* sstc extension fixes
* Fix zama16b order in isa_edata_arr
* Profile handling fixes
* Extend PMP region up to 64
* Remove capital 'Z' CPU properties
* Add missing named features
* Support atomic instruction fetch (Ziccif)
* Add max_satp_mode from host cpu
* Extend and configure PMP region count
* Fix PPN field of Translation-reponse register
* Use qemu_chr_fe_write_all() in DBCN_CONSOLE_WRITE_BYTE
* Fix fcvt.s.bf16 NaN box checking
* Avoid infinite delay of async xmit function
* Device tree reg cleanups
* Add Kunminghu CPU and platform
* Fix missing exit TB flow for ldff_trans
* Fix migration failure when aia is configured as aplic-imsic
* Fix MEPC/SEPC bit masking for IALIGN
* Add a property to set vill bit on reserved usage of vsetvli instruction
* Add Svrsw60t59b extension support
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmhntt4ACgkQr3yVEwxT
gBMaCQ/9E+LeRY59nz3K3XXUw6XLBfaDECXbKzIn0GM1yXeWTX4dB2h2hoGWdu3R
CRPxWHECN7CeJhd2J23eLfOi+fTUeppJBeR7TcGyoXVC+y0knZv/clQ3OvMFYcgV
xjzzu1yipQlXwY+kmDZ6qL5up/Q+faw7tRaePZaJheRGYpVRnjoKUZq5fe4Ug4RU
Xg6Di86eYyk+Jo0g2exvtzy1rX2eBp7Hz200wWiH5Z1B+3NzgMUHrHuJfNAz8zAt
n8uvruvaLGGtWcQJauRXlAELR6k9tmkfq1Mbqf3FK6muaQCtFD7PXXnjL/rU/z20
hhxj0psOhBJLd0W5wQ3vLnDf6Wve9zmUdTR9kI0Kt3xUUdfeBuzKcU06F/G8wEsZ
2sIYQqt0mxoJboY2lpje7TO4H9gvAf76WBOV10FV2gWsqWu2rZQ6herdq3YZYkHX
purUTgyjHn4jl2Y3Kzj0Gq1SHo0yaA/sD6xNR8X+JqljSruDxtOFU7wkKBbewoIg
OSfwemjRUVsPQZ958042ntwJt81v1604Oky8JSFr5eCFx/aoLJ1vDYh7BKZAogNH
uB/YigGq9+/MVzqJpZI+kZkd+1nzaizeL0FUPRTq0jFA2u+vc3J3svQ/jNXDH2c+
5nGuhbkvT0ptmVMBqFV2vjPh6+ScR8t03wHdQ4PmDoXC3o9zbbU=
=CfRy
-----END PGP SIGNATURE-----
Merge tag 'pull-riscv-to-apply-20250704' of https://github.com/alistair23/qemu into staging
Second RISC-V PR for 10.1
* sstc extension fixes
* Fix zama16b order in isa_edata_arr
* Profile handling fixes
* Extend PMP region up to 64
* Remove capital 'Z' CPU properties
* Add missing named features
* Support atomic instruction fetch (Ziccif)
* Add max_satp_mode from host cpu
* Extend and configure PMP region count
* Fix PPN field of Translation-reponse register
* Use qemu_chr_fe_write_all() in DBCN_CONSOLE_WRITE_BYTE
* Fix fcvt.s.bf16 NaN box checking
* Avoid infinite delay of async xmit function
* Device tree reg cleanups
* Add Kunminghu CPU and platform
* Fix missing exit TB flow for ldff_trans
* Fix migration failure when aia is configured as aplic-imsic
* Fix MEPC/SEPC bit masking for IALIGN
* Add a property to set vill bit on reserved usage of vsetvli instruction
* Add Svrsw60t59b extension support
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmhntt4ACgkQr3yVEwxT
# gBMaCQ/9E+LeRY59nz3K3XXUw6XLBfaDECXbKzIn0GM1yXeWTX4dB2h2hoGWdu3R
# CRPxWHECN7CeJhd2J23eLfOi+fTUeppJBeR7TcGyoXVC+y0knZv/clQ3OvMFYcgV
# xjzzu1yipQlXwY+kmDZ6qL5up/Q+faw7tRaePZaJheRGYpVRnjoKUZq5fe4Ug4RU
# Xg6Di86eYyk+Jo0g2exvtzy1rX2eBp7Hz200wWiH5Z1B+3NzgMUHrHuJfNAz8zAt
# n8uvruvaLGGtWcQJauRXlAELR6k9tmkfq1Mbqf3FK6muaQCtFD7PXXnjL/rU/z20
# hhxj0psOhBJLd0W5wQ3vLnDf6Wve9zmUdTR9kI0Kt3xUUdfeBuzKcU06F/G8wEsZ
# 2sIYQqt0mxoJboY2lpje7TO4H9gvAf76WBOV10FV2gWsqWu2rZQ6herdq3YZYkHX
# purUTgyjHn4jl2Y3Kzj0Gq1SHo0yaA/sD6xNR8X+JqljSruDxtOFU7wkKBbewoIg
# OSfwemjRUVsPQZ958042ntwJt81v1604Oky8JSFr5eCFx/aoLJ1vDYh7BKZAogNH
# uB/YigGq9+/MVzqJpZI+kZkd+1nzaizeL0FUPRTq0jFA2u+vc3J3svQ/jNXDH2c+
# 5nGuhbkvT0ptmVMBqFV2vjPh6+ScR8t03wHdQ4PmDoXC3o9zbbU=
# =CfRy
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 04 Jul 2025 07:11:26 EDT
# gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-20250704' of https://github.com/alistair23/qemu: (40 commits)
target: riscv: Add Svrsw60t59b extension support
