[PATCH] elf2dmp: Don't abandon when Prcb is set to 0
Prcb may be set to 0 for some CPUs if the dump was taken before they
start. The dump may still contain valuable information for started CPUs
so don't abandon conversion in such a case.
Signed-off-by: Akihiko Odaki
---
contrib/elf2dmp/main.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
index d77b8f98f7..91c58e4424 100644
--- a/contrib/elf2dmp/main.c
+++ b/contrib/elf2dmp/main.c
@@ -312,6 +312,11 @@ static int fill_context(KDDEBUGGER_DATA64 *kdbg,
return 1;
}
+if (!Prcb) {
+eprintf("Context for CPU #%d is missing\n", i);
+continue;
+}
+
if (va_space_rw(vs, Prcb + kdbg->OffsetPrcbContext,
&Context, sizeof(Context), 0)) {
eprintf("Failed to read CPU #%d ContextFrame location\n", i);
--
2.40.1
[PATCH v7] Emulate dip switch language layout settings on SUN keyboard
I have now changed the patch to instead use -global escc.chnA-sunkbd-layout= and documented in docs/system/keyboard.rst which I have linked from target-sparc.rst. Unfortunately, I am not very used to these .rst files and have not found out how to create html files from them, so I don't know for sure if my formatting is correct. Typing "make help" seems to indicate that it should be possible to type "make html", but that did not seem to work. SUN Type 4, 5 and 5c keyboards have dip switches to choose the language layout of the keyboard. Solaris makes an ioctl to query the value of the dipswitches and uses that value to select keyboard layout. Also the SUN bios like the one in the file ss5.bin uses this value to support at least some keyboard layouts. However, the OpenBIOS provided with qemu is hardcoded to always use an US keyboard layout. Before this patch, qemu allways gave dip switch value 0x21 (US keyboard), this patch uses a command line switch like "-global escc.chnA-sunkbd-layout=de" to select dip switch value. A table is used to lookup values from arguments like: -global escc.chnA-sunkbd-layout=fr -global escc.chnA-sunkbd-layout=es But the patch also accepts numeric dip switch values directly: -global escc.chnA-sunkbd-layout=0x2b -global escc.chnA-sunkbd-layout=43 Both values above are the same and select swedish keyboard as explained in table 3-15 at https://docs.oracle.com/cd/E19683-01/806-6642/new-43/index.html Unless you want to do a full Solaris installation but happen to have access to a Sun bios file, the easiest way to test that the patch works is to: qemu-system-sparc -global escc.chnA-sunkbd-layout=sv -bios /path/to/ss5.bin If you already happen to have a Solaris installation in a qemu disk image file you can easily try different keyboard layouts after this patch is applied. Signed-off-by: Henrik Carlqvist --- docs/system/keyboard.rst | 127 +++ docs/system/target-sparc.rst | 2 +- hw/char/escc.c | 76 - include/hw/char/escc.h | 1 + 4 files changed, 204 insertions(+), 2 deletions(-) create mode 100644 docs/system/keyboard.rst diff --git a/docs/system/keyboard.rst b/docs/system/keyboard.rst new file mode 100644 index 00..b489c607f8 --- /dev/null +++ b/docs/system/keyboard.rst @@ -0,0 +1,127 @@ +.. _keyboard: + +Sparc32 keyboard + +SUN Type 4, 5 and 5c keyboards have dip switches to choose the language layout +of the keyboard. Solaris makes an ioctl to query the value of the dipswitches +and uses that value to select keyboard layout. Also the SUN bios like the one +in the file ss5.bin uses this value to support at least some keyboard layouts. +However, the OpenBIOS provided with qemu is hardcoded to always use an +US keyboard layout. + +With the escc.chnA-sunkbd-layout driver property it is possible to select +keyboard layout. Example: + +"-global escc.chnA-sunkbd-layout=de" + +Depending on type of keyboard, the keyboard can have 6 or 5 dip-switches to +select keyboard layout, giving up to 64 different layouts. Not all +combinations are supported by Solaris and even less by Sun OpenBoot BIOS. + +The dip switch settings can be given as hexadecimal number, decimal number +or in some cases as a language string. Examples: + +-global escc.chnA-sunkbd-layout=0x2b +-global escc.chnA-sunkbd-layout=43 +-global escc.chnA-sunkbd-layout=sv + +The above 3 examples all select a swedish keyboard layout. Table 3-15 at +https://docs.oracle.com/cd/E19683-01/806-6642/new-43/index.html explains which +keytable file is used for different dip switch settings. The information +in that table can be summarized in this table: + +.. list-table:: Language selection values for escc.chnA-sunkbd-layout + :widths: 10 10 10 + :header-rows: 1 + + * - Hexadecimal value + - Decimal value + - Language code + * - 0x21 + - 33 + - en-us + * - 0x23 + - 35 + - fr + * - 0x24 + - 36 + - da + * - 0x25 + - 37 + - de + * - 0x26 + - 38 + - it + * - 0x27 + - 39 + - nl + * - 0x28 + - 40 + - no + * - 0x29 + - 41 + - pt + * - 0x2a + - 42 + - es + * - 0x2b + - 43 + - sv + * - 0x2c + - 44 + - fr-ch + * - 0x2d + - 45 + - de-ch + * - 0x2e + - 46 + - en-gb + * - 0x2f + - 47 + - ko + * - 0x30 + - 48 + - tw + * - 0x31 + - 49 + - ja + * - 0x32 + - 50 + - fr-ca + * - 0x33 + - 51 + - hu + * - 0x34 + - 52 + - pl + * - 0x35 + - 53 + - cz + * - 0x36 + - 54 + - ru + * - 0x37 + - 55 + - lv + * - 0x38 + - 56 + - tr + * - 0x39 + - 57 + - gr + * - 0x3a + - 58 + - ar + * - 0x3b + - 59 + - lt + * - 0x3c + - 60 + - nl-be + * - 0x3c + - 60 + - be + +Not all dip switch values have a corresponding language code and both "be" and +"nl-be" correspond t
Re: [PATCH] machine: do not crash if default RAM backend name has been stollen
On 09/06/2023 16.06, Igor Mammedov wrote: On Mon, 22 May 2023 15:17:17 +0200 Igor Mammedov wrote: Paolo, can you pick it up? It's merged already (commit a37531f2381c4e294e48b14170894741283) Cheers, Thomas
[PATCH] tests/plugin: Remove duplicate insn log from libinsn.so
This is a perfectly natural occurrence for x86 "rep movb",
where the "rep" prefix forms a counted loop of the one insn.
During the tests/tcg/multiarch/memory test, this logging is
triggered over 35 times. Within the context of cross-i386-tci
build, which is already slow by nature, the logging is sufficient
to push the test into timeout.
Signed-off-by: Richard Henderson
---
Irritatingly, it doesn't timeout locally, so I used staging to double-check:
Fail: https://gitlab.com/qemu-project/qemu/-/jobs/4450754282#L5062
Pass: https://gitlab.com/qemu-project/qemu/-/jobs/4450927108
---
tests/plugin/insn.c | 9 +
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/tests/plugin/insn.c b/tests/plugin/insn.c
index cd5ea5d4ae..9bd6e44f73 100644
--- a/tests/plugin/insn.c
+++ b/tests/plugin/insn.c
@@ -19,7 +19,6 @@ QEMU_PLUGIN_EXPORT int qemu_plugin_version =
QEMU_PLUGIN_VERSION;
#define MAX_CPUS 8 /* lets not go nuts */
typedef struct {
-uint64_t last_pc;
uint64_t insn_count;
} InstructionCount;
@@ -51,13 +50,7 @@ static void vcpu_insn_exec_before(unsigned int cpu_index,
void *udata)
{
unsigned int i = cpu_index % MAX_CPUS;
InstructionCount *c = &counts[i];
-uint64_t this_pc = GPOINTER_TO_UINT(udata);
-if (this_pc == c->last_pc) {
-g_autofree gchar *out = g_strdup_printf("detected repeat execution @
0x%"
-PRIx64 "\n", this_pc);
-qemu_plugin_outs(out);
-}
-c->last_pc = this_pc;
+
c->insn_count++;
}
--
2.34.1
Re: [PULL 00/16] trivial patches 2023-06-10
On 6/9/23 23:57, Michael Tokarev wrote:
Hi here!
This is my first pullreq in quite some years.
It looks like there has been quite some trivial patches which were forgotten,
so I thought I'd give it a shot at least.
And since I haven't done a PR in a while, I basically forgot how to do it
properly :)
Please note: there are 2 patches in there which are*not* reviewed. Being
a trivial-patch collection, they're "obviously correct", - namely these are
spelling fixes ("information") and adding comments in linux-user/syscall.c.
If that's not okay, let's remove these 2 changes and apply the rest.
Thanks,
/mjt
The following changes since commit 5f9dd6a8ce3961db4ce47411ed2097ad88bdf5fc:
Merge tag 'pull-9p-20230608' ofhttps://github.com/cschoenebeck/qemu into
staging (2023-06-08 08:47:35 -0700)
are available in the Git repository at:
https://gitlab.com/mjt0k/qemu.git tags/trivial-patches-20230610
for you to fetch changes up to e928907105cfeb48b68cedce232bbd4784536707:
linux-user: elfload: Specify -R is an option for qemu-user binaries
(2023-06-10 09:40:46 +0300)
----
trivial-patches-20230610
Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/8.1 as
appropriate.
r~
Re: [PULL 00/29] ppc queue
On 6/10/23 06:31, Daniel Henrique Barboza wrote: The following changes since commit 3673ad389622d9ef4d2743101253c642def7935a: tcg/tci: Fix MemOpIdx operand index for 3-operand memops (2023-06-09 08:30:56 -0700) are available in the Git repository at: https://gitlab.com/danielhb/qemu.git tags/pull-ppc-20230610 for you to fetch changes up to 9ec08f3569be3bc8bfd4d9b8b0445b9136910661: hw/ppc/Kconfig: MAC_NEWWORLD should always select USB_OHCI_PCI (2023-06-10 10:19:24 -0300) ppc patch queue for 2023-06-10: This queue includes several assorted fixes for target/ppc emulation and XIVE2. It also includes an openpic fix, an avocado fix for ppc64 binaries without slipr and a Kconfig change for MAC_NEWWORLD. Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/8.1 as appropriate. r~
Re: [PATCH 6/6] target/tricore: Add shuffle insn
On 6/10/23 03:55, Bastian Koppelmann wrote:
+/*
+ * table from
+ * https://graphics.stanford.edu/~seander/bithacks.html#BitReverseTable
+ */
+static const unsigned char BitReverseTable256[256] = {
+# define R2(n) n, n + 2 * 64, n + 1 * 64, n + 3 * 64
+# define R4(n) R2(n), R2(n + 2 * 16), R2(n + 1 * 16), R2(n + 3 * 16)
+# define R6(n) R4(n), R4(n + 2 * 4 ), R4(n + 1 * 4 ), R4(n + 3 * 4 )
+R6(0), R6(2), R6(1), R6(3)
+};
This is revbit8() from qemu/host-utils.h.
+uint32_t helper_shuffle(uint32_t arg0, uint32_t arg1)
+{
+uint8_t buf[4];
+uint8_t resbuf[4];
+uint32_t byte_select;
+uint32_t res = 0;
+
+stl_le_p(buf, arg0);
While storing to a buffer works, it's just as easy to use shifts.
+byte_select = arg1 & 0x3;
+resbuf[0] = buf[byte_select];
resb = extract32(arg0, byte_select * 8, 8);
res |= resb << 0;
+resbuf[1] = buf[byte_select];
res |= resb << 8;
etc.
+if (arg1 & 0x100) {
+resbuf[3] = BitReverseTable256[resbuf[3]];
+}
The bit-reversal is controlled by one bit for all bytes. It can be done for all bytes in
parallel. Use the shifts from bitrev8, applied to the entire uint32_t result.
r~
Re: [PATCH 5/6] target/tricore: Add crc32.b insn
On 6/10/23 03:55, Bastian Koppelmann wrote: Signed-off-by: Bastian Koppelmann --- target/tricore/helper.h | 1 + target/tricore/op_helper.c | 8 target/tricore/translate.c | 7 +++ target/tricore/tricore-opcodes.h | 1 + 4 files changed, 17 insertions(+) Reviewed-by: Richard Henderson r
Re: [PATCH 4/6] target/tricore: Add crc32l.w insn
On 6/10/23 03:55, Bastian Koppelmann wrote: Signed-off-by: Bastian Koppelmann --- target/tricore/helper.h | 3 ++- target/tricore/op_helper.c | 10 +- target/tricore/translate.c | 12 ++-- target/tricore/tricore-opcodes.h | 3 ++- 4 files changed, 23 insertions(+), 5 deletions(-) Reviewed-by: Richard Henderson r~
Re: [PATCH 3/6] target/tricore: Add LHA insn
On 6/10/23 03:55, Bastian Koppelmann wrote: Signed-off-by: Bastian Koppelmann --- target/tricore/translate.c | 14 -- target/tricore/tricore-opcodes.h | 9 - 2 files changed, 20 insertions(+), 3 deletions(-) Reviewed-by: Richard Henderson r~
Re: [PATCH 2/6] target/tricore: Add popcnt.w insn
On 6/10/23 03:55, Bastian Koppelmann wrote: Signed-off-by: Bastian Koppelmann --- target/tricore/translate.c | 7 +++ target/tricore/tricore-opcodes.h | 1 + 2 files changed, 8 insertions(+) Reviewed-by: Richard Henderson r~
Re: [PATCH 1/6] target/tricore: Introduce ISA 1.6.2 feature
On 6/10/23 03:55, Bastian Koppelmann wrote: we also introduce the tc37x CPU that implements that ISA version. Signed-off-by: Bastian Koppelmann --- target/tricore/cpu.c | 13 + target/tricore/cpu.h | 1 + 2 files changed, 14 Acked-by: Richard Henderson r~
[PATCH v3] 9pfs: deprecate 'proxy' backend
As recent CVE-2023-2861 once again showed, the 9p 'proxy' fs driver is in
bad shape. Using the 'proxy' backend was already discouraged for safety
reasons before and we recommended to use the 'local' backend instead,
but now it is time to officially deprecate the 'proxy' backend.
Signed-off-by: Christian Schoenebeck
---
v2 -> v3:
* Fix copy wasted typo (-> 'backend').
MAINTAINERS| 7 +++
docs/about/deprecated.rst | 17 +
docs/tools/virtfs-proxy-helper.rst | 3 +++
fsdev/qemu-fsdev.c | 5 +
fsdev/virtfs-proxy-helper.c| 5 +
hw/9pfs/9p-proxy.c | 5 +
hw/9pfs/9p-proxy.h | 5 +
meson.build| 2 +-
qemu-options.hx| 6 +-
softmmu/vl.c | 5 +
10 files changed, 58 insertions(+), 2 deletions(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index 436b3f0afe..185d694b2e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2118,13 +2118,20 @@ S: Odd Fixes
W: https://wiki.qemu.org/Documentation/9p
F: hw/9pfs/
X: hw/9pfs/xen-9p*
+X: hw/9pfs/9p-proxy*
F: fsdev/
+X: fsdev/virtfs-proxy-helper.c
F: docs/tools/virtfs-proxy-helper.rst
F: tests/qtest/virtio-9p-test.c
F: tests/qtest/libqos/virtio-9p*
T: git https://gitlab.com/gkurz/qemu.git 9p-next
T: git https://github.com/cschoenebeck/qemu.git 9p.next
+virtio-9p-proxy
+F: hw/9pfs/9p-proxy*
+F: fsdev/virtfs-proxy-helper.c
+S: Obsolete
+
virtio-blk
M: Stefan Hajnoczi
L: qemu-bl...@nongnu.org
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 0743459862..9b2c780365 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -343,6 +343,23 @@ the addition of volatile memory support, it is now
necessary to distinguish
between persistent and volatile memory backends. As such, memdev is deprecated
in favor of persistent-memdev.
+``-fsdev proxy`` and ``-virtfs proxy`` (since 8.1)
+^^
+
+The 9p ``proxy`` filesystem backend driver has been deprecated and will be
+removed in a future version of QEMU. Please use ``-fsdev local`` or
+``-virtfs local`` for using the ``local`` 9p filesystem backend instead.
+
+The 9p ``proxy`` backend was originally developed as an alternative to the 9p
+``local`` backend. The idea was to enhance security by dispatching actual low
+level filesystem operations from 9p server (QEMU process) over to a separate
+process (the virtfs-proxy-helper binary). However this alternative never gained
+momentum. The proxy backend is much slower than the local backend, hasn't seen
+any development in years, and showed to be less secure, especially due to the
+fact that its helper daemon must be run as root, whereas with the local backend
+QEMU is typically run as unprivileged user and allows to tighten behaviour by
+mapping permissions et al.
+
Block device options
diff --git a/docs/tools/virtfs-proxy-helper.rst
b/docs/tools/virtfs-proxy-helper.rst
index 6cdeedf8e9..bd310ebb07 100644
--- a/docs/tools/virtfs-proxy-helper.rst
+++ b/docs/tools/virtfs-proxy-helper.rst
@@ -9,6 +9,9 @@ Synopsis
Description
---
+NOTE: The 9p 'proxy' backend is deprecated (since QEMU 8.1) and will be
+removed, along with this daemon, in a future version of QEMU!
+
Pass-through security model in QEMU 9p server needs root privilege to do
few file operations (like chown, chmod to any mode/uid:gid). There are two
issues in pass-through security model:
diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c
index 3da64e9f72..242f54ab49 100644
--- a/fsdev/qemu-fsdev.c
+++ b/fsdev/qemu-fsdev.c
@@ -133,6 +133,11 @@ int qemu_fsdev_add(QemuOpts *opts, Error **errp)
}
if (fsdriver) {
+if (strncmp(fsdriver, "proxy", 5) == 0) {
+warn_report("'-fsdev proxy' is deprecated, use '-fsdev local' "
+"instead");
+}
+
for (i = 0; i < ARRAY_SIZE(FsDrivers); i++) {
if (strcmp(FsDrivers[i].name, fsdriver) == 0) {
break;
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index d9511f429c..5dd5d99284 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -9,6 +9,11 @@
* the COPYING file in the top-level directory.
*/
+/*
+ * NOTE: The 9p 'proxy' backend is deprecated (since QEMU 8.1) and will be
+ * removed in a future version of QEMU!
+ */
+
#include "qemu/osdep.h"
#include
#include
diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c
index 99d115ff0d..905cae6992 100644
--- a/hw/9pfs/9p-proxy.c
+++ b/hw/9pfs/9p-proxy.c
@@ -15,6 +15,11 @@
* https://wiki.qemu.org/Documentation/9p
*/
+/*
+ * NOTE: The 9p 'proxy' backend is deprecated (since QEMU 8.1) and will be
+ * removed in a future version of QEMU!
