Stefan Hajnoczi [Mon, 10 Mar 2025 05:40:35 +0000 (13:40 +0800)]
Merge tag 'pull-aspeed-20250309' of https://github.com/legoater/qemu into staging
aspeed queue:
* Updated Aspeed OpenBMC functional test images
* Introduced functional tests for witherspoon and bletchley machines
* Added support for Non-maskable Interrupt on AST2700 SoC
* Fixed HW strapping on AST2700 SoC
* Added AST2700 HACE support
* Added AST2700 A1 SoC support
* Intoduced new ast2700a1-evb machine
* tag 'pull-aspeed-20250309' of https://github.com/legoater/qemu: (46 commits)
docs/specs: Add aspeed-intc
tests/functional/aspeed: Add test case for AST2700 A1
tests/functional/aspeed: Update test ASPEED SDK v09.05
tests/functional/aspeed: Update temperature hwmon path
tests/functional/aspeed: Introduce start_ast2700_test API
hw/arm/aspeed_ast27x0: Sort the memmap table by mapping address
hw/arm/aspeed: Add Machine Support for AST2700 A1
hw/arm/aspeed_ast27x0: Add SoC Support for AST2700 A1
hw/arm/aspeed_ast27x0: Support two levels of INTC controllers for AST2700 A1
hw/arm/aspeed_ast27x0: Define an Array of AspeedINTCState with Two Instances
hw/arm/aspeed_ast27x0.c Support AST2700 A1 GIC Interrupt Mapping
hw/misc/aspeed_scu: Add Support for AST2700/AST2750 A1 Silicon Revisions
hw/intc/aspeed: Add Support for AST2700 INTCIO Controller
hw/intc/aspeed: Add Support for Multi-Output IRQ Handling
hw/intc/aspeed: Introduce IRQ handler function to reduce code duplication
hw/intc/aspeed: Introduce AspeedINTCIRQ structure to save the irq index and register address
hw/intc/aspeed: Refactor INTC to support separate input and output pin indices
hw/intc/aspeed: Add support for multiple output pins in INTC
hw/intc/aspeed: Rename num_ints to num_inpins for clarity
hw/intc/aspeed: Support different memory region ops
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (25 commits)
rust: pl011: Allow NULL chardev argument to pl011_create()
meson.build: default to -gsplit-dwarf for debug info
rust: qom: remove operations on &mut
rust: cell: add full example of declaring a SysBusDevice
rust: hpet: decode HPET registers into enums
rust: pl011: pass around registers::Data
rust: pl011: switch to safe chardev operation
rust: pl011: clean up visibilities of callbacks
rust: pl011: move register definitions out of lib.rs
rust: chardev: provide basic bindings to character devices
rust: bindings: remove more unnecessary Send/Sync impls
rust: chardev: wrap Chardev with Opaque<>
rust: memory: wrap MemoryRegion with Opaque<>
rust: sysbus: wrap SysBusDevice with Opaque<>
rust: hpet: do not access fields of SysBusDevice
rust: qdev: wrap Clock and DeviceState with Opaque<>
rust: qom: wrap Object with Opaque<>
rust: irq: wrap IRQState with Opaque<>
rust: timer: wrap QEMUTimer with Opaque<> and express pinning requirements
rust: hpet: embed Timer without the Option and Box indirection
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Jamin Lin [Fri, 7 Mar 2025 03:59:36 +0000 (11:59 +0800)]
tests/functional/aspeed: Update test ASPEED SDK v09.05
In ASPEED SDK v09.05, the naming convention for pre-built images has been
updated. The pre-built image for AST2700 A0 has been renamed to
ast2700-a0-default, while ast2700-default is now used for AST2700 A1.
Jamin Lin [Fri, 7 Mar 2025 03:59:34 +0000 (11:59 +0800)]
tests/functional/aspeed: Introduce start_ast2700_test API
Added a new method "start_ast2700_test" to the "AST2x00MachineSDK" class and
this method centralizes the logic for starting the AST2700 test, making it
reusable for different test cases.
Jamin Lin [Fri, 7 Mar 2025 03:59:31 +0000 (11:59 +0800)]
hw/arm/aspeed_ast27x0: Add SoC Support for AST2700 A1
The memory map for AST2700 A1 remains compatible with AST2700 A0. However, the
IRQ mapping has been updated for AST2700 A1, with GIC interrupts now ranging
from 192 to 201. Add a new IRQ map table for AST2700 A1.
Add "aspeed_soc_ast2700a1_class_init" to initialize the AST2700 A1 SoC.
Jamin Lin [Fri, 7 Mar 2025 03:59:30 +0000 (11:59 +0800)]
hw/arm/aspeed_ast27x0: Support two levels of INTC controllers for AST2700 A1
The design of INTC controllers has significantly changed in AST2700 A1.
There are a total of 480 interrupt sources in AST2700 A1. For interrupt numbers
from 0 to 127, they can route directly to PSP, SSP, and TSP. Due to the
limitation of interrupt numbers of processors, the interrupts are merged every
32 sources for interrupt numbers greater than 127.
There are two levels of interrupt controllers, INTC(CPUD Die) and INTCIO
(IO Die). The interrupt sources of INTC are the interrupt numbers from INTC_0 to
INTC_127 and interrupts from INTCIO. The interrupt sources of INTCIO are the
interrupt numbers greater than INTC_127. INTC_IO controls the interrupts
INTC_128 to INTC_319 only.
Currently, only GIC 192 to 201 are supported, and their source interrupts are
from INTCIO and connected to INTC at input pin 0 and output pins 0 to 9 for
GIC 192-201.
The design of the orgates for GICINT 196 is as follows:
It has interrupt sources ranging from 0 to 31, with its output pin connected to
INTCIO "T0 GICINT_196". The output pin is then connected to INTC "GIC_192_201"
at bit 4, and its bit 4 output should be connected to GIC 196.
