Series comparison

-[PULL for-6.2 0/1] target-arm queue
+[PULL 0/3] target-arm queue
-Last minute pullreq with one patch, fixing the GICv3 ICH_MISR_EL2.LRENP
+Only thing for Arm for rc1 is RTH's fix for the KVM SVE probe code.
 calculation. I went back-and-forth on whether to put this in, but:
  * it's an effective regression from 6.1 (the bug itself has been
    present since before then, but it was previously masked by the
    other bug which we fixed in 9cee1efe92)
  * I just realized it could cause a screaming maintenance interrupt
    even for hypervisors like KVM that don't set LRENPIE
 On the other hand this is very late and we haven't seen it be a
 problem with any guest except Qualcomm's hypervisor. So if you want
 to decide it's better not going in that's OK too.
 Tested on the gitlab CI and with a local test of nested KVM.
 -- PMM
-The following changes since commit 7635eff97104242d618400e4b6746d0a5c97af82:
+The following changes since commit 4e06b3fc1b5e1ec03f22190eabe56891dc9c2236:
-  Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging (2021-12-06 11:18:06 -0800)
+  Merge tag 'pull-hex-20220731' of https://github.com/quic/qemu into staging (2022-07-31 21:38:54 -0700)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20211207
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220801
-for you to fetch changes up to 2958e5150dfa297dd5a51fe57a29156b8744f07f:
+for you to fetch changes up to 5265d24c981dfdda8d29b44f7e84a514da75eedc:
-  gicv3: fix ICH_MISR's LRENP computation (2021-12-07 15:30:08 +0000)
+  target/arm: Move sve probe inside kvm >= 4.15 branch (2022-08-01 16:21:18 +0100)
 ----------------------------------------------------------------
 target-arm queue:
- * Fix calculation of ICH_MISR_EL2.LRENP to avoid incorrect generation
+ * Fix KVM SVE ID register probe code
    of maintenance interrupts
 ----------------------------------------------------------------
-Damien Hedde (1):
+Richard Henderson (3):
-      gicv3: fix ICH_MISR's LRENP computation
+      target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features
       target/arm: Set KVM_ARM_VCPU_SVE while probing the host
       target/arm: Move sve probe inside kvm >= 4.15 branch
- hw/intc/arm_gicv3_cpuif.c | 3 ++-
+ target/arm/kvm64.c | 45 ++++++++++++++++++++++-----------------------
-file changed, 2 insertions(+), 1 deletion(-)
+file changed, 22 insertions(+), 23 deletions(-)

-New patch
+[PULL 1/3] target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features
+From: Richard Henderson <richard.henderson@linaro.org>
+Indication for support for SVE will not depend on whether we
+perform the query on the main kvm_state or the temp vcpu.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220726045828.53697-2-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/kvm64.c | 2 +-
+file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/kvm64.c
++++ b/target/arm/kvm64.c
+@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
+         }
+     }
+-    sve_supported = ioctl(fdarray[0], KVM_CHECK_EXTENSION, KVM_CAP_ARM_SVE) > 0;
++    sve_supported = kvm_arm_sve_supported();
+     /* Add feature bits that can't appear until after VCPU init. */
+     if (sve_supported) {
+--
+.25.1

