In commit ebd394948d ("target/hppa: Fix FPE exceptions") when
we added the code for setting up the registers correctly on trapping
FP exceptions, we accidentally broke the handling of the flag bits
for non-trapping exceptions.
In update_fr0_op() we incorrectly zero out the flag bits and the C
bit, so any fp operation would clear previously set flag bits. We
also stopped setting the flag bits when the fp operation raises
an exception and the trap is not enabled.
Adjust the code so that we set the Flag bits for every exception that
happened and where the trap is not enabled. (This is the correct
behaviour for the case where an instruction triggers two exceptions,
one of which traps and one of which does not; that can only happen
for inexact + underflow or inexact + overflow.)
Cc: qemu-stable@nongnu.org
Fixes: ebd394948d ("target/hppa: Fix FPE exceptions")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3158
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Helge Deller <deller@gmx.de>
Tested-by: Helge Deller <deller@gmx.de>
Message-ID: <20251017085350.895681-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
This patch ensure pmpcfg and pmpaddr comply with WARL constraints.
When the PMP granularity is greater than 4 bytes, NA4 mode is not valid
per the spec and will be silently ignored.
According to the spec, changing pmpcfg.A only affects the "read" value
of pmpaddr. When G > 2 and pmpcfg.A is NAPOT, bits pmpaddr[G-2:0] read
as all ones. When G > 1 and pmpcfg.A is OFF or TOR, bits pmpaddr[G-1:0]
read as all zeros. This allows software to read back the correct
granularity value.
In addition, when updating the PMP address rule in TOR mode,
the start and end addresses of the PMP region should be aligned
to the PMP granularity. (The current SPEC only state in TOR mode
that bits pmpaddr[G-1:0] do not affect the TOR address-matching logic.)
Signed-off-by: Jay Chang <jay.chang@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251022024141.42178-3-jay.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Previously, the PMP granularity in qemu always used a minimum
granularity of 4 bytes, this patch add pmp-granularity to allow
platforms to configure the value.
A new CPU parameter pmp-granularity has been introduced to the QEMU
command line. For example:
-cpu rv64, g=true, c=true, pmp=true, pmp-granularity=1024
If no specific value is provided, the default value is 4 bytes.
Signed-off-by: Jay Chang <jay.chang@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251022024141.42178-2-jay.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
riscv_cpu_validate_v() left its variable, min_vlen, uninitialized if
no vector extension is available, causing a compiler warning.
Re-define riscv_cpu_validate_v() as no-op when no vector extension is
available to prevent the scenario that will read the unintialized
variable by construction. It also simplifies its caller as a bonus.
Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20251021-vlen-v2-1-1fb581d4c6bf@rsg.ci.i.u-tokyo.ac.jp>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
We're filtering out (MIP_VSSIP | MIP_VSTIP | MIP_VSEIP) from S-mode
pending interrupts without apparent reason. There's no special treatment
for these ints as far as the spec goes, and this filtering is causing
read_stopi() to miss those VS interrupts [1].
We shouldn't return delegated VS interrupts in S-mode though, so change
the current mask with "~env->hideleg". Note that this is the same
handling we're doing in riscv_cpu_mirq_pending() and env->mideleg.
[1] https://gitlab.com/qemu-project/qemu/-/issues/2820
Closes: https://gitlab.com/qemu-project/qemu/-/issues/2820
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251022124340.493358-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Cc: qemu-stable@nongnu.org
Coverity CID 1641401 reports that, in reg_is_ulong_integer(), we're
dereferencing a NULL pointer in "reg1" when using it in strcasecmp()
call. A similar case is reported with CID 1641393.
In theory that will never happen - it's guaranteed that both "reg1" and
"reg2" is non-NULL because we're retrieving them in compile-time from
static arrays. Coverity doesn't know that though.
To make Coverity happier and add a bit more clarity in the code,
g_assert() each token to make it clear that those 2 values aren't
supposed to be NULL ever. Do that in both reg_is_ulong_integer() and
reg_is_u64_fpu().
We're also taking the opportunity to implement suggestions made by Peter
in [1] in both functions:
- use g_strsplit() instead of strtok();
- use g_ascii_strcasecmp() instead of strcasecmp().
