Commit Graph

11472 Commits

Author SHA1 Message Date
Ilya Leoshkevich
349372ff9e target/s390x: Fix relative long instructions with large offsets
The expression "imm * 2" in gen_ri2() can wrap around if imm is large
enough.

Fix by casting imm to int64_t, like it's done in disas_jdest().

Fixes: e8ecdfeb30 ("Fix EXECUTE of relative branches")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20230704081506.276055-8-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-07-10 15:34:24 +02:00
Ilya Leoshkevich
b0ef81062d target/s390x: Fix LRA when DAT is off
LRA should perform DAT regardless of whether it's on or off.
Disable DAT check for MMU_S390_LRA.

Fixes: defb0e3157 ("s390x: Implement opcode helpers")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: qemu-stable@nongnu.org
Message-Id: <20230704081506.276055-7-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-07-10 15:34:24 +02:00
Ilya Leoshkevich
6da311a60d target/s390x: Fix LRA overwriting the top 32 bits on DAT error
When a DAT error occurs, LRA is supposed to write the error information
to the bottom 32 bits of R1, and leave the top 32 bits of R1 alone.

Fix by passing the original value of R1 into helper and copying the
top 32 bits to the return value.

Fixes: d8fe4a9c28 ("target-s390: Convert LRA")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: qemu-stable@nongnu.org
Message-Id: <20230704081506.276055-6-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-07-10 15:34:24 +02:00
Ilya Leoshkevich
92a5753461 target/s390x: Fix MVCRL with a large value in R0
Using a large R0 causes an assertion error:

    qemu-s390x: target/s390x/tcg/mem_helper.c:183: access_prepare_nf: Assertion `size > 0 && size <= 4096' failed.

Even though PoP explicitly advises against using more than 8 bits for the
size, an emulator crash is never a good thing.

Fix by truncating the size to 8 bits.

Fixes: ea0a1053e2 ("s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: qemu-stable@nongnu.org
Message-Id: <20230704081506.276055-5-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-07-10 15:34:24 +02:00
Ilya Leoshkevich
fed9a4fe0c target/s390x: Fix MDEB and MDEBR
These instructions multiply 32 bits by 32 bits, not 32 bits by 64 bits.

Fixes: 83b00736f3 ("target-s390: Convert FP MULTIPLY")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: qemu-stable@nongnu.org
Message-Id: <20230704081506.276055-4-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-07-10 15:34:23 +02:00
Ilya Leoshkevich
110b1bac2e target/s390x: Fix EPSW CC reporting
EPSW should explicitly calculate and insert CC, like IPM does.

Fixes: e30a9d3fea ("target-s390: Implement EPSW")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: qemu-stable@nongnu.org
Message-Id: <20230704081506.276055-3-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-07-10 15:34:23 +02:00
Philippe Mathieu-Daudé
f5f9c6ea11 hw/s390x: Move KVM specific PV from hw/ to target/s390x/kvm/
Protected Virtualization (PV) is not a real hardware device:
it is a feature of the firmware on s390x that is exposed to
userspace via the KVM interface.

Move the pv.c/pv.h files to target/s390x/kvm/ to make this clearer.

Suggested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230624200644.23931-1-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-07-10 15:34:23 +02:00
Richard Henderson
2ff49e96ac crypto: Provide aes-round.h and host accel
-----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmSqvGodHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+1bgf9EG57jfnCQLCfMQ6C
 0bQ0MaeAkGg+7+mUwyi3OPB1VO0yjEKv5pWEnolzrGud35P0KsyoO+msqGqxnbMv
 IbhPkQZbmfMsGFPG1DbswjiwmQU5cV+ciONDM+C+qepnuUN+JrzIDHoEFzQRFoQo
 eQL/LnuyUkYBvR7YCKNJxFHtwILKcYQPH4jiC6a92C11AzYjDfilSxnuQ2RwL3Tn
 Zwf8TKJP5QGExvUdtm8f6xJ1LT7WAvsk9ZTwudE/+XRTnw8RWk6RmZSEQPx+cBdI
 p3opaoxkkMrdmcaXbr+9eSfBGq2gsVkKYPiyTDuwVW26575Nob9ZmodT3oSBNlkC
 +njd4w==
 =Nf5i
 -----END PGP SIGNATURE-----

