Re: [PATCH v4] riscv: Allow user to set the satp mode
On Fri, Dec 16, 2022 at 2:03 PM Alexandre Ghiti wrote:
>
> Hi Frank,
>
> On Fri, Dec 16, 2022 at 10:32 AM Frank Chang wrote:
> >
> > Hi Alexandre,
> >
> > Thanks for the contribution. This is really helpful.
> >
> > It seems like if we want to specify the SATP mode for the "named" CPUs,
> > we have to do, e.g.:
> > cpu->cfg.satp_mode.map |= (1 << idx_satp_mode_from_str("sv39"));
> > in each CPU's init function.
> >
> > Can we add another helper function to wrap this for the "named" CPUs?
>
> Yes sure, I'll add some helpers for the bit operations in general,
> that will be cleaner. And I'll set the default satp mode for the
> current cpus in each cpu init function too.
>
> Thanks for your remarks,
>
> Alex
>
> >
> > Regards,
> > Frank Chang
> >
> >
> > On Mon, Dec 12, 2022 at 6:23 PM Alexandre Ghiti
> > wrote:
> >>
> >> RISC-V specifies multiple sizes for addressable memory and Linux probes for
> >> the machine's support at startup via the satp CSR register (done in
> >> csr.c:validate_vm).
> >>
> >> As per the specification, sv64 must support sv57, which in turn must
> >> support sv48...etc. So we can restrict machine support by simply setting
> >> the
> >> "highest" supported mode and the bare mode is always supported.
> >>
> >> You can set the satp mode using the new properties "mbare", "sv32",
> >> "sv39", "sv48", "sv57" and "sv64" as follows:
> >> -cpu rv64,sv57=on # Linux will boot using sv57 scheme
> >> -cpu rv64,sv39=on # Linux will boot using sv39 scheme
> >>
> >> We take the highest level set by the user:
> >> -cpu rv64,sv48=on,sv57=on # Linux will boot using sv57 scheme
> >>
> >> We make sure that invalid configurations are rejected:
> >> -cpu rv64,sv32=on # Can't enable 32-bit satp mode in 64-bit
> >> -cpu rv64,sv39=off,sv48=on # sv39 must be supported if higher modes are
> >># enabled
> >>
> >> We accept "redundant" configurations:
> >> -cpu rv64,sv48=on,sv57=off # sv39 must be supported if higher modes are
> >>
> >> In addition, we now correctly set the device-tree entry 'mmu-type' using
> >> those new properties.
> >>
> >> Co-Developed-by: Ludovic Henry
> >> Signed-off-by: Ludovic Henry
> >> Signed-off-by: Alexandre Ghiti
> >> ---
> >> v4:
> >> - Use custom boolean properties instead of OnOffAuto properties, based
> >> on ARMVQMap, as suggested by Andrew
> >>
> >> v3:
> >> - Free sv_name as pointed by Bin
> >> - Replace satp-mode with boolean properties as suggested by Andrew
> >> - Removed RB from Atish as the patch considerably changed
> >>
> >> v2:
> >> - Use error_setg + return as suggested by Alistair
> >> - Add RB from Atish
> >> - Fixed checkpatch issues missed in v1
> >> - Replaced Ludovic email address with the rivos one
> >>
> >> hw/riscv/virt.c| 20 +++--
> >> target/riscv/cpu.c | 217 +++--
> >> target/riscv/cpu.h | 25 ++
> >> target/riscv/csr.c | 13 ++-
> >> 4 files changed, 256 insertions(+), 19 deletions(-)
> >>
> >> diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> >> index a5bc7353b4..9bb5ba7366 100644
> >> --- a/hw/riscv/virt.c
> >> +++ b/hw/riscv/virt.c
> >> @@ -228,7 +228,8 @@ static void create_fdt_socket_cpus(RISCVVirtState *s,
> >> int socket,
> >> int cpu;
> >> uint32_t cpu_phandle;
> >> MachineState *mc = MACHINE(s);
> >> -char *name, *cpu_name, *core_name, *intc_name;
> >> +uint8_t satp_mode_max;
> >> +char *name, *cpu_name, *core_name, *intc_name, *sv_name;
> >>
> >> for (cpu = s->soc[socket].num_harts - 1; cpu >= 0; cpu--) {
> >> cpu_phandle = (*phandle)++;
> >> @@ -236,14 +237,15 @@ static void create_fdt_socket_cpus(RISCVVirtState
> >> *s, int socket,
> >> cpu_name = g_strdup_printf("/cpus/cpu@%d",
> >> s->soc[socket].hartid_base + cpu);
> >> qemu_fdt_add_subnode(mc->fdt, cpu_name);
> >> -if (riscv_feature(>soc[socket].harts[cpu].env,
> >> - RISCV_FEATURE_MMU)) {
> >> -qemu_fdt_setprop_string(mc->fdt, cpu_name, "mmu-type",
> >> -(is_32_bit) ? "riscv,sv32" :
> >> "riscv,sv48");
> >> -} else {
> >> -qemu_fdt_setprop_string(mc->fdt, cpu_name, "mmu-type",
> >> -"riscv,none");
> >> -}
> >> +
> >> +satp_mode_max = satp_mode_max_from_map(
> >> +s->soc[socket].harts[cpu].cfg.satp_mode.map,
> >> +is_32_bit);
> >> +sv_name = g_strdup_printf("riscv,%s",
> >> + satp_mode_str(satp_mode_max,
> >> is_32_bit));
> >> +qemu_fdt_setprop_string(mc->fdt, cpu_name, "mmu-type", sv_name);
> >> +g_free(sv_name);
> >> +
> >> name = riscv_isa_string(>soc[socket].harts[cpu]);
> >> qemu_fdt_setprop_string(mc->fdt, cpu_name, "riscv,isa", name);
> >> g_free(name);
> >> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> >> index
[PATCH v2 3/4] s390x/pv: Introduce a s390_pv_check() helper for runtime
From: Cédric Le Goater
If a secure kernel is started in a non-protected VM, the OS will hang
during boot without giving a proper error message to the user.
Perform the checks on Confidential Guest support at runtime with an
helper called from the service call switching the guest to protected
mode.
Signed-off-by: Cédric Le Goater
---
include/hw/s390x/pv.h | 2 ++
hw/s390x/pv.c | 13 +
target/s390x/diag.c | 7 +++
3 files changed, 22 insertions(+)
diff --git a/include/hw/s390x/pv.h b/include/hw/s390x/pv.h
index 9360aa1091..ca7dac2e20 100644
--- a/include/hw/s390x/pv.h
+++ b/include/hw/s390x/pv.h
@@ -55,6 +55,7 @@ int kvm_s390_dump_init(void);
int kvm_s390_dump_cpu(S390CPU *cpu, void *buff);
int kvm_s390_dump_mem_state(uint64_t addr, size_t len, void *dest);
int kvm_s390_dump_completion_data(void *buff);
+bool s390_pv_check(Error **errp);
#else /* CONFIG_KVM */
static inline bool s390_is_pv(void) { return false; }
static inline int s390_pv_query_info(void) { return 0; }
@@ -75,6 +76,7 @@ static inline int kvm_s390_dump_cpu(S390CPU *cpu, void *buff)
{ return 0; }
static inline int kvm_s390_dump_mem_state(uint64_t addr, size_t len,
void *dest) { return 0; }
static inline int kvm_s390_dump_completion_data(void *buff) { return 0; }
+static inline bool s390_pv_check(Error **errp) { return false; }
#endif /* CONFIG_KVM */
int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp);
diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index d53ef8fd38..13c6116076 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -327,6 +327,19 @@ int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error
**errp)
return 0;
}
+bool s390_pv_check(Error **errp)
+{
+MachineState *ms = MACHINE(qdev_get_machine());
+
+if (!ms->cgs) {
+error_setg(errp, "Protected VM is started without Confidential"
+ " Guest support");
+return false;
+}
+
+return s390_pv_guest_check(ms->cgs, errp);
+}
+
OBJECT_DEFINE_TYPE_WITH_INTERFACES(S390PVGuest,
s390_pv_guest,
S390_PV_GUEST,
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 76b01dcd68..9b16e25930 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -79,6 +79,7 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1,
uint64_t r3, uintptr_t ra)
uint64_t addr = env->regs[r1];
uint64_t subcode = env->regs[r3];
IplParameterBlock *iplb;
+Error *local_err = NULL;
if (env->psw.mask & PSW_MASK_PSTATE) {
s390_program_interrupt(env, PGM_PRIVILEGED, ra);
@@ -176,6 +177,12 @@ out:
return;
}
+if (!s390_pv_check(_err)) {
+error_report_err(local_err);
+env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
+return;
+}
+
s390_ipl_reset_request(cs, S390_RESET_PV);
break;
default:
--
2.38.1
[PATCH v2 0/4] s390x/pv: Improve protected VM support
Hello, Here is a little series improving error reporting of protected VMs. Thanks, C. Changes in v2: - dropped ConfidentialGuestSupportClass handler. The check is now done from s390_pv_init() which is called after memory and CPU initialization. This gives us a better chance to tune the limits correctly. - pv_max_cpus now computed from the available size of the response buffer of the Read SCP Info Service Call (Thomas) Cédric Le Goater (4): s390x/pv: Implement a CGS check helper s390x/pv: Check for support on the host s390x/pv: Introduce a s390_pv_check() helper for runtime s390x/pv: Move check on hugepage under s390_pv_guest_check() include/hw/s390x/pv.h | 2 + hw/s390x/pv.c | 86 +++ target/s390x/diag.c | 6 +-- 3 files changed, 91 insertions(+), 3 deletions(-) -- 2.38.1
[PATCH v2 2/4] s390x/pv: Check for support on the host
From: Cédric Le Goater
Support for protected VMs should have been enabled on the host with
the kernel parameter 'prot_virt=1'. If the hardware supports the
feature, it is reflected under sysfs.
Reviewed-by: Thomas Huth
Signed-off-by: Cédric Le Goater
---
hw/s390x/pv.c | 23 ++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 8a1c71436b..d53ef8fd38 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -14,6 +14,7 @@
#include
#include "qapi/error.h"
+#include "qemu/cutils.h"
#include "qemu/error-report.h"
#include "sysemu/kvm.h"
#include "qom/object_interfaces.h"
@@ -280,9 +281,29 @@ static bool s390_pv_check_cpus(Error **errp)
return true;
}
+#define S390_PV_HOST "/sys/firmware/uv/prot_virt_host"
+
+static bool s390_pv_check_host(Error **errp)
+{
+gchar *s = NULL;
+uint64_t pv_host = 0;
+
+if (g_file_get_contents(S390_PV_HOST, , NULL, NULL)) {
+pv_host = g_ascii_strtoull(s, NULL, 10);
+}
+g_free(s);
+
+if (pv_host != 1) {
+error_setg(errp, "Host does not support protected VMs");
+return false;
+}
+
+return true;
+}
+
static bool s390_pv_guest_check(ConfidentialGuestSupport *cgs, Error **errp)
{
-return s390_pv_check_cpus(errp);
+return s390_pv_check_cpus(errp) && s390_pv_check_host(errp);
}
int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
--
2.38.1
[PATCH v2 4/4] s390x/pv: Move check on hugepage under s390_pv_guest_check()
From: Cédric Le Goater
Such conditions on Protected Virtualization can now be checked at init
time.
Reviewed-by: Thomas Huth
Signed-off-by: Cédric Le Goater
---
hw/s390x/pv.c | 14 +-
target/s390x/diag.c | 7 ---
2 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 13c6116076..b8f53a0247 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -301,9 +301,21 @@ static bool s390_pv_check_host(Error **errp)
return true;
}
+static bool s390_pv_check_hpage(Error **errp)
+{
+if (kvm_s390_get_hpage_1m()) {
+error_setg(errp, "Protected VMs can currently not be backed with "
+ "huge pages");
+return false;
+}
+
+return true;
+}
+
static bool s390_pv_guest_check(ConfidentialGuestSupport *cgs, Error **errp)
{
-return s390_pv_check_cpus(errp) && s390_pv_check_host(errp);
+return s390_pv_check_cpus(errp) && s390_pv_check_host(errp) &&
+s390_pv_check_hpage(errp);
}
int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 9b16e25930..28f4350aed 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -170,13 +170,6 @@ out:
return;
}
-if (kvm_enabled() && kvm_s390_get_hpage_1m()) {
-error_report("Protected VMs can currently not be backed with "
- "huge pages");
-env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
-return;
-}
-
if (!s390_pv_check(_err)) {
error_report_err(local_err);
env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
--
2.38.1
[PATCH v2 1/4] s390x/pv: Implement a CGS check helper
From: Cédric Le Goater
When a protected VM is started with the maximum number of CPUs (248),
the service call providing information on the CPUs requires more
buffer space than allocated and QEMU disgracefully aborts :
LOADPARM=[]
Using virtio-blk.
Using SCSI scheme.
...
qemu-system-s390x: KVM_S390_MEM_OP failed: Argument list too long
When protected virtualization is initialized, compute the maximum
number of vCPUs supported by the machine and return useful information
to the user before the machine starts in case of error.
Suggested-by: Thomas Huth
Signed-off-by: Cédric Le Goater
---
hw/s390x/pv.c | 40
1 file changed, 40 insertions(+)
diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 8dfe92d8df..8a1c71436b 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -20,6 +20,7 @@
#include "exec/confidential-guest-support.h"
#include "hw/s390x/ipl.h"
#include "hw/s390x/pv.h"
+#include "hw/s390x/sclp.h"
#include "target/s390x/kvm/kvm_s390x.h"
static bool info_valid;
@@ -249,6 +250,41 @@ struct S390PVGuestClass {
ConfidentialGuestSupportClass parent_class;
};
+/*
+ * If protected virtualization is enabled, the amount of data that the
+ * Read SCP Info Service Call can use is limited to one page. The
+ * available space also depends on the Extended-Length SCCB (ELS)
+ * feature which can take more buffer space to store feature
+ * information. This impacts the maximum number of CPUs supported in
+ * the machine.
+ */
+static uint32_t s390_pv_get_max_cpus(void)
+{
+int offset_cpu = s390_has_feat(S390_FEAT_EXTENDED_LENGTH_SCCB) ?
+offsetof(ReadInfo, entries) : SCLP_READ_SCP_INFO_FIXED_CPU_OFFSET;
+
+return (TARGET_PAGE_SIZE - offset_cpu) / sizeof(CPUEntry);
+}
+
+static bool s390_pv_check_cpus(Error **errp)
+{
+MachineState *ms = MACHINE(qdev_get_machine());
+uint32_t pv_max_cpus = s390_pv_get_max_cpus();
+
+if (ms->smp.max_cpus > pv_max_cpus) {
+error_setg(errp, "Protected VMs support a maximum of %d CPUs",
+ pv_max_cpus);
+return false;
+}
+
+return true;
+}
+
+static bool s390_pv_guest_check(ConfidentialGuestSupport *cgs, Error **errp)
+{
+return s390_pv_check_cpus(errp);
+}
+
int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
{
if (!object_dynamic_cast(OBJECT(cgs), TYPE_S390_PV_GUEST)) {
@@ -261,6 +297,10 @@ int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error
**errp)
return -1;
}
+if (!s390_pv_guest_check(cgs, errp)) {
+return -1;
+}
+
cgs->ready = true;
return 0;
--
2.38.1
Re: [RFC PATCH 13/40] hw/arm/bcm2836: Set mp-affinity property in realize
On 5/1/23 22:48, Philippe Mathieu-Daudé wrote:
On 3/1/23 19:16, Richard Henderson wrote:
There was even a TODO comment that we ought to be using a cpu
property, but we failed to update when the property was added.
Use ARM_AFF1_SHIFT instead of the bare constant 8.
Signed-off-by: Richard Henderson
---
hw/arm/bcm2836.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
index 24354338ca..abbb3689d0 100644
--- a/hw/arm/bcm2836.c
+++ b/hw/arm/bcm2836.c
@@ -130,8 +130,11 @@ static void bcm2836_realize(DeviceState *dev,
Error **errp)
qdev_get_gpio_in_named(DEVICE(>control), "gpu-fiq", 0));
for (n = 0; n < BCM283X_NCPUS; n++) {
- /* TODO: this should be converted to a property of ARM_CPU */
- s->cpu[n].core.mp_affinity = (bc->clusterid << 8) | n;
+ if (!object_property_set_int(OBJECT(>cpu[n].core),
"mp-affinity",
+ (bc->clusterid <<
ARM_AFF1_SHIFT) | n,
+ errp)) {
+ return;
+ }
Eh I have almost the same patch locally:
Yours is better (ARM_AFF1_SHIFT & checks return value).
Cherry-picking your patch I had to add "target/arm/cpu-qom.h" to
avoid:
../hw/arm/bcm2836.c:146:56: error: use of undeclared identifier
'ARM_AFF1_SHIFT'
(bc->clusterid << ARM_AFF1_SHIFT) | n,
^
This definition is not QOM related, I guess I'll move it to
"hw/arm/cpu-defs.h" along with ARM_CPU_vIRQ/FIQ and GTIMER* definitions
from "cpu.h".
Re: [PATCH] .gitlab-ci.d/windows: Do not run the qtests in the msys2-32bit job
On 05/01/2023 22.42, Philippe Mathieu-Daudé wrote: On 5/1/23 21:48, Thomas Huth wrote: The qtests are not stable in the msys2-32bit job yet - especially the test-hmp and the qom-test are failing randomly. Until this is fixed, Who is gonna look after this? It certainly has to be someone who's got a proper Windows installation. I've now tried to debug the failures for two days via the gitlab-CI jobs, and that just does not work. The turnaround times are way to long, and I really cannot waste all my limited CI minutes for such problems. I'm not against this patch, but I'm afraid this config starts to bitrot more. It's not really a big step backward - the qtests have just been enabled there 3 weeks ago (see commit a35e2ee929741fd), so this is just restoring the state from the time before the qtests have been enabled for Windows. > That said, maybe it is time to deprecate the 32-bit > hosts? Certainly fine for me, but that's up to the Windows folks to decide. Maybe you could just suggest a patch to start the discussion? Thomas
Re: [PATCH] semihosting: add O_BINARY flag in host_open for NT compatibility
On 5/1/23 22:19, Evgeny Iakovlev wrote:
Windows open(2) implementations opens files in text mode by default and
needs a Windows-only O_BINARY flag to open files as binary. Qemu already
s/Qemu/QEMU/
knows about that flag in osdep.h, so we can just add it to the
host_flags for better compatibility when running qemu on Windows.
s/qemu/QEMU/
Signed-off-by: Evgeny Iakovlev
---
semihosting/syscalls.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/semihosting/syscalls.c b/semihosting/syscalls.c
index 508a0ad88c..00f77507e5 100644
--- a/semihosting/syscalls.c
+++ b/semihosting/syscalls.c
@@ -278,6 +278,8 @@ static void host_open(CPUState *cs, gdb_syscall_complete_cb
complete,
host_flags |= O_EXCL;
}
+host_flags |= O_BINARY;
+
ret = open(p, host_flags, mode);
if (ret < 0) {
complete(cs, -1, errno);
Alternatively with more churn:
-- >8 --
diff --git a/semihosting/syscalls.c b/semihosting/syscalls.c
index 508a0ad88c..b621d78c2d 100644
--- a/semihosting/syscalls.c
+++ b/semihosting/syscalls.c
@@ -253,7 +253,7 @@ static void host_open(CPUState *cs,
gdb_syscall_complete_cb complete,
{
CPUArchState *env G_GNUC_UNUSED = cs->env_ptr;
char *p;
-int ret, host_flags;
+int ret, host_flags = O_BINARY;
ret = validate_lock_user_string(, cs, fname, fname_len);
if (ret < 0) {
@@ -262,11 +262,11 @@ static void host_open(CPUState *cs,
gdb_syscall_complete_cb complete,
}
if (gdb_flags & GDB_O_WRONLY) {
-host_flags = O_WRONLY;
+host_flags |= O_WRONLY;
} else if (gdb_flags & GDB_O_RDWR) {
-host_flags = O_RDWR;
+host_flags |= O_RDWR;
} else {
-host_flags = O_RDONLY;
+host_flags |= O_RDONLY;
}
if (gdb_flags & GDB_O_CREAT) {
host_flags |= O_CREAT;
---
Reviewed-by: Philippe Mathieu-Daudé
Re: [RFC PATCH 11/40] target/arm: Copy features from ARMCPUClass
On 6/1/23 03:19, Richard Henderson wrote:
On 1/5/23 14:04, Philippe Mathieu-Daudé wrote:
On 3/1/23 19:16, Richard Henderson wrote:
Create a features member in ARMCPUClass and copy to the instance in
arm_cpu_init. Settings of this value will come in a future patch.
Signed-off-by: Richard Henderson
---
target/arm/cpu-qom.h | 18 ++
target/arm/cpu.c | 1 +
2 files changed, 19 insertions(+)
+static inline void unset_class_feature(ARMCPUClass *acc, int feature)
+{
+ acc->features &= ~(1ULL << feature);
+}
These helpers are not used until patch #19 "target/arm: Move most cpu
initialization to the class".
I know, but I thought it clearer to introduce them with the field.
Fine.
Reviewed-by: Philippe Mathieu-Daudé
[PULL 0/3] loongarch-to-apply queue
The following changes since commit d1852caab131ea898134fdcea8c14bc2ee75fbe9: Merge tag 'python-pull-request' of https://gitlab.com/jsnow/qemu into staging (2023-01-05 16:59:22 +) are available in the Git repository at: https://gitlab.com/gaosong/qemu.git pull-loongarch-20230106 for you to fetch changes up to f4d10ce8aa545266a0b6df223a7f8ea2afca18b2: hw/intc/loongarch_pch: Change default irq number of pch irq controller (2023-01-06 14:12:43 +0800) Add irq number property for loongarch pch interrupt controller Tianrui Zhao (3): hw/intc/loongarch_pch_msi: add irq number property hw/intc/loongarch_pch_pic: add irq number property hw/intc/loongarch_pch: Change default irq number of pch irq controller hw/intc/loongarch_pch_msi.c | 29 ++--- hw/intc/loongarch_pch_pic.c | 35 +++ hw/loongarch/virt.c | 19 --- include/hw/intc/loongarch_pch_msi.h | 9 + include/hw/intc/loongarch_pch_pic.h | 6 ++ include/hw/pci-host/ls7a.h | 2 +- 6 files changed, 77 insertions(+), 23 deletions(-)
[PULL 1/3] hw/intc/loongarch_pch_msi: add irq number property
From: Tianrui Zhao
This patch adds irq number property for loongarch msi interrupt
controller, and remove hard coding irq number macro.
Signed-off-by: Tianrui Zhao
Reviewed-by: Philippe Mathieu-Daudé
Message-Id: <20230104020518.2564263-2-zhaotian...@loongson.cn>
Signed-off-by: Song Gao
---
hw/intc/loongarch_pch_msi.c | 29 ++---
hw/loongarch/virt.c | 13 -
include/hw/intc/loongarch_pch_msi.h | 3 ++-
include/hw/pci-host/ls7a.h | 1 -
4 files changed, 36 insertions(+), 10 deletions(-)
diff --git a/hw/intc/loongarch_pch_msi.c b/hw/intc/loongarch_pch_msi.c
index b36d6d76e4..ecf3ed0267 100644
--- a/hw/intc/loongarch_pch_msi.c
+++ b/hw/intc/loongarch_pch_msi.c
@@ -32,7 +32,7 @@ static void loongarch_msi_mem_write(void *opaque, hwaddr addr,
*/
irq_num = (val & 0xff) - s->irq_base;
trace_loongarch_msi_set_irq(irq_num);
-assert(irq_num < PCH_MSI_IRQ_NUM);
+assert(irq_num < s->irq_num);
qemu_set_irq(s->pch_msi_irq[irq_num], 1);
}
@@ -49,6 +49,28 @@ static void pch_msi_irq_handler(void *opaque, int irq, int
level)
qemu_set_irq(s->pch_msi_irq[irq], level);
}
+static void loongarch_pch_msi_realize(DeviceState *dev, Error **errp)
+{
+LoongArchPCHMSI *s = LOONGARCH_PCH_MSI(dev);
+
+if (!s->irq_num || s->irq_num > PCH_MSI_IRQ_NUM) {
+error_setg(errp, "Invalid 'msi_irq_num'");
+return;
+}
+
+s->pch_msi_irq = g_new(qemu_irq, s->irq_num);
+
+qdev_init_gpio_out(dev, s->pch_msi_irq, s->irq_num);
+qdev_init_gpio_in(dev, pch_msi_irq_handler, s->irq_num);
+}
+
+static void loongarch_pch_msi_unrealize(DeviceState *dev)
+{
+LoongArchPCHMSI *s = LOONGARCH_PCH_MSI(dev);
+
+g_free(s->pch_msi_irq);
+}
+
static void loongarch_pch_msi_init(Object *obj)
{
LoongArchPCHMSI *s = LOONGARCH_PCH_MSI(obj);
@@ -59,12 +81,11 @@ static void loongarch_pch_msi_init(Object *obj)
sysbus_init_mmio(sbd, >msi_mmio);
msi_nonbroken = true;
-qdev_init_gpio_out(DEVICE(obj), s->pch_msi_irq, PCH_MSI_IRQ_NUM);
-qdev_init_gpio_in(DEVICE(obj), pch_msi_irq_handler, PCH_MSI_IRQ_NUM);
}
static Property loongarch_msi_properties[] = {
DEFINE_PROP_UINT32("msi_irq_base", LoongArchPCHMSI, irq_base, 0),
+DEFINE_PROP_UINT32("msi_irq_num", LoongArchPCHMSI, irq_num, 0),
DEFINE_PROP_END_OF_LIST(),
};
@@ -72,6 +93,8 @@ static void loongarch_pch_msi_class_init(ObjectClass *klass,
void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
+dc->realize = loongarch_pch_msi_realize;
+dc->unrealize = loongarch_pch_msi_unrealize;
device_class_set_props(dc, loongarch_msi_properties);
}
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index c8a495ea30..82b2fb6a10 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -553,7 +553,7 @@ static void loongarch_irq_init(LoongArchMachineState *lams)
LoongArchCPU *lacpu;
CPULoongArchState *env;
CPUState *cpu_state;
-int cpu, pin, i;
+int cpu, pin, i, start, num;
ipi = qdev_new(TYPE_LOONGARCH_IPI);
sysbus_realize_and_unref(SYS_BUS_DEVICE(ipi), _fatal);
@@ -633,14 +633,17 @@ static void loongarch_irq_init(LoongArchMachineState
*lams)
}
pch_msi = qdev_new(TYPE_LOONGARCH_PCH_MSI);
-qdev_prop_set_uint32(pch_msi, "msi_irq_base", PCH_MSI_IRQ_START);
+start = PCH_PIC_IRQ_NUM;
+num = EXTIOI_IRQS - start;
+qdev_prop_set_uint32(pch_msi, "msi_irq_base", start);
+qdev_prop_set_uint32(pch_msi, "msi_irq_num", num);
d = SYS_BUS_DEVICE(pch_msi);
sysbus_realize_and_unref(d, _fatal);
sysbus_mmio_map(d, 0, VIRT_PCH_MSI_ADDR_LOW);
-for (i = 0; i < PCH_MSI_IRQ_NUM; i++) {
-/* Connect 192 pch_msi irqs to extioi */
+for (i = 0; i < num; i++) {
+/* Connect pch_msi irqs to extioi */
qdev_connect_gpio_out(DEVICE(d), i,
- qdev_get_gpio_in(extioi, i + PCH_MSI_IRQ_START));
+ qdev_get_gpio_in(extioi, i + start));
}
loongarch_devices_init(pch_pic, lams);
diff --git a/include/hw/intc/loongarch_pch_msi.h
b/include/hw/intc/loongarch_pch_msi.h
index 6d67560dea..c5a52bc327 100644
--- a/include/hw/intc/loongarch_pch_msi.h
+++ b/include/hw/intc/loongarch_pch_msi.h
@@ -15,8 +15,9 @@ OBJECT_DECLARE_SIMPLE_TYPE(LoongArchPCHMSI, LOONGARCH_PCH_MSI)
struct LoongArchPCHMSI {
SysBusDevice parent_obj;
-qemu_irq pch_msi_irq[PCH_MSI_IRQ_NUM];
+qemu_irq *pch_msi_irq;
MemoryRegion msi_mmio;
/* irq base passed to upper extioi intc */
unsigned int irq_base;
+unsigned int irq_num;
};
diff --git a/include/hw/pci-host/ls7a.h b/include/hw/pci-host/ls7a.h
index df7fa55a30..6443327bd7 100644
--- a/include/hw/pci-host/ls7a.h
+++ b/include/hw/pci-host/ls7a.h
@@ -34,7 +34,6 @@
*/
#define PCH_PIC_IRQ_OFFSET 64
#define VIRT_DEVICE_IRQS 16
-#define VIRT_PCI_IRQS48
#define VIRT_UART_IRQ
[PULL 3/3] hw/intc/loongarch_pch: Change default irq number of pch irq controller
From: Tianrui Zhao
Change the default irq number of pch pic to 32, so that the irq
number of pch msi is 224(256 - 32), and move the 'PCH_PIC_IRQ_NUM'
macro to pci-host/ls7a.h and add prefix 'VIRT' on it to keep standard
format.
Signed-off-by: Tianrui Zhao
Reviewed-by: Philippe Mathieu-Daudé
Message-Id: <20230104020518.2564263-4-zhaotian...@loongson.cn>
Signed-off-by: Song Gao
---
hw/intc/loongarch_pch_pic.c | 3 ++-
hw/loongarch/virt.c | 2 +-
include/hw/intc/loongarch_pch_msi.h | 6 +++---
include/hw/intc/loongarch_pch_pic.h | 1 -
include/hw/pci-host/ls7a.h | 1 +
5 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
index 33966e7bac..9208fc4460 100644
--- a/hw/intc/loongarch_pch_pic.c
+++ b/hw/intc/loongarch_pch_pic.c
@@ -9,6 +9,7 @@
#include "qemu/bitops.h"
#include "hw/sysbus.h"
#include "hw/loongarch/virt.h"
+#include "hw/pci-host/ls7a.h"
#include "hw/irq.h"
#include "hw/intc/loongarch_pch_pic.h"
#include "hw/qdev-properties.h"
@@ -377,7 +378,7 @@ static void loongarch_pch_pic_realize(DeviceState *dev,
Error **errp)
{
LoongArchPCHPIC *s = LOONGARCH_PCH_PIC(dev);
-if (!s->irq_num || s->irq_num > PCH_PIC_IRQ_NUM) {
+if (!s->irq_num || s->irq_num > VIRT_PCH_PIC_IRQ_NUM) {
error_setg(errp, "Invalid 'pic_irq_num'");
return;
}
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 35d4bce3b3..66be925068 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -616,7 +616,7 @@ static void loongarch_irq_init(LoongArchMachineState *lams)
}
pch_pic = qdev_new(TYPE_LOONGARCH_PCH_PIC);
-num = PCH_PIC_IRQ_NUM;
+num = VIRT_PCH_PIC_IRQ_NUM;
qdev_prop_set_uint32(pch_pic, "pch_pic_irq_num", num);
d = SYS_BUS_DEVICE(pch_pic);
sysbus_realize_and_unref(d, _fatal);
diff --git a/include/hw/intc/loongarch_pch_msi.h
b/include/hw/intc/loongarch_pch_msi.h
index c5a52bc327..832e69fa32 100644
--- a/include/hw/intc/loongarch_pch_msi.h
+++ b/include/hw/intc/loongarch_pch_msi.h
@@ -8,10 +8,10 @@
#define TYPE_LOONGARCH_PCH_MSI "loongarch_pch_msi"
OBJECT_DECLARE_SIMPLE_TYPE(LoongArchPCHMSI, LOONGARCH_PCH_MSI)
-/* Msi irq start start from 64 to 255 */
-#define PCH_MSI_IRQ_START 64
+/* MSI irq start from 32 to 255 */
+#define PCH_MSI_IRQ_START 32
#define PCH_MSI_IRQ_END 255
-#define PCH_MSI_IRQ_NUM 192
+#define PCH_MSI_IRQ_NUM 224
struct LoongArchPCHMSI {
SysBusDevice parent_obj;
diff --git a/include/hw/intc/loongarch_pch_pic.h
b/include/hw/intc/loongarch_pch_pic.h
index efae5fa8e9..258e3b3294 100644
--- a/include/hw/intc/loongarch_pch_pic.h
+++ b/include/hw/intc/loongarch_pch_pic.h
@@ -9,7 +9,6 @@
#define PCH_PIC_NAME(name) TYPE_LOONGARCH_PCH_PIC#name
OBJECT_DECLARE_SIMPLE_TYPE(LoongArchPCHPIC, LOONGARCH_PCH_PIC)
-#define PCH_PIC_IRQ_NUM 64
#define PCH_PIC_INT_ID_VAL 0x700UL
#define PCH_PIC_INT_ID_VER 0x1UL
diff --git a/include/hw/pci-host/ls7a.h b/include/hw/pci-host/ls7a.h
index 6443327bd7..8061c4bbbf 100644
--- a/include/hw/pci-host/ls7a.h
+++ b/include/hw/pci-host/ls7a.h
@@ -32,6 +32,7 @@
* 0 ~ 16 irqs used for non-pci device while 16 ~ 64 irqs
* used for pci device.
*/
+#define VIRT_PCH_PIC_IRQ_NUM 32
#define PCH_PIC_IRQ_OFFSET 64
#define VIRT_DEVICE_IRQS 16
#define VIRT_UART_IRQ(PCH_PIC_IRQ_OFFSET + 2)
--
2.31.1
[PULL 2/3] hw/intc/loongarch_pch_pic: add irq number property
From: Tianrui Zhao
With loongarch 7A1000 manual, irq number supported can be set
in PCH_PIC_INT_ID_HI register. This patch adds irq number property
for loongarch_pch_pic, so that virt machine can set different
irq number when pch_pic intc is added.
