[PULL 0/2] riscv-to-apply queue
[PULL 00/19] riscv-to-apply queue
1
From: Alistair Francis <alistair.francis@wdc.com>
1
From: Alistair Francis <alistair@alistair23.me>
2
2
3
The following changes since commit c5fbdd60cf1fb52f01bdfe342b6fa65d5343e1b1:
3
The following changes since commit d495e432c04a6394126c35cf96517749708b410f:
4
4
5
Merge tag 'qemu-sparc-20211121' of git://github.com/mcayland/qemu into staging (2021-11-21 14:12:25 +0100)
5
Merge tag 'pull-aspeed-20220630' of https://github.com/legoater/qemu into staging (2022-06-30 22:04:12 +0530)
6
6
7
are available in the Git repository at:
7
are available in the Git repository at:
8
8
9
git@github.com:alistair23/qemu.git tags/pull-riscv-to-apply-20211122
9
git@github.com:alistair23/qemu.git tags/pull-riscv-to-apply-20220703
10
10
11
for you to fetch changes up to 526e7443027c71fe7b04c29df529e1f9f425f9e3:
11
for you to fetch changes up to 435774992e82d2d16f025afbb20b4f7be9b242b0:
12
12
13
hw/misc/sifive_u_otp: Do not reset OTP content on hardware reset (2021-11-22 10:46:22 +1000)
13
target/riscv: Update default priority table for local interrupts (2022-07-03 10:03:20 +1000)
14
14
15
----------------------------------------------------------------
15
----------------------------------------------------------------
16
Seventh RISC-V PR for QEMU 6.2
16
Fifth RISC-V PR for QEMU 7.1
17
17
18
- Deprecate IF_NONE for SiFive OTP
18
* Fix register zero guarding for auipc and lui
19
- Don't reset SiFive OTP content
19
* Ensure bins (mtval) is set correctly
20
* Minimize the calls to decode_save_opc
21
* Guard against PMP ranges with a negative size
22
* Implement mcountinhibit CSR
23
* Add support for hpmcounters/hpmevents
24
* Improve PMU implenentation
25
* Support mcycle/minstret write operation
26
* Fixup MSECCFG minimum priv check
27
* Ibex (OpenTitan) fixup priv version
28
* Fix bug resulting in always using latest priv spec
29
* Reduce FDT address alignment constraints
30
* Set minumum priv spec version for mcountinhibit
31
* AIA update to v0.3 of the spec
20
32
21
----------------------------------------------------------------
33
----------------------------------------------------------------
22
Philippe Mathieu-Daudé (1):
34
Alistair Francis (3):
23
hw/misc/sifive_u_otp: Do not reset OTP content on hardware reset
35
target/riscv: Fixup MSECCFG minimum priv check
36
target/riscv: Ibex: Support priv version 1.11
37
hw/riscv: boot: Reduce FDT address alignment constraints
24
38
25
Thomas Huth (1):
39
Anup Patel (4):
26
hw/misc/sifive_u_otp: Use IF_PFLASH for the OTP device instead of IF_NONE
40
target/riscv: Don't force update priv spec version to latest
41
target/riscv: Set minumum priv spec version for mcountinhibit
42
target/riscv: Remove CSRs that set/clear an IMSIC interrupt file bits
43
target/riscv: Update default priority table for local interrupts
27
44
28
docs/about/deprecated.rst | 6 ++++++
45
Atish Patra (7):
29
hw/misc/sifive_u_otp.c | 22 +++++++++++++---------
46
target/riscv: Fix PMU CSR predicate function
30
2 files changed, 19 insertions(+), 9 deletions(-)
47
target/riscv: Implement PMU CSR predicate function for S-mode
48
target/riscv: pmu: Rename the counters extension to pmu
49
target/riscv: pmu: Make number of counters configurable
50
target/riscv: Implement mcountinhibit CSR