target/riscv: Add a property to set vill bit on reserved usage of vsetvli instruction
tests/tcg/riscv64: Add test for MEPC bit masking
target/riscv: Fix MEPC/SEPC bit masking for IALIGN
migration: Fix migration failure when aia is configured as aplic-imsic
target/riscv: rvv: Fix missing exit TB flow for ldff_trans
hw/riscv: Initial support for BOSC's Xiangshan Kunminghu FPGA prototype
target/riscv: Add BOSC's Xiangshan Kunminghu CPU
hw/riscv/virt: Use setprop_sized_cells for pcie
hw/riscv/virt: Use setprop_sized_cells for iommu
hw/riscv/virt: Use setprop_sized_cells for rtc
hw/riscv/virt: Use setprop_sized_cells for uart
hw/riscv/virt: Use setprop_sized_cells for reset
hw/riscv/virt: Use setprop_sized_cells for virtio
hw/riscv/virt: Use setprop_sized_cells for plic
hw/riscv/virt: Use setprop_sized_cells for aclint
hw/riscv/virt: Use setprop_sized_cells for aplic
hw/riscv/virt: Use setprop_sized_cells for memory
hw/riscv/virt: Use setprop_sized_cells for clint
hw/riscv/virt: Fix clint base address type
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch adds alignment checks in the load operations (when unstacking the
return pc and psr) in the FunctionReturn pseudocode.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1154
Signed-off-by: William Kosasih <kosasihwilliam4@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250703085604.154449-4-kosasihwilliam4@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch adds alignment checks in the store operations (when stacking the
return pc and psr) in the BLXNS instruction.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1154
Signed-off-by: William Kosasih <kosasihwilliam4@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250703085604.154449-3-kosasihwilliam4@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch brings the VLSTM and VLLDM helper functions closer to the ARM
pseudocode by adding MO_ALIGN to the MemOpIdx of the associated store
(`cpu_stl_mmu`) operations and load (`cpu_ldl_mmu`) operations.
Note that this is not a bug fix: an 8-byte alignment check already exists
and remains in place, enforcing stricter alignment than the 4 bytes
requirement in the individual loads and stores. This change merely makes the
helper implementations closer to the ARM pseudocode.
That said, as a side effect, the MMU index is now resolved once instead of
on every `cpu_*_data_ra` call, reducing redundant lookups
Signed-off-by: William Kosasih <kosasihwilliam4@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250703085604.154449-2-kosasihwilliam4@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Allow dereferencing AccelOpsClass outside of accel/accel-system.c.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-30-philmd@linaro.org>
In order to dispatch over AccelOpsClass::handle_interrupt(),
we need it always defined, not calling a hidden handler under
the hood. Make AccelOpsClass::handle_interrupt() mandatory.
Expose generic_handle_interrupt() prototype and register it
for each accelerator.
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Mads Ynddal <mads@ynddal.dk>
Message-Id: <20250703173248.44995-29-philmd@linaro.org>
'dummy' helpers are specific to accelerator implementations,
no need to expose them via "system/cpus.h".
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-27-philmd@linaro.org>
Currently whpx_enabled() is restricted to target-specific code.
By defining CONFIG_WHPX_IS_POSSIBLE we allow its use anywhere.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250703173248.44995-26-philmd@linaro.org>
Currently nvmm_enabled() is restricted to target-specific code.
