Just a collection of bug fixes this time around...

The following changes since commit 2a6ae69154542caa91dd17c40fd3f5ffbec300de:

Merge tag 'pull-maintainer-ominbus-030723-1' of https://gitlab.com/stsquad/qemu into staging (2023-07-04 08:36:44 +0200)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230704

for you to fetch changes up to 86a78272f094857b4eda79d721c116e93942aa9a:

target/xtensa: Assert that interrupt level is within bounds (2023-07-04 14:27:08 +0100)

* Add raw_writes ops for register whose write induce TLB maintenance

* hw/arm/sbsa-ref: use XHCI to replace EHCI

* Avoid splitting Zregs across lines in dump

* Dump ZA[] when active

* Fix SME full tile indexing

* Handle IC IVAU to improve compatibility with JITs

* xlnx-canfd-test: Fix code coverity issues

* gdbstub: Guard M-profile code with CONFIG_TCG

* allwinner-sramc: Set class_size

* target/xtensa: Assert that interrupt level is within bounds

Akihiko Odaki (1):

hw: arm: allwinner-sramc: Set class_size

Eric Auger (1):

target/arm: Add raw_writes ops for register whose write induce TLB maintenance

Fabiano Rosas (1):

target/arm: gdbstub: Guard M-profile code with CONFIG_TCG

John Högberg (2):

target/arm: Handle IC IVAU to improve compatibility with JITs

tests/tcg/aarch64: Add testcases for IC IVAU and dual-mapped code

Peter Maydell (1):

target/xtensa: Assert that interrupt level is within bounds

Richard Henderson (3):

target/arm: Avoid splitting Zregs across lines in dump

target/arm: Dump ZA[] when active

target/arm: Fix SME full tile indexing

Vikram Garhwal (1):

tests/qtest: xlnx-canfd-test: Fix code coverity issues

hw/arm/sbsa-ref: use XHCI to replace EHCI

docs/system/arm/sbsa.rst | 5 +-

hw/arm/sbsa-ref.c | 23 +++--

hw/misc/allwinner-sramc.c | 1 +

target/arm/cpu.c | 65 ++++++++-----

target/arm/gdbstub.c | 4 +

target/arm/helper.c | 70 +++++++++++---

target/arm/tcg/translate-sme.c | 24 +++--

target/xtensa/exc_helper.c | 3 +

tests/qtest/xlnx-canfd-test.c | 33 +++----

tests/tcg/aarch64/icivau.c | 189 ++++++++++++++++++++++++++++++++++++++

tests/tcg/aarch64/sme-outprod1.c | 83 +++++++++++++++++

hw/arm/Kconfig | 2 +-

tests/tcg/aarch64/Makefile.target | 13 ++-

13 files changed, 436 insertions(+), 79 deletions(-)

create mode 100644 tests/tcg/aarch64/icivau.c

create mode 100644 tests/tcg/aarch64/sme-outprod1.c

The current sbsa-ref cannot use EHCI controller which is only

able to do 32-bit DMA, since sbsa-ref doesn't have RAM below 4GB.

Hence, this uses XHCI to provide a usb controller with 64-bit

DMA capablity instead of EHCI.

We bump the platform version to 0.3 with this change. Although the

hardware at the USB controller address changes, the firmware and

Linux can both cope with this -- on an older non-XHCI-aware

firmware/kernel setup the probe routine simply fails and the guest

proceeds without any USB. (This isn't a loss of functionality,

because the old USB controller never worked in the first place.) So

we can call this a backwards-compatible change and only bump the

minor version.

Signed-off-by: Yuquan Wang <wangyuquan1236@phytium.com.cn>

Message-id: 20230621103847.447508-2-wangyuquan1236@phytium.com.cn

[PMM: tweaked commit message; add line to docs about what

changes in platform version 0.3]

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

docs/system/arm/sbsa.rst | 5 ++++-

hw/arm/sbsa-ref.c | 23 +++++++++++++----------

hw/arm/Kconfig | 2 +-

3 files changed, 18 insertions(+), 12 deletions(-)

@@ -XXX,XX +XXX,XX @@

#include "hw/pci-host/gpex.h"

#include "hw/qdev-properties.h"

#include "hw/usb.h"

+#include "hw/usb/xhci.h"

#include "hw/char/pl011.h"

