Changes v1->v2 (fixing CI failures in v1, added a couple of

extra patches in an attempt to avoid having to do a last

minute arm pullreq next week):

* new patch to hopefully fix the build issue with the SVE/SME sysregs test

* dropped the IC IVAU test case patch

* new patch: fix over-length shift

* new patches: define neoverse-v1

The following changes since commit 2a6ae69154542caa91dd17c40fd3f5ffbec300de:

Merge tag 'pull-maintainer-ominbus-030723-1' of https://gitlab.com/stsquad/qemu into staging (2023-07-04 08:36:44 +0200)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230706

for you to fetch changes up to c41077235168140cdd4a34fce9bd95c3d30efe9c:

target/arm: Avoid over-length shift in arm_cpu_sve_finalize() error case (2023-07-06 13:36:51 +0100)

* Add raw_writes ops for register whose write induce TLB maintenance

* hw/arm/sbsa-ref: use XHCI to replace EHCI

* Avoid splitting Zregs across lines in dump

* Dump ZA[] when active

* Fix SME full tile indexing

* Handle IC IVAU to improve compatibility with JITs

* xlnx-canfd-test: Fix code coverity issues

* gdbstub: Guard M-profile code with CONFIG_TCG

* allwinner-sramc: Set class_size

* target/xtensa: Assert that interrupt level is within bounds

* Avoid over-length shift in arm_cpu_sve_finalize() error case

* Define new 'neoverse-v1' CPU type

Akihiko Odaki (1):

hw: arm: allwinner-sramc: Set class_size

Eric Auger (1):

target/arm: Add raw_writes ops for register whose write induce TLB maintenance

Fabiano Rosas (1):

target/arm: gdbstub: Guard M-profile code with CONFIG_TCG

John Högberg (1):

target/arm: Handle IC IVAU to improve compatibility with JITs

tests/tcg/aarch64/sysregs.c: Use S syntax for id_aa64zfr0_el1 and id_aa64smfr0_el1

target/xtensa: Assert that interrupt level is within bounds

target/arm: Suppress more TCG unimplemented features in ID registers

target/arm: Define neoverse-v1

target/arm: Avoid over-length shift in arm_cpu_sve_finalize() error case

Richard Henderson (3):

target/arm: Avoid splitting Zregs across lines in dump

target/arm: Dump ZA[] when active

target/arm: Fix SME full tile indexing

Vikram Garhwal (1):

tests/qtest: xlnx-canfd-test: Fix code coverity issues

From: Yuquan Wang <wangyuquan1236@phytium.com.cn>

The current sbsa-ref cannot use EHCI controller which is only

able to do 32-bit DMA, since sbsa-ref doesn't have RAM below 4GB.

Hence, this uses XHCI to provide a usb controller with 64-bit

DMA capablity instead of EHCI.

We bump the platform version to 0.3 with this change. Although the

hardware at the USB controller address changes, the firmware and

Linux can both cope with this -- on an older non-XHCI-aware

firmware/kernel setup the probe routine simply fails and the guest

proceeds without any USB. (This isn't a loss of functionality,

because the old USB controller never worked in the first place.) So

we can call this a backwards-compatible change and only bump the

minor version.

Signed-off-by: Yuquan Wang <wangyuquan1236@phytium.com.cn>

Message-id: 20230621103847.447508-2-wangyuquan1236@phytium.com.cn

[PMM: tweaked commit message; add line to docs about what

changes in platform version 0.3]

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

docs/system/arm/sbsa.rst | 5 ++++-

hw/arm/sbsa-ref.c | 23 +++++++++++++----------

hw/arm/Kconfig | 2 +-

3 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/docs/system/arm/sbsa.rst b/docs/system/arm/sbsa.rst

--- a/docs/system/arm/sbsa.rst

+++ b/docs/system/arm/sbsa.rst

@@ -XXX,XX +XXX,XX @@ The ``sbsa-ref`` board supports:

- A configurable number of AArch64 CPUs

- GIC version 3

- System bus AHCI controller

- - System bus EHCI controller

+ - System bus XHCI controller

- CDROM and hard disc on AHCI bus

- E1000E ethernet card on PCIe bus

- Bochs display adapter on PCIe bus

@@ -XXX,XX +XXX,XX @@ Platform version changes:

0.2

GIC ITS information is present in devicetree.