51
target/riscv: Add support for hpmcounters/hpmevents
52
target/riscv: Support mcycle/minstret write operation
31
53
54
Nicolas Pitre (1):
55
target/riscv/pmp: guard against PMP ranges with a negative size
56
57
Richard Henderson (3):
58
target/riscv: Set env->bins in gen_exception_illegal
59
target/riscv: Remove generate_exception_mtval
60
target/riscv: Minimize the calls to decode_save_opc
61
62
Víctor Colombo (1):
63
target/riscv: Remove condition guarding register zero for auipc and lui
64
65
target/riscv/cpu.h | 24 +-
66
target/riscv/cpu_bits.h | 30 +-
67
target/riscv/pmu.h | 28 +
68
hw/riscv/boot.c | 4 +-
69
target/riscv/cpu.c | 17 +-
70
target/riscv/cpu_helper.c | 134 ++--
71
target/riscv/csr.c | 857 +++++++++++++++----------
72
target/riscv/machine.c | 25 +
73
target/riscv/pmp.c | 3 +
74
target/riscv/pmu.c | 32 +
75
target/riscv/translate.c | 31 +-
76
target/riscv/insn_trans/trans_privileged.c.inc | 4 +
77
target/riscv/insn_trans/trans_rvh.c.inc | 2 +
78
target/riscv/insn_trans/trans_rvi.c.inc | 10 +-
79
target/riscv/meson.build | 3 +-
80
tests/tcg/riscv64/Makefile.softmmu-target | 21 +
81
tests/tcg/riscv64/issue1060.S | 53 ++
82
tests/tcg/riscv64/semihost.ld | 21 +
83
18 files changed, 843 insertions(+), 456 deletions(-)
84
create mode 100644 target/riscv/pmu.h
85
create mode 100644 target/riscv/pmu.c
86
create mode 100644 tests/tcg/riscv64/Makefile.softmmu-target
87
create mode 100644 tests/tcg/riscv64/issue1060.S
88
create mode 100644 tests/tcg/riscv64/semihost.ld
diff view generated by jsdifflib
New patch
[PULL 01/19] target/riscv: Remove condition guarding register zero for auipc and lui
1
From: Víctor Colombo <victor.colombo@eldorado.org.br>
1
2
3
Commit 57c108b8646 introduced gen_set_gpri(), which already contains
4
a check for if the destination register is 'zero'. The check in auipc
5
and lui are then redundant. This patch removes those checks.
6
7
Signed-off-by: Víctor Colombo <victor.colombo@eldorado.org.br>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
10
Message-Id: <20220610165517.47517-1-victor.colombo@eldorado.org.br>
11
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
12
---
13
target/riscv/insn_trans/trans_rvi.c.inc | 8 ++------
14
1 file changed, 2 insertions(+), 6 deletions(-)
15
16
diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/riscv/insn_trans/trans_rvi.c.inc
19
+++ b/target/riscv/insn_trans/trans_rvi.c.inc
20
@@ -XXX,XX +XXX,XX @@ static bool trans_c64_illegal(DisasContext *ctx, arg_empty *a)
21
22
static bool trans_lui(DisasContext *ctx, arg_lui *a)
23
{
24
- if (a->rd != 0) {
25
- gen_set_gpri(ctx, a->rd, a->imm);
26
- }
27
+ gen_set_gpri(ctx, a->rd, a->imm);
28
return true;
29
}
30
31
static bool trans_auipc(DisasContext *ctx, arg_auipc *a)
32
{
33
- if (a->rd != 0) {
34
- gen_set_gpri(ctx, a->rd, a->imm + ctx->base.pc_next);
35
- }
36
+ gen_set_gpri(ctx, a->rd, a->imm + ctx->base.pc_next);
37
return true;
38
}
39
40
--
41
2.36.1
diff view generated by jsdifflib
New patch
[PULL 02/19] target/riscv: Set env->bins in gen_exception_illegal
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
While we set env->bins when unwinding for ILLEGAL_INST,
4
from e.g. csrrw, we weren't setting it for immediately
5
illegal instructions.
6
7
Add a testcase for mtval via both exception paths.
