The OTP space contains three types of entries: data, conf, and strap.
Data entries consist of two DWORDs, while the other types contain
only one DWORD. This change adds the R_CAMP2 register (0x024 / 4) to
store the second DWORD when reading from the OTP data region.
With this enhancement, OTP reads now correctly return both DWORDs for
data entries via the CAMP registers, along with improved address
validation and error handling.
Signed-off-by: Kane-Chen-AS <kane_chen@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250812094011.2617526-8-kane_chen@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
The has_otp attribute is enabled in the SBC subclasses for AST1030 to
control the presence of OTP support per SoC type.
Signed-off-by: Kane-Chen-AS <kane_chen@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250812094011.2617526-7-kane_chen@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Implement correct OTP programming behavior for Aspeed OTP:
- Support read-modify-write flow with one-way bit programming:
* prog_bit uses 0s as the "to-be-programmed" mask.
* Even-indexed words: 0->1, odd-indexed words: 1->0.
* Reject non-programmable requests and log conflicts.
- Enable unaligned accesses in MemoryRegionOps.
Since each OTP address maps to a 1DW (4B) or 2DW (8B) block in the
backing store, upper-layer accesses may be unaligned to block
boundaries.
This matches the irreversible, word-parity-dependent programming rules
of Aspeed SoCs and exposes changes via QEMU trace events.
Signed-off-by: Kane-Chen-AS <kane_chen@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250812094011.2617526-6-kane_chen@aspeedtech.com
[ clg: Fixed PRIx64 format in aspeed_otp_write() ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
This patch introduces a 'drive' property to the Aspeed OTP device,
allowing it to be backed by a block device. Users can now preload
OTP data via QEMU CLI using a block backend.
Example usage:
./qemu-system-arm \
-blockdev driver=file,filename=otpmem.img,node-name=otp \
-global aspeed-otp.drive=otp \
...
If the drive is provided, its content will be loaded as the initial OTP
state. Otherwise, an internal memory buffer will be used.
Signed-off-by: Kane-Chen-AS <kane_chen@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250812094011.2617526-5-kane_chen@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
The has_otp attribute is enabled in the SBC subclasses for AST2600 to
control the presence of OTP support per SoC type.
Signed-off-by: Kane-Chen-AS <kane_chen@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250812094011.2617526-4-kane_chen@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
This patch connects the aspeed.otp device to the ASPEED Secure Boot
Controller (SBC) model. It implements OTP memory access via the SBC's
command interface and enables emulation of secure fuse programming
flows.
The following OTP commands are supported:
- READ: reads a 32-bit word from OTP memory into internal registers
- PROG: programs a 32-bit word value to the specified OTP address
Trace events are added to observe read/program operations and command
handling flow.
Signed-off-by: Kane-Chen-AS <kane_chen@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250812094011.2617526-3-kane_chen@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Introduce a QEMU device model for ASPEED's One-Time Programmable (OTP)
memory.
This model simulates a word-addressable OTP region used for secure
fuse storage. The OTP memory can operate with an internal memory
buffer.
The OTP model provides a memory-like interface through a dedicated
AddressSpace, allowing other device models (e.g., SBC) to issue
transactions as if accessing a memory-mapped region.
Signed-off-by: Kane-Chen-AS <kane_chen@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250812094011.2617526-2-kane_chen@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCaNjtuwAKCRAfewwSUazn
0Z9VAQDuqEzBEj0I3L7AtJgwRxSau+sw9FqUdAjQguM9mA29ggD7BOBFwHpjx68t
8MMstQuZN2mFRwzfukIdLDZclPCKkAM=
=L9oL
-----END PGP SIGNATURE-----
Merge tag 'pull-loongarch-20250928' of https://github.com/bibo-mao/qemu into staging
loongarch queue
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCaNjtuwAKCRAfewwSUazn
# 0Z9VAQDuqEzBEj0I3L7AtJgwRxSau+sw9FqUdAjQguM9mA29ggD7BOBFwHpjx68t
# 8MMstQuZN2mFRwzfukIdLDZclPCKkAM=
# =L9oL
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 28 Sep 2025 01:11:39 AM PDT
# gpg: using EDDSA key 0D8642A3A2659F80B0B3D1A41F7B0C1251ACE7D1
# gpg: Good signature from "bibo mao <maobibo@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7044 3A00 19C0 E97A 31C7 13C4 8E86 8FB7 A176 9D4C
# Subkey fingerprint: 0D86 42A3 A265 9F80 B0B3 D1A4 1F7B 0C12 51AC E7D1
* tag 'pull-loongarch-20250928' of https://github.com/bibo-mao/qemu:
target/loongarch: Only flush one TLB entry in helper_invtlb_page_asid()
target/loongarch: Only flush one TLB entry in helper_invtlb_page_asid_or_g()
target/loongarch: Invalid tlb entry in invalidate_tlb()
target/loongarch: Use loongarch_tlb_search_cb in helper_invtlb_page_asid
target/loongarch: Use loongarch_tlb_search_cb in helper_invtlb_page_asid_or_g
target/loongarch: Change return value type with loongarch_tlb_search_cb()
target/loongarch: Add common API loongarch_tlb_search_cb()
target/loongarch: Add tlb search callback in loongarch_tlb_search()
target/loongarch: Fix page size set issue with CSR_STLBPS
target/loongarch: Update TLB index selection method
target/loongarch: Reduce TLB flush with helper_tlbwr
target/loongarch: Add parameter tlb pointer with fill_tlb_entry
target/loongarch: Use mmu idx bitmap method when flush TLB
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
when cpu added, connect dintc irq to cpu INT_DMSI irq pin.
