Hi; here's this week's arm pullreq. Mostly this is my

work on FEAT_MOPS and FEAT_HBC, but there are some

other bits and pieces in there too, including a recent

set of elf2dmp patches.

The following changes since commit 55394dcbec8f0c29c30e792c102a0edd50a52bf4:

Merge tag 'pull-loongarch-20230920' of https://gitlab.com/gaosong/qemu into staging (2023-09-20 13:56:18 -0400)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230921

for you to fetch changes up to 231f6a7d66254a58bedbee458591b780e0a507b1:

elf2dmp: rework PDB_STREAM_INDEXES::segments obtaining (2023-09-21 16:13:54 +0100)

* target/m68k: Add URL to semihosting spec

* docs/devel/loads-stores: Fix git grep regexes

* hw/arm/boot: Set SCR_EL3.FGTEn when booting kernel

* linux-user: Correct SME feature names reported in cpuinfo

* linux-user: Add missing arm32 hwcaps

* Don't skip MTE checks for LDRT/STRT at EL0

* Implement FEAT_HBC

* Implement FEAT_MOPS

* audio/jackaudio: Avoid dynamic stack allocation

* sbsa-ref: add non-secure EL2 virtual timer

* elf2dmp: improve Win2022, Win11 and large dumps

Fabian Vogt (1):

hw/arm/boot: Set SCR_EL3.FGTEn when booting kernel

Marcin Juszkiewicz (1):

sbsa-ref: add non-secure EL2 virtual timer

Peter Maydell (23):

target/m68k: Add URL to semihosting spec

docs/devel/loads-stores: Fix git grep regexes

linux-user/elfload.c: Correct SME feature names reported in cpuinfo

linux-user/elfload.c: Add missing arm and arm64 hwcap values

linux-user/elfload.c: Report previously missing arm32 hwcaps

target/arm: Update AArch64 ID register field definitions

target/arm: Update user-mode ID reg mask values

target/arm: Implement FEAT_HBC

target/arm: Remove unused allocation_tag_mem() argument

target/arm: Don't skip MTE checks for LDRT/STRT at EL0

target/arm: Implement FEAT_MOPS enable bits

target/arm: Pass unpriv bool to get_a64_user_mem_index()

target/arm: Define syndrome function for MOPS exceptions

target/arm: New function allocation_tag_mem_probe()

target/arm: Implement MTE tag-checking functions for FEAT_MOPS

target/arm: Implement the SET* instructions

target/arm: Define new TB flag for ATA0

target/arm: Implement the SETG* instructions

target/arm: Implement MTE tag-checking functions for FEAT_MOPS copies

target/arm: Implement the CPY* instructions

target/arm: Enable FEAT_MOPS for CPU 'max'

audio/jackaudio: Avoid dynamic stack allocation in qjack_client_init

audio/jackaudio: Avoid dynamic stack allocation in qjack_process()

Viktor Prutyanov (5):

elf2dmp: replace PE export name check with PDB name check

elf2dmp: introduce physical block alignment

elf2dmp: introduce merging of physical memory runs

elf2dmp: use Linux mmap with MAP_NORESERVE when possible

elf2dmp: rework PDB_STREAM_INDEXES::segments obtaining

docs/devel/loads-stores.rst | 40 +-

docs/system/arm/emulation.rst | 2 +

contrib/elf2dmp/addrspace.h | 1 +

contrib/elf2dmp/pdb.h | 2 +-

contrib/elf2dmp/qemu_elf.h | 2 +

target/arm/cpu.h | 35 ++

target/arm/internals.h | 55 +++

target/arm/syndrome.h | 12 +

target/arm/tcg/helper-a64.h | 14 +

target/arm/tcg/translate.h | 4 +-

target/arm/tcg/a64.decode | 38 +-

audio/jackaudio.c | 21 +-

contrib/elf2dmp/addrspace.c | 31 +-

contrib/elf2dmp/main.c | 154 ++++----

contrib/elf2dmp/pdb.c | 15 +-

contrib/elf2dmp/qemu_elf.c | 68 +++-

hw/arm/boot.c | 4 +

hw/arm/sbsa-ref.c | 2 +

linux-user/elfload.c | 72 +++-

target/arm/helper.c | 39 +-

target/arm/tcg/cpu64.c | 5 +

target/arm/tcg/helper-a64.c | 878 +++++++++++++++++++++++++++++++++++++++++

target/arm/tcg/hflags.c | 21 +

target/arm/tcg/mte_helper.c | 281 +++++++++++--

target/arm/tcg/translate-a64.c | 164 +++++++-

target/m68k/m68k-semi.c | 4 +

tests/tcg/aarch64/sysregs.c | 4 +-

27 files changed, 1768 insertions(+), 200 deletions(-)