[1] https://lore.kernel.org/qemu-devel/CAFEAcA_y4bwd9GANbXnpTy2mv80Vg_jp+A-VkQS5V6f0+BFRAA@mail.gmail.com/
Coverity: CID 1641393, 1641401
Fixes: e06d209aa6 ("target/riscv: implement MonitorDef HMP API")
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251022125643.588947-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This patch was originally made by Gitlab user Bo Gan (@ganboing) 4
months ago in the context of issue [1]. I asked the author to send a
patch to the mailing list ~3 months ago and got no reply. I'm sending
the patch myself because we already missed 10.1 without this fix.
I'll also just post verbatim Bo Gan comment in the commit msg:
"In RISCV Linux with KVM enabled, gdbstub is broken. The
get_physical_address isn't able to page-walk correctly and resolve the
physical page. This is due to that the vcpu is being treated as starting
in M mode even if KVM enabled. However, with KVM, the vcpu is actually
started in S mode. The mmu_idx will give 3 (M), instead of 1 (S),
resulting in Guest PA == VA (wrong)!"
Set env->priv to PRV_S in kvm_riscv_reset_regs_csr() since the VCPU is
always started in S-mode for KVM.
[1] https://gitlab.com/qemu-project/qemu/-/issues/2991
Cc: qemu-stable@nongnu.org
Closes: https://gitlab.com/qemu-project/qemu/-/issues/2991
Originally-by: Bo Gan (@ganboing in Gitlab)
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251022111105.483992-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
mo_endian_env() returns the target endianness from CPUArchState.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-14-philmd@linaro.org>
[ Changes by AF:
- Only define mo_endian_env() for softmmu
]
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
mo_endian() returns the target endianness from DisasContext.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-13-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
In preparation of automatically replacing the MO_TE flag
in the next commit, use an local @memop variable.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-12-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
All callers of gen_lr() / gen_sc() set the MO_TE and MO_ALIGN flags.
Set them once in the callees.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-11-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
All callers of gen_cmpxchg() / gen_cmpxchg64() set the MO_TE flag.
Set it once in the callees.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-10-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
All callers of gen_storepair_tl() set the MO_TE flag. Set it once in
the callee.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-9-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
All callers of gen_fload_idx() / gen_fstore_idx() set the MO_TE flag.
Set it once in the callees.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-8-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
All callers of gen_load_idx() / gen_store_idx() set the MO_TE flag.
Set it once in the callees.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-7-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
All callers of gen_load() / gen_store() set the MO_TE flag.
Set it once in the callees.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-6-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