#include "hw/watchdog/sbsa_gwdt.h"

#include "net/net.h"

@@ -XXX,XX +XXX,XX @@ enum {

SBSA_SECURE_UART_MM,

SBSA_SECURE_MEM,

SBSA_AHCI,

- SBSA_EHCI,

+ SBSA_XHCI,

};

struct SBSAMachineState {

@@ -XXX,XX +XXX,XX @@ static const MemMapEntry sbsa_ref_memmap[] = {

[SBSA_SMMU] = { 0x60050000, 0x00020000 },

/* Space here reserved for more SMMUs */

[SBSA_AHCI] = { 0x60100000, 0x00010000 },

- [SBSA_EHCI] = { 0x60110000, 0x00010000 },

+ [SBSA_XHCI] = { 0x60110000, 0x00010000 },

/* Space here reserved for other devices */

[SBSA_PCIE_PIO] = { 0x7fff0000, 0x00010000 },

/* 32-bit address PCIE MMIO space */

@@ -XXX,XX +XXX,XX @@ static const int sbsa_ref_irqmap[] = {

[SBSA_SECURE_UART] = 8,

[SBSA_SECURE_UART_MM] = 9,

[SBSA_AHCI] = 10,

- [SBSA_EHCI] = 11,

+ [SBSA_XHCI] = 11,

[SBSA_SMMU] = 12, /* ... to 15 */

[SBSA_GWDT_WS0] = 16,

};

@@ -XXX,XX +XXX,XX @@ static void create_fdt(SBSAMachineState *sms)

* fw compatibility.

*/

qemu_fdt_setprop_cell(fdt, "/", "machine-version-major", 0);

- qemu_fdt_setprop_cell(fdt, "/", "machine-version-minor", 2);

+ qemu_fdt_setprop_cell(fdt, "/", "machine-version-minor", 3);

if (ms->numa_state->have_numa_distance) {

int size = nb_numa_nodes * nb_numa_nodes * 3 * sizeof(uint32_t);

@@ -XXX,XX +XXX,XX @@ static void create_ahci(const SBSAMachineState *sms)

}

}

-static void create_ehci(const SBSAMachineState *sms)

+static void create_xhci(const SBSAMachineState *sms)

{

- hwaddr base = sbsa_ref_memmap[SBSA_EHCI].base;

- int irq = sbsa_ref_irqmap[SBSA_EHCI];

+ hwaddr base = sbsa_ref_memmap[SBSA_XHCI].base;

+ int irq = sbsa_ref_irqmap[SBSA_XHCI];

+ DeviceState *dev = qdev_new(TYPE_XHCI_SYSBUS);

- sysbus_create_simple("platform-ehci-usb", base,

- qdev_get_gpio_in(sms->gic, irq));

+ sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);

+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base);

+ sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, qdev_get_gpio_in(sms->gic, irq));

}

static void create_smmu(const SBSAMachineState *sms, PCIBus *bus)

@@ -XXX,XX +XXX,XX @@ static void sbsa_ref_init(MachineState *machine)

create_ahci(sms);

- create_ehci(sms);

+ create_xhci(sms);

create_pcie(sms);

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/Kconfig

+++ b/hw/arm/Kconfig

@@ -XXX,XX +XXX,XX @@ config SBSA_REF

select PL011 # UART

select PL031 # RTC

select PL061 # GPIO

- select USB_EHCI_SYSBUS

+ select USB_XHCI_SYSBUS

select WDT_SBSA

select BOCHS_DISPLAY

From: Akihiko Odaki <akihiko.odaki@daynix.com>

AwSRAMCClass is larger than SysBusDeviceClass so the class size must be

advertised accordingly.

Fixes: 05def917e1 ("hw: arm: allwinner-sramc: Add SRAM Controller support for R40")

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>

Message-id: 20230628110905.38125-1-akihiko.odaki@daynix.com

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/misc/allwinner-sramc.c | 1 +

1 file changed, 1 insertion(+)

diff --git a/hw/misc/allwinner-sramc.c b/hw/misc/allwinner-sramc.c

--- a/hw/misc/allwinner-sramc.c

+++ b/hw/misc/allwinner-sramc.c

@@ -XXX,XX +XXX,XX @@ static const TypeInfo allwinner_sramc_info = {

.parent = TYPE_SYS_BUS_DEVICE,

.instance_init = allwinner_sramc_init,

.instance_size = sizeof(AwSRAMCState),

+ .class_size = sizeof(AwSRAMCClass),

.class_init = allwinner_sramc_class_init,

};