By defining CONFIG_NVMM_IS_POSSIBLE we allow its use anywhere.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-25-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-24-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-23-philmd@linaro.org>
Since commit 57038a92bb ("cpus: extract out kvm-specific code
to accel/kvm") the kvm_cpu_synchronize_state() stub is not
necessary.
Fixes: e0715f6abc ("kvm: remove kvm specific functions from global includes")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-22-philmd@linaro.org>
No need for accel-specific @dirty field when we have
a generic one in CPUState.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-21-philmd@linaro.org>
No need for accel-specific @dirty field when we have
a generic one in CPUState.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-20-philmd@linaro.org>
No need for accel-specific @dirty field when we have
a generic one in CPUState.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Mads Ynddal <mads@ynddal.dk>
Message-Id: <20250703173248.44995-19-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-Id: <20250703173248.44995-18-philmd@linaro.org>
We need the QEMU binary signed to be able to use HVF.
Improve the following:
$ ./qemu-system-aarch64-unsigned -M virt -accel hvf
qemu-system-aarch64-unsigned: -accel hvf: Error: ret = HV_DENIED (0xfae94007, at ../../accel/hvf/hvf-accel-ops.c:339)
Abort trap: 6
to:
$ ./qemu-system-aarch64-unsigned -M virt -accel hvf
qemu-system-aarch64-unsigned: -accel hvf: Could not access HVF. Is the executable signed with com.apple.security.hypervisor entitlement?
Suggested-by: Shatyuka <shatyuka@qq.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2800
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Mads Ynddal <mads@ynddal.dk>
Message-Id: <20250702185332.43650-29-philmd@linaro.org>
hvf-all.c aims to contain the generic accel methods (TYPE_ACCEL),
while hvf-accel-ops.c the per-vcpu methods (TYPE_ACCEL_OPS).
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-17-philmd@linaro.org>
hvf-all.c aims to contain the generic accel methods (TYPE_ACCEL),
while hvf-accel-ops.c the per-vcpu methods (TYPE_ACCEL_OPS).
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-16-philmd@linaro.org>
Common code only needs to know whether HVF is enabled and
the QOM type. Move the rest to "hvf_int.h", removing the
need for COMPILING_PER_TARGET #ifdef'ry.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-15-philmd@linaro.org>
Although unreachable, still unregister the RCU before exiting
the thread, as documented in "qemu/rcu.h":
/*
* Important !
*
* Each thread containing read-side critical sections must be registered
* with rcu_register_thread() before calling rcu_read_lock().
* rcu_unregister_thread() should be called before the thread exits.
*/
Unregister the RCU to be on par with what is done for other
accelerators.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250702185332.43650-66-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250701144017.43487-62-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-11-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-10-philmd@linaro.org>
TCG profiler was removed in commit 1b65b4f54c.
Fixes: 1b65b4f54c ("accel/tcg: remove CONFIG_PROFILER")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-9-philmd@linaro.org>
Since commit 1b65b4f54c ("accel/tcg: remove CONFIG_PROFILER",
released with QEMU v8.1.0) we get pointless output:
(qemu) info opcount
[TCG profiler not compiled]
Remove that unstable and unuseful command.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Dr. David Alan Gilbert <dave@treblig.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-8-philmd@linaro.org>
kvm_create_vcpu() is only used within the same file unit.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-7-philmd@linaro.org>
Since commit 57038a92bb ("cpus: extract out kvm-specific code
to accel/kvm") the kvm_init_cpu_signals() stub is not necessary.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-6-philmd@linaro.org>
We don't have any automatic regression tests for these machines and
when asking the usual suspects on the mailing list we came to the
conclusion that nobody tests these machines manually, too, so it seems
like this is currently just completely unused code. Mark them as depre-
cated to see whether anybody still speaks up during the deprecation
period, otherwise we can likely remove these two machines in a couple
of releases.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Acked-by: Rob Herring <robh@kernel.org>
Acked-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20250702113051.46483-1-thuth@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: tweaked deprecation.rst text]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The Svrsw60t59b extension allows to free the PTE reserved bits 60 and 59
for software to use.
Reviewed-by: Deepak Gupta <debug@rivosinc.com>
Signed-off-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Nutty Liu<liujingqi@lanxincomputing.com>
Message-ID: <20250702-dev-alex-svrsw60b59b_v2-v2-1-504ddf0f8530@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Usage of vsetvli instruction is reserved if VLMAX is changed when vsetvli rs1
and rd arguments are x0.
In this case, if the new property is true, only the vill bit will be set.