Signed-off-by: Tianrui Zhao
Reviewed-by: Song Gao
Message-Id: <20230104020518.2564263-3-zhaotian...@loongson.cn>
Signed-off-by: Song Gao
---
hw/intc/loongarch_pch_pic.c | 34 +
hw/loongarch/virt.c | 8 ---
include/hw/intc/loongarch_pch_pic.h | 5 ++---
3 files changed, 37 insertions(+), 10 deletions(-)
diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
index 3380b09807..33966e7bac 100644
--- a/hw/intc/loongarch_pch_pic.c
+++ b/hw/intc/loongarch_pch_pic.c
@@ -6,12 +6,15 @@
*/
#include "qemu/osdep.h"
+#include "qemu/bitops.h"
#include "hw/sysbus.h"
#include "hw/loongarch/virt.h"
#include "hw/irq.h"
#include "hw/intc/loongarch_pch_pic.h"
+#include "hw/qdev-properties.h"
#include "migration/vmstate.h"
#include "trace.h"
+#include "qapi/error.h"
static void pch_pic_update_irq(LoongArchPCHPIC *s, uint64_t mask, int level)
{
@@ -40,7 +43,7 @@ static void pch_pic_irq_handler(void *opaque, int irq, int
level)
LoongArchPCHPIC *s = LOONGARCH_PCH_PIC(opaque);
uint64_t mask = 1ULL << irq;
-assert(irq < PCH_PIC_IRQ_NUM);
+assert(irq < s->irq_num);
trace_loongarch_pch_pic_irq_handler(irq, level);
if (s->intedge & mask) {
@@ -78,7 +81,12 @@ static uint64_t loongarch_pch_pic_low_readw(void *opaque,
hwaddr addr,
val = PCH_PIC_INT_ID_VAL;
break;
case PCH_PIC_INT_ID_HI:
-val = PCH_PIC_INT_ID_NUM;
+/*
+ * With 7A1000 manual
+ * bit 0-15 pch irqchip version
+ * bit 16-31 irq number supported with pch irqchip
+ */
+val = deposit32(PCH_PIC_INT_ID_VER, 16, 16, s->irq_num - 1);
break;
case PCH_PIC_INT_MASK_LO:
val = (uint32_t)s->int_mask;
@@ -365,6 +373,19 @@ static void loongarch_pch_pic_reset(DeviceState *d)
s->int_polarity = 0x0;
}
+static void loongarch_pch_pic_realize(DeviceState *dev, Error **errp)
+{
+LoongArchPCHPIC *s = LOONGARCH_PCH_PIC(dev);
+
+if (!s->irq_num || s->irq_num > PCH_PIC_IRQ_NUM) {
+error_setg(errp, "Invalid 'pic_irq_num'");
+return;
+}
+
+qdev_init_gpio_out(dev, s->parent_irq, s->irq_num);
+qdev_init_gpio_in(dev, pch_pic_irq_handler, s->irq_num);
+}
+
static void loongarch_pch_pic_init(Object *obj)
{
LoongArchPCHPIC *s = LOONGARCH_PCH_PIC(obj);
@@ -382,10 +403,13 @@ static void loongarch_pch_pic_init(Object *obj)
sysbus_init_mmio(sbd, >iomem8);
sysbus_init_mmio(sbd, >iomem32_high);
-qdev_init_gpio_out(DEVICE(obj), s->parent_irq, PCH_PIC_IRQ_NUM);
-qdev_init_gpio_in(DEVICE(obj), pch_pic_irq_handler, PCH_PIC_IRQ_NUM);
}
+static Property loongarch_pch_pic_properties[] = {
+DEFINE_PROP_UINT32("pch_pic_irq_num", LoongArchPCHPIC, irq_num, 0),
+DEFINE_PROP_END_OF_LIST(),
+};
+
static const VMStateDescription vmstate_loongarch_pch_pic = {
.name = TYPE_LOONGARCH_PCH_PIC,
.version_id = 1,
@@ -411,8 +435,10 @@ static void loongarch_pch_pic_class_init(ObjectClass
*klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
+dc->realize = loongarch_pch_pic_realize;
dc->reset = loongarch_pch_pic_reset;
dc->vmsd = _loongarch_pch_pic;
+device_class_set_props(dc, loongarch_pch_pic_properties);
}
static const TypeInfo loongarch_pch_pic_info = {
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 82b2fb6a10..35d4bce3b3 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -616,6 +616,8 @@ static void loongarch_irq_init(LoongArchMachineState *lams)
}
pch_pic = qdev_new(TYPE_LOONGARCH_PCH_PIC);
+num = PCH_PIC_IRQ_NUM;
+qdev_prop_set_uint32(pch_pic, "pch_pic_irq_num", num);
d = SYS_BUS_DEVICE(pch_pic);
sysbus_realize_and_unref(d, _fatal);
memory_region_add_subregion(get_system_memory(), VIRT_IOAPIC_REG_BASE,
@@ -627,13 +629,13 @@ static void loongarch_irq_init(LoongArchMachineState
*lams)
VIRT_IOAPIC_REG_BASE + PCH_PIC_INT_STATUS_LO,
sysbus_mmio_get_region(d, 2));
-/* Connect 64 pch_pic irqs to extioi */
-for (int i = 0; i < PCH_PIC_IRQ_NUM; i++) {
+/* Connect pch_pic irqs to extioi */
+for (int i = 0; i < num; i++) {
qdev_connect_gpio_out(DEVICE(d), i, qdev_get_gpio_in(extioi, i));
}
pch_msi = qdev_new(TYPE_LOONGARCH_PCH_MSI);
-start = PCH_PIC_IRQ_NUM;
+start = num;
num = EXTIOI_IRQS - start;
qdev_prop_set_uint32(pch_msi, "msi_irq_base", start);
qdev_prop_set_uint32(pch_msi, "msi_irq_num", num);
diff --git a/include/hw/intc/loongarch_pch_pic.h
b/include/hw/intc/loongarch_pch_pic.h
index 2d4aa9ed6f..efae5fa8e9 100644
---
Re: [PATCH v10 9/9] KVM: Enable and expose KVM_MEM_PRIVATE
On Thu, Jan 05, 2023 at 12:38:30PM -0800, Vishal Annapurve wrote:
> On Thu, Dec 1, 2022 at 10:20 PM Chao Peng wrote:
> >
> > +#ifdef CONFIG_HAVE_KVM_RESTRICTED_MEM
> > +static bool restrictedmem_range_is_valid(struct kvm_memory_slot *slot,
> > +pgoff_t start, pgoff_t end,
> > +gfn_t *gfn_start, gfn_t *gfn_end)
> > +{
> > + unsigned long base_pgoff = slot->restricted_offset >> PAGE_SHIFT;
> > +
> > + if (start > base_pgoff)
> > + *gfn_start = slot->base_gfn + start - base_pgoff;
>
> There should be a check for overflow here in case start is a very big
> value. Additional check can look like:
> if (start >= base_pgoff + slot->npages)
>return false;
>
> > + else
> > + *gfn_start = slot->base_gfn;
> > +
> > + if (end < base_pgoff + slot->npages)
> > + *gfn_end = slot->base_gfn + end - base_pgoff;
>
> If "end" is smaller than base_pgoff, this can cause overflow and
> return the range as valid. There should be additional check:
> if (end < base_pgoff)
> return false;
Thanks! Both are good catches. The improved code:
static bool restrictedmem_range_is_valid(struct kvm_memory_slot *slot,
pgoff_t start, pgoff_t end,
gfn_t *gfn_start, gfn_t *gfn_end)
{
unsigned long base_pgoff = slot->restricted_offset >> PAGE_SHIFT;
if (start >= base_pgoff + slot->npages)
return false;
else if (start <= base_pgoff)
*gfn_start = slot->base_gfn;
else
*gfn_start = start - base_pgoff + slot->base_gfn;
if (end <= base_pgoff)
return false;
else if (end >= base_pgoff + slot->npages)
*gfn_end = slot->base_gfn + slot->npages;
else
*gfn_end = end - base_pgoff + slot->base_gfn;
if (*gfn_start >= *gfn_end)
return false;
return true;
}
Thanks,
Chao
>
>
> > + else
> > + *gfn_end = slot->base_gfn + slot->npages;
> > +
> > + if (*gfn_start >= *gfn_end)
> > + return false;
> > +
> > + return true;
> > +}
> > +
[PULL v2 47/47] tests/tcg/multiarch: add vma-pthread.c
From: Ilya Leoshkevich
Add a test that locklessly changes and exercises page protection bits
from various threads. This helps catch race conditions in the VMA
handling.
Acked-by: Alex Bennée
Signed-off-by: Ilya Leoshkevich
Message-Id: <20221223120252.513319-1-...@linux.ibm.com>
Signed-off-by: Richard Henderson
---
tests/tcg/multiarch/nop_func.h | 25
tests/tcg/multiarch/munmap-pthread.c | 16 +--
tests/tcg/multiarch/vma-pthread.c| 207 +++
tests/tcg/multiarch/Makefile.target | 3 +
4 files changed, 236 insertions(+), 15 deletions(-)
create mode 100644 tests/tcg/multiarch/nop_func.h
create mode 100644 tests/tcg/multiarch/vma-pthread.c
diff --git a/tests/tcg/multiarch/nop_func.h b/tests/tcg/multiarch/nop_func.h
new file mode 100644
index 00..f714d21000
--- /dev/null
+++ b/tests/tcg/multiarch/nop_func.h
@@ -0,0 +1,25 @@
+/*
+ * No-op functions that can be safely copied.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef NOP_FUNC_H
+#define NOP_FUNC_H
+
+static const char nop_func[] = {
+#if defined(__aarch64__)
+0xc0, 0x03, 0x5f, 0xd6, /* ret */
+#elif defined(__alpha__)
+0x01, 0x80, 0xFA, 0x6B, /* ret */
+#elif defined(__arm__)
+0x1e, 0xff, 0x2f, 0xe1, /* bx lr */
+#elif defined(__riscv)
+0x67, 0x80, 0x00, 0x00, /* ret */
+#elif defined(__s390__)
+0x07, 0xfe, /* br %r14 */
+#elif defined(__i386__) || defined(__x86_64__)
+0xc3, /* ret */
+#endif
+};
+
+#endif
diff --git a/tests/tcg/multiarch/munmap-pthread.c
b/tests/tcg/multiarch/munmap-pthread.c
index d7143b00d5..1c79005846 100644
--- a/tests/tcg/multiarch/munmap-pthread.c
+++ b/tests/tcg/multiarch/munmap-pthread.c
@@ -7,21 +7,7 @@
#include
#include
-static const char nop_func[] = {
-#if defined(__aarch64__)
-0xc0, 0x03, 0x5f, 0xd6, /* ret */
-#elif defined(__alpha__)
-0x01, 0x80, 0xFA, 0x6B, /* ret */
-#elif defined(__arm__)
-0x1e, 0xff, 0x2f, 0xe1, /* bx lr */
-#elif defined(__riscv)
-0x67, 0x80, 0x00, 0x00, /* ret */
-#elif defined(__s390__)
-0x07, 0xfe, /* br %r14 */
-#elif defined(__i386__) || defined(__x86_64__)
-0xc3, /* ret */
-#endif
-};
+#include "nop_func.h"
static void *thread_mmap_munmap(void *arg)
{
diff --git a/tests/tcg/multiarch/vma-pthread.c
b/tests/tcg/multiarch/vma-pthread.c
new file mode 100644
index 00..7045da08fc
--- /dev/null
+++ b/tests/tcg/multiarch/vma-pthread.c
@@ -0,0 +1,207 @@
+/*
+ * Test that VMA updates do not race.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Map a contiguous chunk of RWX memory. Split it into 8 equally sized
+ * regions, each of which is guaranteed to have a certain combination of
+ * protection bits set.
+ *
+ * Reader, writer and executor threads perform the respective operations on
+ * pages, which are guaranteed to have the respective protection bit set.
+ * Two mutator threads change the non-fixed protection bits randomly.
+ */
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "nop_func.h"
+
+#define PAGE_IDX_BITS 10
+#define PAGE_COUNT (1 << PAGE_IDX_BITS)
+#define PAGE_IDX_MASK (PAGE_COUNT - 1)
+#define REGION_IDX_BITS 3
+#define PAGE_IDX_R_MASK (1 << 7)
+#define PAGE_IDX_W_MASK (1 << 8)
+#define PAGE_IDX_X_MASK (1 << 9)
+#define REGION_MASK (PAGE_IDX_R_MASK | PAGE_IDX_W_MASK | PAGE_IDX_X_MASK)
+#define PAGES_PER_REGION (1 << (PAGE_IDX_BITS - REGION_IDX_BITS))
+
+struct context {
+int pagesize;
+char *ptr;
+int dev_null_fd;
+volatile int mutator_count;
+};
+
+static void *thread_read(void *arg)
+{
+struct context *ctx = arg;
+ssize_t sret;
+size_t i, j;
+int ret;
+
+for (i = 0; ctx->mutator_count; i++) {
+char *p;
+
+j = (i & PAGE_IDX_MASK) | PAGE_IDX_R_MASK;
+p = >ptr[j * ctx->pagesize];
+
+/* Read directly. */
+ret = memcmp(p, nop_func, sizeof(nop_func));
+if (ret != 0) {
+fprintf(stderr, "fail direct read %p\n", p);
+abort();
+}
+
+/* Read indirectly. */
+sret = write(ctx->dev_null_fd, p, 1);
+if (sret != 1) {
+if (sret < 0) {
+fprintf(stderr, "fail indirect read %p (%m)\n", p);
+} else {
+fprintf(stderr, "fail indirect read %p (%zd)\n", p, sret);
+}
+abort();
+}
+}
+
+return NULL;
+}
+
+static void *thread_write(void *arg)
+{
+struct context *ctx = arg;
+struct timespec *ts;
+size_t i, j;
+int ret;
+
+for (i = 0; ctx->mutator_count; i++) {
+j = (i & PAGE_IDX_MASK) | PAGE_IDX_W_MASK;
+
+/* Write directly. */
+memcpy(>ptr[j * ctx->pagesize], nop_func, sizeof(nop_func));
+
+/* Write using a syscall. */
+ts = (struct timespec *)(>ptr[(j + 1) * ctx->pagesize] -
+
[PULL v3 40/43] hw/riscv: virt: Fix the value of "riscv, ndev" in the dtb
From: Bin Meng
Commit 28d8c281200f ("hw/riscv: virt: Add optional AIA IMSIC support to virt
machine")
changed the value of VIRT_IRQCHIP_NUM_SOURCES from 127 to 53, which
is VIRTIO_NDEV and also used as the value of "riscv,ndev" property
in the dtb. Unfortunately this is wrong as VIRT_IRQCHIP_NUM_SOURCES
should include interrupt source 0 but "riscv,ndev" does not.
While we are here, we also fix the comments of platform bus irq range
which is now "64 to 96", but should be "64 to 95", introduced since
commit 1832b7cb3f64 ("hw/riscv: virt: Create a platform bus").
Fixes: 28d8c281200f ("hw/riscv: virt: Add optional AIA IMSIC support to virt
machine")
Signed-off-by: Bin Meng
Reviewed-by: Alistair Francis
Message-Id: <20221211030829.802437-13-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
include/hw/riscv/virt.h | 5 ++---
hw/riscv/virt.c | 3 ++-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/hw/riscv/virt.h b/include/hw/riscv/virt.h
index 62513e075c..e1ce0048af 100644
--- a/include/hw/riscv/virt.h
+++ b/include/hw/riscv/virt.h
@@ -87,14 +87,13 @@ enum {
VIRTIO_IRQ = 1, /* 1 to 8 */
VIRTIO_COUNT = 8,
PCIE_IRQ = 0x20, /* 32 to 35 */
-VIRT_PLATFORM_BUS_IRQ = 64, /* 64 to 96 */
-VIRTIO_NDEV = 96 /* Arbitrary maximum number of interrupts */
+VIRT_PLATFORM_BUS_IRQ = 64, /* 64 to 95 */
};
#define VIRT_PLATFORM_BUS_NUM_IRQS 32
#define VIRT_IRQCHIP_NUM_MSIS 255
-#define VIRT_IRQCHIP_NUM_SOURCES VIRTIO_NDEV
+#define VIRT_IRQCHIP_NUM_SOURCES 96
#define VIRT_IRQCHIP_NUM_PRIO_BITS 3
#define VIRT_IRQCHIP_MAX_GUESTS_BITS 3
#define VIRT_IRQCHIP_MAX_GUESTS ((1U << VIRT_IRQCHIP_MAX_GUESTS_BITS) - 1U)
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 6cf9355b99..94ff2a1584 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -468,7 +468,8 @@ static void create_fdt_socket_plic(RISCVVirtState *s,
plic_cells, s->soc[socket].num_harts * sizeof(uint32_t) * 4);
qemu_fdt_setprop_cells(mc->fdt, plic_name, "reg",
0x0, plic_addr, 0x0, memmap[VIRT_PLIC].size);
-qemu_fdt_setprop_cell(mc->fdt, plic_name, "riscv,ndev", VIRTIO_NDEV);
+qemu_fdt_setprop_cell(mc->fdt, plic_name, "riscv,ndev",
+ VIRT_IRQCHIP_NUM_SOURCES - 1);
riscv_socket_fdt_write_id(mc, mc->fdt, plic_name, socket);
qemu_fdt_setprop_cell(mc->fdt, plic_name, "phandle",
plic_phandles[socket]);
--
2.39.0
[PULL v3 43/43] hw/intc: sifive_plic: Fix the pending register range check
From: Bin Meng
The pending register upper limit is currently set to
plic->num_sources >> 3, which is wrong, e.g.: considering
plic->num_sources is 7, the upper limit becomes 0 which fails
the range check if reading the pending register at pending_base.
Fixes: 1e24429e40df ("SiFive RISC-V PLIC Block")
Signed-off-by: Bin Meng
Reviewed-by: Alistair Francis
Message-Id: <20221211030829.802437-16-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
hw/intc/sifive_plic.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index 1a792cc3f5..5522ede2cf 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -143,7 +143,8 @@ static uint64_t sifive_plic_read(void *opaque, hwaddr addr,
unsigned size)
uint32_t irq = (addr - plic->priority_base) >> 2;
return plic->source_priority[irq];
-} else if (addr_between(addr, plic->pending_base, plic->num_sources >> 3))
{
+} else if (addr_between(addr, plic->pending_base,
+(plic->num_sources + 31) >> 3)) {
uint32_t word = (addr - plic->pending_base) >> 2;
return plic->pending[word];
@@ -202,7 +203,7 @@ static void sifive_plic_write(void *opaque, hwaddr addr,
uint64_t value,
sifive_plic_update(plic);
}
} else if (addr_between(addr, plic->pending_base,
-plic->num_sources >> 3)) {
+(plic->num_sources + 31) >> 3)) {
qemu_log_mask(LOG_GUEST_ERROR,
"%s: invalid pending write: 0x%" HWADDR_PRIx "",
__func__, addr);
--
2.39.0
[PULL v3 35/43] hw/intc: sifive_plic: Use error_setg() to propagate the error up via errp in sifive_plic_realize()
From: Bin Meng
The realize() callback has an errp for us to propagate the error up.
While we are here, correct the wrong multi-line comment format.
Signed-off-by: Bin Meng
Reviewed-by: Alistair Francis
Reviewed-by: Philippe Mathieu-Daudé
Message-Id: <20221211030829.802437-8-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
hw/intc/sifive_plic.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index c9af94a888..9cb4c6d6d4 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -379,7 +379,8 @@ static void sifive_plic_realize(DeviceState *dev, Error
**errp)
s->m_external_irqs = g_malloc(sizeof(qemu_irq) * s->num_harts);
qdev_init_gpio_out(dev, s->m_external_irqs, s->num_harts);
-/* We can't allow the supervisor to control SEIP as this would allow the
+/*
+ * We can't allow the supervisor to control SEIP as this would allow the
* supervisor to clear a pending external interrupt which will result in
* lost a interrupt in the case a PLIC is attached. The SEIP bit must be
* hardware controlled when a PLIC is attached.
@@ -387,8 +388,8 @@ static void sifive_plic_realize(DeviceState *dev, Error
**errp)
for (i = 0; i < s->num_harts; i++) {
RISCVCPU *cpu = RISCV_CPU(qemu_get_cpu(s->hartid_base + i));
if (riscv_cpu_claim_interrupts(cpu, MIP_SEIP) < 0) {
-error_report("SEIP already claimed");
-exit(1);
+error_setg(errp, "SEIP already claimed");
+return;
}
}
--
2.39.0
[PULL v2 00/47] tcg misc queue
Changes in patch 47, to reduce execution time with --enable-debug.
Changes in patch 19, to fix an i386 specific register allocation failure.
r~
The following changes since commit cb9c6a8e5ad6a1f0ce164d352e3102df46986e22:
.gitlab-ci.d/windows: Work-around timeout and OpenGL problems of the MSYS2
jobs (2023-01-04 18:58:33 +)
are available in the Git repository at:
https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20230105
for you to fetch changes up to d4846c33ebe04d2141dcc613b5558d2f1d8077af:
tests/tcg/multiarch: add vma-pthread.c (2023-01-05 11:41:29 -0800)
Fix race conditions in new user-only vma tracking.
Add tcg backend paired register allocation.
Cleanup tcg backend function call abi.
Ilya Leoshkevich (1):
tests/tcg/multiarch: add vma-pthread.c
Mark Cave-Ayland (1):
tcg: convert tcg/README to rst
Philippe Mathieu-Daudé (5):
tcg/s390x: Fix coding style
tcg: Massage process_op_defs()
tcg: Pass number of arguments to tcg_emit_op() / tcg_op_insert_*()
tcg: Convert typecode_to_ffi from array to function
tcg: Factor init_ffi_layouts() out of tcg_context_init()
Richard Henderson (40):
meson: Move CONFIG_TCG_INTERPRETER to config_host
tcg: Cleanup trailing whitespace
qemu/main-loop: Introduce QEMU_IOTHREAD_LOCK_GUARD
hw/mips: Use QEMU_IOTHREAD_LOCK_GUARD in cpu_mips_irq_request
target/ppc: Use QEMU_IOTHREAD_LOCK_GUARD in ppc_maybe_interrupt
target/ppc: Use QEMU_IOTHREAD_LOCK_GUARD in cpu_interrupt_exittb
target/riscv: Use QEMU_IOTHREAD_LOCK_GUARD in riscv_cpu_update_mip
hw/ppc: Use QEMU_IOTHREAD_LOCK_GUARD in ppc_set_irq
accel/tcg: Use QEMU_IOTHREAD_LOCK_GUARD in io_readx/io_writex
tcg: Tidy tcg_reg_alloc_op
tcg: Remove TCG_TARGET_STACK_GROWSUP
tci: MAX_OPC_PARAM_IARGS is no longer used
tcg: Fix tcg_reg_alloc_dup*
tcg: Centralize updates to reg_to_temp
tcg: Remove check_regs
tcg: Introduce paired register allocation
accel/tcg: Set cflags_next_tb in cpu_common_initfn
target/sparc: Avoid TCGV_{LOW,HIGH}
tcg: Move TCG_{LOW,HIGH} to tcg-internal.h
tcg: Add temp_subindex to TCGTemp
tcg: Simplify calls to temp_sync vs mem_coherent
tcg: Allocate TCGTemp pairs in host memory order
tcg: Move TCG_TYPE_COUNT outside enum
tcg: Introduce tcg_type_size
tcg: Introduce TCGCallReturnKind and TCGCallArgumentKind
tcg: Replace TCG_TARGET_CALL_ALIGN_ARGS with TCG_TARGET_CALL_ARG_I64
tcg: Replace TCG_TARGET_EXTEND_ARGS with TCG_TARGET_CALL_ARG_I32
tcg: Use TCG_CALL_ARG_EVEN for TCI special case
accel/tcg/plugin: Don't search for the function pointer index
accel/tcg/plugin: Avoid duplicate copy in copy_call
accel/tcg/plugin: Use copy_op in append_{udata,mem}_cb
tcg: Vary the allocation size for TCGOp
tcg: Use output_pref wrapper function
tcg: Reorg function calls
tcg: Move ffi_cif pointer into TCGHelperInfo
tcg/aarch64: Merge tcg_out_callr into tcg_out_call
tcg: Add TCGHelperInfo argument to tcg_out_call
accel/tcg: Fix tb_invalidate_phys_page_unwind
accel/tcg: Use g_free_rcu for user-exec interval trees
accel/tcg: Handle false negative lookup in page_check_range
include/exec/helper-head.h |2 +-
include/qemu/main-loop.h | 29 +
include/tcg/tcg-op.h | 35 +-
include/tcg/tcg.h| 96 +-
tcg/aarch64/tcg-target.h |4 +-
tcg/arm/tcg-target.h |4 +-
tcg/i386/tcg-target.h|2 +
tcg/loongarch64/tcg-target.h |3 +-
tcg/mips/tcg-target.h|4 +-
tcg/riscv/tcg-target.h |7 +-
tcg/s390x/tcg-target.h |3 +-
tcg/sparc64/tcg-target.h |3 +-
tcg/tcg-internal.h | 58 +-
tcg/tci/tcg-target.h |7 +
tests/tcg/multiarch/nop_func.h | 25 +
accel/tcg/cputlb.c | 25 +-
accel/tcg/plugin-gen.c | 54 +-
accel/tcg/tb-maint.c | 78 +-
accel/tcg/user-exec.c| 59 +-
hw/core/cpu-common.c |1 +
hw/mips/mips_int.c | 11 +-
hw/ppc/ppc.c | 10 +-
target/ppc/excp_helper.c | 11 +-
target/ppc/helper_regs.c | 14 +-
target/riscv/cpu_helper.c| 10 +-
target/sparc/translate.c | 21 +-
tcg/optimize.c | 10 +-
tcg/tcg-op-vec.c | 10 +-
tcg/tcg-op.c | 49 +-
tcg/tcg.c| 1663 +-
tcg/tci.c|1 -
tests/tcg/multiarch/munmap-pthread.c | 16 +-
tests
[PULL v3 27/43] RISC-V: Add Zawrs ISA extension support
From: Christoph Muellner
This patch adds support for the Zawrs ISA extension.
Given the current (incomplete) implementation of reservation sets
there seems to be no way to provide a full emulation of the WRS
instruction (wake on reservation set invalidation or timeout or
interrupt). Therefore, we just exit the TB and return to the main loop.
The specification can be found here:
https://github.com/riscv/riscv-zawrs/blob/main/zawrs.adoc
Note, that the Zawrs extension is frozen, but not ratified yet.
Changes since v3:
* Remove "RFC" since the extension is frozen
* Rebase on master and fix integration issues
* Fix entry ordering in extension list
Changes since v2:
* Rebase on master and resolve conflicts
* Adjustments according to a specification change
* Inline REQUIRE_ZAWRS() since it has only one user
Changes since v1:
* Adding zawrs to the ISA string that is passed to the kernel
Signed-off-by: Christoph Müllner
Reviewed-by: Alistair Francis
Message-Id: <20221005144948.3421504-1-christoph.muell...@vrull.eu>
Signed-off-by: Alistair Francis
---
target/riscv/cpu.h | 1 +
target/riscv/insn32.decode | 4 ++
target/riscv/cpu.c | 7 +++
target/riscv/translate.c| 1 +
target/riscv/insn_trans/trans_rvzawrs.c.inc | 51 +
5 files changed, 64 insertions(+)
create mode 100644 target/riscv/insn_trans/trans_rvzawrs.c.inc
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 37f9516941..f5609b62a2 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -453,6 +453,7 @@ struct RISCVCPUConfig {
bool ext_svnapot;
bool ext_svpbmt;
bool ext_zdinx;
+bool ext_zawrs;
bool ext_zfh;
bool ext_zfhmin;
bool ext_zfinx;
diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index d0253b8104..b7e7613ea2 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -718,6 +718,10 @@ vsetvli 0 ... . 111 . 1010111
@r2_zimm11
vsetivli11 .. . 111 . 1010111 @r2_zimm10
vsetvl 100 . . 111 . 1010111 @r
+# *** Zawrs Standard Extension ***
+wrs_nto1101 0 000 0 1110011
+wrs_sto00011101 0 000 0 1110011
+
# *** RV32 Zba Standard Extension ***
sh1add 001 .. 010 . 0110011 @r
sh2add 001 .. 100 . 0110011 @r
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index b2c132e269..cc75ca7667 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -76,6 +76,7 @@ static const struct isa_ext_data isa_edata_arr[] = {
ISA_EXT_DATA_ENTRY(zicsr, true, PRIV_VERSION_1_10_0, ext_icsr),
ISA_EXT_DATA_ENTRY(zifencei, true, PRIV_VERSION_1_10_0, ext_ifencei),
ISA_EXT_DATA_ENTRY(zihintpause, true, PRIV_VERSION_1_10_0,
ext_zihintpause),
+ISA_EXT_DATA_ENTRY(zawrs, true, PRIV_VERSION_1_12_0, ext_zawrs),
ISA_EXT_DATA_ENTRY(zfh, true, PRIV_VERSION_1_12_0, ext_zfh),
ISA_EXT_DATA_ENTRY(zfhmin, true, PRIV_VERSION_1_12_0, ext_zfhmin),
ISA_EXT_DATA_ENTRY(zfinx, true, PRIV_VERSION_1_12_0, ext_zfinx),
@@ -766,6 +767,11 @@ static void riscv_cpu_realize(DeviceState *dev, Error
**errp)
return;
}
+if ((cpu->cfg.ext_zawrs) && !cpu->cfg.ext_a) {
+error_setg(errp, "Zawrs extension requires A extension");
+return;
+}
+
if ((cpu->cfg.ext_zfh || cpu->cfg.ext_zfhmin) && !cpu->cfg.ext_f) {
error_setg(errp, "Zfh/Zfhmin extensions require F extension");
return;
@@ -1021,6 +1027,7 @@ static Property riscv_cpu_extensions[] = {
DEFINE_PROP_BOOL("Zifencei", RISCVCPU, cfg.ext_ifencei, true),
DEFINE_PROP_BOOL("Zicsr", RISCVCPU, cfg.ext_icsr, true),
DEFINE_PROP_BOOL("Zihintpause", RISCVCPU, cfg.ext_zihintpause, true),
+DEFINE_PROP_BOOL("Zawrs", RISCVCPU, cfg.ext_zawrs, true),
DEFINE_PROP_BOOL("Zfh", RISCVCPU, cfg.ext_zfh, false),
DEFINE_PROP_BOOL("Zfhmin", RISCVCPU, cfg.ext_zfhmin, false),
DEFINE_PROP_BOOL("Zve32f", RISCVCPU, cfg.ext_zve32f, false),
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 160aefc3df..df38db7553 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -1060,6 +1060,7 @@ static uint32_t opcode_at(DisasContextBase *dcbase,
target_ulong pc)
#include "insn_trans/trans_rvh.c.inc"
#include "insn_trans/trans_rvv.c.inc"
#include "insn_trans/trans_rvb.c.inc"
+#include "insn_trans/trans_rvzawrs.c.inc"
#include "insn_trans/trans_rvzfh.c.inc"
#include "insn_trans/trans_rvk.c.inc"
#include "insn_trans/trans_privileged.c.inc"
diff --git a/target/riscv/insn_trans/trans_rvzawrs.c.inc
b/target/riscv/insn_trans/trans_rvzawrs.c.inc
new file mode 100644
index 00..8254e7dfe2
--- /dev/null
+++ b/target/riscv/insn_trans/trans_rvzawrs.c.inc
@@ -0,0 +1,51 @@
+/*
+ * RISC-V translation routines for the RISC-V Zawrs Extension.
+ *
+ *
[PULL v3 34/43] hw/intc: sifive_plic: Improve robustness of the PLIC config parser
From: Bin Meng
At present the PLIC config parser can only handle legal config string
like "MS,MS". However if a config string like ",MS,MS,,MS,MS,," is
given the parser won't get the correct configuration.
This commit improves the config parser to make it more robust.
Signed-off-by: Bin Meng
Acked-by: Alistair Francis
Message-Id: <20221211030829.802437-7-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
hw/intc/sifive_plic.c | 24
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index 936dcf74bc..c9af94a888 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -290,7 +290,7 @@ static void sifive_plic_reset(DeviceState *dev)
*/
static void parse_hart_config(SiFivePLICState *plic)
{
-int addrid, hartid, modes;
+int addrid, hartid, modes, m;
const char *p;
char c;
@@ -299,11 +299,13 @@ static void parse_hart_config(SiFivePLICState *plic)
p = plic->hart_config;
while ((c = *p++)) {
if (c == ',') {
-addrid += ctpop8(modes);
-modes = 0;
-hartid++;
+if (modes) {
+addrid += ctpop8(modes);
+hartid++;
+modes = 0;
+}
} else {
-int m = 1 << char_to_mode(c);
+m = 1 << char_to_mode(c);
if (modes == (modes | m)) {
error_report("plic: duplicate mode '%c' in config: %s",
c, plic->hart_config);
@@ -314,8 +316,9 @@ static void parse_hart_config(SiFivePLICState *plic)
}
if (modes) {
addrid += ctpop8(modes);
+hartid++;
+modes = 0;
}
-hartid++;
plic->num_addrs = addrid;
plic->num_harts = hartid;
@@ -326,11 +329,16 @@ static void parse_hart_config(SiFivePLICState *plic)
p = plic->hart_config;
while ((c = *p++)) {
if (c == ',') {
-hartid++;
+if (modes) {
+hartid++;
+modes = 0;
+}
} else {
+m = char_to_mode(c);
plic->addr_config[addrid].addrid = addrid;
plic->addr_config[addrid].hartid = hartid;
-plic->addr_config[addrid].mode = char_to_mode(c);
+plic->addr_config[addrid].mode = m;
+modes |= (1 << m);
addrid++;
}
}
--
2.39.0
[PULL v3 22/43] hw/intc: sifive_plic: fix out-of-bound access of source_priority array
From: Jim Shu
If the number of interrupt is not multiple of 32, PLIC will have
out-of-bound access to source_priority array. Compute the number of
interrupt in the last word to avoid this out-of-bound access of array.
Signed-off-by: Jim Shu
Reviewed-by: Bin Meng
Message-Id: <20221127165753.30533-1-jim@sifive.com>
Signed-off-by: Alistair Francis
---
hw/intc/sifive_plic.c | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index b4949bef97..0c7696520d 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -78,6 +78,7 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic,
uint32_t addrid)
uint32_t max_irq = 0;
uint32_t max_prio = plic->target_priority[addrid];
int i, j;
+int num_irq_in_word = 32;
for (i = 0; i < plic->bitfield_words; i++) {
uint32_t pending_enabled_not_claimed =
@@ -88,7 +89,16 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic,
uint32_t addrid)
continue;
}
-for (j = 0; j < 32; j++) {
+if (i == (plic->bitfield_words - 1)) {
+/*
+ * If plic->num_sources is not multiple of 32, num-of-irq in last
+ * word is not 32. Compute the num-of-irq of last word to avoid
+ * out-of-bound access of source_priority array.
+ */
+num_irq_in_word = plic->num_sources - ((plic->bitfield_words - 1)
<< 5);
+}
+
+for (j = 0; j < num_irq_in_word; j++) {
int irq = (i << 5) + j;
uint32_t prio = plic->source_priority[irq];
int enabled = pending_enabled_not_claimed & (1 << j);
--
2.39.0
[PULL v3 32/43] hw/riscv: spike: Remove misleading comments
From: Bin Meng PLIC is not included in the 'spike' machine. Signed-off-by: Bin Meng Reviewed-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-5-bm...@tinylab.org> Signed-off-by: Alistair Francis --- hw/riscv/spike.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c index 1e1d752c00..13946acf0d 100644 --- a/hw/riscv/spike.c +++ b/hw/riscv/spike.c @@ -8,7 +8,6 @@ * * 0) HTIF Console and Poweroff * 1) CLINT (Timer and IPI) - * 2) PLIC (Platform Level Interrupt Controller) * * This program is free software; you can redistribute it and/or modify it * under the terms and conditions of the GNU General Public License, -- 2.39.0
[PULL v3 04/43] tcg/riscv: Fix base register for user-only qemu_ld/st
From: Richard Henderson
When guest_base != 0, we were not coordinating the usage of
TCG_REG_TMP0 as base properly, leading to a previous zero-extend
of the input address being discarded.
Shuffle the alignment check to the front, because that does not
depend on the zero-extend, and it keeps the register usage clear.
Set base after each step of the address arithmetic instead of before.
Return the base register used from tcg_out_tlb_load, so as to
keep that register choice localized to that function.