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Message-ID: <20250916122109.749813-12-gaosong@loongson.cn>
implement the read-clear feature for CSR_MSGIR register.
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Message-ID: <20250916122109.749813-11-gaosong@loongson.cn>
Add CSR_ESTAT.bit15 and CSR_ECFG.bit15 for DINTC irq.
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Message-ID: <20250916122109.749813-10-gaosong@loongson.cn>
Implement dintc set irq and update CSR_MSGIS.
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Message-ID: <20250916122109.749813-9-gaosong@loongson.cn>
the DINTC use [2fe00000-2ff00000) Memory.
Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-ID: <20250916122109.749813-7-gaosong@loongson.cn>
include CSR_MSGIS0-3, CSR_MSGIR and CSR_MSGIE.
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Message-ID: <20250916122109.749813-6-gaosong@loongson.cn>
Add Loongarch direct interrupt controller device base Definition.
Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-ID: <20250916122109.749813-5-gaosong@loongson.cn>
Add feature register and misc register for dmsi feature checking and
setting
Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-ID: <20250916122109.749813-4-gaosong@loongson.cn>
dmsi feature is added in LoongArchVirtMachinState, and it is used
to check whether virt machine supports the directy Message-Interrupts.
and by default set dmsi with ON_OFF_AUTO_AUTO.
LoongArchVirtMachineState adds misc_feature and misc_status for misc
features and status. and set the default dintc feature bit.
Msgint feature is added in LoongArchCPU, and it is used to check
whether th cpu supports the Message-Interrupts and by default set
mesgint with ON_OFF_AUTO_AUTO.
Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-ID: <20250916122109.749813-3-gaosong@loongson.cn>
move some machine define to virt.h
Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-ID: <20250916122109.749813-2-gaosong@loongson.cn>
With function helper_invtlb_page_asid(), only one TLB entry in
LoongArch emulated TLB is invalidated. so with QEMU TLB, it is not
necessary to flush all QEMU TLB, only flush address range specified
LoongArch emulated TLB is ok. Here invalidate_tlb_entry() is called
so that only QEMU TLB entry with specified address range is flushed.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
With function helper_invtlb_page_asid_or_g(), only one TLB entry in
LoongArch emulated TLB is invalidated. so with QEMU TLB, it is not
necessary to flush all QEMU TLB, only flush address range specified
LoongArch emulated TLB is ok. Here invalidate_tlb_entry() is called
so that only QEMU TLB entry with specified address range is flushed.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Invalid tlb entry in function invalidate_tlb(), and its usage is
simple and easy to use.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
With function helper_invtlb_page_asid(), currently it is to search
TLB entry one by one. Instead STLB can be searched at first with hash
method, and then search MTLB with one by one method
Here common API loongarch_tlb_search_cb() is used in function
helper_invtlb_page_asid()
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
With function helper_invtlb_page_asid_or_g(), currently it is to
search TLB entry one by one. Instead STLB can be searched at first
with hash method, and then search MTLB with one by one method.
Here common API loongarch_tlb_search_cb() is used in function
helper_invtlb_page_asid_or_g().
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
With function loongarch_tlb_search_cb(), change return value type from
bool type to pointer LoongArchTLB *, the pointer type can be use directly
in future.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Common API loongarch_tlb_search_cb() is added here to search TLB entry
with specified address.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
With function loongarch_tlb_search(), it is to search TLB entry with
speficied virtual address, the difference is selection with asid and
global bit. Here add selection callback with asid and global bit.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
When modify register CSR_STLBPS, the page size should come from
input parameter rather than old value.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
With function helper_tlbfill(), since there is no suitable TLB entry,
new TLB will be added and flush one old TLB entry. The old TLB entry
index is selected randomly now, instead it can be optimized as
following:
1. invalid TLB entry can be selected at first.
