Series comparison

-[PULL 0/3] target-arm queue
+[PULL 0/2] target-arm queue
-Only thing for Arm for rc1 is RTH's fix for the KVM SVE probe code.
+This bug seemed worth fixing for 8.0 since we need an rc4 anyway:
 we were using uninitialized data for the guarded bit when
 combining stage 1 and stage 2 attrs.
+thanks
 -- PMM
-The following changes since commit 4e06b3fc1b5e1ec03f22190eabe56891dc9c2236:
+The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6:
-  Merge tag 'pull-hex-20220731' of https://github.com/quic/qemu into staging (2022-07-31 21:38:54 -0700)
+  Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220801
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410
-for you to fetch changes up to 5265d24c981dfdda8d29b44f7e84a514da75eedc:
+for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308:
-  target/arm: Move sve probe inside kvm >= 4.15 branch (2022-08-01 16:21:18 +0100)
+  target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100)
 ----------------------------------------------------------------
-target-arm queue:
+target-arm: Fix bug where we weren't initializing
- * Fix KVM SVE ID register probe code
+            guarded bit state when combining S1/S2 attrs
 ----------------------------------------------------------------
-Richard Henderson (3):
+Richard Henderson (2):
-      target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features
+      target/arm: PTE bit GP only applies to stage1
-      target/arm: Set KVM_ARM_VCPU_SVE while probing the host
+      target/arm: Copy guarded bit in combine_cacheattrs
       target/arm: Move sve probe inside kvm >= 4.15 branch
- target/arm/kvm64.c | 45 ++++++++++++++++++++++-----------------------
+ target/arm/ptw.c | 11 ++++++-----
-file changed, 22 insertions(+), 23 deletions(-)
+file changed, 6 insertions(+), 5 deletions(-)

-[PULL 1/3] target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Indication for support for SVE will not depend on whether we
-perform the query on the main kvm_state or the temp vcpu.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20220726045828.53697-2-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/kvm64.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/kvm64.c
-+++ b/target/arm/kvm64.c
-@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
-         }
-     }
--    sve_supported = ioctl(fdarray[0], KVM_CHECK_EXTENSION, KVM_CAP_ARM_SVE) > 0;
-+    sve_supported = kvm_arm_sve_supported();
-     /* Add feature bits that can't appear until after VCPU init. */
-     if (sve_supported) {
---
-.25.1

-[PULL 3/3] target/arm: Move sve probe inside kvm >= 4.15 branch
+[PULL 1/2] target/arm: PTE bit GP only applies to stage1
 From: Richard Henderson <richard.henderson@linaro.org>
-The test for the IF block indicates no ID registers are exposed, much
+Only perform the extract of GP during the stage1 walk.
 less host support for SVE.  Move the SVE probe into the ELSE block.
+Reported-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20220726045828.53697-4-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/kvm64.c | 22 +++++++++++-----------
+ target/arm/ptw.c | 10 +++++-----
-file changed, 11 insertions(+), 11 deletions(-)
+file changed, 5 insertions(+), 5 deletions(-)
-diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/kvm64.c
+--- a/target/arm/ptw.c
-+++ b/target/arm/kvm64.c
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
-             err |= read_sys_reg64(fdarray[2], &ahcf->isar.reset_pmcr_el0,
+         result->f.attrs.secure = false;
-                                   ARM64_SYS_REG(3, 3, 9, 12, 0));
+     }
-         }
 -    /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB.  */
 -    if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
 -        result->f.guarded = extract64(attrs, 50, 1); /* GP */
 -    }
+-
--    if (sve_supported) {
+     if (regime_is_stage2(mmu_idx)) {
--        /*
+         result->cacheattrs.is_s2_format = true;
--         * There is a range of kernels between kernel commit 73433762fcae
+         result->cacheattrs.attrs = extract32(attrs, 2, 4);
--         * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
+@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
--         * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
+         assert(attrindx <= 7);
--         * SVE support, which resulted in an error rather than RAZ.
+         result->cacheattrs.is_s2_format = false;
--         * So only read the register if we set KVM_ARM_VCPU_SVE above.
+         result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
--         */
++
--        err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
++        /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
--                              ARM64_SYS_REG(3, 0, 0, 4, 4));
++        if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
-+        if (sve_supported) {
++            result->f.guarded = extract64(attrs, 50, 1); /* GP */
 +            /*
 +             * There is a range of kernels between kernel commit 73433762fcae
 +             * and f81cb2c3ad41 which have a bug where the kernel doesn't
 +             * expose SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has
 +             * enabled SVE support, which resulted in an error rather than RAZ.
 +             * So only read the register if we set KVM_ARM_VCPU_SVE above.
 +             */
 +            err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
 +                                  ARM64_SYS_REG(3, 0, 0, 4, 4));
 +        }
      }
-     kvm_arm_destroy_scratch_host_vcpu(fdarray);
+     /*
 --
-.25.1
+.34.1