-New patch
+[PULL 2/3] target/arm: Set KVM_ARM_VCPU_SVE while probing the host
+From: Richard Henderson <richard.henderson@linaro.org>
+Because we weren't setting this flag, our probe of ID_AA64ZFR0
+was always returning zero.  This also obviates the adjustment
+of ID_AA64PFR0, which had sanitized the SVE field.
+The effects of the bug are not visible, because the only thing that
+ID_AA64ZFR0 is used for within qemu at present is tcg translation.
+The other tests for SVE within KVM are via ID_AA64PFR0.SVE.
+Reported-by: Zenghui Yu <yuzenghui@huawei.com>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20220726045828.53697-3-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/kvm64.c | 27 +++++++++++++--------------
+file changed, 13 insertions(+), 14 deletions(-)
+diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/kvm64.c
++++ b/target/arm/kvm64.c
+@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
+     bool sve_supported;
+     bool pmu_supported = false;
+     uint64_t features = 0;
+-    uint64_t t;
+     int err;
+     /* Old kernels may not know about the PREFERRED_TARGET ioctl: however
+@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
+     struct kvm_vcpu_init init = { .target = -1, };
+     /*
+-     * Ask for Pointer Authentication if supported. We can't play the
+-     * SVE trick of synthesising the ID reg as KVM won't tell us
+-     * whether we have the architected or IMPDEF version of PAuth, so
+-     * we have to use the actual ID regs.
++     * Ask for SVE if supported, so that we can query ID_AA64ZFR0,
++     * which is otherwise RAZ.
++     */
++    sve_supported = kvm_arm_sve_supported();
++    if (sve_supported) {
++        init.features[0] |= 1 << KVM_ARM_VCPU_SVE;
++    }
++
++    /*
++     * Ask for Pointer Authentication if supported, so that we get
++     * the unsanitized field values for AA64ISAR1_EL1.
+      */
+     if (kvm_arm_pauth_supported()) {
+         init.features[0] |= (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS |
+@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
+         }
+     }
+-    sve_supported = kvm_arm_sve_supported();
+-
+-    /* Add feature bits that can't appear until after VCPU init. */
+     if (sve_supported) {
+-        t = ahcf->isar.id_aa64pfr0;
+-        t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1);
+-        ahcf->isar.id_aa64pfr0 = t;
+-
+         /*
+          * There is a range of kernels between kernel commit 73433762fcae
+          * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
+          * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
+-         * SVE support, so we only read it here, rather than together with all
+-         * the other ID registers earlier.
++         * SVE support, which resulted in an error rather than RAZ.
++         * So only read the register if we set KVM_ARM_VCPU_SVE above.
+          */
+         err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
+                               ARM64_SYS_REG(3, 0, 0, 4, 4));
+--
+.25.1

-[PULL 1/1] gicv3: fix ICH_MISR's LRENP computation
+[PULL 3/3] target/arm: Move sve probe inside kvm >= 4.15 branch
-From: Damien Hedde <damien.hedde@greensocs.com>
+From: Richard Henderson <richard.henderson@linaro.org>
-According to the "Arm Generic Interrupt Controller Architecture
+The test for the IF block indicates no ID registers are exposed, much
-Specification GIC architecture version 3 and 4" (version G: page 345
+less host support for SVE.  Move the SVE probe into the ELSE block.
 for aarch64 or 509 for aarch32):
 LRENP bit of ICH_MISR is set when ICH_HCR.LRENPIE==1 and
 ICH_HCR.EOIcount is non-zero.
-When only LRENPIE was set (and EOI count was zero), the LRENP bit was
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-wrongly set and MISR value was wrong.
+Message-id: 20220726045828.53697-4-richard.henderson@linaro.org
 As an additional consequence, if an hypervisor set ICH_HCR.LRENPIE,
 the maintenance interrupt was constantly fired. It happens since patch
 cee1efe92 ("hw/intc: Set GIC maintenance interrupt level to only 0 or 1")
 which fixed another bug about maintenance interrupt (most significant
 bits of misr, including this one, were ignored in the interrupt trigger).
 Fixes: 83f036fe3d ("hw/intc/arm_gicv3: Add accessors for ICH_ system registers")
 Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20211207094427.3473-1-damien.hedde@greensocs.com
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- hw/intc/arm_gicv3_cpuif.c | 3 ++-
+ target/arm/kvm64.c | 22 +++++++++++-----------
-file changed, 2 insertions(+), 1 deletion(-)
+file changed, 11 insertions(+), 11 deletions(-)
-diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
+diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/arm_gicv3_cpuif.c
+--- a/target/arm/kvm64.c
-+++ b/hw/intc/arm_gicv3_cpuif.c
++++ b/target/arm/kvm64.c
-@@ -XXX,XX +XXX,XX @@ static uint32_t maintenance_interrupt_state(GICv3CPUState *cs)
+@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
-     /* Scan list registers and fill in the U, NP and EOI bits */
+             err |= read_sys_reg64(fdarray[2], &ahcf->isar.reset_pmcr_el0,
-     eoi_maintenance_interrupt_state(cs, &value);
+                                   ARM64_SYS_REG(3, 3, 9, 12, 0));
+         }
--    if (cs->ich_hcr_el2 & (ICH_HCR_EL2_LRENPIE | ICH_HCR_EL2_EOICOUNT_MASK)) {
+-    }
-+    if ((cs->ich_hcr_el2 & ICH_HCR_EL2_LRENPIE) &&
-+        (cs->ich_hcr_el2 & ICH_HCR_EL2_EOICOUNT_MASK)) {
+-    if (sve_supported) {
-         value |= ICH_MISR_EL2_LRENP;
+-        /*
 -         * There is a range of kernels between kernel commit 73433762fcae
 -         * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
 -         * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
 -         * SVE support, which resulted in an error rather than RAZ.
 -         * So only read the register if we set KVM_ARM_VCPU_SVE above.
 -         */
 -        err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
 -                              ARM64_SYS_REG(3, 0, 0, 4, 4));
 +        if (sve_supported) {
 +            /*
 +             * There is a range of kernels between kernel commit 73433762fcae
 +             * and f81cb2c3ad41 which have a bug where the kernel doesn't
 +             * expose SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has
 +             * enabled SVE support, which resulted in an error rather than RAZ.
 +             * So only read the register if we set KVM_ARM_VCPU_SVE above.
 +             */
 +            err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
 +                                  ARM64_SYS_REG(3, 0, 0, 4, 4));
 +        }
      }
+     kvm_arm_destroy_scratch_host_vcpu(fdarray);
 --
 .25.1