+ */
+
#include "qemu/osdep.h"
#include
#include
diff --git a/hw/9pfs/9p-proxy.h b/hw/9pfs/9p-proxy.h
index b84301d001..9be
[PULL 11/29] target/ppc: Support directed privileged doorbell interrupt (SDOOR)
From: Nicholas Piggin BookS msgsndp instruction to self or DPDES register can cause SDOOR interrupts which crash QEMU with exception not implemented. Linux does not use msgsndp in SMT1, and KVM only uses DPDES to cause doorbells when emulating a SMT guest (which is not the default), so this has gone unnoticed. Signed-off-by: Nicholas Piggin Reviewed-by: Cédric Le Goater Message-Id: <20230530130526.372701-1-npig...@gmail.com> Signed-off-by: Daniel Henrique Barboza --- target/ppc/excp_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c index de6ad121d2..befa9aab7f 100644 --- a/target/ppc/excp_helper.c +++ b/target/ppc/excp_helper.c @@ -1542,6 +1542,7 @@ static void powerpc_excp_books(PowerPCCPU *cpu, int excp) case POWERPC_EXCP_DSEG: /* Data segment exception */ case POWERPC_EXCP_ISEG: /* Instruction segment exception*/ case POWERPC_EXCP_TRACE: /* Trace exception */ +case POWERPC_EXCP_SDOOR: /* Doorbell interrupt */ break; case POWERPC_EXCP_HISI: /* Hypervisor instruction storage exception */ msr |= env->error_code; @@ -1587,7 +1588,6 @@ static void powerpc_excp_books(PowerPCCPU *cpu, int excp) case POWERPC_EXCP_PERFM: /* Embedded performance monitor interrupt */ case POWERPC_EXCP_VPUA: /* Vector assist exception */ case POWERPC_EXCP_MAINT: /* Maintenance exception*/ -case POWERPC_EXCP_SDOOR: /* Doorbell interrupt */ case POWERPC_EXCP_HV_MAINT: /* Hypervisor Maintenance exception */ cpu_abort(cs, "%s exception not implemented\n", powerpc_excp_name(excp)); -- 2.40.1
[PULL 07/29] pnv/xive2: Quiet down some error messages
From: Frederic Barrat
When dumping the END and NVP tables ("info pic" from the HMP) on the
P10 model, we're likely to be flooded with error messages such as:
XIVE[0] - VST: invalid NVPT entry f33800 !?
The error is printed when finding an empty VSD in an indirect
table (thus END and NVP tables with skiboot), which is going to happen
when dumping the xive state. So let's tune down those messages. They
can be re-enabled easily with a macro if needed.
Those errors were already hidden on xive/P9, for the same reason.
Signed-off-by: Frederic Barrat
Reviewed-by: Cédric Le Goater
Message-Id: <20230531150537.369350-1-fbar...@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza
---
hw/intc/pnv_xive2.c | 4
1 file changed, 4 insertions(+)
diff --git a/hw/intc/pnv_xive2.c b/hw/intc/pnv_xive2.c
index e5a028c1e6..ec1edeb385 100644
--- a/hw/intc/pnv_xive2.c
+++ b/hw/intc/pnv_xive2.c
@@ -163,7 +163,9 @@ static uint64_t pnv_xive2_vst_addr_indirect(PnvXive2 *xive,
uint32_t type,
ldq_be_dma(&address_space_memory, vsd_addr, &vsd, MEMTXATTRS_UNSPECIFIED);
if (!(vsd & VSD_ADDRESS_MASK)) {
+#ifdef XIVE2_DEBUG
xive2_error(xive, "VST: invalid %s entry %x !?", info->name, idx);
+#endif
return 0;
}
@@ -185,7 +187,9 @@ static uint64_t pnv_xive2_vst_addr_indirect(PnvXive2 *xive,
uint32_t type,
MEMTXATTRS_UNSPECIFIED);
if (!(vsd & VSD_ADDRESS_MASK)) {
+#ifdef XIVE2_DEBUG
xive2_error(xive, "VST: invalid %s entry %x !?", info->name, idx);
+#endif
return 0;
}
--
2.40.1
[PULL 14/29] target/ppc: Remove "ext" parameter of ppcemb_tlb_check()
From: BALATON Zoltan
This is only used by one caller so simplify function by removing this
parameter and move the operation to the single place where it's used.
Signed-off-by: BALATON Zoltan
Reviewed-by: Cédric Le Goater
Message-Id:
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/cpu.h| 3 +--
target/ppc/mmu_common.c | 21 +
target/ppc/mmu_helper.c | 2 +-
3 files changed, 11 insertions(+), 15 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 10c4ffa148..557e02e697 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1429,8 +1429,7 @@ int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb,
uint32_t pid);
int ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
hwaddr *raddrp,
-target_ulong address, uint32_t pid, int ext,
-int i);
+target_ulong address, uint32_t pid, int i);
hwaddr booke206_tlb_to_page_size(CPUPPCState *env,
ppcmas_tlb_t *tlb);
#endif
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 7235a4befe..21a353c51a 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -491,8 +491,7 @@ static int get_segment_6xx_tlb(CPUPPCState *env, mmu_ctx_t
*ctx,
/* Generic TLB check function for embedded PowerPC implementations */
int ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
hwaddr *raddrp,
-target_ulong address, uint32_t pid, int ext,
-int i)
+target_ulong address, uint32_t pid, int i)
{
target_ulong mask;
@@ -514,11 +513,6 @@ int ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
return -1;
}
*raddrp = (tlb->RPN & mask) | (address & ~mask);
-if (ext) {
-/* Extend the physical address to 36 bits */
-*raddrp |= (uint64_t)(tlb->RPN & 0xF) << 32;
-}
-
return 0;
}
@@ -536,7 +530,7 @@ static int mmu40x_get_physical_address(CPUPPCState *env,
mmu_ctx_t *ctx,
for (i = 0; i < env->nb_tlb; i++) {
tlb = &env->tlb.tlbe[i];
if (ppcemb_tlb_check(env, tlb, &raddr, address,
- env->spr[SPR_40x_PID], 0, i) < 0) {
+ env->spr[SPR_40x_PID], i) < 0) {
continue;
}
zsel = (tlb->attr >> 4) & 0xF;
@@ -598,20 +592,23 @@ static int mmubooke_check_tlb(CPUPPCState *env,
ppcemb_tlb_t *tlb,
int prot2;
if (ppcemb_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID],
- !env->nb_pids, i) >= 0) {
+ env->spr[SPR_BOOKE_PID], i) >= 0) {
+if (!env->nb_pids) {
+/* Extend the physical address to 36 bits */
+*raddr |= (uint64_t)(tlb->RPN & 0xF) << 32;
+}
goto found_tlb;
}
if (env->spr[SPR_BOOKE_PID1] &&
ppcemb_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID1], 0, i) >= 0) {
+ env->spr[SPR_BOOKE_PID1], i) >= 0) {
goto found_tlb;
}
if (env->spr[SPR_BOOKE_PID2] &&
ppcemb_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID2], 0, i) >= 0) {
+ env->spr[SPR_BOOKE_PID2], i) >= 0) {
goto found_tlb;
}
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index c0c71a68ff..e7275eaec1 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -124,7 +124,7 @@ static int ppcemb_tlb_search(CPUPPCState *env, target_ulong
address,
ret = -1;
for (i = 0; i < env->nb_tlb; i++) {
tlb = &env->tlb.tlbe[i];
-if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, 0, i) == 0) {
+if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, i) == 0) {
ret = i;
break;
}
--
2.40.1
[PULL 28/29] target/ppc: Implement gathering irq statistics
From: BALATON Zoltan
Count exceptions which can be queried with info irq monitor command.
Signed-off-by: BALATON Zoltan
Reviewed-by: Philippe Mathieu-Daudé
Message-Id: <20230606220200.7ebcc746...@zero.eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/cpu.h | 1 +
target/ppc/cpu_init.c| 18 ++
target/ppc/excp_helper.c | 1 +
3 files changed, 20 insertions(+)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 20508bac5e..0ee2adc105 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1195,6 +1195,7 @@ struct CPUArchState {
int error_code;
uint32_t pending_interrupts;
#if !defined(CONFIG_USER_ONLY)
+uint64_t excp_stats[POWERPC_EXCP_NB];
/*
* This is the IRQ controller, which is implementation dependent and only
* relevant when emulating a complete machine. Note that this isn't used
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index d4ef074afb..9f97222655 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -48,6 +48,7 @@
#ifndef CONFIG_USER_ONLY
#include "hw/boards.h"
+#include "hw/intc/intc.h"
#endif
/* #define PPC_DEBUG_SPR */
@@ -7123,6 +7124,16 @@ static bool ppc_cpu_is_big_endian(CPUState *cs)
return !FIELD_EX64(env->msr, MSR, LE);
}
+static bool ppc_get_irq_stats(InterruptStatsProvider *obj,
+ uint64_t **irq_counts, unsigned int *nb_irqs)
+{
+CPUPPCState *env = &POWERPC_CPU(obj)->env;
+
+*irq_counts = env->excp_stats;
+*nb_irqs = ARRAY_SIZE(env->excp_stats);
+return true;
+}
+
#ifdef CONFIG_TCG
static void ppc_cpu_exec_enter(CPUState *cs)
{
@@ -7286,6 +7297,7 @@ static void ppc_cpu_class_init(ObjectClass *oc, void
*data)
cc->gdb_write_register = ppc_cpu_gdb_write_register;
#ifndef CONFIG_USER_ONLY
cc->sysemu_ops = &ppc_sysemu_ops;
+INTERRUPT_STATS_PROVIDER_CLASS(oc)->get_statistics = ppc_get_irq_stats;
#endif
cc->gdb_num_core_regs = 71;
@@ -7323,6 +7335,12 @@ static const TypeInfo ppc_cpu_type_info = {
.abstract = true,
.class_size = sizeof(PowerPCCPUClass),
.class_init = ppc_cpu_class_init,
+#ifndef CONFIG_USER_ONLY
+.interfaces = (InterfaceInfo[]) {
+ { TYPE_INTERRUPT_STATS_PROVIDER },
+ { }
+},
+#endif
};
#ifndef CONFIG_USER_ONLY
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index 8b95410c36..12d8a7257b 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -1655,6 +1655,7 @@ static void powerpc_excp(PowerPCCPU *cpu, int excp)
qemu_log_mask(CPU_LOG_INT, "Raise exception at " TARGET_FMT_lx
" => %s (%d) error=%02x\n", env->nip,
powerpc_excp_name(excp),
excp, env->error_code);
+env->excp_stats[excp]++;
switch (env->excp_model) {
case POWERPC_EXCP_40x:
--
2.40.1
[PULL 29/29] hw/ppc/Kconfig: MAC_NEWWORLD should always select USB_OHCI_PCI
From: Thomas Huth The PowerMacs have an OHCI controller soldered on the motherboard, so this should always be enabled for the "mac99" machine. This fixes the problem that QEMU aborts when the user tries to run the "mac99" machine with a build that has been compiled with the "--without-default-devices" configure switch. Signed-off-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Reviewed-by: Mark Cave-Ayland Message-Id: <20230530102041.55527-1-th...@redhat.com> Signed-off-by: Daniel Henrique Barboza --- hw/ppc/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig index a689d9b219..5dfbf47ef5 100644 --- a/hw/ppc/Kconfig +++ b/hw/ppc/Kconfig @@ -115,6 +115,7 @@ config MAC_NEWWORLD select MAC_PMU select UNIN_PCI select FW_CFG_PPC +select USB_OHCI_PCI config E500 bool -- 2.40.1
[PULL 24/29] target/ppc: Fix decrementer time underflow and infinite timer loop
From: Nicholas Piggin It is possible to store a very large value to the decrementer that it does not raise the decrementer exception so the timer is scheduled, but the next time value wraps and is treated as in the past. This can occur if (u64)-1 is stored on a zero-triggered exception, or (u64)-1 is stored twice on an underflow-triggered exception, for example. If such a value is set in DECAR, it gets stored to the decrementer by the timer function, which then immediately causes another timer, which hangs QEMU. Clamp the decrementer to the implemented width, and use that as the value for the timer calculation, effectively preventing this overflow. Reported-by: sdic...@ddci.com Signed-off-by: Nicholas Piggin Reviewed-by: Daniel Henrique Barboza Message-Id: <20230530131214.373524-1-npig...@gmail.com> Signed-off-by: Daniel Henrique Barboza --- hw/ppc/ppc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c index 4e816c68c7..d80b0adc6c 100644 --- a/hw/ppc/ppc.c +++ b/hw/ppc/ppc.c @@ -798,6 +798,8 @@ static void __cpu_ppc_store_decr(PowerPCCPU *cpu, uint64_t *nextp, int64_t signed_decr; /* Truncate value to decr_width and sign extend for simplicity */ +value = extract64(value, 0, nr_bits); +decr = extract64(decr, 0, nr_bits); signed_value = sextract64(value, 0, nr_bits); signed_decr = sextract64(decr, 0, nr_bits); -- 2.40.1
[PULL 21/29] target/ppc: Ensure stcx size matches larx
From: Nicholas Piggin
Differently-sized larx/stcx. pairs can succeed if the starting address
matches. Add a check to require the size of stcx. exactly match the larx
that established the reservation. Use the term "reserve_length" for this
state, which matches the terminology used in the ISA.
Reviewed-by: Richard Henderson
Signed-off-by: Nicholas Piggin
Message-Id: <20230605025445.161932-2-npig...@gmail.com>
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/cpu.h | 5 +++--
target/ppc/cpu_init.c | 4 ++--
target/ppc/translate.c | 9 +
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index c7c2a5534c..20508bac5e 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1114,8 +1114,9 @@ struct CPUArchState {
target_ulong ov32;
target_ulong ca32;
-target_ulong reserve_addr; /* Reservation address */
-target_ulong reserve_val; /* Reservation value */
+target_ulong reserve_addr; /* Reservation address */
+target_ulong reserve_length; /* Reservation larx op size (bytes) */
+target_ulong reserve_val;/* Reservation value */
target_ulong reserve_val2;
/* These are used in supervisor mode only */
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 398f2d9966..d4ef074afb 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -7392,8 +7392,8 @@ void ppc_cpu_dump_state(CPUState *cs, FILE *f, int flags)
}
qemu_fprintf(f, " %c%c", a, env->crf[i] & 0x01 ? 'O' : ' ');
}
-qemu_fprintf(f, " ] RES " TARGET_FMT_lx "\n",
- env->reserve_addr);
+qemu_fprintf(f, " ] RES %03x@" TARGET_FMT_lx "\n",
+ (int)env->reserve_length, env->reserve_addr);
if (flags & CPU_DUMP_FPU) {
for (i = 0; i < 32; i++) {
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 452439b729..cf0bd79b8c 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -75,6 +75,7 @@ static TCGv cpu_cfar;
#endif
static TCGv cpu_xer, cpu_so, cpu_ov, cpu_ca, cpu_ov32, cpu_ca32;
static TCGv cpu_reserve;
+static TCGv cpu_reserve_length;
static TCGv cpu_reserve_val;
static TCGv cpu_reserve_val2;
static TCGv cpu_fpscr;
@@ -143,6 +144,10 @@ void ppc_translate_init(void)
cpu_reserve = tcg_global_mem_new(cpu_env,
offsetof(CPUPPCState, reserve_addr),
"reserve_addr");
+cpu_reserve_length = tcg_global_mem_new(cpu_env,
+offsetof(CPUPPCState,
+ reserve_length),
+"reserve_length");
cpu_reserve_val = tcg_global_mem_new(cpu_env,
offsetof(CPUPPCState, reserve_val),
"reserve_val");
@@ -3469,6 +3474,7 @@ static void gen_load_locked(DisasContext *ctx, MemOp
memop)
gen_addr_reg_index(ctx, t0);
tcg_gen_qemu_ld_tl(gpr, t0, ctx->mem_idx, memop | MO_ALIGN);
tcg_gen_mov_tl(cpu_reserve, t0);
+tcg_gen_movi_tl(cpu_reserve_length, memop_size(memop));
tcg_gen_mov_tl(cpu_reserve_val, gpr);
tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
}
@@ -3700,6 +3706,7 @@ static void gen_conditional_store(DisasContext *ctx,
MemOp memop)
gen_set_access_type(ctx, ACCESS_RES);
gen_addr_reg_index(ctx, t0);
tcg_gen_brcond_tl(TCG_COND_NE, t0, cpu_reserve, l1);
+tcg_gen_brcondi_tl(TCG_COND_NE, cpu_reserve_length, memop_size(memop), l1);
t0 = tcg_temp_new();
tcg_gen_atomic_cmpxchg_tl(t0, cpu_reserve, cpu_reserve_val,
@@ -3766,6 +3773,7 @@ static void gen_lqarx(DisasContext *ctx)
tcg_gen_extr_i128_i64(lo, hi, t16);
tcg_gen_mov_tl(cpu_reserve, EA);
+tcg_gen_movi_tl(cpu_reserve_length, 16);
tcg_gen_st_tl(hi, cpu_env, offsetof(CPUPPCState, reserve_val));
tcg_gen_st_tl(lo, cpu_env, offsetof(CPUPPCState, reserve_val2));
}
@@ -3791,6 +3799,7 @@ static void gen_stqcx_(DisasContext *ctx)
gen_addr_reg_index(ctx, EA);
tcg_gen_brcond_tl(TCG_COND_NE, EA, cpu_reserve, lab_fail);
+tcg_gen_brcondi_tl(TCG_COND_NE, cpu_reserve_length, 16, lab_fail);
cmp = tcg_temp_new_i128();
val = tcg_temp_new_i128();
--
2.40.1
[PULL 23/29] target/ppc: Rework store conditional to avoid branch
From: Nicholas Piggin
Rework store conditional to avoid a branch in the success case.
Change some of the variable names and layout while here so
gen_conditional_store more closely matches gen_stqcx_.
