Branch: refs/heads/staging
Home: https://github.com/qemu/qemu
Commit: 5a60026cad4e9dba929cab4f63229e4b9110cf0a
https://github.com/qemu/qemu/commit/5a60026cad4e9dba929cab4f63229e4b9110cf0a
Author: Evgenii Prokopiev <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/csr.c
Log Message:
-----------
target/riscv/csr.c: Fix an access to VXSAT
The register VXSAT should be RW only to the first bit.
The remaining bits should be 0.
The RISC-V Instruction Set Manual Volume I: Unprivileged Architecture
The vxsat CSR has a single read-write least-significant bit (vxsat[0])
that indicates if a fixed-point instruction has had to saturate an output
value to fit into a destination format. Bits vxsat[XLEN-1:1]
should be written as zeros.
Signed-off-by: Evgenii Prokopiev <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 658384884adc6379dbaf09e11a1f1f74ba46c772
https://github.com/qemu/qemu/commit/658384884adc6379dbaf09e11a1f1f74ba46c772
Author: TANG Tiancheng <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M hw/riscv/boot.c
M hw/riscv/sifive_u.c
M include/hw/riscv/boot.h
M include/hw/riscv/boot_opensbi.h
Log Message:
-----------
target/riscv: Add fw_dynamic_info32 for booting RV32 OpenSBI
RV32 OpenSBI need a fw_dynamic_info parameter with 32-bit fields instead
of target_ulong.
In RV64 QEMU, target_ulong is 64. So it is not right for booting RV32 OpenSBI.
We create a fw_dynmaic_info32 struct for this purpose.
Signed-off-by: TANG Tiancheng <[email protected]>
Reviewed-by: Liu Zhiwei <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: efd29e3398001c764fc9f0066ba1589e6ebc1043
https://github.com/qemu/qemu/commit/efd29e3398001c764fc9f0066ba1589e6ebc1043
Author: TANG Tiancheng <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/pmp.c
Log Message:
-----------
target/riscv: Adjust PMP size for no-MMU RV64 QEMU running RV32
Ensure pmp_size is correctly determined using mxl for RV32
in RV64 QEMU.
Signed-off-by: TANG Tiancheng <[email protected]>
Reviewed-by: Liu Zhiwei <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 929e4277c128772bad41cc795995f754cb9991af
https://github.com/qemu/qemu/commit/929e4277c128772bad41cc795995f754cb9991af
Author: TANG Tiancheng <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.h
Log Message:
-----------
target/riscv: Correct SXL return value for RV32 in RV64 QEMU
Ensure that riscv_cpu_sxl returns MXL_RV32 when runningRV32 in an
RV64 QEMU.
Signed-off-by: TANG Tiancheng <[email protected]>
Fixes: 05e6ca5e156 ("target/riscv: Ignore reserved bits in PTE for RV64")
Reviewed-by: Liu Zhiwei <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 870589dcddcc542d88c5f0cdd9b2b43becc8a070
https://github.com/qemu/qemu/commit/870589dcddcc542d88c5f0cdd9b2b43becc8a070
Author: TANG Tiancheng <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu_helper.c
Log Message:
-----------
target/riscv: Detect sxl to set bit width for RV32 in RV64
Ensure correct bit width based on sxl when running RV32 on RV64 QEMU.
This is required as MMU address translations run in S-mode.
Signed-off-by: TANG Tiancheng <[email protected]>
Reviewed-by: Liu Zhiwei <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 58597bfeab45be303a4e514ce375e56b1b0c627e
https://github.com/qemu/qemu/commit/58597bfeab45be303a4e514ce375e56b1b0c627e
Author: TANG Tiancheng <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu_helper.c
Log Message:
-----------
target/riscv: Correct mcause/scause bit width for RV32 in RV64 QEMU
Ensure mcause high bit is correctly set by using 32-bit width for RV32
mode and 64-bit width for RV64 mode.
Signed-off-by: TANG Tiancheng <[email protected]>
Reviewed-by: Liu Zhiwei <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: e087bd4de3369d678ed8ebda4ba1c11b782cf899
https://github.com/qemu/qemu/commit/e087bd4de3369d678ed8ebda4ba1c11b782cf899
Author: TANG Tiancheng <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M configs/targets/riscv64-softmmu.mak
M target/riscv/cpu.c
Log Message:
-----------
target/riscv: Enable RV32 CPU support in RV64 QEMU
Add gdb XML files and adjust CPU initialization to allow running RV32 CPUs
in RV64 QEMU.
Signed-off-by: TANG Tiancheng <[email protected]>
Reviewed-by: Liu Zhiwei <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 48cea772c3e2ac817c2d0741b89a9e968ec2cd81
https://github.com/qemu/qemu/commit/48cea772c3e2ac817c2d0741b89a9e968ec2cd81
Author: LIU Zhiwei <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu-qom.h
M target/riscv/cpu.c
Log Message:
-----------
target/riscv: Add max32 CPU for RV64 QEMU
We may need 32-bit max for RV64 QEMU. Thus we add these two CPUs
for RV64 QEMU.
The reason we don't expose them to RV32 QEMU is that we already have
max cpu with the same configuration. Another reason is that we want
to follow the RISC-V custom where addw instruction doesn't exist in
RV32 CPU.
Signed-off-by: LIU Zhiwei <[email protected]>
Suggested-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: bfd12c92cc77a3def85c18157f5dbc198c062609
https://github.com/qemu/qemu/commit/bfd12c92cc77a3def85c18157f5dbc198c062609
Author: LIU Zhiwei <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M tests/avocado/tuxrun_baselines.py
Log Message:
-----------
tests/avocado: Boot Linux for RV32 cpu on RV64 QEMU
make check-avocado AVOCADO_TESTS=tests/avocado/tuxrun_baselines.py: \
TuxRunBaselineTest:test_riscv64_rv32
Signed-off-by: LIU Zhiwei <[email protected]>
Suggested-by: Daniel Henrique Barboza <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 41fc1f02947dd7a33b2c1d0e8474744b12f2514e
https://github.com/qemu/qemu/commit/41fc1f02947dd7a33b2c1d0e8474744b12f2514e
Author: Sergey Makarov <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M hw/intc/sifive_plic.c
Log Message:
-----------
hw/intc: Make zeroth priority register read-only
According to PLIC specification chapter 4, zeroth
priority register is reserved. Discard writes to
this register.