Merge tag 'pull-tcg-20230709' of https://gitlab.com/rth7680/qemu into staging

crypto: Provide aes-round.h and host accel

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmSqvGodHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+1bgf9EG57jfnCQLCfMQ6C
# 0bQ0MaeAkGg+7+mUwyi3OPB1VO0yjEKv5pWEnolzrGud35P0KsyoO+msqGqxnbMv
# IbhPkQZbmfMsGFPG1DbswjiwmQU5cV+ciONDM+C+qepnuUN+JrzIDHoEFzQRFoQo
# eQL/LnuyUkYBvR7YCKNJxFHtwILKcYQPH4jiC6a92C11AzYjDfilSxnuQ2RwL3Tn
# Zwf8TKJP5QGExvUdtm8f6xJ1LT7WAvsk9ZTwudE/+XRTnw8RWk6RmZSEQPx+cBdI
# p3opaoxkkMrdmcaXbr+9eSfBGq2gsVkKYPiyTDuwVW26575Nob9ZmodT3oSBNlkC
# +njd4w==
# =Nf5i
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 09 Jul 2023 02:55:54 PM BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-tcg-20230709' of https://gitlab.com/rth7680/qemu: (37 commits)
  crypto: Unexport AES_*_rot, AES_TeN, AES_TdN
  crypto: Remove AES_imc
  crypto: Implement aesdec_IMC with AES_imc_rot
  crypto: Remove AES_shifts, AES_ishifts
  target/riscv: Use aesdec_ISB_ISR_IMC_AK
  target/riscv: Use aesenc_SB_SR_MC_AK
  target/riscv: Use aesdec_IMC
  target/riscv: Use aesdec_ISB_ISR_AK
  target/riscv: Use aesenc_SB_SR_AK
  target/arm: Use aesdec_IMC
  target/arm: Use aesenc_MC
  target/arm: Use aesdec_ISB_ISR_AK
  target/arm: Use aesenc_SB_SR_AK
  target/arm: Demultiplex AESE and AESMC
  target/i386: Use aesdec_ISB_ISR_IMC_AK
  target/i386: Use aesenc_SB_SR_MC_AK
  target/i386: Use aesdec_IMC
  target/i386: Use aesdec_ISB_ISR_AK
  target/i386: Use aesenc_SB_SR_AK
  target/ppc: Use aesdec_ISB_ISR_AK_IMC
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09 15:01:43 +01:00
Richard Henderson
4ad6f9bfa0 target/riscv: Use aesdec_ISB_ISR_IMC_AK
This implements the AES64DSM instruction.  This was the last use
of aes64_operation and its support macros, so remove them all.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09 13:47:17 +01:00
Richard Henderson
274f33765a target/riscv: Use aesenc_SB_SR_MC_AK
This implements the AES64ESM instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09 13:47:17 +01:00
Richard Henderson
607a5f9d62 target/riscv: Use aesdec_IMC
This implements the AES64IM instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09 13:47:11 +01:00
Richard Henderson
7a70583a41 target/riscv: Use aesdec_ISB_ISR_AK
This implements the AES64DS instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09 13:47:11 +01:00
Richard Henderson
cad26538e8 target/riscv: Use aesenc_SB_SR_AK
This implements the AES64ES instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09 13:47:11 +01:00
Richard Henderson
bdb01515ed target/arm: Use aesdec_IMC
This implements the AESIMC instruction.  We have converted everything
to crypto/aes-round.h; crypto/aes.h is no longer needed.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09 13:47:05 +01:00
Richard Henderson
8b103ed70e target/arm: Use aesenc_MC
This implements the AESMC instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09 13:46:53 +01:00
Richard Henderson
2a8b545ffd target/arm: Use aesdec_ISB_ISR_AK
This implements the AESD instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09 13:46:47 +01:00
Richard Henderson
552d892494 target/arm: Use aesenc_SB_SR_AK
This implements the AESE instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-09 13:46:36 +01:00
Richard Henderson
0f23908c5c target/arm: Demultiplex AESE and AESMC
Split these helpers so that we are not passing 'decrypt'
within the simd descriptor.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:30:18 +01:00
Richard Henderson
44a0c4a8cc target/i386: Use aesdec_ISB_ISR_IMC_AK
This implements the AESDEC instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:30:18 +01:00
Richard Henderson
03cf414ec3 target/i386: Use aesenc_SB_SR_MC_AK
This implements the AESENC instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:30:18 +01:00
Richard Henderson
5f40edb71e target/i386: Use aesdec_IMC
This implements the AESIMC instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:30:18 +01:00
Richard Henderson
00b5c7bde9 target/i386: Use aesdec_ISB_ISR_AK
This implements the AESDECLAST instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:30:18 +01:00
Richard Henderson
cc648f5024 target/i386: Use aesenc_SB_SR_AK
This implements the AESENCLAST instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:30:17 +01:00
Richard Henderson
af4cb94555 target/ppc: Use aesdec_ISB_ISR_AK_IMC
This implements the VNCIPHER instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:30:17 +01:00
Richard Henderson
ce9f5b371d target/ppc: Use aesenc_SB_SR_MC_AK
This implements the VCIPHER instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:30:17 +01:00
Richard Henderson
2cf44f3b8c target/ppc: Use aesdec_ISB_ISR_AK
This implements the VNCIPHERLAST instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:30:17 +01:00
Richard Henderson
7df34e4853 target/ppc: Use aesenc_SB_SR_AK
This implements the VCIPHERLAST instruction.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:30:17 +01:00
Richard Henderson
fb250c59aa target/arm: Move aesmc and aesimc tables to crypto/aes.c
We do not currently have a table in crypto/ for just MixColumns.
Move both tables for consistency.

Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:30:17 +01:00
Richard Henderson
9e7ce9ebce qemu trivial patches for 2023-07-08
-----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmSo5UsPHG1qdEB0bHMu
 bXNrLnJ1AAoJEHAbT2saaT5ZIygH/0z5heVC4CnU5sNuv8GRbXZL7sOXxvoOQf9K
 dEBD0/Lzu8QL7mJBpqPuzK4FN/CNnY2nUaGGn3k7U44MrsU6g2P5ksD4Y0hUebkZ
 sw+bsaqDeG0J+kZ9IN4V1iLoyGGQ53GDynisZMWY8w/hDmCkoRe5Xy2LZrXS7fgw
 LVT04wlxTYG/EwXqMukBYd/S/lap8pUnzgc+VngHmX5gBF4O7qIAZV1j5WobIW6S
 /OOOOBZ4YJU9Ha18H4DWrE5+ptfE2sfWAO0z+c/v3bpNTUb9bCyNIE3R3mUwg7z6
 i/96za3R9XH0ChoBWrKHtFn5wygUMGHt63JwIph0bwr73ENVlrE=
 =4nBR
 -----END PGP SIGNATURE-----

Merge tag 'trivial-patches-20230708' of https://gitlab.com/mjt0k/qemu into staging

qemu trivial patches for 2023-07-08

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmSo5UsPHG1qdEB0bHMu
# bXNrLnJ1AAoJEHAbT2saaT5ZIygH/0z5heVC4CnU5sNuv8GRbXZL7sOXxvoOQf9K
# dEBD0/Lzu8QL7mJBpqPuzK4FN/CNnY2nUaGGn3k7U44MrsU6g2P5ksD4Y0hUebkZ
# sw+bsaqDeG0J+kZ9IN4V1iLoyGGQ53GDynisZMWY8w/hDmCkoRe5Xy2LZrXS7fgw
# LVT04wlxTYG/EwXqMukBYd/S/lap8pUnzgc+VngHmX5gBF4O7qIAZV1j5WobIW6S
# /OOOOBZ4YJU9Ha18H4DWrE5+ptfE2sfWAO0z+c/v3bpNTUb9bCyNIE3R3mUwg7z6
# i/96za3R9XH0ChoBWrKHtFn5wygUMGHt63JwIph0bwr73ENVlrE=
# =4nBR
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 08 Jul 2023 05:25:47 AM BST
# gpg:                using RSA key 7B73BAD68BE7A2C289314B22701B4F6B1A693E59
# gpg:                issuer "mjt@tls.msk.ru"
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" [undefined]
# gpg:                 aka "Michael Tokarev <mjt@debian.org>" [undefined]
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931  4B22 701B 4F6B 1A69 3E59

