[Qemu-devel] [PULL 00/16] target-arm queue
[PULL 0/8] target-arm queue
1
The following changes since commit ad1b4ec39caa5b3f17cbd8160283a03a3dcfe2ae:
1
The following changes since commit aa9e7fa4689d1becb2faf67f65aafcbcf664f1ce:
2
2
3
Merge remote-tracking branch 'remotes/kraxel/tags/input-20180515-pull-request' into staging (2018-05-15 12:50:06 +0100)
3
Merge tag 'edk2-stable202302-20230320-pull-request' of https://gitlab.com/kraxel/qemu into staging (2023-03-20 13:43:35 +0000)
4
4
5
are available in the Git repository at:
5
are available in the Git repository at:
6
6
7
git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180515
7
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230321
8
8
9
for you to fetch changes up to ae7651804748c6b479d5ae09aeac4edb9c44f76e:
9
for you to fetch changes up to 5787d17a42f7af4bd117e5d6bfa54b1fdf93c255:
10
10
11
tcg: Optionally log FPU state in TCG -d cpu logging (2018-05-15 14:58:44 +0100)
11
target/arm: Don't advertise aarch64-pauth.xml to gdb (2023-03-21 13:19:08 +0000)
12
12
13
----------------------------------------------------------------
13
----------------------------------------------------------------
14
target-arm queue:
14
target-arm queue:
15
* Fix coverity nit in int_to_float code
15
* contrib/elf2dmp: Support Windows Server 2022
16
* Don't set Invalid for float-to-int(MAXINT)
16
* hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
17
* Fix fp_status_f16 tininess before rounding
17
* target/arm: Add Neoverse-N1 IMPDEF registers
18
* Add various missing insns from the v8.2-FP16 extension
18
* hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
19
* Fix sqrt_f16 exception raising
19
* docs/system/arm/cpu-features.rst: Fix formatting
20
* sdcard: Correct CRC16 offset in sd_function_switch()
20
* target/arm: Don't advertise aarch64-pauth.xml to gdb
21
* tcg: Optionally log FPU state in TCG -d cpu logging
22
21
23
----------------------------------------------------------------
22
----------------------------------------------------------------
24
Alex Bennée (5):
23
Chen Baozi (1):
25
fpu/softfloat: int_to_float ensure r fully initialised
24
target/arm: Add Neoverse-N1 registers
26
target/arm: Implement FCMP for fp16
25
27
target/arm: Implement FCSEL for fp16
26
Guenter Roeck (1):
28
target/arm: Implement FMOV (immediate) for fp16
27
hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
29
target/arm: Fix sqrt_f16 exception raising
30
28
31
Peter Maydell (3):
29
Peter Maydell (3):
32
fpu/softfloat: Don't set Invalid for float-to-int(MAXINT)
30
hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
33
target/arm: Fix fp_status_f16 tininess before rounding
31
docs/system/arm/cpu-features.rst: Fix formatting
34
tcg: Optionally log FPU state in TCG -d cpu logging
32
target/arm: Don't advertise aarch64-pauth.xml to gdb
35
33
36
Philippe Mathieu-Daudé (1):
34
Viktor Prutyanov (3):
37
sdcard: Correct CRC16 offset in sd_function_switch()
35
contrib/elf2dmp: fix code style
36
contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry
37
contrib/elf2dmp: add PE name check and Windows Server 2022 support
38
38
39
Richard Henderson (7):
39
docs/system/arm/cpu-features.rst | 68 ++++++++++-------------
40
target/arm: Implement FMOV (general) for fp16
40
contrib/elf2dmp/pe.h | 115 ++++++++++++++++++++++-----------------
41
target/arm: Early exit after unallocated_encoding in disas_fp_int_conv
41
contrib/elf2dmp/addrspace.c | 1 +
42
target/arm: Implement FCVT (scalar, integer) for fp16
42
contrib/elf2dmp/main.c | 108 ++++++++++++++++++++++++------------
43
target/arm: Implement FCVT (scalar, fixed-point) for fp16
43
hw/char/cadence_uart.c | 6 +-
44
target/arm: Introduce and use read_fp_hreg
44
hw/usb/imx-usb-phy.c | 19 ++++++-
45
target/arm: Implement FP data-processing (2 source) for fp16
45
target/arm/cpu64.c | 69 +++++++++++++++++++++++
46
target/arm: Implement FP data-processing (3 source) for fp16
46
target/arm/gdbstub.c | 7 +++
47
47
8 files changed, 267 insertions(+), 126 deletions(-)
48
include/qemu/log.h | 1 +
49
target/arm/helper-a64.h | 2 +
50
target/arm/helper.h | 6 +
51
accel/tcg/cpu-exec.c | 9 +-
52
fpu/softfloat.c | 6 +-
53
hw/sd/sd.c | 2 +-
54
target/arm/cpu.c | 2 +
55
target/arm/helper-a64.c | 10 ++
56
target/arm/helper.c | 38 +++-
57
target/arm/translate-a64.c | 421 ++++++++++++++++++++++++++++++++++++++-------
58
util/log.c | 2 +
59
11 files changed, 428 insertions(+), 71 deletions(-)
60
diff view generated by jsdifflib
[Qemu-devel] [PULL 01/16] fpu/softfloat: int_to_float ensure r fully initialised
Deleted patch
1
From: Alex Bennée <alex.bennee@linaro.org>
2
1
3
Reported by Coverity (CID1390635). We ensure this for uint_to_float
4
later on so we might as well mirror that.
5
6
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
fpu/softfloat.c | 2 +-
12
1 file changed, 1 insertion(+), 1 deletion(-)
13
14
diff --git a/fpu/softfloat.c b/fpu/softfloat.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/fpu/softfloat.c
17
+++ b/fpu/softfloat.c
18
@@ -XXX,XX +XXX,XX @@ FLOAT_TO_UINT(64, 64)
19
20
static FloatParts int_to_float(int64_t a, float_status *status)
21
{
22
- FloatParts r;
23
+ FloatParts r = {};
24
if (a == 0) {
25
r.cls = float_class_zero;
26
r.sign = false;
27
--
28
2.17.0
29
30
diff view generated by jsdifflib
[Qemu-devel] [PULL 02/16] fpu/softfloat: Don't set Invalid for float-to-int(MAXINT)
Deleted patch
1
In float-to-integer conversion, if the floating point input
2
converts exactly to the largest or smallest integer that
3
fits in to the result type, this is not an overflow.
4
In this situation we were producing the correct result value,
5
but were incorrectly setting the Invalid flag.
6
For example for Arm A64, "FCVTAS w0, d0" on an input of
7
0x41dfffffffc00000 should produce 0x7fffffff and set no flags.
8
1
9
Fix the boundary case to take the right half of the if()
10
statements.
11
12
This fixes a regression from 2.11 introduced by the softfloat
13
refactoring.
14
15
Cc: qemu-stable@nongnu.org
16
Fixes: ab52f973a50
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
19
Message-id: 20180510140141.12120-1-peter.maydell@linaro.org
20
---
21
fpu/softfloat.c | 4 ++--
22
1 file changed, 2 insertions(+), 2 deletions(-)
23
24
diff --git a/fpu/softfloat.c b/fpu/softfloat.c
25
index XXXXXXX..XXXXXXX 100644
26
--- a/fpu/softfloat.c
27
+++ b/fpu/softfloat.c
28
@@ -XXX,XX +XXX,XX @@ static int64_t round_to_int_and_pack(FloatParts in, int rmode,
29
r = UINT64_MAX;
30
}
31
if (p.sign) {
32
- if (r < -(uint64_t) min) {
33
+ if (r <= -(uint64_t) min) {
34
return -r;
35
} else {
36
s->float_exception_flags = orig_flags | float_flag_invalid;
37
return min;
38
}
39
} else {
40
- if (r < max) {
41
+ if (r <= max) {
42
return r;
43
} else {
44
s->float_exception_flags = orig_flags | float_flag_invalid;
45
--
46
2.17.0
47
48
diff view generated by jsdifflib
[Qemu-devel] [PULL 03/16] target/arm: Fix fp_status_f16 tininess before rounding
Deleted patch
1
In commit d81ce0ef2c4f105 we added an extra float_status field
2
fp_status_fp16 for Arm, but forgot to initialize it correctly
3
by setting it to float_tininess_before_rounding. This currently
4
will only cause problems for the new V8_FP16 feature, since the
5
float-to-float conversion code doesn't use it yet. The effect
6
would be that we failed to set the Underflow IEEE exception flag
7
in all the cases where we should.
8
1
9
Add the missing initialization.
10
11
Fixes: d81ce0ef2c4f105
12
Cc: qemu-stable@nongnu.org
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
14
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Message-id: 20180512004311.9299-16-richard.henderson@linaro.org
17
---
18
target/arm/cpu.c | 2 ++
19
1 file changed, 2 insertions(+)
20
21
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
22
index XXXXXXX..XXXXXXX 100644
23
--- a/target/arm/cpu.c
24
+++ b/target/arm/cpu.c
25
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(CPUState *s)
26
&env->vfp.fp_status);
27
set_float_detect_tininess(float_tininess_before_rounding,
28
&env->vfp.standard_fp_status);
29
+ set_float_detect_tininess(float_tininess_before_rounding,
30
+ &env->vfp.fp_status_f16);
31
#ifndef CONFIG_USER_ONLY
32
if (kvm_enabled()) {
33
kvm_arm_reset_vcpu(cpu);
34
--
35
2.17.0
36
37
diff view generated by jsdifflib
[Qemu-devel] [PULL 11/16] target/arm: Implement FCMP for fp16
[PULL 1/8] target/arm: Add Neoverse-N1 registers
1
From: Alex Bennée <alex.bennee@linaro.org>
1
From: Chen Baozi <chenbaozi@phytium.com.cn>
2
2
3
These where missed out from the rest of the half-precision work.
3
Add implementation defined registers for neoverse-n1 which
4
would be accessed by TF-A. Since there is no DSU in Qemu,
5
CPUCFR_EL1.SCU bit is set to 1 to avoid DSU registers definition.