The design of INTC GIC_192_201 have 10 output pins, mapped as following:
Bit 0 -> GIC 192
Bit 1 -> GIC 193
Bit 2 -> GIC 194
Bit 3 -> GIC 195
Bit 4 -> GIC 196
To support both AST2700 A1 and A0, INTC input pins 1 to 9 and output pins
10 to 18 remain to support GIC 128-136, which source interrupts from INTC.
These will be removed if we decide not to support AST2700 A0 in the future.
Jamin Lin [Fri, 7 Mar 2025 03:59:29 +0000 (11:59 +0800)]
hw/arm/aspeed_ast27x0: Define an Array of AspeedINTCState with Two Instances
Updated Aspeed27x0SoCState to include an intc[2] array instead of a single
AspeedINTCState instance. Modified aspeed_soc_ast2700_get_irq and
aspeed_soc_ast2700_get_irq_index to correctly reference the corresponding
interrupt controller instance and OR gate index.
Currently, only GIC 192 to 201 are supported, and their source interrupts are
from INTCIO and connected to INTC at input pin 0 and output pins 0 to 9 for
GIC 192-201.
To support both AST2700 A1 and A0, INTC input pins 1 to 9 and output pins
10 to 18 remain to support GIC 128-136, which source interrupts from INTC.
Jamin Lin [Fri, 7 Mar 2025 03:59:28 +0000 (11:59 +0800)]
hw/arm/aspeed_ast27x0.c Support AST2700 A1 GIC Interrupt Mapping
Currently, these IRQ tables support from GIC 128 - 136 for AST2700 A0.
These IRQ tables can be reused for AST2700 A1 from GIC 192 - 197.
Updates the interrupt mapping to include support for AST2700 A1 by extending
the existing mappings to the new GIC range.
Jamin Lin [Fri, 7 Mar 2025 03:59:26 +0000 (11:59 +0800)]
hw/intc/aspeed: Add Support for AST2700 INTCIO Controller
Introduce a new ast2700 INTCIO class to support AST2700 INTCIO.
Added new register definitions for INTCIO, including enable and status
registers for IRQs GICINT192 through GICINT197.
Created a dedicated IRQ array for INTCIO, supporting six input pins and six
output pins, aligning with the newly defined registers.
Implemented "aspeed_intcio_read" and "aspeed_intcio_write" to handle
INTCIO-specific register access.
Jamin Lin [Fri, 7 Mar 2025 03:59:25 +0000 (11:59 +0800)]
hw/intc/aspeed: Add Support for Multi-Output IRQ Handling
This update introduces support for handling multi-output IRQs in the AST2700
interrupt controller (INTC), specifically for GICINT192_201. GICINT192_201 maps
1:10 to input IRQ 0 and output IRQs 0 to 9. Each status bit corresponds to a
specific IRQ.
Implemented "aspeed_intc_set_irq_handler_multi_outpins" to handle IRQs with
multiple output pins. Introduced "aspeed_intc_status_handler_multi_outpins"
for managing status registers associated with multi-output IRQs.
Added new IRQ definitions for GICINT192_201 in INTC.
Adjusted the IRQ array to accommodate 10 input pins and 19 output pins,
aligning with the new GICINT192_201 mappings.
Jamin Lin [Fri, 7 Mar 2025 03:59:24 +0000 (11:59 +0800)]
hw/intc/aspeed: Introduce IRQ handler function to reduce code duplication
The behavior of the INTC set IRQ is almost identical between INTC and INTCIO.
To reduce duplicated code, introduce the "aspeed_intc_set_irq_handler" function
to handle both INTC and INTCIO IRQ behavior. No functional change.
Jamin Lin [Fri, 7 Mar 2025 03:59:23 +0000 (11:59 +0800)]
hw/intc/aspeed: Introduce AspeedINTCIRQ structure to save the irq index and register address
The INTC controller supports GICINT128 to GICINT136, mapping 1:1 to input and
output IRQs 0 to 8. Previously, the formula "address & 0x0f00" was used to
derive the IRQ index numbers.
However, the INTC controller also supports GICINT192_201, mapping 1 input IRQ
pin to 10 output IRQ pins. The pin numbers for input and output are different.
It is difficult to use a formula to determine the index number of INTC model
supported input and output IRQs.
To simplify and improve readability, introduces the AspeedINTCIRQ structure to
save the input/output IRQ index and its enable/status register address.
Introduce the "aspeed_2700_intc_irqs" table to store IRQ information for INTC.
Introduce the "aspeed_intc_get_irq" function to retrieve the input/output IRQ
pin index from the provided status/enable register address.
Jamin Lin [Fri, 7 Mar 2025 03:59:21 +0000 (11:59 +0800)]
hw/intc/aspeed: Add support for multiple output pins in INTC
Added support for multiple output pins in the INTC controller to
accommodate the AST2700 A1.
Introduced "num_outpins" to represent the number of output pins. Updated the
IRQ handling logic to initialize and connect output pins separately from input
pins. Modified the "aspeed_soc_ast2700_realize" function to connect source
orgates to INTC and INTC to GIC128 - GIC136. Updated the "aspeed_intc_realize"
function to initialize output pins.
Jamin Lin [Fri, 7 Mar 2025 03:59:20 +0000 (11:59 +0800)]
hw/intc/aspeed: Rename num_ints to num_inpins for clarity
To support AST2700 A1, some registers of the INTC(CPU Die) support one input
pin to multiple output pins. Renamed "num_ints" to "num_inpins" in the INTC
controller code for better clarity and consistency in naming conventions.
Jamin Lin [Fri, 7 Mar 2025 03:59:19 +0000 (11:59 +0800)]
hw/intc/aspeed: Support different memory region ops
The previous implementation set the "aspeed_intc_ops" struct, containing read
and write callbacks, to be used when I/O is performed on the INTC region.
Both "aspeed_intc_read" and "aspeed_intc_write" callback functions were used
for INTC (CPU Die).