In handle_interrupt() we use level as an index into the interrupt_vector[]

array. This is safe because we have checked it against env->config->nlevel,

but Coverity can't see that (and it is only true because each CPU config

sets its XCHAL_NUM_INTLEVELS to something less than MAX_NLEVELS), so it

complains about a possible array overrun (CID 1507131)

Add an assert() which will make Coverity happy and catch the unlikely

case of a mis-set XCHAL_NUM_INTLEVELS in future.

Acked-by: Max Filippov <jcmvbkbc@gmail.com>

Message-id: 20230623154135.1930261-1-peter.maydell@linaro.org

target/xtensa/exc_helper.c | 3 +++

1 file changed, 3 insertions(+)

diff --git a/target/xtensa/exc_helper.c b/target/xtensa/exc_helper.c

--- a/target/xtensa/exc_helper.c

+++ b/target/xtensa/exc_helper.c

@@ -XXX,XX +XXX,XX @@ static void handle_interrupt(CPUXtensaState *env)

CPUState *cs = env_cpu(env);

if (level > 1) {

+ /* env->config->nlevel check should have ensured this */

+ assert(level < sizeof(env->config->interrupt_vector));

+

env->sregs[EPC1 + level - 1] = env->pc;

env->sregs[EPS2 + level - 2] = env->sregs[PS];

env->sregs[PS] =

From: Vikram Garhwal <vikram.garhwal@amd.com>

Following are done to fix the coverity issues:

1. Change read_data to fix the CID 1512899: Out-of-bounds access (OVERRUN)

2. Fix match_rx_tx_data to fix CID 1512900: Logically dead code (DEADCODE)

3. Replace rand() in generate_random_data() with g_rand_int()

Signed-off-by: Vikram Garhwal <vikram.garhwal@amd.com>

Message-id: 20230628202758.16398-1-vikram.garhwal@amd.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

tests/qtest/xlnx-canfd-test.c | 33 +++++++++++----------------------

1 file changed, 11 insertions(+), 22 deletions(-)

diff --git a/tests/qtest/xlnx-canfd-test.c b/tests/qtest/xlnx-canfd-test.c

--- a/tests/qtest/xlnx-canfd-test.c

+++ b/tests/qtest/xlnx-canfd-test.c

@@ -XXX,XX +XXX,XX @@ static void generate_random_data(uint32_t *buf_tx, bool is_canfd_frame)

/* Generate random TX data for CANFD frame. */

if (is_canfd_frame) {

for (int i = 0; i < CANFD_FRAME_SIZE - 2; i++) {

- buf_tx[2 + i] = rand();

+ buf_tx[2 + i] = g_random_int();

}

} else {

/* Generate random TX data for CAN frame. */

for (int i = 0; i < CAN_FRAME_SIZE - 2; i++) {

- buf_tx[2 + i] = rand();

+ buf_tx[2 + i] = g_random_int();

}

-static void read_data(QTestState *qts, uint64_t can_base_addr, uint32_t *buf_rx)

+static void read_data(QTestState *qts, uint64_t can_base_addr, uint32_t *buf_rx,

+ uint32_t frame_size)

uint32_t int_status;

uint32_t fifo_status_reg_value;

/* At which RX FIFO the received data is stored. */

uint8_t store_ind = 0;

- bool is_canfd_frame = false;

/* Read the interrupt on CANFD rx. */

int_status = qtest_readl(qts, can_base_addr + R_ISR_OFFSET) & ISR_RXOK;

@@ -XXX,XX +XXX,XX @@ static void read_data(QTestState *qts, uint64_t can_base_addr, uint32_t *buf_rx)

buf_rx[0] = qtest_readl(qts, can_base_addr + R_RX0_ID_OFFSET);

buf_rx[1] = qtest_readl(qts, can_base_addr + R_RX0_DLC_OFFSET);

- is_canfd_frame = (buf_rx[1] >> DLC_FD_BIT_SHIFT) & 1;

-

- if (is_canfd_frame) {

- for (int i = 0; i < CANFD_FRAME_SIZE - 2; i++) {

- buf_rx[i + 2] = qtest_readl(qts,

- can_base_addr + R_RX0_DATA1_OFFSET + 4 * i);