4
6
5
Cc: qemu-stable@nongnu.org
7
Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
9
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
8
Tested-by: Alex Bennée <alex.bennee@linaro.org>
10
Message-id: 20230313033936.585669-1-chenbaozi@phytium.com.cn
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20180512003217.9105-9-richard.henderson@linaro.org
11
[rth: Diagnose lack of FP16 before fp_access_check]
12
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
12
---
15
target/arm/helper-a64.h | 2 +
13
target/arm/cpu64.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++
16
target/arm/helper-a64.c | 10 +++++
14
1 file changed, 69 insertions(+)
17
target/arm/translate-a64.c | 88 ++++++++++++++++++++++++++++++--------
18
3 files changed, 83 insertions(+), 17 deletions(-)
19
15
20
diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h
16
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
21
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
22
--- a/target/arm/helper-a64.h
18
--- a/target/arm/cpu64.c
23
+++ b/target/arm/helper-a64.h
19
+++ b/target/arm/cpu64.c
24
@@ -XXX,XX +XXX,XX @@
20
@@ -XXX,XX +XXX,XX @@
25
DEF_HELPER_FLAGS_2(udiv64, TCG_CALL_NO_RWG_SE, i64, i64, i64)
21
#include "qemu/osdep.h"
26
DEF_HELPER_FLAGS_2(sdiv64, TCG_CALL_NO_RWG_SE, s64, s64, s64)
22
#include "qapi/error.h"
27
DEF_HELPER_FLAGS_1(rbit64, TCG_CALL_NO_RWG_SE, i64, i64)
23
#include "cpu.h"
28
+DEF_HELPER_3(vfp_cmph_a64, i64, f16, f16, ptr)
24
+#include "cpregs.h"
29
+DEF_HELPER_3(vfp_cmpeh_a64, i64, f16, f16, ptr)
25
#include "qemu/module.h"
30
DEF_HELPER_3(vfp_cmps_a64, i64, f32, f32, ptr)
26
#include "sysemu/kvm.h"
31
DEF_HELPER_3(vfp_cmpes_a64, i64, f32, f32, ptr)
27
#include "sysemu/hvf.h"
32
DEF_HELPER_3(vfp_cmpd_a64, i64, f64, f64, ptr)
28
@@ -XXX,XX +XXX,XX @@ static void aarch64_a64fx_initfn(Object *obj)
33
diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
29
/* TODO: Add A64FX specific HPC extension registers */
34
index XXXXXXX..XXXXXXX 100644
35
--- a/target/arm/helper-a64.c
36
+++ b/target/arm/helper-a64.c
37
@@ -XXX,XX +XXX,XX @@ static inline uint32_t float_rel_to_flags(int res)
38
return flags;
39
}
30
}
40
31
41
+uint64_t HELPER(vfp_cmph_a64)(float16 x, float16 y, void *fp_status)
32
+static const ARMCPRegInfo neoverse_n1_cp_reginfo[] = {
33
+ { .name = "ATCR_EL1", .state = ARM_CP_STATE_AA64,
34
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 7, .opc2 = 0,
35
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
36
+ { .name = "ATCR_EL2", .state = ARM_CP_STATE_AA64,
37
+ .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 0,
38
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
39
+ { .name = "ATCR_EL3", .state = ARM_CP_STATE_AA64,
40
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 7, .opc2 = 0,
41
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
42
+ { .name = "ATCR_EL12", .state = ARM_CP_STATE_AA64,
43
+ .opc0 = 3, .opc1 = 5, .crn = 15, .crm = 7, .opc2 = 0,
44
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
45
+ { .name = "AVTCR_EL2", .state = ARM_CP_STATE_AA64,
46
+ .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 1,
47
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
48
+ { .name = "CPUACTLR_EL1", .state = ARM_CP_STATE_AA64,
49
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 0,
50
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
51
+ { .name = "CPUACTLR2_EL1", .state = ARM_CP_STATE_AA64,
52
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 1,
53
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
54
+ { .name = "CPUACTLR3_EL1", .state = ARM_CP_STATE_AA64,
55
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 2,
56
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
57
+ /*
58
+ * Report CPUCFR_EL1.SCU as 1, as we do not implement the DSU
59
+ * (and in particular its system registers).
60
+ */
61
+ { .name = "CPUCFR_EL1", .state = ARM_CP_STATE_AA64,
62
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 0, .opc2 = 0,
63
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 4 },
64
+ { .name = "CPUECTLR_EL1", .state = ARM_CP_STATE_AA64,
65
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 4,
66
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0x961563010 },
67
+ { .name = "CPUPCR_EL3", .state = ARM_CP_STATE_AA64,
68
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 1,
69
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
70
+ { .name = "CPUPMR_EL3", .state = ARM_CP_STATE_AA64,
71
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 3,
72
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
73
+ { .name = "CPUPOR_EL3", .state = ARM_CP_STATE_AA64,
74
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 2,
75
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
76
+ { .name = "CPUPSELR_EL3", .state = ARM_CP_STATE_AA64,
77
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 0,
78
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
79
+ { .name = "CPUPWRCTLR_EL1", .state = ARM_CP_STATE_AA64,
80
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 7,
81
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
82
+ { .name = "ERXPFGCDN_EL1", .state = ARM_CP_STATE_AA64,
83
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 2,
84
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
85
+ { .name = "ERXPFGCTL_EL1", .state = ARM_CP_STATE_AA64,
86
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 1,
87
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
88
+ { .name = "ERXPFGF_EL1", .state = ARM_CP_STATE_AA64,
89
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 0,
90
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
91
+};
92
+
93
+static void define_neoverse_n1_cp_reginfo(ARMCPU *cpu)
42
+{
94
+{
43
+ return float_rel_to_flags(float16_compare_quiet(x, y, fp_status));
95
+ define_arm_cp_regs(cpu, neoverse_n1_cp_reginfo);
44
+}
96
+}
45
+
97
+
46
+uint64_t HELPER(vfp_cmpeh_a64)(float16 x, float16 y, void *fp_status)
98
static void aarch64_neoverse_n1_initfn(Object *obj)
47
+{
99
{
48
+ return float_rel_to_flags(float16_compare(x, y, fp_status));
100
ARMCPU *cpu = ARM_CPU(obj);
49
+}
101
@@ -XXX,XX +XXX,XX @@ static void aarch64_neoverse_n1_initfn(Object *obj)
102
103
/* From D5.1 AArch64 PMU register summary */
104
cpu->isar.reset_pmcr_el0 = 0x410c3000;
50
+
105
+
51
uint64_t HELPER(vfp_cmps_a64)(float32 x, float32 y, void *fp_status)
106
+ define_neoverse_n1_cp_reginfo(cpu);
52
{
53
return float_rel_to_flags(float32_compare_quiet(x, y, fp_status));
54
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
55
index XXXXXXX..XXXXXXX 100644
56
--- a/target/arm/translate-a64.c
57
+++ b/target/arm/translate-a64.c
58
@@ -XXX,XX +XXX,XX @@ static void disas_data_proc_reg(DisasContext *s, uint32_t insn)
59
}
60
}
107
}
61
108
62
-static void handle_fp_compare(DisasContext *s, bool is_double,
109
static void aarch64_host_initfn(Object *obj)
63
+static void handle_fp_compare(DisasContext *s, int size,
64
unsigned int rn, unsigned int rm,
65
bool cmp_with_zero, bool signal_all_nans)
66
{
67
TCGv_i64 tcg_flags = tcg_temp_new_i64();
68
- TCGv_ptr fpst = get_fpstatus_ptr(false);
69
+ TCGv_ptr fpst = get_fpstatus_ptr(size == MO_16);
70
71
- if (is_double) {
72
+ if (size == MO_64) {
73
TCGv_i64 tcg_vn, tcg_vm;
74
75
tcg_vn = read_fp_dreg(s, rn);
76
@@ -XXX,XX +XXX,XX @@ static void handle_fp_compare(DisasContext *s, bool is_double,
77
tcg_temp_free_i64(tcg_vn);
78
tcg_temp_free_i64(tcg_vm);
79
} else {
80
- TCGv_i32 tcg_vn, tcg_vm;
81
+ TCGv_i32 tcg_vn = tcg_temp_new_i32();
82
+ TCGv_i32 tcg_vm = tcg_temp_new_i32();
83
84
- tcg_vn = read_fp_sreg(s, rn);
85
+ read_vec_element_i32(s, tcg_vn, rn, 0, size);
86
if (cmp_with_zero) {
87
- tcg_vm = tcg_const_i32(0);
88
+ tcg_gen_movi_i32(tcg_vm, 0);
89
} else {
90
- tcg_vm = read_fp_sreg(s, rm);
91
+ read_vec_element_i32(s, tcg_vm, rm, 0, size);
92
}
93
- if (signal_all_nans) {
94
- gen_helper_vfp_cmpes_a64(tcg_flags, tcg_vn, tcg_vm, fpst);
95
- } else {
96
- gen_helper_vfp_cmps_a64(tcg_flags, tcg_vn, tcg_vm, fpst);
97
+
98
+ switch (size) {
99
+ case MO_32:
100
+ if (signal_all_nans) {
101
+ gen_helper_vfp_cmpes_a64(tcg_flags, tcg_vn, tcg_vm, fpst);
102
+ } else {
103
+ gen_helper_vfp_cmps_a64(tcg_flags, tcg_vn, tcg_vm, fpst);
104
+ }
105
+ break;
106
+ case MO_16:
107
+ if (signal_all_nans) {
108
+ gen_helper_vfp_cmpeh_a64(tcg_flags, tcg_vn, tcg_vm, fpst);
109
+ } else {
110
+ gen_helper_vfp_cmph_a64(tcg_flags, tcg_vn, tcg_vm, fpst);
111
+ }
112
+ break;
113
+ default:
114
+ g_assert_not_reached();
115
}
116
+
117
tcg_temp_free_i32(tcg_vn);
118
tcg_temp_free_i32(tcg_vm);
119
}
120
@@ -XXX,XX +XXX,XX @@ static void handle_fp_compare(DisasContext *s, bool is_double,
121
static void disas_fp_compare(DisasContext *s, uint32_t insn)
122
{
123
unsigned int mos, type, rm, op, rn, opc, op2r;
124
+ int size;
125
126
mos = extract32(insn, 29, 3);
127
- type = extract32(insn, 22, 2); /* 0 = single, 1 = double */
128
+ type = extract32(insn, 22, 2);
129
rm = extract32(insn, 16, 5);
130
op = extract32(insn, 14, 2);
131
rn = extract32(insn, 5, 5);
132
opc = extract32(insn, 3, 2);
133
op2r = extract32(insn, 0, 3);
134
135
- if (mos || op || op2r || type > 1) {
136
+ if (mos || op || op2r) {
137
+ unallocated_encoding(s);
138
+ return;
139
+ }
140
+
141
+ switch (type) {
142
+ case 0:
143
+ size = MO_32;
144
+ break;
145
+ case 1:
146
+ size = MO_64;
147
+ break;
148
+ case 3:
149
+ size = MO_16;
150
+ if (arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
151
+ break;
152
+ }
153
+ /* fallthru */
154
+ default:
155
unallocated_encoding(s);
156
return;
157
}
158
@@ -XXX,XX +XXX,XX @@ static void disas_fp_compare(DisasContext *s, uint32_t insn)
159
return;
160
}
161
162
- handle_fp_compare(s, type, rn, rm, opc & 1, opc & 2);
163
+ handle_fp_compare(s, size, rn, rm, opc & 1, opc & 2);
164
}
165
166
/* Floating point conditional compare
167
@@ -XXX,XX +XXX,XX @@ static void disas_fp_ccomp(DisasContext *s, uint32_t insn)
168
unsigned int mos, type, rm, cond, rn, op, nzcv;
169
TCGv_i64 tcg_flags;
170
TCGLabel *label_continue = NULL;
171
+ int size;
172
173
mos = extract32(insn, 29, 3);
174
- type = extract32(insn, 22, 2); /* 0 = single, 1 = double */
175
+ type = extract32(insn, 22, 2);
176
rm = extract32(insn, 16, 5);
177
cond = extract32(insn, 12, 4);
178
rn = extract32(insn, 5, 5);
179
op = extract32(insn, 4, 1);
180
nzcv = extract32(insn, 0, 4);
181
182
- if (mos || type > 1) {
183
+ if (mos) {
184
+ unallocated_encoding(s);
185
+ return;
186
+ }
187
+
188
+ switch (type) {
189
+ case 0:
190
+ size = MO_32;
191
+ break;
192
+ case 1:
193
+ size = MO_64;
194
+ break;
195
+ case 3:
196
+ size = MO_16;
197
+ if (arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
198
+ break;
199
+ }
200
+ /* fallthru */
201
+ default:
202
unallocated_encoding(s);
203
return;
204
}
205
@@ -XXX,XX +XXX,XX @@ static void disas_fp_ccomp(DisasContext *s, uint32_t insn)
206
gen_set_label(label_match);
207
}
208
209
- handle_fp_compare(s, type, rn, rm, false, op);
210
+ handle_fp_compare(s, size, rn, rm, false, op);
211
212
if (cond < 0x0e) {
213
gen_set_label(label_continue);
214
--
110
--
215
2.17.0
111
2.34.1
216
217
diff view generated by jsdifflib
[Qemu-devel] [PULL 16/16] tcg: Optionally log FPU state in TCG -d cpu logging
[PULL 2/8] hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
1
Usually the logging of the CPU state produced by -d cpu is sufficient
1
The cadence UART attempts to avoid allowing the guest to set invalid
2
to diagnose problems, but sometimes you want to see the state of
2
baud rate register values in the uart_write() function. However it
3
the floating point registers as well. We don't want to enable that
3
does the "mask to the size of the register field" and "check for
4
by default as it adds a lot of extra data to the log; instead,
4
invalid values" in the wrong order, which means that a malicious
5
allow it to be optionally enabled via -d fpu.