Reviewed-by: Richard Henderson
Signed-off-by: Nicholas Piggin
Message-Id: <20230605025445.161932-4-npig...@gmail.com>
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/translate.c | 63 --
1 file changed, 30 insertions(+), 33 deletions(-)
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index cb4764476d..b591f2e496 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -3697,31 +3697,32 @@ static void gen_stdat(DisasContext *ctx)
static void gen_conditional_store(DisasContext *ctx, MemOp memop)
{
-TCGLabel *l1 = gen_new_label();
-TCGLabel *l2 = gen_new_label();
-TCGv t0 = tcg_temp_new();
-int reg = rS(ctx->opcode);
+TCGLabel *lfail;
+TCGv EA;
+TCGv cr0;
+TCGv t0;
+int rs = rS(ctx->opcode);
+lfail = gen_new_label();
+EA = tcg_temp_new();
+cr0 = tcg_temp_new();
+t0 = tcg_temp_new();
+
+tcg_gen_mov_tl(cr0, cpu_so);
gen_set_access_type(ctx, ACCESS_RES);
-gen_addr_reg_index(ctx, t0);
-tcg_gen_brcond_tl(TCG_COND_NE, t0, cpu_reserve, l1);
-tcg_gen_brcondi_tl(TCG_COND_NE, cpu_reserve_length, memop_size(memop), l1);
+gen_addr_reg_index(ctx, EA);
+tcg_gen_brcond_tl(TCG_COND_NE, EA, cpu_reserve, lfail);
+tcg_gen_brcondi_tl(TCG_COND_NE, cpu_reserve_length, memop_size(memop),
lfail);
-t0 = tcg_temp_new();
tcg_gen_atomic_cmpxchg_tl(t0, cpu_reserve, cpu_reserve_val,
- cpu_gpr[reg], ctx->mem_idx,
+ cpu_gpr[rs], ctx->mem_idx,
DEF_MEMOP(memop) | MO_ALIGN);
tcg_gen_setcond_tl(TCG_COND_EQ, t0, t0, cpu_reserve_val);
tcg_gen_shli_tl(t0, t0, CRF_EQ_BIT);
-tcg_gen_or_tl(t0, t0, cpu_so);
-tcg_gen_trunc_tl_i32(cpu_crf[0], t0);
-tcg_gen_br(l2);
+tcg_gen_or_tl(cr0, cr0, t0);
-gen_set_label(l1);
-
-tcg_gen_trunc_tl_i32(cpu_crf[0], cpu_so);
-
-gen_set_label(l2);
+gen_set_label(lfail);
+tcg_gen_trunc_tl_i32(cpu_crf[0], cr0);
tcg_gen_movi_tl(cpu_reserve, -1);
}
@@ -3775,25 +3776,26 @@ static void gen_lqarx(DisasContext *ctx)
/* stqcx. */
static void gen_stqcx_(DisasContext *ctx)
{
-TCGLabel *lab_fail, *lab_over;
-int rs = rS(ctx->opcode);
+TCGLabel *lfail;
TCGv EA, t0, t1;
+TCGv cr0;
TCGv_i128 cmp, val;
+int rs = rS(ctx->opcode);
if (unlikely(rs & 1)) {
gen_inval_exception(ctx, POWERPC_EXCP_INVAL_INVAL);
return;
}
-lab_fail = gen_new_label();
-lab_over = gen_new_label();
+lfail = gen_new_label();
+EA = tcg_temp_new();
+cr0 = tcg_temp_new();
+tcg_gen_mov_tl(cr0, cpu_so);
gen_set_access_type(ctx, ACCESS_RES);
-EA = tcg_temp_new();
gen_addr_reg_index(ctx, EA);
-
-tcg_gen_brcond_tl(TCG_COND_NE, EA, cpu_reserve, lab_fail);
-tcg_gen_brcondi_tl(TCG_COND_NE, cpu_reserve_length, 16, lab_fail);
+tcg_gen_brcond_tl(TCG_COND_NE, EA, cpu_reserve, lfail);
+tcg_gen_brcondi_tl(TCG_COND_NE, cpu_reserve_length, 16, lfail);
cmp = tcg_temp_new_i128();
val = tcg_temp_new_i128();
@@ -3816,15 +3818,10 @@ static void gen_stqcx_(DisasContext *ctx)
tcg_gen_setcondi_tl(TCG_COND_EQ, t0, t0, 0);
tcg_gen_shli_tl(t0, t0, CRF_EQ_BIT);
-tcg_gen_or_tl(t0, t0, cpu_so);
-tcg_gen_trunc_tl_i32(cpu_crf[0], t0);
-
-tcg_gen_br(lab_over);
-gen_set_label(lab_fail);
-
-tcg_gen_trunc_tl_i32(cpu_crf[0], cpu_so);
+tcg_gen_or_tl(cr0, cr0, t0);
-gen_set_label(lab_over);
+gen_set_label(lfail);
+tcg_gen_trunc_tl_i32(cpu_crf[0], cr0);
tcg_gen_movi_tl(cpu_reserve, -1);
}
#endif /* defined(TARGET_PPC64) */
--
2.40.1
[PULL 19/29] target/ppc: Eliminate goto in mmubooke_check_tlb()
From: BALATON Zoltan
Move out checking PID registers into a separate function which makes
mmubooke_check_tlb() simpler and avoids using goto.
Signed-off-by: BALATON Zoltan
Reviewed-by: Daniel Henrique Barboza
Message-Id:
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/mmu_common.c | 40 +---
1 file changed, 21 insertions(+), 19 deletions(-)
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index bd7d7d5257..ae1db6e348 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -601,37 +601,39 @@ static int mmu40x_get_physical_address(CPUPPCState *env,
mmu_ctx_t *ctx,
return ret;
}
-static int mmubooke_check_tlb(CPUPPCState *env, ppcemb_tlb_t *tlb,
- hwaddr *raddr, int *prot, target_ulong address,
- MMUAccessType access_type, int i)
+static bool mmubooke_check_pid(CPUPPCState *env, ppcemb_tlb_t *tlb,
+ hwaddr *raddr, target_ulong addr, int i)
{
-int prot2;
-
-if (ppcemb_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID], i)) {
+if (ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID], i)) {
if (!env->nb_pids) {
/* Extend the physical address to 36 bits */
*raddr |= (uint64_t)(tlb->RPN & 0xF) << 32;
}
-goto found_tlb;
+return true;
+} else if (!env->nb_pids) {
+return false;
}
-
if (env->spr[SPR_BOOKE_PID1] &&
-ppcemb_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID1], i)) {
-goto found_tlb;
+ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID1], i)) {
+return true;
}
-
if (env->spr[SPR_BOOKE_PID2] &&
-ppcemb_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID2], i)) {
-goto found_tlb;
+ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID2], i)) {
+return true;
}
+return false;
+}
- qemu_log_mask(CPU_LOG_MMU, "%s: TLB entry not found\n", __func__);
-return -1;
+static int mmubooke_check_tlb(CPUPPCState *env, ppcemb_tlb_t *tlb,
+ hwaddr *raddr, int *prot, target_ulong address,
+ MMUAccessType access_type, int i)
+{
+int prot2;
-found_tlb:
+if (!mmubooke_check_pid(env, tlb, raddr, address, i)) {
+qemu_log_mask(CPU_LOG_MMU, "%s: TLB entry not found\n", __func__);
+return -1;
+}
if (FIELD_EX64(env->msr, MSR, PR)) {
prot2 = tlb->prot & 0xF;
--
2.40.1
[PULL 12/29] target/ppc: PMU implement PERFM interrupts
From: Nicholas Piggin
The PMU raises a performance monitor exception (causing an interrupt
when MSR[EE]=1) when MMCR0[PMAO] is set, and lowers it when clear.
Wire this up and implement the interrupt delivery for books. Linux perf
record can now collect PMI-driven samples.
fire_PMC_interrupt is renamed to perfm_alert, which matches a bit closer
to the new terminology used in the ISA and distinguishes the alert
condition (e.g., counter overflow) from the PERFM (or EBB) interrupts.
Signed-off-by: Nicholas Piggin
Reviewed-by: Daniel Henrique Barboza
Message-Id: <20230530134313.387252-2-npig...@gmail.com>
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/excp_helper.c | 2 +-
target/ppc/power8-pmu.c | 21 ++---
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index befa9aab7f..8b95410c36 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -1543,6 +1543,7 @@ static void powerpc_excp_books(PowerPCCPU *cpu, int excp)
case POWERPC_EXCP_ISEG: /* Instruction segment exception*/
case POWERPC_EXCP_TRACE: /* Trace exception */
case POWERPC_EXCP_SDOOR: /* Doorbell interrupt */
+case POWERPC_EXCP_PERFM: /* Performance monitor interrupt*/
break;
case POWERPC_EXCP_HISI: /* Hypervisor instruction storage exception */
msr |= env->error_code;
@@ -1585,7 +1586,6 @@ static void powerpc_excp_books(PowerPCCPU *cpu, int excp)
*/
return;
case POWERPC_EXCP_THERM: /* Thermal interrupt*/
-case POWERPC_EXCP_PERFM: /* Embedded performance monitor interrupt */
case POWERPC_EXCP_VPUA: /* Vector assist exception */
case POWERPC_EXCP_MAINT: /* Maintenance exception*/
case POWERPC_EXCP_HV_MAINT: /* Hypervisor Maintenance exception */
diff --git a/target/ppc/power8-pmu.c b/target/ppc/power8-pmu.c
index af065115f2..7bb4bf81f7 100644
--- a/target/ppc/power8-pmu.c
+++ b/target/ppc/power8-pmu.c
@@ -84,8 +84,17 @@ static void pmu_update_summaries(CPUPPCState *env)
void pmu_mmcr01_updated(CPUPPCState *env)
{
+PowerPCCPU *cpu = env_archcpu(env);
+
pmu_update_summaries(env);
hreg_update_pmu_hflags(env);
+
+if (env->spr[SPR_POWER_MMCR0] & MMCR0_PMAO) {
+ppc_set_irq(cpu, PPC_INTERRUPT_PERFM, 1);
+} else {
+ppc_set_irq(cpu, PPC_INTERRUPT_PERFM, 0);
+}
+
/*
* Should this update overflow timers (if mmcr0 is updated) so they
* get set in cpu_post_load?
@@ -282,7 +291,7 @@ void helper_store_pmc(CPUPPCState *env, uint32_t sprn,
uint64_t value)
pmc_update_overflow_timer(env, sprn);
}
-static void fire_PMC_interrupt(PowerPCCPU *cpu)
+static void perfm_alert(PowerPCCPU *cpu)
{
CPUPPCState *env = &cpu->env;
@@ -306,6 +315,7 @@ static void fire_PMC_interrupt(PowerPCCPU *cpu)
/* These MMCR0 bits do not require summaries or hflags update. */
env->spr[SPR_POWER_MMCR0] &= ~MMCR0_PMAE;
env->spr[SPR_POWER_MMCR0] |= MMCR0_PMAO;
+ppc_set_irq(cpu, PPC_INTERRUPT_PERFM, 1);
}
raise_ebb_perfm_exception(env);
@@ -314,20 +324,17 @@ static void fire_PMC_interrupt(PowerPCCPU *cpu)
void helper_handle_pmc5_overflow(CPUPPCState *env)
{
env->spr[SPR_POWER_PMC5] = PMC_COUNTER_NEGATIVE_VAL;
-fire_PMC_interrupt(env_archcpu(env));
+perfm_alert(env_archcpu(env));
}
/* This helper assumes that the PMC is running. */
void helper_insns_inc(CPUPPCState *env, uint32_t num_insns)
{
bool overflow_triggered;
-PowerPCCPU *cpu;
overflow_triggered = pmu_increment_insns(env, num_insns);
-
if (overflow_triggered) {
-cpu = env_archcpu(env);
-fire_PMC_interrupt(cpu);
+perfm_alert(env_archcpu(env));
}
}
@@ -335,7 +342,7 @@ static void cpu_ppc_pmu_timer_cb(void *opaque)
{
PowerPCCPU *cpu = opaque;
-fire_PMC_interrupt(cpu);
+perfm_alert(cpu);
}
void cpu_ppc_pmu_init(CPUPPCState *env)
--
2.40.1
[PULL 08/29] target/ppc: Fix PMU hflags calculation
From: Nicholas Piggin
Some of the PMU hflags bits can go out of synch, for example a store to
MMCR0 with PMCjCE=1 fails to update hflags correctly and results in
hflags mismatch:
qemu: fatal: TCG hflags mismatch (current:0x2408003d rebuilt:0x240a003d)
This can be reproduced by running perf on a recent machine.
Some of the fragility here is the duplication of PMU hflags calculations.
This change consolidates that in a single place to update pmu-related
hflags, to be called after a well defined state changes.
The post-load PMU update is pulled out of the MSR update because it does
not depend on the MSR value.
Fixes: 8b3d1c49a9f0 ("target/ppc: Add new PMC HFLAGS")
Signed-off-by: Nicholas Piggin
Reviewed-by: Daniel Henrique Barboza
Message-Id: <20230530130447.372617-1-npig...@gmail.com>
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/cpu_init.c| 2 +-
target/ppc/helper_regs.c | 73 ++--
target/ppc/helper_regs.h | 1 +
target/ppc/machine.c | 8 ++---
target/ppc/power8-pmu.c | 38 -
target/ppc/power8-pmu.h | 4 +--
6 files changed, 85 insertions(+), 41 deletions(-)
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 05bf73296b..398f2d9966 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -7083,7 +7083,7 @@ static void ppc_cpu_reset_hold(Object *obj)
if (env->mmu_model != POWERPC_MMU_REAL) {
ppc_tlb_invalidate_all(env);
}
-pmu_update_summaries(env);
+pmu_mmcr01_updated(env);
}
/* clean any pending stop state */
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index fb351c303f..bc7e9d7eda 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -47,6 +47,48 @@ void hreg_swap_gpr_tgpr(CPUPPCState *env)
env->tgpr[3] = tmp;
}
+static uint32_t hreg_compute_pmu_hflags_value(CPUPPCState *env)
+{
+uint32_t hflags = 0;
+
+#if defined(TARGET_PPC64)
+if (env->spr[SPR_POWER_MMCR0] & MMCR0_PMCC0) {
+hflags |= 1 << HFLAGS_PMCC0;
+}
+if (env->spr[SPR_POWER_MMCR0] & MMCR0_PMCC1) {
+hflags |= 1 << HFLAGS_PMCC1;
+}
+if (env->spr[SPR_POWER_MMCR0] & MMCR0_PMCjCE) {
+hflags |= 1 << HFLAGS_PMCJCE;
+}
+
+#ifndef CONFIG_USER_ONLY
+if (env->pmc_ins_cnt) {
+hflags |= 1 << HFLAGS_INSN_CNT;
+}
+if (env->pmc_ins_cnt & 0x1e) {
+hflags |= 1 << HFLAGS_PMC_OTHER;
+}
+#endif
+#endif
+
+return hflags;
+}
+
+/* Mask of all PMU hflags */
+static uint32_t hreg_compute_pmu_hflags_mask(CPUPPCState *env)
+{
+uint32_t hflags_mask = 0;
+#if defined(TARGET_PPC64)
+hflags_mask |= 1 << HFLAGS_PMCC0;
+hflags_mask |= 1 << HFLAGS_PMCC1;
+hflags_mask |= 1 << HFLAGS_PMCJCE;
+hflags_mask |= 1 << HFLAGS_INSN_CNT;
+hflags_mask |= 1 << HFLAGS_PMC_OTHER;
+#endif
+return hflags_mask;
+}
+
static uint32_t hreg_compute_hflags_value(CPUPPCState *env)
{
target_ulong msr = env->msr;
@@ -104,30 +146,12 @@ static uint32_t hreg_compute_hflags_value(CPUPPCState
*env)
if (env->spr[SPR_LPCR] & LPCR_HR) {
hflags |= 1 << HFLAGS_HR;
}
-if (env->spr[SPR_POWER_MMCR0] & MMCR0_PMCC0) {
-hflags |= 1 << HFLAGS_PMCC0;
-}
-if (env->spr[SPR_POWER_MMCR0] & MMCR0_PMCC1) {
-hflags |= 1 << HFLAGS_PMCC1;
-}
-if (env->spr[SPR_POWER_MMCR0] & MMCR0_PMCjCE) {
-hflags |= 1 << HFLAGS_PMCJCE;
-}
#ifndef CONFIG_USER_ONLY
if (!env->has_hv_mode || (msr & (1ull << MSR_HV))) {
hflags |= 1 << HFLAGS_HV;
}
-#if defined(TARGET_PPC64)
-if (env->pmc_ins_cnt) {
-hflags |= 1 << HFLAGS_INSN_CNT;
-}
-if (env->pmc_ins_cnt & 0x1e) {
-hflags |= 1 << HFLAGS_PMC_OTHER;
-}
-#endif
-
/*
* This is our encoding for server processors. The architecture
* specifies that there is no such thing as userspace with
@@ -172,6 +196,8 @@ static uint32_t hreg_compute_hflags_value(CPUPPCState *env)
hflags |= dmmu_idx << HFLAGS_DMMU_IDX;
#endif
+hflags |= hreg_compute_pmu_hflags_value(env);
+
return hflags | (msr & msr_mask);
}
@@ -180,6 +206,17 @@ void hreg_compute_hflags(CPUPPCState *env)
env->hflags = hreg_compute_hflags_value(env);
}
+/*
+ * This can be used as a lighter-weight alternative to hreg_compute_hflags
+ * when PMU MMCR0 or pmc_ins_cnt changes. pmc_ins_cnt is changed by
+ * pmu_update_summaries.
+ */
+void hreg_update_pmu_hflags(CPUPPCState *env)
+{
+env->hflags &= ~hreg_compute_pmu_hflags_mask(env);
+env->hflags |= hreg_compute_pmu_hflags_value(env);
+}
+
#ifdef CONFIG_DEBUG_TCG
void cpu_get_tb_cpu_state(CPUPPCState *env, target_ulong *pc,
target_ulong *cs_base, uint32_t *flags)
diff --git a/target/ppc/helper_regs.h b/target/ppc/helper_regs.h
index 42f26870b9..8196c1346d 100644
--- a/target/ppc/helper_regs.h
+++ b/target/ppc/helper_regs.h
@@ -22,6 +22,7 @@
void hreg_swap_gpr_tgpr(CPUPPC
[PULL 15/29] target/ppc: Move ppcemb_tlb_search() to mmu_common.c
From: BALATON Zoltan
This function is the only reason why ppcemb_tlb_check() is not static
to mmu_common.c but it also better fits in mmu_common.c so move it
there.
