The distinct-operands facility is bundled into facility 45,
along with load-on-condition. We are checking this at startup.
Remove the a0 == a1 checks for 64-bit sub, and, or, xor, as there
is no space savings for avoiding the distinct-operands insn.
tcg/s390x: Check for load-on-condition facility at startup
The general-instruction-extension facility was introduced in z196,
which itself was end-of-life in 2021. In addition, z196 is the
minimum CPU supported by our set of supported operating systems:
RHEL 7 (z196), SLES 12 (z196) and Ubuntu 16.04 (zEC12).
Check for facility number 45, which will be the consilidated check
for several facilities.
This reverts 829e1376d940 ("tcg/s390: Introduce TCG_REG_TB"), and
several follow-up patches. The primary motivation is to reduce the
less-tested code paths, pre-z10. Secondarily, this allows the
unconditional use of TCG_TARGET_HAS_direct_jump, which might be more
important for performance than any slight increase in code size.
Reviewed-by: Ilya Leoshkevich <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
---
v4: Do not simplify tgen_ori, tgen_xori.
Peter Maydell [Fri, 6 Jan 2023 15:40:37 +0000 (15:40 +0000)]
Merge tag 'pull-tcg-20230105' of https://gitlab.com/rth7680/qemu into staging
Fix race conditions in new user-only vma tracking.
Add tcg backend paired register allocation.
Cleanup tcg backend function call abi.
# gpg: Signature made Fri 06 Jan 2023 03:12:17 GMT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "[email protected]"
# gpg: Good signature from "Richard Henderson <[email protected]>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* tag 'pull-tcg-20230105' of https://gitlab.com/rth7680/qemu: (47 commits)
tests/tcg/multiarch: add vma-pthread.c
accel/tcg: Handle false negative lookup in page_check_range
accel/tcg: Use g_free_rcu for user-exec interval trees
accel/tcg: Fix tb_invalidate_phys_page_unwind
tcg: Add TCGHelperInfo argument to tcg_out_call
tcg/aarch64: Merge tcg_out_callr into tcg_out_call
tcg: Move ffi_cif pointer into TCGHelperInfo
tcg: Factor init_ffi_layouts() out of tcg_context_init()
tcg: Convert typecode_to_ffi from array to function
tcg: Reorg function calls
tcg: Use output_pref wrapper function
tcg: Vary the allocation size for TCGOp
tcg: Pass number of arguments to tcg_emit_op() / tcg_op_insert_*()
accel/tcg/plugin: Use copy_op in append_{udata,mem}_cb
accel/tcg/plugin: Avoid duplicate copy in copy_call
accel/tcg/plugin: Don't search for the function pointer index
tcg: Use TCG_CALL_ARG_EVEN for TCI special case
tcg: Replace TCG_TARGET_EXTEND_ARGS with TCG_TARGET_CALL_ARG_I32
tcg: Replace TCG_TARGET_CALL_ALIGN_ARGS with TCG_TARGET_CALL_ARG_I64
tcg: Introduce TCGCallReturnKind and TCGCallArgumentKind
...