5
guest can get a bogus value into the register by setting also some
6
high bits in the value, and cause QEMU to crash by division-by-zero.
6
7
8
Do the mask before the bounds check instead of afterwards.
9
10
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1493
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Reviewed-by: Thomas Huth <thuth@redhat.com>
9
Message-id: 20180510130024.31678-1-peter.maydell@linaro.org
13
Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com>
14
Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
15
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
16
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
17
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
18
Message-id: 20230314170804.1196232-1-peter.maydell@linaro.org
10
---
19
---
11
include/qemu/log.h | 1 +
20
hw/char/cadence_uart.c | 6 ++++--
12
accel/tcg/cpu-exec.c | 9 ++++++---
21
1 file changed, 4 insertions(+), 2 deletions(-)
13
util/log.c | 2 ++
14
3 files changed, 9 insertions(+), 3 deletions(-)
15
22
16
diff --git a/include/qemu/log.h b/include/qemu/log.h
23
diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
17
index XXXXXXX..XXXXXXX 100644
24
index XXXXXXX..XXXXXXX 100644
18
--- a/include/qemu/log.h
25
--- a/hw/char/cadence_uart.c
19
+++ b/include/qemu/log.h
26
+++ b/hw/char/cadence_uart.c
20
@@ -XXX,XX +XXX,XX @@ static inline bool qemu_log_separate(void)
27
@@ -XXX,XX +XXX,XX @@ static MemTxResult uart_write(void *opaque, hwaddr offset,
21
#define CPU_LOG_PAGE (1 << 14)
28
}
22
/* LOG_TRACE (1 << 15) is defined in log-for-trace.h */
29
break;
23
#define CPU_LOG_TB_OP_IND (1 << 16)
30
case R_BRGR: /* Baud rate generator */
24
+#define CPU_LOG_TB_FPU (1 << 17)
31
+ value &= 0xffff;
25
32
if (value >= 0x01) {
26
/* Lock output for a series of related logs. Since this is not needed
33
- s->r[offset] = value & 0xFFFF;
27
* for a single qemu_log / qemu_log_mask / qemu_log_mask_and_addr, we
34
+ s->r[offset] = value;
28
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
35
}
29
index XXXXXXX..XXXXXXX 100644
36
break;
30
--- a/accel/tcg/cpu-exec.c
37
case R_BDIV: /* Baud rate divider */
31
+++ b/accel/tcg/cpu-exec.c
38
+ value &= 0xff;
32
@@ -XXX,XX +XXX,XX @@ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, TranslationBlock *itb)
39
if (value >= 0x04) {
33
if (qemu_loglevel_mask(CPU_LOG_TB_CPU)
40
- s->r[offset] = value & 0xFF;
34
&& qemu_log_in_addr_range(itb->pc)) {
41
+ s->r[offset] = value;
35
qemu_log_lock();
42
}
36
+ int flags = 0;
43
break;
37
+ if (qemu_loglevel_mask(CPU_LOG_TB_FPU)) {
44
default:
38
+ flags |= CPU_DUMP_FPU;
39
+ }
40
#if defined(TARGET_I386)
41
- log_cpu_state(cpu, CPU_DUMP_CCOP);
42
-#else
43
- log_cpu_state(cpu, 0);
44
+ flags |= CPU_DUMP_CCOP;
45
#endif
46
+ log_cpu_state(cpu, flags);
47
qemu_log_unlock();
48
}
49
#endif /* DEBUG_DISAS */
50
diff --git a/util/log.c b/util/log.c
51
index XXXXXXX..XXXXXXX 100644
52
--- a/util/log.c
53
+++ b/util/log.c
54
@@ -XXX,XX +XXX,XX @@ const QEMULogItem qemu_log_items[] = {
55
"show trace before each executed TB (lots of logs)" },
56
{ CPU_LOG_TB_CPU, "cpu",
57
"show CPU registers before entering a TB (lots of logs)" },
58
+ { CPU_LOG_TB_FPU, "fpu",
59
+ "include FPU registers in the 'cpu' logging" },
60
{ CPU_LOG_MMU, "mmu",
61
"log MMU-related activities" },
62
{ CPU_LOG_PCALL, "pcall",
63
--
45
--
64
2.17.0
46
2.34.1
65
47
66
48
diff view generated by jsdifflib
[Qemu-devel] [PULL 15/16] sdcard: Correct CRC16 offset in sd_function_switch()
[PULL 3/8] contrib/elf2dmp: fix code style
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Viktor Prutyanov <viktor@daynix.com>
2
2
3
Per the Physical Layer Simplified Spec. "4.3.10.4 Switch Function Status":
3
Originally elf2dmp were added with some code style issues,
4
especially in pe.h header, and some were introduced by
5
2d0fc797faaa73fbc1d30f5f9e90407bf3dd93f0. Fix them now.
4
6
5
The block length is predefined to 512 bits
7
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
6
8
Reviewed-by: Annie Li <annie.li@oracle.com>
7
and "4.10.2 SD Status":
9
Message-id: 20230222211246.883679-2-viktor@daynix.com
8
9
The SD Status contains status bits that are related to the SD Memory Card
10
proprietary features and may be used for future application-specific usage.
11
The size of the SD Status is one data block of 512 bit. The content of this
12
register is transmitted to the Host over the DAT bus along with a 16-bit CRC.
13
14
Thus the 16-bit CRC goes at offset 64.
15
16
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
17
Message-id: 20180509060104.4458-3-f4bug@amsat.org
18
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
---
11
---
21
hw/sd/sd.c | 2 +-
12
contrib/elf2dmp/pe.h | 100 ++++++++++++++++++------------------
22
1 file changed, 1 insertion(+), 1 deletion(-)
13
contrib/elf2dmp/addrspace.c | 1 +
14
contrib/elf2dmp/main.c | 9 ++--
15
3 files changed, 57 insertions(+), 53 deletions(-)
23
16
24
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
17
diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h
25
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
26
--- a/hw/sd/sd.c
19
--- a/contrib/elf2dmp/pe.h
27
+++ b/hw/sd/sd.c
20
+++ b/contrib/elf2dmp/pe.h
28
@@ -XXX,XX +XXX,XX @@ static void sd_function_switch(SDState *sd, uint32_t arg)
21
@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_DOS_HEADER {
29
sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
22
} __attribute__ ((packed)) IMAGE_DOS_HEADER;
23
24
typedef struct IMAGE_FILE_HEADER {
25
- uint16_t Machine;
26
- uint16_t NumberOfSections;
27
- uint32_t TimeDateStamp;
28
- uint32_t PointerToSymbolTable;
29
- uint32_t NumberOfSymbols;
30
- uint16_t SizeOfOptionalHeader;
31
- uint16_t Characteristics;
32
+ uint16_t Machine;
33
+ uint16_t NumberOfSections;
34
+ uint32_t TimeDateStamp;
35
+ uint32_t PointerToSymbolTable;
36
+ uint32_t NumberOfSymbols;
37
+ uint16_t SizeOfOptionalHeader;
38
+ uint16_t Characteristics;
39
} __attribute__ ((packed)) IMAGE_FILE_HEADER;
40
41
typedef struct IMAGE_DATA_DIRECTORY {
42
- uint32_t VirtualAddress;
43
- uint32_t Size;
44
+ uint32_t VirtualAddress;
45
+ uint32_t Size;
46
} __attribute__ ((packed)) IMAGE_DATA_DIRECTORY;
47
48
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
49
50
typedef struct IMAGE_OPTIONAL_HEADER64 {
51
- uint16_t Magic; /* 0x20b */
52
- uint8_t MajorLinkerVersion;
53
- uint8_t MinorLinkerVersion;
54
- uint32_t SizeOfCode;
55
- uint32_t SizeOfInitializedData;
56
- uint32_t SizeOfUninitializedData;
57
- uint32_t AddressOfEntryPoint;
58
- uint32_t BaseOfCode;
59
- uint64_t ImageBase;
60
- uint32_t SectionAlignment;
61
- uint32_t FileAlignment;
62
- uint16_t MajorOperatingSystemVersion;
63
- uint16_t MinorOperatingSystemVersion;
64
- uint16_t MajorImageVersion;
65
- uint16_t MinorImageVersion;
66
- uint16_t MajorSubsystemVersion;
67
- uint16_t MinorSubsystemVersion;
68
- uint32_t Win32VersionValue;
69
- uint32_t SizeOfImage;
70
- uint32_t SizeOfHeaders;
71
- uint32_t CheckSum;
72
- uint16_t Subsystem;
73
- uint16_t DllCharacteristics;
74
- uint64_t SizeOfStackReserve;
75
- uint64_t SizeOfStackCommit;
76
- uint64_t SizeOfHeapReserve;
77
- uint64_t SizeOfHeapCommit;
78
- uint32_t LoaderFlags;
79
- uint32_t NumberOfRvaAndSizes;
80
- IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
81
+ uint16_t Magic; /* 0x20b */
82
+ uint8_t MajorLinkerVersion;
83
+ uint8_t MinorLinkerVersion;
84
+ uint32_t SizeOfCode;
85
+ uint32_t SizeOfInitializedData;
86
+ uint32_t SizeOfUninitializedData;
87
+ uint32_t AddressOfEntryPoint;
88
+ uint32_t BaseOfCode;
89
+ uint64_t ImageBase;
90
+ uint32_t SectionAlignment;
91
+ uint32_t FileAlignment;
92
+ uint16_t MajorOperatingSystemVersion;
93
+ uint16_t MinorOperatingSystemVersion;
94
+ uint16_t MajorImageVersion;
95
+ uint16_t MinorImageVersion;
96
+ uint16_t MajorSubsystemVersion;
97
+ uint16_t MinorSubsystemVersion;
98
+ uint32_t Win32VersionValue;
99
+ uint32_t SizeOfImage;
100
+ uint32_t SizeOfHeaders;
101
+ uint32_t CheckSum;
102
+ uint16_t Subsystem;
103
+ uint16_t DllCharacteristics;
104
+ uint64_t SizeOfStackReserve;
105
+ uint64_t SizeOfStackCommit;
106
+ uint64_t SizeOfHeapReserve;
107
+ uint64_t SizeOfHeapCommit;
108
+ uint32_t LoaderFlags;
109
+ uint32_t NumberOfRvaAndSizes;
110
+ IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
111
} __attribute__ ((packed)) IMAGE_OPTIONAL_HEADER64;
112
113
typedef struct IMAGE_NT_HEADERS64 {
114
- uint32_t Signature;
115
- IMAGE_FILE_HEADER FileHeader;
116
- IMAGE_OPTIONAL_HEADER64 OptionalHeader;
117
+ uint32_t Signature;
118
+ IMAGE_FILE_HEADER FileHeader;
119
+ IMAGE_OPTIONAL_HEADER64 OptionalHeader;
120
} __attribute__ ((packed)) IMAGE_NT_HEADERS64;
121
122
typedef struct IMAGE_DEBUG_DIRECTORY {
123
- uint32_t Characteristics;
124
- uint32_t TimeDateStamp;
125
- uint16_t MajorVersion;
126
- uint16_t MinorVersion;
127
- uint32_t Type;
128
- uint32_t SizeOfData;
129
- uint32_t AddressOfRawData;
130
- uint32_t PointerToRawData;
131
+ uint32_t Characteristics;
132
+ uint32_t TimeDateStamp;
133
+ uint16_t MajorVersion;
134
+ uint16_t MinorVersion;
135
+ uint32_t Type;
136
+ uint32_t SizeOfData;
137
+ uint32_t AddressOfRawData;
138
+ uint32_t PointerToRawData;
139
} __attribute__ ((packed)) IMAGE_DEBUG_DIRECTORY;
140
141
#define IMAGE_DEBUG_TYPE_CODEVIEW 2
142
diff --git a/contrib/elf2dmp/addrspace.c b/contrib/elf2dmp/addrspace.c
143
index XXXXXXX..XXXXXXX 100644
144
--- a/contrib/elf2dmp/addrspace.c
145
+++ b/contrib/elf2dmp/addrspace.c
146
@@ -XXX,XX +XXX,XX @@
147
static struct pa_block *pa_space_find_block(struct pa_space *ps, uint64_t pa)
148
{
149
size_t i;
150
+
151
for (i = 0; i < ps->block_nr; i++) {
152
if (ps->block[i].paddr <= pa &&
153
pa <= ps->block[i].paddr + ps->block[i].size) {
154
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
155
index XXXXXXX..XXXXXXX 100644
156
--- a/contrib/elf2dmp/main.c
157
+++ b/contrib/elf2dmp/main.c
158
@@ -XXX,XX +XXX,XX @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps,
159
};
160
161
for (i = 0; i < ps->block_nr; i++) {
162
- h.PhysicalMemoryBlock.NumberOfPages += ps->block[i].size / ELF2DMP_PAGE_SIZE;
163
+ h.PhysicalMemoryBlock.NumberOfPages +=
164
+ ps->block[i].size / ELF2DMP_PAGE_SIZE;
165
h.PhysicalMemoryBlock.Run[i] = (WinDumpPhyMemRun64) {
166
.BasePage = ps->block[i].paddr / ELF2DMP_PAGE_SIZE,
167
.PageCount = ps->block[i].size / ELF2DMP_PAGE_SIZE,
168
};
30
}
169
}
31
memset(&sd->data[17], 0, 47);
170
32
- stw_be_p(sd->data + 65, sd_crc16(sd->data, 64));
171
- h.RequiredDumpSpace += h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS;
33
+ stw_be_p(sd->data + 64, sd_crc16(sd->data, 64));
172
+ h.RequiredDumpSpace +=
34
}
173
+ h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS;
35
174
36
static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
175
*hdr = h;
176
177
@@ -XXX,XX +XXX,XX @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps,
178
static int fill_context(KDDEBUGGER_DATA64 *kdbg,
179
struct va_space *vs, QEMU_Elf *qe)
180
{
181
- int i;
182
+ int i;
183
+
184
for (i = 0; i < qe->state_nr; i++) {
185
uint64_t Prcb;
186
uint64_t Context;
37
--
187
--
38
2.17.0
188
2.34.1
39
40
diff view generated by jsdifflib
[Qemu-devel] [PULL 10/16] target/arm: Implement FP data-processing (3 source) for fp16
[PULL 4/8] contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Viktor Prutyanov <viktor@daynix.com>
2
2
3
We missed all of the scalar fp16 fma operations.