Signed-off-by: BALATON Zoltan
Reviewed-by: Cédric Le Goater
Message-Id:
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/cpu.h| 4 +---
target/ppc/mmu_common.c | 22 +-
target/ppc/mmu_helper.c | 21 -
3 files changed, 22 insertions(+), 25 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 557e02e697..8001582d52 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1427,9 +1427,7 @@ void cpu_ppc_set_vhyp(PowerPCCPU *cpu,
PPCVirtualHypervisor *vhyp);
int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb,
hwaddr *raddrp, target_ulong address,
uint32_t pid);
-int ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
-hwaddr *raddrp,
-target_ulong address, uint32_t pid, int i);
+int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, uint32_t pid);
hwaddr booke206_tlb_to_page_size(CPUPPCState *env,
ppcmas_tlb_t *tlb);
#endif
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 21a353c51a..845eee4c6f 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -489,7 +489,7 @@ static int get_segment_6xx_tlb(CPUPPCState *env, mmu_ctx_t
*ctx,
}
/* Generic TLB check function for embedded PowerPC implementations */
-int ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
+static int ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
hwaddr *raddrp,
target_ulong address, uint32_t pid, int i)
{
@@ -516,6 +516,26 @@ int ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
return 0;
}
+/* Generic TLB search function for PowerPC embedded implementations */
+int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, uint32_t pid)
+{
+ppcemb_tlb_t *tlb;
+hwaddr raddr;
+int i, ret;
+
+/* Default return value is no match */
+ret = -1;
+for (i = 0; i < env->nb_tlb; i++) {
+tlb = &env->tlb.tlbe[i];
+if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, i) == 0) {
+ret = i;
+break;
+}
+}
+
+return ret;
+}
+
static int mmu40x_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
target_ulong address,
MMUAccessType access_type)
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index e7275eaec1..d3ea7588f9 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -112,27 +112,6 @@ static void ppc6xx_tlb_store(CPUPPCState *env,
target_ulong EPN, int way,
env->last_way = way;
}
-/* Generic TLB search function for PowerPC embedded implementations */
-static int ppcemb_tlb_search(CPUPPCState *env, target_ulong address,
- uint32_t pid)
-{
-ppcemb_tlb_t *tlb;
-hwaddr raddr;
-int i, ret;
-
-/* Default return value is no match */
-ret = -1;
-for (i = 0; i < env->nb_tlb; i++) {
-tlb = &env->tlb.tlbe[i];
-if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, i) == 0) {
-ret = i;
-break;
-}
-}
-
-return ret;
-}
-
/* Helpers specific to PowerPC 40x implementations */
static inline void ppc4xx_tlb_invalidate_all(CPUPPCState *env)
{
--
2.40.1
[PULL 20/29] target/ppc: Fix lqarx to set cpu_reserve
From: Nicholas Piggin
lqarx does not set cpu_reserve, which causes stqcx. to never succeed.
Cc: qemu-sta...@nongnu.org
Fixes: 94bf2658676 ("target/ppc: Use atomic load for LQ and LQARX")
Fixes: 57b38ffd0c6 ("target/ppc: Use tcg_gen_qemu_{ld,st}_i128 for LQARX, LQ,
STQ")
Signed-off-by: Nicholas Piggin
Reviewed-by: Richard Henderson
Message-Id: <20230605025445.161932-1-npig...@gmail.com>
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/translate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 37fd431870..452439b729 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -3765,6 +3765,7 @@ static void gen_lqarx(DisasContext *ctx)
tcg_gen_qemu_ld_i128(t16, EA, ctx->mem_idx, DEF_MEMOP(MO_128 | MO_ALIGN));
tcg_gen_extr_i128_i64(lo, hi, t16);
+tcg_gen_mov_tl(cpu_reserve, EA);
tcg_gen_st_tl(hi, cpu_env, offsetof(CPUPPCState, reserve_val));
tcg_gen_st_tl(lo, cpu_env, offsetof(CPUPPCState, reserve_val2));
}
--
2.40.1
[PULL 03/29] pnv/xive2: Allow writes to the Physical Thread Enable registers
From: Frederic Barrat
Fix what was probably a silly mistake and allow to write the Physical
Thread enable registers 0 and 1. Skiboot prefers to use the ENx_SET
variant so it went unnoticed, but there's no reason to discard a write
to the full register, it is Read-Write.
Fixes: da71b7e3ed45 ("ppc/pnv: Add a XIVE2 controller to the POWER10 chip")
Signed-off-by: Frederic Barrat
Reviewed-by: Cédric Le Goater
Message-Id: <20230601121331.487207-4-fbar...@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza
---
hw/intc/pnv_xive2.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/intc/pnv_xive2.c b/hw/intc/pnv_xive2.c
index a75ff270ac..132f82a035 100644
--- a/hw/intc/pnv_xive2.c
+++ b/hw/intc/pnv_xive2.c
@@ -1294,6 +1294,7 @@ static void pnv_xive2_ic_tctxt_write(void *opaque, hwaddr
offset,
*/
case TCTXT_EN0: /* Physical Thread Enable */
case TCTXT_EN1: /* Physical Thread Enable (fused core) */
+xive->tctxt_regs[reg] = val;
break;
case TCTXT_EN0_SET:
--
2.40.1
[PULL 06/29] target/ppc: Fix nested-hv HEAI delivery
From: Nicholas Piggin
ppc hypervisors turn HEAI interrupts into program interrupts injected
into the guest that executed the illegal instruction, if the hypervisor
doesn't handle it some other way.
The nested-hv implementation failed to account for this HEAI->program
conversion. The virtual hypervisor wants to see the HEAI when running
a nested guest, so that interrupt type can be returned to its KVM
caller.
Fixes: 7cebc5db2eba6 ("target/ppc: Introduce a vhyp framework for nested HV
support")
Cc: bala...@eik.bme.hu
Reviewed-by: Fabiano Rosas
Signed-off-by: Nicholas Piggin
Message-Id: <20230530132127.385001-1-npig...@gmail.com>
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/excp_helper.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index fea9221501..9ffcfe788a 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -1358,9 +1358,12 @@ static void powerpc_excp_books(PowerPCCPU *cpu, int excp)
/*
* We don't want to generate a Hypervisor Emulation Assistance
- * Interrupt if we don't have HVB in msr_mask (PAPR mode).
+ * Interrupt if we don't have HVB in msr_mask (PAPR mode),
+ * unless running a nested-hv guest, in which case the L1
+ * kernel wants the interrupt.
*/
-if (excp == POWERPC_EXCP_HV_EMU && !(env->msr_mask & MSR_HVB)) {
+if (excp == POWERPC_EXCP_HV_EMU && !(env->msr_mask & MSR_HVB) &&
+!books_vhyp_handles_hv_excp(cpu)) {
excp = POWERPC_EXCP_PROGRAM;
}
--
2.40.1
[PULL 18/29] target/ppc: Change ppcemb_tlb_check() to return bool
From: BALATON Zoltan
Signed-off-by: BALATON Zoltan
Reviewed-by: Cédric Le Goater
Message-Id:
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/mmu_common.c | 26 +-
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index ff7f987546..bd7d7d5257 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -489,15 +489,15 @@ static int get_segment_6xx_tlb(CPUPPCState *env,
mmu_ctx_t *ctx,
}
/* Generic TLB check function for embedded PowerPC implementations */
-static int ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
-hwaddr *raddrp,
-target_ulong address, uint32_t pid, int i)
+static bool ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
+ hwaddr *raddrp,
+ target_ulong address, uint32_t pid, int i)
{
target_ulong mask;
/* Check valid flag */
if (!(tlb->prot & PAGE_VALID)) {
-return -1;
+return false;
}
mask = ~(tlb->size - 1);
qemu_log_mask(CPU_LOG_MMU, "%s: TLB %d address " TARGET_FMT_lx
@@ -506,14 +506,14 @@ static int ppcemb_tlb_check(CPUPPCState *env,
ppcemb_tlb_t *tlb,
mask, (uint32_t)tlb->PID, tlb->prot);
/* Check PID */
if (tlb->PID != 0 && tlb->PID != pid) {
-return -1;
+return false;
}
/* Check effective address */
if ((address & mask) != tlb->EPN) {
-return -1;
+return false;
}
*raddrp = (tlb->RPN & mask) | (address & ~mask);
-return 0;
+return true;
}
/* Generic TLB search function for PowerPC embedded implementations */
@@ -525,7 +525,7 @@ int ppcemb_tlb_search(CPUPPCState *env, target_ulong
address, uint32_t pid)
for (i = 0; i < env->nb_tlb; i++) {
tlb = &env->tlb.tlbe[i];
-if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, i) == 0) {
+if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, i)) {
return i;
}
}
@@ -545,8 +545,8 @@ static int mmu40x_get_physical_address(CPUPPCState *env,
mmu_ctx_t *ctx,
pr = FIELD_EX64(env->msr, MSR, PR);
for (i = 0; i < env->nb_tlb; i++) {
tlb = &env->tlb.tlbe[i];
-if (ppcemb_tlb_check(env, tlb, &raddr, address,
- env->spr[SPR_40x_PID], i) < 0) {
+if (!ppcemb_tlb_check(env, tlb, &raddr, address,
+ env->spr[SPR_40x_PID], i)) {
continue;
}
zsel = (tlb->attr >> 4) & 0xF;
@@ -608,7 +608,7 @@ static int mmubooke_check_tlb(CPUPPCState *env,
ppcemb_tlb_t *tlb,
int prot2;
if (ppcemb_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID], i) >= 0) {
+ env->spr[SPR_BOOKE_PID], i)) {
if (!env->nb_pids) {
/* Extend the physical address to 36 bits */
*raddr |= (uint64_t)(tlb->RPN & 0xF) << 32;
@@ -618,13 +618,13 @@ static int mmubooke_check_tlb(CPUPPCState *env,
ppcemb_tlb_t *tlb,
if (env->spr[SPR_BOOKE_PID1] &&
ppcemb_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID1], i) >= 0) {
+ env->spr[SPR_BOOKE_PID1], i)) {
goto found_tlb;
}
if (env->spr[SPR_BOOKE_PID2] &&
ppcemb_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID2], i) >= 0) {
+ env->spr[SPR_BOOKE_PID2], i)) {
goto found_tlb;
}
--
2.40.1
[PULL 22/29] target/ppc: Remove larx/stcx. memory barrier semantics
From: Nicholas Piggin larx and stcx. are not defined to order any memory operations. Remove the barriers. Reviewed-by: Richard Henderson Signed-off-by: Nicholas Piggin Message-Id: <20230605025445.161932-3-npig...@gmail.com> Signed-off-by: Daniel Henrique Barboza --- target/ppc/translate.c | 11 --- 1 file changed, 11 deletions(-) diff --git a/target/ppc/translate.c b/target/ppc/translate.c index cf0bd79b8c..cb4764476d 100644 --- a/target/ppc/translate.c +++ b/target/ppc/translate.c @@ -3476,7 +3476,6 @@ static void gen_load_locked(DisasContext *ctx, MemOp memop) tcg_gen_mov_tl(cpu_reserve, t0); tcg_gen_movi_tl(cpu_reserve_length, memop_size(memop)); tcg_gen_mov_tl(cpu_reserve_val, gpr); -tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ); } #define LARX(name, memop) \ @@ -3720,11 +3719,6 @@ static void gen_conditional_store(DisasContext *ctx, MemOp memop) gen_set_label(l1); -/* - * Address mismatch implies failure. But we still need to provide - * the memory barrier semantics of the instruction. - */ -tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL); tcg_gen_trunc_tl_i32(cpu_crf[0], cpu_so); gen_set_label(l2); @@ -3828,11 +3822,6 @@ static void gen_stqcx_(DisasContext *ctx) tcg_gen_br(lab_over); gen_set_label(lab_fail); -/* - * Address mismatch implies failure. But we still need to provide - * the memory barrier semantics of the instruction. - */ -tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL); tcg_gen_trunc_tl_i32(cpu_crf[0], cpu_so); gen_set_label(lab_over); -- 2.40.1
[PULL 02/29] pnv/xive2: Add definition for the ESB cache configuration register
From: Frederic Barrat Add basic read/write support for the ESB cache configuration register on P10. We don't model the ESB cache in qemu so reading/writing the register won't do anything, but it avoids logging a guest error when skiboot configures it: qemu-system-ppc64 -machine powernv10 ... -d guest_errors ... XIVE[0] - VC: invalid read @240 XIVE[0] - VC: invalid write @240 Signed-off-by: Frederic Barrat Reviewed-by: Cédric Le Goater Message-Id: <20230601121331.487207-3-fbar...@linux.ibm.com> Signed-off-by: Daniel Henrique Barboza --- hw/intc/pnv_xive2.c | 7 +++ hw/intc/pnv_xive2_regs.h | 4 2 files changed, 11 insertions(+) diff --git a/hw/intc/pnv_xive2.c b/hw/intc/pnv_xive2.c index 889e409929..a75ff270ac 100644 --- a/hw/intc/pnv_xive2.c +++ b/hw/intc/pnv_xive2.c @@ -955,6 +955,10 @@ static uint64_t pnv_xive2_ic_vc_read(void *opaque, hwaddr offset, val = xive->vc_regs[reg]; break; +case VC_ESBC_CFG: +val = xive->vc_regs[reg]; +break; + /* * EAS cache updates (not modeled) */ @@ -1046,6 +1050,9 @@ static void pnv_xive2_ic_vc_write(void *opaque, hwaddr offset, /* ESB update */ break; +case VC_ESBC_CFG: +break; + /* * EAS cache updates (not modeled) */ diff --git a/hw/intc/pnv_xive2_regs.h b/hw/intc/pnv_xive2_regs.h index 8f1e0a1fde..7165dc8704 100644 --- a/hw/intc/pnv_xive2_regs.h +++ b/hw/intc/pnv_xive2_regs.h @@ -232,6 +232,10 @@ #define VC_ESBC_FLUSH_POLL_BLOCK_ID_MASK PPC_BITMASK(32, 35) #define VC_ESBC_FLUSH_POLL_OFFSET_MASK PPC_BITMASK(36, 63) /* 28-bit */ +/* ESBC configuration */ +#define X_VC_ESBC_CFG 0x148 +#define VC_ESBC_CFG 0x240 + /* EASC flush control register */ #define X_VC_EASC_FLUSH_CTRL0x160 #define VC_EASC_FLUSH_CTRL 0x300 -- 2.40.1
[PULL 16/29] target/ppc: Remove some unneded line breaks
From: BALATON Zoltan
Make lines shorter and fix indentation in some functions prototypes.
Signed-off-by: BALATON Zoltan
Reviewed-by: Cédric Le Goater
Message-Id:
<70952ba2d82141db1cf5cfcf4b227402be575874.1685448535.git.bala...@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/cpu.h| 8 +++-
target/ppc/mmu_common.c | 8 +++-
2 files changed, 6 insertions(+), 10 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 8001582d52..c7c2a5534c 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1424,12 +1424,10 @@ void store_booke_tsr(CPUPPCState *env, target_ulong
val);
void ppc_tlb_invalidate_all(CPUPPCState *env);
void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr);
void cpu_ppc_set_vhyp(PowerPCCPU *cpu, PPCVirtualHypervisor *vhyp);
-int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb,
-hwaddr *raddrp, target_ulong address,
-uint32_t pid);
+int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb, hwaddr *raddrp,
+ target_ulong address, uint32_t pid);
int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, uint32_t pid);
-hwaddr booke206_tlb_to_page_size(CPUPPCState *env,
-ppcmas_tlb_t *tlb);
+hwaddr booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t *tlb);
#endif
void ppc_store_fpscr(CPUPPCState *env, target_ulong val);
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 845eee4c6f..a84bc7de88 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -694,8 +694,7 @@ static int mmubooke_get_physical_address(CPUPPCState *env,
mmu_ctx_t *ctx,
return ret;
}
-hwaddr booke206_tlb_to_page_size(CPUPPCState *env,
-ppcmas_tlb_t *tlb)
+hwaddr booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t *tlb)
{
int tlbm_size;
@@ -705,9 +704,8 @@ hwaddr booke206_tlb_to_page_size(CPUPPCState *env,
}
/* TLB check function for MAS based SoftTLBs */
-int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb,
-hwaddr *raddrp, target_ulong address,
-uint32_t pid)
+int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb, hwaddr *raddrp,
+ target_ulong address, uint32_t pid)
{
hwaddr mask;
uint32_t tlb_pid;
--
2.40.1
[PULL 10/29] target/ppc: Fix msgclrp interrupt type
From: Nicholas Piggin msgclrp matches msgsndp and should clear PPC_INTERRUPT_DOORBELL. Signed-off-by: Nicholas Piggin Reviewed-by: Cédric Le Goater Message-Id: <20230530130714.373215-1-npig...@gmail.com> Signed-off-by: Daniel Henrique Barboza --- target/ppc/excp_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c index 9ffcfe788a..de6ad121d2 100644 --- a/target/ppc/excp_helper.c +++ b/target/ppc/excp_helper.c @@ -3071,7 +3071,7 @@ void helper_book3s_msgclrp(CPUPPCState *env, target_ulong rb) return; } -ppc_set_irq(env_archcpu(env), PPC_INTERRUPT_HDOORBELL, 0); +ppc_set_irq(env_archcpu(env), PPC_INTERRUPT_DOORBELL, 0); } /* -- 2.40.1
[PULL 00/29] ppc queue
The following changes since commit 3673ad389622d9ef4d2743101253c642def7935a: tcg/tci: Fix MemOpIdx operand index for 3-operand memops (2023-06-09 08:30:56 -0700) are available in the Git repository at: https://gitlab.com/danielhb/qemu.git tags/pull-ppc-20230610 for you to fetch changes up to 9ec08f3569be3bc8bfd4d9b8b0445b9136910661: hw/ppc/Kconfig: MAC_NEWWORLD should always select USB_OHCI_PCI (2023-06-10 10:19:24 -0300) ppc patch queue for 2023-06-10: This queue includes several assorted fixes for target/ppc emulation and XIVE2. It also includes an openpic fix, an avocado fix for ppc64 binaries without slipr and a Kconfig change for MAC_NEWWORLD. BALATON Zoltan (8): target/ppc: Remove single use function target/ppc: Remove "ext" parameter of ppcemb_tlb_check() target/ppc: Move ppcemb_tlb_search() to mmu_common.c target/ppc: Remove some unneded line breaks target/ppc: Simplify ppcemb_tlb_search() target/ppc: Change ppcemb_tlb_check() to return bool target/ppc: Eliminate goto in mmubooke_check_tlb() target/ppc: Implement gathering irq statistics Frederic Barrat (6): pnv/xive2: Add definition for TCTXT Config register pnv/xive2: Add definition for the ESB cache configuration register pnv/xive2: Allow writes to the Physical Thread Enable registers pnv/xive2: Introduce macros to manipulate TIMA addresses pnv/xive2: Handle TIMA access through all ports pnv/xive2: Quiet down some error messages Nicholas Piggin (12): target/ppc: Fix nested-hv HEAI delivery target/ppc: Fix PMU hflags calculation target/ppc: PMU do not clear MMCR0[FCECE] on performance monitor alert target/ppc: Fix msgclrp interrupt type target/ppc: Support directed privileged doorbell interrupt (SDOOR) target/ppc: PMU implement PERFM interrupts target/ppc: Fix lqarx to set cpu_reserve target/ppc: Ensure stcx size matches larx target/ppc: Remove larx/stcx. memory barrier semantics target/ppc: Rework store conditional to avoid branch target/ppc: Fix decrementer time underflow and infinite timer loop target/ppc: Decrementer fix BookE semantics Philippe Mathieu-Daudé (1): hw/ppc/openpic: Do not open-code ROUND_UP() macro Thomas Huth (2): tests/avocado/tuxrun_baselines: Fix ppc64 tests for binaries without slirp hw/ppc/Kconfig: MAC_NEWWORLD should always select USB_OHCI_PCI hw/intc/pnv_xive2.c | 24 ++- hw/intc/pnv_xive2_regs.h | 8 hw/intc/xive.c| 16 +++ hw/ppc/Kconfig| 1 + hw/ppc/ppc.c | 11 ++--- include/hw/ppc/openpic.h | 2 +- include/hw/ppc/xive_regs.h| 16 +++ target/ppc/cpu.h | 19 target/ppc/cpu_init.c | 24 +-- target/ppc/excp_helper.c | 14 +++--- target/ppc/helper_regs.c | 73 +++ target/ppc/helper_regs.h | 1 + target/ppc/machine.c | 8 ++-- target/ppc/mmu_common.c | 91 ++- target/ppc/mmu_helper.c | 32 +- target/ppc/power8-pmu.c | 60 +++--- target/ppc/power8-pmu.h | 4 +- target/ppc/translate.c| 80 -- tests/avocado/tuxrun_baselines.py | 1 + 19 files changed, 289 insertions(+), 196 deletions(-)
[PULL 25/29] target/ppc: Decrementer fix BookE semantics
From: Nicholas Piggin
The decrementer store function has logic that short-cuts the timer if a
very small value is stored (0, 1, or 2) and raises an interrupt
directly. There are two problem with this on BookE.