Last minute pullreq with one patch, fixing the GICv3 ICH_MISR_EL2.LRENP
calculation. I went back-and-forth on whether to put this in, but:
 * it's an effective regression from 6.1 (the bug itself has been
   present since before then, but it was previously masked by the
   other bug which we fixed in 9cee1efe92)
 * I just realized it could cause a screaming maintenance interrupt
   even for hypervisors like KVM that don't set LRENPIE

On the other hand this is very late and we haven't seen it be a
problem with any guest except Qualcomm's hypervisor. So if you want
to decide it's better not going in that's OK too.

Tested on the gitlab CI and with a local test of nested KVM.

-- PMM

The following changes since commit 7635eff97104242d618400e4b6746d0a5c97af82:

Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging (2021-12-06 11:18:06 -0800)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20211207

for you to fetch changes up to 2958e5150dfa297dd5a51fe57a29156b8744f07f:

gicv3: fix ICH_MISR's LRENP computation (2021-12-07 15:30:08 +0000)

----------------------------------------------------------------
target-arm queue:
 * Fix calculation of ICH_MISR_EL2.LRENP to avoid incorrect generation
   of maintenance interrupts

----------------------------------------------------------------
Damien Hedde (1):
      gicv3: fix ICH_MISR's LRENP computation

hw/intc/arm_gicv3_cpuif.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

From: Damien Hedde <damien.hedde@greensocs.com>

According to the "Arm Generic Interrupt Controller Architecture
Specification GIC architecture version 3 and 4" (version G: page 345
for aarch64 or 509 for aarch32):
LRENP bit of ICH_MISR is set when ICH_HCR.LRENPIE==1 and
ICH_HCR.EOIcount is non-zero.

When only LRENPIE was set (and EOI count was zero), the LRENP bit was
wrongly set and MISR value was wrong.

As an additional consequence, if an hypervisor set ICH_HCR.LRENPIE,
the maintenance interrupt was constantly fired. It happens since patch
9cee1efe92 ("hw/intc: Set GIC maintenance interrupt level to only 0 or 1")
which fixed another bug about maintenance interrupt (most significant
bits of misr, including this one, were ignored in the interrupt trigger).

Fixes: 83f036fe3d ("hw/intc/arm_gicv3: Add accessors for ICH_ system registers")
Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20211207094427.3473-1-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/arm_gicv3_cpuif.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -XXX,XX +XXX,XX @@ static uint32_t maintenance_interrupt_state(GICv3CPUState *cs)
     /* Scan list registers and fill in the U, NP and EOI bits */
     eoi_maintenance_interrupt_state(cs, &value);
 
-    if (cs->ich_hcr_el2 & (ICH_HCR_EL2_LRENPIE | ICH_HCR_EL2_EOICOUNT_MASK)) {
+    if ((cs->ich_hcr_el2 & ICH_HCR_EL2_LRENPIE) &&
+        (cs->ich_hcr_el2 & ICH_HCR_EL2_EOICOUNT_MASK)) {
         value |= ICH_MISR_EL2_LRENP;
     }
 
-- 
2.25.1

Only thing for Arm for rc1 is RTH's fix for the KVM SVE probe code.