3
Move out PE directory search functionality to be reused not only
4
for Debug Directory processing but for arbitrary PE directory.
4
5
5
Cc: qemu-stable@nongnu.org
6
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
7
Reviewed-by: Annie Li <annie.li@oracle.com>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20230222211246.883679-3-viktor@daynix.com
8
Tested-by: Alex Bennée <alex.bennee@linaro.org>
9
Message-id: 20180512003217.9105-8-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
10
---
12
target/arm/translate-a64.c | 48 ++++++++++++++++++++++++++++++++++++++
11
contrib/elf2dmp/main.c | 71 +++++++++++++++++++++++++-----------------
13
1 file changed, 48 insertions(+)
12
1 file changed, 42 insertions(+), 29 deletions(-)
14
13
15
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
14
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
16
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/translate-a64.c
16
--- a/contrib/elf2dmp/main.c
18
+++ b/target/arm/translate-a64.c
17
+++ b/contrib/elf2dmp/main.c
19
@@ -XXX,XX +XXX,XX @@ static void handle_fp_3src_double(DisasContext *s, bool o0, bool o1,
18
@@ -XXX,XX +XXX,XX @@ static int fill_context(KDDEBUGGER_DATA64 *kdbg,
20
tcg_temp_free_i64(tcg_res);
19
return 0;
21
}
20
}
22
21
23
+/* Floating-point data-processing (3 source) - half precision */
22
+static int pe_get_data_dir_entry(uint64_t base, void *start_addr, int idx,
24
+static void handle_fp_3src_half(DisasContext *s, bool o0, bool o1,
23
+ void *entry, size_t size, struct va_space *vs)
25
+ int rd, int rn, int rm, int ra)
26
+{
24
+{
27
+ TCGv_i32 tcg_op1, tcg_op2, tcg_op3;
25
+ const char e_magic[2] = "MZ";
28
+ TCGv_i32 tcg_res = tcg_temp_new_i32();
26
+ const char Signature[4] = "PE\0\0";
29
+ TCGv_ptr fpst = get_fpstatus_ptr(true);
27
+ IMAGE_DOS_HEADER *dos_hdr = start_addr;
28
+ IMAGE_NT_HEADERS64 nt_hdrs;
29
+ IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader;
30
+ IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader;
31
+ IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory;
30
+
32
+
31
+ tcg_op1 = read_fp_hreg(s, rn);
33
+ QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE);
32
+ tcg_op2 = read_fp_hreg(s, rm);
33
+ tcg_op3 = read_fp_hreg(s, ra);
34
+
34
+
35
+ /* These are fused multiply-add, and must be done as one
35
+ if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) {
36
+ * floating point operation with no rounding between the
36
+ return 1;
37
+ * multiplication and addition steps.
38
+ * NB that doing the negations here as separate steps is
39
+ * correct : an input NaN should come out with its sign bit
40
+ * flipped if it is a negated-input.
41
+ */
42
+ if (o1 == true) {
43
+ tcg_gen_xori_i32(tcg_op3, tcg_op3, 0x8000);
44
+ }
37
+ }
45
+
38
+
46
+ if (o0 != o1) {
39
+ if (va_space_rw(vs, base + dos_hdr->e_lfanew,
47
+ tcg_gen_xori_i32(tcg_op1, tcg_op1, 0x8000);
40
+ &nt_hdrs, sizeof(nt_hdrs), 0)) {
41
+ return 1;
48
+ }
42
+ }
49
+
43
+
50
+ gen_helper_advsimd_muladdh(tcg_res, tcg_op1, tcg_op2, tcg_op3, fpst);
44
+ if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) ||
45
+ file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) {
46
+ return 1;
47
+ }
51
+
48
+
52
+ write_fp_sreg(s, rd, tcg_res);
49
+ if (va_space_rw(vs,
50
+ base + data_dir[idx].VirtualAddress,
51
+ entry, size, 0)) {
52
+ return 1;
53
+ }
53
+
54
+
54
+ tcg_temp_free_ptr(fpst);
55
+ printf("Data directory entry #%d: RVA = 0x%08"PRIx32"\n", idx,
55
+ tcg_temp_free_i32(tcg_op1);
56
+ (uint32_t)data_dir[idx].VirtualAddress);
56
+ tcg_temp_free_i32(tcg_op2);
57
+
57
+ tcg_temp_free_i32(tcg_op3);
58
+ return 0;
58
+ tcg_temp_free_i32(tcg_res);
59
+}
59
+}
60
+
60
+
61
/* Floating point data-processing (3 source)
61
static int write_dump(struct pa_space *ps,
62
* 31 30 29 28 24 23 22 21 20 16 15 14 10 9 5 4 0
62
WinDumpHeader64 *hdr, const char *name)
63
* +---+---+---+-----------+------+----+------+----+------+------+------+
63
{
64
@@ -XXX,XX +XXX,XX @@ static void disas_fp_3src(DisasContext *s, uint32_t insn)
64
@@ -XXX,XX +XXX,XX @@ static int write_dump(struct pa_space *ps,
65
}
65
static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr,
66
handle_fp_3src_double(s, o0, o1, rd, rn, rm, ra);
66
char *hash, struct va_space *vs)
67
break;
67
{
68
+ case 3:
68
- const char e_magic[2] = "MZ";
69
+ if (!arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
69
- const char Signature[4] = "PE\0\0";
70
+ unallocated_encoding(s);
70
const char sign_rsds[4] = "RSDS";
71
+ return;
71
- IMAGE_DOS_HEADER *dos_hdr = start_addr;
72
+ }
72
- IMAGE_NT_HEADERS64 nt_hdrs;
73
+ if (!fp_access_check(s)) {
73
- IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader;
74
+ return;
74
- IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader;
75
+ }
75
- IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory;
76
+ handle_fp_3src_half(s, o0, o1, rd, rn, rm, ra);
76
IMAGE_DEBUG_DIRECTORY debug_dir;
77
+ break;
77
OMFSignatureRSDS rsds;
78
default:
78
char *pdb_name;
79
unallocated_encoding(s);
79
size_t pdb_name_sz;
80
size_t i;
81
82
- QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE);
83
-
84
- if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) {
85
- return 1;
86
- }
87
-
88
- if (va_space_rw(vs, base + dos_hdr->e_lfanew,
89
- &nt_hdrs, sizeof(nt_hdrs), 0)) {
90
- return 1;
91
- }
92
-
93
- if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) ||
94
- file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) {
95
- return 1;
96
- }
97
-
98
- printf("Debug Directory RVA = 0x%08"PRIx32"\n",
99
- (uint32_t)data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress);
100
-
101
- if (va_space_rw(vs,
102
- base + data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress,
103
- &debug_dir, sizeof(debug_dir), 0)) {
104
+ if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_DEBUG_DIRECTORY,
105
+ &debug_dir, sizeof(debug_dir), vs)) {
106
+ eprintf("Failed to get Debug Directory\n");
107
return 1;
80
}
108
}
109
81
--
110
--
82
2.17.0
111
2.34.1
83
84
diff view generated by jsdifflib
[Qemu-devel] [PULL 06/16] target/arm: Implement FCVT (scalar, integer) for fp16
[PULL 5/8] contrib/elf2dmp: add PE name check and Windows Server 2022 support
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Viktor Prutyanov <viktor@daynix.com>
2
2
3
Cc: qemu-stable@nongnu.org
3
Since its inception elf2dmp has checked MZ signatures within an
4
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
4
address space above IDT[0] interrupt vector and took first PE image
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
found as Windows Kernel.
6
Tested-by: Alex Bennée <alex.bennee@linaro.org>
6
But in Windows Server 2022 memory dump this address space range is
7
Message-id: 20180512003217.9105-4-richard.henderson@linaro.org
7
full of invalid PE fragments and the tool must check that PE image
8
is 'ntoskrnl.exe' actually.
9
So, introduce additional validation by checking image name from
10
Export Directory against 'ntoskrnl.exe'.
