the timebase frequency.
Treat atoi() returning zero as another parsing error and return
the fallback value instead. This allows kvmppc_get_tbfreq() to
use zero as an indicator that kvmppc_get_tbfreq_procfs() hasn't
been called yet.

With this patch applied:

    384                 0.518382

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <161600382766.1780699.6787739229984093959.stgit@bahia.lan>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-03-31 11:10:50 +11:00
Peter Maydell
f7fb73b8cd target/arm: Make number of counters in PMCR follow the CPU
Currently we give all the v7-and-up CPUs a PMU with 4 counters.  This
means that we don't provide the 6 counters that are required by the
Arm BSA (Base System Architecture) specification if the CPU supports
the Virtualization extensions.

Instead of having a single PMCR_NUM_COUNTERS, make each CPU type
specify the PMCR reset value (obtained from the appropriate TRM), and
use the 'N' field of that value to define the number of counters
provided.

This means that we now supply 6 counters for Cortex-A53, A57, A72,
A15 and A9 as well as '-cpu max'; Cortex-A7 and A8 stay at 4; and
Cortex-R5 goes down to 3.

Note that because we now use the PMCR reset value of the specific
implementation, we no longer set the LC bit out of reset.  This has
an UNKNOWN value out of reset for all cores with any AArch32 support,
so guest software should be setting it anyway if it wants it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-id: 20210311165947.27470-1-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2021-03-30 14:05:33 +01:00
Gerd Hoffmann
d4c603d7be s390x: move S390_ADAPTER_SUPPRESSIBLE
The definition S390_ADAPTER_SUPPRESSIBLE was moved to "cpu.h", per
suggestion of Thomas Huth. From interface design perspective, IMHO, not
a good thing as it belongs to the public interface of
css_register_io_adapters(). We did this because CONFIG_KVM requeires
NEED_CPU_H and Thomas, and other commenters did not like the
consequences of that.

Moving the interrupt related declarations to s390_flic.h was suggested
by Cornelia Huck.

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210317095622.2839895-2-kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-26 09:33:50 +01:00
Peter Maydell
1a4d83b564 target-arm queue:
* hw/arm/virt: Disable pl011 clock migration if needed
  * target/arm: Make M-profile VTOR loads on reset handle memory aliasing
  * target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fill
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmBZ+oEZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3jnoD/0aToosqYaDppJ7kxRIuOof
 9hXcQXIpMFBk0x4sAPhSnXSxnw4uevBJWl5zcn4GvqazdToq7ocn+38DVR0oxSg/
 VDZVTKOgE0yBMmsOCCrW5spZM4M/SQxa7ebfZU0uT9yu4W9XVT8Cs6EZ8wNuFUOo
 hs8zTf483wD9pW+dq195HGjvPpvk999DCeBFiYZHCncuwWyuQveduiKv6/V1NPQF
 KOlLoXto/lbcDdrOV0yPfhiLXMrXA0TIN3SDwE2QrPqTEQJWR0TaiUQ17HLCHgDG
 xNfh+nM5sP56B8a/aRwx9z+BKv0/+KjlYO4lZ165xRA+NGKpV8E7A7VjUZEbHM1R
 x+c/rCsk/dbDAVjJi9hb+RFsqpsdmz/6KhnaHBmO/beZXqeFjaD2JN+XpnrOsquk
 UUJJb0HS5f+hyBLU1jQsdeRX0Wl8N6xipd4pw0+K60I3Aefv+8/bqr6LYxJafqd4
 bhFvuDCecAE00FreexiWi32tHRV10aAWhxcpggh1n3dyflJkxjouRdeWZ7UAlMVK
 1yifIZqUsQ3Q+ZDUq9QZZJRbkldy7z0Kuw3xGMKZJnC40h+szs2Xl7ARZPu87fdZ
 4zdDOq3blfnLyLVoHO01bi+trA9XvNF/cn0CWw0eIRPo8NUr7rG6aROBHBMECq4v
 ZBljEj9Wrr1PgN/yxpxREQ==
 =eihR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210323' into staging

target-arm queue:
 * hw/arm/virt: Disable pl011 clock migration if needed
 * target/arm: Make M-profile VTOR loads on reset handle memory aliasing
 * target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fill

# gpg: Signature made Tue 23 Mar 2021 14:26:09 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20210323:
  target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fill
  target/arm: Make M-profile VTOR loads on reset handle memory aliasing
  hw/core/loader: Add new function rom_ptr_for_as()
  memory: Add offset_in_region to flatview_cb arguments
  memory: Document flatview_for_each_range()
  memory: Make flatview_cb return bool, not int
  hw/arm/virt: Disable pl011 clock migration if needed

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-23 21:15:17 +00:00
Richard Henderson
dad90de78e target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fill
Pretend the fault always happens at page table level 3.