* tag 'trivial-patches-20230708' of https://gitlab.com/mjt0k/qemu:
  hw/arm/virt-acpi-build.c: Add missing header
  migration: unexport migrate_fd_error()
  migration: factor out "resume_requested" in qmp_migrate()
  qemu-options.hx: Fix indentation of some option descriptions
  vdpa: Sort vdpa_feature_bits array alphabetically
  vdpa: Delete duplicated VIRTIO_NET_F_RSS in vdpa_feature_bits
  hw: Simplify calls to pci_nic_init_nofail()
  trivial: man page: document display::gtk::zoom-to-fit
  target/avr: Fix handling of interrupts above 33.
  hw/riscv/virt.c: fix typo in 'aia' description

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-08 07:24:30 +01:00
Lucas Dietrich
fc97167f1f target/avr: Fix handling of interrupts above 33.
This commit addresses a bug in the AVR interrupt handling code.
The modification involves replacing the usage of the ctz32 function
with ctz64 to ensure proper handling of interrupts above 33 in the AVR
target.

Previously, timers 3, 4, and 5 interrupts were not functioning correctly
because most of their interrupt vectors are numbered above 33.

Signed-off-by: Lucas Dietrich <ld.adecy@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: updated subject line to have subsytem prefix)
2023-07-08 07:24:38 +03:00
Richard Henderson
276d72ca1b ppc patch queue for 2023-07-07:
In this last queue for 8.1 we have a lot of fixes and improvements all
 around: SMT support for powerNV, XIVE fixes, PPC440 cleanups, exception
 handling cleanups and kvm_pph.h cleanups just to name a few.
 
 Thanks everyone in the qemu-ppc community for all the contributions for
 the next QEMU 8.1 release.
 -----BEGIN PGP SIGNATURE-----
 
 iIwEABYKADQWIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCZKgihBYcZGFuaWVsaGI0
 MTNAZ21haWwuY29tAAoJEDzZypbeAzFksr0A/jrvSDSDxB5mR7bo0dNGndLXcdTo
 ZGr6k6pcMpr7RDOAAQDVeaw7f8djQ4Aaelk6v1wPs5bYfNY2ElF4NsqHJFX2Cg==
 =8lDs
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20230707-1' of https://gitlab.com/danielhb/qemu into staging

ppc patch queue for 2023-07-07:

In this last queue for 8.1 we have a lot of fixes and improvements all
around: SMT support for powerNV, XIVE fixes, PPC440 cleanups, exception
handling cleanups and kvm_pph.h cleanups just to name a few.

Thanks everyone in the qemu-ppc community for all the contributions for
the next QEMU 8.1 release.

# -----BEGIN PGP SIGNATURE-----
#
# iIwEABYKADQWIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCZKgihBYcZGFuaWVsaGI0
# MTNAZ21haWwuY29tAAoJEDzZypbeAzFksr0A/jrvSDSDxB5mR7bo0dNGndLXcdTo
# ZGr6k6pcMpr7RDOAAQDVeaw7f8djQ4Aaelk6v1wPs5bYfNY2ElF4NsqHJFX2Cg==
# =8lDs
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 07 Jul 2023 03:34:44 PM BST
# gpg:                using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164
# gpg:                issuer "danielhb413@gmail.com"
# gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 17EB FF99 23D0 1800 AF28  3819 3CD9 CA96 DE03 3164