- }

- } else {

- buf_rx[2] = qtest_readl(qts, can_base_addr + R_RX0_DATA1_OFFSET);

- buf_rx[3] = qtest_readl(qts, can_base_addr + R_RX0_DATA2_OFFSET);

+ for (int i = 0; i < frame_size - 2; i++) {

+ buf_rx[i + 2] = qtest_readl(qts,

+ can_base_addr + R_RX0_DATA1_OFFSET + 4 * i);

}

/* Clear the RX interrupt. */

@@ -XXX,XX +XXX,XX @@ static void match_rx_tx_data(const uint32_t *buf_tx, const uint32_t *buf_rx,

g_assert_cmpint((buf_rx[size] & DLC_FD_BIT_MASK), ==,

(buf_tx[size] & DLC_FD_BIT_MASK));

} else {

- if (!is_canfd_frame && size == 4) {

- break;

- }

-

g_assert_cmpint(buf_rx[size], ==, buf_tx[size]);

}

@@ -XXX,XX +XXX,XX @@ static void test_can_data_transfer(void)

write_data(qts, CANFD0_BASE_ADDR, buf_tx, false);

send_data(qts, CANFD0_BASE_ADDR);

- read_data(qts, CANFD1_BASE_ADDR, buf_rx);

+ read_data(qts, CANFD1_BASE_ADDR, buf_rx, CAN_FRAME_SIZE);

match_rx_tx_data(buf_tx, buf_rx, false);

qtest_quit(qts);

@@ -XXX,XX +XXX,XX @@ static void test_canfd_data_transfer(void)

write_data(qts, CANFD0_BASE_ADDR, buf_tx, true);

send_data(qts, CANFD0_BASE_ADDR);

- read_data(qts, CANFD1_BASE_ADDR, buf_rx);

+ read_data(qts, CANFD1_BASE_ADDR, buf_rx, CANFD_FRAME_SIZE);

match_rx_tx_data(buf_tx, buf_rx, true);

qtest_quit(qts);

@@ -XXX,XX +XXX,XX @@ static void test_can_loopback(void)

write_data(qts, CANFD0_BASE_ADDR, buf_tx, true);

send_data(qts, CANFD0_BASE_ADDR);

- read_data(qts, CANFD0_BASE_ADDR, buf_rx);

+ read_data(qts, CANFD0_BASE_ADDR, buf_rx, CANFD_FRAME_SIZE);

match_rx_tx_data(buf_tx, buf_rx, true);

generate_random_data(buf_tx, true);

@@ -XXX,XX +XXX,XX @@ static void test_can_loopback(void)

write_data(qts, CANFD1_BASE_ADDR, buf_tx, true);

send_data(qts, CANFD1_BASE_ADDR);

- read_data(qts, CANFD1_BASE_ADDR, buf_rx);

+ read_data(qts, CANFD1_BASE_ADDR, buf_rx, CANFD_FRAME_SIZE);

match_rx_tx_data(buf_tx, buf_rx, true);

qtest_quit(qts);

From: Fabiano Rosas <farosas@suse.de>

This code is only relevant when TCG is present in the build. Building

with --disable-tcg --enable-xen on an x86 host we get:

$ ../configure --target-list=x86_64-softmmu,aarch64-softmmu --disable-tcg --enable-xen

$ make -j$(nproc)

...

libqemu-aarch64-softmmu.fa.p/target_arm_gdbstub.c.o: in function `m_sysreg_ptr':

../target/arm/gdbstub.c:358: undefined reference to `arm_v7m_get_sp_ptr'

../target/arm/gdbstub.c:361: undefined reference to `arm_v7m_get_sp_ptr'

libqemu-aarch64-softmmu.fa.p/target_arm_gdbstub.c.o: in function `arm_gdb_get_m_systemreg':

../target/arm/gdbstub.c:405: undefined reference to `arm_v7m_mrs_control'

Signed-off-by: Fabiano Rosas <farosas@suse.de>

Message-id: 20230628164821.16771-1-farosas@suse.de

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

target/arm/gdbstub.c | 4 ++++

1 file changed, 4 insertions(+)

diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c

--- a/target/arm/gdbstub.c

+++ b/target/arm/gdbstub.c

@@ -XXX,XX +XXX,XX @@ static int arm_gen_dynamic_sysreg_xml(CPUState *cs, int base_reg)

return cpu->dyn_sysreg_xml.num;

