| 1 | This bug seemed worth fixing for 8.0 since we need an rc4 anyway: | 1 | v2: dropped USHL/SSHL patch |
|---|---|---|---|
| 2 | we were using uninitialized data for the guarded bit when | ||
| 3 | combining stage 1 and stage 2 attrs. | ||
| 4 | 2 | ||
| 5 | thanks | 3 | The following changes since commit 785a602eae7ad97076b9794ebaba072ad4a9f74f: |
| 6 | -- PMM | ||
| 7 | 4 | ||
| 8 | The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6: | 5 | Merge remote-tracking branch 'remotes/kraxel/tags/vga-20190613-pull-request' into staging (2019-06-13 13:25:25 +0100) |
| 9 | |||
| 10 | Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100) | ||
| 11 | 6 | ||
| 12 | are available in the Git repository at: | 7 | are available in the Git repository at: |
| 13 | 8 | ||
| 14 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410 | 9 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190613-1 |
| 15 | 10 | ||
| 16 | for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308: | 11 | for you to fetch changes up to 18cf951af9a27ae573a6fa17f9d0c103f7b7679b: |
| 17 | 12 | ||
| 18 | target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100) | 13 | target/arm: Fix short-vector increment behaviour (2019-06-13 15:14:06 +0100) |
| 19 | 14 | ||
| 20 | ---------------------------------------------------------------- | 15 | ---------------------------------------------------------------- |
| 21 | target-arm: Fix bug where we weren't initializing | 16 | target-arm queue: |
| 22 | guarded bit state when combining S1/S2 attrs | 17 | * convert aarch32 VFP decoder to decodetree |
| 18 | (includes tightening up decode in a few places) | ||
| 19 | * fix minor bugs in VFP short-vector handling | ||
| 20 | * hw/core/bus.c: Only the main system bus can have no parent | ||
| 21 | * smmuv3: Fix decoding of ID register range | ||
| 22 | * Implement NSACR gating of floating point | ||
| 23 | * Use tcg_gen_gvec_bitsel | ||
| 23 | 24 | ||
| 24 | ---------------------------------------------------------------- | 25 | ---------------------------------------------------------------- |
| 25 | Richard Henderson (2): | 26 | Peter Maydell (44): |
| 26 | target/arm: PTE bit GP only applies to stage1 | 27 | target/arm: Implement NSACR gating of floating point |
| 27 | target/arm: Copy guarded bit in combine_cacheattrs | 28 | hw/arm/smmuv3: Fix decoding of ID register range |
| 29 | hw/core/bus.c: Only the main system bus can have no parent | ||
| 30 | target/arm: Add stubs for AArch32 VFP decodetree | ||
| 31 | target/arm: Factor out VFP access checking code | ||
| 32 | target/arm: Fix Cortex-R5F MVFR values | ||
| 33 | target/arm: Explicitly enable VFP short-vectors for aarch32 -cpu max | ||
| 34 | target/arm: Convert the VSEL instructions to decodetree | ||
| 35 | target/arm: Convert VMINNM, VMAXNM to decodetree | ||
| 36 | target/arm: Convert VRINTA/VRINTN/VRINTP/VRINTM to decodetree | ||
| 37 | target/arm: Convert VCVTA/VCVTN/VCVTP/VCVTM to decodetree | ||
| 38 | target/arm: Move the VFP trans_* functions to translate-vfp.inc.c | ||
| 39 | target/arm: Add helpers for VFP register loads and stores | ||
| 40 | target/arm: Convert "double-precision" register moves to decodetree | ||
| 41 | target/arm: Convert "single-precision" register moves to decodetree | ||
| 42 | target/arm: Convert VFP two-register transfer insns to decodetree | ||
| 43 | target/arm: Convert VFP VLDR and VSTR to decodetree | ||
| 44 | target/arm: Convert the VFP load/store multiple insns to decodetree | ||
| 45 | target/arm: Remove VLDR/VSTR/VLDM/VSTM use of cpu_F0s and cpu_F0d | ||
| 46 | target/arm: Convert VFP VMLA to decodetree | ||
| 47 | target/arm: Convert VFP VMLS to decodetree | ||
| 48 | target/arm: Convert VFP VNMLS to decodetree | ||
| 49 | target/arm: Convert VFP VNMLA to decodetree | ||
| 50 | target/arm: Convert VMUL to decodetree | ||
| 51 | target/arm: Convert VNMUL to decodetree | ||
| 52 | target/arm: Convert VADD to decodetree | ||
| 53 | target/arm: Convert VSUB to decodetree | ||
| 54 | target/arm: Convert VDIV to decodetree | ||
| 55 | target/arm: Convert VFP fused multiply-add insns to decodetree | ||
| 56 | target/arm: Convert VMOV (imm) to decodetree | ||
| 57 | target/arm: Convert VABS to decodetree | ||
| 58 | target/arm: Convert VNEG to decodetree | ||
| 59 | target/arm: Convert VSQRT to decodetree | ||
| 60 | target/arm: Convert VMOV (register) to decodetree | ||
| 61 | target/arm: Convert VFP comparison insns to decodetree | ||
| 62 | target/arm: Convert the VCVT-from-f16 insns to decodetree | ||
| 63 | target/arm: Convert the VCVT-to-f16 insns to decodetree | ||
| 64 | target/arm: Convert VFP round insns to decodetree | ||
| 65 | target/arm: Convert double-single precision conversion insns to decodetree | ||