Signed-off-by: Sergey Makarov <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: a84be2baa9eca8bc500f866ad943b8f63dc99adf
https://github.com/qemu/qemu/commit/a84be2baa9eca8bc500f866ad943b8f63dc99adf
Author: Sergey Makarov <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M hw/intc/sifive_plic.c
Log Message:
-----------
hw/intc: Don't clear pending bits on IRQ lowering
According to PLIC specification (chapter 5), there
is only one case, when interrupt is claimed. Fix
PLIC controller to match this behavior.
Signed-off-by: Sergey Makarov <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: f8c1f36a2e3dab4935e7c5690e578ac71765766b
https://github.com/qemu/qemu/commit/f8c1f36a2e3dab4935e7c5690e578ac71765766b
Author: Rob Bradford <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.c
Log Message:
-----------
target/riscv: Set vtype.vill on CPU reset
The RISC-V unprivileged specification "31.3.11. State of Vector
Extension at Reset" has a note that recommends vtype.vill be set on
reset as part of ensuring that the vector extension have a consistent
state at reset.
This change now makes QEMU consistent with Spike which sets vtype.vill
on reset.
Signed-off-by: Rob Bradford <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 2ae6cca1d3389801ee72fc5e58c52573218f3514
https://github.com/qemu/qemu/commit/2ae6cca1d3389801ee72fc5e58c52573218f3514
Author: Yong-Xuan Wang <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M hw/intc/riscv_aplic.c
Log Message:
-----------
hw/intc/riscv_aplic: Check and update pending when write sourcecfg
The section 4.5.2 of the RISC-V AIA specification says that any write
to a sourcecfg register of an APLIC might (or might not) cause the
corresponding interrupt-pending bit to be set to one if the rectified
input value is high (= 1) under the new source mode.
If an interrupt is asserted before the driver configs its interrupt
type to APLIC, it's pending bit will not be set except a relevant
write to a setip or setipnum register. When we write the interrupt
type to sourcecfg register, if the APLIC device doesn't check
rectified input value and update the pending bit, this interrupt
might never becomes pending.
For APLIC.m, we can manully set pending by setip or setipnum
registers in driver. But for APLIC.w, the pending status totally
depends on the rectified input value, we can't control the pending
status via mmio registers. In this case, hw should check and update
pending status for us when writing sourcecfg registers.
Update QEMU emulation to handle "pre-existing" interrupts.
Signed-off-by: Yong-Xuan Wang <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 4a0e8ca322d2a5ec9bdd9409cb02d4c08a07bef6
https://github.com/qemu/qemu/commit/4a0e8ca322d2a5ec9bdd9409cb02d4c08a07bef6
Author: Alistair Francis <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M hw/char/riscv_htif.c
Log Message:
-----------
hw/char: riscv_htif: Use blocking qemu_chr_fe_write_all
The current approach of using qemu_chr_fe_write() and ignoring the
return values results in dropped characters [1]. Ideally we want to
report FIFO status to the guest, but the HTIF isn't a real UART, so we
don't really have a way to do that.
Instead let's just use qemu_chr_fe_write_all() so at least we don't drop
characters.
1: https://gitlab.com/qemu-project/qemu/-/issues/2114
Signed-off-by: Alistair Francis <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Thomas Huth <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 53c1557b230986ab6320a58e1b2c26216ecd86d5
https://github.com/qemu/qemu/commit/53c1557b230986ab6320a58e1b2c26216ecd86d5
Author: Alistair Francis <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M hw/char/sifive_uart.c
M include/hw/char/sifive_uart.h
Log Message:
-----------
hw/char: sifive_uart: Print uart characters async
The current approach of using qemu_chr_fe_write() and ignoring the
return values results in dropped characters [1].
Let's update the SiFive UART to use a async sifive_uart_xmit() function
to transmit the characters and apply back pressure to the guest with
the SIFIVE_UART_TXFIFO_FULL status.
This should avoid dropped characters and more realisticly model the
hardware.
1: https://gitlab.com/qemu-project/qemu/-/issues/2114
Signed-off-by: Alistair Francis <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Tested-by: Thomas Huth <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: f9158a92404b9aec29f36ad1139b92f493d56604
https://github.com/qemu/qemu/commit/f9158a92404b9aec29f36ad1139b92f493d56604
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.c
M target/riscv/cpu.h
Log Message:
-----------
target/riscv: expose *envcfg csr and priv to qemu-user as well
Execution environment config CSR controlling user env and current
privilege state shouldn't be limited to qemu-system only. *envcfg
CSRs control enabling of features in next lesser mode. In some cases
bits *envcfg CSR can be lit up by kernel as part of kernel policy or
software (user app) can choose to opt-in by issuing a system call
(e.g. prctl). In case of qemu-user, it should be no different because
qemu is providing underlying execution environment facility and thus
either should provide some default value in *envcfg CSRs or react to
system calls (prctls) initiated from application. priv is set to PRV_U
and menvcfg/senvcfg set to 0 for qemu-user on reest.
`henvcfg` has been left for qemu-system only because it is not expected
that someone will use qemu-user where application is expected to have
hypervisor underneath which is controlling its execution environment. If
such a need arises then `henvcfg` could be exposed as well.