Reported-by: LIU Zhiwei
Signed-off-by: Richard Henderson
Reviewed-by: LIU Zhiwei
Reviewed-by: Alistair Francis
Message-Id: <2022102327.2846860-1-richard.hender...@linaro.org>
Signed-off-by: Alistair Francis
---
tcg/riscv/tcg-target.c.inc | 39 +-
1 file changed, 22 insertions(+), 17 deletions(-)
diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index 2a84c57bec..e3b608034f 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -923,9 +923,9 @@ static void tcg_out_goto(TCGContext *s, const tcg_insn_unit
*target)
tcg_debug_assert(ok);
}
-static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl,
- TCGReg addrh, MemOpIdx oi,
- tcg_insn_unit **label_ptr, bool is_load)
+static TCGReg tcg_out_tlb_load(TCGContext *s, TCGReg addrl,
+ TCGReg addrh, MemOpIdx oi,
+ tcg_insn_unit **label_ptr, bool is_load)
{
MemOp opc = get_memop(oi);
unsigned s_bits = opc & MO_SIZE;
@@ -975,6 +975,7 @@ static void tcg_out_tlb_load(TCGContext *s, TCGReg addrl,
addrl = TCG_REG_TMP0;
}
tcg_out_opc_reg(s, OPC_ADD, TCG_REG_TMP0, TCG_REG_TMP2, addrl);
+return TCG_REG_TMP0;
}
static void add_qemu_ldst_label(TCGContext *s, int is_ld, MemOpIdx oi,
@@ -1177,7 +1178,7 @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg
*args, bool is_64)
#else
unsigned a_bits;
#endif
-TCGReg base = TCG_REG_TMP0;
+TCGReg base;
data_regl = *args++;
data_regh = (TCG_TARGET_REG_BITS == 32 && is_64 ? *args++ : 0);
@@ -1187,23 +1188,25 @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg
*args, bool is_64)
opc = get_memop(oi);
#if defined(CONFIG_SOFTMMU)
-tcg_out_tlb_load(s, addr_regl, addr_regh, oi, label_ptr, 1);
+base = tcg_out_tlb_load(s, addr_regl, addr_regh, oi, label_ptr, 1);
tcg_out_qemu_ld_direct(s, data_regl, data_regh, base, opc, is_64);
add_qemu_ldst_label(s, 1, oi,
(is_64 ? TCG_TYPE_I64 : TCG_TYPE_I32),
data_regl, data_regh, addr_regl, addr_regh,
s->code_ptr, label_ptr);
#else
-if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) {
-tcg_out_ext32u(s, base, addr_regl);
-addr_regl = base;
-}
a_bits = get_alignment_bits(opc);
if (a_bits) {
tcg_out_test_alignment(s, true, addr_regl, a_bits);
}
+base = addr_regl;
+if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) {
+tcg_out_ext32u(s, TCG_REG_TMP0, base);
+base = TCG_REG_TMP0;
+}
if (guest_base != 0) {
-tcg_out_opc_reg(s, OPC_ADD, base, TCG_GUEST_BASE_REG, addr_regl);
+tcg_out_opc_reg(s, OPC_ADD, TCG_REG_TMP0, TCG_GUEST_BASE_REG, base);
+base = TCG_REG_TMP0;
}
tcg_out_qemu_ld_direct(s, data_regl, data_regh, base, opc, is_64);
#endif
@@ -1249,7 +1252,7 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg
*args, bool is_64)
#else
unsigned a_bits;
#endif
-TCGReg base = TCG_REG_TMP0;
+TCGReg base;
data_regl = *args++;
data_regh = (TCG_TARGET_REG_BITS == 32 && is_64 ? *args++ : 0);
@@ -1259,23 +1262,25 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg
*args, bool is_64)
opc = get_memop(oi);
#if defined(CONFIG_SOFTMMU)
-tcg_out_tlb_load(s, addr_regl, addr_regh, oi, label_ptr, 0);
+base = tcg_out_tlb_load(s, addr_regl, addr_regh, oi, label_ptr, 0);
tcg_out_qemu_st_direct(s, data_regl, data_regh, base, opc);
add_qemu_ldst_label(s, 0, oi,
(is_64 ? TCG_TYPE_I64 : TCG_TYPE_I32),
data_regl, data_regh, addr_regl, addr_regh,
s->code_ptr, label_ptr);
#else
-if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) {
-tcg_out_ext32u(s, base, addr_regl);
-addr_regl = base;
-}
a_bits = get_alignment_bits(opc);
if (a_bits) {
tcg_out_test_alignment(s, false, addr_regl, a_bits);
}
+base = addr_regl;
+if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) {
+tcg_out_ext32u(s, TCG_REG_TMP0, base);
+base = TCG_REG_TMP0;
+}
if (guest_base != 0) {
-tcg_out_opc_reg(s, OPC_ADD, base, TCG_GUEST_BASE_REG, addr_regl);
+tcg_out_opc_reg(s, OPC_ADD, TCG_REG_TMP0, TCG_GUEST_BASE_REG, base);
+base = TCG_REG_TMP0;
}
[PULL v2 19/47] tcg: Introduce paired register allocation
There are several instances where we need to be able to
allocate a pair of registers to related inputs/outputs.
Add 'p' and 'm' register constraints for this, in order to
be able to allocate the even/odd register first or second.
Signed-off-by: Richard Henderson
---
include/tcg/tcg.h | 2 +
tcg/tcg.c | 424 --
2 files changed, 378 insertions(+), 48 deletions(-)
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index d84bae6e3f..5c2254ce9f 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -951,6 +951,8 @@ typedef struct TCGArgConstraint {
unsigned ct : 16;
unsigned alias_index : 4;
unsigned sort_index : 4;
+unsigned pair_index : 4;
+unsigned pair : 2; /* 0: none, 1: first, 2: second, 3: second alias */
bool oalias : 1;
bool ialias : 1;
bool newreg : 1;
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 92141bd79a..2cf24b4453 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -1969,15 +1969,32 @@ static void tcg_dump_ops(TCGContext *s, FILE *f, bool
have_prefs)
static int get_constraint_priority(const TCGOpDef *def, int k)
{
const TCGArgConstraint *arg_ct = >args_ct[k];
-int n;
+int n = ctpop64(arg_ct->regs);
-if (arg_ct->oalias) {
-/* an alias is equivalent to a single register */
-n = 1;
-} else {
-n = ctpop64(arg_ct->regs);
+/*
+ * Sort constraints of a single register first, which includes output
+ * aliases (which must exactly match the input already allocated).
+ */
+if (n == 1 || arg_ct->oalias) {
+return INT_MAX;
}
-return TCG_TARGET_NB_REGS - n + 1;
+
+/*
+ * Sort register pairs next, first then second immediately after.
+ * Arbitrarily sort multiple pairs by the index of the first reg;
+ * there shouldn't be many pairs.
+ */
+switch (arg_ct->pair) {
+case 1:
+case 3:
+return (k + 1) * 2;
+case 2:
+return (arg_ct->pair_index + 1) * 2 - 1;
+}
+
+/* Finally, sort by decreasing register count. */
+assert(n > 1);
+return -n;
}
/* sort from highest priority to lowest */
@@ -2012,7 +2029,8 @@ static void process_op_defs(TCGContext *s)
for (op = 0; op < NB_OPS; op++) {
TCGOpDef *def = _op_defs[op];
const TCGTargetOpDef *tdefs;
-int i, o, nb_args;
+bool saw_alias_pair = false;
+int i, o, i2, o2, nb_args;
if (def->flags & TCG_OPF_NOT_PRESENT) {
continue;
@@ -2053,6 +2071,9 @@ static void process_op_defs(TCGContext *s)
/* The input sets ialias. */
def->args_ct[i].ialias = 1;
def->args_ct[i].alias_index = o;
+if (def->args_ct[i].pair) {
+saw_alias_pair = true;
+}
tcg_debug_assert(ct_str[1] == '\0');
continue;
@@ -2061,6 +2082,38 @@ static void process_op_defs(TCGContext *s)
def->args_ct[i].newreg = true;
ct_str++;
break;
+
+case 'p': /* plus */
+/* Allocate to the register after the previous. */
+tcg_debug_assert(i > (input_p ? def->nb_oargs : 0));
+o = i - 1;
+tcg_debug_assert(!def->args_ct[o].pair);
+tcg_debug_assert(!def->args_ct[o].ct);
+def->args_ct[i] = (TCGArgConstraint){
+.pair = 2,
+.pair_index = o,
+.regs = def->args_ct[o].regs << 1,
+};
+def->args_ct[o].pair = 1;
+def->args_ct[o].pair_index = i;
+tcg_debug_assert(ct_str[1] == '\0');
+continue;
+
+case 'm': /* minus */
+/* Allocate to the register before the previous. */
+tcg_debug_assert(i > (input_p ? def->nb_oargs : 0));
+o = i - 1;
+tcg_debug_assert(!def->args_ct[o].pair);
+tcg_debug_assert(!def->args_ct[o].ct);
+def->args_ct[i] = (TCGArgConstraint){
+.pair = 1,
+.pair_index = o,
+.regs = def->args_ct[o].regs >> 1,
+};
+def->args_ct[o].pair = 2;
+def->args_ct[o].pair_index = i;
+tcg_debug_assert(ct_str[1] == '\0');
+continue;
}
do {
@@ -2084,6 +2137,8 @@ static void process_op_defs(TCGContext *s)
default:
case '0' ... '9':
case '&':
+case 'p':
+case 'm':
/* Typo in TCGTargetOpDef constraint. */
g_assert_not_reached();
}
@@ -2093,6 +2148,79 @@ static void process_op_defs(TCGContext *s)
/* TCGTargetOpDef entry with too much information? */
tcg_debug_assert(i == TCG_MAX_OP_ARGS ||
[PULL v3 25/43] target/riscv: Simplify helper_sret() a little bit
From: Bin Meng
There are 2 paths in helper_sret() and the same mstatus update codes
are replicated. Extract the common parts to simplify it a little bit.
Signed-off-by: Bin Meng
Reviewed-by: Alistair Francis
Message-Id: <20221207090037.281452-1-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
target/riscv/op_helper.c | 20 ++--
1 file changed, 6 insertions(+), 14 deletions(-)
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index d7af7f056b..a047d38152 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -149,21 +149,21 @@ target_ulong helper_sret(CPURISCVState *env)
}
mstatus = env->mstatus;
+prev_priv = get_field(mstatus, MSTATUS_SPP);
+mstatus = set_field(mstatus, MSTATUS_SIE,
+get_field(mstatus, MSTATUS_SPIE));
+mstatus = set_field(mstatus, MSTATUS_SPIE, 1);
+mstatus = set_field(mstatus, MSTATUS_SPP, PRV_U);
+env->mstatus = mstatus;
if (riscv_has_ext(env, RVH) && !riscv_cpu_virt_enabled(env)) {
/* We support Hypervisor extensions and virtulisation is disabled */
target_ulong hstatus = env->hstatus;
-prev_priv = get_field(mstatus, MSTATUS_SPP);
prev_virt = get_field(hstatus, HSTATUS_SPV);
hstatus = set_field(hstatus, HSTATUS_SPV, 0);
-mstatus = set_field(mstatus, MSTATUS_SPP, 0);
-mstatus = set_field(mstatus, SSTATUS_SIE,
-get_field(mstatus, SSTATUS_SPIE));
-mstatus = set_field(mstatus, SSTATUS_SPIE, 1);
-env->mstatus = mstatus;
env->hstatus = hstatus;
if (prev_virt) {
@@ -171,14 +171,6 @@ target_ulong helper_sret(CPURISCVState *env)
}
riscv_cpu_set_virt_enabled(env, prev_virt);
-} else {
-prev_priv = get_field(mstatus, MSTATUS_SPP);
-
-mstatus = set_field(mstatus, MSTATUS_SIE,
-get_field(mstatus, MSTATUS_SPIE));
-mstatus = set_field(mstatus, MSTATUS_SPIE, 1);
-mstatus = set_field(mstatus, MSTATUS_SPP, PRV_U);
-env->mstatus = mstatus;
}
riscv_cpu_set_mode(env, prev_priv);
--
2.39.0
[PULL v3 15/43] target/riscv: Typo fix in sstc() predicate
From: Anup Patel
We should use "&&" instead of "&" when checking hcounteren.TM and
henvcfg.STCE bits.
Fixes: 3ec0fe18a31f ("target/riscv: Add vstimecmp suppor")
Signed-off-by: Anup Patel
Reviewed-by: Alistair Francis
Message-Id: <20221108125703.1463577-2-apa...@ventanamicro.com>
Signed-off-by: Alistair Francis
---
target/riscv/csr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 71236f2b5d..0db2c233e5 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -940,7 +940,7 @@ static RISCVException sstc(CPURISCVState *env, int csrno)
}
if (riscv_cpu_virt_enabled(env)) {
-if (!(get_field(env->hcounteren, COUNTEREN_TM) &
+if (!(get_field(env->hcounteren, COUNTEREN_TM) &&
get_field(env->henvcfg, HENVCFG_STCE))) {
return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
}
--
2.39.0
[PULL v3 36/43] hw/intc: sifive_plic: Update "num-sources" property default value
From: Bin Meng
At present the default value of "num-sources" property is zero,
which does not make a lot of sense, as in sifive_plic_realize()
we see s->bitfield_words is calculated by:
s->bitfield_words = (s->num_sources + 31) >> 5;
if the we don't configure "num-sources" property its default value
zero makes s->bitfield_words zero too, which isn't true because
interrupt source 0 still occupies one word.
Let's change the default value to 1 meaning that only interrupt
source 0 is supported by default and a sanity check in realize().
While we are here, add a comment to describe the exact meaning of
this property that the number should include interrupt source 0.
Signed-off-by: Bin Meng
Reviewed-by: Alistair Francis
Message-Id: <20221211030829.802437-9-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
hw/intc/sifive_plic.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index 9cb4c6d6d4..1edeb1e1ed 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -363,6 +363,11 @@ static void sifive_plic_realize(DeviceState *dev, Error
**errp)
parse_hart_config(s);
+if (!s->num_sources) {
+error_setg(errp, "plic: invalid number of interrupt sources");
+return;
+}
+
s->bitfield_words = (s->num_sources + 31) >> 5;
s->num_enables = s->bitfield_words * s->num_addrs;
s->source_priority = g_new0(uint32_t, s->num_sources);
@@ -420,7 +425,8 @@ static const VMStateDescription vmstate_sifive_plic = {
static Property sifive_plic_properties[] = {
DEFINE_PROP_STRING("hart-config", SiFivePLICState, hart_config),
DEFINE_PROP_UINT32("hartid-base", SiFivePLICState, hartid_base, 0),
-DEFINE_PROP_UINT32("num-sources", SiFivePLICState, num_sources, 0),
+/* number of interrupt sources including interrupt source 0 */
+DEFINE_PROP_UINT32("num-sources", SiFivePLICState, num_sources, 1),
DEFINE_PROP_UINT32("num-priorities", SiFivePLICState, num_priorities, 0),
DEFINE_PROP_UINT32("priority-base", SiFivePLICState, priority_base, 0),
DEFINE_PROP_UINT32("pending-base", SiFivePLICState, pending_base, 0),
--
2.39.0
[PULL v3 37/43] hw/riscv: microchip_pfsoc: Fix the number of interrupt sources of PLIC
From: Bin Meng
Per chapter 6.5.2 in [1], the number of interupt sources including
interrupt source 0 should be 187.
[1] PolarFire SoC MSS TRM:
https://ww1.microchip.com/downloads/aemDocuments/documents/FPGA/ProductDocuments/ReferenceManuals/PolarFire_SoC_FPGA_MSS_Technical_Reference_Manual_VC.pdf
Fixes: 56f6e31e7b7e ("hw/riscv: Initial support for Microchip PolarFire SoC
Icicle Kit board")
Signed-off-by: Bin Meng
Reviewed-by: Wilfred Mallawa
Reviewed-by: Alistair Francis
Reviewed-by: Conor Dooley
Message-Id: <20221211030829.802437-10-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
include/hw/riscv/microchip_pfsoc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/hw/riscv/microchip_pfsoc.h
b/include/hw/riscv/microchip_pfsoc.h
index 69a686b54a..577efad0c4 100644
--- a/include/hw/riscv/microchip_pfsoc.h
+++ b/include/hw/riscv/microchip_pfsoc.h
@@ -153,7 +153,7 @@ enum {
#define MICROCHIP_PFSOC_MANAGEMENT_CPU_COUNT1
#define MICROCHIP_PFSOC_COMPUTE_CPU_COUNT 4
-#define MICROCHIP_PFSOC_PLIC_NUM_SOURCES185
+#define MICROCHIP_PFSOC_PLIC_NUM_SOURCES187
#define MICROCHIP_PFSOC_PLIC_NUM_PRIORITIES 7
#define MICROCHIP_PFSOC_PLIC_PRIORITY_BASE 0x04
#define MICROCHIP_PFSOC_PLIC_PENDING_BASE 0x1000
--
2.39.0
[PULL v3 28/43] hw/riscv: Select MSI_NONBROKEN in SIFIVE_PLIC
From: Bin Meng hw/pci/Kconfig says MSI_NONBROKEN should be selected by interrupt controllers regardless of how MSI is implemented. msi_nonbroken is initialized to true in sifive_plic_realize(). Let SIFIVE_PLIC select MSI_NONBROKEN and drop the selection from RISC-V machines. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Wilfred Mallawa Message-Id: <20221211030829.802437-1-bm...@tinylab.org> Signed-off-by: Alistair Francis --- hw/intc/Kconfig | 1 + hw/riscv/Kconfig | 5 - 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig index ecd2883ceb..1d4573e803 100644 --- a/hw/intc/Kconfig +++ b/hw/intc/Kconfig @@ -78,6 +78,7 @@ config RISCV_IMSIC config SIFIVE_PLIC bool +select MSI_NONBROKEN config GOLDFISH_PIC bool diff --git a/hw/riscv/Kconfig b/hw/riscv/Kconfig index 79ff61c464..167dc4cca6 100644 --- a/hw/riscv/Kconfig +++ b/hw/riscv/Kconfig @@ -11,7 +11,6 @@ config MICROCHIP_PFSOC select MCHP_PFSOC_IOSCB select MCHP_PFSOC_MMUART select MCHP_PFSOC_SYSREG -select MSI_NONBROKEN select RISCV_ACLINT select SIFIVE_PDMA select SIFIVE_PLIC @@ -37,7 +36,6 @@ config RISCV_VIRT imply TPM_TIS_SYSBUS select RISCV_NUMA select GOLDFISH_RTC -select MSI_NONBROKEN select PCI select PCI_EXPRESS_GENERIC_BRIDGE select PFLASH_CFI01 @@ -53,7 +51,6 @@ config RISCV_VIRT config SIFIVE_E bool -select MSI_NONBROKEN select RISCV_ACLINT select SIFIVE_GPIO select SIFIVE_PLIC @@ -64,7 +61,6 @@ config SIFIVE_E config SIFIVE_U bool select CADENCE -select MSI_NONBROKEN select RISCV_ACLINT select SIFIVE_GPIO select SIFIVE_PDMA @@ -82,6 +78,5 @@ config SPIKE bool select RISCV_NUMA select HTIF -select MSI_NONBROKEN select RISCV_ACLINT select SIFIVE_PLIC -- 2.39.0
[PULL v3 17/43] target/riscv: support cache-related PMU events in virtual mode
From: Jim Shu
let tlb_fill() function also increments PMU counter when it is from
two-stage translation, so QEMU could also monitor these PMU events when
CPU runs in VS/VU mode (like running guest OS).
Signed-off-by: Jim Shu
Reviewed-by: Alistair Francis
Message-Id: <20221123090635.6574-1-jim@sifive.com>
Signed-off-by: Alistair Francis
---
target/riscv/cpu_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 427d4d4386..1ff6ab5746 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -1258,6 +1258,7 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int
size,
}
}
+pmu_tlb_fill_incr_ctr(cpu, access_type);
if (riscv_cpu_virt_enabled(env) ||
((riscv_cpu_two_stage_lookup(mmu_idx) || two_stage_lookup) &&
access_type != MMU_INST_FETCH)) {
@@ -1321,7 +1322,6 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int
size,
}
}
} else {
-pmu_tlb_fill_incr_ctr(cpu, access_type);
/* Single stage lookup */
ret = get_physical_address(env, , , address, NULL,
access_type, mmu_idx, true, false, false);
--
2.39.0
[PULL v3 39/43] hw/riscv: sifive_u: Avoid using magic number for "riscv, ndev"
From: Bin Meng At present magic number is used to create "riscv,ndev" property in the dtb. Let's use the macro SIFIVE_U_PLIC_NUM_SOURCES that is used to instantiate the PLIC model instead. Signed-off-by: Bin Meng Reviewed-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-12-bm...@tinylab.org> Signed-off-by: Alistair Francis --- hw/riscv/sifive_u.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c index b139824aab..b40a4767e2 100644 --- a/hw/riscv/sifive_u.c +++ b/hw/riscv/sifive_u.c @@ -287,7 +287,8 @@ static void create_fdt(SiFiveUState *s, const MemMapEntry *memmap, qemu_fdt_setprop_cells(fdt, nodename, "reg", 0x0, memmap[SIFIVE_U_DEV_PLIC].base, 0x0, memmap[SIFIVE_U_DEV_PLIC].size); -qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", 0x35); +qemu_fdt_setprop_cell(fdt, nodename, "riscv,ndev", + SIFIVE_U_PLIC_NUM_SOURCES - 1); qemu_fdt_setprop_cell(fdt, nodename, "phandle", plic_phandle); plic_phandle = qemu_fdt_get_phandle(fdt, nodename); g_free(cells); -- 2.39.0
[PULL v3 24/43] target/riscv: Set pc_succ_insn for !rvc illegal insn
From: Richard Henderson
Failure to set pc_succ_insn may result in a TB covering zero bytes,
which triggers an assert within the code generator.
Cc: qemu-sta...@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1224
Signed-off-by: Richard Henderson
Reviewed-by: Alistair Francis
Reviewed-by: Philippe Mathieu-Daudé
Message-Id: <20221203175744.151365-1-richard.hender...@linaro.org>
[ Changes by AF:
- Add missing run-plugin-test-noc-% line
]
Signed-off-by: Alistair Francis
---
target/riscv/translate.c | 12
tests/tcg/Makefile.target | 2 ++
tests/tcg/riscv64/Makefile.target | 6 ++
tests/tcg/riscv64/test-noc.S | 32 +++
4 files changed, 44 insertions(+), 8 deletions(-)
create mode 100644 tests/tcg/riscv64/test-noc.S
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index cd5eb25ee8..160aefc3df 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -1096,14 +1096,10 @@ static void decode_opc(CPURISCVState *env, DisasContext
*ctx, uint16_t opcode)
ctx->virt_inst_excp = false;
/* Check for compressed insn */
if (insn_len(opcode) == 2) {
-if (!has_ext(ctx, RVC)) {
-gen_exception_illegal(ctx);
-} else {
-ctx->opcode = opcode;
-ctx->pc_succ_insn = ctx->base.pc_next + 2;
-if (decode_insn16(ctx, opcode)) {
-return;
-}
+ctx->opcode = opcode;
+ctx->pc_succ_insn = ctx->base.pc_next + 2;
+if (has_ext(ctx, RVC) && decode_insn16(ctx, opcode)) {
+return;
}
} else {
uint32_t opcode32 = opcode;
diff --git a/tests/tcg/Makefile.target b/tests/tcg/Makefile.target
index 75257f2b29..14bc013181 100644
--- a/tests/tcg/Makefile.target
+++ b/tests/tcg/Makefile.target
@@ -117,6 +117,8 @@ endif
%: %.c
$(CC) $(CFLAGS) $(EXTRA_CFLAGS) $< -o $@ $(LDFLAGS)
+%: %.S
+ $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $< -o $@ $(LDFLAGS)
else
# For softmmu targets we include a different Makefile fragement as the
# build options for bare programs are usually pretty different. They
diff --git a/tests/tcg/riscv64/Makefile.target
b/tests/tcg/riscv64/Makefile.target
index b5b89dfb0e..cc3ed65ffd 100644
--- a/tests/tcg/riscv64/Makefile.target
+++ b/tests/tcg/riscv64/Makefile.target
@@ -4,3 +4,9 @@
VPATH += $(SRC_PATH)/tests/tcg/riscv64
TESTS += test-div
TESTS += noexec
+
+# Disable compressed instructions for test-noc
+TESTS += test-noc
+test-noc: LDFLAGS = -nostdlib -static
+run-test-noc: QEMU_OPTS += -cpu rv64,c=false
+run-plugin-test-noc-%: QEMU_OPTS += -cpu rv64,c=false
diff --git a/tests/tcg/riscv64/test-noc.S b/tests/tcg/riscv64/test-noc.S
new file mode 100644
index 00..e29d60c8b3
--- /dev/null
+++ b/tests/tcg/riscv64/test-noc.S
@@ -0,0 +1,32 @@
+#include
+
+ .text
+ .globl _start
+_start:
+ .option norvc
+ li a0, 4 /* SIGILL */
+ la a1, sa
+ li a2, 0
+ li a3, 8
+ li a7, __NR_rt_sigaction
+ scall
+
+ .option rvc
+ li a0, 1
+ j exit
+ .option norvc
+
+pass:
+ li a0, 0
+exit:
+ li a7, __NR_exit
+ scall
+
+ .data
+ /* struct kernel_sigaction sa = { .sa_handler = pass }; */
+ .type sa, @object
+ .size sa, 32
+sa:
+ .dword pass
+ .zero 24
+
--
2.39.0
[PULL v3 20/43] hw/riscv: pfsoc: add missing FICs as unimplemented
From: Conor Dooley
The Fabric Interconnect Controllers provide interfaces between the FPGA
fabric and the core complex. There are 5 FICs on PolarFire SoC, numbered
0 through 4. FIC2 is an AXI4 slave interface from the FPGA fabric and
does not show up on the MSS memory map. FIC4 is dedicated to the User
Crypto Processor and does not show up on the MSS memory map either.
FIC 0, 1 & 3 do show up in the MSS memory map and neither FICs 0 or 1
are represented in QEMU, leading to load access violations while booting
Linux for Icicle if PCIe is enabled as the root port is connected via
either FIC 0 or 1.
Acked-by: Alistair Francis
Signed-off-by: Conor Dooley
Message-Id: <20221117225518.4102575-3-co...@kernel.org>
Signed-off-by: Alistair Francis
---
include/hw/riscv/microchip_pfsoc.h | 2 +
hw/riscv/microchip_pfsoc.c | 115 -
2 files changed, 65 insertions(+), 52 deletions(-)
diff --git a/include/hw/riscv/microchip_pfsoc.h
b/include/hw/riscv/microchip_pfsoc.h
index a757b240e0..7e7950dd36 100644
--- a/include/hw/riscv/microchip_pfsoc.h
+++ b/include/hw/riscv/microchip_pfsoc.h
@@ -121,6 +121,8 @@ enum {
MICROCHIP_PFSOC_USB,
MICROCHIP_PFSOC_QSPI_XIP,
MICROCHIP_PFSOC_IOSCB,
+MICROCHIP_PFSOC_FABRIC_FIC0,
+MICROCHIP_PFSOC_FABRIC_FIC1,
MICROCHIP_PFSOC_FABRIC_FIC3,
MICROCHIP_PFSOC_DRAM_LO,
MICROCHIP_PFSOC_DRAM_LO_ALIAS,
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index a821263d4f..2a24e3437a 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -86,58 +86,61 @@
* describes the complete IOSCB modules memory maps
*/
static const MemMapEntry microchip_pfsoc_memmap[] = {
-[MICROCHIP_PFSOC_RSVD0] = {0x0, 0x100 },
-[MICROCHIP_PFSOC_DEBUG] = { 0x100, 0xf00 },
-[MICROCHIP_PFSOC_E51_DTIM] ={ 0x100, 0x2000 },
-[MICROCHIP_PFSOC_BUSERR_UNIT0] ={ 0x170, 0x1000 },
-[MICROCHIP_PFSOC_BUSERR_UNIT1] ={ 0x1701000, 0x1000 },
-[MICROCHIP_PFSOC_BUSERR_UNIT2] ={ 0x1702000, 0x1000 },
-[MICROCHIP_PFSOC_BUSERR_UNIT3] ={ 0x1703000, 0x1000 },
-[MICROCHIP_PFSOC_BUSERR_UNIT4] ={ 0x1704000, 0x1000 },
-[MICROCHIP_PFSOC_CLINT] = { 0x200,0x1 },
-[MICROCHIP_PFSOC_L2CC] ={ 0x201, 0x1000 },
-[MICROCHIP_PFSOC_DMA] = { 0x300, 0x10 },
-[MICROCHIP_PFSOC_L2LIM] = { 0x800, 0x200 },
-[MICROCHIP_PFSOC_PLIC] ={ 0xc00, 0x400 },
-[MICROCHIP_PFSOC_MMUART0] = { 0x2000, 0x1000 },
-[MICROCHIP_PFSOC_WDOG0] = { 0x20001000, 0x1000 },
-[MICROCHIP_PFSOC_SYSREG] = { 0x20002000, 0x2000 },
-[MICROCHIP_PFSOC_AXISW] = { 0x20004000, 0x1000 },
-[MICROCHIP_PFSOC_MPUCFG] = { 0x20005000, 0x1000 },
-[MICROCHIP_PFSOC_FMETER] = { 0x20006000, 0x1000 },
-[MICROCHIP_PFSOC_DDR_SGMII_PHY] = { 0x20007000, 0x1000 },
-[MICROCHIP_PFSOC_EMMC_SD] = { 0x20008000, 0x1000 },
-[MICROCHIP_PFSOC_DDR_CFG] = { 0x2008,0x4 },
-[MICROCHIP_PFSOC_MMUART1] = { 0x2010, 0x1000 },
-[MICROCHIP_PFSOC_MMUART2] = { 0x20102000, 0x1000 },
-[MICROCHIP_PFSOC_MMUART3] = { 0x20104000, 0x1000 },
-[MICROCHIP_PFSOC_MMUART4] = { 0x20106000, 0x1000 },
-[MICROCHIP_PFSOC_WDOG1] = { 0x20101000, 0x1000 },
-[MICROCHIP_PFSOC_WDOG2] = { 0x20103000, 0x1000 },
-[MICROCHIP_PFSOC_WDOG3] = { 0x20105000, 0x1000 },
-[MICROCHIP_PFSOC_WDOG4] = { 0x20106000, 0x1000 },
-[MICROCHIP_PFSOC_SPI0] ={ 0x20108000, 0x1000 },
-[MICROCHIP_PFSOC_SPI1] ={ 0x20109000, 0x1000 },
-[MICROCHIP_PFSOC_I2C0] ={ 0x2010a000, 0x1000 },
-[MICROCHIP_PFSOC_I2C1] ={ 0x2010b000, 0x1000 },
-[MICROCHIP_PFSOC_CAN0] ={ 0x2010c000, 0x1000 },
-[MICROCHIP_PFSOC_CAN1] ={ 0x2010d000, 0x1000 },
-[MICROCHIP_PFSOC_GEM0] ={ 0x2011, 0x2000 },
-[MICROCHIP_PFSOC_GEM1] ={ 0x20112000, 0x2000 },
-[MICROCHIP_PFSOC_GPIO0] = { 0x2012, 0x1000 },
-[MICROCHIP_PFSOC_GPIO1] = { 0x20121000, 0x1000 },
-[MICROCHIP_PFSOC_GPIO2] = { 0x20122000, 0x1000 },
-[MICROCHIP_PFSOC_RTC] = { 0x20124000, 0x1000 },
-[MICROCHIP_PFSOC_ENVM_CFG] ={ 0x2020, 0x1000 },
-[MICROCHIP_PFSOC_ENVM_DATA] = { 0x2022,0x2 },
-[MICROCHIP_PFSOC_USB] = { 0x20201000, 0x1000 },
-[MICROCHIP_PFSOC_QSPI_XIP] ={ 0x2100, 0x100 },
-[MICROCHIP_PFSOC_IOSCB] = { 0x3000, 0x1000 },
-[MICROCHIP_PFSOC_FABRIC_FIC3] =
[PULL v3 21/43] hw/{misc, riscv}: pfsoc: add system controller as unimplemented
From: Conor Dooley
The system controller on PolarFire SoC is access via a mailbox. The
control registers for this mailbox lie in the "IOSCB" region & the
interrupt is cleared via write to the "SYSREG" region. It also has a
QSPI controller, usually connected to a flash chip, that is used for
storing FPGA bitstreams and used for In-Application Programming (IAP).
Linux has an implementation of the system controller, through which the
hwrng is accessed, leading to load/store access faults.
Add the QSPI as unimplemented and a very basic (effectively
unimplemented) version of the system controller's mailbox. Rather than
purely marking the regions as unimplemented, service the mailbox
requests by reporting failures and raising the interrupt so a guest can
better handle the lack of support.
Signed-off-by: Conor Dooley
Acked-by: Alistair Francis
Message-Id: <20221117225518.4102575-4-co...@kernel.org>
Signed-off-by: Alistair Francis
---
include/hw/misc/mchp_pfsoc_ioscb.h | 3 ++
include/hw/misc/mchp_pfsoc_sysreg.h | 1 +
include/hw/riscv/microchip_pfsoc.h | 1 +
hw/misc/mchp_pfsoc_ioscb.c | 72 -
hw/misc/mchp_pfsoc_sysreg.c | 18 ++--
hw/riscv/microchip_pfsoc.c | 6 +++
6 files changed, 95 insertions(+), 6 deletions(-)
diff --git a/include/hw/misc/mchp_pfsoc_ioscb.h
b/include/hw/misc/mchp_pfsoc_ioscb.h
index 687b213742..a1104862c8 100644
--- a/include/hw/misc/mchp_pfsoc_ioscb.h
+++ b/include/hw/misc/mchp_pfsoc_ioscb.h
@@ -29,6 +29,8 @@ typedef struct MchpPfSoCIoscbState {
MemoryRegion lane01;
MemoryRegion lane23;
MemoryRegion ctrl;
+MemoryRegion qspixip;
+MemoryRegion mailbox;
MemoryRegion cfg;
MemoryRegion ccc;
MemoryRegion pll_mss;
@@ -41,6 +43,7 @@ typedef struct MchpPfSoCIoscbState {
MemoryRegion cfm_sgmii;
MemoryRegion bc_sgmii;
MemoryRegion io_calib_sgmii;
+qemu_irq irq;
} MchpPfSoCIoscbState;
#define TYPE_MCHP_PFSOC_IOSCB "mchp.pfsoc.ioscb"
diff --git a/include/hw/misc/mchp_pfsoc_sysreg.h
b/include/hw/misc/mchp_pfsoc_sysreg.h
index 546ba68f6a..3cebe40ea9 100644
--- a/include/hw/misc/mchp_pfsoc_sysreg.h
+++ b/include/hw/misc/mchp_pfsoc_sysreg.h
@@ -28,6 +28,7 @@
typedef struct MchpPfSoCSysregState {
SysBusDevice parent;
MemoryRegion sysreg;
+qemu_irq irq;
} MchpPfSoCSysregState;
#define TYPE_MCHP_PFSOC_SYSREG "mchp.pfsoc.sysreg"
diff --git a/include/hw/riscv/microchip_pfsoc.h
b/include/hw/riscv/microchip_pfsoc.h
index 7e7950dd36..69a686b54a 100644
--- a/include/hw/riscv/microchip_pfsoc.h
+++ b/include/hw/riscv/microchip_pfsoc.h
@@ -147,6 +147,7 @@ enum {
MICROCHIP_PFSOC_MMUART2_IRQ = 92,
MICROCHIP_PFSOC_MMUART3_IRQ = 93,
MICROCHIP_PFSOC_MMUART4_IRQ = 94,
+MICROCHIP_PFSOC_MAILBOX_IRQ = 96,
};
#define MICROCHIP_PFSOC_MANAGEMENT_CPU_COUNT1
diff --git a/hw/misc/mchp_pfsoc_ioscb.c b/hw/misc/mchp_pfsoc_ioscb.c
index f976e42f72..a71d134295 100644
--- a/hw/misc/mchp_pfsoc_ioscb.c
+++ b/hw/misc/mchp_pfsoc_ioscb.c
@@ -24,6 +24,7 @@
#include "qemu/bitops.h"
#include "qemu/log.h"
#include "qapi/error.h"
+#include "hw/irq.h"
#include "hw/sysbus.h"
#include "hw/misc/mchp_pfsoc_ioscb.h"
@@ -34,6 +35,9 @@
#define IOSCB_WHOLE_REG_SIZE0x1000
#define IOSCB_SUBMOD_REG_SIZE 0x1000
#define IOSCB_CCC_REG_SIZE 0x200
+#define IOSCB_CTRL_REG_SIZE 0x800
+#define IOSCB_QSPIXIP_REG_SIZE 0x200
+
/*
* There are many sub-modules in the IOSCB module.