8
9
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1060
10
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
12
Message-Id: <20220604231004.49990-2-richard.henderson@linaro.org>
13
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
14
---
15
target/riscv/translate.c | 2 +
16
tests/tcg/riscv64/Makefile.softmmu-target | 21 +++++++++
17
tests/tcg/riscv64/issue1060.S | 53 +++++++++++++++++++++++
18
tests/tcg/riscv64/semihost.ld | 21 +++++++++
19
4 files changed, 97 insertions(+)
20
create mode 100644 tests/tcg/riscv64/Makefile.softmmu-target
21
create mode 100644 tests/tcg/riscv64/issue1060.S
22
create mode 100644 tests/tcg/riscv64/semihost.ld
23
24
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
25
index XXXXXXX..XXXXXXX 100644
26
--- a/target/riscv/translate.c
27
+++ b/target/riscv/translate.c
28
@@ -XXX,XX +XXX,XX @@ static void generate_exception_mtval(DisasContext *ctx, int excp)
29
30
static void gen_exception_illegal(DisasContext *ctx)
31
{
32
+ tcg_gen_st_i32(tcg_constant_i32(ctx->opcode), cpu_env,
33
+ offsetof(CPURISCVState, bins));
34
generate_exception(ctx, RISCV_EXCP_ILLEGAL_INST);
35
}
36
37
diff --git a/tests/tcg/riscv64/Makefile.softmmu-target b/tests/tcg/riscv64/Makefile.softmmu-target
38
new file mode 100644
39
index XXXXXXX..XXXXXXX
40
--- /dev/null
41
+++ b/tests/tcg/riscv64/Makefile.softmmu-target
42
@@ -XXX,XX +XXX,XX @@
43
+#
44
+# RISC-V system tests
45
+#
46
+
47
+TEST_SRC = $(SRC_PATH)/tests/tcg/riscv64
48
+VPATH += $(TEST_SRC)
49
+
50
+LINK_SCRIPT = $(TEST_SRC)/semihost.ld
51
+LDFLAGS = -T $(LINK_SCRIPT)
52
+CFLAGS += -g -Og
53
+
54
+%.o: %.S
55
+    $(CC) $(CFLAGS) $< -c -o $@
56
+%: %.o $(LINK_SCRIPT)
57
+    $(LD) $(LDFLAGS) $< -o $@
58
+
59
+QEMU_OPTS += -M virt -display none -semihosting -device loader,file=
60
+
61
+EXTRA_RUNS += run-issue1060
62
+run-issue1060: issue1060
63
+    $(call run-test, $<, $(QEMU) $(QEMU_OPTS)$<)
64
diff --git a/tests/tcg/riscv64/issue1060.S b/tests/tcg/riscv64/issue1060.S
65
new file mode 100644
66
index XXXXXXX..XXXXXXX
67
--- /dev/null
68
+++ b/tests/tcg/riscv64/issue1060.S
69
@@ -XXX,XX +XXX,XX @@
70
+    .option    norvc
71
+
72
+    .text
73
+    .global _start
74
+_start:
75
+    lla    t0, trap
76
+    csrw    mtvec, t0
77
+
78
+    # These are all illegal instructions
79
+    csrw    time, x0
80
+    .insn    i CUSTOM_0, 0, x0, x0, 0x321
81
+    csrw    time, x0
82
+    .insn    i CUSTOM_0, 0, x0, x0, 0x123
83
+    csrw    cycle, x0
84
+
85
+    # Success!
86
+    li    a0, 0
87
+    j    _exit
88
+
89
+trap:
90
+    # When an instruction traps, compare it to the insn in memory.
91
+    csrr    t0, mepc
92
+    csrr    t1, mtval
93
+    lwu    t2, 0(t0)
94
+    bne    t1, t2, fail
95
+
96
+    # Skip the insn and continue.
97
+    addi    t0, t0, 4
98
+    csrw    mepc, t0
99
+    mret
100
+
101
+fail:
102
+    li    a0, 1
103
+
104
+# Exit code in a0
105
+_exit:
106
+    lla    a1, semiargs
107
+    li    t0, 0x20026    # ADP_Stopped_ApplicationExit
108
+    sd    t0, 0(a1)
109
+    sd    a0, 8(a1)
110
+    li    a0, 0x20    # TARGET_SYS_EXIT_EXTENDED
111
+
112
+    # Semihosting call sequence
113
+    .balign    16
114
+    slli    zero, zero, 0x1f
115
+    ebreak
116
+    srai    zero, zero, 0x7
117
+    j    .