The spec for m68k semihosting is documented in the libgloss

sources. Add a comment with the URL for it, as we already

have for nios2 semihosting.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Message-id: 20230801154451.3505492-1-peter.maydell@linaro.org

target/m68k/m68k-semi.c | 4 ++++

1 file changed, 4 insertions(+)

diff --git a/target/m68k/m68k-semi.c b/target/m68k/m68k-semi.c

--- a/target/m68k/m68k-semi.c

+++ b/target/m68k/m68k-semi.c

@@ -XXX,XX +XXX,XX @@

*

* You should have received a copy of the GNU General Public License

* along with this program; if not, see <http://www.gnu.org/licenses/>.

+ *

+ * The semihosting protocol implemented here is described in the

+ * libgloss sources:

+ * https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=libgloss/m68k/m68k-semi.txt;hb=HEAD

*/

#include "qemu/osdep.h"

2.34.1

The loads-and-stores documentation includes git grep regexes to find

occurrences of the various functions. Some of these regexes have

errors, typically failing to escape the '?', '(' and ')' when they

should be metacharacters (since these are POSIX basic REs). We also

weren't consistent about whether to have a ':' on the end of the

line introducing the list of regexes in each section.

Fix the errors.

The following shell rune will complain about any REs in the

file which don't have any matches in the codebase:

for re in $(sed -ne 's/ - ``\(\\<.*\)``/\1/p' docs/devel/loads-stores.rst); do git grep -q "$re" || echo "no matches for re $re"; done

docs/devel/loads-stores.rst | 40 ++++++++++++++++++-------------------

1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/docs/devel/loads-stores.rst b/docs/devel/loads-stores.rst

--- a/docs/devel/loads-stores.rst

+++ b/docs/devel/loads-stores.rst

@@ -XXX,XX +XXX,XX @@ which stores ``val`` to ``ptr`` as an ``{endian}`` order value

of size ``sz`` bytes.

-Regexes for git grep

+Regexes for git grep:

- ``\<ld[us]\?[bwlq]\(_[hbl]e\)\?_p\>``

- ``\<st[bwlq]\(_[hbl]e\)\?_p\>``

- ``\<st24\(_[hbl]e\)\?_p\>``

- - ``\<ldn_\([hbl]e\)?_p\>``

- - ``\<stn_\([hbl]e\)?_p\>``

+ - ``\<ldn_\([hbl]e\)\?_p\>``

+ - ``\<stn_\([hbl]e\)\?_p\>``

``cpu_{ld,st}*_mmu``

~~~~~~~~~~~~~~~~~~~~

@@ -XXX,XX +XXX,XX @@ store: ``cpu_st{size}{end}_mmu(env, ptr, val, oi, retaddr)``

- ``_le`` : little endian

Regexes for git grep:

- - ``\<cpu_ld[bwlq](_[bl]e)\?_mmu\>``

- - ``\<cpu_st[bwlq](_[bl]e)\?_mmu\>``

+ - ``\<cpu_ld[bwlq]\(_[bl]e\)\?_mmu\>``

+ - ``\<cpu_st[bwlq]\(_[bl]e\)\?_mmu\>``

``cpu_{ld,st}*_mmuidx_ra``

@@ -XXX,XX +XXX,XX @@ store: ``cpu_st{size}{end}_mmuidx_ra(env, ptr, val, mmuidx, retaddr)``

- ``_le`` : little endian

Regexes for git grep:

- - ``\<cpu_ld[us]\?[bwlq](_[bl]e)\?_mmuidx_ra\>``

- - ``\<cpu_st[bwlq](_[bl]e)\?_mmuidx_ra\>``

+ - ``\<cpu_ld[us]\?[bwlq]\(_[bl]e\)\?_mmuidx_ra\>``

+ - ``\<cpu_st[bwlq]\(_[bl]e\)\?_mmuidx_ra\>``

``cpu_{ld,st}*_data_ra``

~~~~~~~~~~~~~~~~~~~~~~~~

@@ -XXX,XX +XXX,XX @@ store: ``cpu_st{size}{end}_data_ra(env, ptr, val, ra)``

- ``_le`` : little endian

Regexes for git grep:

- - ``\<cpu_ld[us]\?[bwlq](_[bl]e)\?_data_ra\>``

- - ``\<cpu_st[bwlq](_[bl]e)\?_data_ra\>``

+ - ``\<cpu_ld[us]\?[bwlq]\(_[bl]e\)\?_data_ra\>``

+ - ``\<cpu_st[bwlq]\(_[bl]e\)\?_data_ra\>``

``cpu_{ld,st}*_data``

~~~~~~~~~~~~~~~~~~~~~

@@ -XXX,XX +XXX,XX @@ store: ``cpu_st{size}{end}_data(env, ptr, val)``

- ``_be`` : big endian

- ``_le`` : little endian

-Regexes for git grep

- - ``\<cpu_ld[us]\?[bwlq](_[bl]e)\?_data\>``

- - ``\<cpu_st[bwlq](_[bl]e)\?_data\+\>``

+Regexes for git grep:

+ - ``\<cpu_ld[us]\?[bwlq]\(_[bl]e\)\?_data\>``

+ - ``\<cpu_st[bwlq]\(_[bl]e\)\?_data\+\>``

``cpu_ld*_code``

~~~~~~~~~~~~~~~~

@@ -XXX,XX +XXX,XX @@ swap: ``translator_ld{sign}{size}_swap(env, ptr, swap)``

- ``l`` : 32 bits

- ``q`` : 64 bits

-Regexes for git grep

+Regexes for git grep:

- ``\<translator_ld[us]\?[bwlq]\(_swap\)\?\>``

``helper_{ld,st}*_mmu``

@@ -XXX,XX +XXX,XX @@ store: ``helper_{size}_mmu(env, addr, val, opindex, retaddr)``

- ``l`` : 32 bits

- ``q`` : 64 bits

-Regexes for git grep

+Regexes for git grep:

- ``\<helper_ld[us]\?[bwlq]_mmu\>``

- ``\<helper_st[bwlq]_mmu\>``

@@ -XXX,XX +XXX,XX @@ succeeded using a MemTxResult return code.

The ``_{endian}`` suffix is omitted for byte accesses.

-Regexes for git grep

+Regexes for git grep:

- ``\<address_space_\(read\|write\|rw\)\>``

- ``\<address_space_ldu\?[bwql]\(_[lb]e\)\?\>``

- ``\<address_space_st[bwql]\(_[lb]e\)\?\>``

@@ -XXX,XX +XXX,XX @@ Note that portions of the write which attempt to write data to a

device will be silently ignored -- only real RAM and ROM will

be written to.

-Regexes for git grep

+Regexes for git grep:

- ``address_space_write_rom``

``{ld,st}*_phys``

@@ -XXX,XX +XXX,XX @@ device doing the access has no way to report such an error.

The ``_{endian}_`` infix is omitted for byte accesses.

-Regexes for git grep

+Regexes for git grep:

- ``\<ldu\?[bwlq]\(_[bl]e\)\?_phys\>``

- ``\<st[bwlq]\(_[bl]e\)\?_phys\>``

@@ -XXX,XX +XXX,XX @@ For new code they are better avoided:

``cpu_physical_memory_rw``

-Regexes for git grep

+Regexes for git grep:

- ``\<cpu_physical_memory_\(read\|write\|rw\)\>``

``cpu_memory_rw_debug``

@@ -XXX,XX +XXX,XX @@ make sure our existing code is doing things correctly.

``dma_memory_rw``

-Regexes for git grep

+Regexes for git grep:

- ``\<dma_memory_\(read\|write\|rw\)\>``

- ``\<ldu\?[bwlq]\(_[bl]e\)\?_dma\>``

- ``\<st[bwlq]\(_[bl]e\)\?_dma\>``

@@ -XXX,XX +XXX,XX @@ correct address space for that device.

The ``_{endian}_`` infix is omitted for byte accesses.

-Regexes for git grep

+Regexes for git grep:

- ``\<pci_dma_\(read\|write\|rw\)\>``

- ``\<ldu\?[bwlq]\(_[bl]e\)\?_pci_dma\>``

- ``\<st[bwlq]\(_[bl]e\)\?_pci_dma\>``

2.34.1

From: Fabian Vogt <fvogt@suse.de>

Just like d7ef5e16a17c sets SCR_EL3.HXEn for FEAT_HCX, this commit

handles SCR_EL3.FGTEn for FEAT_FGT:

When we direct boot a kernel on a CPU which emulates EL3, we need to

set up the EL3 system registers as the Linux kernel documentation

specifies:

https://www.kernel.org/doc/Documentation/arm64/booting.rst

> For CPUs with the Fine Grained Traps (FEAT_FGT) extension present:

> - If EL3 is present and the kernel is entered at EL2:

> - SCR_EL3.FGTEn (bit 27) must be initialised to 0b1.