All callers of gen_inc() set the MO_TE flag. Set it once in
the callee.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-5-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
All callers of gen_amo() set the MO_TE flag. Set it once in
the callee.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-4-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Extract the implicit MO_TE definition in order to replace
it in the next commit.
Mechanical change using:
$ for n in UW UL UQ UO SW SL SQ; do \
sed -i -e "s/MO_TE$n/MO_TE | MO_$n/" \
$(git grep -l MO_TE$n target/hexagon); \
done
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251010155045.78220-3-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
* target/arm: Enable FEAT_AIE for -cpu max
* target/arm: Fix reads of CNTFRQ_EL0 in linux-user mode
* target/arm: Implement SME2 support in gdbstub
* hw/intc/arm_gicv3_dist: Implement GICD_TYPER2 as 0
* hw/intc/arm_gicv3_kvm: Avoid reading ICC_CTLR_EL1 from kernel in cpuif reset
* MAINTAINERS: Claim the Arm XML in gdb-xml
* hw/net/rocker: Don't overflow in of_dpa_mask2prefix()
-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmj6QZ8ZHHBldGVyLm1h
eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3gA1D/0S210sIggCfQoJGXrcEgEh
pfoRMnESlMk2rdnkYdSUrWp+62/mVx+PwaJxtle4HOzCp2iEwDttJI7XSJoUIg90
uYLg9wCCjMxu5oHrRgD5xTzJPVALJLHSO2oF3UXmTk44nCxbcAerM3lQYiTJJRZA
32uy4RhNdDDy+KhZccUAD1XNR1kcoczMQ2lxMD9NADFgRF5E4z06grVIwiuRe6sK
4GhkMIXox9679qQMX/IkVKWJyIPEQv4F42B0Ksbpe4GxJxmt/Q/4Ef1dHYWwodwr
X0Ot7OMClBsEoivlgeMAhLrU92RY1sVrITGRn675tJ6Hsaz3PnkjEF7t9aX4PqiP
TDStDpcli7zOU/O5QL5qrNF7GZfhNlBdZmFFE6vZk6eGjAdhev8eNmgU33hP5ndr
sbrVYZ+UQvWkGrUWl9Vopw0rPHrBejtQ4xWFSp0LJqX1Ev6R3LDIA+XOxvetue1t
jiqlVqJfnTcsggfy2/nmY/zgdQDruNhvg8OrY1XM8Zhw7TT+1WFoh2K0OtgnxFi8
pPpg15MMI872lMbn9U81qHFxfC82LXr4nw8hn6ox36FUSCDdqqdSjIkCb7OstyC9
lrgd9WbmkeG9fJqhiSaKywgfvOGbfIfrRiJpKkSSeJQIjX8HxqjDCtOARvGw0duq
5no0CUpaUoPT6LFsl7/3wA==
=ZRVN
-----END PGP SIGNATURE-----
Merge tag 'pull-target-arm-20251023' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* target/arm: Enable FEAT_AIE for -cpu max
* target/arm: Fix reads of CNTFRQ_EL0 in linux-user mode
* target/arm: Implement SME2 support in gdbstub
* hw/intc/arm_gicv3_dist: Implement GICD_TYPER2 as 0
* hw/intc/arm_gicv3_kvm: Avoid reading ICC_CTLR_EL1 from kernel in cpuif reset
* MAINTAINERS: Claim the Arm XML in gdb-xml
* hw/net/rocker: Don't overflow in of_dpa_mask2prefix()
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmj6QZ8ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3gA1D/0S210sIggCfQoJGXrcEgEh
# pfoRMnESlMk2rdnkYdSUrWp+62/mVx+PwaJxtle4HOzCp2iEwDttJI7XSJoUIg90
# uYLg9wCCjMxu5oHrRgD5xTzJPVALJLHSO2oF3UXmTk44nCxbcAerM3lQYiTJJRZA
# 32uy4RhNdDDy+KhZccUAD1XNR1kcoczMQ2lxMD9NADFgRF5E4z06grVIwiuRe6sK
# 4GhkMIXox9679qQMX/IkVKWJyIPEQv4F42B0Ksbpe4GxJxmt/Q/4Ef1dHYWwodwr
# X0Ot7OMClBsEoivlgeMAhLrU92RY1sVrITGRn675tJ6Hsaz3PnkjEF7t9aX4PqiP
# TDStDpcli7zOU/O5QL5qrNF7GZfhNlBdZmFFE6vZk6eGjAdhev8eNmgU33hP5ndr
# sbrVYZ+UQvWkGrUWl9Vopw0rPHrBejtQ4xWFSp0LJqX1Ev6R3LDIA+XOxvetue1t
# jiqlVqJfnTcsggfy2/nmY/zgdQDruNhvg8OrY1XM8Zhw7TT+1WFoh2K0OtgnxFi8
# pPpg15MMI872lMbn9U81qHFxfC82LXr4nw8hn6ox36FUSCDdqqdSjIkCb7OstyC9
# lrgd9WbmkeG9fJqhiSaKywgfvOGbfIfrRiJpKkSSeJQIjX8HxqjDCtOARvGw0duq
# 5no0CUpaUoPT6LFsl7/3wA==
# =ZRVN
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 23 Oct 2025 09:54:23 AM CDT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20251023' of https://gitlab.com/pm215/qemu:
hw/net/rocker: Don't overflow in of_dpa_mask2prefix()
tests/tcg/aarch64: Add test case for SME2 gdbstub registers
target/arm: Implement org.gnu.gdb.aarch64.tls XML feature in gdbstub
target/arm: Implement SME2 support in gdbstub
MAINTAINERS: Claim the Arm XML in gdb-xml
hw/intc/arm_gicv3_kvm: Avoid reading ICC_CTLR_EL1 from kernel in cpuif reset
target/arm: Fix reads of CNTFRQ_EL0 in linux-user mode
target/arm: Enable FEAT_AIE for -cpu max
target/arm: Honor param.aie in get_phys_addr_lpae
target/arm: Use el local indexing mair_el
target/arm: Drop trivial assert vs attrindx
target/arm: Add AIE to ARMVAParameters
target/arm: Implement MAIR2_ELx and AMAIR2_ELx
target/arm: Add isar feature test for FEAT_AIE
hw/intc/arm_gicv3_kvm: Drop DPRINTF macro
hw/intc/arm_gicv3_dist: Implement GICD_TYPER2 as 0
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* FADUMP Support for pSeries
* Pegasos II cleanup and Pegasos I emulation
* Deprecation of pseries 3.0 up till 4.2
* Coverity fix for amigaone (CID: 1641398)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEa4EM1tK+EPOIPSFCRUTplPnWj7sFAmj6G24ACgkQRUTplPnW
j7uSmA/+MECjSD6TTVaRFdE/+Cd9LVMp8HmlkteaT+Fp/MhJKUGAxF89eBrZKBsJ
Ukecklx+6x1d6grmBIAaI3sGW3qJW42CcZL4Q1xuL+zsny8sZ3vpp3q/Haxn68WV
j53LC46rqCUueBffWWRf0q3wRovjY1MiO3LmQn+sEPLcMGLgghvD4kl2WD2uI/Gy
iYeZJq+FjroVp606xVXQHhymuQeXd/4txGEzU2x7+FpLtdhuoxKa7FD+YtJ4PP3a
qgZtZy3y4Bs41Gm6uEjdUnuKINjfADOhjqSDzqY5JZF7tgYh5hK0ibd1MI+opvCt
39YTpDoN18ljtO2g509sBuywxkz+y/EDsI8pry42MpkXxys2bj8mXoAV45jBOp5s
n/GHfJ0d//dm2gpDxGhOKFK5qvFldo8tX5msgbMAXirbXzke5PVHbMr/YXmM7kkW
4DaKnMjyRxPIDeyqPfjKspC8VnmF6Z6LzDSMYGYejHO/OKlNE7ZQqaYh5itNTaqE
xkRC+WISGm98cGYpu57VvD/wE0VmygBZ2l+j5gYS5tDVniZW3B4dUAOAqo7JCbIO
uMfRgmHaR0Jc2Xj5wf8J/D1ZzDok2OV2siabfwew5pvhJl7HiCoH/k+qzgovC5hO
L/5P4n+7ZRJwLhP45ewXkEoOK5tWowofdq/5SsFjie7n8d3U5cU=
=usd9
-----END PGP SIGNATURE-----
Merge tag 'pull-ppc-for-10.2-d2-20251023-1' of https://gitlab.com/harshpb/qemu into staging
ppc queue for 10.2
* FADUMP Support for pSeries
* Pegasos II cleanup and Pegasos I emulation
* Deprecation of pseries 3.0 up till 4.2
* Coverity fix for amigaone (CID: 1641398)
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEa4EM1tK+EPOIPSFCRUTplPnWj7sFAmj6G24ACgkQRUTplPnW
# j7uSmA/+MECjSD6TTVaRFdE/+Cd9LVMp8HmlkteaT+Fp/MhJKUGAxF89eBrZKBsJ
# Ukecklx+6x1d6grmBIAaI3sGW3qJW42CcZL4Q1xuL+zsny8sZ3vpp3q/Haxn68WV
# j53LC46rqCUueBffWWRf0q3wRovjY1MiO3LmQn+sEPLcMGLgghvD4kl2WD2uI/Gy
# iYeZJq+FjroVp606xVXQHhymuQeXd/4txGEzU2x7+FpLtdhuoxKa7FD+YtJ4PP3a
# qgZtZy3y4Bs41Gm6uEjdUnuKINjfADOhjqSDzqY5JZF7tgYh5hK0ibd1MI+opvCt
# 39YTpDoN18ljtO2g509sBuywxkz+y/EDsI8pry42MpkXxys2bj8mXoAV45jBOp5s
# n/GHfJ0d//dm2gpDxGhOKFK5qvFldo8tX5msgbMAXirbXzke5PVHbMr/YXmM7kkW
# 4DaKnMjyRxPIDeyqPfjKspC8VnmF6Z6LzDSMYGYejHO/OKlNE7ZQqaYh5itNTaqE
# xkRC+WISGm98cGYpu57VvD/wE0VmygBZ2l+j5gYS5tDVniZW3B4dUAOAqo7JCbIO
# uMfRgmHaR0Jc2Xj5wf8J/D1ZzDok2OV2siabfwew5pvhJl7HiCoH/k+qzgovC5hO
# L/5P4n+7ZRJwLhP45ewXkEoOK5tWowofdq/5SsFjie7n8d3U5cU=
# =usd9
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 23 Oct 2025 07:11:26 AM CDT