11
12
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
13
Tested-by: Yuri Benditovich <yuri.benditovich@daynix.com>
14
Reviewed-by: Annie Li <annie.li@oracle.com>
15
Message-id: 20230222211246.883679-4-viktor@daynix.com
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
17
---
10
target/arm/helper.h | 6 +++
18
contrib/elf2dmp/pe.h | 15 +++++++++++++++
11
target/arm/helper.c | 38 ++++++++++++++-
19
contrib/elf2dmp/main.c | 28 ++++++++++++++++++++++++++--
12
target/arm/translate-a64.c | 96 +++++++++++++++++++++++++++++++-------
20
2 files changed, 41 insertions(+), 2 deletions(-)
13
3 files changed, 122 insertions(+), 18 deletions(-)
14
21
15
diff --git a/target/arm/helper.h b/target/arm/helper.h
22
diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h
16
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/helper.h
24
--- a/contrib/elf2dmp/pe.h
18
+++ b/target/arm/helper.h
25
+++ b/contrib/elf2dmp/pe.h
19
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_3(vfp_touhd_round_to_zero, i64, f64, i32, ptr)
26
@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_NT_HEADERS64 {
20
DEF_HELPER_3(vfp_tould_round_to_zero, i64, f64, i32, ptr)
27
IMAGE_OPTIONAL_HEADER64 OptionalHeader;
21
DEF_HELPER_3(vfp_touhh, i32, f16, i32, ptr)
28
} __attribute__ ((packed)) IMAGE_NT_HEADERS64;
22
DEF_HELPER_3(vfp_toshh, i32, f16, i32, ptr)
29
23
+DEF_HELPER_3(vfp_toulh, i32, f16, i32, ptr)
30
+typedef struct IMAGE_EXPORT_DIRECTORY {
24
+DEF_HELPER_3(vfp_toslh, i32, f16, i32, ptr)
31
+ uint32_t Characteristics;
25
+DEF_HELPER_3(vfp_touqh, i64, f16, i32, ptr)
32
+ uint32_t TimeDateStamp;
26
+DEF_HELPER_3(vfp_tosqh, i64, f16, i32, ptr)
33
+ uint16_t MajorVersion;
27
DEF_HELPER_3(vfp_toshs, i32, f32, i32, ptr)
34
+ uint16_t MinorVersion;
28
DEF_HELPER_3(vfp_tosls, i32, f32, i32, ptr)
35
+ uint32_t Name;
29
DEF_HELPER_3(vfp_tosqs, i64, f32, i32, ptr)
36
+ uint32_t Base;
30
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_3(vfp_ultod, f64, i64, i32, ptr)
37
+ uint32_t NumberOfFunctions;
31
DEF_HELPER_3(vfp_uqtod, f64, i64, i32, ptr)
38
+ uint32_t NumberOfNames;
32
DEF_HELPER_3(vfp_sltoh, f16, i32, i32, ptr)
39
+ uint32_t AddressOfFunctions;
33
DEF_HELPER_3(vfp_ultoh, f16, i32, i32, ptr)
40
+ uint32_t AddressOfNames;
34
+DEF_HELPER_3(vfp_sqtoh, f16, i64, i32, ptr)
41
+ uint32_t AddressOfNameOrdinals;
35
+DEF_HELPER_3(vfp_uqtoh, f16, i64, i32, ptr)
42
+} __attribute__ ((packed)) IMAGE_EXPORT_DIRECTORY;
36
43
+
37
DEF_HELPER_FLAGS_2(set_rmode, TCG_CALL_NO_RWG, i32, i32, ptr)
44
typedef struct IMAGE_DEBUG_DIRECTORY {
38
DEF_HELPER_FLAGS_2(set_neon_rmode, TCG_CALL_NO_RWG, i32, i32, env)
45
uint32_t Characteristics;
39
diff --git a/target/arm/helper.c b/target/arm/helper.c
46
uint32_t TimeDateStamp;
47
@@ -XXX,XX +XXX,XX @@ typedef struct IMAGE_DEBUG_DIRECTORY {
48
#define IMAGE_DEBUG_TYPE_CODEVIEW 2
49
#endif
50
51
+#define IMAGE_FILE_EXPORT_DIRECTORY 0
52
#define IMAGE_FILE_DEBUG_DIRECTORY 6
53
54
typedef struct guid_t {
55
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
40
index XXXXXXX..XXXXXXX 100644
56
index XXXXXXX..XXXXXXX 100644
41
--- a/target/arm/helper.c
57
--- a/contrib/elf2dmp/main.c
42
+++ b/target/arm/helper.c
58
+++ b/contrib/elf2dmp/main.c
43
@@ -XXX,XX +XXX,XX @@ VFP_CONV_FIX_A64(uq, s, 32, 64, uint64)
59
@@ -XXX,XX +XXX,XX @@
44
#undef VFP_CONV_FIX_A64
60
45
61
#define SYM_URL_BASE "https://msdl.microsoft.com/download/symbols/"
46
/* Conversion to/from f16 can overflow to infinity before/after scaling.
62
#define PDB_NAME "ntkrnlmp.pdb"
47
- * Therefore we convert to f64 (which does not round), scale,
63
+#define PE_NAME "ntoskrnl.exe"
48
- * and then convert f64 to f16 (which may round).
64
49
+ * Therefore we convert to f64, scale, and then convert f64 to f16; or
65
#define INITIAL_MXCSR 0x1f80
50
+ * vice versa for conversion to integer.
66
51
+ *
67
@@ -XXX,XX +XXX,XX @@ static int write_dump(struct pa_space *ps,
52
+ * For 16- and 32-bit integers, the conversion to f64 never rounds.
68
return fclose(dmp_file);
53
+ * For 64-bit integers, any integer that would cause rounding will also
54
+ * overflow to f16 infinity, so there is no double rounding problem.
55
*/
56
57
static float16 do_postscale_fp16(float64 f, int shift, float_status *fpst)
58
@@ -XXX,XX +XXX,XX @@ float16 HELPER(vfp_ultoh)(uint32_t x, uint32_t shift, void *fpst)
59
return do_postscale_fp16(uint32_to_float64(x, fpst), shift, fpst);
60
}
69
}
61
70
62
+float16 HELPER(vfp_sqtoh)(uint64_t x, uint32_t shift, void *fpst)
71
+static bool pe_check_export_name(uint64_t base, void *start_addr,
72
+ struct va_space *vs)
63
+{
73
+{
64
+ return do_postscale_fp16(int64_to_float64(x, fpst), shift, fpst);
74
+ IMAGE_EXPORT_DIRECTORY export_dir;
75
+ const char *pe_name;
76
+
77
+ if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_EXPORT_DIRECTORY,
78
+ &export_dir, sizeof(export_dir), vs)) {
79
+ return false;
80
+ }
81
+
82
+ pe_name = va_space_resolve(vs, base + export_dir.Name);
83
+ if (!pe_name) {
84
+ return false;
85
+ }
86
+
87
+ return !strcmp(pe_name, PE_NAME);
65
+}
88
+}
66
+
89
+
67
+float16 HELPER(vfp_uqtoh)(uint64_t x, uint32_t shift, void *fpst)
90
static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr,
68
+{
91
char *hash, struct va_space *vs)
69
+ return do_postscale_fp16(uint64_to_float64(x, fpst), shift, fpst);
70
+}
71
+
72
static float64 do_prescale_fp16(float16 f, int shift, float_status *fpst)
73
{
92
{
74
if (unlikely(float16_is_any_nan(f))) {
93
@@ -XXX,XX +XXX,XX @@ int main(int argc, char *argv[])
75
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(vfp_touhh)(float16 x, uint32_t shift, void *fpst)
94
uint64_t KdDebuggerDataBlock;
76
return float64_to_uint16(do_prescale_fp16(x, shift, fpst), fpst);
95
KDDEBUGGER_DATA64 *kdbg;
77
}
96
uint64_t KdVersionBlock;
78
97
+ bool kernel_found = false;
79
+uint32_t HELPER(vfp_toslh)(float16 x, uint32_t shift, void *fpst)
98
80
+{
99
if (argc != 3) {
81
+ return float64_to_int32(do_prescale_fp16(x, shift, fpst), fpst);
100
eprintf("usage:\n\t%s elf_file dmp_file\n", argv[0]);
82
+}
101
@@ -XXX,XX +XXX,XX @@ int main(int argc, char *argv[])
83
+
84
+uint32_t HELPER(vfp_toulh)(float16 x, uint32_t shift, void *fpst)
85
+{
86
+ return float64_to_uint32(do_prescale_fp16(x, shift, fpst), fpst);
87
+}
88
+
89
+uint64_t HELPER(vfp_tosqh)(float16 x, uint32_t shift, void *fpst)
90
+{
91
+ return float64_to_int64(do_prescale_fp16(x, shift, fpst), fpst);
92
+}
93
+
94
+uint64_t HELPER(vfp_touqh)(float16 x, uint32_t shift, void *fpst)
95
+{
96
+ return float64_to_uint64(do_prescale_fp16(x, shift, fpst), fpst);
97
+}
98
+
99
/* Set the current fp rounding mode and return the old one.
100
* The argument is a softfloat float_round_ value.