Cc: qemu-stable@nongnu.org

Signed-off-by: Fabian Vogt <fvogt@suse.de>

Message-id: 4831384.GXAFRqVoOG@linux-e202.suse.de

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm/boot.c | 4 ++++

1 file changed, 4 insertions(+)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c

--- a/hw/arm/boot.c

+++ b/hw/arm/boot.c

@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)

if (cpu_isar_feature(aa64_hcx, cpu)) {

env->cp15.scr_el3 |= SCR_HXEN;

}

+ if (cpu_isar_feature(aa64_fgt, cpu)) {

+ env->cp15.scr_el3 |= SCR_FGTEN;

+ }

+

/* AArch64 kernels never boot in secure mode */

assert(!info->secure_boot);

/* This hook is only supported for AArch32 currently:

2.34.1

Some of the names we use for CPU features in linux-user's dummy

/proc/cpuinfo don't match the strings in the real kernel in

arch/arm64/kernel/cpuinfo.c. Specifically, the SME related

features have an underscore in the HWCAP_FOO define name,

but (like the SVE ones) they do not have an underscore in the

string in cpuinfo. Correct the errors.

Fixes: a55b9e7226708 ("linux-user: Emulate /proc/cpuinfo on aarch64 and arm")

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

---

linux-user/elfload.c | 14 +++++++-------

1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c

--- a/linux-user/elfload.c

+++ b/linux-user/elfload.c

@@ -XXX,XX +XXX,XX @@ const char *elf_hwcap2_str(uint32_t bit)

[__builtin_ctz(ARM_HWCAP2_A64_RPRES )] = "rpres",

[__builtin_ctz(ARM_HWCAP2_A64_MTE3 )] = "mte3",

[__builtin_ctz(ARM_HWCAP2_A64_SME )] = "sme",

- [__builtin_ctz(ARM_HWCAP2_A64_SME_I16I64 )] = "sme_i16i64",

- [__builtin_ctz(ARM_HWCAP2_A64_SME_F64F64 )] = "sme_f64f64",

- [__builtin_ctz(ARM_HWCAP2_A64_SME_I8I32 )] = "sme_i8i32",

- [__builtin_ctz(ARM_HWCAP2_A64_SME_F16F32 )] = "sme_f16f32",

- [__builtin_ctz(ARM_HWCAP2_A64_SME_B16F32 )] = "sme_b16f32",

- [__builtin_ctz(ARM_HWCAP2_A64_SME_F32F32 )] = "sme_f32f32",

- [__builtin_ctz(ARM_HWCAP2_A64_SME_FA64 )] = "sme_fa64",

+ [__builtin_ctz(ARM_HWCAP2_A64_SME_I16I64 )] = "smei16i64",

+ [__builtin_ctz(ARM_HWCAP2_A64_SME_F64F64 )] = "smef64f64",

+ [__builtin_ctz(ARM_HWCAP2_A64_SME_I8I32 )] = "smei8i32",

+ [__builtin_ctz(ARM_HWCAP2_A64_SME_F16F32 )] = "smef16f32",

+ [__builtin_ctz(ARM_HWCAP2_A64_SME_B16F32 )] = "smeb16f32",

+ [__builtin_ctz(ARM_HWCAP2_A64_SME_F32F32 )] = "smef32f32",

+ [__builtin_ctz(ARM_HWCAP2_A64_SME_FA64 )] = "smefa64",

};

return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL;

2.34.1

Our lists of Arm 32 and 64 bit hwcap values have lagged behind

the Linux kernel. Update them to include all the bits defined

as of upstream Linux git commit a48fa7efaf1161c1 (in the middle

of the kernel 6.6 dev cycle).

For 64-bit, we don't yet implement any of the features reported via

these hwcap bits. For 32-bit we do in fact already implement them

all; we'll add the code to set them in a subsequent commit.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

linux-user/elfload.c | 44 ++++++++++++++++++++++++++++++++++++++++++++

1 file changed, 44 insertions(+)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c

--- a/linux-user/elfload.c

+++ b/linux-user/elfload.c

@@ -XXX,XX +XXX,XX @@ enum

ARM_HWCAP_ARM_VFPD32 = 1 << 19,

ARM_HWCAP_ARM_LPAE = 1 << 20,

ARM_HWCAP_ARM_EVTSTRM = 1 << 21,

+ ARM_HWCAP_ARM_FPHP = 1 << 22,

+ ARM_HWCAP_ARM_ASIMDHP = 1 << 23,

+ ARM_HWCAP_ARM_ASIMDDP = 1 << 24,

+ ARM_HWCAP_ARM_ASIMDFHM = 1 << 25,

+ ARM_HWCAP_ARM_ASIMDBF16 = 1 << 26,

+ ARM_HWCAP_ARM_I8MM = 1 << 27,

};

enum {

@@ -XXX,XX +XXX,XX @@ enum {

ARM_HWCAP2_ARM_SHA1 = 1 << 2,

ARM_HWCAP2_ARM_SHA2 = 1 << 3,

ARM_HWCAP2_ARM_CRC32 = 1 << 4,

+ ARM_HWCAP2_ARM_SB = 1 << 5,

+ ARM_HWCAP2_ARM_SSBS = 1 << 6,

};