First is that BookE says a decrementer interrupt should not be raised
on a store of 0, only of a decrement from 1. Second is that raising
the irq directly will bypass the auto-reload logic in the booke decr
timer function, breaking autoreload when 1 or 2 is stored.
Fix this by removing that small-value special case. It makes this
tricky logic even more difficult to reason about, and it hardly matters
for performance.
Cc: sdic...@ddci.com
Signed-off-by: Nicholas Piggin
Reviewed-by: Daniel Henrique Barboza
Message-Id: <20230530131214.373524-2-npig...@gmail.com>
Signed-off-by: Daniel Henrique Barboza
---
hw/ppc/ppc.c | 9 ++---
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
index d80b0adc6c..1b1220c423 100644
--- a/hw/ppc/ppc.c
+++ b/hw/ppc/ppc.c
@@ -811,11 +811,7 @@ static void __cpu_ppc_store_decr(PowerPCCPU *cpu, uint64_t
*nextp,
}
/*
- * Going from 2 -> 1, 1 -> 0 or 0 -> -1 is the event to generate a DEC
- * interrupt.
- *
- * If we get a really small DEC value, we can assume that by the time we
- * handled it we should inject an interrupt already.
+ * Going from 1 -> 0 or 0 -> -1 is the event to generate a DEC interrupt.
*
* On MSB level based DEC implementations the MSB always means the
interrupt
* is pending, so raise it on those.
@@ -823,8 +819,7 @@ static void __cpu_ppc_store_decr(PowerPCCPU *cpu, uint64_t
*nextp,
* On MSB edge based DEC implementations the MSB going from 0 -> 1 triggers
* an edge interrupt, so raise it here too.
*/
-if ((value < 3) ||
-((tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL) && signed_value < 0) ||
+if (((tb_env->flags & PPC_DECR_UNDERFLOW_LEVEL) && signed_value < 0) ||
((tb_env->flags & PPC_DECR_UNDERFLOW_TRIGGERED) && signed_value < 0
&& signed_decr >= 0)) {
(*raise_excp)(cpu);
--
2.40.1
[PULL 01/29] pnv/xive2: Add definition for TCTXT Config register
From: Frederic Barrat
Add basic read/write support for the TCTXT Config register on P10. qemu
doesn't do anything with it yet, but it avoids logging a guest error
when skiboot configures the fused-core state:
qemu-system-ppc64 -machine powernv10 ... -d guest_errors
...
[0.13167,5] XIVE: [ IC 00 ] Initializing XIVE block ID 0...
XIVE[0] - TCTXT: invalid read @140
XIVE[0] - TCTXT: invalid write @140
Signed-off-by: Frederic Barrat
Reviewed-by: Cédric Le Goater
Message-Id: <20230601121331.487207-2-fbar...@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza
---
hw/intc/pnv_xive2.c | 8 +++-
hw/intc/pnv_xive2_regs.h | 4
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/hw/intc/pnv_xive2.c b/hw/intc/pnv_xive2.c
index 7176d70234..889e409929 100644
--- a/hw/intc/pnv_xive2.c
+++ b/hw/intc/pnv_xive2.c
@@ -1265,6 +1265,9 @@ static uint64_t pnv_xive2_ic_tctxt_read(void *opaque,
hwaddr offset,
case TCTXT_EN1_RESET:
val = xive->tctxt_regs[TCTXT_EN1 >> 3];
break;
+case TCTXT_CFG:
+val = xive->tctxt_regs[reg];
+break;
default:
xive2_error(xive, "TCTXT: invalid read @%"HWADDR_PRIx, offset);
}
@@ -1276,6 +1279,7 @@ static void pnv_xive2_ic_tctxt_write(void *opaque, hwaddr
offset,
uint64_t val, unsigned size)
{
PnvXive2 *xive = PNV_XIVE2(opaque);
+uint32_t reg = offset >> 3;
switch (offset) {
/*
@@ -1297,7 +1301,9 @@ static void pnv_xive2_ic_tctxt_write(void *opaque, hwaddr
offset,
case TCTXT_EN1_RESET:
xive->tctxt_regs[TCTXT_EN1 >> 3] &= ~val;
break;
-
+case TCTXT_CFG:
+xive->tctxt_regs[reg] = val;
+break;
default:
xive2_error(xive, "TCTXT: invalid write @%"HWADDR_PRIx, offset);
return;
diff --git a/hw/intc/pnv_xive2_regs.h b/hw/intc/pnv_xive2_regs.h
index 0c096e4adb..8f1e0a1fde 100644
--- a/hw/intc/pnv_xive2_regs.h
+++ b/hw/intc/pnv_xive2_regs.h
@@ -405,6 +405,10 @@
#define X_TCTXT_EN1_RESET 0x307
#define TCTXT_EN1_RESET 0x038
+/* TCTXT Config register */
+#define X_TCTXT_CFG 0x328
+#define TCTXT_CFG 0x140
+
/*
* VSD Tables
*/
--
2.40.1
[PULL 17/29] target/ppc: Simplify ppcemb_tlb_search()
From: BALATON Zoltan
No nead to store return value and break from loop when we can return
directly.
Signed-off-by: BALATON Zoltan
Reviewed-by: Cédric Le Goater
Message-Id:
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/mmu_common.c | 10 +++---
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index a84bc7de88..ff7f987546 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -521,19 +521,15 @@ int ppcemb_tlb_search(CPUPPCState *env, target_ulong
address, uint32_t pid)
{
ppcemb_tlb_t *tlb;
hwaddr raddr;
-int i, ret;
+int i;
-/* Default return value is no match */
-ret = -1;
for (i = 0; i < env->nb_tlb; i++) {
tlb = &env->tlb.tlbe[i];
if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, i) == 0) {
-ret = i;
-break;
+return i;
}
}
-
-return ret;
+return -1;
}
static int mmu40x_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
--
2.40.1
[PULL 27/29] tests/avocado/tuxrun_baselines: Fix ppc64 tests for binaries without slirp
From: Thomas Huth
The ppc64 tuxrun tests are currently failing if "slirp" has been
disabled in the binary since they are using "-netdev user" now.
We have to skip the test if this network backend is missing.
Fixes: 6ee3624236 ("improve code coverage for ppc64")
Signed-off-by: Thomas Huth
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Daniel Henrique Barboza
Acked-by: Alex Bennée
Message-Id: <20230606192802.666000-1-th...@redhat.com>
Signed-off-by: Daniel Henrique Barboza
---
tests/avocado/tuxrun_baselines.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/avocado/tuxrun_baselines.py
b/tests/avocado/tuxrun_baselines.py
index 3a46e7a745..e12250eabb 100644
--- a/tests/avocado/tuxrun_baselines.py
+++ b/tests/avocado/tuxrun_baselines.py
@@ -184,6 +184,7 @@ def common_tuxrun(self,
def ppc64_common_tuxrun(self, sums, prefix):
# add device args to command line.
+self.require_netdev('user')
self.vm.add_args('-netdev', 'user,id=vnet,hostfwd=:127.0.0.1:0-:22',
'-device', 'virtio-net,netdev=vnet')
self.vm.add_args('-netdev', '{"type":"user","id":"hostnet0"}',
--
2.40.1
[PULL 13/29] target/ppc: Remove single use function
From: BALATON Zoltan
The get_physical_address() function is a trivial wrapper of
get_physical_address_wtlb() that is only used once. Remove it and call
get_physical_address_wtlb() directly instead.
Signed-off-by: BALATON Zoltan
Reviewed-by: Cédric Le Goater
Message-Id:
<302697d63d26caebefaeee1e45352145ebd0318a.1685448535.git.bala...@eik.bme.hu>
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/mmu_helper.c | 11 +--
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index 64e30435f5..c0c71a68ff 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -168,15 +168,6 @@ static void booke206_flush_tlb(CPUPPCState *env, int flags,
tlb_flush(env_cpu(env));
}
-static int get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
-target_ulong eaddr, MMUAccessType access_type,
-int type)
-{
-return get_physical_address_wtlb(env, ctx, eaddr, access_type, type, 0);
-}
-
-
-
/*/
/* BATs management */
#if !defined(FLUSH_ALL_TLBS)
@@ -643,7 +634,7 @@ target_ulong helper_rac(CPUPPCState *env, target_ulong addr)
*/
nb_BATs = env->nb_BATs;
env->nb_BATs = 0;
-if (get_physical_address(env, &ctx, addr, 0, ACCESS_INT) == 0) {
+if (get_physical_address_wtlb(env, &ctx, addr, 0, ACCESS_INT, 0) == 0) {
ret = ctx.raddr;
}
env->nb_BATs = nb_BATs;
--
2.40.1
[PULL 26/29] hw/ppc/openpic: Do not open-code ROUND_UP() macro
From: Philippe Mathieu-Daudé
While reviewing, the ROUND_UP() macro is easier to figure out.
Besides, the comment confirms we want to round up here.
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Henderson
Reviewed-by: Mark Cave-Ayland
Message-Id: <20230523061546.49031-1-phi...@linaro.org>
Signed-off-by: Daniel Henrique Barboza
---
include/hw/ppc/openpic.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/hw/ppc/openpic.h b/include/hw/ppc/openpic.h
index ebdaf8a493..bae8dafe16 100644
--- a/include/hw/ppc/openpic.h
+++ b/include/hw/ppc/openpic.h
@@ -55,7 +55,7 @@ typedef enum IRQType {
* Round up to the nearest 64 IRQs so that the queue length
* won't change when moving between 32 and 64 bit hosts.
*/
-#define IRQQUEUE_SIZE_BITS ((OPENPIC_MAX_IRQ + 63) & ~63)
+#define IRQQUEUE_SIZE_BITS ROUND_UP(OPENPIC_MAX_IRQ, 64)
typedef struct IRQQueue {
unsigned long *queue;
--
2.40.1
[PULL 09/29] target/ppc: PMU do not clear MMCR0[FCECE] on performance monitor alert
From: Nicholas Piggin
FCECE does not get cleared according to the ISA v3.1B.
Signed-off-by: Nicholas Piggin
Reviewed-by: Daniel Henrique Barboza
Message-Id: <20230530134313.387252-1-npig...@gmail.com>
Signed-off-by: Daniel Henrique Barboza
---
target/ppc/power8-pmu.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/target/ppc/power8-pmu.c b/target/ppc/power8-pmu.c
index c4c331c6b5..af065115f2 100644
--- a/target/ppc/power8-pmu.c
+++ b/target/ppc/power8-pmu.c
@@ -289,7 +289,6 @@ static void fire_PMC_interrupt(PowerPCCPU *cpu)
pmu_update_cycles(env);
if (env->spr[SPR_POWER_MMCR0] & MMCR0_FCECE) {
-env->spr[SPR_POWER_MMCR0] &= ~MMCR0_FCECE;
env->spr[SPR_POWER_MMCR0] |= MMCR0_FC;
/* Changing MMCR0_FC requires summaries and hflags update */
--
2.40.1
[PULL 05/29] pnv/xive2: Handle TIMA access through all ports
From: Frederic Barrat
The Thread Interrupt Management Area (TIMA) can be accessed through 4
ports, targeted by the address. The base address of a TIMA
is using port 0 and the other ports are 0x80 apart. Using one port or
another can be useful to balance the load on the snoop buses. With
skiboot and linux, we currently use port 0, but as it tends to be
busy, another hypervisor is using port 1 for TIMA access.
The port address bits fall in between the special op indication
bits (the 2 MSBs) and the register offset bits (the 6 LSBs). They are
"don't care" for the hardware when processing a TIMA operation. This
patch filters out those port address bits so that a TIMA operation can
be triggered using any port.
It is also true for indirect access (through the IC BAR) and it's
actually nothing new, it was already the case on P9. Which helps here,
as the TIMA handling code is common between P9 (xive) and P10 (xive2).
Signed-off-by: Frederic Barrat
Reviewed-by: Cédric Le Goater
Message-Id: <20230601121331.487207-6-fbar...@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza
---
hw/intc/pnv_xive2.c | 4
hw/intc/xive.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/hw/intc/pnv_xive2.c b/hw/intc/pnv_xive2.c
index 132f82a035..e5a028c1e6 100644
--- a/hw/intc/pnv_xive2.c
+++ b/hw/intc/pnv_xive2.c
@@ -1662,6 +1662,8 @@ static void pnv_xive2_tm_write(void *opaque, hwaddr
offset,
bool gen1_tima_os =
xive->cq_regs[CQ_XIVE_CFG >> 3] & CQ_XIVE_CFG_GEN1_TIMA_OS;
+offset &= TM_ADDRESS_MASK;
+
/* TODO: should we switch the TM ops table instead ? */
if (!gen1_tima_os && offset == HV_PUSH_OS_CTX_OFFSET) {
xive2_tm_push_os_ctx(xptr, tctx, offset, value, size);
@@ -1681,6 +1683,8 @@ static uint64_t pnv_xive2_tm_read(void *opaque, hwaddr
offset, unsigned size)
bool gen1_tima_os =
xive->cq_regs[CQ_XIVE_CFG >> 3] & CQ_XIVE_CFG_GEN1_TIMA_OS;
+offset &= TM_ADDRESS_MASK;
+
/* TODO: should we switch the TM ops table instead ? */
if (!gen1_tima_os && offset == HV_PULL_OS_CTX_OFFSET) {
return xive2_tm_pull_os_ctx(xptr, tctx, offset, size);
diff --git a/hw/intc/xive.c b/hw/intc/xive.c
index ebe399bc09..5204c14b87 100644
--- a/hw/intc/xive.c
+++ b/hw/intc/xive.c
@@ -500,7 +500,7 @@ static const XiveTmOp xive_tm_operations[] = {
static const XiveTmOp *xive_tm_find_op(hwaddr offset, unsigned size, bool
write)
{
uint8_t page_offset = (offset >> TM_SHIFT) & 0x3;
-uint32_t op_offset = offset & 0xFFF;
+uint32_t op_offset = offset & TM_ADDRESS_MASK;
int i;
for (i = 0; i < ARRAY_SIZE(xive_tm_operations); i++) {
--
2.40.1
[PULL 04/29] pnv/xive2: Introduce macros to manipulate TIMA addresses
From: Frederic Barrat
TIMA addresses are somewhat special and are split in several bit
fields with different meanings. This patch describes it and introduce
macros to more easily access the various fields.
Signed-off-by: Frederic Barrat
Reviewed-by: Cédric Le Goater
Message-Id: <20230601121331.487207-5-fbar...@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza
---
hw/intc/xive.c | 14 +++---
include/hw/ppc/xive_regs.h | 16
2 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/hw/intc/xive.c b/hw/intc/xive.c
index a986b96843..ebe399bc09 100644
--- a/hw/intc/xive.c
+++ b/hw/intc/xive.c
@@ -249,7 +249,7 @@ static const uint8_t *xive_tm_views[] = {
static uint64_t xive_tm_mask(hwaddr offset, unsigned size, bool write)
{
uint8_t page_offset = (offset >> TM_SHIFT) & 0x3;
-uint8_t reg_offset = offset & 0x3F;
+uint8_t reg_offset = offset & TM_REG_OFFSET;
uint8_t reg_mask = write ? 0x1 : 0x2;
uint64_t mask = 0x0;
int i;
@@ -266,8 +266,8 @@ static uint64_t xive_tm_mask(hwaddr offset, unsigned size,
bool write)
static void xive_tm_raw_write(XiveTCTX *tctx, hwaddr offset, uint64_t value,
unsigned size)
{
-uint8_t ring_offset = offset & 0x30;
-uint8_t reg_offset = offset & 0x3F;
+uint8_t ring_offset = offset & TM_RING_OFFSET;
+uint8_t reg_offset = offset & TM_REG_OFFSET;
uint64_t mask = xive_tm_mask(offset, size, true);
int i;
@@ -296,8 +296,8 @@ static void xive_tm_raw_write(XiveTCTX *tctx, hwaddr
offset, uint64_t value,
static uint64_t xive_tm_raw_read(XiveTCTX *tctx, hwaddr offset, unsigned size)
{
-uint8_t ring_offset = offset & 0x30;
-uint8_t reg_offset = offset & 0x3F;
+uint8_t ring_offset = offset & TM_RING_OFFSET;
+uint8_t reg_offset = offset & TM_REG_OFFSET;
uint64_t mask = xive_tm_mask(offset, size, false);
uint64_t ret;
int i;
@@ -534,7 +534,7 @@ void xive_tctx_tm_write(XivePresenter *xptr, XiveTCTX
*tctx, hwaddr offset,
/*
* First, check for special operations in the 2K region
*/
-if (offset & 0x800) {
+if (offset & TM_SPECIAL_OP) {
xto = xive_tm_find_op(offset, size, true);
if (!xto) {
qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid write access at TIMA
"
@@ -573,7 +573,7 @@ uint64_t xive_tctx_tm_read(XivePresenter *xptr, XiveTCTX
*tctx, hwaddr offset,
/*
* First, check for special operations in the 2K region
*/
-if (offset & 0x800) {
+if (offset & TM_SPECIAL_OP) {
xto = xive_tm_find_op(offset, size, false);
if (!xto) {
qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid read access to TIMA"
diff --git a/include/hw/ppc/xive_regs.h b/include/hw/ppc/xive_regs.h
index b7fde2354e..4a3c9badd3 100644
--- a/include/hw/ppc/xive_regs.h
+++ b/include/hw/ppc/xive_regs.h
@@ -48,6 +48,22 @@
#define TM_SHIFT16
+/*
+ * TIMA addresses are 12-bits (4k page).
+ * The MSB indicates a special op with side effect, which can be
+ * refined with bit 10 (see below).
+ * The registers, logically grouped in 4 rings (a quad-word each), are
+ * defined on the 6 LSBs (offset below 0x40)
+ * In between, we can add a cache line index from 0...3 (ie, 0, 0x80,
+ * 0x100, 0x180) to select a specific snooper. Those 'snoop port
+ * address' bits should be dropped when processing the operations as
+ * they are all equivalent.