118
+
119
+    .data
120
+    .balign    16
121
+semiargs:
122
+    .space    16
123
diff --git a/tests/tcg/riscv64/semihost.ld b/tests/tcg/riscv64/semihost.ld
124
new file mode 100644
125
index XXXXXXX..XXXXXXX
126
--- /dev/null
127
+++ b/tests/tcg/riscv64/semihost.ld
128
@@ -XXX,XX +XXX,XX @@
129
+ENTRY(_start)
130
+
131
+SECTIONS
132
+{
133
+ /* virt machine, RAM starts at 2gb */
134
+ . = 0x80000000;
135
+ .text : {
136
+ *(.text)
137
+ }
138
+ .rodata : {
139
+ *(.rodata)
140
+ }
141
+ /* align r/w section to next 2mb */
142
+ . = ALIGN(1 << 21);
143
+ .data : {
144
+ *(.data)
145
+ }
146
+ .bss : {
147
+ *(.bss)
148
+ }
149
+}
150
--
151
2.36.1
diff view generated by jsdifflib
[PULL 2/2] hw/misc/sifive_u_otp: Do not reset OTP content on hardware reset
[PULL 03/19] target/riscv: Remove generate_exception_mtval
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Once a "One Time Programmable" is programmed, it shouldn't be reset.
3
The function doesn't set mtval, it sets badaddr. Move the set
4
of badaddr directly into gen_exception_inst_addr_mis and use
5
generate_exception.
4
6
5
Do not re-initialize the OTP content in the DeviceReset handler,
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
initialize it once in the DeviceRealize one.
7
8
Fixes: 9fb45c62ae8 ("riscv: sifive: Implement a model for SiFive FU540 OTP")
9
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
8
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
11
Message-Id: <20211119104757.331579-1-f4bug@amsat.org>
9
Message-Id: <20220604231004.49990-3-richard.henderson@linaro.org>
12
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
10
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
13
---
11
---
14
hw/misc/sifive_u_otp.c | 13 +++++--------
12
target/riscv/translate.c | 11 ++---------
15
1 file changed, 5 insertions(+), 8 deletions(-)
13
1 file changed, 2 insertions(+), 9 deletions(-)
16
14
17
diff --git a/hw/misc/sifive_u_otp.c b/hw/misc/sifive_u_otp.c
15
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
18
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/misc/sifive_u_otp.c
17
--- a/target/riscv/translate.c
20
+++ b/hw/misc/sifive_u_otp.c
18
+++ b/target/riscv/translate.c
21
@@ -XXX,XX +XXX,XX @@ static void sifive_u_otp_realize(DeviceState *dev, Error **errp)
19
@@ -XXX,XX +XXX,XX @@ static void generate_exception(DisasContext *ctx, int excp)
22
20
ctx->base.is_jmp = DISAS_NORETURN;
23
if (blk_pread(s->blk, 0, s->fuse, filesize) != filesize) {
21
}
24
error_setg(errp, "failed to read the initial flash content");
22
25
+ return;
23
-static void generate_exception_mtval(DisasContext *ctx, int excp)
26
}
24
-{
27
}
25
- gen_set_pc_imm(ctx, ctx->base.pc_next);
28
}
26
- tcg_gen_st_tl(cpu_pc, cpu_env, offsetof(CPURISCVState, badaddr));
27
- gen_helper_raise_exception(cpu_env, tcg_constant_i32(excp));
28
- ctx->base.is_jmp = DISAS_NORETURN;
29
-}
29
-}
30
-
30
-
31
-static void sifive_u_otp_reset(DeviceState *dev)
31
static void gen_exception_illegal(DisasContext *ctx)
32
-{
32
{
33
- SiFiveUOTPState *s = SIFIVE_U_OTP(dev);
33
tcg_gen_st_i32(tcg_constant_i32(ctx->opcode), cpu_env,
34
34
@@ -XXX,XX +XXX,XX @@ static void gen_exception_illegal(DisasContext *ctx)
35
/* Initialize all fuses' initial value to 0xFFs */
35
36
memset(s->fuse, 0xff, sizeof(s->fuse));
36
static void gen_exception_inst_addr_mis(DisasContext *ctx)
37
@@ -XXX,XX +XXX,XX @@ static void sifive_u_otp_reset(DeviceState *dev)
37