# gpg: using RSA key 6B810CD6D2BE10F3883D21424544E994F9D68FBB
# gpg: Good signature from "Harsh Prateek Bora <harsh.prateek.bora@gmail.com>" [undefined]
# gpg: aka "Harsh Prateek Bora <harshpb@linux.ibm.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6B81 0CD6 D2BE 10F3 883D 2142 4544 E994 F9D6 8FBB
* tag 'pull-ppc-for-10.2-d2-20251023-1' of https://gitlab.com/harshpb/qemu: (32 commits)
MAINTAINERS: Add entry for FADump (pSeries)
tests/functional: Add test for fadump in PSeries
hw/ppc: Enable fadump for PSeries
hw/ppc: Pass dump-sizes property for fadump in device tree
hw/ppc: Implement saving CPU state in Fadump
hw/ppc: Preserve memory regions registered for fadump
hw/ppc: Trigger Fadump boot if fadump is registered
hw/ppc: Implement fadump register command
hw/ppc/pegasos2: Add VOF support for pegasos1
hw/ppc/pegasos2: Add Pegasos I emulation
hw/ppc/pegasos2: Add bus frequency to machine state
hw/ppc/pegasos2: Introduce abstract superclass
hw/ppc/pegasos2: Move hardware specific parts out of machine reset
hw/ppc/pegasos2: Move PCI IRQ routing setup to a function
hw/ppc/pegasos2: Add south bridge pointer in the machine state
hw/ppc/pegasos2: Rename mv field in machine state
hw/ppc/pegasos2: Remove fdt pointer from machine state
hw/ppc/pegasos2: Change device tree generation
hw/ppc/pegasos2: Remove explicit name properties from device tree
ppc/vof: Make nextprop behave more like Open Firmware
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
GDB expects the TLS registers to be exposed via org.gnu.gdb.aarch64.tls,
which will contain either just "tpidr", or else "tpidr" and "tpidr2".
This will be important for SME in future, because the lazy state
restoration scheme requires GDB to use the TPIDR2 information.
GDB doesn't currently implement that, but we should provide the
register via the XML so that we are ready when future GDB versions
support it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251017153027.969016-3-peter.maydell@linaro.org
For SME2, we need to expose the new ZT0 register in the gdbstub XML.
gdb documents that the requirements are:
> The ‘org.gnu.gdb.aarch64.sme2’ feature is optional. If present,
> then the ‘org.gnu.gdb.aarch64.sme’ feature must also be present.
> The ‘org.gnu.gdb.aarch64.sme2’ feature should contain the
> following:
>
> - ZT0 is a register of 512 bits (64 bytes). It is defined as a
> vector of bytes.
Implement this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251017153027.969016-2-peter.maydell@linaro.org
In commit bd8e9ddf6f ("target/arm: Refactor default generic timer
frequency handling") we changed how we initialized the generic timer
frequency as reported in the CNTFRQ_EL0 register. As part of that,
we chanegd the linux-user version of the CNTFRQ_EL0 sysreg from
having a constant value set at compile time through the .resetvalue
field to having a reset value which we compute in a .resetfn.
This accidentally broke the reading of CNTFRQ_EL0 in linux-user mode,
because the cpreg is marked as ARM_CP_CONST, which means we translate
it as a read of the compile-time constant value in the .resetvalue
field. This is now zero, so userspace sees a 0 frequency value.