| 66 | target/arm: Convert integer-to-float insns to decodetree | ||
| 67 | target/arm: Convert VJCVT to decodetree | ||
| 68 | target/arm: Convert VCVT fp/fixed-point conversion insns to decodetree | ||
| 69 | target/arm: Convert float-to-integer VCVT insns to decodetree | ||
| 70 | target/arm: Fix short-vector increment behaviour | ||
| 28 | 71 | ||
| 29 | target/arm/ptw.c | 11 ++++++----- | 72 | Richard Henderson (3): |
| 30 | 1 file changed, 6 insertions(+), 5 deletions(-) | 73 | target/arm: Use tcg_gen_gvec_bitsel |
| 74 | target/arm: Fix output of PAuth Auth | ||
| 75 | decodetree: Fix comparison of Field | ||
| 76 | |||
| 77 | target/arm/Makefile.objs | 13 + | ||
| 78 | tests/tcg/aarch64/Makefile.target | 2 +- | ||
| 79 | target/arm/cpu.h | 11 + | ||
| 80 | target/arm/translate-a64.h | 2 + | ||
| 81 | target/arm/translate.h | 3 - | ||
| 82 | hw/arm/smmuv3.c | 2 +- | ||
| 83 | hw/core/bus.c | 21 +- | ||
| 84 | target/arm/cpu.c | 6 + | ||
| 85 | target/arm/helper.c | 75 +- | ||
| 86 | target/arm/pauth_helper.c | 4 +- | ||
| 87 | target/arm/translate-a64.c | 15 +- | ||
| 88 | target/arm/translate-vfp.inc.c | 2672 +++++++++++++++++++++++++++++++++++++ | ||
| 89 | target/arm/translate.c | 1581 +--------------------- | ||
| 90 | tests/tcg/aarch64/pauth-2.c | 61 + | ||
| 91 | scripts/decodetree.py | 2 +- | ||
| 92 | target/arm/vfp-uncond.decode | 63 + | ||
| 93 | target/arm/vfp.decode | 242 ++++ | ||
| 94 | 17 files changed, 3203 insertions(+), 1572 deletions(-) | ||
| 95 | create mode 100644 target/arm/translate-vfp.inc.c | ||
| 96 | create mode 100644 tests/tcg/aarch64/pauth-2.c | ||
| 97 | create mode 100644 target/arm/vfp-uncond.decode | ||
| 98 | create mode 100644 target/arm/vfp.decode | ||
| 99 | diff view generated by jsdifflib |
Deleted patch | |||
|---|---|---|---|
| 1 | From: Richard Henderson <richard.henderson@linaro.org> | ||
| 2 | 1 | ||
| 3 | Only perform the extract of GP during the stage1 walk. | ||
| 4 | |||
| 5 | Reported-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 6 | Signed-off-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 7 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 8 | Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org | ||
| 9 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 10 | --- | ||
| 11 | target/arm/ptw.c | 10 +++++----- | ||
| 12 | 1 file changed, 5 insertions(+), 5 deletions(-) | ||
| 13 | |||
| 14 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c | ||
| 15 | index XXXXXXX..XXXXXXX 100644 | ||
| 16 | --- a/target/arm/ptw.c | ||
| 17 | +++ b/target/arm/ptw.c | ||
| 18 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, | ||
| 19 | result->f.attrs.secure = false; | ||
| 20 | } | ||
| 21 | |||
| 22 | - /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */ | ||
| 23 | - if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) { | ||
| 24 | - result->f.guarded = extract64(attrs, 50, 1); /* GP */ | ||
| 25 | - } | ||
| 26 | - | ||
| 27 | if (regime_is_stage2(mmu_idx)) { | ||
| 28 | result->cacheattrs.is_s2_format = true; | ||
| 29 | result->cacheattrs.attrs = extract32(attrs, 2, 4); | ||
| 30 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, | ||
| 31 | assert(attrindx <= 7); | ||
| 32 | result->cacheattrs.is_s2_format = false; | ||
| 33 | result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8); | ||
| 34 | + | ||
| 35 | + /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */ | ||
| 36 | + if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) { | ||
| 37 | + result->f.guarded = extract64(attrs, 50, 1); /* GP */ | ||
| 38 | + } | ||
| 39 | } | ||
| 40 | |||
| 41 | /* | ||
| 42 | -- | ||
| 43 | 2.34.1 | diff view generated by jsdifflib |
Deleted patch | |||
|---|---|---|---|
| 1 | From: Richard Henderson <richard.henderson@linaro.org> | ||
| 2 | 1 | ||
| 3 | The guarded bit comes from the stage1 walk. | ||
| 4 | |||
| 5 | Fixes: Coverity CID 1507929 | ||
| 6 | Signed-off-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 7 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 8 | Message-id: 20230407185149.3253946-3-richard.henderson@linaro.org | ||
| 9 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 10 | --- | ||
| 11 | target/arm/ptw.c | 1 + | ||
| 12 | 1 file changed, 1 insertion(+) | ||
| 13 | |||
| 14 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c | ||
| 15 | index XXXXXXX..XXXXXXX 100644 | ||
| 16 | --- a/target/arm/ptw.c | ||
| 17 | +++ b/target/arm/ptw.c | ||
| 18 | @@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, | ||
| 19 | |||
| 20 | assert(!s1.is_s2_format); | ||
| 21 | ret.is_s2_format = false; | ||
| 22 | + ret.guarded = s1.guarded; | ||
| 23 | |||
| 24 | if (s1.attrs == 0xf0) { | ||
| 25 | tagged = true; | ||
| 26 | -- | ||
| 27 | 2.34.1 | diff view generated by jsdifflib |