To support the INTCIO (IO Die) model, introduces a new "reg_ops" class
attribute. This allows setting different memory region operations to support
different INTC models.
Will introduce "aspeed_intcio_read" and "aspeed_intcio_write" callback
functions are used for INTCIO.
Jamin Lin [Fri, 7 Mar 2025 03:59:17 +0000 (11:59 +0800)]
hw/arm/aspeed: Rename IRQ table and machine name for AST2700 A0
Currently, AST2700 SoC only supports A0. To support AST2700 A1, rename its IRQ
table and machine name.
To follow the machine deprecation rule, the initial machine "ast2700-evb" is
aliased to "ast2700a0-evb." In the future, we will alias "ast2700-evb" to new
SoCs, such as "ast2700a1-evb."
Jamin Lin [Fri, 7 Mar 2025 03:59:16 +0000 (11:59 +0800)]
hw/intc/aspeed: Add object type name to trace events for better debugging
Currently, these trace events only refer to INTC. To simplify the INTC model,
both INTC(CPU Die) and INTCIO(IO Die) will share the same helper functions.
However, it is difficult to recognize whether these trace events are comes from
INTC or INTCIO. To make these trace events more readable, adds object type name
to the INTC trace events.
Update trace events to include the "name" field for better identification.
Jamin Lin [Fri, 7 Mar 2025 03:59:15 +0000 (11:59 +0800)]
hw/intc/aspeed: Introduce helper functions for enable and status registers
The behavior of the enable and status registers is almost identical between
INTC(CPU Die) and INTCIO(IO Die). To reduce duplicated code, adds
"aspeed_intc_enable_handler" functions to handle enable register write
behavior and "aspeed_intc_status_handler" functions to handle status
register write behavior. No functional change.
Jamin Lin [Fri, 7 Mar 2025 03:59:14 +0000 (11:59 +0800)]
hw/intc/aspeed: Reduce regs array size by adding a register sub-region
Currently, the size of the "regs" array is 0x2000, which is too large. So far,
it only uses "GICINT128 to `GICINT134", and the offsets from 0 to 0x1000 are
unused. To save code size and avoid mapping large unused gaps, update to only
map the useful set of registers:
INTC register [0x1000 – 0x1804]
Update "reg_size" to 0x808. Introduce a new class attribute "reg_offset" to set
the start offset of a "INTC" sub-region. Set the "reg_offset" to 0x1000 for INTC
registers.
Jamin Lin [Fri, 7 Mar 2025 03:59:13 +0000 (11:59 +0800)]
hw/intc/aspeed: Support setting different register size
Currently, the size of the regs array is 0x2000, which is too large. So far,
it only use GICINT128 - GICINT134, and the offsets from 0 to 0x1000 are unused.
To save code size, introduce a new class attribute "reg_size" to set the
different register sizes for the INTC models in AST2700 and add a regs
sub-region in the memory container.
Jamin Lin [Fri, 7 Mar 2025 03:59:12 +0000 (11:59 +0800)]
hw/intc/aspeed: Introduce dynamic allocation for regs array
Currently, the size of the "regs" array is 0x2000, which is too large. To save
code size and avoid mapping large unused gaps, will update it to only map the
useful set of registers. This update will support multiple sub-regions with
different sizes.
To address the redundant size issue, replace the static "regs" array with a
dynamically allocated "regs" memory.
Introduce a new "aspeed_intc_unrealize" function to free the allocated "regs"
memory.
Jamin Lin [Fri, 7 Mar 2025 03:59:11 +0000 (11:59 +0800)]
hw/intc/aspeed: Rename status_addr and addr to status_reg and reg for clarity
Rename the variables "status_addr" to "status_reg" and "addr" to "reg" because
they are used as register index. This change makes the code more appropriate
and improves readability.
Jamin Lin [Fri, 7 Mar 2025 03:59:10 +0000 (11:59 +0800)]
hw/intc/aspeed: Support setting different memory size
According to the AST2700 datasheet, the INTC(CPU DIE) controller has 16KB
(0x4000) of register space, and the INTCIO (I/O DIE) controller has 1KB (0x400)
of register space.
Introduced a new class attribute "mem_size" to set different memory sizes for
the INTC models in AST2700.
Jamin Lin [Tue, 4 Mar 2025 06:47:08 +0000 (14:47 +0800)]
hw/arm/aspeed_ast27x0.c Fix boot issue for AST2700
Currently, ASPEED_DEV_SPI_BOOT is set to "0x400000000", which is the DRAM start
address, and the QEMU loader is used to load the U-Boot binary into this address.
However, if users want to install FMC flash contents as a boot ROM, the DRAM
address 0x400000000 would be overwritten with Boot ROM data. This causes the
AST2700 to fail to boot because the U-Boot data becomes incorrect.
To fix this, change the ASPEED_DEV_SPI_BOOT address to "0x100000000", which is
the FMC0 memory-mapped start address in the AST2700.
Jamin Lin [Tue, 4 Mar 2025 06:47:07 +0000 (14:47 +0800)]
hw/arm/aspeed_ast27x0.c Separate HW Strap Registers for SCU and SCUIO
There is one hw-strap1 register in the SCU (CPU DIE) and another hw-strap1
register in the SCUIO (IO DIE). The values of these two registers should not be
the same. To reuse the current design of hw-strap, hw-strap1 is assigned to the
SCU and sets the value in the SCU hw-strap1 register, while hw-strap2 is
assigned to the SCUIO and sets the value in the SCUIO hw-strap1 register.
Jamin Lin [Tue, 4 Mar 2025 06:47:06 +0000 (14:47 +0800)]
hw/misc/aspeed_scu: Fix the hw-strap1 cannot be set in the SOC layer for AST2700
There is one hw_strap1 register in the SCU (CPU DIE) and another hw_strap1
register in the SCUIO (IO DIE).