Peter Maydell [Fri, 6 Jan 2023 12:11:22 +0000 (12:11 +0000)]
Merge tag 'pull-hex-20230105' of https://github.com/quic/qemu into staging
Hexagon update: patches from several folks
# gpg: Signature made Thu 05 Jan 2023 17:35:27 GMT
# gpg: using RSA key 3635C788CE62B91FD4C59AB47B0244FB12DE4422
# gpg: Good signature from "Taylor Simpson (Rock on) <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 3635 C788 CE62 B91F D4C5 9AB4 7B02 44FB 12DE 4422
* tag 'pull-hex-20230105' of https://github.com/quic/qemu:
Update scripts/meson-buildoptions.sh
Hexagon (target/hexagon) implement mutability mask for GPRs
target/hexagon: suppress unused variable warning
target/hexagon/idef-parser: fix two typos in README
tests/tcg/hexagon: fix underspecifed asm constraints
target/hexagon: rename aliased register HEX_REG_P3_0
linux-user/hexagon: fix signal context save & restore
Peter Maydell [Thu, 5 Jan 2023 21:04:52 +0000 (21:04 +0000)]
Merge tag 'pull-target-arm-20230105' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* Implement AArch32 ARMv8-R support
* Add Cortex-R52 CPU
* fix handling of HLT semihosting in system mode
* hw/timer/ixm_epit: cleanup and fix bug in compare handling
* target/arm: Coding style fixes
* target/arm: Clean up includes
* nseries: minor code cleanups
* target/arm: align exposed ID registers with Linux
* hw/arm/smmu-common: remove unnecessary inlines
* i.MX7D: Handle GPT timers
* i.MX7D: Connect IRQs to GPIO devices
* i.MX6UL: Add a specific GPT timer instance
* hw/net: Fix read of uninitialized memory in imx_fec
* tag 'pull-target-arm-20230105' of https://git.linaro.org/people/pmaydell/qemu-arm: (34 commits)
hw/net: Fix read of uninitialized memory in imx_fec.
i.MX7D: Connect IRQs to GPIO devices.
i.MX6UL: Add a specific GPT timer instance for the i.MX6UL
i.MX7D: Compute clock frequency for the fixed frequency clocks.
i.MX7D: Connect GPT timers to IRQ
hw/arm/smmu-common: Avoid using inlined functions with external linkage
hw/arm/smmu-common: Reduce smmu_inv_notifiers_mr() scope
target/arm: align exposed ID registers with Linux
hw/arm/nseries: Silent -Wmissing-field-initializers warning
hw/arm/nseries: Constify various read-only arrays
hw/input/tsc2xxx: Constify set_transform()'s MouseTransformInfo arg
target/arm: cleanup cpu includes
target/arm: Remove unused includes from helper.c
target/arm: Remove unused includes from m_helper.c
target/arm: Fix checkpatch brace errors in helper.c
target/arm: Fix checkpatch space errors in helper.c
target/arm: Fix checkpatch comment style warnings in helper.c
hw/timer/imx_epit: fix compare timer handling
hw/timer/imx_epit: remove explicit fields cnt and freq
hw/timer/imx_epit: factor out register write handlers
...
Pre-compute the function call layout for each helper at startup.
Drop TCG_CALL_DUMMY_ARG, as we no longer need to leave gaps
in the op->args[] array. This allows several places to stop
checking for NULL TCGTemp, to which TCG_CALL_DUMMY_ARG mapped.
For tcg_gen_callN, loop over the arguments once. Allocate the TCGOp
for the call early but delay emitting it, collecting arguments first.
This allows the argument processing loop to emit code for extensions
and have them sequenced before the call.
For tcg_reg_alloc_call, loop over the arguments in reverse order,
which allows stack slots to be filled first naturally.
We will shortly have the possibility of more that two outputs,
though only for calls (for which preferences are moot). Avoid
direct references to op->output_pref[] when possible.
We have been allocating a worst case number of arguments
to support calls. Instead, allow the size to vary.
By default leave space for 4 args, to maximize reuse,
but allow calls to increase the number of args to 32.
Change 32-bit tci TCG_TARGET_CALL_ARG_I32 to TCG_CALL_ARG_EVEN, to
force 32-bit values to be aligned to 64-bit. With a small reorg
to the argument processing loop, this neatly replaces an ifdef for
CONFIG_TCG_INTERPRETER.
tcg: Replace TCG_TARGET_CALL_ALIGN_ARGS with TCG_TARGET_CALL_ARG_I64
For 32-bit hosts when TCG_TARGET_CALL_ALIGN_ARGS was set, use
TCG_CALL_ARG_EVEN. For 64-bit hosts, TCG_TARGET_CALL_ALIGN_ARGS
was silently ignored, so always use TCG_CALL_ARG_NORMAL.