@@ -45,6 +49,8 @@
#define IOSCB_LANE01_BASE 0x0650
#define IOSCB_LANE23_BASE 0x0651
#define IOSCB_CTRL_BASE 0x0702
+#define IOSCB_QSPIXIP_BASE 0x07020100
+#define IOSCB_MAILBOX_BASE 0x07020800
#define IOSCB_CFG_BASE 0x0708
#define IOSCB_CCC_BASE 0x0800
#define IOSCB_PLL_MSS_BASE 0x0E001000
@@ -143,6 +149,58 @@ static const MemoryRegionOps mchp_pfsoc_io_calib_ddr_ops =
{
.endianness = DEVICE_LITTLE_ENDIAN,
};
+#define SERVICES_CR 0x50
+#define SERVICES_SR 0x54
+#define SERVICES_STATUS_SHIFT 16
+
+static uint64_t mchp_pfsoc_ctrl_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+uint32_t val = 0;
+
+switch (offset) {
+case SERVICES_SR:
+/*
+ * Although some services have no error codes, most do. All services
+ * that do implement errors, begin their error codes at 1. Treat all
+ * service requests as failures & return 1.
+ * See the "PolarFire® FPGA and PolarFire SoC FPGA System Services"
+ * user guide for more information on service error codes.
+ */
+val = 1u << SERVICES_STATUS_SHIFT;
+break;
+default:
+qemu_log_mask(LOG_UNIMP, "%s: unimplemented device read "
+ "(size %d, offset 0x%" HWADDR_PRIx ")\n",
+ __func__, size, offset);
+}
+
[PULL v3 18/43] target/riscv: Add some comments for sstatus CSR in riscv_cpu_dump_state()
From: Bin Meng sstatus register dump is currently missing in riscv_cpu_dump_state(). As sstatus is a copy of mstatus, which is described in the priv spec, it seems redundant to print the same information twice. Add some comments for this to let people know this is intentional. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-Id: <20221125050354.3166023-1-bm...@tinylab.org> Signed-off-by: Alistair Francis --- target/riscv/cpu.c | 4 1 file changed, 4 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 6fe176e483..b2c132e269 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -382,6 +382,10 @@ static void riscv_cpu_dump_state(CPUState *cs, FILE *f, int flags) CSR_MHARTID, CSR_MSTATUS, CSR_MSTATUSH, +/* + * CSR_SSTATUS is intentionally omitted here as its value + * can be figured out by looking at CSR_MSTATUS + */ CSR_HSTATUS, CSR_VSSTATUS, CSR_MIP, -- 2.39.0
[PULL v3 38/43] hw/riscv: sifive_e: Fix the number of interrupt sources of PLIC
From: Bin Meng
Per chapter 10 in Freedom E310 manuals [1][2][3], E310 G002 and G003
supports 52 interrupt sources while G000 supports 51 interrupt sources.
We use the value of G002 and G003, so it is 53 (including source 0).
[1] G000 manual:
https://sifive.cdn.prismic.io/sifive/4faf3e34-4a42-4c2f-be9e-c77baa4928c7_fe310-g000-manual-v3p2.pdf
[2] G002 manual:
https://sifive.cdn.prismic.io/sifive/034760b5-ac6a-4b1c-911c-f4148bb2c4a5_fe310-g002-v1p5.pdf
[3] G003 manual:
https://sifive.cdn.prismic.io/sifive/3af39c59-6498-471e-9dab-5355a0d539eb_fe310-g003-manual.pdf
Fixes: eb637edb1241 ("SiFive Freedom E Series RISC-V Machine")
Signed-off-by: Bin Meng
Reviewed-by: Wilfred Mallawa
Reviewed-by: Alistair Francis
Message-Id: <20221211030829.802437-11-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
include/hw/riscv/sifive_e.h | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/include/hw/riscv/sifive_e.h b/include/hw/riscv/sifive_e.h
index d738745925..9e58247fd8 100644
--- a/include/hw/riscv/sifive_e.h
+++ b/include/hw/riscv/sifive_e.h
@@ -82,7 +82,12 @@ enum {
};
#define SIFIVE_E_PLIC_HART_CONFIG "M"
-#define SIFIVE_E_PLIC_NUM_SOURCES 127
+/*
+ * Freedom E310 G002 and G003 supports 52 interrupt sources while
+ * Freedom E310 G000 supports 51 interrupt sources. We use the value
+ * of G002 and G003, so it is 53 (including interrupt source 0).
+ */
+#define SIFIVE_E_PLIC_NUM_SOURCES 53
#define SIFIVE_E_PLIC_NUM_PRIORITIES 7
#define SIFIVE_E_PLIC_PRIORITY_BASE 0x04
#define SIFIVE_E_PLIC_PENDING_BASE 0x1000
--
2.39.0
[PULL v3 01/43] target/riscv: Fix PMP propagation for tlb
From: LIU Zhiwei
Only the pmp index that be checked by pmp_hart_has_privs can be used
by pmp_get_tlb_size to avoid an error pmp index.
Before modification, we may use an error pmp index. For example,
we check address 0x4fc, and the size 0x4 in pmp_hart_has_privs. If there
is an pmp rule, valid range is [0x4fc, 0x500), then pmp_hart_has_privs
will return true;
However, this checked pmp index is discarded as pmp_hart_has_privs
return bool value. In pmp_is_range_in_tlb, it will traverse all pmp
rules. The tlb_sa will be 0x0, and tlb_ea will be 0xfff. If there is
a pmp rule [0x10, 0x14), it will be misused as it is legal in
pmp_get_tlb_size.
As we have already known the correct pmp index, just remove the
remove the pmp_is_range_in_tlb and get tlb size directly from
pmp_get_tlb_size.
Signed-off-by: LIU Zhiwei
Reviewed-by: Alistair Francis
Message-Id: <20221012060016.30856-1-zhiwei_...@linux.alibaba.com>
Signed-off-by: Alistair Francis
---
target/riscv/pmp.h| 6 +--
target/riscv/cpu_helper.c | 16 ---
target/riscv/pmp.c| 90 +--
3 files changed, 42 insertions(+), 70 deletions(-)
diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h
index a8dd797476..da32c61c85 100644
--- a/target/riscv/pmp.h
+++ b/target/riscv/pmp.h
@@ -72,11 +72,11 @@ target_ulong mseccfg_csr_read(CPURISCVState *env);
void pmpaddr_csr_write(CPURISCVState *env, uint32_t addr_index,
target_ulong val);
target_ulong pmpaddr_csr_read(CPURISCVState *env, uint32_t addr_index);
-bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
+int pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
target_ulong size, pmp_priv_t privs, pmp_priv_t *allowed_privs,
target_ulong mode);
-bool pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa,
- target_ulong *tlb_size);
+target_ulong pmp_get_tlb_size(CPURISCVState *env, int pmp_index,
+ target_ulong tlb_sa, target_ulong tlb_ea);
void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index);
void pmp_update_rule_nums(CPURISCVState *env);
uint32_t pmp_get_num_rules(CPURISCVState *env);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 278d163803..5d66246c2c 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -706,24 +706,26 @@ static int get_physical_address_pmp(CPURISCVState *env,
int *prot,
int mode)
{
pmp_priv_t pmp_priv;
-target_ulong tlb_size_pmp = 0;
+int pmp_index = -1;
if (!riscv_feature(env, RISCV_FEATURE_PMP)) {
*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
return TRANSLATE_SUCCESS;
}
-if (!pmp_hart_has_privs(env, addr, size, 1 << access_type, _priv,
-mode)) {
+pmp_index = pmp_hart_has_privs(env, addr, size, 1 << access_type,
+ _priv, mode);
+if (pmp_index < 0) {
*prot = 0;
return TRANSLATE_PMP_FAIL;
}
*prot = pmp_priv_to_page_prot(pmp_priv);
-if (tlb_size != NULL) {
-if (pmp_is_range_in_tlb(env, addr & ~(*tlb_size - 1), _size_pmp)) {
-*tlb_size = tlb_size_pmp;
-}
+if ((tlb_size != NULL) && pmp_index != MAX_RISCV_PMPS) {
+target_ulong tlb_sa = addr & ~(TARGET_PAGE_SIZE - 1);
+target_ulong tlb_ea = tlb_sa + TARGET_PAGE_SIZE - 1;
+
+*tlb_size = pmp_get_tlb_size(env, pmp_index, tlb_sa, tlb_ea);
}
return TRANSLATE_SUCCESS;
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 2b43e399b8..d1126a6066 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -292,8 +292,11 @@ static bool pmp_hart_has_privs_default(CPURISCVState *env,
target_ulong addr,
/*
* Check if the address has required RWX privs to complete desired operation
+ * Return PMP rule index if a pmp rule match
+ * Return MAX_RISCV_PMPS if default match
+ * Return negtive value if no match
*/
-bool pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
+int pmp_hart_has_privs(CPURISCVState *env, target_ulong addr,
target_ulong size, pmp_priv_t privs, pmp_priv_t *allowed_privs,
target_ulong mode)
{
@@ -305,8 +308,10 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong
addr,
/* Short cut if no rules */
if (0 == pmp_get_num_rules(env)) {
-return pmp_hart_has_privs_default(env, addr, size, privs,
- allowed_privs, mode);
+if (pmp_hart_has_privs_default(env, addr, size, privs,
+ allowed_privs, mode)) {
+ret = MAX_RISCV_PMPS;
+}
}
if (size == 0) {
@@ -333,7 +338,7 @@ bool pmp_hart_has_privs(CPURISCVState *env, target_ulong
addr,
if ((s + e) == 1) {
qemu_log_mask(LOG_GUEST_ERROR,
"pmp violation - access is partially inside\n");
-ret = 0;
+ret = -1;
[PULL v3 41/43] hw/intc: sifive_plic: Change "priority-base" to start from interrupt source 0
From: Bin Meng
At present the SiFive PLIC model "priority-base" expects interrupt
priority register base starting from source 1 instead source 0,
that's why on most platforms "priority-base" is set to 0x04 except
'opentitan' machine. 'opentitan' should have set "priority-base"
to 0x04 too.
Note the irq number calculation in sifive_plic_{read,write} is
correct as the codes make up for the irq number by adding 1.
Let's simply update "priority-base" to start from interrupt source
0 and add a comment to make it crystal clear.
Signed-off-by: Bin Meng
Reviewed-by: Alistair Francis
Reviewed-by: Wilfred Mallawa
Message-Id: <20221211030829.802437-14-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
include/hw/riscv/microchip_pfsoc.h | 2 +-
include/hw/riscv/shakti_c.h| 2 +-
include/hw/riscv/sifive_e.h| 2 +-
include/hw/riscv/sifive_u.h| 2 +-
include/hw/riscv/virt.h| 2 +-
hw/intc/sifive_plic.c | 5 +++--
6 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/include/hw/riscv/microchip_pfsoc.h
b/include/hw/riscv/microchip_pfsoc.h
index 577efad0c4..e65ffeb02d 100644
--- a/include/hw/riscv/microchip_pfsoc.h
+++ b/include/hw/riscv/microchip_pfsoc.h
@@ -155,7 +155,7 @@ enum {
#define MICROCHIP_PFSOC_PLIC_NUM_SOURCES187
#define MICROCHIP_PFSOC_PLIC_NUM_PRIORITIES 7
-#define MICROCHIP_PFSOC_PLIC_PRIORITY_BASE 0x04
+#define MICROCHIP_PFSOC_PLIC_PRIORITY_BASE 0x00
#define MICROCHIP_PFSOC_PLIC_PENDING_BASE 0x1000
#define MICROCHIP_PFSOC_PLIC_ENABLE_BASE0x2000
#define MICROCHIP_PFSOC_PLIC_ENABLE_STRIDE 0x80
diff --git a/include/hw/riscv/shakti_c.h b/include/hw/riscv/shakti_c.h
index daf0aae13f..539fe1156d 100644
--- a/include/hw/riscv/shakti_c.h
+++ b/include/hw/riscv/shakti_c.h
@@ -65,7 +65,7 @@ enum {
#define SHAKTI_C_PLIC_NUM_SOURCES 28
/* Excluding Priority 0 */
#define SHAKTI_C_PLIC_NUM_PRIORITIES 2
-#define SHAKTI_C_PLIC_PRIORITY_BASE 0x04
+#define SHAKTI_C_PLIC_PRIORITY_BASE 0x00
#define SHAKTI_C_PLIC_PENDING_BASE 0x1000
#define SHAKTI_C_PLIC_ENABLE_BASE 0x2000
#define SHAKTI_C_PLIC_ENABLE_STRIDE 0x80
diff --git a/include/hw/riscv/sifive_e.h b/include/hw/riscv/sifive_e.h
index 9e58247fd8..b824a79e2d 100644
--- a/include/hw/riscv/sifive_e.h
+++ b/include/hw/riscv/sifive_e.h
@@ -89,7 +89,7 @@ enum {
*/
#define SIFIVE_E_PLIC_NUM_SOURCES 53
#define SIFIVE_E_PLIC_NUM_PRIORITIES 7
-#define SIFIVE_E_PLIC_PRIORITY_BASE 0x04
+#define SIFIVE_E_PLIC_PRIORITY_BASE 0x00
#define SIFIVE_E_PLIC_PENDING_BASE 0x1000
#define SIFIVE_E_PLIC_ENABLE_BASE 0x2000
#define SIFIVE_E_PLIC_ENABLE_STRIDE 0x80
diff --git a/include/hw/riscv/sifive_u.h b/include/hw/riscv/sifive_u.h
index 8f63a183c4..e680d61ece 100644
--- a/include/hw/riscv/sifive_u.h
+++ b/include/hw/riscv/sifive_u.h
@@ -158,7 +158,7 @@ enum {
#define SIFIVE_U_PLIC_NUM_SOURCES 54
#define SIFIVE_U_PLIC_NUM_PRIORITIES 7
-#define SIFIVE_U_PLIC_PRIORITY_BASE 0x04
+#define SIFIVE_U_PLIC_PRIORITY_BASE 0x00
#define SIFIVE_U_PLIC_PENDING_BASE 0x1000
#define SIFIVE_U_PLIC_ENABLE_BASE 0x2000
#define SIFIVE_U_PLIC_ENABLE_STRIDE 0x80
diff --git a/include/hw/riscv/virt.h b/include/hw/riscv/virt.h
index e1ce0048af..3407c9e8dd 100644
--- a/include/hw/riscv/virt.h
+++ b/include/hw/riscv/virt.h
@@ -98,7 +98,7 @@ enum {
#define VIRT_IRQCHIP_MAX_GUESTS_BITS 3
#define VIRT_IRQCHIP_MAX_GUESTS ((1U << VIRT_IRQCHIP_MAX_GUESTS_BITS) - 1U)
-#define VIRT_PLIC_PRIORITY_BASE 0x04
+#define VIRT_PLIC_PRIORITY_BASE 0x00
#define VIRT_PLIC_PENDING_BASE 0x1000
#define VIRT_PLIC_ENABLE_BASE 0x2000
#define VIRT_PLIC_ENABLE_STRIDE 0x80
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index 1edeb1e1ed..1a792cc3f5 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -140,7 +140,7 @@ static uint64_t sifive_plic_read(void *opaque, hwaddr addr,
unsigned size)
SiFivePLICState *plic = opaque;
if (addr_between(addr, plic->priority_base, plic->num_sources << 2)) {
-uint32_t irq = ((addr - plic->priority_base) >> 2) + 1;
+uint32_t irq = (addr - plic->priority_base) >> 2;
return plic->source_priority[irq];
} else if (addr_between(addr, plic->pending_base, plic->num_sources >> 3))
{
@@ -187,7 +187,7 @@ static void sifive_plic_write(void *opaque, hwaddr addr,
uint64_t value,
SiFivePLICState *plic = opaque;
if (addr_between(addr, plic->priority_base, plic->num_sources << 2)) {
-uint32_t irq = ((addr - plic->priority_base) >> 2) + 1;
+uint32_t irq = (addr - plic->priority_base) >> 2;
if (((plic->num_priorities + 1) & plic->num_priorities) == 0) {
/*
@@ -428,6 +428,7 @@ static Property sifive_plic_properties[] = {
/* number of interrupt sources including interrupt source 0 */
DEFINE_PROP_UINT32("num-sources", SiFivePLICState, num_sources, 1),
DEFINE_PROP_UINT32("num-priorities", SiFivePLICState, num_priorities, 0),
+/* interrupt priority register base
[PULL v3 19/43] hw/misc: pfsoc: add fabric clocks to ioscb
From: Conor Dooley
On PolarFire SoC, some peripherals (eg the PCI root port) are clocked by
"Clock Conditioning Circuitry" in the FPGA. The specific clock depends
on the FPGA bitstream & can be locked to one particular {D,P}LL - in the
Icicle Kit Reference Design v2022.09 or later this is/will be the case.
Linux v6.1+ will have a driver for this peripheral and devicetrees that
previously relied on "fixed-frequency" clock nodes have been switched
over to clock-controller nodes. The IOSCB region is represented in QEMU,
but the specific region of it that the CCCs occupy has not so v6.1-rcN
kernels fail to boot in QEMU.
Add the regions as unimplemented so that the status-quo in terms of boot
is maintained.
Acked-by: Alistair Francis
Signed-off-by: Conor Dooley
Message-Id: <20221117225518.4102575-2-co...@kernel.org>
Signed-off-by: Alistair Francis
---
include/hw/misc/mchp_pfsoc_ioscb.h | 1 +
hw/misc/mchp_pfsoc_ioscb.c | 6 ++
2 files changed, 7 insertions(+)
diff --git a/include/hw/misc/mchp_pfsoc_ioscb.h
b/include/hw/misc/mchp_pfsoc_ioscb.h
index 9235523e33..687b213742 100644
--- a/include/hw/misc/mchp_pfsoc_ioscb.h
+++ b/include/hw/misc/mchp_pfsoc_ioscb.h
@@ -30,6 +30,7 @@ typedef struct MchpPfSoCIoscbState {
MemoryRegion lane23;
MemoryRegion ctrl;
MemoryRegion cfg;
+MemoryRegion ccc;
MemoryRegion pll_mss;
MemoryRegion cfm_mss;
MemoryRegion pll_ddr;
diff --git a/hw/misc/mchp_pfsoc_ioscb.c b/hw/misc/mchp_pfsoc_ioscb.c
index f4fd55a0e5..f976e42f72 100644
--- a/hw/misc/mchp_pfsoc_ioscb.c
+++ b/hw/misc/mchp_pfsoc_ioscb.c
@@ -33,6 +33,7 @@
*/
#define IOSCB_WHOLE_REG_SIZE0x1000
#define IOSCB_SUBMOD_REG_SIZE 0x1000
+#define IOSCB_CCC_REG_SIZE 0x200
/*
* There are many sub-modules in the IOSCB module.
@@ -45,6 +46,7 @@
#define IOSCB_LANE23_BASE 0x0651
#define IOSCB_CTRL_BASE 0x0702
#define IOSCB_CFG_BASE 0x0708
+#define IOSCB_CCC_BASE 0x0800
#define IOSCB_PLL_MSS_BASE 0x0E001000
#define IOSCB_CFM_MSS_BASE 0x0E002000
#define IOSCB_PLL_DDR_BASE 0x0E01
@@ -168,6 +170,10 @@ static void mchp_pfsoc_ioscb_realize(DeviceState *dev,
Error **errp)
"mchp.pfsoc.ioscb.cfg", IOSCB_SUBMOD_REG_SIZE);
memory_region_add_subregion(>container, IOSCB_CFG_BASE, >cfg);
+memory_region_init_io(>ccc, OBJECT(s), _pfsoc_dummy_ops, s,
+ "mchp.pfsoc.ioscb.ccc", IOSCB_CCC_REG_SIZE);
+memory_region_add_subregion(>container, IOSCB_CCC_BASE, >ccc);
+
memory_region_init_io(>pll_mss, OBJECT(s), _pfsoc_pll_ops, s,
"mchp.pfsoc.ioscb.pll_mss", IOSCB_SUBMOD_REG_SIZE);
memory_region_add_subregion(>container, IOSCB_PLL_MSS_BASE,
>pll_mss);
--
2.39.0
[PULL v3 12/43] target/riscv: Enable native debug itrigger
From: LIU Zhiwei
When QEMU is not in icount mode, execute instruction one by one. The
tdata1 can be read directly.
When QEMU is in icount mode, use a timer to simulate the itrigger. The
tdata1 may be not right because of lazy update of count in tdata1. Thus,
We should pack the adjusted count into tdata1 before read it back.
Signed-off-by: LIU Zhiwei
Reviewed-by: Alistair Francis
Message-Id: <20221013062946.7530-4-zhiwei_...@linux.alibaba.com>
Signed-off-by: Alistair Francis
---
target/riscv/debug.c | 72
1 file changed, 72 insertions(+)
diff --git a/target/riscv/debug.c b/target/riscv/debug.c
index 371862cf38..b3574b250f 100644
--- a/target/riscv/debug.c
+++ b/target/riscv/debug.c
@@ -624,10 +624,80 @@ void riscv_itrigger_update_priv(CPURISCVState *env)
riscv_itrigger_update_count(env);
}
+static target_ulong itrigger_validate(CPURISCVState *env,
+ target_ulong ctrl)
+{
+target_ulong val;
+
+/* validate the generic part first */
+val = tdata1_validate(env, ctrl, TRIGGER_TYPE_INST_CNT);
+
+/* validate unimplemented (always zero) bits */
+warn_always_zero_bit(ctrl, ITRIGGER_ACTION, "action");
+warn_always_zero_bit(ctrl, ITRIGGER_HIT, "hit");
+warn_always_zero_bit(ctrl, ITRIGGER_PENDING, "pending");
+
+/* keep the mode and attribute bits */
+val |= ctrl & (ITRIGGER_VU | ITRIGGER_VS | ITRIGGER_U | ITRIGGER_S |
+ ITRIGGER_M | ITRIGGER_COUNT);
+
+return val;
+}
+
+static void itrigger_reg_write(CPURISCVState *env, target_ulong index,
+ int tdata_index, target_ulong val)
+{
+target_ulong new_val;
+
+switch (tdata_index) {
+case TDATA1:
+/* set timer for icount */
+new_val = itrigger_validate(env, val);
+if (new_val != env->tdata1[index]) {
+env->tdata1[index] = new_val;
+if (icount_enabled()) {
+env->last_icount = icount_get_raw();
+/* set the count to timer */
+timer_mod(env->itrigger_timer[index],
+ env->last_icount + itrigger_get_count(env, index));
+}
+}
+break;
+case TDATA2:
+qemu_log_mask(LOG_UNIMP,
+ "tdata2 is not supported for icount trigger\n");
+break;
+case TDATA3:
+qemu_log_mask(LOG_UNIMP,
+ "tdata3 is not supported for icount trigger\n");
+break;
+default:
+g_assert_not_reached();
+}
+
+return;
+}
+
+static int itrigger_get_adjust_count(CPURISCVState *env)
+{
+int count = itrigger_get_count(env, env->trigger_cur), executed;
+if ((count != 0) && check_itrigger_priv(env, env->trigger_cur)) {
+executed = icount_get_raw() - env->last_icount;
+count += executed;
+}
+return count;
+}
+
target_ulong tdata_csr_read(CPURISCVState *env, int tdata_index)
{
+int trigger_type;
switch (tdata_index) {
case TDATA1:
+trigger_type = extract_trigger_type(env,
env->tdata1[env->trigger_cur]);
+if ((trigger_type == TRIGGER_TYPE_INST_CNT) && icount_enabled()) {
+return deposit64(env->tdata1[env->trigger_cur], 10, 14,
+ itrigger_get_adjust_count(env));
+}
return env->tdata1[env->trigger_cur];
case TDATA2:
return env->tdata2[env->trigger_cur];
@@ -656,6 +726,8 @@ void tdata_csr_write(CPURISCVState *env, int tdata_index,
target_ulong val)
type6_reg_write(env, env->trigger_cur, tdata_index, val);
break;
case TRIGGER_TYPE_INST_CNT:
+itrigger_reg_write(env, env->trigger_cur, tdata_index, val);
+break;
case TRIGGER_TYPE_INT:
case TRIGGER_TYPE_EXCP:
case TRIGGER_TYPE_EXT_SRC:
--
2.39.0
[PULL v3 29/43] hw/intc: Select MSI_NONBROKEN in RISC-V AIA interrupt controllers
From: Bin Meng hw/pci/Kconfig says MSI_NONBROKEN should be selected by interrupt controllers regardless of how MSI is implemented. msi_nonbroken is initialized to true in both riscv_aplic_realize() and riscv_imsic_realize(). Select MSI_NONBROKEN in RISCV_APLIC and RISCV_IMSIC. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20221211030829.802437-2-bm...@tinylab.org> Signed-off-by: Alistair Francis --- hw/intc/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig index 1d4573e803..21441d0a0c 100644 --- a/hw/intc/Kconfig +++ b/hw/intc/Kconfig @@ -72,9 +72,11 @@ config RISCV_ACLINT config RISCV_APLIC bool +select MSI_NONBROKEN config RISCV_IMSIC bool +select MSI_NONBROKEN config SIFIVE_PLIC bool -- 2.39.0
[PULL v3 09/43] target/riscv: generate virtual instruction exception
From: Mayuresh Chitale
This patch adds a mechanism to generate a virtual instruction
instruction exception instead of an illegal instruction exception
during instruction decode when virt is enabled.
Signed-off-by: Mayuresh Chitale
Reviewed-by: Weiwei Li
Reviewed-by: Alistair Francis
Message-Id: <20221016124726.102129-4-mchit...@ventanamicro.com>
Signed-off-by: Alistair Francis
---
target/riscv/translate.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index db123da5ec..8b0bd38bb2 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -76,6 +76,7 @@ typedef struct DisasContext {
to reset this known value. */
int frm;
RISCVMXL ol;
+bool virt_inst_excp;
bool virt_enabled;
const RISCVCPUConfig *cfg_ptr;
bool hlsx;
@@ -243,7 +244,11 @@ static void gen_exception_illegal(DisasContext *ctx)
{
tcg_gen_st_i32(tcg_constant_i32(ctx->opcode), cpu_env,
offsetof(CPURISCVState, bins));
-generate_exception(ctx, RISCV_EXCP_ILLEGAL_INST);
+if (ctx->virt_inst_excp) {
+generate_exception(ctx, RISCV_EXCP_VIRT_INSTRUCTION_FAULT);
+} else {
+generate_exception(ctx, RISCV_EXCP_ILLEGAL_INST);
+}
}
static void gen_exception_inst_addr_mis(DisasContext *ctx)
@@ -1062,6 +1067,7 @@ static void decode_opc(CPURISCVState *env, DisasContext
*ctx, uint16_t opcode)
{ has_XVentanaCondOps_p, decode_XVentanaCodeOps },
};
+ctx->virt_inst_excp = false;
/* Check for compressed insn */
if (insn_len(opcode) == 2) {
if (!has_ext(ctx, RVC)) {
--
2.39.0
[PULL v3 16/43] hw/riscv: virt: Remove the redundant ipi-id property
From: Atish Patra
The imsic DT binding[1] has changed and no longer require an ipi-id.
The latest IMSIC driver dynamically allocates ipi id if slow-ipi
is not defined.
Get rid of the unused dt property which may lead to confusion.
[1]
https://lore.kernel.org/lkml/2022044207.1478350-5-apa...@ventanamicro.com/
Signed-off-by: Atish Patra
Reviewed-by: Alistair Francis
Message-Id: <20221122080529.1692533-1-ati...@rivosinc.com>
Signed-off-by: Alistair Francis
---
include/hw/riscv/virt.h | 1 -
hw/riscv/virt.c | 4
2 files changed, 5 deletions(-)
diff --git a/include/hw/riscv/virt.h b/include/hw/riscv/virt.h
index be4ab8fe7f..62513e075c 100644
--- a/include/hw/riscv/virt.h
+++ b/include/hw/riscv/virt.h
@@ -93,7 +93,6 @@ enum {
#define VIRT_PLATFORM_BUS_NUM_IRQS 32
-#define VIRT_IRQCHIP_IPI_MSI 1
#define VIRT_IRQCHIP_NUM_MSIS 255
#define VIRT_IRQCHIP_NUM_SOURCES VIRTIO_NDEV
#define VIRT_IRQCHIP_NUM_PRIO_BITS 3
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index a5bc7353b4..6cf9355b99 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -546,8 +546,6 @@ static void create_fdt_imsic(RISCVVirtState *s, const
MemMapEntry *memmap,
riscv_socket_count(mc) * sizeof(uint32_t) * 4);
qemu_fdt_setprop_cell(mc->fdt, imsic_name, "riscv,num-ids",
VIRT_IRQCHIP_NUM_MSIS);
-qemu_fdt_setprop_cells(mc->fdt, imsic_name, "riscv,ipi-id",
-VIRT_IRQCHIP_IPI_MSI);
if (riscv_socket_count(mc) > 1) {
qemu_fdt_setprop_cell(mc->fdt, imsic_name, "riscv,hart-index-bits",
imsic_num_bits(imsic_max_hart_per_socket));
@@ -597,8 +595,6 @@ static void create_fdt_imsic(RISCVVirtState *s, const
MemMapEntry *memmap,
riscv_socket_count(mc) * sizeof(uint32_t) * 4);
qemu_fdt_setprop_cell(mc->fdt, imsic_name, "riscv,num-ids",
VIRT_IRQCHIP_NUM_MSIS);
-qemu_fdt_setprop_cells(mc->fdt, imsic_name, "riscv,ipi-id",
-VIRT_IRQCHIP_IPI_MSI);
if (imsic_guest_bits) {
qemu_fdt_setprop_cell(mc->fdt, imsic_name, "riscv,guest-index-bits",
imsic_guest_bits);
--
2.39.0
[PULL v3 42/43] hw/riscv: opentitan: Drop "hartid-base" and "priority-base" initialization
From: Bin Meng "hartid-base" and "priority-base" are zero by default. There is no need to initialize them to zero again. Signed-off-by: Bin Meng Reviewed-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20221211030829.802437-15-bm...@tinylab.org> Signed-off-by: Alistair Francis --- hw/riscv/opentitan.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c index 78f895d773..85ffdac5be 100644 --- a/hw/riscv/opentitan.c +++ b/hw/riscv/opentitan.c @@ -173,10 +173,8 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc, Error **errp) /* PLIC */ qdev_prop_set_string(DEVICE(>plic), "hart-config", "M"); -qdev_prop_set_uint32(DEVICE(>plic), "hartid-base", 0); qdev_prop_set_uint32(DEVICE(>plic), "num-sources", 180); qdev_prop_set_uint32(DEVICE(>plic), "num-priorities", 3); -qdev_prop_set_uint32(DEVICE(>plic), "priority-base", 0x00); qdev_prop_set_uint32(DEVICE(>plic), "pending-base", 0x1000); qdev_prop_set_uint32(DEVICE(>plic), "enable-base", 0x2000); qdev_prop_set_uint32(DEVICE(>plic), "enable-stride", 32); -- 2.39.0
[PULL v3 30/43] hw/riscv: Fix opentitan dependency to SIFIVE_PLIC
From: Bin Meng
Since commit ef6310064820 ("hw/riscv: opentitan: Update to the latest build")
the IBEX PLIC model was replaced with the SiFive PLIC model in the
'opentitan' machine but we forgot the add the dependency there.
Signed-off-by: Bin Meng
Reviewed-by: Wilfred Mallawa
Reviewed-by: Alistair Francis
Message-Id: <20221211030829.802437-3-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
hw/riscv/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/riscv/Kconfig b/hw/riscv/Kconfig
index 167dc4cca6..1e4b58024f 100644
--- a/hw/riscv/Kconfig
+++ b/hw/riscv/Kconfig
@@ -19,6 +19,7 @@ config MICROCHIP_PFSOC
config OPENTITAN
bool
select IBEX
+select SIFIVE_PLIC
select UNIMP
config SHAKTI_C
--
2.39.0
[PULL v3 23/43] target/riscv: Fix mret exception cause when no pmp rule is configured
From: Bin Meng
The priv spec v1.12 says:
If no PMP entry matches an M-mode access, the access succeeds. If
no PMP entry matches an S-mode or U-mode access, but at least one
PMP entry is implemented, the access fails. Failed accesses generate
an instruction, load, or store access-fault exception.
At present the exception cause is set to 'illegal instruction' but
should have been 'instruction access fault'.
Fixes: d102f19a2085 ("target/riscv/pmp: Raise exception if no PMP entry is
configured")
Signed-off-by: Bin Meng
Reviewed-by: Wilfred Mallawa
Reviewed-by: Alistair Francis
Message-Id: <20221205065303.204095-1-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
target/riscv/op_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 09f1f5185d..d7af7f056b 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -202,7 +202,7 @@ target_ulong helper_mret(CPURISCVState *env)
if (riscv_feature(env, RISCV_FEATURE_PMP) &&
!pmp_get_num_rules(env) && (prev_priv != PRV_M)) {
-riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC());
+riscv_raise_exception(env, RISCV_EXCP_INST_ACCESS_FAULT, GETPC());
}
target_ulong prev_virt = get_field(env->mstatus, MSTATUS_MPV);
--
2.39.0
[PULL v3 26/43] target/riscv: Clear mstatus.MPRV when leaving M-mode for priv spec 1.12+
From: Bin Meng
Since priv spec v1.12, MRET and SRET now clear mstatus.MPRV when
leaving M-mode.
Signed-off-by: Bin Meng
Reviewed-by: Alistair Francis
Message-Id: <20221207090037.281452-2-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
target/riscv/op_helper.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index a047d38152..878bcb03b8 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -154,6 +154,9 @@ target_ulong helper_sret(CPURISCVState *env)
get_field(mstatus, MSTATUS_SPIE));
mstatus = set_field(mstatus, MSTATUS_SPIE, 1);
mstatus = set_field(mstatus, MSTATUS_SPP, PRV_U);
+if (env->priv_ver >= PRIV_VERSION_1_12_0) {
+mstatus = set_field(mstatus, MSTATUS_MPRV, 0);
+}
env->mstatus = mstatus;
if (riscv_has_ext(env, RVH) && !riscv_cpu_virt_enabled(env)) {
@@ -203,6 +206,9 @@ target_ulong helper_mret(CPURISCVState *env)
mstatus = set_field(mstatus, MSTATUS_MPIE, 1);
mstatus = set_field(mstatus, MSTATUS_MPP, PRV_U);
mstatus = set_field(mstatus, MSTATUS_MPV, 0);
+if ((env->priv_ver >= PRIV_VERSION_1_12_0) && (prev_priv != PRV_M)) {
+mstatus = set_field(mstatus, MSTATUS_MPRV, 0);
+}
env->mstatus = mstatus;
riscv_cpu_set_mode(env, prev_priv);
--
2.39.0
[PULL v3 31/43] hw/riscv: Sort machines Kconfig options in alphabetical order
From: Bin Meng SHAKTI_C machine Kconfig option was inserted in disorder. Fix it. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Wilfred Mallawa Message-Id: <20221211030829.802437-4-bm...@tinylab.org> Signed-off-by: Alistair Francis --- hw/riscv/Kconfig | 16 +--- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/hw/riscv/Kconfig b/hw/riscv/Kconfig index 1e4b58024f..4550b3b938 100644 --- a/hw/riscv/Kconfig +++ b/hw/riscv/Kconfig @@ -4,6 +4,8 @@ config RISCV_NUMA config IBEX bool +# RISC-V machines in alphabetical order + config MICROCHIP_PFSOC bool select CADENCE_SDHCI @@ -22,13 +24,6 @@ config OPENTITAN select SIFIVE_PLIC select UNIMP -config SHAKTI_C -bool -select UNIMP -select SHAKTI_UART -select RISCV_ACLINT -select SIFIVE_PLIC - config RISCV_VIRT bool imply PCI_DEVICES @@ -50,6 +45,13 @@ config RISCV_VIRT select FW_CFG_DMA select PLATFORM_BUS +config SHAKTI_C +bool +select RISCV_ACLINT +select SHAKTI_UART +select SIFIVE_PLIC +select UNIMP + config SIFIVE_E bool select RISCV_ACLINT -- 2.39.0
[PULL v3 10/43] target/riscv: Add itrigger support when icount is not enabled
From: LIU Zhiwei
When icount is not enabled, there is no API in QEMU that can get the
guest instruction number.