}

+#ifdef CONFIG_TCG

typedef enum {

M_SYSREG_MSP,

M_SYSREG_PSP,

@@ -XXX,XX +XXX,XX @@ static int arm_gen_dynamic_m_secextreg_xml(CPUState *cs, int orig_base_reg)

return cpu->dyn_m_secextreg_xml.num;

}

#endif

+#endif /* CONFIG_TCG */

const char *arm_gdb_get_dynamic_xml(CPUState *cs, const char *xmlname)

{

@@ -XXX,XX +XXX,XX @@ void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)

arm_gen_dynamic_sysreg_xml(cs, cs->gdb_num_regs),

"system-registers.xml", 0);

+#ifdef CONFIG_TCG

if (arm_feature(env, ARM_FEATURE_M) && tcg_enabled()) {

gdb_register_coprocessor(cs,

arm_gdb_get_m_systemreg, arm_gdb_set_m_systemreg,

@@ -XXX,XX +XXX,XX @@ void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)

}

#endif

}

+#endif /* CONFIG_TCG */

From: John Högberg <john.hogberg@ericsson.com>

https://gitlab.com/qemu-project/qemu/-/issues/1034

Signed-off-by: John Högberg <john.hogberg@ericsson.com>

Message-id: 168778890374.24232.3402138851538068785-2@git.sr.ht

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

[PMM: fixed typo in comment]

tests/tcg/aarch64/icivau.c | 189 ++++++++++++++++++++++++++++++

tests/tcg/aarch64/Makefile.target | 3 +-

2 files changed, 191 insertions(+), 1 deletion(-)

create mode 100644 tests/tcg/aarch64/icivau.c

diff --git a/tests/tcg/aarch64/icivau.c b/tests/tcg/aarch64/icivau.c

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/tests/tcg/aarch64/icivau.c

@@ -XXX,XX +XXX,XX @@

+/*

+ * Tests the IC IVAU-driven workaround for catching changes made to dual-mapped

+ * code that would otherwise go unnoticed in user mode.

+ *

+ * Copyright (c) 2023 Ericsson AB

+ * SPDX-License-Identifier: GPL-2.0-or-later

+ */

+

+#include <sys/mman.h>

+#include <sys/stat.h>

+#include <string.h>

+#include <stdint.h>

+#include <stdlib.h>

+#include <unistd.h>

+#include <fcntl.h>

+

+#define MAX_CODE_SIZE 128

+

+typedef int (SelfModTest)(uint32_t, uint32_t*);

+typedef int (BasicTest)(int);

+

+static void mark_code_modified(const uint32_t *exec_data, size_t length)

+{

+ int dc_required, ic_required;

+ unsigned long ctr_el0;

+

+ /*

+ * Clear the data/instruction cache, as indicated by the CTR_ELO.{DIC,IDC}

+ * flags.

+ *

+ * For completeness we might be tempted to assert that we should fail when

+ * the whole code update sequence is omitted, but that would make the test

+ * flaky as it can succeed by coincidence on actual hardware.

+ */

+ asm ("mrs %0, ctr_el0\n" : "=r"(ctr_el0));

+

+ /* CTR_EL0.IDC */

+ dc_required = !((ctr_el0 >> 28) & 1);

+

+ /* CTR_EL0.DIC */

+ ic_required = !((ctr_el0 >> 29) & 1);

+

+ if (dc_required) {

+ size_t dcache_stride, i;

+

+ /*

+ * Step according to the minimum cache size, as the cache maintenance

+ * instructions operate on the cache line of the given address.

+ *

+ * We assume that exec_data is properly aligned.