+

+0.3

+ The USB controller is an XHCI device, not EHCI

diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/sbsa-ref.c

+++ b/hw/arm/sbsa-ref.c

@@ -XXX,XX +XXX,XX @@

#include "hw/pci-host/gpex.h"

#include "hw/qdev-properties.h"

#include "hw/usb.h"

+#include "hw/usb/xhci.h"

#include "hw/char/pl011.h"

#include "hw/watchdog/sbsa_gwdt.h"

#include "net/net.h"

@@ -XXX,XX +XXX,XX @@ enum {

SBSA_SECURE_UART_MM,

SBSA_SECURE_MEM,

SBSA_AHCI,

- SBSA_EHCI,

+ SBSA_XHCI,

struct SBSAMachineState {

@@ -XXX,XX +XXX,XX @@ static const MemMapEntry sbsa_ref_memmap[] = {

[SBSA_SMMU] = { 0x60050000, 0x00020000 },

/* Space here reserved for more SMMUs */

[SBSA_AHCI] = { 0x60100000, 0x00010000 },

- [SBSA_EHCI] = { 0x60110000, 0x00010000 },

+ [SBSA_XHCI] = { 0x60110000, 0x00010000 },

/* Space here reserved for other devices */

[SBSA_PCIE_PIO] = { 0x7fff0000, 0x00010000 },

/* 32-bit address PCIE MMIO space */

@@ -XXX,XX +XXX,XX @@ static const int sbsa_ref_irqmap[] = {

[SBSA_SECURE_UART] = 8,

[SBSA_SECURE_UART_MM] = 9,

[SBSA_AHCI] = 10,

- [SBSA_EHCI] = 11,

+ [SBSA_XHCI] = 11,

[SBSA_SMMU] = 12, /* ... to 15 */

[SBSA_GWDT_WS0] = 16,

};

@@ -XXX,XX +XXX,XX @@ static void create_fdt(SBSAMachineState *sms)

* fw compatibility.

*/

qemu_fdt_setprop_cell(fdt, "/", "machine-version-major", 0);

- qemu_fdt_setprop_cell(fdt, "/", "machine-version-minor", 2);

+ qemu_fdt_setprop_cell(fdt, "/", "machine-version-minor", 3);

if (ms->numa_state->have_numa_distance) {

int size = nb_numa_nodes * nb_numa_nodes * 3 * sizeof(uint32_t);

@@ -XXX,XX +XXX,XX @@ static void create_ahci(const SBSAMachineState *sms)

}

}

-static void create_ehci(const SBSAMachineState *sms)

+static void create_xhci(const SBSAMachineState *sms)

{

- hwaddr base = sbsa_ref_memmap[SBSA_EHCI].base;

- int irq = sbsa_ref_irqmap[SBSA_EHCI];

+ hwaddr base = sbsa_ref_memmap[SBSA_XHCI].base;

+ int irq = sbsa_ref_irqmap[SBSA_XHCI];

+ DeviceState *dev = qdev_new(TYPE_XHCI_SYSBUS);

- sysbus_create_simple("platform-ehci-usb", base,

- qdev_get_gpio_in(sms->gic, irq));

+ sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);

+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);

+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, qdev_get_gpio_in(sms->gic, irq));

}

static void create_smmu(const SBSAMachineState *sms, PCIBus *bus)

@@ -XXX,XX +XXX,XX @@ static void sbsa_ref_init(MachineState *machine)

create_ahci(sms);

- create_ehci(sms);

+ create_xhci(sms);

create_pcie(sms);

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig

--- a/hw/arm/Kconfig

+++ b/hw/arm/Kconfig

@@ -XXX,XX +XXX,XX @@ config SBSA_REF

select PL011 # UART

select PL031 # RTC

select PL061 # GPIO

- select USB_EHCI_SYSBUS

+ select USB_XHCI_SYSBUS

select WDT_SBSA

select BOCHS_DISPLAY

2.34.1

For the outer product set of insns, which take an entire matrix

tile as output, the argument is not a combined tile+column.

Therefore using get_tile_rowcol was incorrect, as we extracted

the tile number from itself.

The test case relies only on assembler support for SME, since

no release of GCC recognizes -march=armv9-a+sme yet.