Failure to set this leaves level = 0, which is impossible for
ARMFault_Permission, and produces an invalid syndrome, which
reaches g_assert_not_reached in cpu_loop.

Fixes: 8db94ab4e5 ("linux-user/aarch64: Pass syndrome to EXC_*_ABORT")
Reported-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210320000606.1788699-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-23 14:07:55 +00:00
Peter Maydell
75ce72b785 target/arm: Make M-profile VTOR loads on reset handle memory aliasing
For Arm M-profile CPUs, on reset the CPU must load its initial PC and
SP from a vector table in guest memory.  Because we can't guarantee
reset ordering, we have to handle the possibility that the ROM blob
loader's reset function has not yet run when the CPU resets, in which
case the data in an ELF file specified by the user won't be in guest
memory to be read yet.

We work around the reset ordering problem by checking whether the ROM
blob loader has any data for the address where the vector table is,
using rom_ptr().  Unfortunately this does not handle the possibility
of memory aliasing.  For many M-profile boards, memory can be
accessed via multiple possible physical addresses; if the board has
the vector table at address X but the user's ELF file loads data via
a different address Y which is an alias to the same underlying guest
RAM then rom_ptr() will not find it.

Use the new rom_ptr_for_as() function, which deals with memory
aliasing when locating a relevant ROM blob.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210318174823.18066-6-peter.maydell@linaro.org
2021-03-23 11:47:31 +00:00
Georg Kotheimer
9a27f69bd6 target/riscv: Prevent lost illegal instruction exceptions
When decode_insn16() fails, we fall back to decode_RV32_64C() for
further compressed instruction decoding. However, prior to this change,
we did not raise an illegal instruction exception, if decode_RV32_64C()
fails to decode the instruction. This means that we skipped illegal
compressed instructions instead of raising an illegal instruction
exception.

Instead of patching decode_RV32_64C(), we can just remove it,
as it is dead code since f330433b36 anyway.

Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210322121609.3097928-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-03-22 21:54:40 -04:00
Georg Kotheimer
ec352d0cab target/riscv: Add proper two-stage lookup exception detection
The current two-stage lookup detection in riscv_cpu_do_interrupt falls
short of its purpose, as all it checks is whether two-stage address
translation either via the hypervisor-load store instructions or the
MPRV feature would be allowed.

What we really need instead is whether two-stage address translation was
active when the exception was raised. However, in riscv_cpu_do_interrupt
we do not have the information to reliably detect this. Therefore, when
we raise a memory fault exception we have to record whether two-stage
address translation is active.

Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210319141459.1196741-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-03-22 21:54:40 -04:00
Georg Kotheimer
9d5451e077 target/riscv: Fix read and write accesses to vsip and vsie
The previous implementation was broken in many ways:
 - Used mideleg instead of hideleg to mask accesses
 - Used MIP_VSSIP instead of VS_MODE_INTERRUPTS to mask writes to vsie
 - Did not shift between S bits and VS bits (VSEIP <-> SEIP, ...)

Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210311094738.1376795-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-03-22 21:54:40 -04:00
Georg Kotheimer
db9ab38b81 target/riscv: Use background registers also for MSTATUS_MPV
The current condition for the use of background registers only
considers the hypervisor load and store instructions,
but not accesses from M mode via MSTATUS_MPRV+MPV.

Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210311103036.1401073-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-03-22 21:54:40 -04:00
Georg Kotheimer
e89b631cf4 target/riscv: Make VSTIP and VSEIP read-only in hip
Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210311094902.1377593-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-03-22 21:54:40 -04:00
Georg Kotheimer
90ec1cff76 target/riscv: Adjust privilege level for HLV(X)/HSV instructions
According to the specification the "field SPVP of hstatus controls the
privilege level of the access" for the hypervisor virtual-machine load
and store instructions HLV, HLVX and HSV.

Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210311103005.1400718-1-georg.kotheimer@kernkonzept.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-03-22 21:54:40 -04:00
Jim Shu
2c2e0f2842 target/riscv: flush TLB pages if PMP permission has been changed
If PMP permission of any address has been changed by updating PMP entry,
flush all TLB pages to prevent from getting old permission.

Signed-off-by: Jim Shu <cwshu@andestech.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1613916082-19528-4-git-send-email-cwshu@andestech.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-03-22 21:54:40 -04:00
Jim Shu
663e119317 target/riscv: add log of PMP permission checking
Like MMU translation, add qemu log of PMP permission checking for
debugging.