Translate the guest code in a way that each TB only has one instruction.
After executing the instruction, decrease the count by 1 until it reaches 0
where the itrigger fires.
Note that only when priviledge matches the itrigger configuration,
the count will decrease.
Signed-off-by: LIU Zhiwei
Reviewed-by: Alistair Francis
Message-Id: <20221013062946.7530-2-zhiwei_...@linux.alibaba.com>
Signed-off-by: Alistair Francis
---
target/riscv/cpu.h| 2 +
target/riscv/debug.h | 12
target/riscv/helper.h | 2 +
target/riscv/cpu_helper.c | 6 ++
target/riscv/debug.c | 71 +++
target/riscv/translate.c | 33 -
.../riscv/insn_trans/trans_privileged.c.inc | 4 +-
target/riscv/insn_trans/trans_rvi.c.inc | 8 +--
target/riscv/insn_trans/trans_rvv.c.inc | 4 +-
9 files changed, 131 insertions(+), 11 deletions(-)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 5cac0c5eec..c32e484c0b 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -625,6 +625,8 @@ FIELD(TB_FLAGS, PM_MASK_ENABLED, 22, 1)
FIELD(TB_FLAGS, PM_BASE_ENABLED, 23, 1)
FIELD(TB_FLAGS, VTA, 24, 1)
FIELD(TB_FLAGS, VMA, 25, 1)
+/* Native debug itrigger */
+FIELD(TB_FLAGS, ITRIGGER, 26, 1)
#ifdef TARGET_RISCV32
#define riscv_cpu_mxl(env) ((void)(env), MXL_RV32)
diff --git a/target/riscv/debug.h b/target/riscv/debug.h
index a1226b4d29..cc3358e69b 100644
--- a/target/riscv/debug.h
+++ b/target/riscv/debug.h
@@ -118,6 +118,17 @@ enum {
SIZE_NUM = 16
};
+/* itrigger filed masks */
+#define ITRIGGER_ACTION 0x3f
+#define ITRIGGER_UBIT(6)
+#define ITRIGGER_SBIT(7)
+#define ITRIGGER_PENDING BIT(8)
+#define ITRIGGER_MBIT(9)
+#define ITRIGGER_COUNT(0x3fff << 10)
+#define ITRIGGER_HIT BIT(24)
+#define ITRIGGER_VU BIT(25)
+#define ITRIGGER_VS BIT(26)
+
bool tdata_available(CPURISCVState *env, int tdata_index);
target_ulong tselect_csr_read(CPURISCVState *env);
@@ -134,4 +145,5 @@ bool riscv_cpu_debug_check_watchpoint(CPUState *cs,
CPUWatchpoint *wp);
void riscv_trigger_init(CPURISCVState *env);
+bool riscv_itrigger_enabled(CPURISCVState *env);
#endif /* RISCV_DEBUG_H */
diff --git a/target/riscv/helper.h b/target/riscv/helper.h
index a03014fe67..227c7122ef 100644
--- a/target/riscv/helper.h
+++ b/target/riscv/helper.h
@@ -109,6 +109,8 @@ DEF_HELPER_1(sret, tl, env)
DEF_HELPER_1(mret, tl, env)
DEF_HELPER_1(wfi, void, env)
DEF_HELPER_1(tlb_flush, void, env)
+/* Native Debug */
+DEF_HELPER_1(itrigger_match, void, env)
#endif
/* Hypervisor functions */
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 5d66246c2c..9d1d1bf9f1 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -27,7 +27,9 @@
#include "tcg/tcg-op.h"
#include "trace.h"
#include "semihosting/common-semi.h"
+#include "sysemu/cpu-timers.h"
#include "cpu_bits.h"
+#include "debug.h"
int riscv_cpu_mmu_index(CPURISCVState *env, bool ifetch)
{
@@ -103,6 +105,10 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong
*pc,
flags = FIELD_DP32(flags, TB_FLAGS, MSTATUS_HS_VS,
get_field(env->mstatus_hs, MSTATUS_VS));
}
+if (riscv_feature(env, RISCV_FEATURE_DEBUG) && !icount_enabled()) {
+flags = FIELD_DP32(flags, TB_FLAGS, ITRIGGER,
+ riscv_itrigger_enabled(env));
+}
#endif
flags = FIELD_DP32(flags, TB_FLAGS, XL, env->xl);
diff --git a/target/riscv/debug.c b/target/riscv/debug.c
index e44848d0d7..036161649f 100644
--- a/target/riscv/debug.c
+++ b/target/riscv/debug.c
@@ -29,6 +29,7 @@
#include "cpu.h"
#include "trace.h"
#include "exec/exec-all.h"
+#include "exec/helper-proto.h"
/*
* The following M-mode trigger CSRs are implemented:
@@ -496,6 +497,76 @@ static void type6_reg_write(CPURISCVState *env,
target_ulong index,
return;
}
+/* icount trigger type */
+static inline int
+itrigger_get_count(CPURISCVState *env, int index)
+{
+return get_field(env->tdata1[index], ITRIGGER_COUNT);
+}
+
+static inline void
+itrigger_set_count(CPURISCVState *env, int index, int value)
+{
+env->tdata1[index] = set_field(env->tdata1[index],
+ ITRIGGER_COUNT, value);
+}
+
+static bool check_itrigger_priv(CPURISCVState *env, int index)
+{
+target_ulong tdata1 = env->tdata1[index];
+if (riscv_cpu_virt_enabled(env)) {
+/* check VU/VS bit against current privilege level */
+return (get_field(tdata1, ITRIGGER_VS) == env->priv) ||
+ (get_field(tdata1, ITRIGGER_VU) == env->priv);
+} else {
+/* check U/S/M bit against current privilege level */
+return
[PULL v3 13/43] target/riscv: Add itrigger_enabled field to CPURISCVState
From: LIU Zhiwei
Avoid calling riscv_itrigger_enabled() when calculate the tbflags.
As the itrigger enable status can only be changed when write
tdata1, migration load or itrigger fire, update env->itrigger_enabled
at these places.
Signed-off-by: LIU Zhiwei
Reviewed-by: Alistair Francis
Message-Id: <20221013062946.7530-5-zhiwei_...@linux.alibaba.com>
Signed-off-by: Alistair Francis
---
target/riscv/cpu.h| 1 +
target/riscv/cpu_helper.c | 3 +--
target/riscv/debug.c | 3 +++
target/riscv/machine.c| 15 +++
4 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index b0b4048de9..37f9516941 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -331,6 +331,7 @@ struct CPUArchState {
struct CPUWatchpoint *cpu_watchpoint[RV_MAX_TRIGGERS];
QEMUTimer *itrigger_timer[RV_MAX_TRIGGERS];
int64_t last_icount;
+bool itrigger_enabled;
/* machine specific rdtime callback */
uint64_t (*rdtime_fn)(void *);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 6230f65f70..427d4d4386 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -106,8 +106,7 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong
*pc,
get_field(env->mstatus_hs, MSTATUS_VS));
}
if (riscv_feature(env, RISCV_FEATURE_DEBUG) && !icount_enabled()) {
-flags = FIELD_DP32(flags, TB_FLAGS, ITRIGGER,
- riscv_itrigger_enabled(env));
+flags = FIELD_DP32(flags, TB_FLAGS, ITRIGGER, env->itrigger_enabled);
}
#endif
diff --git a/target/riscv/debug.c b/target/riscv/debug.c
index b3574b250f..bf4840a6a3 100644
--- a/target/riscv/debug.c
+++ b/target/riscv/debug.c
@@ -563,6 +563,7 @@ void helper_itrigger_match(CPURISCVState *env)
}
itrigger_set_count(env, i, count--);
if (!count) {
+env->itrigger_enabled = riscv_itrigger_enabled(env);
do_trigger_action(env, i);
}
}
@@ -660,6 +661,8 @@ static void itrigger_reg_write(CPURISCVState *env,
target_ulong index,
/* set the count to timer */
timer_mod(env->itrigger_timer[index],
env->last_icount + itrigger_get_count(env, index));
+} else {
+env->itrigger_enabled = riscv_itrigger_enabled(env);
}
}
break;
diff --git a/target/riscv/machine.c b/target/riscv/machine.c
index e687f9fce0..65a8549ec2 100644
--- a/target/riscv/machine.c
+++ b/target/riscv/machine.c
@@ -21,6 +21,8 @@
#include "qemu/error-report.h"
#include "sysemu/kvm.h"
#include "migration/cpu.h"
+#include "sysemu/cpu-timers.h"
+#include "debug.h"
static bool pmp_needed(void *opaque)
{
@@ -229,11 +231,24 @@ static bool debug_needed(void *opaque)
return riscv_feature(env, RISCV_FEATURE_DEBUG);
}
+static int debug_post_load(void *opaque, int version_id)
+{
+RISCVCPU *cpu = opaque;
+CPURISCVState *env = >env;
+
+if (icount_enabled()) {
+env->itrigger_enabled = riscv_itrigger_enabled(env);
+}
+
+return 0;
+}
+
static const VMStateDescription vmstate_debug = {
.name = "cpu/debug",
.version_id = 2,
.minimum_version_id = 2,
.needed = debug_needed,
+.post_load = debug_post_load,
.fields = (VMStateField[]) {
VMSTATE_UINTTL(env.trigger_cur, RISCVCPU),
VMSTATE_UINTTL_ARRAY(env.tdata1, RISCVCPU, RV_MAX_TRIGGERS),
--
2.39.0
[PULL v3 05/43] hw/riscv/opentitan: bump opentitan
From: Wilfred Mallawa
This patch updates the OpenTitan model to match
the specified register layout as per [1]. Which is also the latest
commit of OpenTitan supported by TockOS.
Note: Pinmux and Padctrl has been merged into Pinmux [2][3], this patch removes
any references to Padctrl. Note: OpenTitan doc [2] has not yet specified
much detail regarding this, except for a note that states `TODO: this
section needs to be updated to reflect the pinmux/padctrl merger`
[1]
https://github.com/lowRISC/opentitan/blob/d072ac505f82152678d6e04be95c72b728a347b8/hw/top_earlgrey/sw/autogen/top_earlgrey_memory.h
[2] https://docs.opentitan.org/hw/top_earlgrey/doc/design/
[3] https://docs.opentitan.org/hw/ip/pinmux/doc/#overview
Signed-off-by: Wilfred Mallawa
Reviewed-by: Alistair Francis
Reviewed-by: Bin Meng
Message-Id: <20221025043335.339815-2-wilfred.mall...@opensource.wdc.com>
Signed-off-by: Alistair Francis
---
include/hw/riscv/opentitan.h | 9 -
hw/riscv/opentitan.c | 21 +
2 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/include/hw/riscv/opentitan.h b/include/hw/riscv/opentitan.h
index 6665cd5794..1fc055cdff 100644
--- a/include/hw/riscv/opentitan.h
+++ b/include/hw/riscv/opentitan.h
@@ -81,7 +81,6 @@ enum {
IBEX_DEV_RSTMGR,
IBEX_DEV_CLKMGR,
IBEX_DEV_PINMUX,
-IBEX_DEV_PADCTRL,
IBEX_DEV_USBDEV,
IBEX_DEV_FLASH_CTRL,
IBEX_DEV_PLIC,
@@ -109,10 +108,10 @@ enum {
IBEX_UART0_RX_TIMEOUT_IRQ = 7,
IBEX_UART0_RX_PARITY_ERR_IRQ = 8,
IBEX_TIMER_TIMEREXPIRED0_0= 127,
-IBEX_SPI_HOST0_ERR_IRQ= 151,
-IBEX_SPI_HOST0_SPI_EVENT_IRQ = 152,
-IBEX_SPI_HOST1_ERR_IRQ= 153,
-IBEX_SPI_HOST1_SPI_EVENT_IRQ = 154,
+IBEX_SPI_HOST0_ERR_IRQ= 134,
+IBEX_SPI_HOST0_SPI_EVENT_IRQ = 135,
+IBEX_SPI_HOST1_ERR_IRQ= 136,
+IBEX_SPI_HOST1_SPI_EVENT_IRQ = 137,
};
#endif
diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index be7ff1eea0..92493c629d 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -28,8 +28,16 @@
#include "qemu/units.h"
#include "sysemu/sysemu.h"
+/*
+ * This version of the OpenTitan machine currently supports
+ * OpenTitan RTL version:
+ *
+ *
+ * MMIO mapping as per (specified commit):
+ * lowRISC/opentitan: hw/top_earlgrey/sw/autogen/top_earlgrey_memory.h
+ */
static const MemMapEntry ibex_memmap[] = {
-[IBEX_DEV_ROM] ={ 0x8000, 0x8000 },
+[IBEX_DEV_ROM] ={ 0x8000, 0x8000 },
[IBEX_DEV_RAM] ={ 0x1000, 0x2 },
[IBEX_DEV_FLASH] = { 0x2000, 0x10 },
[IBEX_DEV_UART] = { 0x4000, 0x1000 },
@@ -38,17 +46,17 @@ static const MemMapEntry ibex_memmap[] = {
[IBEX_DEV_I2C] ={ 0x4008, 0x1000 },
[IBEX_DEV_PATTGEN] ={ 0x400e, 0x1000 },
[IBEX_DEV_TIMER] = { 0x4010, 0x1000 },
-[IBEX_DEV_SENSOR_CTRL] ={ 0x4011, 0x1000 },
[IBEX_DEV_OTP_CTRL] = { 0x4013, 0x4000 },
[IBEX_DEV_LC_CTRL] ={ 0x4014, 0x1000 },
-[IBEX_DEV_USBDEV] = { 0x4015, 0x1000 },
+[IBEX_DEV_ALERT_HANDLER] = { 0x4015, 0x1000 },
[IBEX_DEV_SPI_HOST0] = { 0x4030, 0x1000 },
[IBEX_DEV_SPI_HOST1] = { 0x4031, 0x1000 },
+[IBEX_DEV_USBDEV] = { 0x4032, 0x1000 },
[IBEX_DEV_PWRMGR] = { 0x4040, 0x1000 },
[IBEX_DEV_RSTMGR] = { 0x4041, 0x1000 },
[IBEX_DEV_CLKMGR] = { 0x4042, 0x1000 },
[IBEX_DEV_PINMUX] = { 0x4046, 0x1000 },
-[IBEX_DEV_PADCTRL] ={ 0x4047, 0x1000 },
+[IBEX_DEV_SENSOR_CTRL] ={ 0x4049, 0x1000 },
[IBEX_DEV_FLASH_CTRL] = { 0x4100, 0x1000 },
[IBEX_DEV_AES] ={ 0x4110, 0x1000 },
[IBEX_DEV_HMAC] = { 0x4111, 0x1000 },
@@ -59,10 +67,9 @@ static const MemMapEntry ibex_memmap[] = {
[IBEX_DEV_ENTROPY] ={ 0x4116, 0x1000 },
[IBEX_DEV_EDNO] = { 0x4117, 0x1000 },
[IBEX_DEV_EDN1] = { 0x4118, 0x1000 },
-[IBEX_DEV_ALERT_HANDLER] = { 0x411b, 0x1000 },
[IBEX_DEV_NMI_GEN] ={ 0x411c, 0x1000 },
[IBEX_DEV_PERI] = { 0x411f, 0x1 },
-[IBEX_DEV_PLIC] = { 0x4800, 0x4005000 },
+[IBEX_DEV_PLIC] = { 0x4800, 0x4005000 },
[IBEX_DEV_FLASH_VIRTUAL] = { 0x8000, 0x8 },
};
@@ -265,8 +272,6 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc,
Error **errp)
memmap[IBEX_DEV_CLKMGR].base, memmap[IBEX_DEV_CLKMGR].size);
create_unimplemented_device("riscv.lowrisc.ibex.pinmux",
memmap[IBEX_DEV_PINMUX].base, memmap[IBEX_DEV_PINMUX].size);
-create_unimplemented_device("riscv.lowrisc.ibex.padctrl",
-
[PULL v3 08/43] target/riscv: smstateen check for h/s/envcfg
From: Mayuresh Chitale
Accesses to henvcfg, henvcfgh and senvcfg are allowed only if the corresponding
bit in mstateen0/hstateen0 is enabled. Otherwise an illegal instruction trap is
generated.
Signed-off-by: Mayuresh Chitale
Reviewed-by: Weiwei Li
Reviewed-by: Alistair Francis
Message-Id: <20221016124726.102129-3-mchit...@ventanamicro.com>
Signed-off-by: Alistair Francis
---
target/riscv/csr.c | 87 ++
1 file changed, 80 insertions(+), 7 deletions(-)
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index c861424e85..71236f2b5d 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -41,6 +41,42 @@ void riscv_set_csr_ops(int csrno, riscv_csr_operations *ops)
}
/* Predicates */
+#if !defined(CONFIG_USER_ONLY)
+static RISCVException smstateen_acc_ok(CPURISCVState *env, int index,
+ uint64_t bit)
+{
+bool virt = riscv_cpu_virt_enabled(env);
+CPUState *cs = env_cpu(env);
+RISCVCPU *cpu = RISCV_CPU(cs);
+
+if (env->priv == PRV_M || !cpu->cfg.ext_smstateen) {
+return RISCV_EXCP_NONE;
+}
+
+if (!(env->mstateen[index] & bit)) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+
+if (virt) {
+if (!(env->hstateen[index] & bit)) {
+return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
+}
+
+if (env->priv == PRV_U && !(env->sstateen[index] & bit)) {
+return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
+}
+}
+
+if (env->priv == PRV_U && riscv_has_ext(env, RVS)) {
+if (!(env->sstateen[index] & bit)) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+}
+
+return RISCV_EXCP_NONE;
+}
+#endif
+
static RISCVException fs(CPURISCVState *env, int csrno)
{
#if !defined(CONFIG_USER_ONLY)
@@ -1874,6 +1910,13 @@ static RISCVException write_menvcfgh(CPURISCVState *env,
int csrno,
static RISCVException read_senvcfg(CPURISCVState *env, int csrno,
target_ulong *val)
{
+RISCVException ret;
+
+ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG);
+if (ret != RISCV_EXCP_NONE) {
+return ret;
+}
+
*val = env->senvcfg;
return RISCV_EXCP_NONE;
}
@@ -1882,15 +1925,27 @@ static RISCVException write_senvcfg(CPURISCVState *env,
int csrno,
target_ulong val)
{
uint64_t mask = SENVCFG_FIOM | SENVCFG_CBIE | SENVCFG_CBCFE | SENVCFG_CBZE;
+RISCVException ret;
-env->senvcfg = (env->senvcfg & ~mask) | (val & mask);
+ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG);
+if (ret != RISCV_EXCP_NONE) {
+return ret;
+}
+env->senvcfg = (env->senvcfg & ~mask) | (val & mask);
return RISCV_EXCP_NONE;
}
static RISCVException read_henvcfg(CPURISCVState *env, int csrno,
target_ulong *val)
{
+RISCVException ret;
+
+ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG);
+if (ret != RISCV_EXCP_NONE) {
+return ret;
+}
+
*val = env->henvcfg;
return RISCV_EXCP_NONE;
}
@@ -1899,6 +1954,12 @@ static RISCVException write_henvcfg(CPURISCVState *env,
int csrno,
target_ulong val)
{
uint64_t mask = HENVCFG_FIOM | HENVCFG_CBIE | HENVCFG_CBCFE | HENVCFG_CBZE;
+RISCVException ret;
+
+ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG);
+if (ret != RISCV_EXCP_NONE) {
+return ret;
+}
if (riscv_cpu_mxl(env) == MXL_RV64) {
mask |= HENVCFG_PBMTE | HENVCFG_STCE;
@@ -1912,6 +1973,13 @@ static RISCVException write_henvcfg(CPURISCVState *env,
int csrno,
static RISCVException read_henvcfgh(CPURISCVState *env, int csrno,
target_ulong *val)
{
+RISCVException ret;
+
+ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG);
+if (ret != RISCV_EXCP_NONE) {
+return ret;
+}
+
*val = env->henvcfg >> 32;
return RISCV_EXCP_NONE;
}
@@ -1921,9 +1989,14 @@ static RISCVException write_henvcfgh(CPURISCVState *env,
int csrno,
{
uint64_t mask = HENVCFG_PBMTE | HENVCFG_STCE;
uint64_t valh = (uint64_t)val << 32;
+RISCVException ret;
-env->henvcfg = (env->henvcfg & ~mask) | (valh & mask);
+ret = smstateen_acc_ok(env, 0, SMSTATEEN0_HSENVCFG);
+if (ret != RISCV_EXCP_NONE) {
+return ret;
+}
+env->henvcfg = (env->henvcfg & ~mask) | (valh & mask);
return RISCV_EXCP_NONE;
}
@@ -1949,7 +2022,7 @@ static RISCVException write_mstateen(CPURISCVState *env,
int csrno,
static RISCVException write_mstateen0(CPURISCVState *env, int csrno,
target_ulong new_val)
{
-uint64_t wr_mask = SMSTATEEN_STATEEN;
+uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG;
return write_mstateen(env, csrno, wr_mask, new_val);
}
@@ -1984,7 +2057,7 @@ static RISCVException write_mstateenh(CPURISCVState *env,
int csrno,
static RISCVException
[PULL v3 11/43] target/riscv: Add itrigger support when icount is enabled
From: LIU Zhiwei
The max count in itrigger can be 0x3FFF, which will cause a no trivial
translation and execution overload.
When icount is enabled, QEMU provides API that can fetch guest
instruction number. Thus, we can set an timer for itrigger with
the count as deadline.
Only when timer expires or priviledge mode changes, do lazy update
to count.
Signed-off-by: LIU Zhiwei
Reviewed-by: Alistair Francis
Message-Id: <20221013062946.7530-3-zhiwei_...@linux.alibaba.com>
Signed-off-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/debug.h | 1 +
target/riscv/cpu_helper.c | 3 ++
target/riscv/debug.c | 59 +++
4 files changed, 65 insertions(+)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index c32e484c0b..b0b4048de9 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -329,6 +329,8 @@ struct CPUArchState {
target_ulong tdata3[RV_MAX_TRIGGERS];
struct CPUBreakpoint *cpu_breakpoint[RV_MAX_TRIGGERS];
struct CPUWatchpoint *cpu_watchpoint[RV_MAX_TRIGGERS];
+QEMUTimer *itrigger_timer[RV_MAX_TRIGGERS];
+int64_t last_icount;
/* machine specific rdtime callback */
uint64_t (*rdtime_fn)(void *);
diff --git a/target/riscv/debug.h b/target/riscv/debug.h
index cc3358e69b..c471748d5a 100644
--- a/target/riscv/debug.h
+++ b/target/riscv/debug.h
@@ -146,4 +146,5 @@ bool riscv_cpu_debug_check_watchpoint(CPUState *cs,
CPUWatchpoint *wp);
void riscv_trigger_init(CPURISCVState *env);
bool riscv_itrigger_enabled(CPURISCVState *env);
+void riscv_itrigger_update_priv(CPURISCVState *env);
#endif /* RISCV_DEBUG_H */
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 9d1d1bf9f1..6230f65f70 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -676,6 +676,9 @@ void riscv_cpu_set_mode(CPURISCVState *env, target_ulong
newpriv)
if (newpriv == PRV_H) {
newpriv = PRV_U;
}
+if (icount_enabled() && newpriv != env->priv) {
+riscv_itrigger_update_priv(env);
+}
/* tlb_flush is unnecessary as mode is contained in mmu_idx */
env->priv = newpriv;
env->xl = cpu_recompute_xl(env);
diff --git a/target/riscv/debug.c b/target/riscv/debug.c
index 036161649f..371862cf38 100644
--- a/target/riscv/debug.c
+++ b/target/riscv/debug.c
@@ -30,6 +30,7 @@
#include "trace.h"
#include "exec/exec-all.h"
#include "exec/helper-proto.h"
+#include "sysemu/cpu-timers.h"
/*
* The following M-mode trigger CSRs are implemented:
@@ -567,6 +568,62 @@ void helper_itrigger_match(CPURISCVState *env)
}
}
+static void riscv_itrigger_update_count(CPURISCVState *env)
+{
+int count, executed;
+/*
+ * Record last icount, so that we can evaluate the executed instructions
+ * since last priviledge mode change or timer expire.
+ */
+int64_t last_icount = env->last_icount, current_icount;
+current_icount = env->last_icount = icount_get_raw();
+
+for (int i = 0; i < RV_MAX_TRIGGERS; i++) {
+if (get_trigger_type(env, i) != TRIGGER_TYPE_INST_CNT) {
+continue;
+}
+count = itrigger_get_count(env, i);
+if (!count) {
+continue;
+}
+/*
+ * Only when priviledge is changed or itrigger timer expires,
+ * the count field in itrigger tdata1 register is updated.
+ * And the count field in itrigger only contains remaining value.
+ */
+if (check_itrigger_priv(env, i)) {
+/*
+ * If itrigger enabled in this priviledge mode, the number of
+ * executed instructions since last priviledge change
+ * should be reduced from current itrigger count.
+ */
+executed = current_icount - last_icount;
+itrigger_set_count(env, i, count - executed);
+if (count == executed) {
+do_trigger_action(env, i);
+}
+} else {
+/*
+ * If itrigger is not enabled in this priviledge mode,
+ * the number of executed instructions will be discard and
+ * the count field in itrigger will not change.
+ */
+timer_mod(env->itrigger_timer[i],
+ current_icount + count);
+}
+}
+}
+
+static void riscv_itrigger_timer_cb(void *opaque)
+{
+riscv_itrigger_update_count((CPURISCVState *)opaque);
+}
+
+void riscv_itrigger_update_priv(CPURISCVState *env)
+{
+riscv_itrigger_update_count(env);
+}
+
target_ulong tdata_csr_read(CPURISCVState *env, int tdata_index)
{
switch (tdata_index) {
@@ -796,5 +853,7 @@ void riscv_trigger_init(CPURISCVState *env)
env->tdata3[i] = 0;
env->cpu_breakpoint[i] = NULL;
env->cpu_watchpoint[i] = NULL;
+env->itrigger_timer[i] = timer_new_ns(QEMU_CLOCK_VIRTUAL,
+ riscv_itrigger_timer_cb, env);
}
}
--
2.39.0
[PULL v3 02/43] tcg/riscv: Fix range matched by TCG_CT_CONST_M12
From: Richard Henderson
We were matching a signed 13-bit range, not a 12-bit range.
Expand the commentary within the function and be explicit
about all of the ranges.
Reported-by: LIU Zhiwei
Signed-off-by: Richard Henderson
Reviewed-by: LIU Zhiwei
Reviewed-by: Alistair Francis
Message-Id: <20221022095821.2441874-1-richard.hender...@linaro.org>
Signed-off-by: Alistair Francis
---
tcg/riscv/tcg-target.c.inc | 19 ---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index 81a83e45b1..191197853f 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -154,13 +154,26 @@ static bool tcg_target_const_match(int64_t val, TCGType
type, int ct)
if ((ct & TCG_CT_CONST_ZERO) && val == 0) {
return 1;
}
-if ((ct & TCG_CT_CONST_S12) && val == sextreg(val, 0, 12)) {
+/*
+ * Sign extended from 12 bits: [-0x800, 0x7ff].
+ * Used for most arithmetic, as this is the isa field.
+ */
+if ((ct & TCG_CT_CONST_S12) && val >= -0x800 && val <= 0x7ff) {
return 1;
}
-if ((ct & TCG_CT_CONST_N12) && -val == sextreg(-val, 0, 12)) {
+/*
+ * Sign extended from 12 bits, negated: [-0x7ff, 0x800].
+ * Used for subtraction, where a constant must be handled by ADDI.
+ */
+if ((ct & TCG_CT_CONST_N12) && val >= -0x7ff && val <= 0x800) {
return 1;
}
-if ((ct & TCG_CT_CONST_M12) && val >= -0xfff && val <= 0xfff) {
+/*
+ * Sign extended from 12 bits, +/- matching: [-0x7ff, 0x7ff].
+ * Used by addsub2, which may need the negative operation,
+ * and requires the modified constant to be representable.
+ */
+if ((ct & TCG_CT_CONST_M12) && val >= -0x7ff && val <= 0x7ff) {
return 1;
}
return 0;
--
2.39.0
[PULL v3 33/43] hw/intc: sifive_plic: Drop PLICMode_H
From: Bin Meng
H-mode has been removed since priv spec 1.10. Drop it.
Signed-off-by: Bin Meng
Reviewed-by: Wilfred Mallawa
Reviewed-by: Alistair Francis
Message-Id: <20221211030829.802437-6-bm...@tinylab.org>
Signed-off-by: Alistair Francis
---
include/hw/intc/sifive_plic.h | 1 -
hw/intc/sifive_plic.c | 1 -
2 files changed, 2 deletions(-)
diff --git a/include/hw/intc/sifive_plic.h b/include/hw/intc/sifive_plic.h
index 134cf39a96..d3f45ec248 100644
--- a/include/hw/intc/sifive_plic.h
+++ b/include/hw/intc/sifive_plic.h
@@ -33,7 +33,6 @@ DECLARE_INSTANCE_CHECKER(SiFivePLICState, SIFIVE_PLIC,
typedef enum PLICMode {
PLICMode_U,
PLICMode_S,
-PLICMode_H,
PLICMode_M
} PLICMode;
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index 0c7696520d..936dcf74bc 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -42,7 +42,6 @@ static PLICMode char_to_mode(char c)
switch (c) {
case 'U': return PLICMode_U;
case 'S': return PLICMode_S;
-case 'H': return PLICMode_H;
case 'M': return PLICMode_M;
default:
error_report("plic: invalid mode '%c'", c);
--
2.39.0
[PULL v3 14/43] hw/intc: sifive_plic: Renumber the S irqs for numa support
From: Frédéric Pétrot
Commit 40244040a7a changed the way the S irqs are numbered. This breaks when
using numa configuration, e.g.:
./qemu-system-riscv64 -nographic -machine virt,dumpdtb=numa-tree.dtb \
-m 2G -smp cpus=16 \
-object memory-backend-ram,id=mem0,size=512M \
-object memory-backend-ram,id=mem1,size=512M \
-object memory-backend-ram,id=mem2,size=512M \
-object memory-backend-ram,id=mem3,size=512M \
-numa node,cpus=0-3,memdev=mem0,nodeid=0 \
-numa node,cpus=4-7,memdev=mem1,nodeid=1 \
-numa node,cpus=8-11,memdev=mem2,nodeid=2 \
-numa node,cpus=12-15,memdev=mem3,nodeid=3
leads to:
Unexpected error in object_property_find_err() at ../qom/object.c:1304:
qemu-system-riscv64: Property 'riscv.sifive.plic.unnamed-gpio-out[8]' not
found
This patch makes the nubering of the S irqs identical to what it was before.
Reviewed-by: Alistair Francis
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Frédéric Pétrot
Message-Id: <20221114135122.1668703-1-frederic.pet...@univ-grenoble-alpes.fr>
Signed-off-by: Alistair Francis
---
hw/intc/sifive_plic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index c2dfacf028..b4949bef97 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -476,11 +476,11 @@ DeviceState *sifive_plic_create(hwaddr addr, char
*hart_config,
CPUState *cpu = qemu_get_cpu(cpu_num);
if (plic->addr_config[i].mode == PLICMode_M) {
-qdev_connect_gpio_out(dev, num_harts - plic->hartid_base + cpu_num,
+qdev_connect_gpio_out(dev, cpu_num - hartid_base + num_harts,
qdev_get_gpio_in(DEVICE(cpu), IRQ_M_EXT));
}
if (plic->addr_config[i].mode == PLICMode_S) {
-qdev_connect_gpio_out(dev, cpu_num,
+qdev_connect_gpio_out(dev, cpu_num - hartid_base,
qdev_get_gpio_in(DEVICE(cpu), IRQ_S_EXT));
}
}
--
2.39.0
[PULL v3 03/43] tcg/riscv: Fix reg overlap case in tcg_out_addsub2
From: Richard Henderson
There was a typo using opc_addi instead of opc_add with the
two registers. While we're at it, simplify the gating test
to al == bl to improve dynamic scheduling even when the
output register does not overlap the inputs.
Reported-by: LIU Zhiwei
Signed-off-by: Richard Henderson
Reviewed-by: Alistair Francis
Message-Id: <20221020233836.2341671-1-richard.hender...@linaro.org>
Signed-off-by: Alistair Francis
---
tcg/riscv/tcg-target.c.inc | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index 191197853f..2a84c57bec 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -700,9 +700,15 @@ static void tcg_out_addsub2(TCGContext *s,
if (cbl) {
tcg_out_opc_imm(s, opc_addi, rl, al, bl);
tcg_out_opc_imm(s, OPC_SLTIU, TCG_REG_TMP0, rl, bl);
-} else if (rl == al && rl == bl) {
+} else if (al == bl) {
+/*
+ * If the input regs overlap, this is a simple doubling
+ * and carry-out is the input msb. This special case is
+ * required when the output reg overlaps the input,
+ * but we might as well use it always.
+ */
tcg_out_opc_imm(s, OPC_SLTI, TCG_REG_TMP0, al, 0);
-tcg_out_opc_reg(s, opc_addi, rl, al, bl);
+tcg_out_opc_reg(s, opc_add, rl, al, al);
} else {
tcg_out_opc_reg(s, opc_add, rl, al, bl);
tcg_out_opc_reg(s, OPC_SLTU, TCG_REG_TMP0,
--
2.39.0
[PULL v3 07/43] target/riscv: Add smstateen support
From: Mayuresh Chitale
Smstateen extension specifies a mechanism to close
the potential covert channels that could cause security issues.
This patch adds the CSRs defined in the specification and
the corresponding predicates and read/write functions.