Relevant discussion:
https://lore.kernel.org/all/cakmqykotvwpfep2mstqvdumjerkh+bqcckeq4hanydfpdwk...@mail.gmail.com/
Signed-off-by: Deepak Gupta <[email protected]>
Suggested-by: Richard Henderson <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: bd08b22e5648d90ed256a505da75809d0ab6be00
https://github.com/qemu/qemu/commit/bd08b22e5648d90ed256a505da75809d0ab6be00
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.c
M target/riscv/cpu_cfg.h
M target/riscv/tcg/tcg-cpu.c
Log Message:
-----------
target/riscv: Add zicfilp extension
zicfilp [1] riscv cpu extension enables forward control flow integrity.
If enabled, all indirect calls must land on a landing pad instruction.
This patch sets up space for zicfilp extension in cpuconfig. zicfilp
is dependend on zicsr.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepak Gupta <[email protected]>
Co-developed-by: Jim Shu <[email protected]>
Co-developed-by: Andy Chiu <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 4923f672e3d751cd8b7a10e32e09328c8f85ba1d
https://github.com/qemu/qemu/commit/4923f672e3d751cd8b7a10e32e09328c8f85ba1d
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.c
M target/riscv/cpu.h
M target/riscv/cpu_bits.h
M target/riscv/csr.c
M target/riscv/machine.c
M target/riscv/pmp.c
M target/riscv/pmp.h
Log Message:
-----------
target/riscv: Introduce elp state and enabling controls for zicfilp
zicfilp introduces a new state elp ("expected landing pad") in cpu.
During normal execution, elp is idle (NO_LP_EXPECTED) i.e not expecting
landing pad. On an indirect call, elp moves LP_EXPECTED. When elp is
LP_EXPECTED, only a subsquent landing pad instruction can set state back
to NO_LP_EXPECTED. On reset, elp is set to NO_LP_EXPECTED.
zicfilp is enabled via bit2 in *envcfg CSRs. Enabling control for M-mode
is in mseccfg CSR at bit position 10.
On trap, elp state is saved away in *status.
Adds elp to the migration state as well.
Signed-off-by: Deepak Gupta <[email protected]>
Co-developed-by: Jim Shu <[email protected]>
Co-developed-by: Andy Chiu <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 53309be15619096b4ff2f05ec5e5d9b9bb6b6a82
https://github.com/qemu/qemu/commit/53309be15619096b4ff2f05ec5e5d9b9bb6b6a82
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.h
M target/riscv/cpu_helper.c
M target/riscv/op_helper.c
Log Message:
-----------
target/riscv: save and restore elp state on priv transitions
elp state is recorded in *status on trap entry (less privilege to higher
privilege) and restored in elp from *status on trap exit (higher to less
privilege).
Additionally this patch introduces a forward cfi helper function to
determine if current privilege has forward cfi is enabled or not based on
*envcfg (for U, VU, S, VU, HS) or mseccfg csr (for M).
Signed-off-by: Deepak Gupta <[email protected]>
Co-developed-by: Jim Shu <[email protected]>
Co-developed-by: Andy Chiu <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 6031102401ae8a69a87b20fbec2aae666625d96a
https://github.com/qemu/qemu/commit/6031102401ae8a69a87b20fbec2aae666625d96a
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.h
M target/riscv/cpu_helper.c
M target/riscv/csr.c
Log Message:
-----------
target/riscv: additional code information for sw check
sw check exception support was recently added. This patch further augments
sw check exception by providing support for additional code which is
provided in *tval. Adds `sw_check_code` field in cpuarchstate. Whenever
sw check exception is raised *tval gets the value deposited in
`sw_check_code`.
Signed-off-by: Deepak Gupta <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: b039c9611331ccf61a53b2d26d80a8cfb596e0ce
https://github.com/qemu/qemu/commit/b039c9611331ccf61a53b2d26d80a8cfb596e0ce
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.h
M target/riscv/cpu_bits.h
M target/riscv/cpu_helper.c
M target/riscv/translate.c
Log Message:
-----------
target/riscv: tracking indirect branches (fcfi) for zicfilp
zicfilp protects forward control flow (if enabled) by enforcing all
indirect call and jmp must land on a landing pad instruction `lpad`. If
target of an indirect call or jmp is not `lpad` then cpu/hart must raise
a sw check exception with tval = 2.
This patch implements the mechanism using TCG. Target architecture branch
instruction must define the end of a TB. Using this property, during
translation of branch instruction, TB flag = FCFI_LP_EXPECTED can be set.
Translation of target TB can check if FCFI_LP_EXPECTED flag is set and a
flag (fcfi_lp_expected) can be set in DisasContext. If `lpad` gets
translated, fcfi_lp_expected flag in DisasContext can be cleared. Else
it'll fault.
Signed-off-by: Deepak Gupta <[email protected]>
Co-developed-by: Jim Shu <[email protected]>
Co-developed-by: Andy Chiu <[email protected]>
Suggested-by: Richard Henderson <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 966f3a38958acf18ae64031c014dcd58e2181211
https://github.com/qemu/qemu/commit/966f3a38958acf18ae64031c014dcd58e2181211
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu_user.h
M target/riscv/insn32.decode
M target/riscv/insn_trans/trans_rvi.c.inc
Log Message:
-----------
target/riscv: zicfilp `lpad` impl and branch tracking
Implements setting lp expected when `jalr` is encountered and implements
`lpad` instruction of zicfilp. `lpad` instruction is taken out of
auipc x0, <imm_20>. This is an existing HINTNOP space. If `lpad` is
target of an indirect branch, cpu checks for 20 bit value in x7 upper
with 20 bit value embedded in `lpad`. If they don't match, cpu raises a
sw check exception with tval = 2.