Cc: qemu-stable@nongnu.org

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1620

[PMM: dropped now-unneeded changes to sysregs CFLAGS]

target/arm/tcg/translate-sme.c | 24 ++++++---

tests/tcg/aarch64/sme-outprod1.c | 83 +++++++++++++++++++++++++++++++

tests/tcg/aarch64/Makefile.target | 7 ++-

3 files changed, 107 insertions(+), 7 deletions(-)

create mode 100644 tests/tcg/aarch64/sme-outprod1.c

diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c

--- a/target/arm/tcg/translate-sme.c

+++ b/target/arm/tcg/translate-sme.c

@@ -XXX,XX +XXX,XX @@ static TCGv_ptr get_tile_rowcol(DisasContext *s, int esz, int rs,

return addr;

}

+/*

+ * Resolve tile.size[0] to a host pointer.

+ * Used by e.g. outer product insns where we require the entire tile.

+ */

+static TCGv_ptr get_tile(DisasContext *s, int esz, int tile)

+{

+ TCGv_ptr addr = tcg_temp_new_ptr();

+ int offset;

+

+ offset = tile * sizeof(ARMVectorReg) + offsetof(CPUARMState, zarray);

+

+ tcg_gen_addi_ptr(addr, cpu_env, offset);

+ return addr;

+}

+

static bool trans_ZERO(DisasContext *s, arg_ZERO *a)

{

if (!dc_isar_feature(aa64_sme, s)) {

@@ -XXX,XX +XXX,XX @@ static bool do_adda(DisasContext *s, arg_adda *a, MemOp esz,

return true;

- /* Sum XZR+zad to find ZAd. */

- za = get_tile_rowcol(s, esz, 31, a->zad, false);

+ za = get_tile(s, esz, a->zad);

zn = vec_full_reg_ptr(s, a->zn);

pn = pred_full_reg_ptr(s, a->pn);

pm = pred_full_reg_ptr(s, a->pm);

@@ -XXX,XX +XXX,XX @@ static bool do_outprod(DisasContext *s, arg_op *a, MemOp esz,

return true;

}

- /* Sum XZR+zad to find ZAd. */

- za = get_tile_rowcol(s, esz, 31, a->zad, false);

+ za = get_tile(s, esz, a->zad);

zn = vec_full_reg_ptr(s, a->zn);

zm = vec_full_reg_ptr(s, a->zm);

pn = pred_full_reg_ptr(s, a->pn);

@@ -XXX,XX +XXX,XX @@ static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz,

return true;

}

- /* Sum XZR+zad to find ZAd. */

- za = get_tile_rowcol(s, esz, 31, a->zad, false);

+ za = get_tile(s, esz, a->zad);

zn = vec_full_reg_ptr(s, a->zn);

zm = vec_full_reg_ptr(s, a->zm);

pn = pred_full_reg_ptr(s, a->pn);

diff --git a/tests/tcg/aarch64/sme-outprod1.c b/tests/tcg/aarch64/sme-outprod1.c

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/tests/tcg/aarch64/sme-outprod1.c

@@ -XXX,XX +XXX,XX @@

+/*

+ * SME outer product, 1 x 1.

+ * SPDX-License-Identifier: GPL-2.0-or-later

+ */

+

+#include <stdio.h>

+

+extern void foo(float *dst);

+

+asm(

+"    .arch_extension sme\n"

+"    .type foo, @function\n"

+"foo:\n"

+"    stp x29, x30, [sp, -80]!\n"

+"    mov x29, sp\n"

+"    stp d8, d9, [sp, 16]\n"

+"    stp d10, d11, [sp, 32]\n"

+"    stp d12, d13, [sp, 48]\n"

+"    stp d14, d15, [sp, 64]\n"

+"    smstart\n"

+"    ptrue p0.s, vl4\n"

+"    fmov z0.s, #1.0\n"

+/*

+ * An outer product of a vector of 1.0 by itself should be a matrix of 1.0.

+ * Note that we are using tile 1 here (za1.s) rather than tile 0.

+ */

+"    zero {za}\n"

+"    fmopa za1.s, p0/m, p0/m, z0.s, z0.s\n"

+/*

+ * Read the first 4x4 sub-matrix of elements from tile 1:

+ * Note that za1h should be interchangable here.