-[PULL 2/3] target/arm: Set KVM_ARM_VCPU_SVE while probing the host
+[PULL 2/2] target/arm: Copy guarded bit in combine_cacheattrs
 From: Richard Henderson <richard.henderson@linaro.org>
-Because we weren't setting this flag, our probe of ID_AA64ZFR0
+The guarded bit comes from the stage1 walk.
 was always returning zero.  This also obviates the adjustment
 of ID_AA64PFR0, which had sanitized the SVE field.
-The effects of the bug are not visible, because the only thing that
+Fixes: Coverity CID 1507929
 ID_AA64ZFR0 is used for within qemu at present is tcg translation.
 The other tests for SVE within KVM are via ID_AA64PFR0.SVE.
 Reported-by: Zenghui Yu <yuzenghui@huawei.com>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20220726045828.53697-3-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20230407185149.3253946-3-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/kvm64.c | 27 +++++++++++++--------------
+ target/arm/ptw.c | 1 +
-file changed, 13 insertions(+), 14 deletions(-)
+file changed, 1 insertion(+)
-diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
+diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/kvm64.c
+--- a/target/arm/ptw.c
-+++ b/target/arm/kvm64.c
++++ b/target/arm/ptw.c
-@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
+@@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
-     bool sve_supported;
-     bool pmu_supported = false;
+     assert(!s1.is_s2_format);
-     uint64_t features = 0;
+     ret.is_s2_format = false;
--    uint64_t t;
++    ret.guarded = s1.guarded;
-     int err;
+     if (s1.attrs == 0xf0) {
-     /* Old kernels may not know about the PREFERRED_TARGET ioctl: however
+         tagged = true;
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
      struct kvm_vcpu_init init = { .target = -1, };
      /*
 -     * Ask for Pointer Authentication if supported. We can't play the
 -     * SVE trick of synthesising the ID reg as KVM won't tell us
 -     * whether we have the architected or IMPDEF version of PAuth, so
 -     * we have to use the actual ID regs.
 +     * Ask for SVE if supported, so that we can query ID_AA64ZFR0,
 +     * which is otherwise RAZ.
 +     */
 +    sve_supported = kvm_arm_sve_supported();
 +    if (sve_supported) {
 +        init.features[0] |= 1 << KVM_ARM_VCPU_SVE;
 +    }
 +
 +    /*
 +     * Ask for Pointer Authentication if supported, so that we get
 +     * the unsanitized field values for AA64ISAR1_EL1.
       */
      if (kvm_arm_pauth_supported()) {
          init.features[0] |= (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS |
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
          }
      }
 -    sve_supported = kvm_arm_sve_supported();
 -
 -    /* Add feature bits that can't appear until after VCPU init. */
      if (sve_supported) {
 -        t = ahcf->isar.id_aa64pfr0;
 -        t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1);
 -        ahcf->isar.id_aa64pfr0 = t;
 -
          /*
           * There is a range of kernels between kernel commit 73433762fcae
           * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
           * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
 -         * SVE support, so we only read it here, rather than together with all
 -         * the other ID registers earlier.
 +         * SVE support, which resulted in an error rather than RAZ.
 +         * So only read the register if we set KVM_ARM_VCPU_SVE above.
           */
          err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
                                ARM64_SYS_REG(3, 0, 0, 4, 4));
 --
-.25.1
+.34.1

Only thing for Arm for rc1 is RTH's fix for the KVM SVE probe code.

-- PMM

The following changes since commit 4e06b3fc1b5e1ec03f22190eabe56891dc9c2236:

Merge tag 'pull-hex-20220731' of https://github.com/quic/qemu into staging (2022-07-31 21:38:54 -0700)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220801

for you to fetch changes up to 5265d24c981dfdda8d29b44f7e84a514da75eedc:

target/arm: Move sve probe inside kvm >= 4.15 branch (2022-08-01 16:21:18 +0100)

----------------------------------------------------------------
target-arm queue:
 * Fix KVM SVE ID register probe code

----------------------------------------------------------------
Richard Henderson (3):
      target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features
      target/arm: Set KVM_ARM_VCPU_SVE while probing the host
      target/arm: Move sve probe inside kvm >= 4.15 branch

target/arm/kvm64.c | 45 ++++++++++++++++++++++-----------------------
 1 file changed, 22 insertions(+), 23 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Because we weren't setting this flag, our probe of ID_AA64ZFR0
was always returning zero.  This also obviates the adjustment
of ID_AA64PFR0, which had sanitized the SVE field.