2. TLB entry with other ASID can be selected secondly
3. random method is used by last.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
With function helper_tlbwr(), specified LoongArch TLB entry will be
updated. There are two PTE pages in one TLB entry called even/odd
pages. Supposing even/odd page is normal/none state, when odd page
is added, TLB entry is changed as normal/normal state and even page
keeps unchanged.
In this situation, it is not necessary to flush QEMU TLB since even
page keep unchanged and odd page is newly changed. Here check whether
PTE page is the same or not, TLB flush can be skipped if both are the
same or newly added.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
With function fill_tlb_entry(), it will update LoongArch emulated
TLB information. Here parameter tlb pointer is added so that TLB
entry will be updated based on relative TLB CSR registers.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
With API tlb_flush_range_by_mmuidx(), bitmap of mmu idx should be used
rather than itself. Also bitmap of MMU_KERNEL_IDX and MMU_USER_IDX are
used rather than that of current running mmu idx when flush TLB.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
- new gitlab-failure-analysis script
- tweak checkpath to ignore license in removed lines
- refactor semihosting to build once
- add explicit assert to execlog for coverity
- new uftrace plugin
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmjWWJYACgkQ+9DbCVqe
KkS1sgf+LsP0jsc1wKhzBhO4WarXXacWCDxK22riJ3aolm+gJ+b0WI4ds18A0e3R
z/J8VJVxBZ+6Hid+tOCQwfZ+Hb1p9IofzBdZryGUvwguviNdlpEChhXXnoZkicym
aGcC/jYRkhTx42dKRdZrSzPd3ccipqop9RvGx57bjCSBAEHYNz679p4z91kNR5a9
UfcCzIQHbBUPZo0F9gQkNnBrjsJQhvF+gXPmmsmBI1pby6gNRQvFshrTQ1C32VpL
VgXNc9cZ6vaREWlgb6izNjsMP7cYTMH2Ppxty/FyEMg7GTfWRjI6Ec8fJKjPFtKr
ZbCNNAeJ9uLK6pJfTk2YxYabxx3JuQ==
=cR9e
-----END PGP SIGNATURE-----
Merge tag 'pull-10.2-maintainer-260925-1' of https://gitlab.com/stsquad/qemu into staging
September maintainer updates (scripts, semihosting, plugins)
- new gitlab-failure-analysis script
- tweak checkpath to ignore license in removed lines
- refactor semihosting to build once
- add explicit assert to execlog for coverity
- new uftrace plugin
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmjWWJYACgkQ+9DbCVqe
# KkS1sgf+LsP0jsc1wKhzBhO4WarXXacWCDxK22riJ3aolm+gJ+b0WI4ds18A0e3R
# z/J8VJVxBZ+6Hid+tOCQwfZ+Hb1p9IofzBdZryGUvwguviNdlpEChhXXnoZkicym
# aGcC/jYRkhTx42dKRdZrSzPd3ccipqop9RvGx57bjCSBAEHYNz679p4z91kNR5a9
# UfcCzIQHbBUPZo0F9gQkNnBrjsJQhvF+gXPmmsmBI1pby6gNRQvFshrTQ1C32VpL
# VgXNc9cZ6vaREWlgb6izNjsMP7cYTMH2Ppxty/FyEMg7GTfWRjI6Ec8fJKjPFtKr
# ZbCNNAeJ9uLK6pJfTk2YxYabxx3JuQ==
# =cR9e
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 26 Sep 2025 02:10:46 AM PDT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-10.2-maintainer-260925-1' of https://gitlab.com/stsquad/qemu: (24 commits)
contrib/plugins/uftrace: add documentation
contrib/plugins/uftrace_symbols.py
contrib/plugins/uftrace: implement x64 support
contrib/plugins/uftrace: generate additional files for uftrace
contrib/plugins/uftrace: implement privilege level tracing
contrib/plugins/uftrace: implement tracing
contrib/plugins/uftrace: track callstack
contrib/plugins/uftrace: define cpu operations and implement aarch64
contrib/plugins/uftrace: skeleton file
contrib/plugins/execlog: Explicitly check for qemu_plugin_read_register() failure
semihosting/arm-compat-semi: compile once in system and per target for user mode
semihosting/arm-compat-semi: remove dependency on cpu.h
semihosting/arm-compat-semi: eradicate target_long
semihosting/arm-compat-semi: replace target_ulong
semihosting/arm-compat-semi: eradicate sizeof(target_ulong)
include/semihosting/common-semi: extract common_semi API
target/{arm, riscv}/common-semi-target: eradicate target_ulong
target/riscv/common-semi-target: remove sizeof(target_ulong)
semihosting/arm-compat-semi: change common_semi_sys_exit_extended
semihosting/guestfd: compile once for system/user
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Currently we define the ID_AA64PFR2_EL1 encoding as reserved (with
the required RAZ behaviour for unassigned system registers in the ID
register encoding space). Newer architecture versions start to
define fields in this ID register, so define the appropriate
constants and implement it as an ID register backed by a field in
cpu->isar. Since none of our CPUs set that isar field to non-zero,
there is no behavioural change here (other than the name exposed to
the user via the gdbstub), but this paves the way for implementing
the new features that use fields in this register.