Signed-off-by: Jim Shu <cwshu@andestech.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1613916082-19528-3-git-send-email-cwshu@andestech.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-03-22 21:54:40 -04:00
Jim Shu
b297129ae1 target/riscv: propagate PMP permission to TLB page
Currently, PMP permission checking of TLB page is bypassed if TLB hits
Fix it by propagating PMP permission to TLB page permission.

PMP permission checking also use MMU-style API to change TLB permission
and size.

Signed-off-by: Jim Shu <cwshu@andestech.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1613916082-19528-2-git-send-email-cwshu@andestech.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-03-22 21:54:40 -04:00
Frank Chang
5e437d3ccd target/riscv: fix vs() to return proper error code
vs() should return -RISCV_EXCP_ILLEGAL_INST instead of -1 if rvv feature
is not enabled.

If -1 is returned, exception will be raised and cs->exception_index will
be set to the negative return value. The exception will then be treated
as an instruction access fault instead of illegal instruction fault.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210223065935.20208-1-frank.chang@sifive.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-03-22 21:54:40 -04:00
Peter Maydell
20b42789aa target/mips/mxu_translate.c: Fix array overrun for D16MIN/D16MAX
Coverity reported (CID 1450831) an array overrun in
gen_mxu_D16MAX_D16MIN():

  1103     } else if (unlikely((XRb == 0) || (XRa == 0))) {
  ....
  1112         if (opc == OPC_MXU_D16MAX) {
  1113             tcg_gen_smax_i32(mxu_gpr[XRa - 1], t0, t1);
  1114         } else {
  1115             tcg_gen_smin_i32(mxu_gpr[XRa - 1], t0, t1);
  1116         }

>>> Overrunning array "mxu_gpr" of 15 8-byte elements at element
    index 4294967295 (byte offset 34359738367) using index "XRa - 1U"
    (which evaluates to 4294967295).

This happens because the code is confused about which of XRa, XRb and
XRc is the output, and which are the inputs.  XRa is the output, but
most of the conditions separating out different special cases are
written as if XRc is the output, with the result that we can end up
in the code path that assumes XRa is non-0 even when it is zero.

Fix the erroneous code, bringing it in to line with the structure
used in functions like gen_mxu_S32MAX_S32MIN() and
gen_mxu_Q8MAX_Q8MIN().

Fixes: CID 1450831
Fixes: bb84cbf385
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210316131353.4533-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-03-22 15:05:41 +01:00
Vitaly Kuznetsov
561dbb41b1 i386: Make migration fail when Hyper-V reenlightenment was enabled but 'user_tsc_khz' is unset
KVM doesn't fully support Hyper-V reenlightenment notifications on
migration. In particular, it doesn't support emulating TSC frequency
of the source host by trapping all TSC accesses so unless TSC scaling
is supported on the destination host and KVM_SET_TSC_KHZ succeeds, it
is unsafe to proceed with migration.

KVM_SET_TSC_KHZ is called from two sites: kvm_arch_init_vcpu() and
kvm_arch_put_registers(). The later (intentionally) doesn't propagate
errors allowing migrations to succeed even when TSC scaling is not
supported on the destination. This doesn't suit 're-enlightenment'
use-case as we have to guarantee that TSC frequency stays constant.