Allocate the first of a pair at the lower address, and the
second of a pair at the higher address. This will make it
easier to find the beginning of the larger memory block.
accel/tcg: Set cflags_next_tb in cpu_common_initfn
While we initialize this value in cpu_common_reset, that
isn't called during startup, so set it as well in init.
This fixes -singlestep versus the very first TB.
Fixes: 04f5b647ed07 ("accel/tcg: Handle -singlestep in curr_cflags") Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
There are several instances where we need to be able to
allocate a pair of registers to related inputs/outputs.
Add 'p' and 'm' register constraints for this, in order to
be able to allocate the even/odd register first or second.
Note: `Makefile` relies on modification dates in the source tree to
detect changes to `meson_options.txt`. However, git does not track
those. Therefore, the following was necessary to regenerate
`meson-buildoptions.sh`:
touch meson_options.txt
cd "$BUILD_DIR"
make update-buildoptions
This patch manually suppresses a warning for an unused variable
(yynerrs) emitted by bison.
This warning has been triggered for the first time by clang 15.
This patch also disables `-Wextra`, which is not usually adopted in
QEMU. However, clang 15 triggers the warning fixed in this patch even in
absence of `-Wextra`.
The patch renames the identifier of the 32bit register
HEX_REG_P3_0 to HEX_REG_P3_0_ALIASED.
This change is to intended to provide some warning that
HEX_REG_P3_0 is an aliased register which has multiple
representations in CPU state and therefore might require
special handling in some contexts. The hope is to prevent
accidental misuse of this register e.g the issue reported
for the signals tests failure [here][1].
The root cause of the issue is a bug in the hexagon specific
logic for saving & restoring context during signal delivery.
The CPU state has two different representations for the
predicate registers. The current logic saves & restores only
the aliased HEX_REG_P3_O register, which is part of env->gpr[]
field in the CPU state, but not the individual byte-level
predicate registers (pO, p1, p2, p3) backed by env->pred[].
Since all predicated instructions refer only to the
indiviual registers, switching to and back from a signal handler
can clobber these registers if the signal handler writes to them
causing the normal application code to behave unpredictably when
context is restored.
In the reported issue with the 'signals' test, since the updated
hexagon toolchain had built musl with -O2, the functions called
from non_trivial_free were inlined. This meant that the code
emitted reused predicate P0 computed in the entry translation
block of the function non_trivial_free in one of the child TB
as part of an assertion. Since P0 is clobbered by the signal
handler in the signals test, the assertion in non_trivial_free
fails incorectly. Since musl for hexagon implements the 'abort'
function by deliberately writing to memory via null pointer,
this causes the test to fail with segmentation fault.
This patch modifies the signal context save & restore logic
to include the individual p0, p1, p2, p3 and excludes the
32b p3_0 register since its value is derived from the former
registers. It also adds a new test case that reliabily
reproduces the issue for all four predicate registers.
* tag 'python-pull-request' of https://gitlab.com/jsnow/qemu:
python: add 3.11 to supported list
iotests/check: Fix typing for sys.exit() value
Python: fix flake8 config
python/machine: Handle termination cases without QMP
python/machine: Add debug logging to key state changes
hw/net: Fix read of uninitialized memory in imx_fec.
Size is used at lines 1088/1188 for the loop, which reads the last 4
bytes from the crc_ptr so it does need to get increased, however it
shouldn't be increased before the buffer is passed to CRC computation,
or the crc32 function will access uninitialized memory.
This was pointed out to me by [email protected] during the code review of
a similar patch to hw/net/ftgmac100.c
hw/arm/smmu-common: Avoid using inlined functions with external linkage
When using Clang ("Apple clang version 14.0.0 (clang-1400.0.29.202)")
and building with -Wall we get:
hw/arm/smmu-common.c:173:33: warning: static function 'smmu_hash_remove_by_asid_iova' is used in an inline function with external linkage [-Wstatic-in-inline]
hw/arm/smmu-common.h:170:1: note: use 'static' to give inline function 'smmu_iotlb_inv_iova' internal linkage
void smmu_iotlb_inv_iova(SMMUState *s, int asid, dma_addr_t iova,
^
static
None of our code base require / use inlined functions with external
linkage. Some places use internal inlining in the hot path. These
two functions are certainly not in any hot path and don't justify
any inlining, so these are likely oversights rather than intentional.