/* The commpage only exists for 32 bit kernels */

@@ -XXX,XX +XXX,XX @@ const char *elf_hwcap_str(uint32_t bit)

[__builtin_ctz(ARM_HWCAP_ARM_VFPD32 )] = "vfpd32",

[__builtin_ctz(ARM_HWCAP_ARM_LPAE )] = "lpae",

[__builtin_ctz(ARM_HWCAP_ARM_EVTSTRM )] = "evtstrm",

+ [__builtin_ctz(ARM_HWCAP_ARM_FPHP )] = "fphp",

+ [__builtin_ctz(ARM_HWCAP_ARM_ASIMDHP )] = "asimdhp",

+ [__builtin_ctz(ARM_HWCAP_ARM_ASIMDDP )] = "asimddp",

+ [__builtin_ctz(ARM_HWCAP_ARM_ASIMDFHM )] = "asimdfhm",

+ [__builtin_ctz(ARM_HWCAP_ARM_ASIMDBF16)] = "asimdbf16",

+ [__builtin_ctz(ARM_HWCAP_ARM_I8MM )] = "i8mm",

};

return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL;

@@ -XXX,XX +XXX,XX @@ const char *elf_hwcap2_str(uint32_t bit)

[__builtin_ctz(ARM_HWCAP2_ARM_SHA1 )] = "sha1",

[__builtin_ctz(ARM_HWCAP2_ARM_SHA2 )] = "sha2",

[__builtin_ctz(ARM_HWCAP2_ARM_CRC32)] = "crc32",

+ [__builtin_ctz(ARM_HWCAP2_ARM_SB )] = "sb",

+ [__builtin_ctz(ARM_HWCAP2_ARM_SSBS )] = "ssbs",

};

return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL;

@@ -XXX,XX +XXX,XX @@ enum {

ARM_HWCAP2_A64_SME_B16F32 = 1 << 28,

ARM_HWCAP2_A64_SME_F32F32 = 1 << 29,

ARM_HWCAP2_A64_SME_FA64 = 1 << 30,

+ ARM_HWCAP2_A64_WFXT = 1ULL << 31,

+ ARM_HWCAP2_A64_EBF16 = 1ULL << 32,

+ ARM_HWCAP2_A64_SVE_EBF16 = 1ULL << 33,

+ ARM_HWCAP2_A64_CSSC = 1ULL << 34,

+ ARM_HWCAP2_A64_RPRFM = 1ULL << 35,

+ ARM_HWCAP2_A64_SVE2P1 = 1ULL << 36,

+ ARM_HWCAP2_A64_SME2 = 1ULL << 37,

+ ARM_HWCAP2_A64_SME2P1 = 1ULL << 38,

+ ARM_HWCAP2_A64_SME_I16I32 = 1ULL << 39,

+ ARM_HWCAP2_A64_SME_BI32I32 = 1ULL << 40,

+ ARM_HWCAP2_A64_SME_B16B16 = 1ULL << 41,

+ ARM_HWCAP2_A64_SME_F16F16 = 1ULL << 42,

+ ARM_HWCAP2_A64_MOPS = 1ULL << 43,

+ ARM_HWCAP2_A64_HBC = 1ULL << 44,

};

#define ELF_HWCAP get_elf_hwcap()

@@ -XXX,XX +XXX,XX @@ const char *elf_hwcap2_str(uint32_t bit)