Signed-off-by: Deepak Gupta <[email protected]>
Co-developed-by: Jim Shu <[email protected]>
Co-developed-by: Andy Chiu <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 5e761bd6136bdc67f7283118af8ab9e0a43f1867
https://github.com/qemu/qemu/commit/5e761bd6136bdc67f7283118af8ab9e0a43f1867
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M disas/riscv.c
M disas/riscv.h
Log Message:
-----------
disas/riscv: enable `lpad` disassembly
Signed-off-by: Deepak Gupta <[email protected]>
Co-developed-by: Jim Shu <[email protected]>
Co-developed-by: Andy Chiu <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: ff81343e7430fe21f9e7e6132f5627a831e3557b
https://github.com/qemu/qemu/commit/ff81343e7430fe21f9e7e6132f5627a831e3557b
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.c
Log Message:
-----------
target/riscv: Expose zicfilp extension as a cpu property
Signed-off-by: Deepak Gupta <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: cf064a671a67379c80e4a50a020cbe163f9875c9
https://github.com/qemu/qemu/commit/cf064a671a67379c80e4a50a020cbe163f9875c9
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.c
M target/riscv/cpu_cfg.h
M target/riscv/tcg/tcg-cpu.c
Log Message:
-----------
target/riscv: Add zicfiss extension
zicfiss [1] riscv cpu extension enables backward control flow integrity.
This patch sets up space for zicfiss extension in cpuconfig. And imple-
ments dependency on A, zicsr, zimop and zcmop extensions.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepak Gupta <[email protected]>
Co-developed-by: Jim Shu <[email protected]>
Co-developed-by: Andy Chiu <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 8205bc127a83719d85a28ceffdd5e822b8fa3db7
https://github.com/qemu/qemu/commit/8205bc127a83719d85a28ceffdd5e822b8fa3db7
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.c
M target/riscv/cpu.h
M target/riscv/cpu_bits.h
M target/riscv/cpu_helper.c
M target/riscv/csr.c
M target/riscv/machine.c
Log Message:
-----------
target/riscv: introduce ssp and enabling controls for zicfiss
zicfiss introduces a new state ssp ("shadow stack register") in cpu.
ssp is expressed as a new unprivileged csr (CSR_SSP=0x11) and holds
virtual address for shadow stack as programmed by software.
Shadow stack (for each mode) is enabled via bit3 in *envcfg CSRs.
Shadow stack can be enabled for a mode only if it's higher privileged
mode had it enabled for itself. M mode doesn't need enabling control,
it's always available if extension is available on cpu.
This patch also implements helper bcfi function which determines if bcfi
is enabled at current privilege or not.
Adds ssp to migration state as well.
Signed-off-by: Deepak Gupta <[email protected]>
Co-developed-by: Jim Shu <[email protected]>
Co-developed-by: Andy Chiu <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: f9fdf9077c2a6d7d2bfc5ccfcd961f60d311218d
https://github.com/qemu/qemu/commit/f9fdf9077c2a6d7d2bfc5ccfcd961f60d311218d
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.h
M target/riscv/cpu_helper.c
M target/riscv/translate.c
Log Message:
-----------
target/riscv: tb flag for shadow stack instructions
Shadow stack instructions can be decoded as zimop / zcmop or shadow stack
instructions depending on whether shadow stack are enabled at current
privilege. This requires a TB flag so that correct TB generation and correct
TB lookup happens. `DisasContext` gets a field indicating whether bcfi is
enabled or not.
Signed-off-by: Deepak Gupta <[email protected]>
Co-developed-by: Jim Shu <[email protected]>
Co-developed-by: Andy Chiu <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 669b4867495c48cfb302c6500de99f79d38802b6
https://github.com/qemu/qemu/commit/669b4867495c48cfb302c6500de99f79d38802b6
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu_helper.c
M target/riscv/internals.h
Log Message:
-----------
target/riscv: mmu changes for zicfiss shadow stack protection
zicfiss protects shadow stack using new page table encodings PTE.W=1,
PTE.R=0 and PTE.X=0. This encoding is reserved if zicfiss is not
implemented or if shadow stack are not enabled.
Loads on shadow stack memory are allowed while stores to shadow stack
memory leads to access faults. Shadow stack accesses to RO memory
leads to store page fault.
To implement special nature of shadow stack memory where only selected
stores (shadow stack stores from sspush) have to be allowed while rest
of regular stores disallowed, new MMU TLB index is created for shadow
stack.
Furthermore, `check_zicbom_access` (`cbo.clean/flush/inval`) may probe
shadow stack memory and must always raise store/AMO access fault because
it has store semantics. For non-shadow stack memory even though
`cbo.clean/flush/inval` have store semantics, it will not fault if read
is allowed (probably to follow `clflush` on x86). Although if read is not
allowed, eventually `probe_write` will do store page (or access) fault (if
permissions don't allow it). cbo operations on shadow stack memory must
always raise store access fault. Thus extending `get_physical_address` to
recieve `probe` parameter as well.
Signed-off-by: Deepak Gupta <[email protected]>
Suggested-by: Richard Henderson <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 98f21c30f5beffc45232721ae79c019df58ae9f1
https://github.com/qemu/qemu/commit/98f21c30f5beffc45232721ae79c019df58ae9f1
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu.h
M target/riscv/cpu_helper.c
M target/riscv/tcg/tcg-cpu.c
M target/riscv/translate.c
Log Message:
-----------
target/riscv: AMO operations always raise store/AMO fault
This patch adds one more word for tcg compile which can be obtained during
unwind time to determine fault type for original operation (example AMO).
Depending on that, fault can be promoted to store/AMO fault.