In the "ast2700_a0_resets" function, the hardcoded value "0x00000800" is set in
SCU hw-strap1 (CPU DIE), and in "ast2700_a0_resets_io" the hardcoded value
"0x00000504" is set in SCUIO hw-strap1 (IO DIE). Both values cannot be set via
the SOC layer.
The value of "s->hw_strap1" is set by the SOC layer via the "hw-strap1" property.
Update the "aspeed_ast2700_scu_reset" function to set the value of "s->hw_strap1"
in both the SCU and SCUIO hw-strap1 registers.
Jamin Lin [Tue, 4 Mar 2025 06:47:05 +0000 (14:47 +0800)]
hw/arm/aspeed Update HW Strap Default Values for AST2700
Separate HW Strap Registers for SCU and SCUIO.
AST2700_EVB_HW_STRAP1 is used for the SCU (CPU Die) hw-strap1.
AST2700_EVB_HW_STRAP2 is used for the SCUIO (IO Die) hw-strap1.
Additionally, both default values are updated based on the dump from the EVB.
Jamin Lin [Tue, 4 Mar 2025 06:47:04 +0000 (14:47 +0800)]
hw/misc/aspeed_scu: Fix the revision ID cannot be set in the SOC layer for AST2700
According to the design of the AST2600, it has a Silicon Revision ID Register,
specifically SCU004 and SCU014, to set the Revision ID for the AST2600.
For the AST2600 A3, SCU004 is set to 0x05030303 and SCU014 is set to 0x05030303.
In the "aspeed_ast2600_scu_reset" function, the hardcoded value
"AST2600_A3_SILICON_REV" is set in SCU004, and "s->silicon_rev" is set in
SCU014. The value of "s->silicon_rev" is set by the SOC layer via the
"silicon-rev" property.
However, the design of the AST2700 is different. There are two SCU controllers:
SCU0 (CPU Die) and SCU1 (IO Die). In the AST2700, the firmware reads the SCU
Silicon Revision ID register (SCU0_000) and the SCUIO Silicon Revision ID
register (SCU1_000), combining them into a single 64-bit value.
The upper 32 bits represent the SCUIO, while the lower 32 bits correspond to the
SCU. For example, the AST2700-A1 revision is represented as 0x0601010306010103.
SCUIO_000 occupies bits [63:32] with a value of 0x06010103 and SCU_000 occupies
bits [31:0] with a value of 0x06010103.
Jamin Lin [Tue, 25 Feb 2025 07:56:21 +0000 (15:56 +0800)]
hw/misc/aspeed_hace: Fix boot issue in the Crypto Manager Self Test
Currently, it does not support the CRYPT command. Instead, it only sends an
interrupt to notify the firmware that the crypt command has completed.
It is a temporary workaround to resolve the boot issue in the Crypto Manager
Self Test.
Introduce a new "use_crypt_workaround" class attribute and set it to true in
the AST2700 HACE model to enable this workaround by default for AST2700.
Jamin Lin [Tue, 25 Feb 2025 07:56:20 +0000 (15:56 +0800)]
hw/arm/aspeed_ast27x0: Add HACE support for AST2700
The HACE controller between AST2600 and AST2700 are almost identical.
The HACE controller registers base address starts at 0x1207_0000 and
its alarm interrupt is connected to GICINT4.
Cédric Le Goater [Wed, 29 Jan 2025 07:18:18 +0000 (08:18 +0100)]
tests/functional: Update OpenBMC image of romulus machine
Use the new do_test_arm_aspeed_openbmc() routine to run the latest
OpenBMC firmware build of the romulus BMC. Remove the older routine
which is now unused.
Cédric Le Goater [Wed, 29 Jan 2025 07:18:16 +0000 (08:18 +0100)]
tests/functional: Introduce a new test routine for OpenBMC images
The OpenBMC images currently used by QEMU to test the Aspeed machines
are rather old. To prepare an update to the latest builds, we need to
adjust the console patterns. Introduce a new routine to preserve the
current tests.
Peter Maydell [Fri, 7 Mar 2025 19:00:51 +0000 (19:00 +0000)]
rust: pl011: Allow NULL chardev argument to pl011_create()
It's valid for the caller to pass a NULL chardev to pl011_create();
this means "don't set the chardev property on the device", which
in turn means "act like there's no chardev". All the chardev
frontend APIs (in C, at least) accept a NULL pointer to mean
"do nothing".
This fixes some failures in 'make check-functional' when Rust support
is enabled.
Stefan Hajnoczi [Sun, 9 Mar 2025 03:45:00 +0000 (11:45 +0800)]
Merge tag 'pull-tcg-20250308' of https://gitlab.com/rth7680/qemu into staging
include/qemu: Tidy atomic128 headers.
include/exec: Split out cpu-interrupt.h
include/exec: Split many tlb_* declarations to cputlb.h
include/accel/tcg: Split out getpc.h
accel/tcg: system: Compile some files once
linux-user/main: Allow setting tb-size
* tag 'pull-tcg-20250308' of https://gitlab.com/rth7680/qemu: (23 commits)
accel/tcg: Build tcg-runtime-gvec.c once
accel/tcg: Build tcg-runtime.c once
qemu/atomic128: Include missing 'qemu/atomic.h' header
qemu/atomic: Rename atomic128-ldst.h headers using .h.inc suffix
qemu/atomic: Rename atomic128-cas.h headers using .h.inc suffix
accel/tcg: Split out getpc.h
accel/tcg: Restrict GETPC_ADJ to 'tb-internal.h'
accel/tcg: Build tcg-accel-ops-mttcg.c once
accel/tcg: Build tcg-accel-ops-rr.c once
accel/tcg: Build tcg-accel-ops-icount.c once
accel/tcg: Build tcg-accel-ops.c once
system: Build watchpoint.c once
exec: Declare tlb_flush*() in 'exec/cputlb.h'
exec: Declare tlb_hit*() in 'exec/cputlb.h'
exec: Declare tlb_set_page() in 'exec/cputlb.h'
exec: Declare tlb_set_page_with_attrs() in 'exec/cputlb.h'
exec: Declare tlb_set_page_full() in 'exec/cputlb.h'
exec: Declare tlb_reset_dirty*() in 'exec/cputlb.h'
accel/tcg: Compile watchpoint.c once
include/exec: Split out exec/cpu-interrupt.h
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
qemu/atomic128: Include missing 'qemu/atomic.h' header
qatomic_cmpxchg__nocheck() is declared in "qemu/atomic.h".