{
38
serial_data = s->serial;
38
- generate_exception_mtval(ctx, RISCV_EXCP_INST_ADDR_MIS);
39
if (blk_pwrite(s->blk, index * SIFIVE_U_OTP_FUSE_WORD,
39
+ tcg_gen_st_tl(cpu_pc, cpu_env, offsetof(CPURISCVState, badaddr));
40
&serial_data, SIFIVE_U_OTP_FUSE_WORD, 0) < 0) {
40
+ generate_exception(ctx, RISCV_EXCP_INST_ADDR_MIS);
41
- error_report("write error index<%d>", index);
42
+ error_setg(errp, "failed to write index<%d>", index);
43
+ return;
44
}
45
46
serial_data = ~(s->serial);
47
if (blk_pwrite(s->blk, (index + 1) * SIFIVE_U_OTP_FUSE_WORD,
48
&serial_data, SIFIVE_U_OTP_FUSE_WORD, 0) < 0) {
49
- error_report("write error index<%d>", index + 1);
50
+ error_setg(errp, "failed to write index<%d>", index + 1);
51
+ return;
52
}
53
}
54
55
@@ -XXX,XX +XXX,XX @@ static void sifive_u_otp_class_init(ObjectClass *klass, void *data)
56
57
device_class_set_props(dc, sifive_u_otp_properties);
58
dc->realize = sifive_u_otp_realize;
59
- dc->reset = sifive_u_otp_reset;
60
}
41
}
61
42
62
static const TypeInfo sifive_u_otp_info = {
43
static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
63
--
44
--
64
2.31.1
45
2.36.1
65
66
diff view generated by jsdifflib
New patch
[PULL 04/19] target/riscv: Minimize the calls to decode_save_opc
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
The set of instructions that require decode_save_opc for
4
unwinding is really fairly small -- only insns that can
5
raise ILLEGAL_INSN at runtime. This includes CSR, anything
6
that uses a *new* fp rounding mode, and many privileged insns.
7
8
Since unwind info is stored as the difference from the
9
previous insn, storing a 0 for most insns minimizes the
10
size of the unwind info.
11
12
Booting a debian kernel image to the missing rootfs panic yields
13
14
- gen code size 22226819/1026886656
15
+ gen code size 21601907/1026886656
16
17
on 41k TranslationBlocks, a savings of 610kB or a bit less than 3%.
18
19
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
20
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
21
Message-Id: <20220604231004.49990-4-richard.henderson@linaro.org>
22
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
23
---
24
target/riscv/translate.c | 18 +++++++++---------
25
target/riscv/insn_trans/trans_privileged.c.inc | 4 ++++
26
target/riscv/insn_trans/trans_rvh.c.inc | 2 ++
27
target/riscv/insn_trans/trans_rvi.c.inc | 2 ++
28
4 files changed, 17 insertions(+), 9 deletions(-)
29
30
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
31
index XXXXXXX..XXXXXXX 100644
32
--- a/target/riscv/translate.c
33
+++ b/target/riscv/translate.c
34
@@ -XXX,XX +XXX,XX @@ static void gen_check_nanbox_s(TCGv_i64 out, TCGv_i64 in)
35
tcg_gen_movcond_i64(TCG_COND_GEU, out, in, t_max, in, t_nan);
36
}
37
38
+static void decode_save_opc(DisasContext *ctx)
39
+{
40
+ assert(ctx->insn_start != NULL);
41
+ tcg_set_insn_start_param(ctx->insn_start, 1, ctx->opcode);
42
+ ctx->insn_start = NULL;
43
+}
44
+
45
static void gen_set_pc_imm(DisasContext *ctx, target_ulong dest)
46
{
47
if (get_xl(ctx) == MXL_RV32) {
48
@@ -XXX,XX +XXX,XX @@ static void gen_set_rm(DisasContext *ctx, int rm)
49
return;
50
}
51
52
+ /* The helper may raise ILLEGAL_INSN -- record binv for unwind. */
53
+ decode_save_opc(ctx);
54
gen_helper_set_rounding_mode(cpu_env, tcg_constant_i32(rm));
55
}
56
57
@@ -XXX,XX +XXX,XX @@ static uint32_t opcode_at(DisasContextBase *dcbase, target_ulong pc)
58
/* Include decoders for factored-out extensions */