+ */

+"    mov w12, #0\n"

+"    mova z0.s, p0/m, za1v.s[w12, #0]\n"

+"    mova z1.s, p0/m, za1v.s[w12, #1]\n"

+"    mova z2.s, p0/m, za1v.s[w12, #2]\n"

+"    mova z3.s, p0/m, za1v.s[w12, #3]\n"

+/*

+ * And store them to the input pointer (dst in the C code):

+ */

+"    st1w {z0.s}, p0, [x0]\n"

+"    add x0, x0, #16\n"

+"    st1w {z1.s}, p0, [x0]\n"

+"    add x0, x0, #16\n"

+"    st1w {z2.s}, p0, [x0]\n"

+"    add x0, x0, #16\n"

+"    st1w {z3.s}, p0, [x0]\n"

+"    smstop\n"

+"    ldp d8, d9, [sp, 16]\n"

+"    ldp d10, d11, [sp, 32]\n"

+"    ldp d12, d13, [sp, 48]\n"

+"    ldp d14, d15, [sp, 64]\n"

+"    ldp x29, x30, [sp], 80\n"

+"    ret\n"

+"    .size foo, . - foo"

+);

+

+int main()

+{

+ float dst[16];

+ int i, j;

+

+ foo(dst);

+

+ for (i = 0; i < 16; i++) {

+ if (dst[i] != 1.0f) {

+ break;

+ }

+ }

+

+ if (i == 16) {

+ return 0; /* success */

+ }

+

+ /* failure */

+ for (i = 0; i < 4; ++i) {

+ for (j = 0; j < 4; ++j) {

+ printf("%f ", (double)dst[i * 4 + j]);

+ }

+ printf("\n");

+ }

+ return 1;

+}

diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target

index XXXXXXX..XXXXXXX 100644

--- a/tests/tcg/aarch64/Makefile.target

+++ b/tests/tcg/aarch64/Makefile.target

@@ -XXX,XX +XXX,XX @@ config-cc.mak: Makefile

     $(call cc-option,-march=armv8.5-a, CROSS_CC_HAS_ARMV8_5); \

     $(call cc-option,-mbranch-protection=standard, CROSS_CC_HAS_ARMV8_BTI); \

     $(call cc-option,-march=armv8.5-a+memtag, CROSS_CC_HAS_ARMV8_MTE); \

-     $(call cc-option,-march=armv9-a+sme, CROSS_CC_HAS_ARMV9_SME)) 3> config-cc.mak

+     $(call cc-option,-Wa$(COMMA)-march=armv9-a+sme, CROSS_AS_HAS_ARMV9_SME)) 3> config-cc.mak

-include config-cc.mak

ifneq ($(CROSS_CC_HAS_ARMV8_2),)

@@ -XXX,XX +XXX,XX @@ AARCH64_TESTS += mte-1 mte-2 mte-3 mte-4 mte-5 mte-6 mte-7

mte-%: CFLAGS += -march=armv8.5-a+memtag

endif

+# SME Tests

+ifneq ($(CROSS_AS_HAS_ARMV9_SME),)

+AARCH64_TESTS += sme-outprod1

+endif

+

# System Registers Tests

AARCH64_TESTS += sysregs

2.34.1

From: John Högberg <john.hogberg@ericsson.com>

target/arm/cpu.c | 11 +++++++++++

target/arm/helper.c | 47 ++++++++++++++++++++++++++++++++++++++++++---

2 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c

--- a/target/arm/cpu.c

+++ b/target/arm/cpu.c

@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)

return;

}

+#ifdef CONFIG_USER_ONLY

+ /*

+ * User mode relies on IC IVAU instructions to catch modification of

+ * dual-mapped code.

+ *

+ * Clear CTR_EL0.DIC to ensure that software that honors these flags uses

+ * IC IVAU even if the emulated processor does not normally require it.

+ */

+ cpu->ctr = FIELD_DP64(cpu->ctr, CTR_EL0, DIC, 0);

+#endif

+

if (arm_feature(env, ARM_FEATURE_AARCH64) &&

cpu->has_vfp != cpu->has_neon) {

/*

diff --git a/target/arm/helper.c b/target/arm/helper.c

--- a/target/arm/helper.c

+++ b/target/arm/helper.c

@@ -XXX,XX +XXX,XX @@ static void mdcr_el2_write(CPUARMState *env, const ARMCPRegInfo *ri,

+#ifdef CONFIG_USER_ONLY

+/*

+ * `IC IVAU` is handled to improve compatibility with JITs that dual-map their

+ * code to get around W^X restrictions, where one region is writable and the

+ * other is executable.