See https://github.com/riscv/riscv-isa-manual/blob/main/src/v-st-ext.adoc#avl-encoding
According to the spec, the above use cases are reserved, and
"Implementations may set vill in either case."
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2422
Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250618213542.22873-1-vliaskovitis@suse.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Add a regression test to verify that MEPC properly masks the lower
bits when an address with mode bits is written to it, as required by
the RISC-V Privileged Architecture specification.
The test sets STVEC to an address with bit 0 set (vectored mode),
triggers an illegal instruction exception, copies STVEC to MEPC in the
trap handler, and verifies that MEPC masks bits [1:0] correctly for
IALIGN=32.
Without the fix, MEPC retains the mode bits (returns non-zero/FAIL).
With the fix, MEPC clears bits [1:0] (returns 0/PASS).
Signed-off-by: Charalampos Mitrodimas <charmitro@posteo.net>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250703182157.281320-3-charmitro@posteo.net>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
According to the RISC-V Privileged Architecture specification, the low
bit of MEPC/SEPC must always be zero. When IALIGN=32, the two low bits
must be zero.
This commit fixes the behavior of MEPC/SEPC CSR reads and writes, and
the implicit reads by MRET/SRET instructions to properly mask the
lowest bit(s) based on whether the C extension is enabled:
- When C extension is enabled (IALIGN=16): mask bit 0
- When C extension is disabled (IALIGN=32): mask bits [1:0]
Previously, when vectored mode bits from STVEC (which sets bit 0 for
vectored mode) were written to MEPC, the bits would not be cleared
correctly, causing incorrect behavior on MRET.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2855
Signed-off-by: Charalampos Mitrodimas <charmitro@posteo.net>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250703182157.281320-2-charmitro@posteo.net>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Address an error in migration when aia is configured as 'aplic-imsic' in
riscv kvm vm by adding riscv_aplic_state_needed() and
riscv_imsic_state_needed() to determine whether the corresponding sates are
needed.
Previously, the fields in the vmsds of 'riscv_aplic' and 'riscv_imsic' can
only be initialized under certain special conditions in commit 95a97b3fd2.
However, the corresponding ses of these vmsds are inserted into the
savevm_state.handlers unconditionally. This led to migration failure
characterized by uninitialized fields when save vm state:
qemu-system-riscv64: ../migration/vmstate.c:433: vmstate_save_state_v:
Assertion 'first_elem || !n_elems || !size' failed.
Fixes: 95a97b3fd2 ("target/riscv: update APLIC and IMSIC to support KVM AIA")
Signed-off-by: Xuemei Liu <liu.xuemei1@zte.com.cn>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250616150034827wuHs_ffe3Qm8cqFXT7HeW@zte.com.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
According to the V spec, the vector fault-only-first load instructions
may change the VL CSR.
So the ldff_trans TCG translation function should generate the
lookup_and_goto_ptr flow as the vsetvl/vsetvli translation function to
make sure the vl_eq_vlmax TB flag is correct.
Signed-off-by: Max Chou <max.chou@sifive.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250627133013.443997-1-max.chou@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This implementation provides emulation for the Xiangshan Kunminghu
FPGA prototype platform, including support for UART, CLINT, IMSIC,
and APLIC devices. More details can be found at
https://github.com/OpenXiangShan/XiangShan
Signed-off-by: qinshaoqing <qinshaoqing@bosc.ac.cn>
Signed-off-by: Yang Wang <wangyang@bosc.ac.cn>
Signed-off-by: Yu Hu <819258943@qq.com>
Signed-off-by: Ran Wang <wangran@bosc.ac.cn>
Signed-off-by: Borong Huang <3543977024@qq.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250617074222.17618-1-wangran@bosc.ac.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Add a CPU entry for the Xiangshan Kunminghu CPU, an open-source,
high-performance RISC-V processor. More details can be found at:
https://github.com/OpenXiangShan/XiangShan
Note: The ISA extensions supported by the Xiangshan Kunminghu CPU are
categorized based on four RISC-V specifications: Volume I: Unprivileged
Architecture, Volume II: Privileged Architecture, AIA, and RVA23. The
extensions within each category are organized according to the chapter
order in the specifications.
Signed-off-by: Yu Hu <huyu@bosc.ac.cn>
Signed-off-by: Ran Wang <wangran@bosc.ac.cn>
Signed-off-by: Borong Huang <3543977024@qq.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250425122212.364-1-wangran@bosc.ac.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-13-joel@jms.id.au>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-12-joel@jms.id.au>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