-- PMM

The following changes since commit 4e06b3fc1b5e1ec03f22190eabe56891dc9c2236:

Merge tag 'pull-hex-20220731' of https://github.com/quic/qemu into staging (2022-07-31 21:38:54 -0700)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220801

for you to fetch changes up to 5265d24c981dfdda8d29b44f7e84a514da75eedc:

target/arm: Move sve probe inside kvm >= 4.15 branch (2022-08-01 16:21:18 +0100)

----------------------------------------------------------------
target-arm queue:
 * Fix KVM SVE ID register probe code

----------------------------------------------------------------
Richard Henderson (3):
      target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features
      target/arm: Set KVM_ARM_VCPU_SVE while probing the host
      target/arm: Move sve probe inside kvm >= 4.15 branch

target/arm/kvm64.c | 45 ++++++++++++++++++++++-----------------------
 1 file changed, 22 insertions(+), 23 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Because we weren't setting this flag, our probe of ID_AA64ZFR0
was always returning zero.  This also obviates the adjustment
of ID_AA64PFR0, which had sanitized the SVE field.

The effects of the bug are not visible, because the only thing that
ID_AA64ZFR0 is used for within qemu at present is tcg translation.
The other tests for SVE within KVM are via ID_AA64PFR0.SVE.

Reported-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220726045828.53697-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm64.c | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
     bool sve_supported;
     bool pmu_supported = false;
     uint64_t features = 0;
-    uint64_t t;
     int err;
 
     /* Old kernels may not know about the PREFERRED_TARGET ioctl: however
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
     struct kvm_vcpu_init init = { .target = -1, };
 
     /*
-     * Ask for Pointer Authentication if supported. We can't play the
-     * SVE trick of synthesising the ID reg as KVM won't tell us
-     * whether we have the architected or IMPDEF version of PAuth, so
-     * we have to use the actual ID regs.
+     * Ask for SVE if supported, so that we can query ID_AA64ZFR0,
+     * which is otherwise RAZ.
+     */
+    sve_supported = kvm_arm_sve_supported();
+    if (sve_supported) {
+        init.features[0] |= 1 << KVM_ARM_VCPU_SVE;
+    }
+
+    /*
+     * Ask for Pointer Authentication if supported, so that we get
+     * the unsanitized field values for AA64ISAR1_EL1.
      */
     if (kvm_arm_pauth_supported()) {
         init.features[0] |= (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS |
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
         }
     }
 
-    sve_supported = kvm_arm_sve_supported();
-
-    /* Add feature bits that can't appear until after VCPU init. */
     if (sve_supported) {
-        t = ahcf->isar.id_aa64pfr0;
-        t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1);
-        ahcf->isar.id_aa64pfr0 = t;
-
         /*
          * There is a range of kernels between kernel commit 73433762fcae
          * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
          * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
-         * SVE support, so we only read it here, rather than together with all
-         * the other ID registers earlier.
+         * SVE support, which resulted in an error rather than RAZ.
+         * So only read the register if we set KVM_ARM_VCPU_SVE above.
          */
         err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
                               ARM64_SYS_REG(3, 0, 0, 4, 4));
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

The test for the IF block indicates no ID registers are exposed, much
less host support for SVE.  Move the SVE probe into the ELSE block.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220726045828.53697-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm64.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
             err |= read_sys_reg64(fdarray[2], &ahcf->isar.reset_pmcr_el0,
                                   ARM64_SYS_REG(3, 3, 9, 12, 0));
         }
-    }
 
-    if (sve_supported) {
-        /*
-         * There is a range of kernels between kernel commit 73433762fcae
-         * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
-         * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
-         * SVE support, which resulted in an error rather than RAZ.
-         * So only read the register if we set KVM_ARM_VCPU_SVE above.
-         */
-        err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
-                              ARM64_SYS_REG(3, 0, 0, 4, 4));
+        if (sve_supported) {
+            /*
+             * There is a range of kernels between kernel commit 73433762fcae
+             * and f81cb2c3ad41 which have a bug where the kernel doesn't
+             * expose SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has
+             * enabled SVE support, which resulted in an error rather than RAZ.
+             * So only read the register if we set KVM_ARM_VCPU_SVE above.
+             */
+            err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
+                                  ARM64_SYS_REG(3, 0, 0, 4, 4));
+        }
     }
 
     kvm_arm_destroy_scratch_host_vcpu(fdarray);
-- 
2.25.1