+ *

+ * Since the executable region is never written to we cannot detect code

+ * changes when running in user mode, and rely on the emulated JIT telling us

+ * that the code has changed by executing this instruction.

+ */

+static void ic_ivau_write(CPUARMState *env, const ARMCPRegInfo *ri,

+ uint64_t value)

+ uint64_t icache_line_mask, start_address, end_address;

+ const ARMCPU *cpu;

+

+ cpu = env_archcpu(env);

+

+ icache_line_mask = (4 << extract32(cpu->ctr, 0, 4)) - 1;

+ start_address = value & ~icache_line_mask;

+ end_address = value | icache_line_mask;

+

+ mmap_lock();

+

+ tb_invalidate_phys_range(start_address, end_address);

+

+ mmap_unlock();

+}

+#endif

+

static const ARMCPRegInfo v8_cp_reginfo[] = {

/*

* Minimal set of EL0-visible registers. This will need to be expanded

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {

{ .name = "CURRENTEL", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 0, .opc2 = 2, .crn = 4, .crm = 2,

.access = PL1_R, .type = ARM_CP_CURRENTEL },

- /* Cache ops: all NOPs since we don't emulate caches */

+ /*

+ * Instruction cache ops. All of these except `IC IVAU` NOP because we

+ * don't emulate caches.

+ */

{ .name = "IC_IALLUIS", .state = ARM_CP_STATE_AA64,

.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 1, .opc2 = 0,

.access = PL1_W, .type = ARM_CP_NOP,

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {

.accessfn = access_tocu },

{ .name = "IC_IVAU", .state = ARM_CP_STATE_AA64,

.opc0 = 1, .opc1 = 3, .crn = 7, .crm = 5, .opc2 = 1,

- .access = PL0_W, .type = ARM_CP_NOP,

+ .access = PL0_W,

.fgt = FGT_ICIVAU,

- .accessfn = access_tocu },

+ .accessfn = access_tocu,

+#ifdef CONFIG_USER_ONLY

+ .type = ARM_CP_NO_RAW,

+ .writefn = ic_ivau_write

+#else

+ .type = ARM_CP_NOP

+#endif

+ },

+ /* Cache ops: all NOPs since we don't emulate caches */

{ .name = "DC_IVAC", .state = ARM_CP_STATE_AA64,

.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 6, .opc2 = 1,

.access = PL1_W, .accessfn = aa64_cacheop_poc_access,

2.34.1

From: Akihiko Odaki <akihiko.odaki@daynix.com>

hw/misc/allwinner-sramc.c | 1 +

1 file changed, 1 insertion(+)

diff --git a/hw/misc/allwinner-sramc.c b/hw/misc/allwinner-sramc.c

--- a/hw/misc/allwinner-sramc.c

+++ b/hw/misc/allwinner-sramc.c

@@ -XXX,XX +XXX,XX @@ static const TypeInfo allwinner_sramc_info = {

.parent = TYPE_SYS_BUS_DEVICE,

.instance_init = allwinner_sramc_init,

.instance_size = sizeof(AwSRAMCState),

+ .class_size = sizeof(AwSRAMCClass),

.class_init = allwinner_sramc_class_init,

2.34.1

We already squash the ID register field for FEAT_SPE (the Statistical

Profiling Extension) because TCG does not implement it and if we

advertise it to the guest the guest will crash trying to look at

non-existent system registers. Do the same for some other features

which a real hardware Neoverse-V1 implements but which TCG doesn't:

* FEAT_TRF (Self-hosted Trace Extension)

* Trace Macrocell system register access

* Memory mapped trace

* FEAT_AMU (Activity Monitors Extension)

* FEAT_MPAM (Memory Partitioning and Monitoring Extension)

* FEAT_NV (Nested Virtualization)

Most of these, like FEAT_SPE, are "introspection/trace" type features

which QEMU is unlikely to ever implement. The odd-one-out here is

FEAT_NV -- we could implement that and at some point we probably

will.