Include it in order to avoid when refactoring unrelated headers:
In file included from ../../accel/tcg/tcg-runtime-gvec.c:22:
In file included from include/exec/helper-proto-common.h:10:
In file included from include/qemu/atomic128.h:61:
host/include/generic/host/atomic128-cas.h.inc:23:11: error: call to undeclared function 'qatomic_cmpxchg__nocheck'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
23 | r.i = qatomic_cmpxchg__nocheck(ptr_align, c.i, n.i);
| ^
1 error generated.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20241212141018.59428-4-philmd@linaro.org>
qemu/atomic: Rename atomic128-ldst.h headers using .h.inc suffix
Since commit 139c1837db ("meson: rename included C source files
to .c.inc"), QEMU standard procedure for included C files is to
use *.c.inc.
Besides, since commit 6a0057aa22 ("docs/devel: make a statement
about includes") this is documented in the Coding Style:
If you do use template header files they should be named with
the ``.c.inc`` or ``.h.inc`` suffix to make it clear they are
being included for expansion.
Therefore rename 'atomic128-ldst.h' as 'atomic128-ldst.h.inc'.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20241212141018.59428-3-philmd@linaro.org>
qemu/atomic: Rename atomic128-cas.h headers using .h.inc suffix
Since commit 139c1837db ("meson: rename included C source files
to .c.inc"), QEMU standard procedure for included C files is to
use *.c.inc.
Besides, since commit 6a0057aa22 ("docs/devel: make a statement
about includes") this is documented in the Coding Style:
If you do use template header files they should be named with
the ``.c.inc`` or ``.h.inc`` suffix to make it clear they are
being included for expansion.
Therefore rename 'atomic128-cas.h' as 'atomic128-cas.h.inc'.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20241212141018.59428-2-philmd@linaro.org>
GETPC_ADJ is only used within accel/tcg/, no need to
expose it to all the code base.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250308072348.65723-2-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Move tb_check_watchpoint declaration from tb-internal.h, which is
still target-specific, to internal-common.h, which isn't.
Otherwise, all that is required to build watchpoint.c once is
to include the new exec/cpu-interrupt.h instead of exec/exec-all.h.
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Some of these bits are actually common to all cpus; while the
reset have common reservations for target-specific usage.
While generic code cannot know what the target-specific usage is,
common code can know what to do with the bits, e.g. single-step.
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Stefan Hajnoczi [Sat, 8 Mar 2025 03:31:41 +0000 (11:31 +0800)]
Merge tag 'pull-target-arm-20250307' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* hw/arm/smmu-common: Remove the repeated ttb field
* hw/gpio: npcm7xx: fixup out-of-bounds access
* tests/functional/test_arm_sx1: Check whether the serial console is working
* target/arm: Fix minor bugs in generic timer register handling
* target/arm: Implement SEL2 physical and virtual timers
* target/arm: Correct STRD, LDRD atomicity and fault behaviour
* target/arm: Make dummy debug registers RAZ, not NOP
* util/qemu-timer.c: Don't warp timer from timerlist_rearm()
* include/exec/memop.h: Expand comment for MO_ATOM_SUBALIGN
* hw/arm/smmu: Introduce smmu_configs_inv_sid_range() helper
* target/rx: Set exception vector base to 0xffffff80
* target/rx: Remove TCG_CALL_NO_WG from helpers which write env
* tag 'pull-target-arm-20250307' of https://git.linaro.org/people/pmaydell/qemu-arm: (21 commits)
target/rx: Remove TCG_CALL_NO_WG from helpers which write env
target/rx: Set exception vector base to 0xffffff80
hw/arm/smmu: Introduce smmu_configs_inv_sid_range() helper
include/exec/memop.h: Expand comment for MO_ATOM_SUBALIGN
util/qemu-timer.c: Don't warp timer from timerlist_rearm()
target/arm: Make dummy debug registers RAZ, not NOP
target/arm: Drop unused address_offset from op_addr_{rr, ri}_post()
target/arm: Correct STRD atomicity
target/arm: Correct LDRD atomicity and fault behaviour
hw/arm: enable secure EL2 timers for sbsa machine
hw/arm: enable secure EL2 timers for virt machine
target/arm: Document the architectural names of our GTIMERs
target/arm: Implement SEL2 physical and virtual timers
target/arm: Refactor handling of timer offset for direct register accesses
target/arm: Always apply CNTVOFF_EL2 for CNTV_TVAL_EL02 accesses
target/arm: Make CNTPS_* UNDEF from Secure EL1 when Secure EL2 is enabled
target/arm: Don't apply CNTVOFF_EL2 for EL2_VIRT timer
target/arm: Apply correct timer offset when calculating deadlines
tests/functional/test_arm_sx1: Check whether the serial console is working
hw/gpio: npcm7xx: fixup out-of-bounds access
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'pull-request-2025-03-07' of https://gitlab.com/thuth/qemu:
s390x/pci: indicate QEMU supports relaxed translation for passthrough
s390x/pci: add support for guests that request direct mapping
MAINTAINERS: Add docs/devel/testing/functional.rst to the functional section
doc: add missing 'Asset' type in function test doc
tests/functional/test_virtio_balloon: Only use KVM for running this test
tests/functional: fix race in virtio balloon test
tests/functional: Increase the timeout of the mips64el_replay test
tests/functional/test_mips_malta: Add a network test via the pcnet NIC
tests/functional: Move the code for testing HTTP downloads to a common function
tests/functional: stop output from zstd command when uncompressing
tests/functional: drop unused 'get_tag' method
tests/functional: skip memaddr tests on 32-bit builds
tests/functional: reduce tuxrun maxmem to work on 32-bit hosts
tests/functional: set 'qemu_bin' as an object level field
tests/functional: remove unused 'bin_prefix' variable
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEKAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZ8pZ+gAKCRBAov/yOSY+
# 3ytAA/9OHCtGa35ZAFb4BrRQirs6cfjz9mSQDmjXzmt5/2mjhlm42chnfF5h0UR4
# puP2LuhpvomYsdCJDnznK8+9y9b34O5jcT8kd4jZ3Bo/fCczGPMqXy0a5lXc5IEE
# 7dHqZ+ksiCptHtBhoubfJzqiNDTMpgBUA2h855CUqIFhjkhDyA==
# =rUF7
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 07 Mar 2025 10:29:14 HKT
# gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF
# gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF
* tag 'pull-loongarch-20250307' of https://gitlab.com/gaosong/qemu:
target/loongarch: check tlb_ps
target/loongarch: fix 'make check-functional' failed
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
include/exec: Move TARGET_PAGE_{SIZE,MASK,BITS} to target_page.h
Re-use the TARGET_PAGE_BITS_VARY mechanism to define
TARGET_PAGE_SIZE and friends when not compiling per-target.