59
#include "decode-XVentanaCondOps.c.inc"
60
61
-static inline void decode_save_opc(DisasContext *ctx, target_ulong opc)
62
-{
63
- assert(ctx->insn_start != NULL);
64
- tcg_set_insn_start_param(ctx->insn_start, 1, opc);
65
- ctx->insn_start = NULL;
66
-}
67
-
68
static void decode_opc(CPURISCVState *env, DisasContext *ctx, uint16_t opcode)
69
{
70
/*
71
@@ -XXX,XX +XXX,XX @@ static void decode_opc(CPURISCVState *env, DisasContext *ctx, uint16_t opcode)
72
73
/* Check for compressed insn */
74
if (extract16(opcode, 0, 2) != 3) {
75
- decode_save_opc(ctx, opcode);
76
if (!has_ext(ctx, RVC)) {
77
gen_exception_illegal(ctx);
78
} else {
79
@@ -XXX,XX +XXX,XX @@ static void decode_opc(CPURISCVState *env, DisasContext *ctx, uint16_t opcode)
80
opcode32 = deposit32(opcode32, 16, 16,
81
translator_lduw(env, &ctx->base,
82
ctx->base.pc_next + 2));
83
- decode_save_opc(ctx, opcode32);
84
ctx->opcode = opcode32;
85
ctx->pc_succ_insn = ctx->base.pc_next + 4;
86
87
diff --git a/target/riscv/insn_trans/trans_privileged.c.inc b/target/riscv/insn_trans/trans_privileged.c.inc
88
index XXXXXXX..XXXXXXX 100644
89
--- a/target/riscv/insn_trans/trans_privileged.c.inc
90
+++ b/target/riscv/insn_trans/trans_privileged.c.inc
91
@@ -XXX,XX +XXX,XX @@ static bool trans_sret(DisasContext *ctx, arg_sret *a)
92
{
93
#ifndef CONFIG_USER_ONLY
94
if (has_ext(ctx, RVS)) {
95
+ decode_save_opc(ctx);
96
gen_helper_sret(cpu_pc, cpu_env);
97
tcg_gen_exit_tb(NULL, 0); /* no chaining */
98
ctx->base.is_jmp = DISAS_NORETURN;
99
@@ -XXX,XX +XXX,XX @@ static bool trans_sret(DisasContext *ctx, arg_sret *a)
100
static bool trans_mret(DisasContext *ctx, arg_mret *a)
101
{
102
#ifndef CONFIG_USER_ONLY
103
+ decode_save_opc(ctx);
104
gen_helper_mret(cpu_pc, cpu_env);
105
tcg_gen_exit_tb(NULL, 0); /* no chaining */
106
ctx->base.is_jmp = DISAS_NORETURN;
107
@@ -XXX,XX +XXX,XX @@ static bool trans_mret(DisasContext *ctx, arg_mret *a)
108
static bool trans_wfi(DisasContext *ctx, arg_wfi *a)
109
{
110
#ifndef CONFIG_USER_ONLY
111
+ decode_save_opc(ctx);
112
gen_set_pc_imm(ctx, ctx->pc_succ_insn);
113
gen_helper_wfi(cpu_env);
114
return true;
115
@@ -XXX,XX +XXX,XX @@ static bool trans_wfi(DisasContext *ctx, arg_wfi *a)
116
static bool trans_sfence_vma(DisasContext *ctx, arg_sfence_vma *a)
117
{
118
#ifndef CONFIG_USER_ONLY
119
+ decode_save_opc(ctx);
120
gen_helper_tlb_flush(cpu_env);
121
return true;
122
#endif
123
diff --git a/target/riscv/insn_trans/trans_rvh.c.inc b/target/riscv/insn_trans/trans_rvh.c.inc
124
index XXXXXXX..XXXXXXX 100644
125
--- a/target/riscv/insn_trans/trans_rvh.c.inc
126
+++ b/target/riscv/insn_trans/trans_rvh.c.inc
127
@@ -XXX,XX +XXX,XX @@ static bool trans_hfence_gvma(DisasContext *ctx, arg_sfence_vma *a)
128
{
129
REQUIRE_EXT(ctx, RVH);
130
#ifndef CONFIG_USER_ONLY
131
+ decode_save_opc(ctx);
132
gen_helper_hyp_gvma_tlb_flush(cpu_env);
133
return true;
134
#endif
135
@@ -XXX,XX +XXX,XX @@ static bool trans_hfence_vvma(DisasContext *ctx, arg_sfence_vma *a)
136
{
137
REQUIRE_EXT(ctx, RVH);
138
#ifndef CONFIG_USER_ONLY
139
+ decode_save_opc(ctx);
140
gen_helper_hyp_tlb_flush(cpu_env);
141
return true;
142
#endif
143
diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc
144
index XXXXXXX..XXXXXXX 100644
145
--- a/target/riscv/insn_trans/trans_rvi.c.inc
146
+++ b/target/riscv/insn_trans/trans_rvi.c.inc
147
@@ -XXX,XX +XXX,XX @@ static bool trans_fence_i(DisasContext *ctx, arg_fence_i *a)
148
149