Zhuojia Shen [Sat, 17 Dec 2022 01:01:26 +0000 (17:01 -0800)]
target/arm: align exposed ID registers with Linux
In CPUID registers exposed to userspace, some registers were missing
and some fields were not exposed. This patch aligns exposed ID
registers and their fields with what the upstream kernel currently
exposes.
Specifically, the following new ID registers/fields are exposed to
userspace:
ID_AA64SMFR0_EL1.F32F32: bit 32
ID_AA64SMFR0_EL1.B16F32: bit 34
ID_AA64SMFR0_EL1.F16F32: bit 35
ID_AA64SMFR0_EL1.I8I32: bits 39-36
ID_AA64SMFR0_EL1.F64F64: bit 48
ID_AA64SMFR0_EL1.I16I64: bits 55-52
ID_AA64SMFR0_EL1.FA64: bit 63
The code is also refactored to use symbolic names for ID register fields
for better readability and maintainability.
The test case in tests/tcg/aarch64/sysregs.c is also updated to match
the intended behavior.
Signed-off-by: Zhuojia Shen <[email protected]>
Message-id: DS7PR12MB6309FB585E10772928F14271ACE79@DS7PR12MB6309.namprd12.prod.outlook.com Reviewed-by: Peter Maydell <[email protected]>
[PMM: use Sn_n_Cn_Cn_n syntax to work with older assemblers
that don't recognize id_aa64isar2_el1 and id_aa64mmfr2_el1] Signed-off-by: Peter Maydell <[email protected]>
Peter Maydell [Thu, 5 Jan 2023 14:05:21 +0000 (14:05 +0000)]
Merge tag 'mem-2023-01-02' of https://github.com/davidhildenbrand/qemu into staging
Hi,
"Host Memory Backends" and "Memory devices" queue ("mem"):
- virtio-mem fixes
- Use new MPOL_PREFERRED_MANY mbind() policy for memory backends if
possible
* tag 'mem-2023-01-02' of https://github.com/davidhildenbrand/qemu:
hostmem: Honor multiple preferred nodes if possible
virtio-mem: Fix typo in function name
virtio-mem: Fix the iterator variable in a vmem->rdl_list loop
virtio-mem: Fix the bitmap index of the section offset
Fabiano Rosas [Tue, 13 Dec 2022 19:05:33 +0000 (16:05 -0300)]
target/arm: Fix checkpatch space errors in helper.c
Fix the following:
ERROR: spaces required around that '|' (ctx:VxV)
ERROR: space required before the open parenthesis '('
ERROR: spaces required around that '+' (ctx:VxB)
ERROR: space prohibited between function name and open parenthesis '('
(the last two still have some occurrences in macros which I left
behind because it might impact readability)
Fabiano Rosas [Tue, 13 Dec 2022 19:05:32 +0000 (16:05 -0300)]
target/arm: Fix checkpatch comment style warnings in helper.c
Fix these:
WARNING: Block comments use a leading /* on a separate line
WARNING: Block comments use * on subsequent lines
WARNING: Block comments use a trailing */ on a separate line
Axel Heider [Sun, 20 Nov 2022 19:05:25 +0000 (20:05 +0100)]
hw/timer/imx_epit: fix compare timer handling
- fix #1263 for CR writes
- rework compare time handling
- The compare timer has to run even if CR.OCIEN is not set,
as SR.OCIF must be updated.
- The compare timer fires exactly once when the
compare value is less than the current value, but the
reload values is less than the compare value.
- The compare timer will never fire if the reload value is
less than the compare value. Disable it in this case.