+ */
+#define TM_ADDRESS_MASK 0xC3F
+#define TM_SPECIAL_OP 0x800
+#define TM_RING_OFFSET 0x30
+#define TM_REG_OFFSET 0x3F
+
/* TM register offsets */
#define TM_QW0_USER 0x000 /* All rings */
#define TM_QW1_OS 0x010 /* Ring 0..2 */
--
2.40.1
Re: [PATCH v2] 9pfs: deprecate 'proxy' backend
On Saturday, June 10, 2023 1:07:27 PM CEST Christian Schoenebeck wrote:
> As recent CVE-2023-2861 once again showed, the 9p 'proxy' fs driver is in
> bad shape. Using the 'proxy' backend was already discouraged for safety
> reasons before and we recommended to use the 'local' backend instead,
> but now it is time to officially deprecate the 'proxy' backend.
>
> Signed-off-by: Christian Schoenebeck
> ---
> v1 -> v2:
> * Add deprecation notice also to virtfs-proxy-helper.rst,
>qemu-options.hx and to the 'proxy' source files
>(virtfs-proxy-helper.c, 9p-proxy.c, 9p-proxy.h).
>
> MAINTAINERS| 7 +++
> docs/about/deprecated.rst | 17 +
> docs/tools/virtfs-proxy-helper.rst | 3 +++
> fsdev/qemu-fsdev.c | 5 +
> fsdev/virtfs-proxy-helper.c| 5 +
> hw/9pfs/9p-proxy.c | 5 +
> hw/9pfs/9p-proxy.h | 5 +
> meson.build| 2 +-
> qemu-options.hx| 6 +-
> softmmu/vl.c | 5 +
> 10 files changed, 58 insertions(+), 2 deletions(-)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 436b3f0afe..185d694b2e 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -2118,13 +2118,20 @@ S: Odd Fixes
> W: https://wiki.qemu.org/Documentation/9p
> F: hw/9pfs/
> X: hw/9pfs/xen-9p*
> +X: hw/9pfs/9p-proxy*
> F: fsdev/
> +X: fsdev/virtfs-proxy-helper.c
> F: docs/tools/virtfs-proxy-helper.rst
> F: tests/qtest/virtio-9p-test.c
> F: tests/qtest/libqos/virtio-9p*
> T: git https://gitlab.com/gkurz/qemu.git 9p-next
> T: git https://github.com/cschoenebeck/qemu.git 9p.next
>
> +virtio-9p-proxy
> +F: hw/9pfs/9p-proxy*
> +F: fsdev/virtfs-proxy-helper.c
> +S: Obsolete
> +
> virtio-blk
> M: Stefan Hajnoczi
> L: qemu-bl...@nongnu.org
> diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
> index 0743459862..9b2c780365 100644
> --- a/docs/about/deprecated.rst
> +++ b/docs/about/deprecated.rst
> @@ -343,6 +343,23 @@ the addition of volatile memory support, it is now
> necessary to distinguish
> between persistent and volatile memory backends. As such, memdev is
> deprecated
> in favor of persistent-memdev.
>
> +``-fsdev proxy`` and ``-virtfs proxy`` (since 8.1)
> +^^
> +
> +The 9p ``proxy`` filesystem backend driver has been deprecated and will be
> +removed in a future version of QEMU. Please use ``-fsdev local`` or
> +``-virtfs local`` for using the ``local`` 9p filesystem backend instead.
> +
> +The 9p ``proxy`` backend was originally developed as an alternative to the 9p
> +``local`` backend. The idea was to enhance security by dispatching actual low
> +level filesystem operations from 9p server (QEMU process) over to a separate
> +process (the virtfs-proxy-helper binary). However this alternative never
> gained
> +momentum. The proxy backend is much slower than the local backend, hasn't
> seen
> +any development in years, and showed to be less secure, especially due to the
> +fact that its helper daemon must be run as root, whereas with the local
> backend
> +QEMU is typically run as unprivileged user and allows to tighten behaviour by
> +mapping permissions et al.
> +
>
> Block device options
>
> diff --git a/docs/tools/virtfs-proxy-helper.rst
> b/docs/tools/virtfs-proxy-helper.rst
> index 6cdeedf8e9..f5051130e2 100644
> --- a/docs/tools/virtfs-proxy-helper.rst
> +++ b/docs/tools/virtfs-proxy-helper.rst
> @@ -9,6 +9,9 @@ Synopsis
> Description
> ---
>
> +NOTE: The 9p 'proxy' nackend is deprecated (since QEMU 8.1) and will be
> +removed, along with this daemon, in a future version of QEMU!
> +
> Pass-through security model in QEMU 9p server needs root privilege to do
> few file operations (like chown, chmod to any mode/uid:gid). There are two
> issues in pass-through security model:
> diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c
> index 3da64e9f72..242f54ab49 100644
> --- a/fsdev/qemu-fsdev.c
> +++ b/fsdev/qemu-fsdev.c
> @@ -133,6 +133,11 @@ int qemu_fsdev_add(QemuOpts *opts, Error **errp)
> }
>
> if (fsdriver) {
> +if (strncmp(fsdriver, "proxy", 5) == 0) {
> +warn_report("'-fsdev proxy' is deprecated, use '-fsdev local' "
> +"instead");
> +}
> +
> for (i = 0; i < ARRAY_SIZE(FsDrivers); i++) {
> if (strcmp(FsDrivers[i].name, fsdriver) == 0) {
> break;
> diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
> index d9511f429c..87e358376a 100644
> --- a/fsdev/virtfs-proxy-helper.c
> +++ b/fsdev/virtfs-proxy-helper.c
> @@ -9,6 +9,11 @@
> * the COPYING file in the top-level directory.
> */
>
> +/*
> + * NOTE: The 9p 'proxy' nackend is deprecated (since QEMU 8.1) and will be
> + * removed in a future version of QEMU!
> + */
> +
> #include "qemu/osdep.h"
> #include
> #include
>
[PATCH v2] 9pfs: deprecate 'proxy' backend
As recent CVE-2023-2861 once again showed, the 9p 'proxy' fs driver is in
bad shape. Using the 'proxy' backend was already discouraged for safety
reasons before and we recommended to use the 'local' backend instead,
but now it is time to officially deprecate the 'proxy' backend.
Signed-off-by: Christian Schoenebeck
---
v1 -> v2:
* Add deprecation notice also to virtfs-proxy-helper.rst,
qemu-options.hx and to the 'proxy' source files
(virtfs-proxy-helper.c, 9p-proxy.c, 9p-proxy.h).
MAINTAINERS| 7 +++
docs/about/deprecated.rst | 17 +
docs/tools/virtfs-proxy-helper.rst | 3 +++
fsdev/qemu-fsdev.c | 5 +
fsdev/virtfs-proxy-helper.c| 5 +
hw/9pfs/9p-proxy.c | 5 +
hw/9pfs/9p-proxy.h | 5 +
meson.build| 2 +-
qemu-options.hx| 6 +-
softmmu/vl.c | 5 +
10 files changed, 58 insertions(+), 2 deletions(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index 436b3f0afe..185d694b2e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2118,13 +2118,20 @@ S: Odd Fixes
W: https://wiki.qemu.org/Documentation/9p
F: hw/9pfs/
X: hw/9pfs/xen-9p*
+X: hw/9pfs/9p-proxy*
F: fsdev/
+X: fsdev/virtfs-proxy-helper.c
F: docs/tools/virtfs-proxy-helper.rst
F: tests/qtest/virtio-9p-test.c
F: tests/qtest/libqos/virtio-9p*
T: git https://gitlab.com/gkurz/qemu.git 9p-next
T: git https://github.com/cschoenebeck/qemu.git 9p.next
+virtio-9p-proxy
+F: hw/9pfs/9p-proxy*
+F: fsdev/virtfs-proxy-helper.c
+S: Obsolete
+
virtio-blk
M: Stefan Hajnoczi
L: qemu-bl...@nongnu.org
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 0743459862..9b2c780365 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -343,6 +343,23 @@ the addition of volatile memory support, it is now
necessary to distinguish
between persistent and volatile memory backends. As such, memdev is deprecated
in favor of persistent-memdev.
+``-fsdev proxy`` and ``-virtfs proxy`` (since 8.1)
+^^
+
+The 9p ``proxy`` filesystem backend driver has been deprecated and will be
+removed in a future version of QEMU. Please use ``-fsdev local`` or
+``-virtfs local`` for using the ``local`` 9p filesystem backend instead.
+
+The 9p ``proxy`` backend was originally developed as an alternative to the 9p
+``local`` backend. The idea was to enhance security by dispatching actual low
+level filesystem operations from 9p server (QEMU process) over to a separate
+process (the virtfs-proxy-helper binary). However this alternative never gained
+momentum. The proxy backend is much slower than the local backend, hasn't seen
+any development in years, and showed to be less secure, especially due to the
+fact that its helper daemon must be run as root, whereas with the local backend
+QEMU is typically run as unprivileged user and allows to tighten behaviour by
+mapping permissions et al.
+
Block device options
diff --git a/docs/tools/virtfs-proxy-helper.rst
b/docs/tools/virtfs-proxy-helper.rst
index 6cdeedf8e9..f5051130e2 100644
--- a/docs/tools/virtfs-proxy-helper.rst
+++ b/docs/tools/virtfs-proxy-helper.rst
@@ -9,6 +9,9 @@ Synopsis
Description
---
+NOTE: The 9p 'proxy' nackend is deprecated (since QEMU 8.1) and will be
+removed, along with this daemon, in a future version of QEMU!
+
Pass-through security model in QEMU 9p server needs root privilege to do
few file operations (like chown, chmod to any mode/uid:gid). There are two
issues in pass-through security model:
diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c
index 3da64e9f72..242f54ab49 100644
--- a/fsdev/qemu-fsdev.c
+++ b/fsdev/qemu-fsdev.c
@@ -133,6 +133,11 @@ int qemu_fsdev_add(QemuOpts *opts, Error **errp)
}
if (fsdriver) {
+if (strncmp(fsdriver, "proxy", 5) == 0) {
+warn_report("'-fsdev proxy' is deprecated, use '-fsdev local' "
+"instead");
+}
+
for (i = 0; i < ARRAY_SIZE(FsDrivers); i++) {
if (strcmp(FsDrivers[i].name, fsdriver) == 0) {
break;
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index d9511f429c..87e358376a 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -9,6 +9,11 @@
* the COPYING file in the top-level directory.
*/
+/*
+ * NOTE: The 9p 'proxy' nackend is deprecated (since QEMU 8.1) and will be
+ * removed in a future version of QEMU!
+ */
+
#include "qemu/osdep.h"
#include
#include
diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c
index 99d115ff0d..ab489cdd40 100644
--- a/hw/9pfs/9p-proxy.c
+++ b/hw/9pfs/9p-proxy.c
@@ -15,6 +15,11 @@
* https://wiki.qemu.org/Documentation/9p
*/
+/*
+ * NOTE: The 9p 'proxy' nackend is deprecated (since QEMU 8.1) and will be
+ * removed in a future version of QEMU!
+ */
+
[PATCH 6/6] target/tricore: Add shuffle insn
this is mostly authored by volumit (https://github.com/volumit/qemu/)
Signed-off-by: Bastian Koppelmann
---
target/tricore/helper.h | 1 +
target/tricore/op_helper.c | 48
target/tricore/translate.c | 8 ++
target/tricore/tricore-opcodes.h | 1 +
4 files changed, 58 insertions(+)
diff --git a/target/tricore/helper.h b/target/tricore/helper.h
index a10576e09e..31d71eac7a 100644
--- a/target/tricore/helper.h
+++ b/target/tricore/helper.h
@@ -134,6 +134,7 @@ DEF_HELPER_FLAGS_5(mulr_h, TCG_CALL_NO_RWG_SE, i32, i32,
i32, i32, i32, i32)
DEF_HELPER_FLAGS_2(crc32b, TCG_CALL_NO_RWG_SE, i32, i32, i32)
DEF_HELPER_FLAGS_2(crc32_be, TCG_CALL_NO_RWG_SE, i32, i32, i32)
DEF_HELPER_FLAGS_2(crc32_le, TCG_CALL_NO_RWG_SE, i32, i32, i32)
+DEF_HELPER_FLAGS_2(shuffle, TCG_CALL_NO_RWG_SE, i32, i32, i32)
/* CSA */
DEF_HELPER_2(call, void, env, i32)
DEF_HELPER_1(ret, void, env)
diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index b6ef1462e4..bd770a2341 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -2308,6 +2308,54 @@ uint32_t helper_crc32_le(uint32_t arg0, uint32_t arg1)
return crc32(arg1, buf, 4);
}
+/*
+ * table from
+ * https://graphics.stanford.edu/~seander/bithacks.html#BitReverseTable
+ */
+static const unsigned char BitReverseTable256[256] = {
+# define R2(n) n, n + 2 * 64, n + 1 * 64, n + 3 * 64
+# define R4(n) R2(n), R2(n + 2 * 16), R2(n + 1 * 16), R2(n + 3 * 16)
+# define R6(n) R4(n), R4(n + 2 * 4 ), R4(n + 1 * 4 ), R4(n + 3 * 4 )
+R6(0), R6(2), R6(1), R6(3)
+};
+
+uint32_t helper_shuffle(uint32_t arg0, uint32_t arg1)
+{
+uint8_t buf[4];
+uint8_t resbuf[4];
+uint32_t byte_select;
+uint32_t res = 0;
+
+stl_le_p(buf, arg0);
+
+byte_select = arg1 & 0x3;
+resbuf[0] = buf[byte_select];
+if (arg1 & 0x100) {
+resbuf[0] = BitReverseTable256[resbuf[0]];
+}
+
+byte_select = (arg1 >> 2) & 0x3;
+resbuf[1] = buf[byte_select];
+if (arg1 & 0x100) {
+resbuf[1] = BitReverseTable256[resbuf[1]];
+}
+
+byte_select = (arg1 >> 4) & 0x3;
+resbuf[2] = buf[byte_select];
+if (arg1 & 0x100) {
+resbuf[2] = BitReverseTable256[resbuf[2]];
+}
+
+byte_select = (arg1 >> 6) & 0x3;
+resbuf[3] = buf[byte_select];
+if (arg1 & 0x100) {
+resbuf[3] = BitReverseTable256[resbuf[3]];
+}
+
+res = ldl_le_p(resbuf);
+return res;
+}
+
/* context save area (CSA) related helpers */
static int cdc_increment(target_ulong *psw)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 85526ef4db..a4c60e8ae2 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -5011,6 +5011,14 @@ static void decode_rc_logical_shift(DisasContext *ctx)
case OPC2_32_RC_XOR:
tcg_gen_xori_tl(cpu_gpr_d[r2], cpu_gpr_d[r1], const9);
break;
+case OPC2_32_RC_SHUFFLE:
+if (has_feature(ctx, TRICORE_FEATURE_162)) {
+TCGv temp = tcg_constant_i32(const9);
+gen_helper_shuffle(cpu_gpr_d[r2], cpu_gpr_d[r1], temp);
+} else {
+generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
+}
+break;
default:
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
}
diff --git a/target/tricore/tricore-opcodes.h b/target/tricore/tricore-opcodes.h
index 27f80e1702..af63926731 100644
--- a/target/tricore/tricore-opcodes.h
+++ b/target/tricore/tricore-opcodes.h
@@ -885,6 +885,7 @@ enum {
OPC2_32_RC_SHAS = 0x02,
OPC2_32_RC_XNOR = 0x0d,
OPC2_32_RC_XOR = 0x0c,
+OPC2_32_RC_SHUFFLE = 0x07, /* v1.6.2 only */
};
/* OPCM_32_RC_ACCUMULATOR */
enum {
--
2.40.1
[PATCH 0/6] TriCore 1.6.2 Instructions
Hi, this patch series is in response to the tickets [1] [2], which point out missing instructions from ISA v1.6.2. This is the first series that implements the low hanging fruits. Cheers, Bastian [1] https://gitlab.com/qemu-project/qemu/-/issues/1452 [2] https://gitlab.com/qemu-project/qemu/-/issues/1667 Bastian Koppelmann (6): target/tricore: Introduce ISA 1.6.2 feature target/tricore: Add popcnt.w insn target/tricore: Add LHA insn target/tricore: Add crc32l.w insn target/tricore: Add crc32.b insn target/tricore: Add shuffle insn target/tricore/cpu.c | 13 +++ target/tricore/cpu.h | 1 + target/tricore/helper.h | 5 ++- target/tricore/op_helper.c | 66 +++- target/tricore/translate.c | 48 +-- target/tricore/tricore-opcodes.h | 15 +++- 6 files changed, 140 insertions(+), 8 deletions(-) -- 2.40.1
[PATCH 1/6] target/tricore: Introduce ISA 1.6.2 feature
we also introduce the tc37x CPU that implements that ISA version.