Signed-off-by: Deepak Gupta <[email protected]>
Suggested-by: Richard Henderson <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: f21b36a022bb23a696058133bc938e4d91b4d4b8
https://github.com/qemu/qemu/commit/f21b36a022bb23a696058133bc938e4d91b4d4b8
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/insn_trans/trans_privileged.c.inc
M target/riscv/insn_trans/trans_rva.c.inc
M target/riscv/insn_trans/trans_rvd.c.inc
M target/riscv/insn_trans/trans_rvf.c.inc
M target/riscv/insn_trans/trans_rvh.c.inc
M target/riscv/insn_trans/trans_rvi.c.inc
M target/riscv/insn_trans/trans_rvvk.c.inc
M target/riscv/insn_trans/trans_rvzacas.c.inc
M target/riscv/insn_trans/trans_rvzfh.c.inc
M target/riscv/insn_trans/trans_svinval.c.inc
M target/riscv/translate.c
Log Message:
-----------
target/riscv: update `decode_save_opc` to store extra word2
Extra word 2 is stored during tcg compile and `decode_save_opc` needs
additional argument in order to pass the value. This will be used during
unwind to get extra information about instruction like how to massage
exceptions. Updated all callsites as well.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/594
Signed-off-by: Deepak Gupta <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: f06bfe3dc38cb6d112d17218cceda223725f3fd4
https://github.com/qemu/qemu/commit/f06bfe3dc38cb6d112d17218cceda223725f3fd4
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/cpu_bits.h
M target/riscv/insn32.decode
A target/riscv/insn_trans/trans_rvzicfiss.c.inc
M target/riscv/translate.c
Log Message:
-----------
target/riscv: implement zicfiss instructions
zicfiss has following instructions
- sspopchk: pops a value from shadow stack and compares with x1/x5.
If they dont match, reports a sw check exception with tval = 3.
- sspush: pushes value in x1/x5 on shadow stack
- ssrdp: reads current shadow stack
- ssamoswap: swaps contents of shadow stack atomically
sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0
If SSE=0, ssamoswap is illegal instruction exception.
This patch implements shadow stack operations for qemu-user and shadow
stack is not protected.
Signed-off-by: Deepak Gupta <[email protected]>
Co-developed-by: Jim Shu <[email protected]>
Co-developed-by: Andy Chiu <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 905c032417ca90776df840cdef696c633f420868
https://github.com/qemu/qemu/commit/905c032417ca90776df840cdef696c633f420868
Author: Deepak Gupta <[email protected]>
Date: 2024-10-30 (Wed, 30 Oct 2024)
Changed paths:
M target/riscv/insn16.decode
Log Message:
-----------
target/riscv: compressed encodings for sspush and sspopchk
sspush/sspopchk have compressed encodings carved out of zcmops.
compressed sspush is designated as c.mop.1 while compressed sspopchk
is designated as c.mop.5.
Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly
c.sspopchk x5 exists while c.sspopchk x1 doesn't.
Signed-off-by: Deepak Gupta <[email protected]>
Co-developed-by: Jim Shu <[email protected]>
Co-developed-by: Andy Chiu <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: b9080d0765079ccc4b9f742198530e6b44962009
https://github.com/qemu/qemu/commit/b9080d0765079ccc4b9f742198530e6b44962009
Author: Deepak Gupta <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M disas/riscv.c
M disas/riscv.h
Log Message:
-----------
disas/riscv: enable disassembly for zicfiss instructions
Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap.
Disasembly is only enabled if zimop and zicfiss ext is set to true.
Signed-off-by: Deepak Gupta <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: e75f94512397dd8a844ebd3f867d8d935959ca79
https://github.com/qemu/qemu/commit/e75f94512397dd8a844ebd3f867d8d935959ca79
Author: Deepak Gupta <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M disas/riscv.c
M disas/riscv.h
Log Message:
-----------
disas/riscv: enable disassembly for compressed sspush/sspopchk
sspush and sspopchk have equivalent compressed encoding taken from zcmop.
cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding
for both rs1 and rs2 from space bitfield, this required a new codec.
Signed-off-by: Deepak Gupta <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: a6a47319dd9df50c1b72ed775ec58c7451877d4b
https://github.com/qemu/qemu/commit/a6a47319dd9df50c1b72ed775ec58c7451877d4b
Author: Deepak Gupta <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M target/riscv/cpu.c
Log Message:
-----------
target/riscv: Expose zicfiss extension as a cpu property
Signed-off-by: Deepak Gupta <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: c6f3443af1bb61f25126861f33ede06b56c0ee85
https://github.com/qemu/qemu/commit/c6f3443af1bb61f25126861f33ede06b56c0ee85
Author: Tomasz Jeznach <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M include/exec/memattrs.h
Log Message:
-----------
exec/memtxattr: add process identifier to the transaction attributes
Extend memory transaction attributes with process identifier to allow
per-request address translation logic to use requester_id / process_id
to identify memory mapping (e.g. enabling IOMMU w/ PASID translations).
Signed-off-by: Tomasz Jeznach <[email protected]>
Reviewed-by: Frank Chang <[email protected]>
Reviewed-by: Jason Chien <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: e21b3b243f75afd8b0986a40e5ef8107868d84e3
https://github.com/qemu/qemu/commit/e21b3b243f75afd8b0986a40e5ef8107868d84e3
Author: Tomasz Jeznach <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
A hw/riscv/riscv-iommu-bits.h
Log Message:
-----------
hw/riscv: add riscv-iommu-bits.h
This header will be used by the RISC-V IOMMU emulation to be added
in the next patch. Due to its size it's being sent in separate for
an easier review.
One thing to notice is that this header can be replaced by the future
Linux RISC-V IOMMU driver header, which would become a linux-header we
would import instead of keeping our own. The Linux implementation isn't
upstream yet so for now we'll have to manage riscv-iommu-bits.h.