101
*/
102
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
103
index XXXXXXX..XXXXXXX 100644
104
--- a/target/arm/translate-a64.c
105
+++ b/target/arm/translate-a64.c
106
@@ -XXX,XX +XXX,XX @@ static void handle_fpfpcvt(DisasContext *s, int rd, int rn, int opcode,
107
bool itof, int rmode, int scale, int sf, int type)
108
{
109
bool is_signed = !(opcode & 1);
110
- bool is_double = type;
111
TCGv_ptr tcg_fpstatus;
112
- TCGv_i32 tcg_shift;
113
+ TCGv_i32 tcg_shift, tcg_single;
114
+ TCGv_i64 tcg_double;
115
116
- tcg_fpstatus = get_fpstatus_ptr(false);
117
+ tcg_fpstatus = get_fpstatus_ptr(type == 3);
118
119
tcg_shift = tcg_const_i32(64 - scale);
120
121
@@ -XXX,XX +XXX,XX @@ static void handle_fpfpcvt(DisasContext *s, int rd, int rn, int opcode,
122
tcg_int = tcg_extend;
123
}
102
}
124
103
125
- if (is_double) {
104
if (*(uint16_t *)nt_start_addr == 0x5a4d) { /* MZ */
126
- TCGv_i64 tcg_double = tcg_temp_new_i64();
105
- break;
127
+ switch (type) {
106
+ if (pe_check_export_name(KernBase, nt_start_addr, &vs)) {
128
+ case 1: /* float64 */
107
+ kernel_found = true;
129
+ tcg_double = tcg_temp_new_i64();
130
if (is_signed) {
131
gen_helper_vfp_sqtod(tcg_double, tcg_int,
132
tcg_shift, tcg_fpstatus);
133
@@ -XXX,XX +XXX,XX @@ static void handle_fpfpcvt(DisasContext *s, int rd, int rn, int opcode,
134
}
135
write_fp_dreg(s, rd, tcg_double);
136
tcg_temp_free_i64(tcg_double);
137
- } else {
138
- TCGv_i32 tcg_single = tcg_temp_new_i32();
139
+ break;
140
+
141
+ case 0: /* float32 */
142
+ tcg_single = tcg_temp_new_i32();
143
if (is_signed) {
144
gen_helper_vfp_sqtos(tcg_single, tcg_int,
145
tcg_shift, tcg_fpstatus);
146
@@ -XXX,XX +XXX,XX @@ static void handle_fpfpcvt(DisasContext *s, int rd, int rn, int opcode,
147
}
148
write_fp_sreg(s, rd, tcg_single);
149
tcg_temp_free_i32(tcg_single);
150
+ break;
151
+
152
+ case 3: /* float16 */
153
+ tcg_single = tcg_temp_new_i32();
154
+ if (is_signed) {
155
+ gen_helper_vfp_sqtoh(tcg_single, tcg_int,
156
+ tcg_shift, tcg_fpstatus);
157
+ } else {
158
+ gen_helper_vfp_uqtoh(tcg_single, tcg_int,
159
+ tcg_shift, tcg_fpstatus);
160
+ }
161
+ write_fp_sreg(s, rd, tcg_single);
162
+ tcg_temp_free_i32(tcg_single);
163
+ break;
164
+
165
+ default:
166
+ g_assert_not_reached();
167
}
168
} else {
169
TCGv_i64 tcg_int = cpu_reg(s, rd);
170
@@ -XXX,XX +XXX,XX @@ static void handle_fpfpcvt(DisasContext *s, int rd, int rn, int opcode,
171
172
gen_helper_set_rmode(tcg_rmode, tcg_rmode, tcg_fpstatus);
173
174
- if (is_double) {
175
- TCGv_i64 tcg_double = read_fp_dreg(s, rn);
176
+ switch (type) {
177
+ case 1: /* float64 */
178
+ tcg_double = read_fp_dreg(s, rn);
179
if (is_signed) {
180
if (!sf) {
181
gen_helper_vfp_tosld(tcg_int, tcg_double,
182
@@ -XXX,XX +XXX,XX @@ static void handle_fpfpcvt(DisasContext *s, int rd, int rn, int opcode,
183
tcg_shift, tcg_fpstatus);
184
}
185
}
186
+ if (!sf) {
187
+ tcg_gen_ext32u_i64(tcg_int, tcg_int);
188
+ }
189
tcg_temp_free_i64(tcg_double);
190
- } else {
191
- TCGv_i32 tcg_single = read_fp_sreg(s, rn);
192
+ break;
193
+
194
+ case 0: /* float32 */
195
+ tcg_single = read_fp_sreg(s, rn);
196
if (sf) {
197
if (is_signed) {
198
gen_helper_vfp_tosqs(tcg_int, tcg_single,
199
@@ -XXX,XX +XXX,XX @@ static void handle_fpfpcvt(DisasContext *s, int rd, int rn, int opcode,
200
tcg_temp_free_i32(tcg_dest);
201
}
202
tcg_temp_free_i32(tcg_single);
203
+ break;
204
+
205
+ case 3: /* float16 */
206
+ tcg_single = read_fp_sreg(s, rn);
207
+ if (sf) {
208
+ if (is_signed) {
209
+ gen_helper_vfp_tosqh(tcg_int, tcg_single,
210
+ tcg_shift, tcg_fpstatus);
211
+ } else {
212
+ gen_helper_vfp_touqh(tcg_int, tcg_single,
213
+ tcg_shift, tcg_fpstatus);
214
+ }
215
+ } else {
216
+ TCGv_i32 tcg_dest = tcg_temp_new_i32();
217
+ if (is_signed) {
218
+ gen_helper_vfp_toslh(tcg_dest, tcg_single,
219
+ tcg_shift, tcg_fpstatus);
220
+ } else {
221
+ gen_helper_vfp_toulh(tcg_dest, tcg_single,
222
+ tcg_shift, tcg_fpstatus);
223
+ }
224
+ tcg_gen_extu_i32_i64(tcg_int, tcg_dest);
225
+ tcg_temp_free_i32(tcg_dest);
226
+ }
227
+ tcg_temp_free_i32(tcg_single);
228
+ break;
229
+
230
+ default:
231
+ g_assert_not_reached();
232
}
233
234
gen_helper_set_rmode(tcg_rmode, tcg_rmode, tcg_fpstatus);
235
tcg_temp_free_i32(tcg_rmode);
236
-
237
- if (!sf) {
238
- tcg_gen_ext32u_i64(tcg_int, tcg_int);
239
- }
240
}
241
242
tcg_temp_free_ptr(tcg_fpstatus);
243
@@ -XXX,XX +XXX,XX @@ static void disas_fp_int_conv(DisasContext *s, uint32_t insn)
244
/* actual FP conversions */
245
bool itof = extract32(opcode, 1, 1);
246
247
- if (type > 1 || (rmode != 0 && opcode > 1)) {
248
+ if (rmode != 0 && opcode > 1) {
249
+ unallocated_encoding(s);
250
+ return;
251
+ }
252
+ switch (type) {
253
+ case 0: /* float32 */
254
+ case 1: /* float64 */
255
+ break;
256
+ case 3: /* float16 */
257
+ if (arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
258
+ break;
108
+ break;
259
+ }
109
+ }
260
+ /* fallthru */
261
+ default:
262
unallocated_encoding(s);
263
return;
264
}
110
}
111
}
112
113
- if (!nt_start_addr) {
114
+ if (!kernel_found) {
115
eprintf("Failed to find NT kernel image\n");
116
err = 1;
117
goto out_ps;
265
--
118
--
266
2.17.0
119
2.34.1
267
268
diff view generated by jsdifflib
[Qemu-devel] [PULL 04/16] target/arm: Implement FMOV (general) for fp16
[PULL 6/8] hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Guenter Roeck <linux@roeck-us.net>
2
2
3
Adding the fp16 moves to/from general registers.
3
The i.MX USB Phy driver does not check register ranges, resulting in out of
4
bounds accesses if an attempt is made to access non-existing PHY registers.
5
Add range check and conditionally report bad accesses to fix the problem.
4
6
5
Cc: qemu-stable@nongnu.org
7
While at it, also conditionally log attempted writes to non-existing or
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
read-only registers.
7
Tested-by: Alex Bennée <alex.bennee@linaro.org>
9
8
Message-id: 20180512003217.9105-2-richard.henderson@linaro.org
10
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
11
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
12
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
13
Message-id: 20230316234926.208874-1-linux@roeck-us.net
14
Link: https://gitlab.com/qemu-project/qemu/-/issues/1408
15
Fixes: 0701a5efa015 ("hw/usb: Add basic i.MX USB Phy support")
16
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
17
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
19
---
12
target/arm/translate-a64.c | 21 +++++++++++++++++++++
20
hw/usb/imx-usb-phy.c | 19 +++++++++++++++++--
13
1 file changed, 21 insertions(+)
21
1 file changed, 17 insertions(+), 2 deletions(-)
14
22
15
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
23
diff --git a/hw/usb/imx-usb-phy.c b/hw/usb/imx-usb-phy.c
16
index XXXXXXX..XXXXXXX 100644
24
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/translate-a64.c
25
--- a/hw/usb/imx-usb-phy.c
18
+++ b/target/arm/translate-a64.c
26
+++ b/hw/usb/imx-usb-phy.c
19
@@ -XXX,XX +XXX,XX @@ static void handle_fmov(DisasContext *s, int rd, int rn, int type, bool itof)
27
@@ -XXX,XX +XXX,XX @@
20
tcg_gen_st_i64(tcg_rn, cpu_env, fp_reg_hi_offset(s, rd));
28
#include "qemu/osdep.h"
21
clear_vec_high(s, true, rd);
29
#include "hw/usb/imx-usb-phy.h"
22
break;
30
#include "migration/vmstate.h"
23
+ case 3:
31
+#include "qemu/log.h"
24
+ /* 16 bit */
32
#include "qemu/module.h"
25
+ tmp = tcg_temp_new_i64();
33
26
+ tcg_gen_ext16u_i64(tmp, tcg_rn);
34
static const VMStateDescription vmstate_imx_usbphy = {
27
+ write_fp_dreg(s, rd, tmp);
35
@@ -XXX,XX +XXX,XX @@ static uint64_t imx_usbphy_read(void *opaque, hwaddr offset, unsigned size)
28
+ tcg_temp_free_i64(tmp);
36
value = s->usbphy[index - 3];
29
+ break;
37
break;
30
+ default:
38
default:
31
+ g_assert_not_reached();
39
- value = s->usbphy[index];
32
}
40
+ if (index < USBPHY_MAX) {
33
} else {
41
+ value = s->usbphy[index];
34
TCGv_i64 tcg_rd = cpu_reg(s, rd);
42
+ } else {
35
@@ -XXX,XX +XXX,XX @@ static void handle_fmov(DisasContext *s, int rd, int rn, int type, bool itof)
43
+ qemu_log_mask(LOG_GUEST_ERROR,
36
/* 64 bits from top half */
44
+ "%s: Read from non-existing USB PHY register 0x%"
37
tcg_gen_ld_i64(tcg_rd, cpu_env, fp_reg_hi_offset(s, rn));
45
+ HWADDR_PRIx "\n",
38
break;
46
+ __func__, offset);
39
+ case 3:
47
+ value = 0;
40
+ /* 16 bit */
48
+ }
41
+ tcg_gen_ld16u_i64(tcg_rd, cpu_env, fp_reg_offset(s, rn, MO_16));
49
break;
42
+ break;
50
}
43
+ default:
51
return (uint64_t)value;
44
+ g_assert_not_reached();
52
@@ -XXX,XX +XXX,XX @@ static void imx_usbphy_write(void *opaque, hwaddr offset, uint64_t value,
45
}
53
s->usbphy[index - 3] ^= value;
54
break;
55
default:
56
- /* Other registers are read-only */
57
+ /* Other registers are read-only or do not exist */
58
+ qemu_log_mask(LOG_GUEST_ERROR,
59
+ "%s: Write to %s USB PHY register 0x%"
60
+ HWADDR_PRIx "\n",
61
+ __func__,
62
+ index >= USBPHY_MAX ? "non-existing" : "read-only",
63
+ offset);
64
break;
46
}
65
}
47
}
66
}
48
@@ -XXX,XX +XXX,XX @@ static void disas_fp_int_conv(DisasContext *s, uint32_t insn)
49
case 0xa: /* 64 bit */
50
case 0xd: /* 64 bit to top half of quad */
51
break;
52
+ case 0x6: /* 16-bit float, 32-bit int */
53
+ case 0xe: /* 16-bit float, 64-bit int */
54
+ if (arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
55
+ break;
56
+ }
57
+ /* fallthru */
58
default:
59
/* all other sf/type/rmode combinations are invalid */
60
unallocated_encoding(s);
61
--
67
--
62
2.17.0
68
2.34.1
63
64
diff view generated by jsdifflib
[Qemu-devel] [PULL 05/16] target/arm: Early exit after unallocated_encoding in disas_fp_int_conv
Deleted patch
1
From: Richard Henderson <richard.henderson@linaro.org>
2
1
3
No sense in emitting code after the exception.