Require 'tsc-frequency=' command line option to be specified for successful
migration when re-enlightenment was enabled by the guest.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20210319123801.1111090-1-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-19 08:48:18 -04:00
Vitaly Kuznetsov
816d20c927 i386: Fix 'hypercall_hypercall' typo
Even the name of this section is 'cpu/msr_hyperv_hypercall',
'hypercall_hypercall' is clearly a typo.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20210318160249.1084178-3-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-19 08:48:18 -04:00
Paolo Bonzini
687758565a target/i386: svm: do not discard high 32 bits of EXITINFO1
env->error_code is only 32-bits wide, so the high 32 bits of EXITINFO1
are being lost.  However, even though saving guest state and restoring
host state must be delayed to do_vmexit, because they might take tb_lock,
it is always possible to write to the VMCB.  So do this for the exit
code and EXITINFO1, just like it is already being done for EXITINFO2.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-19 08:48:18 -04:00
Paolo Bonzini
da3f3b020f target/i386: fail if toggling LA57 in 64-bit mode
This fixes kvm-unit-tests access.flat with -cpu qemu64,la57.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-19 08:48:18 -04:00
Paolo Bonzini
b818413583 target/i386: allow modifying TCG phys-addr-bits
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-19 08:48:18 -04:00
Peter Maydell
569a948103 s390x updates:
- get rid of legacy_s390_alloc() and phys_mem_set_alloc()
 - tcg: implement the MVPG condition-code-option bit
 - fix g_autofree variable handing in the pci vfio code
 - use official z15 names in the cpu model definitions
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAmBQgqUSHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vwOkP/3K5y38/8v3VSoOxFbpTvAqSDBtHtCpz
 bDIfqFmLenniFKRuGWr/rAUCbFCSymhoy3YNuWXa2wX4WVjOEx3wRCxkShC1/G5B
 PBu75UmB58CivL5agHigA0r1JSwquqFfzTr+mU9GAyf5aUJj3iGqX1rx+Ldyeva1
 bdSxOY8LZVuM52E5QvDFzjOCw0Ti83yje7OdPuz4FixaXoyZzNEB50E3hxgJPIYE
 khHAP1LaxmOGqfCuCBYOkFOUVx3xXnevnNouP2l98fBMa8ctu1JrsEz/9WA7mbDF
 1rYDtEE2l4eqWlXkMX1LcSV1eJ5rlf1l/W4uyW9Ti6gi30dZuOJnrfviP2bBPjQE
 VrGsmIg35PhP9y7y8ZlBJHgxENw3qrlJ2I1R/IIjivN84EZ9OkxaW6pMt0R+1Q1o
 tQAh9/2Md9IHsvZEZMTppIuRn0X0Y4Wfm3/9vY1twrrZFPzc5cSsFhrDam0KRGro
 PgnsJ3b1aeKW7k9fS0hy807SKV5stdmTCAGPoP5RYXRIQhuUsaFXN04w+PuIUY7m
 kd2IRKrubcWhmSnTELBO97lTmLMCb5vyOX6iKbTbbQ0kg68qB8tna7WlfvfxpH5a
 NFk6yvJiygmedX4TaIMxvJt6ZIWNSksCaJWsAb72oySXsbcu5vewMRUs4/4kAtJj
 gMwEILszb60S
 =8eNE
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210316' into staging

s390x updates:
- get rid of legacy_s390_alloc() and phys_mem_set_alloc()
- tcg: implement the MVPG condition-code-option bit
- fix g_autofree variable handing in the pci vfio code
- use official z15 names in the cpu model definitions

# gpg: Signature made Tue 16 Mar 2021 10:04:21 GMT
# gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [unknown]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [unknown]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck-gitlab/tags/s390x-20210316:
  s390x/pci: Add missing initialization for g_autofree variables
  target/s390x: Store r1/r2 for page-translation exceptions during MVPG
  target/s390x: Implement the MVPG condition-code-option bit
  s390x/cpu_model: use official name for 8562
  exec: Get rid of phys_mem_set_alloc()
  s390x/kvm: Get rid of legacy_s390_alloc()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-17 15:01:09 +00:00
Peter Maydell
e7c6a8cf9f AVR patches queue
- Only reset 'interrupt_request' mask once all interrupts executed
 - Documentation and typo fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmBOoB4ACgkQ4+MsLN6t
 wN6zIg//SrDsBYfL1ffrN5/Tut3SZZW1+Xh4sO/3sLDE8Fbh1eQlpoT6fKdL6TE+
 GbKMggt/rGE/8ler9QBWg5/vSdrUHa0jAK+pgpDBESP+u1xCc1AiSUE9Rz8pZMr/
 K0DznGvZPSw3CCjodsANHJF9WpqWh4lj2ZgsVqL7911xdyRDBFyD+1zkJYvPtOCh
 OiCCVbUOShS9D5VvonOBNTqS7g11/H9H4l/h8TgiMit8qTEjVsy4KW4yzZA9XotJ
 EiOQwf4OdbWtw5L99234+MjreU30v4vuxw1HffHRPCFXFZ7Qwy6yhdmEyXAPMCtP
 SOhTWHfFLptSJLs+D2OqK4SupTeiRJihKXxJmqmDAq9n+a6R7DnHiTSZZY8t6sMb
 xW7Qlbggptn2XhAa6wP+VDEZbugkDv4qHPQnLS0R1sd1lNZ2r3Y7SUbgobJ9eU4I
 KUBTH2rCHFaHyNxcX7opqdEhefUlvlHsC8iq5F1AoJPLGdfXGzot/pe/63UMA7f+
 F9BowxQd2G6qzXg4IOV802EenlgoUuOvxnAeEvpBBnaGtZ5FjDSnA0nhhUJhRo22
 TlrlqvCfrXbH2AKyQ/fatffYdp/uvzIymD8VKd9+jr3IbxfsVCapKj6BxSRrQeTc
 Pno1CUecNApBoCPy74PU3oFK+UMuj0WourZJkLG6rVJqPDJnFXw=
 =LKo7
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd/tags/avr-20210315' into staging

AVR patches queue

- Only reset 'interrupt_request' mask once all interrupts executed
- Documentation and typo fixes