Signed-off-by: Bastian Koppelmann
---
target/tricore/cpu.c | 13 +
target/tricore/cpu.h | 1 +
2 files changed, 14 insertions(+)
diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c
index 7fa113fed2..f15169bd1b 100644
--- a/target/tricore/cpu.c
+++ b/target/tricore/cpu.c
@@ -104,6 +104,10 @@ static void tricore_cpu_realizefn(DeviceState *dev, Error
**errp)
}
/* Some features automatically imply others */
+if (tricore_feature(env, TRICORE_FEATURE_162)) {
+set_feature(env, TRICORE_FEATURE_161);
+}
+
if (tricore_feature(env, TRICORE_FEATURE_161)) {
set_feature(env, TRICORE_FEATURE_16);
}
@@ -164,6 +168,14 @@ static void tc27x_initfn(Object *obj)
set_feature(&cpu->env, TRICORE_FEATURE_161);
}
+static void tc37x_initfn(Object *obj)
+{
+TriCoreCPU *cpu = TRICORE_CPU(obj);
+
+set_feature(&cpu->env, TRICORE_FEATURE_162);
+}
+
+
#include "hw/core/sysemu-cpu-ops.h"
static const struct SysemuCPUOps tricore_sysemu_ops = {
@@ -226,6 +238,7 @@ static const TypeInfo tricore_cpu_type_infos[] = {
DEFINE_TRICORE_CPU_TYPE("tc1796", tc1796_initfn),
DEFINE_TRICORE_CPU_TYPE("tc1797", tc1797_initfn),
DEFINE_TRICORE_CPU_TYPE("tc27x", tc27x_initfn),
+DEFINE_TRICORE_CPU_TYPE("tc37x", tc37x_initfn),
};
DEFINE_TYPES(tricore_cpu_type_infos)
diff --git a/target/tricore/cpu.h b/target/tricore/cpu.h
index d98a3fb671..041fc0b6e5 100644
--- a/target/tricore/cpu.h
+++ b/target/tricore/cpu.h
@@ -273,6 +273,7 @@ enum tricore_features {
TRICORE_FEATURE_131,
TRICORE_FEATURE_16,
TRICORE_FEATURE_161,
+TRICORE_FEATURE_162,
};
static inline int tricore_feature(CPUTriCoreState *env, int feature)
--
2.40.1
[PATCH 2/6] target/tricore: Add popcnt.w insn
Signed-off-by: Bastian Koppelmann
---
target/tricore/translate.c | 7 +++
target/tricore/tricore-opcodes.h | 1 +
2 files changed, 8 insertions(+)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index cd33a1dcdd..26b284bcec 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -6197,6 +6197,13 @@ static void decode_rr_divide(DisasContext *ctx)
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
}
break;
+case OPC2_32_RR_POPCNT_W:
+if (has_feature(ctx, TRICORE_FEATURE_162)) {
+tcg_gen_ctpop_tl(cpu_gpr_d[r3], cpu_gpr_d[r1]);
+} else {
+generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
+}
+break;
case OPC2_32_RR_DIV:
if (has_feature(ctx, TRICORE_FEATURE_16)) {
GEN_HELPER_RR(divide, cpu_gpr_d[r3], cpu_gpr_d[r3+1],
cpu_gpr_d[r1],
diff --git a/target/tricore/tricore-opcodes.h b/target/tricore/tricore-opcodes.h
index f7135f183d..59aa39a7a5 100644
--- a/target/tricore/tricore-opcodes.h
+++ b/target/tricore/tricore-opcodes.h
@@ -1133,6 +1133,7 @@ enum {
OPC2_32_RR_PARITY= 0x02,
OPC2_32_RR_UNPACK= 0x08,
OPC2_32_RR_CRC32 = 0x03,
+OPC2_32_RR_POPCNT_W = 0x22, /* 1.6.2 only */
OPC2_32_RR_DIV = 0x20,
OPC2_32_RR_DIV_U = 0x21,
OPC2_32_RR_MUL_F = 0x04,
--
2.40.1
[PATCH 5/6] target/tricore: Add crc32.b insn
Signed-off-by: Bastian Koppelmann
---
target/tricore/helper.h | 1 +
target/tricore/op_helper.c | 8
target/tricore/translate.c | 7 +++
target/tricore/tricore-opcodes.h | 1 +
4 files changed, 17 insertions(+)
diff --git a/target/tricore/helper.h b/target/tricore/helper.h
index 24da5e97c0..a10576e09e 100644
--- a/target/tricore/helper.h
+++ b/target/tricore/helper.h
@@ -131,6 +131,7 @@ DEF_HELPER_FLAGS_5(mul_h, TCG_CALL_NO_RWG_SE, i64, i32,
i32, i32, i32, i32)
DEF_HELPER_FLAGS_5(mulm_h, TCG_CALL_NO_RWG_SE, i64, i32, i32, i32, i32, i32)
DEF_HELPER_FLAGS_5(mulr_h, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32, i32, i32)
/* crc32 */
+DEF_HELPER_FLAGS_2(crc32b, TCG_CALL_NO_RWG_SE, i32, i32, i32)
DEF_HELPER_FLAGS_2(crc32_be, TCG_CALL_NO_RWG_SE, i32, i32, i32)
DEF_HELPER_FLAGS_2(crc32_le, TCG_CALL_NO_RWG_SE, i32, i32, i32)
/* CSA */
diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index 8ce404cb93..b6ef1462e4 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -2284,6 +2284,14 @@ uint32_t helper_mulr_h(uint32_t arg00, uint32_t arg01,
return (result1 & 0x) | (result0 >> 16);
}
+uint32_t helper_crc32b(uint32_t arg0, uint32_t arg1)
+{
+uint8_t buf[1] = { arg0 & 0xff };
+
+return crc32(arg1, buf, 1);
+}
+
+
uint32_t helper_crc32_be(uint32_t arg0, uint32_t arg1)
{
uint8_t buf[4];
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 250de80de5..85526ef4db 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -6190,6 +6190,13 @@ static void decode_rr_divide(DisasContext *ctx)
CHECK_REG_PAIR(r3);
gen_unpack(cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r1]);
break;
+case OPC2_32_RR_CRC32_B:
+if (has_feature(ctx, TRICORE_FEATURE_162)) {
+gen_helper_crc32b(cpu_gpr_d[r3], cpu_gpr_d[r1], cpu_gpr_d[r2]);
+} else {
+generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
+}
+break;
case OPC2_32_RR_CRC32: /* CRC32B.W in 1.6.2 */
if (has_feature(ctx, TRICORE_FEATURE_161)) {
gen_helper_crc32_be(cpu_gpr_d[r3], cpu_gpr_d[r1], cpu_gpr_d[r2]);
diff --git a/target/tricore/tricore-opcodes.h b/target/tricore/tricore-opcodes.h
index be07f82ec1..27f80e1702 100644
--- a/target/tricore/tricore-opcodes.h
+++ b/target/tricore/tricore-opcodes.h
@@ -1140,6 +1140,7 @@ enum {
OPC2_32_RR_PARITY= 0x02,
OPC2_32_RR_UNPACK= 0x08,
OPC2_32_RR_CRC32 = 0x03, /* CRC32B.W in 1.6.2
*/
+OPC2_32_RR_CRC32_B = 0x06, /* 1.6.2 only */
OPC2_32_RR_CRC32L_W = 0x07, /* 1.6.2 only */
OPC2_32_RR_POPCNT_W = 0x22, /* 1.6.2 only */
OPC2_32_RR_DIV = 0x20,
--
2.40.1
[PATCH 3/6] target/tricore: Add LHA insn
Signed-off-by: Bastian Koppelmann
---
target/tricore/translate.c | 14 --
target/tricore/tricore-opcodes.h | 9 -
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 26b284bcec..898557d22a 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -7931,7 +7931,7 @@ static void decode_sys_interrupts(DisasContext *ctx)
static void decode_32Bit_opc(DisasContext *ctx)
{
-int op1;
+int op1, op2;
int32_t r1, r2, r3;
int32_t address, const16;
int8_t b, const4;
@@ -7982,9 +7982,19 @@ static void decode_32Bit_opc(DisasContext *ctx)
tcg_gen_qemu_ld_tl(cpu_gpr_d[r1], temp, ctx->mem_idx, MO_LEUW);
tcg_gen_shli_tl(cpu_gpr_d[r1], cpu_gpr_d[r1], 16);
break;
-case OPC1_32_ABS_LEA:
+case OPCM_32_ABS_LEA_LHA:
address = MASK_OP_ABS_OFF18(ctx->opcode);
r1 = MASK_OP_ABS_S1D(ctx->opcode);
+
+if (has_feature(ctx, TRICORE_FEATURE_162)) {
+op2 = MASK_OP_ABS_OP2(ctx->opcode);
+if (op2 == OPC2_32_ABS_LHA) {
+tcg_gen_movi_tl(cpu_gpr_a[r1], address << 14);
+break;
+}
+/* otherwise translate regular LEA */
+}
+
tcg_gen_movi_tl(cpu_gpr_a[r1], EA_ABS_FORMAT(address));
break;
/* ABSB-format */
diff --git a/target/tricore/tricore-opcodes.h b/target/tricore/tricore-opcodes.h
index 59aa39a7a5..9fab4bd75c 100644
--- a/target/tricore/tricore-opcodes.h
+++ b/target/tricore/tricore-opcodes.h
@@ -430,7 +430,7 @@ enum {
OPCM_32_ABS_STOREB_H = 0x25,
OPC1_32_ABS_STOREQ = 0x65,
OPC1_32_ABS_LD_Q = 0x45,
-OPC1_32_ABS_LEA = 0xc5,
+OPCM_32_ABS_LEA_LHA = 0xc5,
/* ABSB Format */
OPC1_32_ABSB_ST_T= 0xd5,
/* B Format */
@@ -592,6 +592,13 @@ enum {
OPC2_32_ABS_ST_B = 0x00,
OPC2_32_ABS_ST_H = 0x02,
};
+
+/* OPCM_32_ABS_LEA_LHA */
+enum {
+OPC2_32_ABS_LEA = 0x00,
+OPC2_32_ABS_LHA = 0x01,
+};
+
/*
* Bit Format
*/
--
2.40.1
[PATCH 4/6] target/tricore: Add crc32l.w insn
Signed-off-by: Bastian Koppelmann
---
target/tricore/helper.h | 3 ++-
target/tricore/op_helper.c | 10 +-
target/tricore/translate.c | 12 ++--
target/tricore/tricore-opcodes.h | 3 ++-
4 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/target/tricore/helper.h b/target/tricore/helper.h
index b64780c37d..24da5e97c0 100644
--- a/target/tricore/helper.h
+++ b/target/tricore/helper.h
@@ -131,7 +131,8 @@ DEF_HELPER_FLAGS_5(mul_h, TCG_CALL_NO_RWG_SE, i64, i32,
i32, i32, i32, i32)
DEF_HELPER_FLAGS_5(mulm_h, TCG_CALL_NO_RWG_SE, i64, i32, i32, i32, i32, i32)
DEF_HELPER_FLAGS_5(mulr_h, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32, i32, i32)
/* crc32 */
-DEF_HELPER_FLAGS_2(crc32, TCG_CALL_NO_RWG_SE, i32, i32, i32)
+DEF_HELPER_FLAGS_2(crc32_be, TCG_CALL_NO_RWG_SE, i32, i32, i32)
+DEF_HELPER_FLAGS_2(crc32_le, TCG_CALL_NO_RWG_SE, i32, i32, i32)
/* CSA */
DEF_HELPER_2(call, void, env, i32)
DEF_HELPER_1(ret, void, env)
diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index 54f54811d9..8ce404cb93 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -2284,7 +2284,7 @@ uint32_t helper_mulr_h(uint32_t arg00, uint32_t arg01,
return (result1 & 0x) | (result0 >> 16);
}
-uint32_t helper_crc32(uint32_t arg0, uint32_t arg1)
+uint32_t helper_crc32_be(uint32_t arg0, uint32_t arg1)
{
uint8_t buf[4];
stl_be_p(buf, arg0);
@@ -2292,6 +2292,14 @@ uint32_t helper_crc32(uint32_t arg0, uint32_t arg1)
return crc32(arg1, buf, 4);
}
+uint32_t helper_crc32_le(uint32_t arg0, uint32_t arg1)
+{
+uint8_t buf[4];
+stl_le_p(buf, arg0);
+
+return crc32(arg1, buf, 4);
+}
+
/* context save area (CSA) related helpers */
static int cdc_increment(target_ulong *psw)
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 898557d22a..250de80de5 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -6190,13 +6190,21 @@ static void decode_rr_divide(DisasContext *ctx)
CHECK_REG_PAIR(r3);
gen_unpack(cpu_gpr_d[r3], cpu_gpr_d[r3+1], cpu_gpr_d[r1]);
break;
-case OPC2_32_RR_CRC32:
+case OPC2_32_RR_CRC32: /* CRC32B.W in 1.6.2 */
if (has_feature(ctx, TRICORE_FEATURE_161)) {
-gen_helper_crc32(cpu_gpr_d[r3], cpu_gpr_d[r1], cpu_gpr_d[r2]);
+gen_helper_crc32_be(cpu_gpr_d[r3], cpu_gpr_d[r1], cpu_gpr_d[r2]);
} else {
generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
}
break;
+case OPC2_32_RR_CRC32L_W:
+if (has_feature(ctx, TRICORE_FEATURE_162)) {
+gen_helper_crc32_le(cpu_gpr_d[r3], cpu_gpr_d[r1], cpu_gpr_d[r2]);
+} else {
+generate_trap(ctx, TRAPC_INSN_ERR, TIN2_IOPC);
+}
+break;
+
case OPC2_32_RR_POPCNT_W:
if (has_feature(ctx, TRICORE_FEATURE_162)) {
tcg_gen_ctpop_tl(cpu_gpr_d[r3], cpu_gpr_d[r1]);
diff --git a/target/tricore/tricore-opcodes.h b/target/tricore/tricore-opcodes.h
index 9fab4bd75c..be07f82ec1 100644
--- a/target/tricore/tricore-opcodes.h
+++ b/target/tricore/tricore-opcodes.h
@@ -1139,7 +1139,8 @@ enum {
OPC2_32_RR_DVINIT_U = 0x0a,
OPC2_32_RR_PARITY= 0x02,
OPC2_32_RR_UNPACK= 0x08,
-OPC2_32_RR_CRC32 = 0x03,
+OPC2_32_RR_CRC32 = 0x03, /* CRC32B.W in 1.6.2
*/
+OPC2_32_RR_CRC32L_W = 0x07, /* 1.6.2 only */
OPC2_32_RR_POPCNT_W = 0x22, /* 1.6.2 only */
OPC2_32_RR_DIV = 0x20,
OPC2_32_RR_DIV_U = 0x21,
--
2.40.1
Re: Ping: [PATCH v6] Emulate dip switch language layout settings on SUN keyboard
Thanks for your thoughts on this! Getting the variable in ESCCChannelState instead of ESCCState is nice as it means that I don't have to add the ESCCState variable to the handle_kbd_command. So I will rewrite the patch to use argumetns like "-global escc.chrA-sunkbd-layout=sv" (or do we want it to be called "-global escc.chnA-sunkbd-layout=sv" with chn for channel A instead of chr?) I will also rename functions and variables to sunkbd and add documentation to docs/system/target-sparc.rst (possibly as a link to a file of its own as describing all the keyboards to choose from might create a bigger page than the current sparc32 page). Best regards Henrik On Sat, 10 Jun 2023 08:06:47 +0100 Mark Cave-Ayland wrote: > On 08/06/2023 17:14, Henrik Carlqvist wrote: > > > I didn't get much response to my last version of the patch to implement > > emulation of language selection dip switch on SUN keyboards. By request, I > > changed the patch to listen for -global escc.sunkbd_layout= instead of > > using the -k switch to select keyboard layout. > > > > What do you think about this patch? Would you like to apply it as is, or > > do you want any more changes? > > Apologies for the delay in getting to this, let me add a few comments below. > > > Best regards Henrik > > > > On Sun, 30 Apr 2023 22:55:33 +0200 > > Henrik Carlqvist wrote: > > > >> I have now changed the patch to instead of using the -k switch use > >> > >> -global escc.sunkbd_layout= > >> > >> to select keyboard layout. It would be nice to somehow document this. > >Yes,> in the monitor, you can type "info qtree" and see something like: > >> > >>dev: escc, id "" > >> gpio-out "sysbus-irq" 2 > >> frequency = 4915200 (0x4b) > >> it_shift = 1 (0x1) > >> bit_swap = false > >> disabled = 0 (0x0) > >> chnBtype = 2 (0x2) > >> chnAtype = 1 (0x1) > >> chrB = "" > >> chrA = "" > >> sunkbd_layout = "43" > >> mmio 7100/0008 > >> > >> but that information is not easy to find and it does not say anything > >about> possible values. What is the best way to document this kind of > >global> parameters? > >> > >> Please cc me any reply as I am no longer subscribed to the mailing list. > >> > >> best regards Henrik > >> > >> SUN Type 4, 5 and 5c keyboards have dip switches to choose the language > >> layout of the keyboard. Solaris makes an ioctl to query the value of the > >> dipswitches and uses that value to select keyboard layout. Also the SUN > >bios> like the one in the file ss5.bin uses this value to support at least > >some> keyboard layouts. However, the OpenBIOS provided with qemu is > >hardcoded to> always use an US keyboard layout. > >> > >> Before this patch, qemu allways gave dip switch value 0x21 (US keyboard), > >> this patch uses a command line switch like "-global > >escc.sunkbd_layout=de"> to select dip switch value. A table is used to > >lookup values from arguments> like: > >> > >> -global escc.sunkbd_layout=fr > >> -global escc.sunkbd_layout=es > >> > >> But the patch also accepts numeric dip switch values directly to the -k > >> switch: > >> > >> -global escc.sunkbd_layout=0x2b > >> -global escc.sunkbd_layout=43 > >> > >> Both values above are the same and select swedish keyboard as explained > >in> table 3-15 at > >> https://docs.oracle.com/cd/E19683-01/806-6642/new-43/index.html > >> > >> Unless you want to do a full Solaris installation but happen to have > >> access to a bios file, the easiest way to test that the patch works is > >to:> > >> qemu-system-sparc -global escc.sunkbd_layout=sv -bios /path/to/ss5.bin > >> > >> If you already happen to have a Solaris installation in a qemu disk image > >> file you can easily try different keyboard layouts after this patch is > >> applied. > >> > >> Signed-off-by: Henrik Carlqvist > >> --- > >> hw/char/escc.c | 81 +++--- > >> include/hw/char/escc.h | 1 + > >> 2 files changed, 78 insertions(+), 4 deletions(-) > >> > >> diff --git a/hw/char/escc.c b/hw/char/escc.c > >> index 17a908c59b..0aac4f0f92 100644 > >> --- a/hw/char/escc.c > >> +++ b/hw/char/escc.c > >> @@ -31,6 +31,8 @@ > >> #include "qemu/module.h" > >> #include "hw/char/escc.h" > >> #include "ui/console.h" > >> + > >> +#include "qemu/cutils.h" > >> #include "trace.h" > >> > >> /* > >> @@ -190,7 +192,8 @@ > >> #define R_MISC1I 14 > >> #define R_EXTINT 15 > >> > >> -static void handle_kbd_command(ESCCChannelState *s, int val); > >> +static unsigned char sun_keyboard_layout_dip_switch(const char > >> *keyboard_layout);+static void handle_kbd_command(ESCCChannelState *s, > >int> val, ESCCState *k); > >> static int serial_can_receive(void *opaque); > >> static void serial_receive_byte(ESCCChannelState *s, int ch); > >> > >> @@ -657,7 +660,7 @@ static void escc_mem_write(void *opaque, hwaddr addr, > >>*/ > >> qemu_chr_fe_write_all(&s->chr,
[PATCH] target/riscv: Fix initialized value for cur_pmmask
We initialize cur_pmmask as -1(UINT32_MAX/UINT64_MAX) and regard it
as if pointer mask is disabled in current implementation. However,
the addresses for vector load/store will be adjusted to zero in this
case and -1(UINT32_MAX/UINT64_MAX) is valid value for pmmask when
pointer mask is enabled.
Signed-off-by: Weiwei Li
Signed-off-by: Junqiang Wang
---
target/riscv/cpu_helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 09ea227ceb..acbcb7ed76 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -133,7 +133,7 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong
*pc,
flags = FIELD_DP32(flags, TB_FLAGS, FS, fs);
flags = FIELD_DP32(flags, TB_FLAGS, VS, vs);
flags = FIELD_DP32(flags, TB_FLAGS, XL, env->xl);
-if (env->cur_pmmask < (env->xl == MXL_RV32 ? UINT32_MAX : UINT64_MAX)) {
+if (env->cur_pmmask != 0) {
flags = FIELD_DP32(flags, TB_FLAGS, PM_MASK_ENABLED, 1);
}
if (env->cur_pmbase != 0) {
@@ -145,7 +145,7 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong
*pc,
void riscv_cpu_update_mask(CPURISCVState *env)
{
-target_ulong mask = -1, base = 0;
+target_ulong mask = 0, base = 0;
/*
* TODO: Current RVJ spec does not specify
* how the extension interacts with XLEN.