Signed-off-by: Mayuresh Chitale
Reviewed-by: Weiwei Li
Reviewed-by: Alistair Francis
Message-Id: <20221016124726.102129-2-mchit...@ventanamicro.com>
Signed-off-by: Alistair Francis
---
target/riscv/cpu.h | 4 +
target/riscv/cpu_bits.h | 37 +
target/riscv/csr.c | 316
target/riscv/machine.c | 21 +++
4 files changed, 378 insertions(+)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 443d15a47c..5cac0c5eec 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -366,6 +366,9 @@ struct CPUArchState {
/* CSRs for execution enviornment configuration */
uint64_t menvcfg;
+uint64_t mstateen[SMSTATEEN_MAX_COUNT];
+uint64_t hstateen[SMSTATEEN_MAX_COUNT];
+uint64_t sstateen[SMSTATEEN_MAX_COUNT];
target_ulong senvcfg;
uint64_t henvcfg;
#endif
@@ -441,6 +444,7 @@ struct RISCVCPUConfig {
bool ext_ifencei;
bool ext_icsr;
bool ext_zihintpause;
+bool ext_smstateen;
bool ext_sstc;
bool ext_svinval;
bool ext_svnapot;
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index d8f5f0abed..8b0d7e20ea 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -197,6 +197,12 @@
/* Supervisor Configuration CSRs */
#define CSR_SENVCFG 0x10A
+/* Supervisor state CSRs */
+#define CSR_SSTATEEN0 0x10C
+#define CSR_SSTATEEN1 0x10D
+#define CSR_SSTATEEN2 0x10E
+#define CSR_SSTATEEN3 0x10F
+
/* Supervisor Trap Handling */
#define CSR_SSCRATCH0x140
#define CSR_SEPC0x141
@@ -244,6 +250,16 @@
#define CSR_HENVCFG 0x60A
#define CSR_HENVCFGH0x61A
+/* Hypervisor state CSRs */
+#define CSR_HSTATEEN0 0x60C
+#define CSR_HSTATEEN0H 0x61C
+#define CSR_HSTATEEN1 0x60D
+#define CSR_HSTATEEN1H 0x61D
+#define CSR_HSTATEEN2 0x60E
+#define CSR_HSTATEEN2H 0x61E
+#define CSR_HSTATEEN3 0x60F
+#define CSR_HSTATEEN3H 0x61F
+
/* Virtual CSRs */
#define CSR_VSSTATUS0x200
#define CSR_VSIE0x204
@@ -289,6 +305,27 @@
#define CSR_MENVCFG 0x30A
#define CSR_MENVCFGH0x31A
+/* Machine state CSRs */
+#define CSR_MSTATEEN0 0x30C
+#define CSR_MSTATEEN0H 0x31C
+#define CSR_MSTATEEN1 0x30D
+#define CSR_MSTATEEN1H 0x31D
+#define CSR_MSTATEEN2 0x30E
+#define CSR_MSTATEEN2H 0x31E
+#define CSR_MSTATEEN3 0x30F
+#define CSR_MSTATEEN3H 0x31F
+
+/* Common defines for all smstateen */
+#define SMSTATEEN_MAX_COUNT 4
+#define SMSTATEEN0_CS (1ULL << 0)
+#define SMSTATEEN0_FCSR (1ULL << 1)
+#define SMSTATEEN0_HSCONTXT (1ULL << 57)
+#define SMSTATEEN0_IMSIC(1ULL << 58)
+#define SMSTATEEN0_AIA (1ULL << 59)
+#define SMSTATEEN0_SVSLCT (1ULL << 60)
+#define SMSTATEEN0_HSENVCFG (1ULL << 62)
+#define SMSTATEEN_STATEEN (1ULL << 63)
+
/* Enhanced Physical Memory Protection (ePMP) */
#define CSR_MSECCFG 0x747
#define CSR_MSECCFGH0x757
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 5c9a7ee287..c861424e85 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -283,6 +283,72 @@ static RISCVException umode32(CPURISCVState *env, int
csrno)
return umode(env, csrno);
}
+static RISCVException mstateen(CPURISCVState *env, int csrno)
+{
+CPUState *cs = env_cpu(env);
+RISCVCPU *cpu = RISCV_CPU(cs);
+
+if (!cpu->cfg.ext_smstateen) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+
+return any(env, csrno);
+}
+
+static RISCVException hstateen_pred(CPURISCVState *env, int csrno, int base)
+{
+CPUState *cs = env_cpu(env);
+RISCVCPU *cpu = RISCV_CPU(cs);
+
+if (!cpu->cfg.ext_smstateen) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+
+if (env->priv < PRV_M) {
+if (!(env->mstateen[csrno - base] & SMSTATEEN_STATEEN)) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+}
+
+return hmode(env, csrno);
+}
+
+static RISCVException hstateen(CPURISCVState *env, int csrno)
+{
+return hstateen_pred(env, csrno, CSR_HSTATEEN0);
+}
+
+static RISCVException hstateenh(CPURISCVState *env, int csrno)
+{
+return hstateen_pred(env, csrno, CSR_HSTATEEN0H);
+}
+
+static RISCVException sstateen(CPURISCVState *env, int csrno)
+{
+bool virt = riscv_cpu_virt_enabled(env);
+int index = csrno - CSR_SSTATEEN0;
+CPUState *cs = env_cpu(env);
+RISCVCPU *cpu = RISCV_CPU(cs);
+
+if (!cpu->cfg.ext_smstateen) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+
+if (env->priv < PRV_M) {
+if (!(env->mstateen[index] & SMSTATEEN_STATEEN)) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+
+if (virt) {
+if (!(env->hstateen[index] &
[PULL v3 06/43] hw/riscv/opentitan: add aon_timer base unimpl
From: Wilfred Mallawa
Adds the updated `aon_timer` base as an unimplemented device. This is
used by TockOS, patch ensures the guest doesn't hit load faults.
Signed-off-by: Wilfred Mallawa
Reviewed-by: Bin Meng
Reviewed-by: Alistair Francis
Message-Id: <20221025043335.339815-3-wilfred.mall...@opensource.wdc.com>
Signed-off-by: Alistair Francis
---
include/hw/riscv/opentitan.h | 1 +
hw/riscv/opentitan.c | 3 +++
2 files changed, 4 insertions(+)
diff --git a/include/hw/riscv/opentitan.h b/include/hw/riscv/opentitan.h
index 1fc055cdff..7659d1bc5b 100644
--- a/include/hw/riscv/opentitan.h
+++ b/include/hw/riscv/opentitan.h
@@ -81,6 +81,7 @@ enum {
IBEX_DEV_RSTMGR,
IBEX_DEV_CLKMGR,
IBEX_DEV_PINMUX,
+IBEX_DEV_AON_TIMER,
IBEX_DEV_USBDEV,
IBEX_DEV_FLASH_CTRL,
IBEX_DEV_PLIC,
diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index 92493c629d..78f895d773 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -56,6 +56,7 @@ static const MemMapEntry ibex_memmap[] = {
[IBEX_DEV_RSTMGR] = { 0x4041, 0x1000 },
[IBEX_DEV_CLKMGR] = { 0x4042, 0x1000 },
[IBEX_DEV_PINMUX] = { 0x4046, 0x1000 },
+[IBEX_DEV_AON_TIMER] = { 0x4047, 0x1000 },
[IBEX_DEV_SENSOR_CTRL] ={ 0x4049, 0x1000 },
[IBEX_DEV_FLASH_CTRL] = { 0x4100, 0x1000 },
[IBEX_DEV_AES] ={ 0x4110, 0x1000 },
@@ -272,6 +273,8 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc,
Error **errp)
memmap[IBEX_DEV_CLKMGR].base, memmap[IBEX_DEV_CLKMGR].size);
create_unimplemented_device("riscv.lowrisc.ibex.pinmux",
memmap[IBEX_DEV_PINMUX].base, memmap[IBEX_DEV_PINMUX].size);
+create_unimplemented_device("riscv.lowrisc.ibex.aon_timer",
+memmap[IBEX_DEV_AON_TIMER].base, memmap[IBEX_DEV_AON_TIMER].size);
create_unimplemented_device("riscv.lowrisc.ibex.usbdev",
memmap[IBEX_DEV_USBDEV].base, memmap[IBEX_DEV_USBDEV].size);
create_unimplemented_device("riscv.lowrisc.ibex.flash_ctrl",
--
2.39.0
[PULL v3 00/43] riscv-to-apply queue
From: Alistair Francis
The following changes since commit d1852caab131ea898134fdcea8c14bc2ee75fbe9:
Merge tag 'python-pull-request' of https://gitlab.com/jsnow/qemu into staging
(2023-01-05 16:59:22 +)
are available in the Git repository at:
https://github.com/alistair23/qemu.git tags/pull-riscv-to-apply-20230106
for you to fetch changes up to bc92f261519d5c77c70cf2ebcf0a3b9a414d82d0:
hw/intc: sifive_plic: Fix the pending register range check (2023-01-06
10:42:55 +1000)
First RISC-V PR for QEMU 8.0
* Fix PMP propagation for tlb
* Collection of bug fixes
* Bump the OpenTitan supported version
* Add smstateen support
* Support native debug icount trigger
* Remove the redundant ipi-id property in the virt machine
* Support cache-related PMU events in virtual mode
* Add some missing PolarFire SoC io regions
* Fix mret exception cause when no pmp rule is configured
* Fix bug where disabling compressed instructions would crash QEMU
* Add Zawrs ISA extension support
* A range of code refactoring and cleanups
Anup Patel (1):
target/riscv: Typo fix in sstc() predicate
Atish Patra (1):
hw/riscv: virt: Remove the redundant ipi-id property
Bin Meng (20):
target/riscv: Add some comments for sstatus CSR in riscv_cpu_dump_state()
target/riscv: Fix mret exception cause when no pmp rule is configured
target/riscv: Simplify helper_sret() a little bit
target/riscv: Clear mstatus.MPRV when leaving M-mode for priv spec 1.12+
hw/riscv: Select MSI_NONBROKEN in SIFIVE_PLIC
hw/intc: Select MSI_NONBROKEN in RISC-V AIA interrupt controllers
hw/riscv: Fix opentitan dependency to SIFIVE_PLIC
hw/riscv: Sort machines Kconfig options in alphabetical order
hw/riscv: spike: Remove misleading comments
hw/intc: sifive_plic: Drop PLICMode_H
hw/intc: sifive_plic: Improve robustness of the PLIC config parser
hw/intc: sifive_plic: Use error_setg() to propagate the error up via errp
in sifive_plic_realize()
hw/intc: sifive_plic: Update "num-sources" property default value
hw/riscv: microchip_pfsoc: Fix the number of interrupt sources of PLIC
hw/riscv: sifive_e: Fix the number of interrupt sources of PLIC
hw/riscv: sifive_u: Avoid using magic number for "riscv, ndev"
hw/riscv: virt: Fix the value of "riscv, ndev" in the dtb
hw/intc: sifive_plic: Change "priority-base" to start from interrupt
source 0
hw/riscv: opentitan: Drop "hartid-base" and "priority-base" initialization
hw/intc: sifive_plic: Fix the pending register range check
Christoph Muellner (1):
RISC-V: Add Zawrs ISA extension support
Conor Dooley (3):
hw/misc: pfsoc: add fabric clocks to ioscb
hw/riscv: pfsoc: add missing FICs as unimplemented
hw/{misc, riscv}: pfsoc: add system controller as unimplemented
Frédéric Pétrot (1):
hw/intc: sifive_plic: Renumber the S irqs for numa support
Jim Shu (2):
target/riscv: support cache-related PMU events in virtual mode
hw/intc: sifive_plic: fix out-of-bound access of source_priority array
LIU Zhiwei (5):
target/riscv: Fix PMP propagation for tlb
target/riscv: Add itrigger support when icount is not enabled
target/riscv: Add itrigger support when icount is enabled
target/riscv: Enable native debug itrigger
target/riscv: Add itrigger_enabled field to CPURISCVState
Mayuresh Chitale (3):
target/riscv: Add smstateen support
target/riscv: smstateen check for h/s/envcfg
target/riscv: generate virtual instruction exception
Richard Henderson (4):
tcg/riscv: Fix range matched by TCG_CT_CONST_M12
tcg/riscv: Fix reg overlap case in tcg_out_addsub2
tcg/riscv: Fix base register for user-only qemu_ld/st
target/riscv: Set pc_succ_insn for !rvc illegal insn
Wilfred Mallawa (2):
hw/riscv/opentitan: bump opentitan
hw/riscv/opentitan: add aon_timer base unimpl
include/hw/intc/sifive_plic.h | 1 -
include/hw/misc/mchp_pfsoc_ioscb.h | 4 +
include/hw/misc/mchp_pfsoc_sysreg.h| 1 +
include/hw/riscv/microchip_pfsoc.h | 7 +-
include/hw/riscv/opentitan.h | 10 +-
include/hw/riscv/shakti_c.h| 2 +-
include/hw/riscv/sifive_e.h| 9 +-
include/hw/riscv/sifive_u.h| 2 +-
include/hw/riscv/virt.h| 8 +-
target/riscv/cpu.h | 10 +
target/riscv/cpu_bits.h| 37 +++
target/riscv/debug.h | 13 +
target/riscv/helper.h | 2 +
target/riscv/pmp.h | 6 +-
target/riscv/insn32.decode | 4 +
hw/intc/sifive_plic.c | 66
Re: [RFC PATCH 21/40] target/arm: Remove aarch64 check from aarch64_host_object_init
On 1/5/23 14:08, Philippe Mathieu-Daudé wrote:
On 3/1/23 19:16, Richard Henderson wrote:
Since kvm32 was removed
Maybe add here:
(see commit 82bf7ae84c: "target/arm: Remove KVM support for 32-bit
Arm hosts")
, all kvm hosts support aarch64.
Signed-off-by: Richard Henderson
---
target/arm/cpu64.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 28b5a07244..668e979a24 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -1095,10 +1095,8 @@ static void aarch64_host_object_init(Object *obj)
#if defined(CONFIG_KVM)
ARMCPU *cpu = ARM_CPU(obj);
kvm_arm_set_cpu_features_from_host(cpu);
- if (arm_feature(>env, ARM_FEATURE_AARCH64)) {
Worth asserting this feature is enabled? I don't think so, so:
Reviewed-by: Philippe Mathieu-Daudé
Indeed not. In the next patch we hoist this feature setting out of kvm+hvf to common code
just above here.
r~
- aarch64_add_sve_properties(obj);
- aarch64_add_pauth_properties(obj);
- }
+ aarch64_add_sve_properties(obj);
+ aarch64_add_pauth_properties(obj);
#elif defined(CONFIG_HVF)
ARMCPU *cpu = ARM_CPU(obj);
hvf_arm_set_cpu_features_from_host(cpu);
Re: [RFC PATCH 11/40] target/arm: Copy features from ARMCPUClass
On 1/5/23 14:04, Philippe Mathieu-Daudé wrote:
On 3/1/23 19:16, Richard Henderson wrote:
Create a features member in ARMCPUClass and copy to the instance in
arm_cpu_init. Settings of this value will come in a future patch.
Signed-off-by: Richard Henderson
---
target/arm/cpu-qom.h | 18 ++
target/arm/cpu.c | 1 +
2 files changed, 19 insertions(+)
diff --git a/target/arm/cpu-qom.h b/target/arm/cpu-qom.h
index 5509ef9d85..ac58cc3a87 100644
--- a/target/arm/cpu-qom.h
+++ b/target/arm/cpu-qom.h
@@ -74,8 +74,26 @@ struct ARMCPUClass {
/* 'compatible' string for this CPU for Linux device trees */
const char *dtb_compatible;
+
+ /* Internal CPU feature flags. */
+ uint64_t features;
};
+static inline int arm_class_feature(ARMCPUClass *acc, int feature)
+{
+ return (acc->features & (1ULL << feature)) != 0;
+}
+
+static inline void set_class_feature(ARMCPUClass *acc, int feature)
+{
+ acc->features |= 1ULL << feature;
+}
+
+static inline void unset_class_feature(ARMCPUClass *acc, int feature)
+{
+ acc->features &= ~(1ULL << feature);
+}
These helpers are not used until patch #19 "target/arm: Move most cpu
initialization to the class".
I know, but I thought it clearer to introduce them with the field.
r~
void register_cp_regs_for_features(ARMCPU *cpu);
void init_cpreg_list(ARMCPU *cpu);
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 1bc45b2b25..d64b86b6a5 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1191,6 +1191,7 @@ static void arm_cpu_initfn(Object *obj)
QLIST_INIT(>el_change_hooks);
cpu->dtb_compatible = acc->dtb_compatible;
+ cpu->env.features = acc->features;
#ifdef CONFIG_USER_ONLY
# ifdef TARGET_AARCH64
Re: Re: [PING PATCH 0/1] Fix some typos
Hi John, Could you help me relay these fixes? If I submit a pull request, I will go through company's internal review process again. Thanks a lot! Dongdong > -原始邮件-发件人:"John Snow" 发送时间:2023-01-06 07:25:43 > (星期五)收件人:"Dongdong Zhang" > 抄送:qemu-devel@nongnu.org, cr...@redhat.com, > bl...@redhat.com主题:Re: [PING PATCH 0/1] Fix some typos > > On Thu, Dec 15, 2022 at 10:22 PM Dongdong Zhang > wrote: > > > > Hi all, > > > > I would like to ping a patch > > > > https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04568.html > > https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04570.html > > > > > > > -Original Messages-From:"Dongdong Zhang" > > > Sent Time:2022-11-30 09:53:57 > > > (Wednesday)To:qemu-devel@nongnu.orgCc:js...@redhat.com, cr...@redhat.com, > > > bl...@redhat.com, "Dongdong Zhang" > > > Subject:[PATCH 0/1] Fix some typos > > > > > > This patch mainly fixes some typos in the 'python' directory. > > > > > > Dongdong Zhang (1): > > > Fix some typos > > > > > > python/qemu/machine/console_socket.py | 2 +- > > > python/qemu/machine/qtest.py | 2 +- > > > python/qemu/qmp/protocol.py | 2 +- > > > python/qemu/qmp/qmp_tui.py| 6 +++--- > > > 4 files changed, 6 insertions(+), 6 deletions(-) > > > > > > -- > > > 2.17.1 > > ACK to this patch. > > For fixes under python/qemu/qmp/, I need to relay these fixes over to > https://gitlab.com/qemu-project/python-qemu-qmp -- you can do it > yourself and send a small merge request, or I can do it for you, if > you'd like. Please let me know what you'd prefer, and then I will > stage this patch. > > (Apologies that the code is duplicated in two repositories right > now I'm working on fixing that.) > > --js
Re: [PATCH v5 2/3] hw/intc/loongarch_pch_pic: add irq number property
在 2023/1/4 上午10:05, Tianrui Zhao 写道:
With loongarch 7A1000 manual, irq number supported can be set
in PCH_PIC_INT_ID_HI register. This patch adds irq number property
for loongarch_pch_pic, so that virt machine can set different
irq number when pch_pic intc is added.
Signed-off-by: Tianrui Zhao
---
hw/intc/loongarch_pch_pic.c | 34 +
hw/loongarch/virt.c | 8 ---
include/hw/intc/loongarch_pch_pic.h | 5 ++---
3 files changed, 37 insertions(+), 10 deletions(-)
Reviewed-by: Song Gao
Thanks.
Song Gao
diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
index 3380b09807..33966e7bac 100644
--- a/hw/intc/loongarch_pch_pic.c
+++ b/hw/intc/loongarch_pch_pic.c
@@ -6,12 +6,15 @@
*/
#include "qemu/osdep.h"
+#include "qemu/bitops.h"
#include "hw/sysbus.h"
#include "hw/loongarch/virt.h"
#include "hw/irq.h"
#include "hw/intc/loongarch_pch_pic.h"
+#include "hw/qdev-properties.h"
#include "migration/vmstate.h"
#include "trace.h"
+#include "qapi/error.h"
static void pch_pic_update_irq(LoongArchPCHPIC *s, uint64_t mask, int level)
{
@@ -40,7 +43,7 @@ static void pch_pic_irq_handler(void *opaque, int irq, int
level)
LoongArchPCHPIC *s = LOONGARCH_PCH_PIC(opaque);
uint64_t mask = 1ULL << irq;
-assert(irq < PCH_PIC_IRQ_NUM);
+assert(irq < s->irq_num);
trace_loongarch_pch_pic_irq_handler(irq, level);
if (s->intedge & mask) {
@@ -78,7 +81,12 @@ static uint64_t loongarch_pch_pic_low_readw(void *opaque,
hwaddr addr,
val = PCH_PIC_INT_ID_VAL;
break;
case PCH_PIC_INT_ID_HI:
-val = PCH_PIC_INT_ID_NUM;
+/*
+ * With 7A1000 manual
+ * bit 0-15 pch irqchip version
+ * bit 16-31 irq number supported with pch irqchip
+ */
+val = deposit32(PCH_PIC_INT_ID_VER, 16, 16, s->irq_num - 1);
break;
case PCH_PIC_INT_MASK_LO:
val = (uint32_t)s->int_mask;
@@ -365,6 +373,19 @@ static void loongarch_pch_pic_reset(DeviceState *d)
s->int_polarity = 0x0;
}
+static void loongarch_pch_pic_realize(DeviceState *dev, Error **errp)
+{
+LoongArchPCHPIC *s = LOONGARCH_PCH_PIC(dev);
+
+if (!s->irq_num || s->irq_num > PCH_PIC_IRQ_NUM) {
+error_setg(errp, "Invalid 'pic_irq_num'");
+return;
+}
+
+qdev_init_gpio_out(dev, s->parent_irq, s->irq_num);
+qdev_init_gpio_in(dev, pch_pic_irq_handler, s->irq_num);
+}
+
static void loongarch_pch_pic_init(Object *obj)
{
LoongArchPCHPIC *s = LOONGARCH_PCH_PIC(obj);
@@ -382,10 +403,13 @@ static void loongarch_pch_pic_init(Object *obj)
sysbus_init_mmio(sbd, >iomem8);
sysbus_init_mmio(sbd, >iomem32_high);
-qdev_init_gpio_out(DEVICE(obj), s->parent_irq, PCH_PIC_IRQ_NUM);
-qdev_init_gpio_in(DEVICE(obj), pch_pic_irq_handler, PCH_PIC_IRQ_NUM);
}
+static Property loongarch_pch_pic_properties[] = {
+DEFINE_PROP_UINT32("pch_pic_irq_num", LoongArchPCHPIC, irq_num, 0),
+DEFINE_PROP_END_OF_LIST(),
+};
+
static const VMStateDescription vmstate_loongarch_pch_pic = {
.name = TYPE_LOONGARCH_PCH_PIC,
.version_id = 1,
@@ -411,8 +435,10 @@ static void loongarch_pch_pic_class_init(ObjectClass
*klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
+dc->realize = loongarch_pch_pic_realize;
dc->reset = loongarch_pch_pic_reset;
dc->vmsd = _loongarch_pch_pic;
+device_class_set_props(dc, loongarch_pch_pic_properties);
}
static const TypeInfo loongarch_pch_pic_info = {
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 1e58346aeb..a39704e1e7 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -559,6 +559,8 @@ static void loongarch_irq_init(LoongArchMachineState *lams)
}
pch_pic = qdev_new(TYPE_LOONGARCH_PCH_PIC);
+num = PCH_PIC_IRQ_NUM;
+qdev_prop_set_uint32(pch_pic, "pch_pic_irq_num", num);
d = SYS_BUS_DEVICE(pch_pic);
sysbus_realize_and_unref(d, _fatal);
memory_region_add_subregion(get_system_memory(), VIRT_IOAPIC_REG_BASE,
@@ -570,13 +572,13 @@ static void loongarch_irq_init(LoongArchMachineState
*lams)
VIRT_IOAPIC_REG_BASE + PCH_PIC_INT_STATUS_LO,
sysbus_mmio_get_region(d, 2));
-/* Connect 64 pch_pic irqs to extioi */
-for (int i = 0; i < PCH_PIC_IRQ_NUM; i++) {
+/* Connect pch_pic irqs to extioi */
+for (int i = 0; i < num; i++) {
qdev_connect_gpio_out(DEVICE(d), i, qdev_get_gpio_in(extioi, i));
}
pch_msi = qdev_new(TYPE_LOONGARCH_PCH_MSI);
-start = PCH_PIC_IRQ_NUM;
+start = num;
num = EXTIOI_IRQS - start;
qdev_prop_set_uint32(pch_msi, "msi_irq_base", start);
qdev_prop_set_uint32(pch_msi, "msi_irq_num", num);
diff --git a/include/hw/intc/loongarch_pch_pic.h
b/include/hw/intc/loongarch_pch_pic.h
index 2d4aa9ed6f..efae5fa8e9 100644
RE: ARM: ptw.c:S1_ptw_translate
> -Original Message-
> From: Richard Henderson
> Sent: Wednesday, January 4, 2023 11:42 PM
> To: Sid Manning ; qemu-devel@nongnu.org
> Cc: phi...@linaro.org; Mark Burton
> Subject: Re: ARM: ptw.c:S1_ptw_translate
>
> WARNING: This email originated from outside of Qualcomm. Please be wary
> of any links or attachments, and do not enable macros.
>
> On 1/4/23 08:55, Sid Manning wrote:
> > ptw.c:S1_ptw_translate
> >
> > After migrating to v7.2.0, an issue was found where we were not
> > getting the correct virtual address from a load insn. Reading the
> > address used in the load insn from the debugger resulted in the
> > execution of the insn getting the correct value but simply stepping over the
> insn did not.
> >
> > This is the instruction:
> >
> > ldr x0, [x1, #24]
> >
> > The debug path varies based on the regime and if regime is NOT stage
> > two out_phys is set to addr if the regime is stage 2 then out_phys is
> > set to s2.f.phys_addr. In the non-debug path out_phys is always set to
> > full-
> >phys_addr.
> >
> > I got around this by only using full->phys_addr if regime_is_stage2 was
> true:
> >
> > diff --git a/target/arm/ptw.c b/target/arm/ptw.c
> >
> > index 3745ac9723..87bc6754a6 100644
> >
> > --- a/target/arm/ptw.c
> >
> > +++ b/target/arm/ptw.c
> >
> > @@ -266,7 +266,12 @@ static bool S1_ptw_translate(CPUARMState *env,
> > S1Translate *ptw,
> >
> > if (unlikely(flags & TLB_INVALID_MASK)) {
> >
> > goto fail;
> >
> > }
> >
> > -ptw->out_phys = full->phys_addr;
> >
> > +
> >
> > +if (regime_is_stage2(s2_mmu_idx)) {
> >
> > +ptw->out_phys = full->phys_addr;
> >
> > +} else {
> >
> > +ptw->out_phys = addr;
> >
> > +}
> >
> > ptw->out_rw = full->prot & PAGE_WRITE;
> >
> > pte_attrs = full->pte_attrs;
> >
> > pte_secure = full->attrs.secure;
> >
> > This change got me the answer I wanted but I’m not familiar enough
> > with the code to know if this is correct or not.
>
> This is incorrect. If you are getting the wrong value here, then something
> has
> gone wrong elsewhere, as the s2_mmu_idx result was logged.
>
> Do you have a test case you can share?
This happens while booting QNX so I can't share it. I don't have the source
code either just the object code. A number of cores are being started and the
address happens to be what will eventually become the stack.
I'll see what I can come up with to better characterize is problem.
Thanks,
>
>
> r~
Re: [PATCH v2 2/2] hw/arm: Add Olimex H405
On Sat, Dec 31, 2022 at 1:01 AM Felipe Balbi wrote:
>
> Olimex makes a series of low-cost STM32 boards. This commit introduces
> the minimum setup to support SMT32-H405. See [1] for details
>
> [1] https://www.olimex.com/Products/ARM/ST/STM32-H405/
>
> Signed-off-by: Felipe Balbi
Reviewed-by: Alistair Francis
Alistair
> ---
>
> Changes since v1:
> - Add a note in stm32.rst
> - Initialize default_cpu_type to cortex-m4
> - 0-initialize default_ram_size
>
> MAINTAINERS | 6 +++
> configs/devices/arm-softmmu/default.mak | 1 +
> docs/system/arm/stm32.rst | 1 +
> hw/arm/Kconfig | 4 ++
> hw/arm/meson.build | 1 +
> hw/arm/olimex-stm32-h405.c | 69 +
> 6 files changed, 82 insertions(+)
> create mode 100644 hw/arm/olimex-stm32-h405.c
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 3bd433b65a55..e37846df0071 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1026,6 +1026,12 @@ L: qemu-...@nongnu.org
> S: Maintained
> F: hw/arm/netduinoplus2.c
>
> +Olimex STM32 H405
> +M: Felipe Balbi
> +L: qemu-...@nongnu.org
> +S: Maintained
> +F: hw/arm/olimex-stm32-h405.c
> +
> SmartFusion2
> M: Subbaraya Sundeep
> M: Peter Maydell
> diff --git a/configs/devices/arm-softmmu/default.mak
> b/configs/devices/arm-softmmu/default.mak
> index 6985a25377a0..1b49a7830c7e 100644
> --- a/configs/devices/arm-softmmu/default.mak
> +++ b/configs/devices/arm-softmmu/default.mak
> @@ -30,6 +30,7 @@ CONFIG_COLLIE=y
> CONFIG_ASPEED_SOC=y
> CONFIG_NETDUINO2=y
> CONFIG_NETDUINOPLUS2=y
> +CONFIG_OLIMEX_STM32_H405=y
> CONFIG_MPS2=y
> CONFIG_RASPI=y
> CONFIG_DIGIC=y
> diff --git a/docs/system/arm/stm32.rst b/docs/system/arm/stm32.rst
> index 508b92cf862b..d7265b763d47 100644
> --- a/docs/system/arm/stm32.rst
> +++ b/docs/system/arm/stm32.rst
> @@ -20,6 +20,7 @@ The STM32F4 series is based on ARM Cortex-M4F core. This
> series is pin-to-pin
> compatible with STM32F2 series. The following machines are based on this
> chip :
>
> - ``netduinoplus2`` Netduino Plus 2 board with STM32F405RGT6
> microcontroller
> +- ``olimex-stm32-h405`` Olimex STM32 H405 board with STM32F405RGT6
> microcontroller
>
> There are many other STM32 series that are currently not supported by QEMU.
>
> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
> index 17fcde8e1ccc..9143533ef792 100644
> --- a/hw/arm/Kconfig
> +++ b/hw/arm/Kconfig
> @@ -119,6 +119,10 @@ config NETDUINOPLUS2
> bool
> select STM32F405_SOC
>
> +config OLIMEX_STM32_H405
> +bool
> +select STM32F405_SOC
> +
> config NSERIES
> bool
> select OMAP
> diff --git a/hw/arm/meson.build b/hw/arm/meson.build
> index 92f9f6e000ea..76d4d650e42e 100644
> --- a/hw/arm/meson.build
> +++ b/hw/arm/meson.build
> @@ -12,6 +12,7 @@ arm_ss.add(when: 'CONFIG_MICROBIT', if_true:
> files('microbit.c'))
> arm_ss.add(when: 'CONFIG_MUSICPAL', if_true: files('musicpal.c'))
> arm_ss.add(when: 'CONFIG_NETDUINO2', if_true: files('netduino2.c'))
> arm_ss.add(when: 'CONFIG_NETDUINOPLUS2', if_true: files('netduinoplus2.c'))
> +arm_ss.add(when: 'CONFIG_OLIMEX_STM32_H405', if_true:
> files('olimex-stm32-h405.c'))
> arm_ss.add(when: 'CONFIG_NPCM7XX', if_true: files('npcm7xx.c',
> 'npcm7xx_boards.c'))
> arm_ss.add(when: 'CONFIG_NSERIES', if_true: files('nseries.c'))
> arm_ss.add(when: 'CONFIG_SX1', if_true: files('omap_sx1.c'))
> diff --git a/hw/arm/olimex-stm32-h405.c b/hw/arm/olimex-stm32-h405.c
> new file mode 100644
> index ..3aa61c91b759
> --- /dev/null
> +++ b/hw/arm/olimex-stm32-h405.c
> @@ -0,0 +1,69 @@
> +/*
> + * ST STM32VLDISCOVERY machine
> + * Olimex STM32-H405 machine
> + *
> + * Copyright (c) 2022 Felipe Balbi
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining a
> copy
> + * of this software and associated documentation files (the "Software"), to
> deal
> + * in the Software without restriction, including without limitation the
> rights
> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
> FROM,
> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
> + * THE SOFTWARE.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qapi/error.h"
>
Re: [PATCH 1/1] Fix some typos
On Tue, Nov 29, 2022 at 6:08 PM Dongdong Zhang wrote: > diff --git a/python/qemu/machine/qtest.py b/python/qemu/machine/qtest.py > index 1a1fc6c9b0..906bd13298 100644 > --- a/python/qemu/machine/qtest.py > +++ b/python/qemu/machine/qtest.py > @@ -42,7 +42,7 @@ class QEMUQtestProtocol: > :raise socket.error: on socket connection errors > > .. note:: > - No conection is estabalished by __init__(), this is done > + No connection is estabalished by __init__(), this is done There are two typos in this line, the other one is 'estabalished'. -- Thanks. -- Max
Re: [PING PATCH 0/1] Fix some typos
On Thu, Dec 15, 2022 at 10:22 PM Dongdong Zhang wrote: > > Hi all, > > I would like to ping a patch > > https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04568.html > https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04570.html > > > > -Original Messages-From:"Dongdong Zhang" > > Sent Time:2022-11-30 09:53:57 > > (Wednesday)To:qemu-devel@nongnu.orgCc:js...@redhat.com, cr...@redhat.com, > > bl...@redhat.com, "Dongdong Zhang" > > Subject:[PATCH 0/1] Fix some typos > > > > This patch mainly fixes some typos in the 'python' directory. > > > > Dongdong Zhang (1): > > Fix some typos > > > > python/qemu/machine/console_socket.py | 2 +- > > python/qemu/machine/qtest.py | 2 +- > > python/qemu/qmp/protocol.py | 2 +- > > python/qemu/qmp/qmp_tui.py| 6 +++--- > > 4 files changed, 6 insertions(+), 6 deletions(-) > > > > -- > > 2.17.1 ACK to this patch. For fixes under python/qemu/qmp/, I need to relay these fixes over to https://gitlab.com/qemu-project/python-qemu-qmp -- you can do it yourself and send a small merge request, or I can do it for you, if you'd like. Please let me know what you'd prefer, and then I will stage this patch. (Apologies that the code is duplicated in two repositories right now I'm working on fixing that.) --js
[PATCH] semihosting: add O_BINARY flag in host_open for NT compatibility
Windows open(2) implementations opens files in text mode by default and
needs a Windows-only O_BINARY flag to open files as binary. Qemu already
knows about that flag in osdep.h, so we can just add it to the
host_flags for better compatibility when running qemu on Windows.
Signed-off-by: Evgeny Iakovlev
---
semihosting/syscalls.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/semihosting/syscalls.c b/semihosting/syscalls.c
index 508a0ad88c..00f77507e5 100644
--- a/semihosting/syscalls.c
+++ b/semihosting/syscalls.c
@@ -278,6 +278,8 @@ static void host_open(CPUState *cs, gdb_syscall_complete_cb
complete,
host_flags |= O_EXCL;
}
+host_flags |= O_BINARY;
+
ret = open(p, host_flags, mode);
if (ret < 0) {
complete(cs, -1, errno);
--
2.34.1
[PATCH 1/3] target/arm: implement DBGCLAIM registers
The architecture does not define any functionality for the CLAIM tag bits.
So we will just keep the raw bits, as per spec.
Helps Hyper-V boot on aarch64-tcg because it context-switches DBGCLAIM
on EL2 entry/exit.
Signed-off-by: Evgeny Iakovlev
---
target/arm/cpu.h | 1 +
target/arm/debug_helper.c | 27 +++
2 files changed, 28 insertions(+)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 2b4bd20f9d..eddec155b0 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -494,6 +494,7 @@ typedef struct CPUArchState {
uint64_t dbgbcr[16]; /* breakpoint control registers */
uint64_t dbgwvr[16]; /* watchpoint value registers */
uint64_t dbgwcr[16]; /* watchpoint control registers */
+uint64_t dbgclaim; /* DBGCLAIM bits */
uint64_t mdscr_el1;
uint64_t oslsr_el1; /* OS Lock Status */
uint64_t osdlr_el1; /* OS DoubleLock status */
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index c21739242c..b244e146e2 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -629,6 +629,18 @@ static void osdlr_write(CPUARMState *env, const
ARMCPRegInfo *ri,
}
}
+static void dbgclaimset_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+env->cp15.dbgclaim |= (value & 0xFF);
+}
+
+static void dbgclaimclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+env->cp15.dbgclaim &= ~(value & 0xFF);
+}
+
static const ARMCPRegInfo debug_cp_reginfo[] = {
/*
* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
@@ -712,6 +724,21 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
.access = PL1_RW, .accessfn = access_tda,
.type = ARM_CP_NOP },
+/*
+ * Dummy DBGCLAIM registers.