4
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Tested-by: Alex Bennée <alex.bennee@linaro.org>
7
Message-id: 20180512003217.9105-3-richard.henderson@linaro.org
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/translate-a64.c | 2 +-
12
1 file changed, 1 insertion(+), 1 deletion(-)
13
14
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/translate-a64.c
17
+++ b/target/arm/translate-a64.c
18
@@ -XXX,XX +XXX,XX @@ static void disas_fp_int_conv(DisasContext *s, uint32_t insn)
19
default:
20
/* all other sf/type/rmode combinations are invalid */
21
unallocated_encoding(s);
22
- break;
23
+ return;
24
}
25
26
if (!fp_access_check(s)) {
27
--
28
2.17.0
29
30
diff view generated by jsdifflib
[Qemu-devel] [PULL 07/16] target/arm: Implement FCVT (scalar, fixed-point) for fp16
Deleted patch
1
From: Richard Henderson <richard.henderson@linaro.org>
2
1
3
Cc: qemu-stable@nongnu.org
4
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Tested-by: Alex Bennée <alex.bennee@linaro.org>
7
Message-id: 20180512003217.9105-5-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
target/arm/translate-a64.c | 17 +++++++++++++++--
11
1 file changed, 15 insertions(+), 2 deletions(-)
12
13
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/translate-a64.c
16
+++ b/target/arm/translate-a64.c
17
@@ -XXX,XX +XXX,XX @@ static void disas_fp_fixed_conv(DisasContext *s, uint32_t insn)
18
bool sf = extract32(insn, 31, 1);
19
bool itof;
20
21
- if (sbit || (type > 1)
22
- || (!sf && scale < 32)) {
23
+ if (sbit || (!sf && scale < 32)) {
24
+ unallocated_encoding(s);
25
+ return;
26
+ }
27
+
28
+ switch (type) {
29
+ case 0: /* float32 */
30
+ case 1: /* float64 */
31
+ break;
32
+ case 3: /* float16 */
33
+ if (arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
34
+ break;
35
+ }
36
+ /* fallthru */
37
+ default:
38
unallocated_encoding(s);
39
return;
40
}
41
--
42
2.17.0
43
44
diff view generated by jsdifflib
[Qemu-devel] [PULL 08/16] target/arm: Introduce and use read_fp_hreg
Deleted patch
1
From: Richard Henderson <richard.henderson@linaro.org>
2
1
3
Cc: qemu-stable@nongnu.org
4
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Tested-by: Alex Bennée <alex.bennee@linaro.org>
7
Message-id: 20180512003217.9105-6-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
target/arm/translate-a64.c | 30 ++++++++++++++----------------
11
1 file changed, 14 insertions(+), 16 deletions(-)
12
13
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/translate-a64.c
16
+++ b/target/arm/translate-a64.c
17
@@ -XXX,XX +XXX,XX @@ static TCGv_i32 read_fp_sreg(DisasContext *s, int reg)
18
return v;
19
}
20
21
+static TCGv_i32 read_fp_hreg(DisasContext *s, int reg)
22
+{
23
+ TCGv_i32 v = tcg_temp_new_i32();
24
+
25
+ tcg_gen_ld16u_i32(v, cpu_env, fp_reg_offset(s, reg, MO_16));
26
+ return v;
27
+}
28
+
29
/* Clear the bits above an N-bit vector, for N = (is_q ? 128 : 64).
30
* If SVE is not enabled, then there are only 128 bits in the vector.
31
*/
32
@@ -XXX,XX +XXX,XX @@ static void disas_fp_csel(DisasContext *s, uint32_t insn)
33
static void handle_fp_1src_half(DisasContext *s, int opcode, int rd, int rn)
34
{
35
TCGv_ptr fpst = NULL;
36
- TCGv_i32 tcg_op = tcg_temp_new_i32();
37
+ TCGv_i32 tcg_op = read_fp_hreg(s, rn);
38
TCGv_i32 tcg_res = tcg_temp_new_i32();
39
40
- read_vec_element_i32(s, tcg_op, rn, 0, MO_16);
41
-
42
switch (opcode) {
43
case 0x0: /* FMOV */
44
tcg_gen_mov_i32(tcg_res, tcg_op);
45
@@ -XXX,XX +XXX,XX @@ static void disas_simd_scalar_three_reg_diff(DisasContext *s, uint32_t insn)
46
tcg_temp_free_i64(tcg_op2);
47
tcg_temp_free_i64(tcg_res);
48
} else {
49
- TCGv_i32 tcg_op1 = tcg_temp_new_i32();
50
- TCGv_i32 tcg_op2 = tcg_temp_new_i32();
51
+ TCGv_i32 tcg_op1 = read_fp_hreg(s, rn);
52
+ TCGv_i32 tcg_op2 = read_fp_hreg(s, rm);
53
TCGv_i64 tcg_res = tcg_temp_new_i64();
54
55
- read_vec_element_i32(s, tcg_op1, rn, 0, MO_16);
56
- read_vec_element_i32(s, tcg_op2, rm, 0, MO_16);
57
-
58
gen_helper_neon_mull_s16(tcg_res, tcg_op1, tcg_op2);
59
gen_helper_neon_addl_saturate_s32(tcg_res, cpu_env, tcg_res, tcg_res);
60
61
@@ -XXX,XX +XXX,XX @@ static void disas_simd_scalar_three_reg_same_fp16(DisasContext *s,
62
63
fpst = get_fpstatus_ptr(true);
64
65
- tcg_op1 = tcg_temp_new_i32();
66
- tcg_op2 = tcg_temp_new_i32();
67
+ tcg_op1 = read_fp_hreg(s, rn);
68
+ tcg_op2 = read_fp_hreg(s, rm);
69
tcg_res = tcg_temp_new_i32();
70
71
- read_vec_element_i32(s, tcg_op1, rn, 0, MO_16);
72
- read_vec_element_i32(s, tcg_op2, rm, 0, MO_16);
73
-
74
switch (fpopcode) {
75
case 0x03: /* FMULX */
76
gen_helper_advsimd_mulxh(tcg_res, tcg_op1, tcg_op2, fpst);
77
@@ -XXX,XX +XXX,XX @@ static void disas_simd_two_reg_misc_fp16(DisasContext *s, uint32_t insn)
78
}
79
80
if (is_scalar) {
81
- TCGv_i32 tcg_op = tcg_temp_new_i32();
82
+ TCGv_i32 tcg_op = read_fp_hreg(s, rn);
83
TCGv_i32 tcg_res = tcg_temp_new_i32();
84
85
- read_vec_element_i32(s, tcg_op, rn, 0, MO_16);
86
-
87
switch (fpop) {
88
case 0x1a: /* FCVTNS */
89
case 0x1b: /* FCVTMS */
90
--
91
2.17.0
92
93
diff view generated by jsdifflib
[Qemu-devel] [PULL 09/16] target/arm: Implement FP data-processing (2 source) for fp16
Deleted patch
1
From: Richard Henderson <richard.henderson@linaro.org>
2
1
3
We missed all of the scalar fp16 binary operations.
4
5
Cc: qemu-stable@nongnu.org
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Tested-by: Alex Bennée <alex.bennee@linaro.org>
9
Message-id: 20180512003217.9105-7-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
target/arm/translate-a64.c | 65 ++++++++++++++++++++++++++++++++++++++
13
1 file changed, 65 insertions(+)
14
15
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/translate-a64.c
18
+++ b/target/arm/translate-a64.c
19
@@ -XXX,XX +XXX,XX @@ static void handle_fp_2src_double(DisasContext *s, int opcode,
20
tcg_temp_free_i64(tcg_res);
21
}
22
23
+/* Floating-point data-processing (2 source) - half precision */
24
+static void handle_fp_2src_half(DisasContext *s, int opcode,
25
+ int rd, int rn, int rm)
26
+{
27
+ TCGv_i32 tcg_op1;
28
+ TCGv_i32 tcg_op2;
29
+ TCGv_i32 tcg_res;
30
+ TCGv_ptr fpst;
31
+
32
+ tcg_res = tcg_temp_new_i32();
33
+ fpst = get_fpstatus_ptr(true);
34
+ tcg_op1 = read_fp_hreg(s, rn);
35
+ tcg_op2 = read_fp_hreg(s, rm);
36
+
37
+ switch (opcode) {
38
+ case 0x0: /* FMUL */
39
+ gen_helper_advsimd_mulh(tcg_res, tcg_op1, tcg_op2, fpst);
40
+ break;
41
+ case 0x1: /* FDIV */
42
+ gen_helper_advsimd_divh(tcg_res, tcg_op1, tcg_op2, fpst);
43
+ break;
44
+ case 0x2: /* FADD */
45
+ gen_helper_advsimd_addh(tcg_res, tcg_op1, tcg_op2, fpst);
46
+ break;
47
+ case 0x3: /* FSUB */
48
+ gen_helper_advsimd_subh(tcg_res, tcg_op1, tcg_op2, fpst);
49
+ break;
50
+ case 0x4: /* FMAX */
51
+ gen_helper_advsimd_maxh(tcg_res, tcg_op1, tcg_op2, fpst);
52
+ break;
53
+ case 0x5: /* FMIN */
54
+ gen_helper_advsimd_minh(tcg_res, tcg_op1, tcg_op2, fpst);
55
+ break;
56
+ case 0x6: /* FMAXNM */
57
+ gen_helper_advsimd_maxnumh(tcg_res, tcg_op1, tcg_op2, fpst);
58
+ break;
59
+ case 0x7: /* FMINNM */
60
+ gen_helper_advsimd_minnumh(tcg_res, tcg_op1, tcg_op2, fpst);
61
+ break;
62
+ case 0x8: /* FNMUL */
63
+ gen_helper_advsimd_mulh(tcg_res, tcg_op1, tcg_op2, fpst);
64
+ tcg_gen_xori_i32(tcg_res, tcg_res, 0x8000);
65
+ break;
66
+ default:
67
+ g_assert_not_reached();
68
+ }
69
+
70
+ write_fp_sreg(s, rd, tcg_res);
71
+
72
+ tcg_temp_free_ptr(fpst);
73
+ tcg_temp_free_i32(tcg_op1);
74
+ tcg_temp_free_i32(tcg_op2);
75
+ tcg_temp_free_i32(tcg_res);
76
+}
77
+
78
/* Floating point data-processing (2 source)
79
* 31 30 29 28 24 23 22 21 20 16 15 12 11 10 9 5 4 0
80
* +---+---+---+-----------+------+---+------+--------+-----+------+------+
81
@@ -XXX,XX +XXX,XX @@ static void disas_fp_2src(DisasContext *s, uint32_t insn)
82
}
83
handle_fp_2src_double(s, opcode, rd, rn, rm);
84
break;
85
+ case 3:
86
+ if (!arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
87
+ unallocated_encoding(s);
88
+ return;
89
+ }
90
+ if (!fp_access_check(s)) {
91
+ return;
92
+ }
93
+ handle_fp_2src_half(s, opcode, rd, rn, rm);
94
+ break;
95
default:
96
unallocated_encoding(s);
97
}
98
--
99
2.17.0
100
101
diff view generated by jsdifflib
[Qemu-devel] [PULL 12/16] target/arm: Implement FCSEL for fp16
Deleted patch
1
From: Alex Bennée <alex.bennee@linaro.org>
2
1
3
These were missed out from the rest of the half-precision work.