The fields here are the ones documented in rev L.b of the Arm ARM.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Currently we define constants for the ID register fields in cpu.h.
This means they're defined for a lot more code in QEMU than actually
needs them. Move them to cpu-features.h, which is where we define
the feature functions that test fields in these registers.
There's only one place where we need to use some of these macro
definitions that we weren't already including cpu-features.h:
linux-user/arm/target_proc.h. Otherwise this patch is a pure
movement of code from one file to the other.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Prefer the FIELD_DP64() macro and self-describing GIC
definitions over magic values.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This documentation summarizes how to use the plugin, and present two
examples of the possibilities offered by it, in system and user mode.
As well, it explains how to rebuild and reproduce those examples.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250902075042.223990-10-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250922093711.2768983-26-alex.bennee@linaro.org>
usage: contrib/plugins/uftrace_symbols.py \
--prefix-symbols \
arm-trusted-firmware/build/qemu/debug/bl1/bl1.elf \
arm-trusted-firmware/build/qemu/debug/bl2/bl2.elf \
arm-trusted-firmware/build/qemu/debug/bl31/bl31.elf \
u-boot/u-boot:0x60000000 \
u-boot/u-boot.relocated:0x000000023f6b6000 \
linux/vmlinux
Will generate symbols and memory mapping files for uftrace, allowing to
have an enhanced trace, instead of raw addresses.
It takes a collection of elf files, and automatically find all their
symbols, and generate an ordered memory map based on that.
This script uses the python (native) pyelftools module.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250902075042.223990-9-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250922093711.2768983-25-alex.bennee@linaro.org>
It's trivial to implement x64 support, as it's the same stack layout
as aarch64.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250902075042.223990-8-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250922093711.2768983-24-alex.bennee@linaro.org>
Beyond traces per cpu, uftrace expect to find some specific files.
- info: contains information about machine/program run
those values are not impacting uftrace behaviour (only reported by
uftrace info), and we simply added empty strings.
- memory mapping: how every binary is mapped in memory. For system mode,
we generate an empty mapping (uftrace_symbols.py, coming in future
commit, will take care of that). For user mode, we copy current
/proc/self/maps. We don't need to do any special filtering, as
reported addresses will necessarily concern guest program, and not
QEMU and its libraries.
- task: list of tasks. We present every vcpu/privilege level as a
separate process, as it's the best view we can have when generating a
(visual) chrome trace. Using threads is less convenient in terms of
UI.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250902075042.223990-7-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250922093711.2768983-23-alex.bennee@linaro.org>
We add new option trace-privilege-level=bool, which will create a
separate trace for each privilege level.
This allows to follow changes of privilege during execution.
We implement aarch64 operations to track current privilege level
accordingly.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250902075042.223990-6-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250922093711.2768983-22-alex.bennee@linaro.org>
We implement tracing, following uftrace format.
Trace is flushed every 32 MB, so file operations don't impact
performance at runtime.
A different trace is generated per cpu, and we ensure they have a unique
name, based on vcpu_index, while keeping room for privilege level coming
in next commit.
Uftrace format is not officially documented, but it can be found here:
https://github.com/namhyung/uftrace/blob/v0.18/libmcount/record.c#L909
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250902075042.223990-5-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250922093711.2768983-21-alex.bennee@linaro.org>
We now track callstack, based on frame pointer analysis. We can detect
function calls, returns, and discontinuities.
We implement a frame pointer based unwinding that is used for
discontinuities.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250902075042.223990-4-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250922093711.2768983-20-alex.bennee@linaro.org>
We define a new CpuOps structure that will be used to implement tracking
independently of guest architecture.
As well, we now instrument only instructions following ones that might
have touched the frame pointer.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250902075042.223990-3-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250922093711.2768983-19-alex.bennee@linaro.org>