[__builtin_ctz(ARM_HWCAP2_A64_SME_B16F32 )] = "smeb16f32",

[__builtin_ctz(ARM_HWCAP2_A64_SME_F32F32 )] = "smef32f32",

[__builtin_ctz(ARM_HWCAP2_A64_SME_FA64 )] = "smefa64",

+ [__builtin_ctz(ARM_HWCAP2_A64_WFXT )] = "wfxt",

+ [__builtin_ctzll(ARM_HWCAP2_A64_EBF16 )] = "ebf16",

+ [__builtin_ctzll(ARM_HWCAP2_A64_SVE_EBF16 )] = "sveebf16",

+ [__builtin_ctzll(ARM_HWCAP2_A64_CSSC )] = "cssc",

+ [__builtin_ctzll(ARM_HWCAP2_A64_RPRFM )] = "rprfm",

+ [__builtin_ctzll(ARM_HWCAP2_A64_SVE2P1 )] = "sve2p1",

+ [__builtin_ctzll(ARM_HWCAP2_A64_SME2 )] = "sme2",

+ [__builtin_ctzll(ARM_HWCAP2_A64_SME2P1 )] = "sme2p1",

+ [__builtin_ctzll(ARM_HWCAP2_A64_SME_I16I32 )] = "smei16i32",

+ [__builtin_ctzll(ARM_HWCAP2_A64_SME_BI32I32)] = "smebi32i32",

+ [__builtin_ctzll(ARM_HWCAP2_A64_SME_B16B16 )] = "smeb16b16",

+ [__builtin_ctzll(ARM_HWCAP2_A64_SME_F16F16 )] = "smef16f16",

+ [__builtin_ctzll(ARM_HWCAP2_A64_MOPS )] = "mops",

+ [__builtin_ctzll(ARM_HWCAP2_A64_HBC )] = "hbc",

};

return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL;

2.34.1

FEAT_HBC (Hinted conditional branches) provides a new instruction

BC.cond, which behaves exactly like the existing B.cond except

that it provides a hint to the branch predictor about the

likely behaviour of the branch.

Since QEMU does not implement branch prediction, we can treat

this identically to B.cond.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

docs/system/arm/emulation.rst | 1 +

target/arm/cpu.h | 5 +++++

target/arm/tcg/a64.decode | 3 ++-

linux-user/elfload.c | 1 +

target/arm/tcg/cpu64.c | 4 ++++

target/arm/tcg/translate-a64.c | 4 ++++

6 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst

--- a/docs/system/arm/emulation.rst

+++ b/docs/system/arm/emulation.rst

@@ -XXX,XX +XXX,XX @@ the following architecture extensions:

- FEAT_FlagM2 (Enhancements to flag manipulation instructions)

- FEAT_GTG (Guest translation granule size)

- FEAT_HAFDBS (Hardware management of the access flag and dirty bit state)

+- FEAT_HBC (Hinted conditional branches)

- FEAT_HCX (Support for the HCRX_EL2 register)

- FEAT_HPDS (Hierarchical permission disables)

- FEAT_HPDS2 (Translation table page-based hardware attributes)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/cpu.h

+++ b/target/arm/cpu.h

@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_i8mm(const ARMISARegisters *id)

return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, I8MM) != 0;

+static inline bool isar_feature_aa64_hbc(const ARMISARegisters *id)

+ return FIELD_EX64(id->id_aa64isar2, ID_AA64ISAR2, BC) != 0;

static inline bool isar_feature_aa64_tgran4_lpa2(const ARMISARegisters *id)

return FIELD_SEX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN4) >= 1;

diff --git a/target/arm/tcg/a64.decode b/target/arm/tcg/a64.decode

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/tcg/a64.decode

+++ b/target/arm/tcg/a64.decode

@@ -XXX,XX +XXX,XX @@ CBZ sf:1 011010 nz:1 ................... rt:5 &cbz imm=%imm19

TBZ . 011011 nz:1 ..... .............. rt:5 &tbz imm=%imm14 bitpos=%imm31_19

-B_cond 0101010 0 ................... 0 cond:4 imm=%imm19

+# B.cond and BC.cond

+B_cond 0101010 0 ................... c:1 cond:4 imm=%imm19

BR 1101011 0000 11111 000000 rn:5 00000 &r

BLR 1101011 0001 11111 000000 rn:5 00000 &r

diff --git a/linux-user/elfload.c b/linux-user/elfload.c

index XXXXXXX..XXXXXXX 100644

--- a/linux-user/elfload.c

+++ b/linux-user/elfload.c

@@ -XXX,XX +XXX,XX @@ uint32_t get_elf_hwcap2(void)

GET_FEATURE_ID(aa64_sme_f64f64, ARM_HWCAP2_A64_SME_F64F64);

GET_FEATURE_ID(aa64_sme_i16i64, ARM_HWCAP2_A64_SME_I16I64);

GET_FEATURE_ID(aa64_sme_fa64, ARM_HWCAP2_A64_SME_FA64);

+ GET_FEATURE_ID(aa64_hbc, ARM_HWCAP2_A64_HBC);

return hwcaps;

diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/tcg/cpu64.c

+++ b/target/arm/tcg/cpu64.c

@@ -XXX,XX +XXX,XX @@ void aarch64_max_tcg_initfn(Object *obj)

t = FIELD_DP64(t, ID_AA64ISAR1, I8MM, 1); /* FEAT_I8MM */

cpu->isar.id_aa64isar1 = t;