Signed-off-by: Tomasz Jeznach <[email protected]>
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Frank Chang <[email protected]>
Reviewed-by: Jason Chien <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 0c54acb8243dfc51a021d108ffef794c89c84f72
https://github.com/qemu/qemu/commit/0c54acb8243dfc51a021d108ffef794c89c84f72
Author: Tomasz Jeznach <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M hw/riscv/Kconfig
M hw/riscv/meson.build
M hw/riscv/riscv-iommu-bits.h
A hw/riscv/riscv-iommu.c
A hw/riscv/riscv-iommu.h
A hw/riscv/trace-events
A hw/riscv/trace.h
A include/hw/riscv/iommu.h
M meson.build
Log Message:
-----------
hw/riscv: add RISC-V IOMMU base emulation
The RISC-V IOMMU specification is now ratified as-per the RISC-V
international process. The latest frozen specifcation can be found at:
https://github.com/riscv-non-isa/riscv-iommu/releases/download/v1.0/riscv-iommu.pdf
Add the foundation of the device emulation for RISC-V IOMMU. It includes
support for s-stage (sv32, sv39, sv48, sv57 caps) and g-stage (sv32x4,
sv39x4, sv48x4, sv57x4 caps).
Other capabilities like ATS and DBG support will be added incrementally
in the next patches.
Co-developed-by: Sebastien Boeuf <[email protected]>
Signed-off-by: Sebastien Boeuf <[email protected]>
Signed-off-by: Tomasz Jeznach <[email protected]>
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Reviewed-by: Jason Chien <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 3c445dacc47f43d2e66280d393b71ac8e5bb01bb
https://github.com/qemu/qemu/commit/3c445dacc47f43d2e66280d393b71ac8e5bb01bb
Author: Daniel Henrique Barboza <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M docs/specs/pci-ids.rst
M include/hw/pci/pci.h
Log Message:
-----------
pci-ids.rst: add Red Hat pci-id for RISC-V IOMMU device
The RISC-V IOMMU PCI device we're going to add next is a reference
implementation of the riscv-iommu spec [1], which predicts that the
IOMMU can be implemented as a PCIe device.
However, RISC-V International (RVI), the entity that ratified the
riscv-iommu spec, didn't bother assigning a PCI ID for this IOMMU PCIe
implementation that the spec predicts. This puts us in an uncommon
situation because we want to add the reference IOMMU PCIe implementation
but we don't have a PCI ID for it.
Given that RVI doesn't provide a PCI ID for it we reached out to Red Hat
and Gerd Hoffman, and they were kind enough to give us a PCI ID for the
RISC-V IOMMU PCI reference device.
Thanks Red Hat and Gerd for this RISC-V IOMMU PCIe device ID.
[1] https://github.com/riscv-non-isa/riscv-iommu/releases/tag/v1.0.0
Cc: Gerd Hoffmann <[email protected]>
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Frank Chang <[email protected]>
Reviewed-by: Gerd Hoffmann <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: b9b283260e810afc7e0117e41827070f315c3f96
https://github.com/qemu/qemu/commit/b9b283260e810afc7e0117e41827070f315c3f96
Author: Tomasz Jeznach <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M hw/riscv/meson.build
A hw/riscv/riscv-iommu-pci.c
Log Message:
-----------
hw/riscv: add riscv-iommu-pci reference device
The RISC-V IOMMU can be modelled as a PCIe device following the
guidelines of the RISC-V IOMMU spec, chapter 7.1, "Integrating an IOMMU
as a PCIe device".
Signed-off-by: Tomasz Jeznach <[email protected]>
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Frank Chang <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: df240d66ef38cba9dcc7f9a57e0804471eea86bd
https://github.com/qemu/qemu/commit/df240d66ef38cba9dcc7f9a57e0804471eea86bd
Author: Tomasz Jeznach <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M hw/riscv/virt.c
Log Message:
-----------
hw/riscv/virt.c: support for RISC-V IOMMU PCIDevice hotplug
Generate device tree entry for riscv-iommu PCI device, along with
mapping all PCI device identifiers to the single IOMMU device instance.
Signed-off-by: Tomasz Jeznach <[email protected]>
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Frank Chang <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 40b44316d817b021df2db9c3a24b75ce89ce69c2
https://github.com/qemu/qemu/commit/40b44316d817b021df2db9c3a24b75ce89ce69c2
Author: Daniel Henrique Barboza <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M tests/qtest/libqos/meson.build
A tests/qtest/libqos/riscv-iommu.c
A tests/qtest/libqos/riscv-iommu.h
M tests/qtest/meson.build
A tests/qtest/riscv-iommu-test.c
Log Message:
-----------
test/qtest: add riscv-iommu-pci tests
To test the RISC-V IOMMU emulation we'll use its PCI representation.
Create a new 'riscv-iommu-pci' libqos device that will be present with
CONFIG_RISCV_IOMMU. This config is only available for RISC-V, so this
device will only be consumed by the RISC-V libqos machine.
Start with basic tests: a PCI sanity check and a reset state register
test. The reset test was taken from the RISC-V IOMMU spec chapter 5.2,
"Reset behavior".
More tests will be added later.
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Frank Chang <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 9d085a1c3cb2b6a1ee77d5f6e0ca20241208acd8
https://github.com/qemu/qemu/commit/9d085a1c3cb2b6a1ee77d5f6e0ca20241208acd8
Author: Tomasz Jeznach <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M hw/riscv/riscv-iommu.c
M hw/riscv/riscv-iommu.h
Log Message:
-----------
hw/riscv/riscv-iommu: add Address Translation Cache (IOATC)
The RISC-V IOMMU spec predicts that the IOMMU can use translation caches
to hold entries from the DDT. This includes implementation for all cache
commands that are marked as 'not implemented'.
There are some artifacts included in the cache that predicts s-stage and
g-stage elements, although we don't support it yet. We'll introduce them
next.
Signed-off-by: Tomasz Jeznach <[email protected]>
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Frank Chang <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 69a9ae483696e185889edaeddacf46afd9110bc6
https://github.com/qemu/qemu/commit/69a9ae483696e185889edaeddacf46afd9110bc6
Author: Tomasz Jeznach <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M hw/riscv/riscv-iommu-bits.h
M hw/riscv/riscv-iommu.c
M hw/riscv/riscv-iommu.h
M hw/riscv/trace-events
Log Message:
-----------
hw/riscv/riscv-iommu: add ATS support
Add PCIe Address Translation Services (ATS) capabilities to the IOMMU.