* tag 'pull-ppc-20230707-1' of https://gitlab.com/danielhb/qemu: (59 commits)
  ppc/pnv: Add QME region for P10
  target/ppc: Remove pointless checks of CONFIG_USER_ONLY in 'kvm_ppc.h'
  target/ppc: Restrict 'kvm_ppc.h' to sysemu in cpu_init.c
  target/ppc: Define TYPE_HOST_POWERPC_CPU in cpu-qom.h
  target/ppc: Move CPU QOM definitions to cpu-qom.h
  target/ppc: Reorder #ifdef'ry in kvm_ppc.h
  target/ppc: Have 'kvm_ppc.h' include 'sysemu/kvm.h'
  target/ppc: Machine check on invalid real address access on POWER9/10
  tests/qtest: Add xscom tests for powernv10 machine
  ppc/pnv: Set P10 core xscom region size to match hardware
  ppc/pnv: Log all unimp warnings with similar message
  ppc440_pcix: Rename QOM type define abd move it to common header
  ppc4xx_pci: Add define for ppc4xx-host-bridge type name
  ppc4xx_pci: Rename QOM type name define
  ppc440_pcix: Stop using system io region for PCI bus
  ppc440_pcix: Don't use iomem for regs
  ppc/sam460ex: Remove address_space_mem local variable
  ppc440: Remove ppc460ex_pcie_init legacy init function
  ppc440: Add busnum property to PCIe controller model
  ppc440: Stop using system io region for PCIe buses
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-07 22:23:17 +01:00
Tao Su
6d5e9694ef target/i386: Add new CPU model GraniteRapids
The GraniteRapids CPU model mainly adds the following new features
based on SapphireRapids:
- PREFETCHITI CPUID.(EAX=7,ECX=1):EDX[bit 14]
- AMX-FP16 CPUID.(EAX=7,ECX=1):EAX[bit 21]

And adds the following security fix for corresponding vulnerabilities:
- MCDT_NO CPUID.(EAX=7,ECX=2):EDX[bit 5]
- SBDR_SSDP_NO MSR_IA32_ARCH_CAPABILITIES[bit 13]
- FBSDP_NO MSR_IA32_ARCH_CAPABILITIES[bit 14]
- PSDP_NO MSR_IA32_ARCH_CAPABILITIES[bit 15]
- PBRSB_NO MSR_IA32_ARCH_CAPABILITIES[bit 24]

Signed-off-by: Tao Su <tao1.su@linux.intel.com>
Tested-by: Xuelian Guo <xuelian.guo@intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-ID: <20230706054949.66556-7-tao1.su@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-07-07 12:52:27 +02:00
Lei Wang
3baf7ae635 target/i386: Add few security fix bits in ARCH_CAPABILITIES into SapphireRapids CPU model
SapphireRapids has bit 13, 14 and 15 of MSR_IA32_ARCH_CAPABILITIES
enabled, which are related to some security fixes.

Add version 2 of SapphireRapids CPU model with those bits enabled also.

Signed-off-by: Lei Wang <lei4.wang@intel.com>
Signed-off-by: Tao Su <tao1.su@linux.intel.com>
Message-ID: <20230706054949.66556-6-tao1.su@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-07-07 12:52:27 +02:00
Tao Su
6c43ec3b20 target/i386: Add new bit definitions of MSR_IA32_ARCH_CAPABILITIES
Currently, bit 13, 14, 15 and 24 of MSR_IA32_ARCH_CAPABILITIES are
disclosed for fixing security issues, so add those bit definitions.

Signed-off-by: Tao Su <tao1.su@linux.intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-ID: <20230706054949.66556-5-tao1.su@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-07-07 12:52:27 +02:00
Tao Su
ba3709feaa target/i386: Allow MCDT_NO if host supports
MCDT_NO bit indicates HW contains the security fix and doesn't need to
be mitigated to avoid data-dependent behaviour for certain instructions.
It needs no hypervisor support. Treat it as supported regardless of what
KVM reports.

Signed-off-by: Tao Su <tao1.su@linux.intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-ID: <20230706054949.66556-4-tao1.su@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-07-07 12:52:27 +02:00
Tao Su
9dd8b71091 target/i386: Add support for MCDT_NO in CPUID enumeration
CPUID.(EAX=7,ECX=2):EDX[bit 5] enumerates MCDT_NO. Processors enumerate
this bit as 1 do not exhibit MXCSR Configuration Dependent Timing (MCDT)
behavior and do not need to be mitigated to avoid data-dependent behavior
for certain instructions.

Since MCDT_NO is in a new sub-leaf, add a new CPUID feature word
FEAT_7_2_EDX. Also update cpuid_level_func7 by FEAT_7_2_EDX.