static bool do_csr_post(DisasContext *ctx)
150
{
151
+ /* The helper may raise ILLEGAL_INSN -- record binv for unwind. */
152
+ decode_save_opc(ctx);
153
/* We may have changed important cpu state -- exit to main loop. */
154
gen_set_pc_imm(ctx, ctx->pc_succ_insn);
155
tcg_gen_exit_tb(NULL, 0);
156
--
157
2.36.1
diff view generated by jsdifflib
New patch
[PULL 05/19] target/riscv/pmp: guard against PMP ranges with a negative size
1
From: Nicolas Pitre <nico@fluxnic.net>
1
2
3
For a TOR entry to match, the stard address must be lower than the end
4
address. Normally this is always the case, but correct code might still
5
run into the following scenario:
6
7
Initial state:
8
9
    pmpaddr3 = 0x2000    pmp3cfg = OFF
10
    pmpaddr4 = 0x3000    pmp4cfg = TOR
11
12
Execution:
13
14
    1. write 0x40ff to pmpaddr3
15
    2. write 0x32ff to pmpaddr4
16
    3. set pmp3cfg to NAPOT with a read-modify-write on pmpcfg0
17
    4. set pmp4cfg to NAPOT with a read-modify-write on pmpcfg1
18
19
When (2) is emulated, a call to pmp_update_rule() creates a negative
20
range for pmp4 as pmp4cfg is still set to TOR. And when (3) is emulated,
21
a call to tlb_flush() is performed, causing pmp_get_tlb_size() to return
22
a very creatively large TLB size for pmp4. This, in turn, may result in
23
accesses to non-existent/unitialized memory regions and a fault, so that
24
(4) ends up never being executed.
25
26
This is in m-mode with MPRV unset, meaning that unlocked PMP entries
27
should have no effect. Therefore such a behavior based on PMP content
28
is very unexpected.
29
30
Make sure no negative PMP range can be created, whether explicitly by
31
the emulated code or implicitly like the above.
32
33
Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
34
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
35
Message-Id: <3oq0sqs1-67o0-145-5n1s-453o118804q@syhkavp.arg>
36
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
37
---
38
target/riscv/pmp.c | 3 +++
39
1 file changed, 3 insertions(+)
40
41
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
42
index XXXXXXX..XXXXXXX 100644
43
--- a/target/riscv/pmp.c
44
+++ b/target/riscv/pmp.c
45
@@ -XXX,XX +XXX,XX @@ void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index)
46
case PMP_AMATCH_TOR:
47
sa = prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */
48
ea = (this_addr << 2) - 1u;
49
+ if (sa > ea) {
50
+ sa = ea = 0u;
51
+ }
52
break;
53
54
case PMP_AMATCH_NA4:
55
--
56
2.36.1
diff view generated by jsdifflib
[PULL 1/2] hw/misc/sifive_u_otp: Use IF_PFLASH for the OTP device instead of IF_NONE
[PULL 06/19] target/riscv: Fix PMU CSR predicate function
1
From: Thomas Huth <thuth@redhat.com>
1
From: Atish Patra <atish.patra@wdc.com>
2
2
3
Configuring a drive with "if=none" is meant for creation of a backend
3
The predicate function calculates the counter index incorrectly for
4
only, it should not get automatically assigned to a device frontend.
4
hpmcounterx. Fix the counter index to reflect correct CSR number.
5
Use "if=pflash" for the One-Time-Programmable device instead (like
6
it is e.g. also done for the efuse device in hw/arm/xlnx-zcu102.c).
7
5
8
Since the old way of configuring the device has already been published
6
Fixes: e39a8320b088 ("target/riscv: Support the Virtual Instruction fault")
9
with the previous QEMU versions, we cannot remove this immediately, but
10
have to deprecate it and support it for at least two more releases.