This will add support for ATS translation requests in Fault/Event
queues, Page-request queue and IOATC invalidations.
Signed-off-by: Tomasz Jeznach <[email protected]>
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Frank Chang <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: a7aa525b93c3f7a847cd2185b71aef97a17ec3d5
https://github.com/qemu/qemu/commit/a7aa525b93c3f7a847cd2185b71aef97a17ec3d5
Author: Tomasz Jeznach <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M hw/riscv/riscv-iommu-bits.h
M hw/riscv/riscv-iommu.c
Log Message:
-----------
hw/riscv/riscv-iommu: add DBG support
DBG support adds three additional registers: tr_req_iova, tr_req_ctl and
tr_response.
The DBG cap is always enabled. No on/off toggle is provided for it.
Signed-off-by: Tomasz Jeznach <[email protected]>
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Frank Chang <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: d4f7804bac1bc67d49c78477baae36d070cd85d1
https://github.com/qemu/qemu/commit/d4f7804bac1bc67d49c78477baae36d070cd85d1
Author: Daniel Henrique Barboza <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M tests/qtest/libqos/riscv-iommu.h
M tests/qtest/riscv-iommu-test.c
Log Message:
-----------
qtest/riscv-iommu-test: add init queues test
Add an additional test to further exercise the IOMMU where we attempt to
initialize the command, fault and page-request queues.
These steps are taken from chapter 6.2 of the RISC-V IOMMU spec,
"Guidelines for initialization". It emulates what we expect from the
software/OS when initializing the IOMMU.
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Frank Chang <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 77cfbf5d08f8fbcc721b6309c560e4f48bdda8fd
https://github.com/qemu/qemu/commit/77cfbf5d08f8fbcc721b6309c560e4f48bdda8fd
Author: Daniel Henrique Barboza <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M docs/specs/index.rst
A docs/specs/riscv-iommu.rst
M docs/system/riscv/virt.rst
Log Message:
-----------
docs/specs: add riscv-iommu
Add a simple guideline to use the existing RISC-V IOMMU support we just
added.
This doc will be updated once we add the riscv-iommu-sys device.
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: d201a127e164b1683df5e7c93c6d42a74122db99
https://github.com/qemu/qemu/commit/d201a127e164b1683df5e7c93c6d42a74122db99
Author: Daniel Henrique Barboza <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M target/riscv/kvm/kvm-cpu.c
Log Message:
-----------
target/riscv/kvm: set 'aia_mode' to default in error path
When failing to set the selected AIA mode, 'aia_mode' is left untouched.
This means that 'aia_mode' will not reflect the actual AIA mode,
retrieved in 'default_aia_mode',
This is benign for now, but it will impact QMP query commands that will
expose the 'aia_mode' value, retrieving the wrong value.
Set 'aia_mode' to 'default_aia_mode' if we fail to change the AIA mode
in KVM.
While we're at it, rework the log/warning messages to be a bit less
verbose. Instead of:
KVM AIA: default mode is emul
qemu-system-riscv64: warning: KVM AIA: failed to set KVM AIA mode
We can use a single warning message:
qemu-system-riscv64: warning: KVM AIA: failed to set KVM AIA mode 'auto', using
default host mode 'emul'
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: fd16cfb2995e9196b579d8885145c4247dfa6058
https://github.com/qemu/qemu/commit/fd16cfb2995e9196b579d8885145c4247dfa6058
Author: Daniel Henrique Barboza <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M target/riscv/kvm/kvm-cpu.c
Log Message:
-----------
target/riscv/kvm: clarify how 'riscv-aia' default works
We do not have control in the default 'riscv-aia' default value. We can
try to set it to a specific value, in this case 'auto', but there's no
guarantee that the host will accept it.
Couple with this we're always doing a 'qemu_log' to inform whether we're
ended up using the host default or if we managed to set the AIA mode to
the QEMU default we wanted to set.
Change the 'riscv-aia' description to better reflect how the option
works, and remove the two informative 'qemu_log' that are now unneeded:
if no message shows, riscv-aia was set to the default or uset-set value.
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: c128d39edeff337220fc536a3e935bcba01ecb49
https://github.com/qemu/qemu/commit/c128d39edeff337220fc536a3e935bcba01ecb49
Author: Anton Blanchard <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M target/riscv/vector_helper.c
Log Message:
-----------
target/riscv: Fix vcompress with rvv_ta_all_1s
vcompress packs vl or less fields into vd, so the tail starts after the
last packed field. This could be more clearly expressed in the ISA,
but for now this thread helps to explain it:
https://github.com/riscv/riscv-v-spec/issues/796
Signed-off-by: Anton Blanchard <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 92ec7805190313c9e628f8fc4eb4f932c15247bd