Inline qemu_target_page_{size,mask,bits} as they are now trivial.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
accel/tcg: Restrict CPU_TLB_DYN_*_BITS definitions to accel/tcg/
CPU_TLB_DYN_*_BITS definitions are only used by accel/tcg/cputlb.c
and accel/tcg/translate-all.c. Move them to accel/tcg/tb-internal.h.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250305191859.71608-1-philmd@linaro.org>
While qemu-system can set tb-size using -accel tcg,tb-size=n, there
is no similar knob for qemu-user. Add one in a way similar to how
one-insn-per-tb is already handled.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20240730215532.1442-1-iii@linux.ibm.com>
Alex Bennée [Thu, 6 Mar 2025 16:16:31 +0000 (16:16 +0000)]
meson.build: default to -gsplit-dwarf for debug info
This option is supported by both gcc (since 4.7) and clang (since
7.0). Not only does this make the linkers job easier by reducing the
amount of ELF it needs to parse it also reduces the total build size
quite considerably. In my case a default build went from 5.8G to
3.9G (vs 1.9G for --disable-debug-info).
The --disable-split-debug option allows distros to keep all the info
together for ease of packaging.
Keith Packard [Tue, 18 Feb 2025 21:21:01 +0000 (13:21 -0800)]
target/rx: Remove TCG_CALL_NO_WG from helpers which write env
Functions which modify TCG globals must not be marked TCG_CALL_NO_WG,
as that tells the optimizer that TCG global values already loaded in
machine registers are still valid, and so any changes which these
helpers make to the CPU state may be ignored.
The target/rx code chooses to put (among other things) all the PSW
bits and also ACC into globals, so the NO_WG flag on various
functions that touch the PSW or ACC is incorrect and must be removed.
This includes all the floating point helper functions, because
update_fpsw() will update PSW Z and S.
Signed-off-by: Keith Packard <keithp@keithp.com>
[PMM: Clarified commit message] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Keith Packard [Tue, 18 Feb 2025 21:21:00 +0000 (13:21 -0800)]
target/rx: Set exception vector base to 0xffffff80
The documentation says the vector is at 0xffffff80, instead of the
previous value of 0xffffffc0. That value must have been a bug because
the standard vector values (20, 21, 23, 25, 30) were all
past the end of the array.
Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use a similar terminology smmu_hash_remove_by_sid_range() as the one
being used for other hash table matching functions since
smmuv3_invalidate_ste() name is not self explanatory, and introduce a
helper that invokes the g_hash_table_foreach_remove.
No functional change intended.
Signed-off-by: JianChunfu <jansef.jian@hj-micro.com> Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20250228031438.3916-1-jansef.jian@hj-micro.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 28 Feb 2025 10:32:22 +0000 (10:32 +0000)]
include/exec/memop.h: Expand comment for MO_ATOM_SUBALIGN
Expand the example in the comment documenting MO_ATOM_SUBALIGN,
to be clearer about the atomicity guarantees it represents.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250228103222.1838913-1-peter.maydell@linaro.org
Peter Maydell [Mon, 10 Feb 2025 13:58:04 +0000 (13:58 +0000)]
util/qemu-timer.c: Don't warp timer from timerlist_rearm()
Currently we call icount_start_warp_timer() from timerlist_rearm().
This produces incorrect behaviour, because timerlist_rearm() is
called, for instance, when a timer callback modifies its timer. We
cannot decide here to warp the timer forwards to the next timer
deadline merely because all_cpu_threads_idle() is true, because the
timer callback we were called from (or some other callback later in
the list of callbacks being invoked) may be about to raise a CPU
interrupt and move a CPU from idle to ready.
The only valid place to choose to warp the timer forward is from the
main loop, when we know we have no outstanding IO or timer callbacks
that might be about to wake up a CPU.
For Arm guests, this bug was mostly latent until the refactoring
commit f6fc36deef6abc ("target/arm/helper: Implement
CNTHCTL_EL2.CNT[VP]MASK"), which exposed it because it refactored a
timer callback so that it happened to call timer_mod() first and
raise the interrupt second, when it had previously raised the
interrupt first and called timer_mod() afterwards.
This call seems to have originally derived from the
pre-record-and-replay icount code, which (as of e.g. commit db1a49726c3c in 2010) in this location did a call to
qemu_notify_event(), necessary to get the icount code in the vCPU
round-robin thread to stop and recalculate the icount deadline when a
timer was reprogrammed from the IO thread. In current QEMU,
everything is done on the vCPU thread when we are in icount mode, so
there's no need to try to notify another thread here.