4
5
Cc: qemu-stable@nongnu.org
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
8
Tested-by: Alex Bennée <alex.bennee@linaro.org>
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20180512003217.9105-10-richard.henderson@linaro.org
11
[rth: Fix erroneous check vs type]
12
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
15
target/arm/translate-a64.c | 31 +++++++++++++++++++++++++------
16
1 file changed, 25 insertions(+), 6 deletions(-)
17
18
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/translate-a64.c
21
+++ b/target/arm/translate-a64.c
22
@@ -XXX,XX +XXX,XX @@ static void disas_fp_csel(DisasContext *s, uint32_t insn)
23
unsigned int mos, type, rm, cond, rn, rd;
24
TCGv_i64 t_true, t_false, t_zero;
25
DisasCompare64 c;
26
+ TCGMemOp sz;
27
28
mos = extract32(insn, 29, 3);
29
- type = extract32(insn, 22, 2); /* 0 = single, 1 = double */
30
+ type = extract32(insn, 22, 2);
31
rm = extract32(insn, 16, 5);
32
cond = extract32(insn, 12, 4);
33
rn = extract32(insn, 5, 5);
34
rd = extract32(insn, 0, 5);
35
36
- if (mos || type > 1) {
37
+ if (mos) {
38
+ unallocated_encoding(s);
39
+ return;
40
+ }
41
+
42
+ switch (type) {
43
+ case 0:
44
+ sz = MO_32;
45
+ break;
46
+ case 1:
47
+ sz = MO_64;
48
+ break;
49
+ case 3:
50
+ sz = MO_16;
51
+ if (arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
52
+ break;
53
+ }
54
+ /* fallthru */
55
+ default:
56
unallocated_encoding(s);
57
return;
58
}
59
@@ -XXX,XX +XXX,XX @@ static void disas_fp_csel(DisasContext *s, uint32_t insn)
60
return;
61
}
62
63
- /* Zero extend sreg inputs to 64 bits now. */
64
+ /* Zero extend sreg & hreg inputs to 64 bits now. */
65
t_true = tcg_temp_new_i64();
66
t_false = tcg_temp_new_i64();
67
- read_vec_element(s, t_true, rn, 0, type ? MO_64 : MO_32);
68
- read_vec_element(s, t_false, rm, 0, type ? MO_64 : MO_32);
69
+ read_vec_element(s, t_true, rn, 0, sz);
70
+ read_vec_element(s, t_false, rm, 0, sz);
71
72
a64_test_cc(&c, cond);
73
t_zero = tcg_const_i64(0);
74
@@ -XXX,XX +XXX,XX @@ static void disas_fp_csel(DisasContext *s, uint32_t insn)
75
tcg_temp_free_i64(t_false);
76
a64_free_cc(&c);
77
78
- /* Note that sregs write back zeros to the high bits,
79
+ /* Note that sregs & hregs write back zeros to the high bits,
80
and we've already done the zero-extension. */
81
write_fp_dreg(s, rd, t_true);
82
tcg_temp_free_i64(t_true);
83
--
84
2.17.0
85
86
diff view generated by jsdifflib
[Qemu-devel] [PULL 14/16] target/arm: Fix sqrt_f16 exception raising
[PULL 7/8] docs/system/arm/cpu-features.rst: Fix formatting
1
From: Alex Bennée <alex.bennee@linaro.org>
1
The markup for the Arm CPU feature documentation is incorrect,
2
and results in the HTML not rendering correctly -- the first
3
line of each description is rendered in boldface as if it
4
were part of the option name.
2
5
3
We are meant to explicitly pass fpst, not cpu_env.
6
Reformat to match the styling used in cpu-models-x86.rst.inc.
4
7
5
Cc: qemu-stable@nongnu.org
8
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1479
6
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Tested-by: Alex Bennée <alex.bennee@linaro.org>
10
Message-id: 20180512003217.9105-12-richard.henderson@linaro.org
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Message-id: 20230316105808.1414003-1-peter.maydell@linaro.org
11
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
12
---
12
---
13
target/arm/translate-a64.c | 3 ++-
13
docs/system/arm/cpu-features.rst | 68 ++++++++++++++------------------
14
1 file changed, 2 insertions(+), 1 deletion(-)
14
1 file changed, 30 insertions(+), 38 deletions(-)
15
15
16
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
16
diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
17
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/translate-a64.c
18
--- a/docs/system/arm/cpu-features.rst
19
+++ b/target/arm/translate-a64.c
19
+++ b/docs/system/arm/cpu-features.rst
20
@@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_half(DisasContext *s, int opcode, int rd, int rn)
20
@@ -XXX,XX +XXX,XX @@ are named with the prefix "kvm-". KVM VCPU features may be probed,
21
tcg_gen_xori_i32(tcg_res, tcg_op, 0x8000);
21
enabled, and disabled in the same way as other CPU features. Below is
22
break;
22
the list of KVM VCPU features and their descriptions.
23
case 0x3: /* FSQRT */
23
24
- gen_helper_sqrt_f16(tcg_res, tcg_op, cpu_env);
24
- kvm-no-adjvtime By default kvm-no-adjvtime is disabled. This
25
+ fpst = get_fpstatus_ptr(true);
25
- means that by default the virtual time
26
+ gen_helper_sqrt_f16(tcg_res, tcg_op, fpst);
26
- adjustment is enabled (vtime is not *not*
27
break;
27
- adjusted).
28
case 0x8: /* FRINTN */
28
+``kvm-no-adjvtime``
29
case 0x9: /* FRINTP */
29
+ By default kvm-no-adjvtime is disabled. This means that by default
30
+ the virtual time adjustment is enabled (vtime is not *not* adjusted).
31
32
- When virtual time adjustment is enabled each
33
- time the VM transitions back to running state
34
- the VCPU's virtual counter is updated to ensure
35
- stopped time is not counted. This avoids time
36
- jumps surprising guest OSes and applications,
37
- as long as they use the virtual counter for
38
- timekeeping. However it has the side effect of
39
- the virtual and physical counters diverging.
40
- All timekeeping based on the virtual counter
41
- will appear to lag behind any timekeeping that
42
- does not subtract VM stopped time. The guest
43
- may resynchronize its virtual counter with
44
- other time sources as needed.
45
+ When virtual time adjustment is enabled each time the VM transitions
46
+ back to running state the VCPU's virtual counter is updated to
47
+ ensure stopped time is not counted. This avoids time jumps
48
+ surprising guest OSes and applications, as long as they use the
49
+ virtual counter for timekeeping. However it has the side effect of
50
+ the virtual and physical counters diverging. All timekeeping based
51
+ on the virtual counter will appear to lag behind any timekeeping
52
+ that does not subtract VM stopped time. The guest may resynchronize
53
+ its virtual counter with other time sources as needed.
54
55
- Enable kvm-no-adjvtime to disable virtual time
56
- adjustment, also restoring the legacy (pre-5.0)
57
- behavior.
58
+ Enable kvm-no-adjvtime to disable virtual time adjustment, also
59
+ restoring the legacy (pre-5.0) behavior.
60
61
- kvm-steal-time Since v5.2, kvm-steal-time is enabled by
62
- default when KVM is enabled, the feature is
63
- supported, and the guest is 64-bit.
64
+``kvm-steal-time``
65
+ Since v5.2, kvm-steal-time is enabled by default when KVM is
66
+ enabled, the feature is supported, and the guest is 64-bit.
67
68
- When kvm-steal-time is enabled a 64-bit guest
69
- can account for time its CPUs were not running
70
- due to the host not scheduling the corresponding
71
- VCPU threads. The accounting statistics may
72
- influence the guest scheduler behavior and/or be
73
- exposed to the guest userspace.
74
+ When kvm-steal-time is enabled a 64-bit guest can account for time
75
+ its CPUs were not running due to the host not scheduling the
76
+ corresponding VCPU threads. The accounting statistics may influence
77
+ the guest scheduler behavior and/or be exposed to the guest
78
+ userspace.
79
80
TCG VCPU Features
81
=================
82
@@ -XXX,XX +XXX,XX @@ TCG VCPU Features
83
TCG VCPU features are CPU features that are specific to TCG.
84
Below is the list of TCG VCPU features and their descriptions.
85
86
- pauth-impdef When ``FEAT_Pauth`` is enabled, either the
87
- *impdef* (Implementation Defined) algorithm
88
- is enabled or the *architected* QARMA algorithm
89
- is enabled. By default the impdef algorithm
90
- is disabled, and QARMA is enabled.
91
+``pauth-impdef``
92
+ When ``FEAT_Pauth`` is enabled, either the *impdef* (Implementation
93
+ Defined) algorithm is enabled or the *architected* QARMA algorithm
94
+ is enabled. By default the impdef algorithm is disabled, and QARMA
95
+ is enabled.
96
97
- The architected QARMA algorithm has good
98
- cryptographic properties, but can be quite slow
99
- to emulate. The impdef algorithm used by QEMU
100
- is non-cryptographic but significantly faster.
101
+ The architected QARMA algorithm has good cryptographic properties,
102
+ but can be quite slow to emulate. The impdef algorithm used by QEMU
103
+ is non-cryptographic but significantly faster.
104
105
SVE CPU Properties
106
==================
30
--
107
--
31
2.17.0
108
2.34.1
32
33
diff view generated by jsdifflib
[Qemu-devel] [PULL 13/16] target/arm: Implement FMOV (immediate) for fp16
[PULL 8/8] target/arm: Don't advertise aarch64-pauth.xml to gdb
1
From: Alex Bennée <alex.bennee@linaro.org>
1
Unfortunately a bug in older versions of gdb means that they will
2
crash if QEMU sends them the aarch64-pauth.xml. This bug is fixed in
3
gdb commit 1ba3a3222039eb25, and there are plans to backport that to
4
affected gdb release branches, but since the bug affects gdb 9
5
through 12 it is very widely deployed (for instance by distros).
2
6
3
All the hard work is already done by vfp_expand_imm, we just need to
7
It is not currently clear what the best way to deal with this is; it
4
make sure we pick up the correct size.
8
has been proposed to define a new XML feature name that old gdb will
9
ignore but newer gdb can handle. Since QEMU's 8.0 release is
10
imminent and at least one of our CI runners is now falling over this,
11
disable the pauth XML for the moment. We can follow up with a more
12
considered fix either in time for 8.0 or else for the 8.1 release.
5
13
6
Cc: qemu-stable@nongnu.org
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
9
Tested-by: Alex Bennée <alex.bennee@linaro.org>
10
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Message-id: 20180512003217.9105-11-richard.henderson@linaro.org
12
[rth: Merge unallocated_encoding check with TCGMemOp conversion.]
13
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
---
15
---
16
target/arm/translate-a64.c | 20 +++++++++++++++++---
16
target/arm/gdbstub.c | 7 +++++++
17
1 file changed, 17 insertions(+), 3 deletions(-)
17
1 file changed, 7 insertions(+)
18
18
19
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
19
diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
20
index XXXXXXX..XXXXXXX 100644
20
index XXXXXXX..XXXXXXX 100644
21
--- a/target/arm/translate-a64.c
21
--- a/target/arm/gdbstub.c
22
+++ b/target/arm/translate-a64.c
22
+++ b/target/arm/gdbstub.c
23
@@ -XXX,XX +XXX,XX @@ static void disas_fp_imm(DisasContext *s, uint32_t insn)
23
@@ -XXX,XX +XXX,XX @@ void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
24
{
24
aarch64_gdb_set_fpu_reg,
25
int rd = extract32(insn, 0, 5);
25
34, "aarch64-fpu.xml", 0);
26
int imm8 = extract32(insn, 13, 8);
26
}
27
- int is_double = extract32(insn, 22, 2);
27
+#if 0
28
+ int type = extract32(insn, 22, 2);
28
+ /*
29
uint64_t imm;
29
+ * GDB versions 9 through 12 have a bug which means they will
30
TCGv_i64 tcg_res;
30
+ * crash if they see this XML from QEMU; disable it for the 8.0
31
+ TCGMemOp sz;
31
+ * release, pending a better solution.
32
32
+ */
33
- if (is_double > 1) {
33
if (isar_feature_aa64_pauth(&cpu->isar)) {
34
+ switch (type) {
34
gdb_register_coprocessor(cs, aarch64_gdb_get_pauth_reg,
35
+ case 0:
35
aarch64_gdb_set_pauth_reg,
36
+ sz = MO_32;
36
4, "aarch64-pauth.xml", 0);
37
+ break;
37
}
38
+ case 1:
38
+#endif
39
+ sz = MO_64;
39
#endif
40
+ break;
40
} else {
41
+ case 3:
41
if (arm_feature(env, ARM_FEATURE_NEON)) {
42
+ sz = MO_16;
43
+ if (arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
44
+ break;
45
+ }
46
+ /* fallthru */
47
+ default:
48
unallocated_encoding(s);
49
return;
50
}
51
@@ -XXX,XX +XXX,XX @@ static void disas_fp_imm(DisasContext *s, uint32_t insn)
52
return;
53
}
54
55
- imm = vfp_expand_imm(MO_32 + is_double, imm8);
56
+ imm = vfp_expand_imm(sz, imm8);
57
58
tcg_res = tcg_const_i64(imm);
59
write_fp_dreg(s, rd, tcg_res);
60
--
42
--
61
2.17.0
43
2.34.1
62
63
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.