The effects of the bug are not visible, because the only thing that
ID_AA64ZFR0 is used for within qemu at present is tcg translation.
The other tests for SVE within KVM are via ID_AA64PFR0.SVE.

Reported-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220726045828.53697-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm64.c | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
     bool sve_supported;
     bool pmu_supported = false;
     uint64_t features = 0;
-    uint64_t t;
     int err;
 
     /* Old kernels may not know about the PREFERRED_TARGET ioctl: however
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
     struct kvm_vcpu_init init = { .target = -1, };
 
     /*
-     * Ask for Pointer Authentication if supported. We can't play the
-     * SVE trick of synthesising the ID reg as KVM won't tell us
-     * whether we have the architected or IMPDEF version of PAuth, so
-     * we have to use the actual ID regs.
+     * Ask for SVE if supported, so that we can query ID_AA64ZFR0,
+     * which is otherwise RAZ.
+     */
+    sve_supported = kvm_arm_sve_supported();
+    if (sve_supported) {
+        init.features[0] |= 1 << KVM_ARM_VCPU_SVE;
+    }
+
+    /*
+     * Ask for Pointer Authentication if supported, so that we get
+     * the unsanitized field values for AA64ISAR1_EL1.
      */
     if (kvm_arm_pauth_supported()) {
         init.features[0] |= (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS |
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
         }
     }
 
-    sve_supported = kvm_arm_sve_supported();
-
-    /* Add feature bits that can't appear until after VCPU init. */
     if (sve_supported) {
-        t = ahcf->isar.id_aa64pfr0;
-        t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1);
-        ahcf->isar.id_aa64pfr0 = t;
-
         /*
          * There is a range of kernels between kernel commit 73433762fcae
          * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
          * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
-         * SVE support, so we only read it here, rather than together with all
-         * the other ID registers earlier.
+         * SVE support, which resulted in an error rather than RAZ.
+         * So only read the register if we set KVM_ARM_VCPU_SVE above.
          */
         err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
                               ARM64_SYS_REG(3, 0, 0, 4, 4));
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

The test for the IF block indicates no ID registers are exposed, much
less host support for SVE.  Move the SVE probe into the ELSE block.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220726045828.53697-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm64.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
             err |= read_sys_reg64(fdarray[2], &ahcf->isar.reset_pmcr_el0,
                                   ARM64_SYS_REG(3, 3, 9, 12, 0));
         }
-    }
 
-    if (sve_supported) {
-        /*
-         * There is a range of kernels between kernel commit 73433762fcae
-         * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
-         * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
-         * SVE support, which resulted in an error rather than RAZ.
-         * So only read the register if we set KVM_ARM_VCPU_SVE above.
-         */
-        err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
-                              ARM64_SYS_REG(3, 0, 0, 4, 4));
+        if (sve_supported) {
+            /*
+             * There is a range of kernels between kernel commit 73433762fcae
+             * and f81cb2c3ad41 which have a bug where the kernel doesn't
+             * expose SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has
+             * enabled SVE support, which resulted in an error rather than RAZ.
+             * So only read the register if we set KVM_ARM_VCPU_SVE above.
+             */
+            err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
+                                  ARM64_SYS_REG(3, 0, 0, 4, 4));
+        }
     }
 
     kvm_arm_destroy_scratch_host_vcpu(fdarray);
-- 
2.25.1

This bug seemed worth fixing for 8.0 since we need an rc4 anyway:
we were using uninitialized data for the guarded bit when
combining stage 1 and stage 2 attrs.

thanks
-- PMM

The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6:

Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410

for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308:

target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100)

----------------------------------------------------------------
target-arm: Fix bug where we weren't initializing
            guarded bit state when combining S1/S2 attrs

----------------------------------------------------------------
Richard Henderson (2):
      target/arm: PTE bit GP only applies to stage1
      target/arm: Copy guarded bit in combine_cacheattrs

target/arm/ptw.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Only perform the extract of GP during the stage1 walk.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/ptw.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         result->f.attrs.secure = false;
     }
 
-    /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB.  */
-    if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
-        result->f.guarded = extract64(attrs, 50, 1); /* GP */
-    }
-
     if (regime_is_stage2(mmu_idx)) {
         result->cacheattrs.is_s2_format = true;
         result->cacheattrs.attrs = extract32(attrs, 2, 4);
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
         assert(attrindx <= 7);
         result->cacheattrs.is_s2_format = false;
         result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
+
+        /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
+        if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
+            result->f.guarded = extract64(attrs, 50, 1); /* GP */
+        }
     }
 
     /*
-- 
2.34.1