I suspect that the other reason why this call was doing icount timer
warping is that it pre-dates commit efab87cf79077a from 2015, which
added a call to icount_start_warp_timer() to main_loop_wait(). Once
the call in timerlist_rearm() has been removed, if the timer
callbacks don't cause any CPU to be woken up then we will end up
calling icount_start_warp_timer() from main_loop_wait() when the rr
main loop code calls rr_wait_io_event().
Remove the incorrect call from timerlist_rearm().
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2703 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250210135804.3526943-1-peter.maydell@linaro.org
Peter Maydell [Fri, 28 Feb 2025 16:24:24 +0000 (16:24 +0000)]
target/arm: Make dummy debug registers RAZ, not NOP
In debug_helper.c we provide a few dummy versions of
debug registers:
* DBGVCR (AArch32 only): enable bits for vector-catch
debug events
* MDCCINT_EL1: interrupt enable bits for the DCC
debug communications channel
* DBGVCR32_EL2: the AArch64 accessor for the state in
DBGVCR
We implemented these only to stop Linux crashing on startup,
but we chose to implement them as ARM_CP_NOP. This worked
for Linux where it only cares about trying to write to these
registers, but is very confusing behaviour for anything that
wants to read the registers (perhaps for context state switches),
because the destination register will be left with whatever
random value it happened to have before the read.
Peter Maydell [Fri, 7 Mar 2025 10:08:22 +0000 (10:08 +0000)]
target/arm: Drop unused address_offset from op_addr_{rr, ri}_post()
All the callers of op_addr_rr_post() and op_addr_ri_post() now pass in
zero for the address_offset, so we can remove that argument.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250227142746.1698904-4-peter.maydell@linaro.org
Peter Maydell [Fri, 7 Mar 2025 10:08:21 +0000 (10:08 +0000)]
target/arm: Correct STRD atomicity
Our STRD implementation doesn't correctly implement the requirement:
* if the address is 8-aligned the access must be a 64-bit
single-copy atomic access, not two 32-bit accesses
Rewrite the handling of STRD to use a single tcg_gen_qemu_st_i64()
of a value produced by concatenating the two 32 bit source registers.
This allows us to get the atomicity right.
As with the LDRD change, now that we don't update 'addr' in the
course of performing the store we need to adjust the offset
we pass to op_addr_ri_post() and op_addr_rr_post().
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250227142746.1698904-3-peter.maydell@linaro.org
Peter Maydell [Fri, 7 Mar 2025 10:08:21 +0000 (10:08 +0000)]
target/arm: Correct LDRD atomicity and fault behaviour
Our LDRD implementation is wrong in two respects:
* if the address is 4-aligned and the load crosses a page boundary
and the second load faults and the first load was to the
base register (as in cases like "ldrd r2, r3, [r2]", then we
must not update the base register before taking the fault
* if the address is 8-aligned the access must be a 64-bit
single-copy atomic access, not two 32-bit accesses
Rewrite the handling of the loads in LDRD to use a single
tcg_gen_qemu_ld_i64() and split the result into the destination
registers. This allows us to get the atomicity requirements
right, and also implicitly means that we won't update the
base register too early for the page-crossing case.
Note that because we no longer increment 'addr' by 4 in the course of
performing the LDRD we must change the adjustment value we pass to
op_addr_ri_post() and op_addr_rr_post(): it no longer needs to
subtract 4 to get the correct value to use if doing base register
writeback.
STRD has the same problem with not getting the atomicity right;
we will deal with that in the following commit.
Cc: qemu-stable@nongnu.org Reported-by: Stu Grossman <stu.grossman@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250227142746.1698904-2-peter.maydell@linaro.org
Alex Bennée [Fri, 7 Mar 2025 10:08:21 +0000 (10:08 +0000)]
hw/arm: enable secure EL2 timers for sbsa machine
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250204125009.2281315-10-peter.maydell@linaro.org Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Fri, 7 Mar 2025 10:08:21 +0000 (10:08 +0000)]
hw/arm: enable secure EL2 timers for virt machine
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250204125009.2281315-9-peter.maydell@linaro.org Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Fri, 7 Mar 2025 10:08:21 +0000 (10:08 +0000)]
target/arm: Document the architectural names of our GTIMERs
As we are about to add more physical and virtual timers let's make it
clear what each timer does.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250204125009.2281315-8-peter.maydell@linaro.org
[PMM: Add timer register name prefix to each comment] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Fri, 7 Mar 2025 10:08:21 +0000 (10:08 +0000)]
target/arm: Implement SEL2 physical and virtual timers
When FEAT_SEL2 was implemented the SEL2 timers were missed. This
shows up when building the latest Hafnium with SPMC_AT_EL=2. The
actual implementation utilises the same logic as the rest of the
timers so all we need to do is:
- define the timers and their access functions
- conditionally add the correct system registers
- create a new accessfn as the rules are subtly different to the
existing secure timer
Fixes: e9152ee91c (target/arm: add ARMv8.4-SEL2 system registers) Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250204125009.2281315-7-peter.maydell@linaro.org Cc: qemu-stable@nongnu.org Cc: Andrei Homescu <ahomescu@google.com> Cc: Arve Hjønnevåg <arve@google.com> Cc: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
[PMM: CP_ACCESS_TRAP_UNCATEGORIZED -> CP_ACCESS_UNDEFINED;
offset logic now in gt_{indirect,direct}_access_timer_offset() ] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 7 Mar 2025 10:08:21 +0000 (10:08 +0000)]
target/arm: Refactor handling of timer offset for direct register accesses
When reading or writing the timer registers, sometimes we need to
apply one of the timer offsets. Specifically, this happens for
direct reads of the counter registers CNTPCT_EL0 and CNTVCT_EL0 (and
their self-synchronized variants CNTVCTSS_EL0 and CNTPCTSS_EL0). It
also applies for direct reads and writes of the CNT*_TVAL_EL*
registers that provide the 32-bit downcounting view of each timer.