+ * "The architecture does not define any functionality for the CLAIM tag
bits.",
+ * so we only keep the raw bits
+ */
+{ .name = "DBGCLAIMSET_EL1", .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 6,
+ .access = PL1_RW, .accessfn = access_tda,
+ .writefn = dbgclaimset_write,
+ .fieldoffset = offsetof(CPUARMState, cp15.dbgclaim) },
+{ .name = "DBGCLAIMCLR_EL1", .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 7, .crm = 9, .opc2 = 6,
+ .access = PL1_RW, .accessfn = access_tda,
+ .writefn = dbgclaimclr_write,
+ .fieldoffset = offsetof(CPUARMState, cp15.dbgclaim) },
};
static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
--
2.34.1
[PATCH 3/3] target/arm: allow writes to SCR_EL3.HXEn bit when FEAT_HCX is enabled
ARM trusted firmware, when built with FEAT_HCX support, sets SCR_EL3.HXEn bit
to allow EL2 to modify HCRX_EL2 register without trapping it in EL3. Qemu
uses a valid mask to clear unsupported SCR_EL3 bits when emulating SCR_EL3
write, and that mask doesn't include SCR_EL3.HXEn bit even if FEAT_HCX is
enabled and exposed to the guest. As a result EL3 writes of that bit are
ignored.
Signed-off-by: Evgeny Iakovlev
---
target/arm/helper.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index bac2ea62c4..962affdd52 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1844,6 +1844,9 @@ static void scr_write(CPUARMState *env, const
ARMCPRegInfo *ri, uint64_t value)
if (cpu_isar_feature(aa64_sme, cpu)) {
valid_mask |= SCR_ENTP2;
}
+if (cpu_isar_feature(aa64_hcx, cpu)) {
+valid_mask |= SCR_HXEN;
+}
} else {
valid_mask &= ~(SCR_RW | SCR_ST);
if (cpu_isar_feature(aa32_ras, cpu)) {
--
2.34.1
[PATCH 2/3] target/arm: provide RAZ/WI stubs for more DCC registers
Qemu doesn't implement Debug Communication Channel, however when running
Microsoft Hyper-V in software-emulated ARM64 as a guest, it tries to
access some of the DCM registers during an EL2 context switch.
Provide RAZ/WI stubs for OSDTRRX_EL1, OSDTRTX_EL1 and OSECCR_EL1
registers in the same way the rest of DCM is currently done. Do
account for access traps though with access_tda.
Signed-off-by: Evgeny Iakovlev
---
target/arm/debug_helper.c | 12
1 file changed, 12 insertions(+)
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index b244e146e2..2a7c3d7e38 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -673,6 +673,18 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
.opc0 = 2, .opc1 = 3, .crn = 0, .crm = 1, .opc2 = 0,
.access = PL0_R, .accessfn = access_tda,
.type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "OSDTRRX_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
+ .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 0, .opc2 = 2,
+ .access = PL1_RW, .accessfn = access_tda,
+ .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "OSDTRTX_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
+ .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2,
+ .access = PL1_RW, .accessfn = access_tda,
+ .type = ARM_CP_CONST, .resetvalue = 0 },
+{ .name = "OSECCR_EL1", .state = ARM_CP_STATE_BOTH, .cp = 14,
+ .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
+ .access = PL1_RW, .accessfn = access_tda,
+ .type = ARM_CP_CONST, .resetvalue = 0 },
/*
* DBGDSCRint[15,12,5:2] map to MDSCR_EL1[15,12,5:2]. Map all bits as
* it is unlikely a guest will care.
--
2.34.1
[PATCH 0/3] various aarch64 fixes for running Hyper-V on TCG
Small series of changes to aarch64 emulation to better support running Hyper-V as a TCG guest wtih EL3 firmware. Evgeny Iakovlev (3): target/arm: implement DBGCLAIM registers target/arm: provide RAZ/WI stubs for more DCC registers target/arm: allow writes to SCR_EL3.HXEn bit when FEAT_HCX is enabled target/arm/cpu.h | 1 + target/arm/debug_helper.c | 39 +++ target/arm/helper.c | 3 +++ 3 files changed, 43 insertions(+) -- 2.34.1
[PATCH v3 7/9] Hexagon (tests/tcg/hexagon) Update preg_alias.c
Add control registers (c4, c5) to clobbers list Made possible by new toolchain container Signed-off-by: Taylor Simpson --- tests/tcg/hexagon/preg_alias.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/tcg/hexagon/preg_alias.c b/tests/tcg/hexagon/preg_alias.c index b44a8112b4..8798fbcaf3 100644 --- a/tests/tcg/hexagon/preg_alias.c +++ b/tests/tcg/hexagon/preg_alias.c @@ -1,5 +1,5 @@ /* - * Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights Reserved. + * Copyright(c) 2019-2023 Qualcomm Innovation Center, Inc. All Rights Reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -65,7 +65,7 @@ static inline void creg_alias(int cval, PRegs *pregs) : "=r"(pregs->pregs.p0), "=r"(pregs->pregs.p1), "=r"(pregs->pregs.p2), "=r"(pregs->pregs.p3) : "r"(cval) - : "p0", "p1", "p2", "p3"); + : "c4", "p0", "p1", "p2", "p3"); } int err; @@ -92,7 +92,7 @@ static inline void creg_alias_pair(unsigned int cval, PRegs *pregs) : "=r"(pregs->pregs.p0), "=r"(pregs->pregs.p1), "=r"(pregs->pregs.p2), "=r"(pregs->pregs.p3), "=r"(c5) : "r"(cval_pair) - : "p0", "p1", "p2", "p3"); + : "c4", "c5", "p0", "p1", "p2", "p3"); check(c5, 0xdeadbeef); } @@ -117,7 +117,7 @@ static void test_packet(void) "}\n\t" : "+r"(result) : "r"(0x), "r"(0xff00), "r"(0x837ed653) - : "p0", "p1", "p2", "p3"); + : "c4", "p0", "p1", "p2", "p3"); check(result, old_val); /* Test a predicated store */ @@ -129,7 +129,7 @@ static void test_packet(void) "}\n\t" : : "r"(0), "r"(0x), "r"() - : "p0", "p1", "p2", "p3", "memory"); + : "c4", "p0", "p1", "p2", "p3", "memory"); check(result, 0x0); } -- 2.17.1
[PATCH v3 9/9] Hexagon (tests/tcg/hexagon) Enable HVX tests
Made possible by new toolchain container Signed-off-by: Taylor Simpson --- tests/tcg/hexagon/Makefile.target | 13 - 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tests/tcg/hexagon/Makefile.target b/tests/tcg/hexagon/Makefile.target index 9ee1faa1e1..adca8326bf 100644 --- a/tests/tcg/hexagon/Makefile.target +++ b/tests/tcg/hexagon/Makefile.target @@ -1,5 +1,5 @@ ## -## Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights Reserved. +## Copyright(c) 2019-2023 Qualcomm Innovation Center, Inc. All Rights Reserved. ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by @@ -43,6 +43,10 @@ HEX_TESTS += load_align HEX_TESTS += atomics HEX_TESTS += fpstuff HEX_TESTS += overflow +HEX_TESTS += vector_add_int +HEX_TESTS += scatter_gather +HEX_TESTS += hvx_misc +HEX_TESTS += hvx_histogram HEX_TESTS += test_abs HEX_TESTS += test_bitcnt @@ -76,3 +80,10 @@ TESTS += $(HEX_TESTS) usr: usr.c $(CC) $(CFLAGS) -mv67t -O2 -Wno-inline-asm -Wno-expansion-to-defined $< -o $@ $(LDFLAGS) +scatter_gather: CFLAGS += -mhvx +vector_add_int: CFLAGS += -mhvx -fvectorize +hvx_misc: CFLAGS += -mhvx +hvx_histogram: CFLAGS += -mhvx -Wno-gnu-folding-constant + +hvx_histogram: hvx_histogram.c hvx_histogram_row.S + $(CC) $(CFLAGS) $(CROSS_CC_GUEST_CFLAGS) $^ -o $@ -- 2.17.1
[PATCH v3 5/9] Hexagon (target/hexagon) Analyze packet before generating TCG
We create a new generator that creates an analyze_ function for
each instruction. Currently, these functions record the writes to
R, P, and C registers by calling ctx_log_reg_write[_pair] or
ctx_log_pred_write.
During gen_start_packet, we invoke the analyze_ function for
each instruction in the packet, and we mark the implicit register
and predicate writes.
Doing the analysis up front has several advantages
- We remove calls to ctx_log_* from gen_tcg_funcs.py and genptr.c
- After the analysis is performed, we can initialize hex_new_value
for each of the predicated assignments rather than during TCG
generation for the instructions
- This is a stepping stone for future work where the analysis will
include the set of registers that are written. In cases where
the packet doesn't have an overlap between the registers that are
written and registers that are read, we can avoid the intermediate
step of writing to hex_new_value. Note that other checks will also
be needed (e.g., no instructions can raise an exception).
Signed-off-by: Taylor Simpson
---
target/hexagon/translate.h | 46 ++--
target/hexagon/genptr.c | 5 +-
target/hexagon/idef-parser/parser-helpers.c | 7 +-
target/hexagon/translate.c | 157 +++--
target/hexagon/README | 11 +-
target/hexagon/gen_analyze_func_table.py| 52 +
target/hexagon/gen_analyze_funcs.py | 239
target/hexagon/gen_tcg_funcs.py | 23 +-
target/hexagon/meson.build | 20 +-
9 files changed, 442 insertions(+), 118 deletions(-)
create mode 100755 target/hexagon/gen_analyze_func_table.py
create mode 100755 target/hexagon/gen_analyze_funcs.py
diff --git a/target/hexagon/translate.h b/target/hexagon/translate.h
index d971f4f095..7e864b417d 100644
--- a/target/hexagon/translate.h
+++ b/target/hexagon/translate.h
@@ -1,5 +1,5 @@
/*
- * Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights
Reserved.
+ * Copyright(c) 2019-2023 Qualcomm Innovation Center, Inc. All Rights
Reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -38,6 +38,7 @@ typedef struct DisasContext {
int reg_log[REG_WRITES_MAX];
int reg_log_idx;
DECLARE_BITMAP(regs_written, TOTAL_PER_THREAD_REGS);
+DECLARE_BITMAP(predicated_regs, TOTAL_PER_THREAD_REGS);
int preg_log[PRED_WRITES_MAX];
int preg_log_idx;
DECLARE_BITMAP(pregs_written, NUM_PREGS);
@@ -62,32 +63,39 @@ typedef struct DisasContext {
bool is_tight_loop;
} DisasContext;
-static inline void ctx_log_reg_write(DisasContext *ctx, int rnum)
+static inline void ctx_log_pred_write(DisasContext *ctx, int pnum)
{
-if (test_bit(rnum, ctx->regs_written)) {
-HEX_DEBUG_LOG("WARNING: Multiple writes to r%d\n", rnum);
+if (!test_bit(pnum, ctx->pregs_written)) {
+ctx->preg_log[ctx->preg_log_idx] = pnum;
+ctx->preg_log_idx++;
+set_bit(pnum, ctx->pregs_written);
}
-ctx->reg_log[ctx->reg_log_idx] = rnum;
-ctx->reg_log_idx++;
-set_bit(rnum, ctx->regs_written);
-}
-
-static inline void ctx_log_reg_write_pair(DisasContext *ctx, int rnum)
-{
-ctx_log_reg_write(ctx, rnum);
-ctx_log_reg_write(ctx, rnum + 1);
}
-static inline void ctx_log_pred_write(DisasContext *ctx, int pnum)
+static inline void ctx_log_reg_write(DisasContext *ctx, int rnum,
+ bool is_predicated)
{
-ctx->preg_log[ctx->preg_log_idx] = pnum;
-ctx->preg_log_idx++;
-set_bit(pnum, ctx->pregs_written);
+if (rnum == HEX_REG_P3_0) {
+for (int i = 0; i < NUM_PREGS; i++) {
+ctx_log_pred_write(ctx, i);
+}
+} else {
+if (!test_bit(rnum, ctx->regs_written)) {
+ctx->reg_log[ctx->reg_log_idx] = rnum;
+ctx->reg_log_idx++;
+set_bit(rnum, ctx->regs_written);
+}
+if (is_predicated) {
+set_bit(rnum, ctx->predicated_regs);
+}
+}
}
-static inline bool is_preloaded(DisasContext *ctx, int num)
+static inline void ctx_log_reg_write_pair(DisasContext *ctx, int rnum,
+ bool is_predicated)
{
-return test_bit(num, ctx->regs_written);
+ctx_log_reg_write(ctx, rnum, is_predicated);
+ctx_log_reg_write(ctx, rnum + 1, is_predicated);
}
static inline bool is_vreg_preloaded(DisasContext *ctx, int num)
diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
index 7243bb00aa..5e5ae0cdca 100644
--- a/target/hexagon/genptr.c
+++ b/target/hexagon/genptr.c
@@ -149,6 +149,7 @@ void gen_log_pred_write(DisasContext *ctx, int pnum, TCGv
val)
hex_new_pred_value[pnum], base_val);
}
tcg_gen_ori_tl(hex_pred_written, hex_pred_written, 1 << pnum);
+set_bit(pnum, ctx->pregs_written);
[PATCH v3 6/9] Hexagon (target/hexagon) Analyze packet for HVX
Signed-off-by: Taylor Simpson
---
target/hexagon/translate.h | 14 --
target/hexagon/translate.c | 30 +
target/hexagon/gen_analyze_funcs.py | 17 +---
target/hexagon/gen_tcg_funcs.py | 18 -
4 files changed, 52 insertions(+), 27 deletions(-)
diff --git a/target/hexagon/translate.h b/target/hexagon/translate.h
index 7e864b417d..6f456517ba 100644
--- a/target/hexagon/translate.h
+++ b/target/hexagon/translate.h
@@ -54,6 +54,8 @@ typedef struct DisasContext {
DECLARE_BITMAP(vregs_updated_tmp, NUM_VREGS);
DECLARE_BITMAP(vregs_updated, NUM_VREGS);
DECLARE_BITMAP(vregs_select, NUM_VREGS);
+DECLARE_BITMAP(predicated_future_vregs, NUM_VREGS);
+DECLARE_BITMAP(predicated_tmp_vregs, NUM_VREGS);
int qreg_log[NUM_QREGS];
bool qreg_is_predicated[NUM_QREGS];
int qreg_log_idx;
@@ -98,12 +100,6 @@ static inline void ctx_log_reg_write_pair(DisasContext
*ctx, int rnum,
ctx_log_reg_write(ctx, rnum + 1, is_predicated);
}
-static inline bool is_vreg_preloaded(DisasContext *ctx, int num)
-{
-return test_bit(num, ctx->vregs_updated) ||
- test_bit(num, ctx->vregs_updated_tmp);
-}
-
intptr_t ctx_future_vreg_off(DisasContext *ctx, int regnum,
int num, bool alloc_ok);
intptr_t ctx_tmp_vreg_off(DisasContext *ctx, int regnum,
@@ -119,12 +115,18 @@ static inline void ctx_log_vreg_write(DisasContext *ctx,
ctx->vreg_log_idx++;
set_bit(rnum, ctx->vregs_updated);
+if (is_predicated) {
+set_bit(rnum, ctx->predicated_future_vregs);
+}
}
if (type == EXT_NEW) {
set_bit(rnum, ctx->vregs_select);
}
if (type == EXT_TMP) {
set_bit(rnum, ctx->vregs_updated_tmp);
+if (is_predicated) {
+set_bit(rnum, ctx->predicated_tmp_vregs);
+}
}
}
diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c
index 3e6e72d046..4a6b52fcc5 100644
--- a/target/hexagon/translate.c
+++ b/target/hexagon/translate.c
@@ -358,6 +358,8 @@ static void gen_start_packet(DisasContext *ctx)
bitmap_zero(ctx->vregs_updated_tmp, NUM_VREGS);
bitmap_zero(ctx->vregs_updated, NUM_VREGS);
bitmap_zero(ctx->vregs_select, NUM_VREGS);
+bitmap_zero(ctx->predicated_future_vregs, NUM_VREGS);
+bitmap_zero(ctx->predicated_tmp_vregs, NUM_VREGS);
ctx->qreg_log_idx = 0;
for (i = 0; i < STORES_MAX; i++) {
ctx->store_width[i] = 0;
@@ -406,6 +408,34 @@ static void gen_start_packet(DisasContext *ctx)
}
}
+/* Preload the HVX registers into future_VRegs and tmp_VRegs */
+if (!bitmap_empty(ctx->predicated_future_vregs, NUM_VREGS)) {
+int i = find_first_bit(ctx->predicated_future_vregs, NUM_VREGS);
+while (i < NUM_VREGS) {
+const intptr_t VdV_off =
+ctx_future_vreg_off(ctx, i, 1, true);
+intptr_t src_off = offsetof(CPUHexagonState, VRegs[i]);
+tcg_gen_gvec_mov(MO_64, VdV_off,
+ src_off,
+ sizeof(MMVector),
+ sizeof(MMVector));
+i = find_next_bit(ctx->predicated_future_vregs, NUM_VREGS, i + 1);
+}
+}
+if (!bitmap_empty(ctx->predicated_tmp_vregs, NUM_VREGS)) {
+int i = find_first_bit(ctx->predicated_tmp_vregs, NUM_VREGS);
+while (i < NUM_VREGS) {
+const intptr_t VdV_off =
+ctx_tmp_vreg_off(ctx, i, 1, true);
+intptr_t src_off = offsetof(CPUHexagonState, VRegs[i]);
+tcg_gen_gvec_mov(MO_64, VdV_off,
+ src_off,
+ sizeof(MMVector),
+ sizeof(MMVector));
+i = find_next_bit(ctx->predicated_tmp_vregs, NUM_VREGS, i + 1);
+}
+}
+
if (pkt->pkt_has_hvx) {
tcg_gen_movi_tl(hex_VRegs_updated, 0);
tcg_gen_movi_tl(hex_QRegs_updated, 0);
diff --git a/target/hexagon/gen_analyze_funcs.py
b/target/hexagon/gen_analyze_funcs.py
index 4358cc6ca3..42b3f228ea 100755
--- a/target/hexagon/gen_analyze_funcs.py
+++ b/target/hexagon/gen_analyze_funcs.py
@@ -83,9 +83,16 @@ def analyze_opn_old(f, tag, regtype, regid, regno):
else:
print("Bad register parse: ", regtype, regid)
elif (regtype == "V"):
+newv = "EXT_DFL"
+if (hex_common.is_new_result(tag)):
+newv = "EXT_NEW"
+elif (hex_common.is_tmp_result(tag)):
+newv = "EXT_TMP"
if (regid in {"dd", "xx"}):
-f.write("//const int %s = insn->regno[%d];\n" %\
+f.write("const int %s = insn->regno[%d];\n" %\
(regN, regno))
+f.write("ctx_log_vreg_write_pair(ctx, %s, %s, %s);\n" % \
+(regN, newv, predicated))
elif (regid in {"uu", "vv"}):
f.write("//const int %s =
[PATCH v3 8/9] Hexagon (tests/tcg/hexagon) Remove __builtin from scatter_gather
Replace __builtin_* with inline assembly The __builtin's are subject to change with different compiler releases, so might break Mark arrays as aligned when accessed as HVX vectors Clean up comments Signed-off-by: Taylor Simpson --- tests/tcg/hexagon/scatter_gather.c | 513 +++-- 1 file changed, 271 insertions(+), 242 deletions(-) diff --git a/tests/tcg/hexagon/scatter_gather.c b/tests/tcg/hexagon/scatter_gather.c index b93eb18133..bf8b5e0317 100644 --- a/tests/tcg/hexagon/scatter_gather.c +++ b/tests/tcg/hexagon/scatter_gather.c @@ -1,5 +1,5 @@ /* - * Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights Reserved. + * Copyright(c) 2019-2023 Qualcomm Innovation Center, Inc. All Rights Reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,47 +40,6 @@ typedef long HVX_VectorPair __attribute__((__vector_size__(256))) typedef long HVX_VectorPred __attribute__((__vector_size__(128))) __attribute__((aligned(128))); -#define VSCATTER_16(BASE, RGN, OFF, VALS) \ -__builtin_HEXAGON_V6_vscattermh_128B((int)BASE, RGN, OFF, VALS) -#define VSCATTER_16_MASKED(MASK, BASE, RGN, OFF, VALS) \ -__builtin_HEXAGON_V6_vscattermhq_128B(MASK, (int)BASE, RGN, OFF, VALS) -#define VSCATTER_32(BASE, RGN, OFF, VALS) \ -__builtin_HEXAGON_V6_vscattermw_128B((int)BASE, RGN, OFF, VALS) -#define VSCATTER_32_MASKED(MASK, BASE, RGN, OFF, VALS) \ -__builtin_HEXAGON_V6_vscattermwq_128B(MASK, (int)BASE, RGN, OFF, VALS) -#define VSCATTER_16_32(BASE, RGN, OFF, VALS) \ -__builtin_HEXAGON_V6_vscattermhw_128B((int)BASE, RGN, OFF, VALS) -#define VSCATTER_16_32_MASKED(MASK, BASE, RGN, OFF, VALS) \ -__builtin_HEXAGON_V6_vscattermhwq_128B(MASK, (int)BASE, RGN, OFF, VALS) -#define VSCATTER_16_ACC(BASE, RGN, OFF, VALS) \ -__builtin_HEXAGON_V6_vscattermh_add_128B((int)BASE, RGN, OFF, VALS) -#define VSCATTER_32_ACC(BASE, RGN, OFF, VALS) \ -__builtin_HEXAGON_V6_vscattermw_add_128B((int)BASE, RGN, OFF, VALS) -#define VSCATTER_16_32_ACC(BASE, RGN, OFF, VALS) \ -__builtin_HEXAGON_V6_vscattermhw_add_128B((int)BASE, RGN, OFF, VALS) - -#define VGATHER_16(DSTADDR, BASE, RGN, OFF) \ -__builtin_HEXAGON_V6_vgathermh_128B(DSTADDR, (int)BASE, RGN, OFF) -#define VGATHER_16_MASKED(DSTADDR, MASK, BASE, RGN, OFF) \ -__builtin_HEXAGON_V6_vgathermhq_128B(DSTADDR, MASK, (int)BASE, RGN, OFF) -#define VGATHER_32(DSTADDR, BASE, RGN, OFF) \ -__builtin_HEXAGON_V6_vgathermw_128B(DSTADDR, (int)BASE, RGN, OFF) -#define VGATHER_32_MASKED(DSTADDR, MASK, BASE, RGN, OFF) \ -__builtin_HEXAGON_V6_vgathermwq_128B(DSTADDR, MASK, (int)BASE, RGN, OFF) -#define VGATHER_16_32(DSTADDR, BASE, RGN, OFF) \ -__builtin_HEXAGON_V6_vgathermhw_128B(DSTADDR, (int)BASE, RGN, OFF) -#define VGATHER_16_32_MASKED(DSTADDR, MASK, BASE, RGN, OFF) \ -__builtin_HEXAGON_V6_vgathermhwq_128B(DSTADDR, MASK, (int)BASE, RGN, OFF) - -#define VSHUFF_H(V) \ -__builtin_HEXAGON_V6_vshuffh_128B(V) -#define VSPLAT_H(X) \ -__builtin_HEXAGON_V6_lvsplath_128B(X) -#define VAND_VAL(PRED, VAL) \ -__builtin_HEXAGON_V6_vandvrt_128B(PRED, VAL) -#define VDEAL_H(V) \ -__builtin_HEXAGON_V6_vdealh_128B(V) - int err; /* define the number of rows/cols in a square matrix */ @@ -108,22 +67,22 @@ unsigned short vscatter16_32_ref[SCATTER_BUFFER_SIZE]; unsigned short vgather16_32_ref[MATRIX_SIZE]; /* declare the arrays of offsets */ -unsigned short half_offsets[MATRIX_SIZE]; -unsigned int word_offsets[MATRIX_SIZE]; +unsigned short half_offsets[MATRIX_SIZE] __attribute__((aligned(128))); +unsigned int word_offsets[MATRIX_SIZE] __attribute__((aligned(128))); /* declare the arrays of values */ -unsigned short half_values[MATRIX_SIZE]; -unsigned short half_values_acc[MATRIX_SIZE]; -unsigned short half_values_masked[MATRIX_SIZE]; -unsigned int word_values[MATRIX_SIZE]; -unsigned int word_values_acc[MATRIX_SIZE]; -unsigned int word_values_masked[MATRIX_SIZE]; +unsigned short half_values[MATRIX_SIZE] __attribute__((aligned(128))); +unsigned short half_values_acc[MATRIX_SIZE] __attribute__((aligned(128))); +unsigned short half_values_masked[MATRIX_SIZE] __attribute__((aligned(128))); +unsigned int word_values[MATRIX_SIZE] __attribute__((aligned(128))); +unsigned int word_values_acc[MATRIX_SIZE] __attribute__((aligned(128))); +unsigned int word_values_masked[MATRIX_SIZE] __attribute__((aligned(128))); /* declare the arrays of predicates */ -unsigned short half_predicates[MATRIX_SIZE]; -unsigned int word_predicates[MATRIX_SIZE]; +unsigned short half_predicates[MATRIX_SIZE] __attribute__((aligned(128))); +unsigned int word_predicates[MATRIX_SIZE] __attribute__((aligned(128))); -/* make this big enough for all the intrinsics */ +/* make this big enough for all the operations */ const size_t region_len = sizeof(vtcm); /* optionally add sync
Re: [PATCH] hw/dma/rc4030: Move RC4030 declarations to its own 'rc4030.h' header
Am 5. Januar 2023 13:10:38 UTC schrieb "Philippe Mathieu-Daudé" : >RC4030 declarations are not MIPS specific, no need to >have them in all MIPS boards. > >Signed-off-by: Philippe Mathieu-Daudé >--- >Based-on: <20230105130710.49264-1-phi...@linaro.org> > "hw/pci-host/bonito: Housekeeping" >--- > hw/dma/rc4030.c | 2 +- > hw/mips/jazz.c | 1 + > include/hw/dma/rc4030.h | 21 + > include/hw/mips/mips.h | 9 - > 4 files changed, 23 insertions(+), 10 deletions(-) > create mode 100644 include/hw/dma/rc4030.h > >diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c >index aa1d323a36..6dbf6652ab 100644 >--- a/hw/dma/rc4030.c >+++ b/hw/dma/rc4030.c >@@ -25,7 +25,7 @@ > #include "qemu/osdep.h" > #include "qemu/units.h" > #include "hw/irq.h" >-#include "hw/mips/mips.h" >+#include "hw/dma/rc4030.h" > #include "hw/sysbus.h" > #include "migration/vmstate.h" > #include "qapi/error.h" >diff --git a/hw/mips/jazz.c b/hw/mips/jazz.c >index 6aefe9a61b..03882b5275 100644 >--- a/hw/mips/jazz.c >+++ b/hw/mips/jazz.c >@@ -29,6 +29,7 @@ > #include "hw/mips/cpudevs.h" > #include "hw/intc/i8259.h" > #include "hw/dma/i8257.h" >+#include "hw/dma/rc4030.h" > #include "hw/char/serial.h" > #include "hw/char/parallel.h" > #include "hw/isa/isa.h" >diff --git a/include/hw/dma/rc4030.h b/include/hw/dma/rc4030.h >new file mode 100644 >index 00..e58f94576e >--- /dev/null >+++ b/include/hw/dma/rc4030.h >@@ -0,0 +1,21 @@ >+/* >+ * QEMU JAZZ RC4030 chipset >+ * >+ * Copyright (c) 2007-2013 Hervé Poussineau >+ * >+ * SPDX-License-Identifier: MIT >+ */ >+ >+#ifndef HW_DMA_RC4030_H >+#define HW_DMA_RC4030_H >+ >+#include "exec/memory.h" >+ >+/* rc4030.c */ >+typedef struct rc4030DMAState *rc4030_dma; >+void rc4030_dma_read(void *dma, uint8_t *buf, int len); >+void rc4030_dma_write(void *dma, uint8_t *buf, int len); >+ >+DeviceState *rc4030_init(rc4030_dma **dmas, IOMMUMemoryRegion **dma_mr); >+ >+#endif >diff --git a/include/hw/mips/mips.h b/include/hw/mips/mips.h >index 4d2db99952..34dd583500 100644 >--- a/include/hw/mips/mips.h >+++ b/include/hw/mips/mips.h >@@ -7,13 +7,4 @@ > /* Kernels can be configured with 64KB pages */ > #define INITRD_PAGE_SIZE (64 * KiB) > >-#include "exec/memory.h" >- >-/* rc4030.c */ >-typedef struct rc4030DMAState *rc4030_dma; >-void rc4030_dma_read(void *dma, uint8_t *buf, int len); >-void rc4030_dma_write(void *dma, uint8_t *buf, int len); >- >-DeviceState *rc4030_init(rc4030_dma **dmas, IOMMUMemoryRegion **dma_mr); >- > #endif Reviewed-by: Bernhard Beschow
Re: [RFC PATCH 37/40] target/arm: Move "cfgend" to class property
On 3/1/23 19:16, Richard Henderson wrote: Remove the cfgend variable entirely and reuse the property accessor functions created for reset-hivecs. This removes the last setting of cpu->reset_sctlr, to we can remove that s/to/so/? as well, using only the class value. Signed-off-by: Richard Henderson --- target/arm/cpu.h| 8 target/arm/cpu.c| 26 -- target/arm/helper.c | 4 ++-- 3 files changed, 14 insertions(+), 24 deletions(-) Reviewed-by: Philippe Mathieu-Daudé
[PATCH v3 1/9] Hexagon (target/hexagon) Add overrides for jumpr31 instructions
Add overrides for
SL2_jumpr31Unconditional
SL2_jumpr31_t Predicated true (old value)
SL2_jumpr31_f Predicated false (old value)
SL2_jumpr31_tnew Predicated true (new value)
SL2_jumpr31_fnew Predicated false (new value)
Signed-off-by: Taylor Simpson
---
target/hexagon/gen_tcg.h | 15 ++-
target/hexagon/genptr.c | 10 +-
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/target/hexagon/gen_tcg.h b/target/hexagon/gen_tcg.h
index 19697b42a5..d644e59a63 100644
--- a/target/hexagon/gen_tcg.h
+++ b/target/hexagon/gen_tcg.h
@@ -1,5 +1,5 @@
/*
- * Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights
Reserved.
+ * Copyright(c) 2019-2023 Qualcomm Innovation Center, Inc. All Rights
Reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -1015,6 +1015,19 @@
#define fGEN_TCG_S2_asl_r_r_sat(SHORTCODE) \
gen_asl_r_r_sat(RdV, RsV, RtV)
+#define fGEN_TCG_SL2_jumpr31(SHORTCODE) \
+gen_jumpr(ctx, hex_gpr[HEX_REG_LR])
+
+#define fGEN_TCG_SL2_jumpr31_t(SHORTCODE) \
+gen_cond_jumpr31(ctx, TCG_COND_EQ, hex_pred[0])
+#define fGEN_TCG_SL2_jumpr31_f(SHORTCODE) \
+gen_cond_jumpr31(ctx, TCG_COND_NE, hex_pred[0])
+
+#define fGEN_TCG_SL2_jumpr31_tnew(SHORTCODE) \
+gen_cond_jumpr31(ctx, TCG_COND_EQ, hex_new_pred_value[0])
+#define fGEN_TCG_SL2_jumpr31_fnew(SHORTCODE) \
+gen_cond_jumpr31(ctx, TCG_COND_NE, hex_new_pred_value[0])
+
/* Floating point */
#define fGEN_TCG_F2_conv_sf2df(SHORTCODE) \
gen_helper_conv_sf2df(RddV, cpu_env, RsV)
diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
index 6cf2e0ed43..a8997250d3 100644
--- a/target/hexagon/genptr.c
+++ b/target/hexagon/genptr.c
@@ -1,5 +1,5 @@
/*
- * Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights
Reserved.