# gpg: Signature made Sun 14 Mar 2021 23:45:34 GMT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd/tags/avr-20210315:
  target/avr: Fix interrupt execution
  target/avr: Fix some comment spelling errors
  hw/avr/arduino: List board schematic links
  hw/misc/led: Add yellow LED

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-15 16:59:55 +00:00
Peter Maydell
51204c2f18 - Added triboard with tc27x_soc
- Cleaned up get_physical_address()
 - Fixed corner case bugs in OPC2_32_RRPW_IMASK and OPC2_32_RRPW_IMASK
   insns
 -----BEGIN PGP SIGNATURE-----
 
 iQJTBAABCgA9FiEEbmNqfoPy3Qz6bm43CtLGOWtpyhQFAmBOFUcfHGtiYXN0aWFu
 QG1haWwudW5pLXBhZGVyYm9ybi5kZQAKCRAK0sY5a2nKFNz/D/4va/Tz06aNPmDA
 Ep4aQDDfTFVjs16dgN4DAMUCuKD1pq2ot97uZL7B+B7nBsN+0UHErz0Mp1yT10Ae
 NbmSNJ7QFvDi5G8xHdZjCj2+Gs8hM4Ff0+kxnmFLqpGK5u8Pso0C3KapCHolwojb
 gk3WXFEeBYtEwBDkmUAbX/Lp018/bL+wbcf9sSfNcshUKmE3MAVCLNeMzJ3gqZOO
 H8yNVEM3sPoEecr8TayCaLoc8JQrQnHTc4tHT+jj078+HPyVpYRjr8PZkhm6Oh9i
 KzTjxKsQt5IPFXDLdKQj1KJeqtbQGm9GSIIi1cbLJBFalQT94qsgX46g29XNdz1A
 UqocKB1yZF+L/Fd+Ymxo1pNpL9nCuy9gMl1MNV7rmubufMzy/WEhWQfJvIBC9B+T
 PKs8TmR+HY/qe9mPZakUtaFx+Hh1QJ+HROtRKLovqUEvA76XRqAyDUAJNjkm68vB
 bimHN2YUOfVne4fvyigoLowdWMQ98B3v6Rh0r9wmAYuw9PR/SIkNIPHTRswz2MdK
 WkR21bOwklw96d5OgJM1aJ4mC7PGMFDkF4ErNp1/R8h16JDJ+kQMxxmaij2H19Oo
 cwe6qo7A+fgU6SsER5i75fn+eD0MQMK3UgGhwDhSw2/Kvhjlo+xhXnaI/a6wGFLl
 PIlT14oiRjR1082qiLl65i1bYTDryQ==
 =7YWJ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bkoppelmann2/tags/pull-tricore-20210314' into staging

- Added triboard with tc27x_soc
- Cleaned up get_physical_address()
- Fixed corner case bugs in OPC2_32_RRPW_IMASK and OPC2_32_RRPW_IMASK
  insns

# gpg: Signature made Sun 14 Mar 2021 13:53:11 GMT
# gpg:                using RSA key 6E636A7E83F2DD0CFA6E6E370AD2C6396B69CA14
# gpg:                issuer "kbastian@mail.uni-paderborn.de"
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>" [full]
# Primary key fingerprint: 6E63 6A7E 83F2 DD0C FA6E  6E37 0AD2 C639 6B69 CA14

* remotes/bkoppelmann2/tags/pull-tricore-20210314:
  target/tricore: Fix OPC2_32_RRPW_EXTR for width=0
  target/tricore: Fix imask OPC2_32_RRPW_IMASK for r3+1 == r2
  tricore: fixed faulty conditions for extr and imask
  target/tricore: Remove unused definitions
  target/tricore: Pass MMUAccessType to get_physical_address()
  target/tricore: Replace magic value by MMU_DATA_LOAD definition
  tricore: added triboard with tc27x_soc

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-15 15:34:27 +00:00
David Hildenbrand
1a3c443c43 target/s390x: Store r1/r2 for page-translation exceptions during MVPG
The PoP states:

    When EDAT-1 does not apply, and a program interruption due to a
    page-translation exception is recognized by the MOVE PAGE
    instruction, the contents of the R1 field of the instruction are
    stored in bit positions 0-3 of location 162, and the contents of
    the R2 field are stored in bit positions 4-7.

    If [...] an ASCE-type, region-first-translation,
    region-second-translation, region-third-translation, or
    segment-translation exception was recognized, the contents of
    location 162 are unpredictable.

So we have to write r1/r2 into the lowcore on page-translation
exceptions. Simply handle all exceptions inside our mvpg helper now.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210315085449.34676-3-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-15 11:03:20 +01:00
Richard Henderson
e56552cf07 target/s390x: Implement the MVPG condition-code-option bit
If the CCO bit is set, MVPG should not generate an exception but
report page translation faults via a CC code.