Signed-off-by: Tao Su <tao1.su@linux.intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-ID: <20230706054949.66556-3-tao1.su@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-07-07 12:52:27 +02:00
Tao Su
8731336e90 target/i386: Adjust feature level according to FEAT_7_1_EDX
If FEAT_7_1_EAX is 0 and FEAT_7_1_EDX is non-zero, as is the case
with a Granite Rapids host and
'-cpu host,-avx-vnni,-avx512-bf16,-fzrm,-fsrs,-fsrc,-amx-fp16', we can't
get CPUID_7_1 leaf even though CPUID_7_1_EDX has non-zero value.

Update cpuid_level_func7 according to CPUID_7_1_EDX, otherwise
guest may report wrong maximum number sub-leaves in leaf 07H.

Fixes: eaaa197d5b ("target/i386: Add support for AVX-VNNI-INT8 in CPUID enumeration")
Cc: qemu-stable@nongnu.org
Signed-off-by: Tao Su <tao1.su@linux.intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-ID: <20230706054949.66556-2-tao1.su@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-07-07 12:49:22 +02:00
Philippe Mathieu-Daudé
9c1ce7723b target/ppc: Remove pointless checks of CONFIG_USER_ONLY in 'kvm_ppc.h'
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-ID: <20230627115124.19632-7-philmd@linaro.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:49:14 -03:00
Philippe Mathieu-Daudé
d0815cb808 target/ppc: Restrict 'kvm_ppc.h' to sysemu in cpu_init.c
User emulation shouldn't need any of the KVM prototypes
declared in "kvm_ppc.h".

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-ID: <20230627115124.19632-6-philmd@linaro.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:49:14 -03:00
Philippe Mathieu-Daudé
be67dd4afe target/ppc: Define TYPE_HOST_POWERPC_CPU in cpu-qom.h
TYPE_HOST_POWERPC_CPU is used in various places of cpu_init.c,
in order to restrict "kvm_ppc.h" to sysemu, move this QOM-related
definition to cpu-qom.h.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-ID: <20230627115124.19632-5-philmd@linaro.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:49:14 -03:00
Philippe Mathieu-Daudé
66453c0f0c target/ppc: Move CPU QOM definitions to cpu-qom.h
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-ID: <20230627115124.19632-4-philmd@linaro.org>
[dhb: keep cpu_list define in target/ppc/cpu.h]
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:49:14 -03:00
Philippe Mathieu-Daudé
1b4b1bb506 target/ppc: Reorder #ifdef'ry in kvm_ppc.h
Keep a single if/else/endif block checking CONFIG_KVM.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-ID: <20230627115124.19632-3-philmd@linaro.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:49:14 -03:00
Philippe Mathieu-Daudé
597645ccb5 target/ppc: Have 'kvm_ppc.h' include 'sysemu/kvm.h'
"kvm_ppc.h" declares:

  int kvm_handle_nmi(PowerPCCPU *cpu, struct kvm_run *run);

'struct kvm_run' is declared in "sysemu/kvm.h", include it.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-ID: <20230627115124.19632-2-philmd@linaro.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:49:14 -03:00
Nicholas Piggin
55a7fa34f8 target/ppc: Machine check on invalid real address access on POWER9/10
ppc currently silently accepts invalid real address access. Catch
these and turn them into machine checks on POWER9/10 machines.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-ID: <20230703120301.45313-1-npiggin@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:49:14 -03:00
Nicholas Piggin
9cdfd1b9f7 target/ppc: SMT support for the HID SPR
HID is a per-core shared register, skiboot sets this (e.g., setting
HILE) on one thread and that must affect all threads of the core.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-ID: <20230705120631.27670-3-npiggin@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:47:49 -03:00
Nicholas Piggin
3401ea3cfe target/ppc: Add LPAR-per-core vs per-thread mode flag
The Power ISA has the concept of sub-processors:

  Hardware is allowed to sub-divide a multi-threaded processor into
  "sub-processors" that appear to privileged programs as multi-threaded
  processors with fewer threads.

POWER9 and POWER10 have two modes, either every thread is a
sub-processor or all threads appear as one multi-threaded processor. In
the user manuals these are known as "LPAR per thread" / "Thread LPAR",
and "LPAR per core" / "1 LPAR", respectively.