11
12
Signed-off-by: Thomas Huth <thuth@redhat.com>
13
Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
14
Reviewed-by: Markus Armbruster <armbru@redhat.com>
15
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
7
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
16
Message-id: 20211119102549.217755-1-thuth@redhat.com
8
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
9
Signed-off-by: Atish Patra <atish.patra@wdc.com>
10
Signed-off-by: Atish Patra <atishp@rivosinc.com>
11
Message-Id: <20220620231603.2547260-2-atishp@rivosinc.com>
17
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
12
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
18
---
13
---
19
docs/about/deprecated.rst | 6 ++++++
14
target/riscv/csr.c | 11 +++++++----
20
hw/misc/sifive_u_otp.c | 9 ++++++++-
15
1 file changed, 7 insertions(+), 4 deletions(-)
21
2 files changed, 14 insertions(+), 1 deletion(-)
22
16
23
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
17
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
24
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
25
--- a/docs/about/deprecated.rst
19
--- a/target/riscv/csr.c
26
+++ b/docs/about/deprecated.rst
20
+++ b/target/riscv/csr.c
27
@@ -XXX,XX +XXX,XX @@ as short-form boolean values, and passed to plugins as ``arg_name=on``.
21
@@ -XXX,XX +XXX,XX @@ static RISCVException ctr(CPURISCVState *env, int csrno)
28
However, short-form booleans are deprecated and full explicit ``arg_name=on``
22
#if !defined(CONFIG_USER_ONLY)
29
form is preferred.
23
CPUState *cs = env_cpu(env);
30
24
RISCVCPU *cpu = RISCV_CPU(cs);
31
+``-drive if=none`` for the sifive_u OTP device (since 6.2)
25
+ int ctr_index;
32
+''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
26
33
+
27
if (!cpu->cfg.ext_counters) {
34
+Using ``-drive if=none`` to configure the OTP device of the sifive_u
28
/* The Counters extensions is not enabled */
35
+RISC-V machine is deprecated. Use ``-drive if=pflash`` instead.
29
@@ -XXX,XX +XXX,XX @@ static RISCVException ctr(CPURISCVState *env, int csrno)
36
+
30
}
37
31
break;
38
QEMU Machine Protocol (QMP) commands
32
case CSR_HPMCOUNTER3...CSR_HPMCOUNTER31:
39
------------------------------------
33
- if (!get_field(env->hcounteren, 1 << (csrno - CSR_HPMCOUNTER3)) &&
40
diff --git a/hw/misc/sifive_u_otp.c b/hw/misc/sifive_u_otp.c
34
- get_field(env->mcounteren, 1 << (csrno - CSR_HPMCOUNTER3))) {
41
index XXXXXXX..XXXXXXX 100644
35
+ ctr_index = csrno - CSR_CYCLE;
42
--- a/hw/misc/sifive_u_otp.c
36
+ if (!get_field(env->hcounteren, 1 << ctr_index) &&
43
+++ b/hw/misc/sifive_u_otp.c
37
+ get_field(env->mcounteren, 1 << ctr_index)) {
44
@@ -XXX,XX +XXX,XX @@ static void sifive_u_otp_realize(DeviceState *dev, Error **errp)
38
return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
45
TYPE_SIFIVE_U_OTP, SIFIVE_U_OTP_REG_SIZE);
39
}
46
sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->mmio);
40
break;
47
41
@@ -XXX,XX +XXX,XX @@ static RISCVException ctr(CPURISCVState *env, int csrno)
48
- dinfo = drive_get_next(IF_NONE);
42
}
49
+ dinfo = drive_get_next(IF_PFLASH);
43
break;
50
+ if (!dinfo) {
44
case CSR_HPMCOUNTER3H...CSR_HPMCOUNTER31H:
51
+ dinfo = drive_get_next(IF_NONE);
45
- if (!get_field(env->hcounteren, 1 << (csrno - CSR_HPMCOUNTER3H)) &&
52
+ if (dinfo) {
46
- get_field(env->mcounteren, 1 << (csrno - CSR_HPMCOUNTER3H))) {
53
+ warn_report("using \"-drive if=none\" for the OTP is deprecated, "
47
+ ctr_index = csrno - CSR_CYCLEH;
54
+ "use \"-drive if=pflash\" instead.");
48
+ if (!get_field(env->hcounteren, 1 << ctr_index) &&
55
+ }
49
+ get_field(env->mcounteren, 1 << ctr_index)) {
56
+ }
50
return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
57
if (dinfo) {
51
}
58
int ret;
52
break;
59
uint64_t perm;
60
--
53
--
61
2.31.1
54
2.36.1
62
63
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.