Create a new helper, access_prepare_nf, which can use probe_access_flags
in non-faulting mode, and then handle watchpoints.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
[thuth: Added logic to still inject protection exceptions]
Signed-off-by: Thomas Huth <thuth@redhat.com>
[david: Look at env->tlb_fill_exc to determine if there was an exception]
Signed-off-by: David Hildenbrand <david@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210315085449.34676-2-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-15 11:03:20 +01:00
Cornelia Huck
d66a52b50f s390x/cpu_model: use official name for 8562
The single-frame z15 is called "z15 T02" (and the multi-frame z15
"z15 T01").

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20210311132746.1777754-1-cohuck@redhat.com>
2021-03-15 11:01:23 +01:00
David Hildenbrand
996e7e4b72 s390x/kvm: Get rid of legacy_s390_alloc()
legacy_s390_alloc() was required for dealing with the absence of the ESOP
feature -- on old HW (< gen 10) and old z/VM versions (< 6.3).

As z/VM v6.2 (and even v6.3) is no longer supported since 2017 [1]
and we don't expect to have real users on such old hardware, let's drop
legacy_s390_alloc().

Still check+report an error just in case someone still runs on
such old z/VM environments, or someone runs under weird nested KVM
setups (where we can manually disable ESOP via the CPU model).

No need to check for KVM_CAP_GMAP - that should always be around on
kernels that also have KVM_CAP_DEVICE_CTRL (>= v3.15).

[1] https://www.ibm.com/support/lifecycle/search?q=z%2FVM

Suggested-by: Cornelia Huck <cohuck@redhat.com>
Suggested-by: Thomas Huth <thuth@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Halil Pasic <pasic@linux.ibm.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Thomas Huth <thuth@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Peter Xu <peterx@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210303130916.22553-2-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-15 11:01:23 +01:00
Ivanov Arkasha
56b90e60c4 target/avr: Fix interrupt execution
Only one interrupt is in progress at the moment.
It is only necessary to set to reset interrupt_request
after all interrupts have been executed.

Signed-off-by: Ivanov Arkasha <ivanovrkasha@gmail.com>
Message-Id: <20210312164754.18437-1-arkaisp2021@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
2021-03-15 00:39:52 +01:00
Lichang Zhao
2e35dfb634 target/avr: Fix some comment spelling errors
I found that there are many spelling errors in the comments of qemu/target/avr.
I used spellcheck to check the spelling errors and found some errors in the folder.

Signed-off-by: Lichang Zhao <zhaolichang@huawei.com>
Reviewed-by: David Edmondson <david.edmondson@oracle.com>
Reviewed-by: Philippe Mathieu-Daude<f4bug@amsat.org>
Message-Id: <20201009064449.2336-12-zhaolichang@huawei.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
2021-03-15 00:39:52 +01:00
Peter Maydell
36d840f35b MIPS patches queue
- Tidy up the GT64120 north bridge
 - Move XBurst Media eXtension Unit code to mxu_translate.c
 - Convert TX79 to decodetree
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmBNQFwACgkQ4+MsLN6t
 wN41IBAAq9Q08W0dEXXHoX9iNkBF5qjuXXUfXP++kv7yDYOrT9DUcFtM09Gr9rgu
 lOq2Bl0P3GMtiyC2pgYw7N6/0IBIBB0ddynaNy+Pcgd28naD+SMoEhKGOFWFHs7+
 +lEKv8Xsb2onbaDcXgHBIC46vvZbIvEXcdSXpfOSeohFUxgvKWLB7AcjT+yXNyls
 NvYo0fePBkc1qTbSVqcT+E9wOq2l7T9nvknIJuPQNL365oAIXnR7gJR6x1FC1k5S
 r5Rj244EwVHaUtzlc6f/RESGQpfL/8AioZm9SfAmxvLCLhXOQ1AaEcUVYooeb8b4
 gD3WSOyw9UnYKc77RqPrJLA9TO78UrkaEdT1M4Hys6HuZjmomt6y7uQPli2BQlp3
 S0FFlbCw7KgYUy4NCxTDDxKpgRSt4CkrTFpBWJQ2OW8LCCkWWOCrrtU5r0RPOFsf
 nFIdHD0i+VSXRiS2INCIvyPNdBkoud3JQVyXRV+IKQupDZPxN7x5vcEx/J9tScUf
 LKwgnJZvsfp1kQwqfRrBmw4vyqpYh9y6z89vAnuwIoHZMCsitrpRkejsq0v0EbRm
 iCRp3LO9msbEGTJI2pB+E+AgSJUndUYu5TZYAsddaGfgiS4eZN0aOyj7urLbvnsx
 28XgVQXOokfyZhs3Ca+8vFF0xioriOtGmAR/JacFxgeWTX7c2VU=
 =uGJE
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd/tags/mips-20210313' into staging