We currently do this with duplicated code in gt_tval_read() and
gt_tval_write() and a special-case in gt_virt_cnt_read() and
gt_cnt_read(). Refactor this so that we handle it all in a single
function gt_direct_access_timer_offset(), to parallel how we handle
the offset for indirect accesses.
The call in the WFIT helper previously to gt_virt_cnt_offset() is
now to gt_direct_access_timer_offset(); this is the correct
behaviour, but it's not immediately obvious that it shouldn't be
considered an indirect access, so we add an explanatory comment.
This commit should make no behavioural changes.
(Cc to stable because the following bugfix commit will
depend on this one.)
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250204125009.2281315-6-peter.maydell@linaro.org
Peter Maydell [Fri, 7 Mar 2025 10:08:20 +0000 (10:08 +0000)]
target/arm: Always apply CNTVOFF_EL2 for CNTV_TVAL_EL02 accesses
Currently we handle CNTV_TVAL_EL02 by calling gt_tval_read() for the
EL1 virt timer. This is almost correct, but the underlying
CNTV_TVAL_EL0 register behaves slightly differently. CNTV_TVAL_EL02
always applies the CNTVOFF_EL2 offset; CNTV_TVAL_EL0 doesn't do so if
we're at EL2 and HCR_EL2.E2H is 1.
We were getting this wrong, because we ended up in
gt_virt_cnt_offset() and did the E2H check.
Factor out the tval read/write calculation from the selection of the
offset, so that we can special case gt_virt_tval_read() and
gt_virt_tval_write() to unconditionally pass CNTVOFF_EL2.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250204125009.2281315-5-peter.maydell@linaro.org
Peter Maydell [Fri, 7 Mar 2025 10:08:20 +0000 (10:08 +0000)]
target/arm: Make CNTPS_* UNDEF from Secure EL1 when Secure EL2 is enabled
When we added Secure EL2 support, we missed that this needs an update
to the access code for the EL3 physical timer registers. These are
supposed to UNDEF from Secure EL1 when Secure EL2 is enabled.
(Note for stable backporting: for backports to branches where
CP_ACCESS_UNDEFINED is not defined, the old name to use instead
is CP_ACCESS_TRAP_UNCATEGORIZED.)
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250204125009.2281315-4-peter.maydell@linaro.org
Peter Maydell [Fri, 7 Mar 2025 10:08:20 +0000 (10:08 +0000)]
target/arm: Don't apply CNTVOFF_EL2 for EL2_VIRT timer
The CNTVOFF_EL2 offset register should only be applied for accessses
to CNTVCT_EL0 and for the EL1 virtual timer (CNTV_*). We were
incorrectly applying it for the EL2 virtual timer (CNTHV_*).
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250204125009.2281315-3-peter.maydell@linaro.org
Peter Maydell [Fri, 7 Mar 2025 10:08:19 +0000 (10:08 +0000)]
target/arm: Apply correct timer offset when calculating deadlines
When we are calculating timer deadlines, the correct definition of
whether or not to apply an offset to the physical count is described
in the Arm ARM DDI4087 rev L.a section D12.2.4.1. This is different
from when the offset should be applied for a direct read of the
counter sysreg.
We got this right for the EL1 physical timer and for the EL1 virtual
timer, but got all the rest wrong: they should be using a zero offset
always.
Factor the offset calculation out into a function that has a comment
documenting exactly which offset it is calculating and which gets the
HYP, SEC, and HYPVIRT cases right.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250204125009.2281315-2-peter.maydell@linaro.org
Thomas Huth [Fri, 7 Mar 2025 10:08:19 +0000 (10:08 +0000)]
tests/functional/test_arm_sx1: Check whether the serial console is working
The kernel that is used in the sx1 test prints the usual Linux log
onto the serial console, but this test currently ignores it. To
make sure that the serial device is working properly, let's check
for some strings in the output here.
While we're at it, also add the test to the corresponding section
in the MAINTAINERS file.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250226104833.1176253-1-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Patrick Venture [Fri, 7 Mar 2025 10:08:19 +0000 (10:08 +0000)]
hw/gpio: npcm7xx: fixup out-of-bounds access
The reg isn't validated to be a possible register before
it's dereferenced for one case. The mmio space registered
for the gpio device is 4KiB but there aren't that many
registers in the struct.
Cc: qemu-stable@nongnu.org Fixes: 526dbbe0874 ("hw/gpio: Add GPIO model for Nuvoton NPCM7xx") Signed-off-by: Patrick Venture <venture@google.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250226024603.493148-1-venture@google.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Matthew Rosato [Wed, 26 Feb 2025 21:00:13 +0000 (16:00 -0500)]
s390x/pci: indicate QEMU supports relaxed translation for passthrough
Specifying this bit in the guest CLP response indicates that the guest
can optionally choose to skip translation and instead use
identity-mapped operations.
Tested-by: Niklas Schnelle <schnelle@linux.ibm.com> Reviewed-by: Niklas Schnelle <schnelle@linux.ibm.com> Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Message-ID: <20250226210013.238349-3-mjrosato@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Matthew Rosato [Wed, 26 Feb 2025 21:00:12 +0000 (16:00 -0500)]
s390x/pci: add support for guests that request direct mapping
When receiving a guest mpcifc(4) or mpcifc(6) instruction without the T
bit set, treat this as a request to perform direct mapping instead of
address translation. In order to facilitate this, pin the entirety of
guest memory into the host iommu.
Pinning for the direct mapping case is handled via vfio and its memory
listener. Additionally, ram discard settings are inherited from vfio:
coordinated discards (e.g. virtio-mem) are allowed while uncoordinated
discards (e.g. virtio-balloon) are disabled.
Subsequent guest DMA operations are all expected to be of the format
guest_phys+sdma, allowing them to be used as lookup into the host
iommu table.
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com>
Message-ID: <20250226210013.238349-2-mjrosato@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
projects / people / aperard / qemu-dm.git / log