--
2.25.1
Re: Ping: [PATCH v6] Emulate dip switch language layout settings on SUN keyboard
On 08/06/2023 17:14, Henrik Carlqvist wrote:
I didn't get much response to my last version of the patch to implement
emulation of language selection dip switch on SUN keyboards. By request, I
changed the patch to listen for -global escc.sunkbd_layout= instead of using
the -k switch to select keyboard layout.
What do you think about this patch? Would you like to apply it as is, or do
you want any more changes?
Apologies for the delay in getting to this, let me add a few comments below.
Best regards Henrik
On Sun, 30 Apr 2023 22:55:33 +0200
Henrik Carlqvist wrote:
I have now changed the patch to instead of using the -k switch use
-global escc.sunkbd_layout=
to select keyboard layout. It would be nice to somehow document this. Yes,
in the monitor, you can type "info qtree" and see something like:
dev: escc, id ""
gpio-out "sysbus-irq" 2
frequency = 4915200 (0x4b)
it_shift = 1 (0x1)
bit_swap = false
disabled = 0 (0x0)
chnBtype = 2 (0x2)
chnAtype = 1 (0x1)
chrB = ""
chrA = ""
sunkbd_layout = "43"
mmio 7100/0008
but that information is not easy to find and it does not say anything about
possible values. What is the best way to document this kind of global
parameters?
Please cc me any reply as I am no longer subscribed to the mailing list.
best regards Henrik
SUN Type 4, 5 and 5c keyboards have dip switches to choose the language
layout of the keyboard. Solaris makes an ioctl to query the value of the
dipswitches and uses that value to select keyboard layout. Also the SUN bios
like the one in the file ss5.bin uses this value to support at least some
keyboard layouts. However, the OpenBIOS provided with qemu is hardcoded to
always use an US keyboard layout.
Before this patch, qemu allways gave dip switch value 0x21 (US keyboard),
this patch uses a command line switch like "-global escc.sunkbd_layout=de"
to select dip switch value. A table is used to lookup values from arguments
like:
-global escc.sunkbd_layout=fr
-global escc.sunkbd_layout=es
But the patch also accepts numeric dip switch values directly to the -k
switch:
-global escc.sunkbd_layout=0x2b
-global escc.sunkbd_layout=43
Both values above are the same and select swedish keyboard as explained in
table 3-15 at
https://docs.oracle.com/cd/E19683-01/806-6642/new-43/index.html
Unless you want to do a full Solaris installation but happen to have
access to a bios file, the easiest way to test that the patch works is to:
qemu-system-sparc -global escc.sunkbd_layout=sv -bios /path/to/ss5.bin
If you already happen to have a Solaris installation in a qemu disk image
file you can easily try different keyboard layouts after this patch is
applied.
Signed-off-by: Henrik Carlqvist
---
hw/char/escc.c | 81 +++---
include/hw/char/escc.h | 1 +
2 files changed, 78 insertions(+), 4 deletions(-)
diff --git a/hw/char/escc.c b/hw/char/escc.c
index 17a908c59b..0aac4f0f92 100644
--- a/hw/char/escc.c
+++ b/hw/char/escc.c
@@ -31,6 +31,8 @@
#include "qemu/module.h"
#include "hw/char/escc.h"
#include "ui/console.h"
+
+#include "qemu/cutils.h"
#include "trace.h"
/*
@@ -190,7 +192,8 @@
#define R_MISC1I 14
#define R_EXTINT 15
-static void handle_kbd_command(ESCCChannelState *s, int val);
+static unsigned char sun_keyboard_layout_dip_switch(const char
*keyboard_layout);+static void handle_kbd_command(ESCCChannelState *s, int
val, ESCCState *k);
static int serial_can_receive(void *opaque);
static void serial_receive_byte(ESCCChannelState *s, int ch);
@@ -657,7 +660,7 @@ static void escc_mem_write(void *opaque, hwaddr addr,
*/
qemu_chr_fe_write_all(&s->chr, &s->tx, 1);
} else if (s->type == escc_kbd && !s->disabled) {
-handle_kbd_command(s, val);
+handle_kbd_command(s, val, serial);
}
}
s->rregs[R_STATUS] |= STATUS_TXEMPTY; /* Tx buffer empty */
@@ -846,7 +849,76 @@ static QemuInputHandler sunkbd_handler = {
.event = sunkbd_handle_event,
};
-static void handle_kbd_command(ESCCChannelState *s, int val)
+static unsigned char sun_keyboard_layout_dip_switch(const char
*keyboard_layout)+{
+/* Return the value of the dip-switches in a SUN Type 5 keyboard */
+static unsigned char ret = 0xff;
+
+if ((ret == 0xff) && keyboard_layout) {
+int i;
+struct layout_values {
+const char *lang;
+unsigned char dip;
+} languages[] =
+/* Dip values from table 3-16 Layouts for Type 4, 5, and 5c Keyboards
*/+{
+{"en-us", 0x21}, /* U.S.A. (US5.kt) */
+ /* 0x22 is some other US (US_UNIX5.kt)*/
+{"fr",0x23}, /* France (France5.kt) */
+{"da",0x24}, /* Denmark (Denmark5.kt) */
+{"de",0x25}, /* Germany (Germany5.kt)
[PULL 11/16] hw/usb/hcd-ehci-pci: Simplify using DEVICE_GET_CLASS() macro
From: Philippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Henderson
Signed-off-by: Michael Tokarev
---
hw/usb/hcd-ehci-pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/usb/hcd-ehci-pci.c b/hw/usb/hcd-ehci-pci.c
index 4c37c8e227..345444a573 100644
--- a/hw/usb/hcd-ehci-pci.c
+++ b/hw/usb/hcd-ehci-pci.c
@@ -74,7 +74,7 @@ static void usb_ehci_pci_realize(PCIDevice *dev, Error **errp)
static void usb_ehci_pci_init(Object *obj)
{
-DeviceClass *dc = OBJECT_GET_CLASS(DeviceClass, obj, TYPE_DEVICE);
+DeviceClass *dc = DEVICE_GET_CLASS(obj);
EHCIPCIState *i = PCI_EHCI(obj);
EHCIState *s = &i->ehci;
--
2.39.2
[PULL 12/16] linux-user: add comments for TARGET_NR_[gs]etgroups{, 32}
There are 2 pairs of identical code (with different types)
for TARGET_NR_setgroups & TARGET_NR_setgroups32, and
for TARGET_NR_getgroups & TARGET_NR_getgroups32. Add
comments stating this fact, so that further modifications
are done in two places.
Signed-off-by: Michael Tokarev
---
linux-user/syscall.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 83685f0aa5..94256cc262 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -11670,7 +11670,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int
num, abi_long arg1,
case TARGET_NR_setregid:
return get_errno(setregid(low2highgid(arg1), low2highgid(arg2)));
case TARGET_NR_getgroups:
-{
+{ /* the same code as for TARGET_NR_getgroups32 */
int gidsetsize = arg1;
target_id *target_grouplist;
g_autofree gid_t *grouplist = NULL;
@@ -11701,7 +11701,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int
num, abi_long arg1,
return ret;
}
case TARGET_NR_setgroups:
-{
+{ /* the same code as for TARGET_NR_setgroups32 */
int gidsetsize = arg1;
target_id *target_grouplist;
g_autofree gid_t *grouplist = NULL;
@@ -12006,7 +12006,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int
num, abi_long arg1,
#endif
#ifdef TARGET_NR_getgroups32
case TARGET_NR_getgroups32:
-{
+{ /* the same code as for TARGET_NR_getgroups */
int gidsetsize = arg1;
uint32_t *target_grouplist;
g_autofree gid_t *grouplist = NULL;
@@ -12038,7 +12038,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int
num, abi_long arg1,
#endif
#ifdef TARGET_NR_setgroups32
case TARGET_NR_setgroups32:
-{
+{ /* the same code as for TARGET_NR_setgroups */
int gidsetsize = arg1;
uint32_t *target_grouplist;
g_autofree gid_t *grouplist = NULL;
--
2.39.2
[PULL 01/16] docs: Fix trivial typos in vhost-user.rst
From: Milan Zamazal Signed-off-by: Milan Zamazal Signed-off-by: Michael Tokarev --- docs/system/devices/vhost-user.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/system/devices/vhost-user.rst b/docs/system/devices/vhost-user.rst index 86128114fa..a80e95a48a 100644 --- a/docs/system/devices/vhost-user.rst +++ b/docs/system/devices/vhost-user.rst @@ -38,13 +38,13 @@ system memory as defined by the ``-m`` argument. Example === -First start you daemon. +First start your daemon. .. parsed-literal:: $ virtio-foo --socket-path=/var/run/foo.sock $OTHER_ARGS -The you start your QEMU instance specifying the device, chardev and +Then you start your QEMU instance specifying the device, chardev and memory objects. .. parsed-literal:: -- 2.39.2
[PULL 10/16] hw/pci/pci: Simplify pci_bar_address() using MACHINE_GET_CLASS() macro
From: Philippe Mathieu-Daudé
Remove unnecessary intermediate variables.
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Henderson
Signed-off-by: Michael Tokarev
---
hw/pci/pci.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 9b7b4d7c18..bf38905b7d 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -1446,9 +1446,7 @@ pcibus_t pci_bar_address(PCIDevice *d,
{
pcibus_t new_addr, last_addr;
uint16_t cmd = pci_get_word(d->config + PCI_COMMAND);
-Object *machine = qdev_get_machine();
-ObjectClass *oc = object_get_class(machine);
-MachineClass *mc = MACHINE_CLASS(oc);
+MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
bool allow_0_address = mc->pci_allow_0_address;
if (type & PCI_BASE_ADDRESS_SPACE_IO) {
--
2.39.2
[PULL 03/16] spelling: information
3 trivial fixes: 2 .json comments which goes to executables, and 1 .h file comment. Signed-off-by: Michael Tokarev --- include/ui/clipboard.h | 2 +- qapi/cryptodev.json| 2 +- qga/qapi-schema.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/ui/clipboard.h b/include/ui/clipboard.h index ce76aa451f..ab6acdbd8a 100644 --- a/include/ui/clipboard.h +++ b/include/ui/clipboard.h @@ -170,7 +170,7 @@ void qemu_clipboard_peer_release(QemuClipboardPeer *peer, * * @selection: clipboard selection. * - * Return the current clipboard data & owner informations. + * Return the current clipboard data & owner information. */ QemuClipboardInfo *qemu_clipboard_info(QemuClipboardSelection selection); diff --git a/qapi/cryptodev.json b/qapi/cryptodev.json index 77f48a9c21..68289f4984 100644 --- a/qapi/cryptodev.json +++ b/qapi/cryptodev.json @@ -75,7 +75,7 @@ # # @service: supported service types of a crypto device # -# @client: the additional infomation of the crypto device +# @client: the additional information of the crypto device # # Since: 8.0 ## diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json index 42fb046eb7..b720dd4379 100644 --- a/qga/qapi-schema.json +++ b/qga/qapi-schema.json @@ -931,7 +931,7 @@ ## # @GuestNVMeSmart: # -# NVMe smart informations, based on NVMe specification, section +# NVMe smart information, based on NVMe specification, section # # # Since: 7.1 -- 2.39.2
[PULL 07/16] target/m68k/fpu_helper: Use FloatRelation enum to hold comparison result
From: Philippe Mathieu-Daudé
Use the FloatRelation enum to hold the comparison result (missed
in commit 71bfd65c5f "softfloat: Name compare relation enum").
Inspired-by: Cédric Le Goater
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Henderson
Signed-off-by: Michael Tokarev
---
target/m68k/fpu_helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/m68k/fpu_helper.c b/target/m68k/fpu_helper.c
index 3a37d8f584..ab120b5f59 100644
--- a/target/m68k/fpu_helper.c
+++ b/target/m68k/fpu_helper.c
@@ -349,7 +349,7 @@ void HELPER(fsgldiv)(CPUM68KState *env, FPReg *res, FPReg
*val0, FPReg *val1)
PREC_END();
}
-static int float_comp_to_cc(int float_compare)
+static int float_comp_to_cc(FloatRelation float_compare)
{
switch (float_compare) {
case float_relation_equal:
@@ -367,7 +367,7 @@ static int float_comp_to_cc(int float_compare)
void HELPER(fcmp)(CPUM68KState *env, FPReg *val0, FPReg *val1)
{
-int float_compare;
+FloatRelation float_compare;
float_compare = floatx80_compare(val1->d, val0->d, &env->fp_status);
env->fpsr = (env->fpsr & ~FPSR_CC_MASK) | float_comp_to_cc(float_compare);
--
2.39.2
[PULL 05/16] block.c: add newline for "Detected format" warning
Add the forgotten trailing newline.
Signed-off-by: Michael Tokarev
Reviewed-by: Philippe Mathieu-Daudé
---
block.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block.c b/block.c
index dae629075c..0637265c26 100644
--- a/block.c
+++ b/block.c
@@ -7158,7 +7158,7 @@ void bdrv_img_create(const char *filename, const char
*fmt,
if (!backing_fmt) {
error_setg(&local_err,
"Backing file specified without backing format");
-error_append_hint(&local_err, "Detected format of %s.",
+error_append_hint(&local_err, "Detected format of %s.\n",
bs->drv->format_name);
goto out;
}
--
2.39.2
[PULL 14/16] vnc: move assert in vnc_worker_thread_loop
From: Anastasia Belova
job may be NULL if queue->exit is true. Check
it before dereference job.
Fixes: f31f9c1080 ("vnc: add magic cookie to VncState")
Signed-off-by: Anastasia Belova
Reviewed-by: Michael Tokarev
Signed-off-by: Michael Tokarev
---
ui/vnc-jobs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ui/vnc-jobs.c b/ui/vnc-jobs.c
index 886f9bf611..fcca7ec632 100644
--- a/ui/vnc-jobs.c
+++ b/ui/vnc-jobs.c
@@ -250,12 +250,13 @@ static int vnc_worker_thread_loop(VncJobQueue *queue)
/* Here job can only be NULL if queue->exit is true */
job = QTAILQ_FIRST(&queue->jobs);
vnc_unlock_queue(queue);
-assert(job->vs->magic == VNC_MAGIC);
if (queue->exit) {
return -1;
}
+assert(job->vs->magic == VNC_MAGIC);
+
vnc_lock_output(job->vs);
if (job->vs->ioc == NULL || job->vs->abort == true) {
vnc_unlock_output(job->vs);
--
2.39.2
[PULL 13/16] linux-user: Return EINVAL for getgroups() with negative gidsetsize
From: Peter Maydell
Coverity doesn't like the way we might end up calling getgroups()
with a NULL grouplist pointer. This is fine for the special case
of gidsetsize == 0, but we will also do it if the guest passes
us a negative gidsetsize. (CID 1512465)
Explicitly fail the negative gidsetsize with EINVAL, as the kernel
does. This means we definitely only call the libc getgroups()
with valid parameters. It also brings the getgroups() code in
to line with the setgroups() code.
Possibly Coverity may still complain about getgroups(0, NULL), but
that would be a false positive.
Signed-off-by: Peter Maydell
Reviewed-by: Michael Tokarev
Signed-off-by: Michael Tokarev
---
linux-user/syscall.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 94256cc262..f2cb101d83 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -11676,7 +11676,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int
num, abi_long arg1,
g_autofree gid_t *grouplist = NULL;
int i;
-if (gidsetsize > NGROUPS_MAX) {
+if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
return -TARGET_EINVAL;
}
if (gidsetsize > 0) {
@@ -12012,7 +12012,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int
num, abi_long arg1,
g_autofree gid_t *grouplist = NULL;
int i;
-if (gidsetsize > NGROUPS_MAX) {
+if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
return -TARGET_EINVAL;
}
if (gidsetsize > 0) {
--
2.39.2
[PULL 08/16] hw/core/cpu: Simplify realize() using MACHINE_GET_CLASS() macro
From: Philippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Henderson
Signed-off-by: Michael Tokarev
---
hw/core/cpu-common.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index f4e51c8a1b..ced66c2b34 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -196,8 +196,7 @@ static void cpu_common_realizefn(DeviceState *dev, Error
**errp)
* no need to check the ignore_memory_transaction_failures board flag.
*/
if (object_dynamic_cast(machine, TYPE_MACHINE)) {
-ObjectClass *oc = object_get_class(machine);
-MachineClass *mc = MACHINE_CLASS(oc);
+MachineClass *mc = MACHINE_GET_CLASS(machine);
if (mc) {
cpu->ignore_memory_transaction_failures =
--
2.39.2
[PULL 16/16] linux-user: elfload: Specify -R is an option for qemu-user binaries
From: Andrew Jeffery
Given several different concepts are suggested for investigation, let's
not confuse e.g. ulimit's -R with what was actually intended.
Signed-off-by: Andrew Jeffery
Reviewed-by: Michael Tokarev
Signed-off-by: Michael Tokarev
---
linux-user/elfload.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 76874833e3..9a2ec568b0 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2799,7 +2799,8 @@ static void pgb_reserved_va(const char *image_name,
abi_ulong guest_loaddr,
error_report("Unable to reserve 0x%lx bytes of virtual address "
"space at %p (%s) for use as guest address space (check
your "
"virtual memory ulimit setting, mmap_min_addr or reserve
less "
- "using -R option)", reserved_va + 1, test,
strerror(errno));
+ "using qemu-user's -R option)",
+ reserved_va + 1, test, strerror(errno));
exit(EXIT_FAILURE);
}
--
2.39.2
[PULL 06/16] meson: install keyboard maps only if necessary
From: Carlos Santos They are required only for system emulation (i.e. have_system is true). Signed-off-by: Carlos Santos Reviewed-by: Daniel P. Berrangé Signed-off-by: Michael Tokarev --- pc-bios/keymaps/meson.build | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pc-bios/keymaps/meson.build b/pc-bios/keymaps/meson.build index 158a3b410c..bff3083313 100644 --- a/pc-bios/keymaps/meson.build +++ b/pc-bios/keymaps/meson.build @@ -47,7 +47,7 @@ if native_qemu_keymap.found() build_by_default: true, output: km, command: [native_qemu_keymap, '-f', '@OUTPUT@', args.split()], - install: true, + install: have_system, install_dir: qemu_datadir / 'keymaps') endforeach @@ -56,4 +56,6 @@ else install_data(keymaps.keys(), install_dir: qemu_datadir / 'keymaps') endif -install_data(['sl', 'sv'], install_dir: qemu_datadir / 'keymaps') +if have_system + install_data(['sl', 'sv'], install_dir: qemu_datadir / 'keymaps') +endif -- 2.39.2