Fix the bug by dropping the ARM_CP_CONST marking. This will cause us
to translate the read as a load of the value from the CPU state
struct cp15.c14_cntfrq field, which is where the real frequency value
now lives.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3159
Fixes: bd8e9ddf6f ("target/arm: Refactor default generic timer frequency handling")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251013161040.216819-1-peter.maydell@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251014195017.421681-8-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251014195017.421681-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We already have regime_el() computed to a local.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251014195017.421681-6-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We just extracted 3 bits; the <= 7 test is trivially true.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251014195017.421681-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Allow the bit to be set in TCR2;
extract the bit in aa64_va_parameters.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251014195017.421681-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Enable the SCR.AIEn bit in scr_write, and test it in aien_access.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251014195017.421681-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251014195017.421681-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
With read/write access, add bit A/D checking if hardware PTW is
supported. If no matched, hardware page table walk is called. And
then bit A/D is updated in PTE entry and TLB entry is updated also.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
With hardware PTE supported, bit A will be set if there is read access
or instruction fetch, and bit D will be set with write access.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
However with hardware PTW supported, hardware will search page table
with TLB miss. Also if there is no TLB miss however bit Present is not set,
hardware PTW will happen also. Because there is odd/even page in one TLB
entry on LoongArch system, for example in the first time odd TLB entry is
valid and even TLB entry is 0. When software accesses with address within
even page, there is no TLB miss only that TLB entry is 0. In this
condition, hardwre PTW will happen also.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Common API update_tlb_index() is added here, it is to update TLB entry
with specified index. It is called by helper_tlbwr() now, also it can
be used by HW PTW when adding new TLB entry.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
With hardware PTW function, TLB entry will be searched at first.
If there is odd/even page on one TLB entry, and odd page is valid and
even page is none. When software access memory with address in even
page, hardware PTW will happen and fill new entry in the same TLB entry.
Here add field tlb_index to record TLB index when search TLB tables.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
The last PTE lookup sentence is much similiar with the whole page
table walker loop, move it into the whole loop.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
With PTE entry, high bit 48-63 is valid HW bit for PTE attribute,
for example bit 63 is RPLV and bit 62 is NX. With page directory table,
it is physical address of page table from view of HW, so high bit
48-63 need be discarded.
Here reverve high bit 48-63 with huge page since it is PTE entry, and
only discard it with page directory table.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Add debug parameter with function loongarch_page_table_walker(),
in debug mode it is only to get physical address. And It used in
future HW PTW usage, bit dirty and access will be updated in HW
PTW mode.
Also function loongarch_page_table_walker() is renamed as
loongarch_ptw() for short.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Function fill_tlb_entry() can be used with hardware PTW in future,
here add input parameter MMUContext in fill_tlb_entry().
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
With software PTW system, tlb index is calculated randomly when new
TLB entry is added. For hardware PTW, it is the same logic to add
new TLB entry.
Here common function get_tlb_random_index() is added to get random
tlb index when adding new TLB entry.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
With software page table walker, tlb entry comes from CSR registers.
however with hardware page table walker, tlb entry comes from page
table entry information directly, TLB CSR registers are not necessary.
Here add function sptw_prepare_context(), get tlb entry information
from TLB CSR registers.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
With hardware PTW feature enabled, Present bit and Write bit is checked
by hardware, rather Valid bit and Dirty bit. Bit P means that the page is
valid and present, and bit W means that the page is writable.
The original V bit is treated as access bit, hardware sets this bit if
there is a read or write access. Bit D bit is updated by hardware if
there is a write access.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Bit HPTW_EN in register CSR_PWCH controls enabling hardware page
table walker feature when PTW feature is enabled. Otherwise it is
reserved bit.
Here add register CSR_PWCH write helper function.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
PTW is short for page table walker, it is hardware page table walker
function. With PTW supported, hardware MMU will parse page table
table and update TLB entries automatically.
This patch adds type OnOffAuto for PTW feature setting.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Avoids the `current_cpu` global and seems more robust by not "forgetting" the
own APIC and then re-determining it by cpu_get_current_apic() which uses the
global.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251019210303.104718-9-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Makes the APIC API more type-safe by resolving quite a few APIC_COMMON
downcasts.
Like PICCommonState, the APICCommonState is now a public typedef while staying
an abstract datatype.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251019210303.104718-8-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
indent on macOS, installed via homebrew, doesn't support -linux. Only
run indent on linux hosts.
Signed-off-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Brian Cain <brian.cain@oss.qualcomm.com>
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