The practical difference is: in thread LPAR mode, non-hypervisor SPRs
are not shared between threads and msgsndp can not be used to message
siblings. In 1 LPAR mode, some SPRs are shared and msgsndp is usable.
Thrad LPAR allows multiple partitions to run concurrently on the same
core, and is a requirement for KVM to run on POWER9/10 (which does not
gang-schedule an LPAR on all threads of a core like POWER8 KVM).

Traditionally, SMT in PAPR environments including PowerVM and the
pseries QEMU machine with KVM acceleration behaves as in 1 LPAR mode.
In OPAL systems, Thread LPAR is used. When adding SMT to the powernv
machine, it is therefore preferable to emulate Thread LPAR.

To account for this difference between pseries and powernv, an LPAR mode
flag is added such that SPRs can be implemented as per-LPAR shared, and
that becomes either per-thread or per-core depending on the flag.

Reviewed-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-ID: <20230705120631.27670-2-npiggin@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:47:40 -03:00
Narayana Murty N
93c691a003 target: ppc: Use MSR_HVB bit to get the target endianness for memory dump
Currently on PPC64 qemu always dumps the guest memory in
Big Endian (BE) format even though the guest running in Little Endian
(LE) mode. So crash tool fails to load the dump as illustrated below:

Log :
$ virsh dump DOMAIN --memory-only dump.file

Domain 'DOMAIN' dumped to dump.file

$ crash vmlinux dump.file

<snip>
crash 8.0.2-1.el9

WARNING: endian mismatch:
          crash utility: little-endian
          dump.file: big-endian

WARNING: machine type mismatch:
          crash utility: PPC64
          dump.file: (unknown)

crash: dump.file: not a supported file format
<snip>

This happens because cpu_get_dump_info() passes cpu->env->has_hv_mode
to function ppc_interrupts_little_endian(), the cpu->env->has_hv_mode
always set for powerNV even though the guest is not running in hv mode.
The hv mode should be taken from msr_mask MSR_HVB bit
(cpu->env.msr_mask & MSR_HVB). This patch fixes the issue by passing
MSR_HVB value to ppc_interrupts_little_endian() in order to determine
the guest endianness.

The crash tool also expects guest kernel endianness should match the
endianness of the dump.

The patch was tested on POWER9 box booted with Linux as host in
following cases:

Host-Endianess Qemu-Target-Machine                Qemu-Generated-Guest
                                                  Memory-Dump-Format
BE             powernv(OPAL/PowerNV)                   LE
BE             powernv(OPAL/PowerNV)                   BE
LE             powernv(OPAL/PowerNV)                   LE
LE             powernv(OPAL/PowerNV)                   BE
LE             pseries(OPAL/PowerNV/pSeries) KVMHV     LE
LE             pseries TCG                             LE

Fixes: 5609400a42 ("target/ppc: Set the correct endianness for powernv memory
dumps")
Signed-off-by: Narayana Murty N <nnmlinux@linux.ibm.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Vaibhav Jain <vaibhav@linux.ibm.com>
Message-ID: <20230623072506.34713-1-nnmlinux@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:46:12 -03:00
BALATON Zoltan
4e6b7db2c3 target/ppc: Get CPUState in one step
We can get CPUState from env with env_cpu without going through
PowerPCCPU and casting that.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Acked-by: Nicholas Piggin <npiggin@gmail.com>
Message-ID: <28424220f37f51ce97f24cadc7538a9c0d16cb45.1686868895.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:46:12 -03:00
BALATON Zoltan
08d7cfd04c target/ppd: Remove unused define
Commit 7a3fe174b1 removed usage of POWERPC_SYSCALL_VECTORED, drop
the unused define as well.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Message-ID: <50adc24f9d408882128e896d8a81a1a059c41836.1686868895.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:46:12 -03:00
BALATON Zoltan
0661329a35 target/ppc: Remove some more local CPUState variables only used once
Some helpers only have a CPUState local to call cpu_interrupt_exittb()
but we can use env_cpu for that and remove the local.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Acked-by: Nicholas Piggin <npiggin@gmail.com>
Message-ID: <aa34e449552c6ab52d48938ccbe762fc06adac01.1686868895.git.balaton@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-07-07 04:46:12 -03:00