https://github.com/qemu/qemu/commit/92ec7805190313c9e628f8fc4eb4f932c15247bd
Author: Peter Maydell <[email protected]>
Date: 2024-10-31 (Thu, 31 Oct 2024)
Changed paths:
M configs/targets/riscv64-softmmu.mak
M disas/riscv.c
M disas/riscv.h
M docs/specs/index.rst
M docs/specs/pci-ids.rst
A docs/specs/riscv-iommu.rst
M docs/system/riscv/virt.rst
M hw/char/riscv_htif.c
M hw/char/sifive_uart.c
M hw/intc/riscv_aplic.c
M hw/intc/sifive_plic.c
M hw/riscv/Kconfig
M hw/riscv/boot.c
M hw/riscv/meson.build
A hw/riscv/riscv-iommu-bits.h
A hw/riscv/riscv-iommu-pci.c
A hw/riscv/riscv-iommu.c
A hw/riscv/riscv-iommu.h
M hw/riscv/sifive_u.c
A hw/riscv/trace-events
A hw/riscv/trace.h
M hw/riscv/virt.c
M include/exec/memattrs.h
M include/hw/char/sifive_uart.h
M include/hw/pci/pci.h
M include/hw/riscv/boot.h
M include/hw/riscv/boot_opensbi.h
A include/hw/riscv/iommu.h
M meson.build
M target/riscv/cpu-qom.h
M target/riscv/cpu.c
M target/riscv/cpu.h
M target/riscv/cpu_bits.h
M target/riscv/cpu_cfg.h
M target/riscv/cpu_helper.c
M target/riscv/cpu_user.h
M target/riscv/csr.c
M target/riscv/insn16.decode
M target/riscv/insn32.decode
M target/riscv/insn_trans/trans_privileged.c.inc
M target/riscv/insn_trans/trans_rva.c.inc
M target/riscv/insn_trans/trans_rvd.c.inc
M target/riscv/insn_trans/trans_rvf.c.inc
M target/riscv/insn_trans/trans_rvh.c.inc
M target/riscv/insn_trans/trans_rvi.c.inc
M target/riscv/insn_trans/trans_rvvk.c.inc
M target/riscv/insn_trans/trans_rvzacas.c.inc
M target/riscv/insn_trans/trans_rvzfh.c.inc
A target/riscv/insn_trans/trans_rvzicfiss.c.inc
M target/riscv/insn_trans/trans_svinval.c.inc
M target/riscv/internals.h
M target/riscv/kvm/kvm-cpu.c
M target/riscv/machine.c
M target/riscv/op_helper.c
M target/riscv/pmp.c
M target/riscv/pmp.h
M target/riscv/tcg/tcg-cpu.c
M target/riscv/translate.c
M target/riscv/vector_helper.c
M tests/avocado/tuxrun_baselines.py
M tests/qtest/libqos/meson.build
A tests/qtest/libqos/riscv-iommu.c
A tests/qtest/libqos/riscv-iommu.h
M tests/qtest/meson.build
A tests/qtest/riscv-iommu-test.c
Log Message:
-----------
Merge tag 'pull-riscv-to-apply-20241031-1' of
https://github.com/alistair23/qemu into staging
RISC-V PR for 9.2
* Fix an access to VXSAT
* Expose RV32 cpu to RV64 QEMU
* Don't clear PLIC pending bits on IRQ lowering
* Make PLIC zeroth priority register read-only
* Set vtype.vill on CPU reset
* Check and update APLIC pending when write sourcecfg
* Avoid dropping charecters with HTIF
* Apply FIFO backpressure to guests using SiFive UART
* Support for control flow integrity extensions
* Support for the IOMMU with the virt machine
* set 'aia_mode' to default in error path
* clarify how 'riscv-aia' default works
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmci/tQACgkQr3yVEwxT
# gBNPAQ//dZKjjJm4Sh+UFdUslivBJYtL1rl2UUG2UqiNn/UoYh/vcHoSArljHTjt
# 8riEStnaQqXziOpMIJjIMLJ4KoiIk2SMvjNfFtcmPiPZEDEpjsTxfUxBFsBee+fI
# 4KNQKKFeljq4pa+VzVvXEqzCNJIzCThFXTZhZmer00M91HPA8ZQIHpv2JL1sWlgZ
# /HW24XEDFLGc/JsR55fxpPftlAqP+BfOrqMmbWy7x2Y+G8WI05hM2zTP/W8pnIz3
# z0GCRYSBlADtrp+3RqzTwQfK5pXoFc0iDktWVYlhoXaeEmOwo8IYxTjrvBGhnBq+
# ySX1DzTa23QmOIxSYYvCRuOxyOK9ziNn+EQ9FiFBt1h1o251CYMil1bwmYXMCMNJ
# rZwF1HfUx0g2GQW1ZOqh1eeyLO29JiOdV3hxlDO7X4bbISNgU6il5MXmnvf0/XVW
# Af3YhALeeDbHgHL1iVfjafzaviQc9+YrEX13eX6N2AjcgE5a3F7XNmGfFpFJ+mfQ
# CPgiwVBXat6UpBUGAt14UM+6wzp+crSgQR5IEGth+mKMKdkWoykvo7A2oHdu39zn
# 2cdzsshg2qcLLUPTFy06OOTXX382kCWXuykhHOjZ4uu2SJJ7R0W3PlYV8HSde2Vu
# Rj+89ZlUSICJNXXweQB39r87hNbtRuDIO22V0B9XrApQbJj6/yE=
# =rPaa
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 31 Oct 2024 03:51:48 GMT
# gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-20241031-1' of https://github.com/alistair23/qemu:
(50 commits)
target/riscv: Fix vcompress with rvv_ta_all_1s
target/riscv/kvm: clarify how 'riscv-aia' default works
target/riscv/kvm: set 'aia_mode' to default in error path
docs/specs: add riscv-iommu
qtest/riscv-iommu-test: add init queues test
hw/riscv/riscv-iommu: add DBG support
hw/riscv/riscv-iommu: add ATS support
hw/riscv/riscv-iommu: add Address Translation Cache (IOATC)
test/qtest: add riscv-iommu-pci tests
hw/riscv/virt.c: support for RISC-V IOMMU PCIDevice hotplug
hw/riscv: add riscv-iommu-pci reference device
pci-ids.rst: add Red Hat pci-id for RISC-V IOMMU device
hw/riscv: add RISC-V IOMMU base emulation
hw/riscv: add riscv-iommu-bits.h
exec/memtxattr: add process identifier to the transaction attributes
target/riscv: Expose zicfiss extension as a cpu property
disas/riscv: enable disassembly for compressed sspush/sspopchk
disas/riscv: enable disassembly for zicfiss instructions
target/riscv: compressed encodings for sspush and sspopchk
target/riscv: implement zicfiss instructions
...
Signed-off-by: Peter Maydell <[email protected]>
Compare: https://github.com/qemu/qemu/compare/ea8ae47bdd20...92ec78051903
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