+ t = cpu->isar.id_aa64isar2;

+ t = FIELD_DP64(t, ID_AA64ISAR2, BC, 1); /* FEAT_HBC */

+ cpu->isar.id_aa64isar2 = t;

+

t = cpu->isar.id_aa64pfr0;

t = FIELD_DP64(t, ID_AA64PFR0, FP, 1); /* FEAT_FP16 */

t = FIELD_DP64(t, ID_AA64PFR0, ADVSIMD, 1); /* FEAT_FP16 */

diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/tcg/translate-a64.c

+++ b/target/arm/tcg/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static bool trans_TBZ(DisasContext *s, arg_tbz *a)

static bool trans_B_cond(DisasContext *s, arg_B_cond *a)

+ /* BC.cond is only present with FEAT_HBC */

+ if (a->c && !dc_isar_feature(aa64_hbc, s)) {

+ return false;

+ }

reset_btype(s);

if (a->cond < 0x0e) {

/* genuinely conditional branches */

2.34.1

The allocation_tag_mem() function takes an argument tag_size,

but it never uses it. Remove the argument. In mte_probe_int()

in particular this also lets us delete the code computing

the value we were passing in.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

target/arm/tcg/mte_helper.c | 42 +++++++++++++------------------------

1 file changed, 14 insertions(+), 28 deletions(-)

diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c

--- a/target/arm/tcg/mte_helper.c

+++ b/target/arm/tcg/mte_helper.c

@@ -XXX,XX +XXX,XX @@ static int choose_nonexcluded_tag(int tag, int offset, uint16_t exclude)

* @ptr_access: the access to use for the virtual address

* @ptr_size: the number of bytes in the normal memory access

* @tag_access: the access to use for the tag memory

- * @tag_size: the number of bytes in the tag memory access

* @ra: the return address for exception handling

*

* Our tag memory is formatted as a sequence of little-endian nibbles.

@@ -XXX,XX +XXX,XX @@ static int choose_nonexcluded_tag(int tag, int offset, uint16_t exclude)

* a pointer to the corresponding tag byte. Exit with exception if the

* virtual address is not accessible for @ptr_access.

*

- * The @ptr_size and @tag_size values may not have an obvious relation

- * due to the alignment of @ptr, and the number of tag checks required.

- *

* If there is no tag storage corresponding to @ptr, return NULL.

*/

static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,

uint64_t ptr, MMUAccessType ptr_access,

int ptr_size, MMUAccessType tag_access,

- int tag_size, uintptr_t ra)

+ uintptr_t ra)

{

#ifdef CONFIG_USER_ONLY

uint64_t clean_ptr = useronly_clean_ptr(ptr);

@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(ldg)(CPUARMState *env, uint64_t ptr, uint64_t xt)

/* Trap if accessing an invalid page. */

mem = allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_LOAD, 1,

- MMU_DATA_LOAD, 1, GETPC());

+ MMU_DATA_LOAD, GETPC());

/* Load if page supports tags. */

if (mem) {

@@ -XXX,XX +XXX,XX @@ static inline void do_stg(CPUARMState *env, uint64_t ptr, uint64_t xt,

/* Trap if accessing an invalid page. */

mem = allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_STORE, TAG_GRANULE,

- MMU_DATA_STORE, 1, ra);

+ MMU_DATA_STORE, ra);

/* Store if page supports tags. */

if (mem) {

@@ -XXX,XX +XXX,XX @@ static inline void do_st2g(CPUARMState *env, uint64_t ptr, uint64_t xt,

if (ptr & TAG_GRANULE) {

/* Two stores unaligned mod TAG_GRANULE*2 -- modify two bytes. */

mem1 = allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_STORE,

- TAG_GRANULE, MMU_DATA_STORE, 1, ra);

+ TAG_GRANULE, MMU_DATA_STORE, ra);

mem2 = allocation_tag_mem(env, mmu_idx, ptr + TAG_GRANULE,

MMU_DATA_STORE, TAG_GRANULE,

- MMU_DATA_STORE, 1, ra);

+ MMU_DATA_STORE, ra);

/* Store if page(s) support tags. */

if (mem1) {

@@ -XXX,XX +XXX,XX @@ static inline void do_st2g(CPUARMState *env, uint64_t ptr, uint64_t xt,

} else {

/* Two stores aligned mod TAG_GRANULE*2 -- modify one byte. */

mem1 = allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_STORE,

- 2 * TAG_GRANULE, MMU_DATA_STORE, 1, ra);