MIPS patches queue

- Tidy up the GT64120 north bridge
- Move XBurst Media eXtension Unit code to mxu_translate.c
- Convert TX79 to decodetree

# gpg: Signature made Sat 13 Mar 2021 22:44:44 GMT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd/tags/mips-20210313: (27 commits)
  target/mips/tx79: Salvage instructions description comment
  target/mips: Remove 'C790 Multimedia Instructions' dead code
  target/mips/tx79: Move PCPYLD / PCPYUD opcodes to decodetree
  target/mips/tx79: Move PCPYH opcode to decodetree
  target/mips/translate: Simplify PCPYH using deposit_i64()
  target/mips/translate: Make gen_rdhwr() public
  target/mips/tx79: Move MTHI1 / MTLO1 opcodes to decodetree
  target/mips/tx79: Move MFHI1 / MFLO1 opcodes to decodetree
  target/mips: Use gen_load_gpr[_hi]() when possible
  target/mips: Extract MXU code to new mxu_translate.c file
  target/mips: Introduce mxu_translate_init() helper
  target/mips: Simplify decode_opc_mxu() ifdef'ry
  target/mips: Convert decode_ase_mxu() to decodetree prototype
  target/mips: Rename decode_opc_mxu() as decode_ase_mxu()
  target/mips: Move MUL opcode check from decode_mxu() to decode_legacy()
  target/mips: Use OPC_MUL instead of OPC__MXU_MUL
  target/mips: Pass instruction opcode to decode_opc_mxu()
  target/mips: Remove unused CPUMIPSState* from MXU functions
  target/mips: Remove XBurst Media eXtension Unit dead code
  target/mips: Rewrite complex ifdef'ry
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-14 19:16:11 +00:00
Bastian Koppelmann
a21993c7f9 target/tricore: Fix OPC2_32_RRPW_EXTR for width=0
if width was 0 we would run into the assertion:

qemu-system-tricore: tcg/tcg-op.c:217: tcg_gen_sari_i32: Assertion `arg2 >= 0 && arg2 < 32' failed.o

The instruction manual specifies undefined behaviour for this case. So
we bring this in line with the golden Infineon simlator 'tsim', which
simply writes 0 to the result in case of width=0.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2021-03-14 14:49:01 +01:00
Bastian Koppelmann
007479842b target/tricore: Fix imask OPC2_32_RRPW_IMASK for r3+1 == r2
if r3+1 and r2 are the same then we would overwrite r2 with our first
move and use the wrong result for the shift. Thus we store the result
from the mov in a temp.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2021-03-14 14:48:54 +01:00
Andreas Konopik
9b620609d7 tricore: fixed faulty conditions for extr and imask
According to the TC 1.3.1. Architecture Manual [1; page 174], results are
undefined, if pos + width > 32 and not 31 or if width = 0.

We found this error because of a different behavior between qemu-tricore
and the real tricore processor. For pos + width = 32, qemu-tricore did not
generate any intermediate code and ran into a different state compared to
the real hardware.

[1] https://www.infineon.com/dgdl/tc_v131_instructionset_v138.pdf?fileId=db3a304412b407950112b409b6dd0352