+ * Copyright(c) 2019-2023 Qualcomm Innovation Center, Inc. All Rights
Reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -553,6 +553,14 @@ static void gen_cond_jumpr(DisasContext *ctx, TCGv dst_pc,
gen_write_new_pc_addr(ctx, dst_pc, cond, pred);
}
+static void gen_cond_jumpr31(DisasContext *ctx, TCGCond cond, TCGv pred)
+{
+TCGv LSB = tcg_temp_new();
+tcg_gen_andi_tl(LSB, pred, 1);
+gen_cond_jumpr(ctx, hex_gpr[HEX_REG_LR], cond, LSB);
+tcg_temp_free(LSB);
+}
+
static void gen_cond_jump(DisasContext *ctx, TCGCond cond, TCGv pred,
int pc_off)
{
--
2.17.1
Re: [RFC PATCH 32/40] target/arm: Move "midr" to class property
On 3/1/23 19:16, Richard Henderson wrote: With the movement of the property, we can remove the field from the cpu entirely, using only the class. Signed-off-by: Richard Henderson --- target/arm/cpu.h | 1 - hw/arm/xilinx_zynq.c | 9 ++--- hw/intc/armv7m_nvic.c | 2 +- target/arm/cpu.c | 18 -- target/arm/helper.c | 14 -- 5 files changed, 31 insertions(+), 13 deletions(-) Lovely. Perhaps later arm_class_prop_uint64_ofs() can grow into a generic QOM TYPE macro. Reviewed-by: Philippe Mathieu-Daudé
[PATCH v3 4/9] Hexagon (target/hexagon) Add overrides for dealloc-return instructions
These instructions perform a deallocframe+return (jumpr r31)
Add overrides for
L4_return
SL2_return
L4_return_t
L4_return_f
L4_return_tnew_pt
L4_return_fnew_pt
L4_return_tnew_pnt
L4_return_fnew_pnt
SL2_return_t
SL2_return_f
SL2_return_tnew
SL2_return_fnew
This patch eliminates the last helper that uses write_new_pc, so we
remove it from op_helper.c
Signed-off-by: Taylor Simpson
---
target/hexagon/gen_tcg.h | 54
target/hexagon/genptr.c| 86 ++
target/hexagon/op_helper.c | 26 +---
3 files changed, 141 insertions(+), 25 deletions(-)
diff --git a/target/hexagon/gen_tcg.h b/target/hexagon/gen_tcg.h
index 6267f51ccc..8282ff3fc5 100644
--- a/target/hexagon/gen_tcg.h
+++ b/target/hexagon/gen_tcg.h
@@ -508,6 +508,60 @@
#define fGEN_TCG_S2_storerinew_pcr(SHORTCODE) \
fGEN_TCG_STORE_pcr(2, fSTORE(1, 4, EA, NtN))
+/*
+ * dealloc_return
+ * Assembler mapped to
+ * r31:30 = dealloc_return(r30):raw
+ */
+#define fGEN_TCG_L4_return(SHORTCODE) \
+gen_return(ctx, RddV, RsV)
+
+/*
+ * sub-instruction version (no RddV, so handle it manually)
+ */
+#define fGEN_TCG_SL2_return(SHORTCODE) \
+do { \
+TCGv_i64 RddV = tcg_temp_new_i64(); \
+gen_return(ctx, RddV, hex_gpr[HEX_REG_FP]); \
+gen_log_reg_write_pair(HEX_REG_FP, RddV); \
+tcg_temp_free_i64(RddV); \
+} while (0)
+
+/*
+ * Conditional returns follow this naming convention
+ * _t predicate true
+ * _f predicate false
+ * _tnew_pt predicate.new true predict taken
+ * _fnew_pt predicate.new false predict taken
+ * _tnew_pnt predicate.new true predict not taken
+ * _fnew_pnt predicate.new false predict not taken
+ * Predictions are not modelled in QEMU
+ *
+ * Example:
+ * if (p1) r31:30 = dealloc_return(r30):raw
+ */
+#define fGEN_TCG_L4_return_t(SHORTCODE) \
+gen_cond_return(ctx, RddV, RsV, PvV, TCG_COND_EQ);
+#define fGEN_TCG_L4_return_f(SHORTCODE) \
+gen_cond_return(ctx, RddV, RsV, PvV, TCG_COND_NE)
+#define fGEN_TCG_L4_return_tnew_pt(SHORTCODE) \
+gen_cond_return(ctx, RddV, RsV, PvN, TCG_COND_EQ)
+#define fGEN_TCG_L4_return_fnew_pt(SHORTCODE) \
+gen_cond_return(ctx, RddV, RsV, PvN, TCG_COND_NE)
+#define fGEN_TCG_L4_return_tnew_pnt(SHORTCODE) \
+gen_cond_return(ctx, RddV, RsV, PvN, TCG_COND_EQ)
+#define fGEN_TCG_L4_return_fnew_pnt(SHORTCODE) \
+gen_cond_return(ctx, RddV, RsV, PvN, TCG_COND_NE)
+
+#define fGEN_TCG_SL2_return_t(SHORTCODE) \
+gen_cond_return_subinsn(ctx, TCG_COND_EQ, hex_pred[0])
+#define fGEN_TCG_SL2_return_f(SHORTCODE) \
+gen_cond_return_subinsn(ctx, TCG_COND_NE, hex_pred[0])
+#define fGEN_TCG_SL2_return_tnew(SHORTCODE) \
+gen_cond_return_subinsn(ctx, TCG_COND_EQ, hex_new_pred_value[0])
+#define fGEN_TCG_SL2_return_fnew(SHORTCODE) \
+gen_cond_return_subinsn(ctx, TCG_COND_NE, hex_new_pred_value[0])
+
/*
* Mathematical operations with more than one definition require
* special handling
diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
index 94054b10e6..7243bb00aa 100644
--- a/target/hexagon/genptr.c
+++ b/target/hexagon/genptr.c
@@ -706,6 +706,92 @@ static void gen_cond_callr(DisasContext *ctx,
gen_set_label(skip);
}
+/* frame ^= (int64_t)FRAMEKEY << 32 */
+static void gen_frame_unscramble(TCGv_i64 frame)
+{
+TCGv_i64 framekey = tcg_temp_new_i64();
+tcg_gen_extu_i32_i64(framekey, hex_gpr[HEX_REG_FRAMEKEY]);
+tcg_gen_shli_i64(framekey, framekey, 32);
+tcg_gen_xor_i64(frame, frame, framekey);
+tcg_temp_free_i64(framekey);
+}
+
+static void gen_load_frame(DisasContext *ctx, TCGv_i64 frame, TCGv EA)
+{
+Insn *insn = ctx->insn; /* Needed for CHECK_NOSHUF */
+CHECK_NOSHUF(EA, 8);
+tcg_gen_qemu_ld64(frame, EA, ctx->mem_idx);
+}
+
+static void gen_return_base(DisasContext *ctx, TCGv_i64 dst, TCGv src,
+TCGv r29)
+{
+/*
+ * frame = *src
+ * dst = frame_unscramble(frame)
+ * SP = src + 8
+ * PC = dst.w[1]
+ */
+TCGv_i64 frame = tcg_temp_new_i64();
+TCGv r31 = tcg_temp_new();
+
+gen_load_frame(ctx, frame, src);
+gen_frame_unscramble(frame);
+tcg_gen_mov_i64(dst, frame);
+tcg_gen_addi_tl(r29, src, 8);
+tcg_gen_extrh_i64_i32(r31, dst);
+gen_jumpr(ctx, r31);
+
+tcg_temp_free_i64(frame);
+tcg_temp_free(r31);
+}
+
+static void gen_return(DisasContext *ctx, TCGv_i64 dst, TCGv src)
+{
+TCGv r29 = tcg_temp_new();
+gen_return_base(ctx, dst, src, r29);
+gen_log_reg_write(HEX_REG_SP, r29);
+tcg_temp_free(r29);
+}
+
+/* if (pred) dst = dealloc_return(src):raw */
+static void gen_cond_return(DisasContext *ctx, TCGv_i64 dst, TCGv src,
+TCGv pred, TCGCond cond)
+{
+TCGv LSB = tcg_temp_new();
+TCGv mask = tcg_temp_new();
+TCGv r29 = tcg_temp_local_new();
+TCGLabel
Re: [PATCH v5 2/2] tpm: add backend for mssim
On 1/5/23 17:02, James Bottomley wrote:
On Thu, 2023-01-05 at 11:20 -0500, Stefan Berger wrote:
On 1/5/23 08:00, James Bottomley wrote:
[...]
+The mssim backend supports snapshotting and migration, but the
state
+of the Microsoft Simulator server must be preserved (or the server
+kept running) outside of QEMU for restore to be successful.
My comments to v3 still apply here.
You didn't make any v3 comments on migration.
https://lists.gnu.org/archive/html/qemu-devel/2022-12/msg03146.html
A user should be able to recreate, with today's code, what is claimed in the
documentation regarding snapshotting for example.
Stefan
I also just tried migration and on the -incoming side it did not work
anymore. Did you test this?
Well, yes, as I said. However, I seem to have left one change in my
local tree which I forgot to sync to the patch:
diff --git a/backends/tpm/tpm_mssim.c b/backends/tpm/tpm_mssim.c
index 75dce165b8..125c8d0b15 100644
--- a/backends/tpm/tpm_mssim.c
+++ b/backends/tpm/tpm_mssim.c
@@ -66,7 +66,7 @@ static void tpm_mssim_instance_finalize(Object *obj)
{
TPMmssim *t = TPM_MSSIM(obj);
-if (t->ctrl_qc && !runstate_check(RUN_STATE_INMIGRATE))
+if (t->cmd_qc && !runstate_check(RUN_STATE_POSTMIGRATE))
tpm_send_ctrl(t, TPM_SIGNAL_POWER_OFF, NULL);
object_unref(OBJECT(t->ctrl_qc));
James
Re: [RFC PATCH 33/40] target/arm: Move "cntfrq" to class property
On 3/1/23 19:16, Richard Henderson wrote:
With the movement of the property, we can remove the field
from the cpu entirely, using only the class.
Signed-off-by: Richard Henderson
---
target/arm/cpu-qom.h| 3 +++
target/arm/cpu.h| 3 ---
hw/arm/aspeed_ast2600.c | 6 +++--
target/arm/cpu.c| 50 +++--
target/arm/helper.c | 3 ++-
5 files changed, 37 insertions(+), 28 deletions(-)
@@ -2320,6 +2318,14 @@ static bool arm_cpu_class_late_init(ObjectClass *oc,
Error **errp)
}
}
+#ifndef CONFIG_USER_ONLY
+/* TODO: Perhaps better to put this check in a property set hook. */
Reviewed-by: Philippe Mathieu-Daudé
+if (!acc->gt_cntfrq_hz) {
+error_setg(errp, "Invalid CNTFRQ: %"PRId64"Hz", acc->gt_cntfrq_hz);
+return false;
+}
+#endif /* CONFIG_USER_ONLY */
[PATCH v3 2/9] Hexagon (target/hexagon) Add overrides for callr
Add overrides for
J2_callr
J2_callrt
J2_callrf
Signed-off-by: Taylor Simpson
---
target/hexagon/gen_tcg.h | 6 ++
target/hexagon/macros.h | 12 +---
target/hexagon/genptr.c | 20
3 files changed, 27 insertions(+), 11 deletions(-)
diff --git a/target/hexagon/gen_tcg.h b/target/hexagon/gen_tcg.h
index d644e59a63..9e8f3373ad 100644
--- a/target/hexagon/gen_tcg.h
+++ b/target/hexagon/gen_tcg.h
@@ -614,11 +614,17 @@
#define fGEN_TCG_J2_call(SHORTCODE) \
gen_call(ctx, riV)
+#define fGEN_TCG_J2_callr(SHORTCODE) \
+gen_callr(ctx, RsV)
#define fGEN_TCG_J2_callt(SHORTCODE) \
gen_cond_call(ctx, PuV, TCG_COND_EQ, riV)
#define fGEN_TCG_J2_callf(SHORTCODE) \
gen_cond_call(ctx, PuV, TCG_COND_NE, riV)
+#define fGEN_TCG_J2_callrt(SHORTCODE) \
+gen_cond_callr(ctx, TCG_COND_EQ, PuV, RsV)
+#define fGEN_TCG_J2_callrf(SHORTCODE) \
+gen_cond_callr(ctx, TCG_COND_NE, PuV, RsV)
#define fGEN_TCG_J2_endloop0(SHORTCODE) \
gen_endloop0(ctx)
diff --git a/target/hexagon/macros.h b/target/hexagon/macros.h
index cd64bb8eec..8f1f82f8da 100644
--- a/target/hexagon/macros.h
+++ b/target/hexagon/macros.h
@@ -1,5 +1,5 @@
/*
- * Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights
Reserved.
+ * Copyright(c) 2019-2023 Qualcomm Innovation Center, Inc. All Rights
Reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -421,16 +421,6 @@ static inline TCGv gen_read_ireg(TCGv result, TCGv val,
int shift)
#define fBRANCH(LOC, TYPE) fWRITE_NPC(LOC)
#define fJUMPR(REGNO, TARGET, TYPE) fBRANCH(TARGET, COF_TYPE_JUMPR)
#define fHINTJR(TARGET) { /* Not modelled in qemu */}
-#define fCALL(A) \
-do { \
-fWRITE_LR(fREAD_NPC()); \
-fBRANCH(A, COF_TYPE_CALL); \
-} while (0)
-#define fCALLR(A) \
-do { \
-fWRITE_LR(fREAD_NPC()); \
-fBRANCH(A, COF_TYPE_CALLR); \
-} while (0)
#define fWRITE_LOOP_REGS0(START, COUNT) \
do { \
WRITE_RREG(HEX_REG_LC0, COUNT); \
diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
index a8997250d3..d15df1dd28 100644
--- a/target/hexagon/genptr.c
+++ b/target/hexagon/genptr.c
@@ -670,6 +670,14 @@ static void gen_call(DisasContext *ctx, int pc_off)
gen_write_new_pc_pcrel(ctx, pc_off, TCG_COND_ALWAYS, NULL);
}
+static void gen_callr(DisasContext *ctx, TCGv new_pc)
+{
+TCGv next_PC =
+tcg_constant_tl(ctx->pkt->pc + ctx->pkt->encod_pkt_size_in_bytes);
+gen_log_reg_write(HEX_REG_LR, next_PC);
+gen_write_new_pc_addr(ctx, new_pc, TCG_COND_ALWAYS, NULL);
+}
+
static void gen_cond_call(DisasContext *ctx, TCGv pred,
TCGCond cond, int pc_off)
{
@@ -686,6 +694,18 @@ static void gen_cond_call(DisasContext *ctx, TCGv pred,
gen_set_label(skip);
}
+static void gen_cond_callr(DisasContext *ctx,
+ TCGCond cond, TCGv pred, TCGv new_pc)
+{
+TCGv lsb = tcg_temp_new();
+TCGLabel *skip = gen_new_label();
+tcg_gen_andi_tl(lsb, pred, 1);
+tcg_gen_brcondi_tl(cond, lsb, 0, skip);
+tcg_temp_free(lsb);
+gen_callr(ctx, new_pc);
+gen_set_label(skip);
+}
+
static void gen_endloop0(DisasContext *ctx)
{
TCGv lpcfg = tcg_temp_local_new();
--
2.17.1
[PATCH v3 0/9] Hexagon: COF overrides, new generator, test update
The idef-parser skips the change-of-flow (COF) instructions, so add overrides Changes in v2 Add a new generator for analyze_ instructions. Pouplate the DisasContext ahead of generating code. Changes in v3 Cleanup of analysis code Added test updates enabled by new toolchain container Taylor Simpson (9): Hexagon (target/hexagon) Add overrides for jumpr31 instructions Hexagon (target/hexagon) Add overrides for callr Hexagon (target/hexagon) Add overrides for endloop1/endloop01 Hexagon (target/hexagon) Add overrides for dealloc-return instructions Hexagon (target/hexagon) Analyze packet before generating TCG Hexagon (target/hexagon) Analyze packet for HVX Hexagon (tests/tcg/hexagon) Update preg_alias.c Hexagon (tests/tcg/hexagon) Remove __builtin from scatter_gather Hexagon (tests/tcg/hexagon) Enable HVX tests target/hexagon/gen_tcg.h| 79 ++- target/hexagon/macros.h | 12 +- target/hexagon/translate.h | 60 ++- target/hexagon/genptr.c | 200 +++- target/hexagon/idef-parser/parser-helpers.c | 7 +- target/hexagon/op_helper.c | 26 +- target/hexagon/translate.c | 187 --- tests/tcg/hexagon/preg_alias.c | 10 +- tests/tcg/hexagon/scatter_gather.c | 513 +++- target/hexagon/README | 11 +- target/hexagon/gen_analyze_func_table.py| 52 ++ target/hexagon/gen_analyze_funcs.py | 250 ++ target/hexagon/gen_tcg_funcs.py | 41 +- target/hexagon/meson.build | 20 +- tests/tcg/hexagon/Makefile.target | 13 +- 15 files changed, 1053 insertions(+), 428 deletions(-) create mode 100755 target/hexagon/gen_analyze_func_table.py create mode 100755 target/hexagon/gen_analyze_funcs.py -- 2.17.1
[PATCH v3 3/9] Hexagon (target/hexagon) Add overrides for endloop1/endloop01
Signed-off-by: Taylor Simpson
---
target/hexagon/gen_tcg.h | 4 ++
target/hexagon/genptr.c | 79
2 files changed, 83 insertions(+)
diff --git a/target/hexagon/gen_tcg.h b/target/hexagon/gen_tcg.h
index 9e8f3373ad..6267f51ccc 100644
--- a/target/hexagon/gen_tcg.h
+++ b/target/hexagon/gen_tcg.h
@@ -628,6 +628,10 @@
#define fGEN_TCG_J2_endloop0(SHORTCODE) \
gen_endloop0(ctx)
+#define fGEN_TCG_J2_endloop1(SHORTCODE) \
+gen_endloop1(ctx)
+#define fGEN_TCG_J2_endloop01(SHORTCODE) \
+gen_endloop01(ctx)
/*
* Compound compare and jump instructions
diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
index d15df1dd28..94054b10e6 100644
--- a/target/hexagon/genptr.c
+++ b/target/hexagon/genptr.c
@@ -763,6 +763,85 @@ static void gen_endloop0(DisasContext *ctx)
tcg_temp_free(lpcfg);
}
+static void gen_endloop1(DisasContext *ctx)
+{
+/*
+ *if (hex_gpr[HEX_REG_LC1] > 1) {
+ *PC = hex_gpr[HEX_REG_SA1];
+ *hex_new_value[HEX_REG_LC1] = hex_gpr[HEX_REG_LC1] - 1;
+ *}
+ */
+TCGLabel *label = gen_new_label();
+tcg_gen_brcondi_tl(TCG_COND_LEU, hex_gpr[HEX_REG_LC1], 1, label);
+{
+gen_jumpr(ctx, hex_gpr[HEX_REG_SA1]);
+tcg_gen_subi_tl(hex_new_value[HEX_REG_LC1], hex_gpr[HEX_REG_LC1], 1);
+}
+gen_set_label(label);
+}
+
+static void gen_endloop01(DisasContext *ctx)
+{
+TCGv lpcfg = tcg_temp_local_new();
+
+GET_USR_FIELD(USR_LPCFG, lpcfg);
+
+/*
+ *if (lpcfg == 1) {
+ *hex_new_pred_value[3] = 0xff;
+ *hex_pred_written |= 1 << 3;
+ *}
+ */
+TCGLabel *label1 = gen_new_label();
+tcg_gen_brcondi_tl(TCG_COND_NE, lpcfg, 1, label1);
+{
+tcg_gen_movi_tl(hex_new_pred_value[3], 0xff);
+tcg_gen_ori_tl(hex_pred_written, hex_pred_written, 1 << 3);
+}
+gen_set_label(label1);
+
+/*
+ *if (lpcfg) {
+ *SET_USR_FIELD(USR_LPCFG, lpcfg - 1);
+ *}
+ */
+TCGLabel *label2 = gen_new_label();
+tcg_gen_brcondi_tl(TCG_COND_EQ, lpcfg, 0, label2);
+{
+tcg_gen_subi_tl(lpcfg, lpcfg, 1);
+SET_USR_FIELD(USR_LPCFG, lpcfg);
+}
+gen_set_label(label2);
+
+/*
+ *if (hex_gpr[HEX_REG_LC0] > 1) {
+ *PC = hex_gpr[HEX_REG_SA0];
+ *hex_new_value[HEX_REG_LC0] = hex_gpr[HEX_REG_LC0] - 1;
+ *} else {
+ *if (hex_gpr[HEX_REG_LC1] > 1) {
+ *hex_next_pc = hex_gpr[HEX_REG_SA1];
+ *hex_new_value[HEX_REG_LC1] = hex_gpr[HEX_REG_LC1] - 1;
+ *}
+ *}
+ */
+TCGLabel *label3 = gen_new_label();
+TCGLabel *done = gen_new_label();
+tcg_gen_brcondi_tl(TCG_COND_LEU, hex_gpr[HEX_REG_LC0], 1, label3);
+{
+gen_jumpr(ctx, hex_gpr[HEX_REG_SA0]);
+tcg_gen_subi_tl(hex_new_value[HEX_REG_LC0], hex_gpr[HEX_REG_LC0], 1);
+tcg_gen_br(done);
+}
+gen_set_label(label3);
+tcg_gen_brcondi_tl(TCG_COND_LEU, hex_gpr[HEX_REG_LC1], 1, done);
+{
+gen_jumpr(ctx, hex_gpr[HEX_REG_SA1]);
+tcg_gen_subi_tl(hex_new_value[HEX_REG_LC1], hex_gpr[HEX_REG_LC1], 1);
+}
+gen_set_label(done);
+tcg_temp_free(lpcfg);
+}
+
static void gen_cmp_jumpnv(DisasContext *ctx,
TCGCond cond, TCGv val, TCGv src, int pc_off)
{
--
2.17.1
Re: [PATCH v2] hw/pci-host: Use register definitions from PCI standard
Am 5. Januar 2023 17:37:02 UTC schrieb "Philippe Mathieu-Daudé"
:
>No need to document magic values when the definition names
>from "standard-headers/linux/pci_regs.h" are self-explicit.
>
>Signed-off-by: Philippe Mathieu-Daudé
>---
> hw/pci-host/grackle.c | 2 +-
> hw/pci-host/raven.c| 6 +++---
> hw/pci-host/uninorth.c | 33 +++--
> 3 files changed, 15 insertions(+), 26 deletions(-)
>
>diff --git a/hw/pci-host/grackle.c b/hw/pci-host/grackle.c
>index 95945ac0f4..2a45cc13c3 100644
>--- a/hw/pci-host/grackle.c
>+++ b/hw/pci-host/grackle.c
>@@ -91,7 +91,7 @@ static void grackle_init(Object *obj)
>
> static void grackle_pci_realize(PCIDevice *d, Error **errp)
> {
>-d->config[0x09] = 0x01;
>+d->config[PCI_CLASS_PROG] = 0x01;
> }
>
> static void grackle_pci_class_init(ObjectClass *klass, void *data)
>diff --git a/hw/pci-host/raven.c b/hw/pci-host/raven.c
>index 7a105e4a63..c47259a851 100644
>--- a/hw/pci-host/raven.c
>+++ b/hw/pci-host/raven.c
>@@ -329,9 +329,9 @@ static void raven_realize(PCIDevice *d, Error **errp)
> char *filename;
> int bios_size = -1;
>
>-d->config[0x0C] = 0x08; // cache_line_size
>-d->config[0x0D] = 0x10; // latency_timer
>-d->config[0x34] = 0x00; // capabilities_pointer
>+d->config[PCI_CACHE_LINE_SIZE] = 0x08;
>+d->config[PCI_LATENCY_TIMER] = 0x10;
>+d->config[PCI_CAPABILITY_LIST] = 0x00;
>
> memory_region_init_rom_nomigrate(>bios, OBJECT(s), "bios", BIOS_SIZE,
> _fatal);
>diff --git a/hw/pci-host/uninorth.c b/hw/pci-host/uninorth.c
>index 8396c91d59..38b38c8a00 100644
>--- a/hw/pci-host/uninorth.c
>+++ b/hw/pci-host/uninorth.c
>@@ -276,12 +276,9 @@ static void pci_unin_internal_init(Object *obj)
>
> static void unin_main_pci_host_realize(PCIDevice *d, Error **errp)
> {
>-/* cache_line_size */
>-d->config[0x0C] = 0x08;
>-/* latency_timer */
>-d->config[0x0D] = 0x10;
>-/* capabilities_pointer */
>-d->config[0x34] = 0x00;
>+d->config[PCI_CACHE_LINE_SIZE] = 0x08;
>+d->config[PCI_LATENCY_TIMER] = 0x10;
>+d->config[PCI_CAPABILITY_LIST] = 0x00;
>
> /*
> * Set kMacRISCPCIAddressSelect (0x48) register to indicate PCI
>@@ -296,30 +293,22 @@ static void unin_main_pci_host_realize(PCIDevice *d,
>Error **errp)
>
> static void unin_agp_pci_host_realize(PCIDevice *d, Error **errp)
> {
>-/* cache_line_size */
>-d->config[0x0C] = 0x08;
>-/* latency_timer */
>-d->config[0x0D] = 0x10;
>-/* capabilities_pointer
>-d->config[0x34] = 0x80; */
>+d->config[PCI_CACHE_LINE_SIZE] = 0x08;
>+d->config[PCI_LATENCY_TIMER] = 0x10;
>+/* d->config[PCI_CAPABILITY_LIST] = 0x80; */
> }
>
> static void u3_agp_pci_host_realize(PCIDevice *d, Error **errp)
> {
>-/* cache line size */
>-d->config[0x0C] = 0x08;
>-/* latency timer */
>-d->config[0x0D] = 0x10;
>+d->config[PCI_CACHE_LINE_SIZE] = 0x08;
>+d->config[PCI_LATENCY_TIMER] = 0x10;
> }
>
> static void unin_internal_pci_host_realize(PCIDevice *d, Error **errp)
> {
>-/* cache_line_size */
>-d->config[0x0C] = 0x08;
>-/* latency_timer */
>-d->config[0x0D] = 0x10;
>-/* capabilities_pointer */
>-d->config[0x34] = 0x00;
>+d->config[PCI_CACHE_LINE_SIZE] = 0x08;
>+d->config[PCI_LATENCY_TIMER] = 0x10;
>+d->config[PCI_CAPABILITY_LIST] = 0x00;
> }
>
> static void unin_main_pci_host_class_init(ObjectClass *klass, void *data)
Reviewed-by: Bernhard Beschow
Re: [RFC PATCH 28/40] target/arm: Split out xscale*_class_init
On 3/1/23 19:16, Richard Henderson wrote: Use two intermediate functions to share code between the 13 variants of pxa*_class_init. Signed-off-by: Richard Henderson --- target/arm/cpu_tcg.c | 81 +--- 1 file changed, 23 insertions(+), 58 deletions(-) Yay :) Reviewed-by: Philippe Mathieu-Daudé
Re: [RFC PATCH 27/40] target/arm: Split out strongarm_class_init
On 3/1/23 19:16, Richard Henderson wrote: Use an intermediate function to share code between sa1100_class_init and sa1110_class_init. Signed-off-by: Richard Henderson --- target/arm/cpu_tcg.c | 15 +-- 1 file changed, 9 insertions(+), 6 deletions(-) Reviewed-by: Philippe Mathieu-Daudé
Re: [PATCH] hw/dma/rc4030: Move RC4030 declarations to its own 'rc4030.h' header
Le 05/01/2023 à 14:10, Philippe Mathieu-Daudé a écrit : RC4030 declarations are not MIPS specific, no need to have them in all MIPS boards. Signed-off-by: Philippe Mathieu-Daudé --- Based-on: <20230105130710.49264-1-phi...@linaro.org> "hw/pci-host/bonito: Housekeeping" --- hw/dma/rc4030.c | 2 +- hw/mips/jazz.c | 1 + include/hw/dma/rc4030.h | 21 + include/hw/mips/mips.h | 9 - 4 files changed, 23 insertions(+), 10 deletions(-) create mode 100644 include/hw/dma/rc4030.h Acked-by: Hervé Poussineau diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c index aa1d323a36..6dbf6652ab 100644 --- a/hw/dma/rc4030.c +++ b/hw/dma/rc4030.c @@ -25,7 +25,7 @@ #include "qemu/osdep.h" #include "qemu/units.h" #include "hw/irq.h" -#include "hw/mips/mips.h" +#include "hw/dma/rc4030.h" #include "hw/sysbus.h" #include "migration/vmstate.h" #include "qapi/error.h" diff --git a/hw/mips/jazz.c b/hw/mips/jazz.c index 6aefe9a61b..03882b5275 100644 --- a/hw/mips/jazz.c +++ b/hw/mips/jazz.c @@ -29,6 +29,7 @@ #include "hw/mips/cpudevs.h" #include "hw/intc/i8259.h" #include "hw/dma/i8257.h" +#include "hw/dma/rc4030.h" #include "hw/char/serial.h" #include "hw/char/parallel.h" #include "hw/isa/isa.h" diff --git a/include/hw/dma/rc4030.h b/include/hw/dma/rc4030.h new file mode 100644 index 00..e58f94576e --- /dev/null +++ b/include/hw/dma/rc4030.h @@ -0,0 +1,21 @@ +/* + * QEMU JAZZ RC4030 chipset + * + * Copyright (c) 2007-2013 Hervé Poussineau + * + * SPDX-License-Identifier: MIT + */ + +#ifndef HW_DMA_RC4030_H +#define HW_DMA_RC4030_H + +#include "exec/memory.h" + +/* rc4030.c */ +typedef struct rc4030DMAState *rc4030_dma; +void rc4030_dma_read(void *dma, uint8_t *buf, int len); +void rc4030_dma_write(void *dma, uint8_t *buf, int len); + +DeviceState *rc4030_init(rc4030_dma **dmas, IOMMUMemoryRegion **dma_mr); + +#endif diff --git a/include/hw/mips/mips.h b/include/hw/mips/mips.h index 4d2db99952..34dd583500 100644 --- a/include/hw/mips/mips.h +++ b/include/hw/mips/mips.h @@ -7,13 +7,4 @@ /* Kernels can be configured with 64KB pages */ #define INITRD_PAGE_SIZE (64 * KiB) -#include "exec/memory.h" - -/* rc4030.c */ -typedef struct rc4030DMAState *rc4030_dma; -void rc4030_dma_read(void *dma, uint8_t *buf, int len); -void rc4030_dma_write(void *dma, uint8_t *buf, int len); - -DeviceState *rc4030_init(rc4030_dma **dmas, IOMMUMemoryRegion **dma_mr); - #endif
Re: [RFC PATCH 24/40] target/arm/hvf: Probe host into ARMCPUClass
On 3/1/23 19:16, Richard Henderson wrote: We can now store these values into ARMCPUClass instead of into a temporary ARMHostCPUFeatures structure. Signed-off-by: Richard Henderson --- target/arm/cpu.h | 5 target/arm/hvf_arm.h | 2 +- target/arm/cpu.c | 13 -- target/arm/cpu64.c | 4 +-- target/arm/hvf/hvf.c | 59 +++- 5 files changed, 17 insertions(+), 66 deletions(-) Reviewed-by: Philippe Mathieu-Daudé
Re: [RFC PATCH 21/40] target/arm: Remove aarch64 check from aarch64_host_object_init
On 3/1/23 19:16, Richard Henderson wrote:
Since kvm32 was removed
Maybe add here:
(see commit 82bf7ae84c: "target/arm: Remove KVM support for 32-bit
Arm hosts")
, all kvm hosts support aarch64.
Signed-off-by: Richard Henderson
---
target/arm/cpu64.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 28b5a07244..668e979a24 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -1095,10 +1095,8 @@ static void aarch64_host_object_init(Object *obj)
#if defined(CONFIG_KVM)
ARMCPU *cpu = ARM_CPU(obj);
kvm_arm_set_cpu_features_from_host(cpu);
-if (arm_feature(>env, ARM_FEATURE_AARCH64)) {
Worth asserting this feature is enabled? I don't think so, so:
Reviewed-by: Philippe Mathieu-Daudé
-aarch64_add_sve_properties(obj);
-aarch64_add_pauth_properties(obj);
-}
+aarch64_add_sve_properties(obj);
+aarch64_add_pauth_properties(obj);
#elif defined(CONFIG_HVF)
ARMCPU *cpu = ARM_CPU(obj);
hvf_arm_set_cpu_features_from_host(cpu);
Re: [PATCH v2] hw/i386/pc: Remove unused 'owner' argument from pc_pci_as_mapping_init
Am 5. Januar 2023 17:38:26 UTC schrieb "Philippe Mathieu-Daudé"
:
>This argument was added 9 years ago in commit 83d08f2673
>("pc: map PCI address space as catchall region for not mapped
>addresses") and has never been used since, so remove it.
>
>Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Bernhard Beschow
>---
> hw/i386/pc.c | 2 +-
> hw/pci-host/i440fx.c | 3 +--
> hw/pci-host/q35.c| 3 +--
> include/hw/i386/pc.h | 2 +-
> 4 files changed, 4 insertions(+), 6 deletions(-)
>
>diff --git a/hw/i386/pc.c b/hw/i386/pc.c
>index d489ecc0d1..6e592bd969 100644
>--- a/hw/i386/pc.c
>+++ b/hw/i386/pc.c
>@@ -782,7 +782,7 @@ void pc_guest_info_init(PCMachineState *pcms)
> }
>
> /* setup pci memory address space mapping into system address space */
>-void pc_pci_as_mapping_init(Object *owner, MemoryRegion *system_memory,
>+void pc_pci_as_mapping_init(MemoryRegion *system_memory,
> MemoryRegion *pci_address_space)
> {
> /* Set to lower priority than RAM */
>diff --git a/hw/pci-host/i440fx.c b/hw/pci-host/i440fx.c
>index d5426ef4a5..262f82c303 100644
>--- a/hw/pci-host/i440fx.c
>+++ b/hw/pci-host/i440fx.c
>@@ -272,8 +272,7 @@ PCIBus *i440fx_init(const char *pci_type,
> IO_APIC_DEFAULT_ADDRESS - 1);
>
> /* setup pci memory mapping */
>-pc_pci_as_mapping_init(OBJECT(f), f->system_memory,
>- f->pci_address_space);
>+pc_pci_as_mapping_init(f->system_memory, f->pci_address_space);
>
> /* if *disabled* show SMRAM to all CPUs */
> memory_region_init_alias(>smram_region, OBJECT(d), "smram-region",
>diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
>index 20da121374..26390863d6 100644
>--- a/hw/pci-host/q35.c
>+++ b/hw/pci-host/q35.c
>@@ -574,8 +574,7 @@ static void mch_realize(PCIDevice *d, Error **errp)
> }
>
> /* setup pci memory mapping */
>-pc_pci_as_mapping_init(OBJECT(mch), mch->system_memory,
>- mch->pci_address_space);
>+pc_pci_as_mapping_init(mch->system_memory, mch->pci_address_space);
>
> /* if *disabled* show SMRAM to all CPUs */
> memory_region_init_alias(>smram_region, OBJECT(mch), "smram-region",
>diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
>index 991f905f5d..88a120bc23 100644
>--- a/include/hw/i386/pc.h
>+++ b/include/hw/i386/pc.h
>@@ -156,7 +156,7 @@ void pc_guest_info_init(PCMachineState *pcms);
> #define PCI_HOST_ABOVE_4G_MEM_SIZE "above-4g-mem-size"
>
>
>-void pc_pci_as_mapping_init(Object *owner, MemoryRegion *system_memory,
>+void pc_pci_as_mapping_init(MemoryRegion *system_memory,
> MemoryRegion *pci_address_space);
>
> void xen_load_linux(PCMachineState *pcms);
Re: [RFC PATCH 11/40] target/arm: Copy features from ARMCPUClass
On 3/1/23 19:16, Richard Henderson wrote:
Create a features member in ARMCPUClass and copy to the instance in
arm_cpu_init. Settings of this value will come in a future patch.
Signed-off-by: Richard Henderson
---
target/arm/cpu-qom.h | 18 ++
target/arm/cpu.c | 1 +
2 files changed, 19 insertions(+)
diff --git a/target/arm/cpu-qom.h b/target/arm/cpu-qom.h
index 5509ef9d85..ac58cc3a87 100644
--- a/target/arm/cpu-qom.h
+++ b/target/arm/cpu-qom.h
@@ -74,8 +74,26 @@ struct ARMCPUClass {
/* 'compatible' string for this CPU for Linux device trees */
const char *dtb_compatible;
+
+/* Internal CPU feature flags. */
+uint64_t features;
};
+static inline int arm_class_feature(ARMCPUClass *acc, int feature)
+{
+return (acc->features & (1ULL << feature)) != 0;
+}
+
+static inline void set_class_feature(ARMCPUClass *acc, int feature)
+{
+acc->features |= 1ULL << feature;
+}
+
+static inline void unset_class_feature(ARMCPUClass *acc, int feature)
+{
+acc->features &= ~(1ULL << feature);
+}
These helpers are not used until patch #19 "target/arm: Move most cpu
initialization to the class".
void register_cp_regs_for_features(ARMCPU *cpu);
void init_cpreg_list(ARMCPU *cpu);
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 1bc45b2b25..d64b86b6a5 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1191,6 +1191,7 @@ static void arm_cpu_initfn(Object *obj)
QLIST_INIT(>el_change_hooks);
cpu->dtb_compatible = acc->dtb_compatible;
+cpu->env.features = acc->features;
#ifdef CONFIG_USER_ONLY
# ifdef TARGET_AARCH64
Re: [PATCH v5 2/2] tpm: add backend for mssim
On Thu, 2023-01-05 at 11:20 -0500, Stefan Berger wrote:
>
>
> On 1/5/23 08:00, James Bottomley wrote:
[...]
> > +The mssim backend supports snapshotting and migration, but the
> > state
> > +of the Microsoft Simulator server must be preserved (or the server
> > +kept running) outside of QEMU for restore to be successful.
>
> My comments to v3 still apply here.
You didn't make any v3 comments on migration.
> I also just tried migration and on the -incoming side it did not work
> anymore. Did you test this?
Well, yes, as I said. However, I seem to have left one change in my
local tree which I forgot to sync to the patch:
diff --git a/backends/tpm/tpm_mssim.c b/backends/tpm/tpm_mssim.c
index 75dce165b8..125c8d0b15 100644
--- a/backends/tpm/tpm_mssim.c
+++ b/backends/tpm/tpm_mssim.c
@@ -66,7 +66,7 @@ static void tpm_mssim_instance_finalize(Object *obj)
{
TPMmssim *t = TPM_MSSIM(obj);
-if (t->ctrl_qc && !runstate_check(RUN_STATE_INMIGRATE))
+if (t->cmd_qc && !runstate_check(RUN_STATE_POSTMIGRATE))
tpm_send_ctrl(t, TPM_SIGNAL_POWER_OFF, NULL);
object_unref(OBJECT(t->ctrl_qc));
James
Re: [RFC PATCH 08/40] target/arm: Pass ARMCPUClass to ARMCPUInfo.class_init
On 3/1/23 19:16, Richard Henderson wrote: Streamline new instances of this hook, so that we always go through arm_cpu_leaf_class_init first, performing common tasks, and have resolved the ARMCPUClass. Signed-off-by: Richard Henderson --- target/arm/cpu-qom.h | 2 +- target/arm/cpu.c | 10 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) Reviewed-by: Philippe Mathieu-Daudé