+ 2 * TAG_GRANULE, MMU_DATA_STORE, ra);

if (mem1) {

tag |= tag << 4;

qatomic_set(mem1, tag);

@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(ldgm)(CPUARMState *env, uint64_t ptr)

/* Trap if accessing an invalid page. */

tag_mem = allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_LOAD,

- gm_bs_bytes, MMU_DATA_LOAD,

- gm_bs_bytes / (2 * TAG_GRANULE), ra);

+ gm_bs_bytes, MMU_DATA_LOAD, ra);

/* The tag is squashed to zero if the page does not support tags. */

if (!tag_mem) {

@@ -XXX,XX +XXX,XX @@ void HELPER(stgm)(CPUARMState *env, uint64_t ptr, uint64_t val)

/* Trap if accessing an invalid page. */

tag_mem = allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_STORE,

- gm_bs_bytes, MMU_DATA_LOAD,

- gm_bs_bytes / (2 * TAG_GRANULE), ra);

+ gm_bs_bytes, MMU_DATA_LOAD, ra);

/*

* Tag store only happens if the page support tags,

@@ -XXX,XX +XXX,XX @@ void HELPER(stzgm_tags)(CPUARMState *env, uint64_t ptr, uint64_t val)

ptr &= -dcz_bytes;

mem = allocation_tag_mem(env, mmu_idx, ptr, MMU_DATA_STORE, dcz_bytes,

- MMU_DATA_STORE, tag_bytes, ra);

+ MMU_DATA_STORE, ra);

if (mem) {

int tag_pair = (val & 0xf) * 0x11;

memset(mem, tag_pair, tag_bytes);

@@ -XXX,XX +XXX,XX @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,

int mmu_idx, ptr_tag, bit55;

uint64_t ptr_last, prev_page, next_page;

uint64_t tag_first, tag_last;

- uint64_t tag_byte_first, tag_byte_last;

- uint32_t sizem1, tag_count, tag_size, n, c;

+ uint32_t sizem1, tag_count, n, c;

uint8_t *mem1, *mem2;

MMUAccessType type;

@@ -XXX,XX +XXX,XX @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,

tag_last = QEMU_ALIGN_DOWN(ptr_last, TAG_GRANULE);

tag_count = ((tag_last - tag_first) / TAG_GRANULE) + 1;

- /* Round the bounds to twice the tag granule, and compute the bytes. */

- tag_byte_first = QEMU_ALIGN_DOWN(ptr, 2 * TAG_GRANULE);

- tag_byte_last = QEMU_ALIGN_DOWN(ptr_last, 2 * TAG_GRANULE);

-

/* Locate the page boundaries. */

prev_page = ptr & TARGET_PAGE_MASK;

next_page = prev_page + TARGET_PAGE_SIZE;

if (likely(tag_last - prev_page < TARGET_PAGE_SIZE)) {

/* Memory access stays on one page. */

- tag_size = ((tag_byte_last - tag_byte_first) / (2 * TAG_GRANULE)) + 1;

mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, sizem1 + 1,

- MMU_DATA_LOAD, tag_size, ra);

+ MMU_DATA_LOAD, ra);

if (!mem1) {

return 1;

}

@@ -XXX,XX +XXX,XX @@ static int mte_probe_int(CPUARMState *env, uint32_t desc, uint64_t ptr,

n = checkN(mem1, ptr & TAG_GRANULE, ptr_tag, tag_count);

} else {

/* Memory access crosses to next page. */

- tag_size = (next_page - tag_byte_first) / (2 * TAG_GRANULE);

mem1 = allocation_tag_mem(env, mmu_idx, ptr, type, next_page - ptr,

- MMU_DATA_LOAD, tag_size, ra);

+ MMU_DATA_LOAD, ra);

- tag_size = ((tag_byte_last - next_page) / (2 * TAG_GRANULE)) + 1;

mem2 = allocation_tag_mem(env, mmu_idx, next_page, type,

ptr_last - next_page + 1,

- MMU_DATA_LOAD, tag_size, ra);

+ MMU_DATA_LOAD, ra);

/*

* Perform all of the comparisons.

@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(mte_check_zva)(CPUARMState *env, uint32_t desc, uint64_t ptr)

mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX);

(void) probe_write(env, ptr, 1, mmu_idx, ra);

mem = allocation_tag_mem(env, mmu_idx, align_ptr, MMU_DATA_STORE,

- dcz_bytes, MMU_DATA_LOAD, tag_bytes, ra);

+ dcz_bytes, MMU_DATA_LOAD, ra);

if (!mem) {

goto done;

}

2.34.1