[BK: Add the why to the commit message]
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Andreas Konopik <andreas.konopik@efs-auto.de>
Signed-off-by: Georg Hofstetter <georg.hofstetter@efs-auto.de>
Signed-off-by: David Brenken <david.brenken@efs-auto.de>
Message-Id: <20210211115329.8984-2-david.brenken@efs-auto.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2021-03-14 14:41:56 +01:00
Philippe Mathieu-Daudé
4f29307940 target/tricore: Remove unused definitions
Remove these confusing and unused definitions.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210127224255.3505711-4-f4bug@amsat.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2021-03-14 14:41:56 +01:00
Philippe Mathieu-Daudé
5513b7700c target/tricore: Pass MMUAccessType to get_physical_address()
'int access_type' and ACCESS_INT are unused, drop them.
Provide the mmu_idx argument to match other targets.
'int rw' is actually the MMUAccessType, rename it.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210127224255.3505711-3-f4bug@amsat.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2021-03-14 14:41:56 +01:00
Philippe Mathieu-Daudé
27e4661638 target/tricore: Replace magic value by MMU_DATA_LOAD definition
cpu_get_phys_page_debug() uses 'DATA LOAD' MMU access type.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210127224255.3505711-2-f4bug@amsat.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2021-03-14 14:41:55 +01:00
Peter Maydell
6f8a81fc29 target-arm queue:
* versal: Support XRAMs and XRAM controller
  * smmu: Various minor bug fixes
  * SVE emulation: fix bugs handling odd vector lengths
  * allwinner-sun8i-emac: traverse transmit queue using TX_CUR_DESC register value
  * tests/acceptance: fix orangepi-pc acceptance tests
  * hw/timer/sse-timer: Propagate eventual error in sse_timer_realize()
  * hw/arm/virt: KVM: The IPA lower bound is 32
  * npcm7xx: support MFT module
  * pl110, pxa2xx_lcd: tidy up template headers
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmBODPcZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3oxdD/9Tbgsd3yZ/zQMKECEbEczB
 F0wgRz5FLFOx5O+Wfz35ByjCySSms5yaikDaBxqZdvfI9CXbvhwBtt+kEj4xcmUc
 0KHYxaAnv//yMqEtpN0gyaVPs0+/BBjEH6kvlOLMngDs4x1Yp7fUh+gqpVxw+V0b
 v1fAZlfWj4SlAeiarTY9HJ9IZ5REFY7AxA0WdZl0cVT/keKf1Np9EGzBGBQIyn40
 zFFLTktJSCmAkN7uUYEmmvcNUAJ1J7YlM1Sm3v4qmAHhRhB3a76qNk9/fDXqEs+Y
 OimIcsnHf/EyHQd8auwl2yLZ36tyDcUILUwRafFoQ12Krz7eSFon8xNnnSBFlgoM
 qmsGHN+AQXpXDaT7PPqx2ckR4vIZcp5dWp4B+rD8XFLhHU9p4FsZwtVfiwWH1K+y
 WOoGPqIo6o7IMOhTf7+NfVMj9COKDbyr9KzteoIOnrKVzc1JQaZVMFD/MufrtH39
 hq7DdAl7MX+pKHKqaNPw8WFA9b8Th6ZCbmN1kyQpIFlj7/MoivJ7EQBtBIj6kBbS
 oy7Z/tI0rzaw6D44OO6yqnJVi2vMKEPzMZptoKYIK8OXNZyIAWOvyvT5tFPg8YCT
 f4QeF2J794NAIFF9SGK9hnFEE/vajzQm248IZVKFHVfhOJ3ev+FjNSdRySInAFY/
 yoZlbfk1u9zula3I1Z0z3Q==
 =7lkG
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210314' into staging

target-arm queue:
 * versal: Support XRAMs and XRAM controller
 * smmu: Various minor bug fixes
 * SVE emulation: fix bugs handling odd vector lengths
 * allwinner-sun8i-emac: traverse transmit queue using TX_CUR_DESC register value
 * tests/acceptance: fix orangepi-pc acceptance tests
 * hw/timer/sse-timer: Propagate eventual error in sse_timer_realize()
 * hw/arm/virt: KVM: The IPA lower bound is 32
 * npcm7xx: support MFT module
 * pl110, pxa2xx_lcd: tidy up template headers

# gpg: Signature made Sun 14 Mar 2021 13:17:43 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20210314: (39 commits)
  hw/display/pxa2xx: Inline template header
  hw/display/pxa2xx: Apply whitespace-only coding style fixes to template header
  hw/display/pxa2xx: Apply brace-related coding style fixes to template header
  hw/display/pxa2xx: Remove use of BITS in pxa2xx_template.h
  hw/display/pxa2xx_lcd: Remove dest_width state field
  hw/display/pxa2xx_lcd: Remove dead code for non-32-bpp surfaces
  hw/display/pl110: Remove use of BITS from pl110_template.h
  hw/display/pl110: Pull included-once parts of template header into pl110.c
  hw/display/pl110: Remove dead code for non-32-bpp surfaces
  tests/qtest: Test PWM fan RPM using MFT in PWM test
  hw/arm: Connect PWM fans in NPCM7XX boards
  hw/arm: Add MFT device to NPCM7xx Soc
  hw/misc: Add NPCM7XX MFT Module
  hw/misc: Add GPIOs for duty in NPCM7xx PWM
  hw/arm/virt: KVM: The IPA lower bound is 32
  accel: kvm: Fix kvm_type invocation
  hw/timer/sse-timer: Propagate eventual error in sse_timer_realize()
  tests/acceptance: drop ARMBIAN_ARTIFACTS_CACHED condition for orangepi-pc, cubieboard tests
  tests/acceptance: update sunxi kernel from armbian to 5.10.16
  tests/acceptance/boot_linux_console: change URL for test_arm_orangepi_bionic_20_08
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-14 13:18:49 +00:00