Axel Heider [Tue, 25 Oct 2022 10:33:42 +0000 (12:33 +0200)]
hw/timer/imx_epit: remove explicit fields cnt and freq
The CNT register is a read-only register. There is no need to
store it's value, it can be calculated on demand.
The calculated frequency is needed temporarily only.
Note that this is a migration compatibility break for all boards
types that use the EPIT peripheral.
Alex Bennée [Thu, 5 Jan 2023 11:43:04 +0000 (11:43 +0000)]
target/arm: fix handling of HLT semihosting in system mode
The check semihosting_enabled() wants to know if the guest is
currently in user mode. Unlike the other cases the test was inverted
causing us to block semihosting calls in non-EL0 modes.
Tobias Röhmel [Tue, 6 Dec 2022 10:25:01 +0000 (11:25 +0100)]
target/arm: Enable TTBCR_EAE for ARMv8-R AArch32
ARMv8-R AArch32 CPUs behave as if TTBCR.EAE is always 1 even
tough they don't have the TTBCR register.
See ARM Architecture Reference Manual Supplement - ARMv8, for the ARMv8-R
AArch32 architecture profile Version:A.c section C1.2.
Tobias Röhmel [Tue, 6 Dec 2022 10:25:00 +0000 (11:25 +0100)]
target/arm: Make stage_2_format for cache attributes optional
The v8R PMSAv8 has a two-stage MPU translation process, but, unlike
VMSAv8, the stage 2 attributes are in the same format as the stage 1
attributes (8-bit MAIR format). Rather than converting the MAIR
format to the format used for VMSA stage 2 (bits [5:2] of a VMSA
stage 2 descriptor) and then converting back to do the attribute
combination, allow combined_attrs_nofwb() to accept s2 attributes
that are already in the MAIR format.
We move the assert() to combined_attrs_fwb(), because that function
really does require a VMSA stage 2 attribute format. (We will never
get there for v8R, because PMSAv8 does not implement FEAT_S2FWB.)
Tobias Röhmel [Tue, 6 Dec 2022 10:24:59 +0000 (11:24 +0100)]
target/arm: Make RVBAR available for all ARMv8 CPUs
RVBAR shadows RVBAR_ELx where x is the highest exception
level if the highest EL is not EL3. This patch also allows
ARMv8 CPUs to change the reset address with
the rvbar property.
Tobias Röhmel [Tue, 6 Dec 2022 10:24:58 +0000 (11:24 +0100)]
target/arm: Don't add all MIDR aliases for cores that implement PMSA
Cores with PMSA have the MPUIR register which has the
same encoding as the MIDR alias with opc2=4. So we only
add that alias if we are not realizing a core that
implements PMSA.
Peter Maydell [Mon, 12 Dec 2022 14:27:08 +0000 (14:27 +0000)]
target/arm:Set lg_page_size to 0 if either S1 or S2 asks for it
In get_phys_addr_twostage() we set the lg_page_size of the result to
the maximum of the stage 1 and stage 2 page sizes. This works for
the case where we do want to create a TLB entry, because we know the
common TLB code only creates entries of the TARGET_PAGE_SIZE and
asking for a size larger than that only means that invalidations
invalidate the whole larger area. However, if lg_page_size is
smaller than TARGET_PAGE_SIZE this effectively means "don't create a
TLB entry"; in this case if either S1 or S2 said "this covers less
than a page and can't go in a TLB" then the final result also should
be marked that way. Set the resulting page size to 0 if either
stage asked for a less-than-a-page entry, and expand the comment
to explain what's going on.
This has no effect for VMSA because currently the VMSA lookup always
returns results that cover at least TARGET_PAGE_SIZE; however when we
add v8R support it will reuse this code path, and for v8R the S1 and
S2 results can be smaller than TARGET_PAGE_SIZE.
We now check the consistency of reg_to_temp[] with each update,
so the utility of checking consistency at the end of each
opcode is minimal. In addition, the form of this check is
quite expensive, consuming 10% of a checking-enabled build.
projects / qemu.git / log