+ */

+ dcache_stride = (4 << ((ctr_el0 >> 16) & 0xF));

+

+ for (i = 0; i < length; i += dcache_stride) {

+ const char *dc_addr = &((const char *)exec_data)[i];

+ asm volatile ("dc cvau, %x[dc_addr]\n"

+ : /* no outputs */

+ : [dc_addr] "r"(dc_addr)

+ : "memory");

+ }

+

+ asm volatile ("dmb ish\n");

+ }

+

+ if (ic_required) {

+ size_t icache_stride, i;

+

+ icache_stride = (4 << (ctr_el0 & 0xF));

+

+ for (i = 0; i < length; i += icache_stride) {

+ const char *ic_addr = &((const char *)exec_data)[i];

+ asm volatile ("ic ivau, %x[ic_addr]\n"

+ : /* no outputs */

+ : [ic_addr] "r"(ic_addr)

+ : "memory");

+ }

+

+ asm volatile ("dmb ish\n");

+ }

+

+ asm volatile ("isb sy\n");

+}

+

+static int basic_test(uint32_t *rw_data, const uint32_t *exec_data)

+{

+ /*

+ * As user mode only misbehaved for dual-mapped code when previously

+ * translated code had been changed, we'll start off with this basic test

+ * function to ensure that there's already some translated code at

+ * exec_data before the next test. This should cause the next test to fail

+ * if `mark_code_modified` fails to invalidate the code.

+ *

+ * Note that the payload is in binary form instead of inline assembler

+ * because we cannot use __attribute__((naked)) on this platform and the

+ * workarounds are at least as ugly as this is.

+ */

+ static const uint32_t basic_payload[] = {

+ 0xD65F03C0 /* 0x00: RET */

+ };

+

+ BasicTest *copied_ptr = (BasicTest *)exec_data;

+

+ memcpy(rw_data, basic_payload, sizeof(basic_payload));

+ mark_code_modified(exec_data, sizeof(basic_payload));

+

+ return copied_ptr(1234) == 1234;

+}

+

+static int self_modification_test(uint32_t *rw_data, const uint32_t *exec_data)

+{

+ /*

+ * This test is self-modifying in an attempt to cover an edge case where

+ * the IC IVAU instruction invalidates itself.

+ *

+ * Note that the IC IVAU instruction is 16 bytes into the function, in what

+ * will be the same cache line as the modified instruction on machines with

+ * a cache line size >= 16 bytes.

+ */

+ static const uint32_t self_mod_payload[] = {

+ /* Overwrite the placeholder instruction with the new one. */

+ 0xB9001C20, /* 0x00: STR w0, [x1, 0x1C] */

+

+ /* Get the executable address of the modified instruction. */

+ 0x100000A8, /* 0x04: ADR x8, <0x1C> */

+

+ /* Mark the modified instruction as updated. */

+ 0xD50B7B28, /* 0x08: DC CVAU x8 */

+ 0xD5033BBF, /* 0x0C: DMB ISH */

+ 0xD50B7528, /* 0x10: IC IVAU x8 */

+ 0xD5033BBF, /* 0x14: DMB ISH */

+ 0xD5033FDF, /* 0x18: ISB */

+

+ /* Placeholder instruction, overwritten above. */

+ 0x52800000, /* 0x1C: MOV w0, 0 */

+

+ 0xD65F03C0 /* 0x20: RET */

+ };

+

+ SelfModTest *copied_ptr = (SelfModTest *)exec_data;

+ int i;

+

+ memcpy(rw_data, self_mod_payload, sizeof(self_mod_payload));

+ mark_code_modified(exec_data, sizeof(self_mod_payload));

+

+ for (i = 1; i < 10; i++) {

+ /* Replace the placeholder instruction with `MOV w0, i` */

+ uint32_t new_instr = 0x52800000 | (i << 5);

+

+ if (copied_ptr(new_instr, rw_data) != i) {

+ return 0;

+ }

+ }

+

+ return 1;

+}

+

+int main(int argc, char **argv)

+{

+ const char *shm_name = "qemu-test-tcg-aarch64-icivau";

+ int fd;

+

+ fd = shm_open(shm_name, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);

+

+ if (fd < 0) {

+ return EXIT_FAILURE;

+ }

+

+ /* Unlink early to avoid leaving garbage in case the test crashes. */

+ shm_unlink(shm_name);

+

+ if (ftruncate(fd, MAX_CODE_SIZE) == 0) {

+ const uint32_t *exec_data;

+ uint32_t *rw_data;

+

+ rw_data = mmap(0, MAX_CODE_SIZE, PROT_READ | PROT_WRITE,

+ MAP_SHARED, fd, 0);

+ exec_data = mmap(0, MAX_CODE_SIZE, PROT_READ | PROT_EXEC,

+ MAP_SHARED, fd, 0);

+

+ if (rw_data && exec_data) {

+ if (basic_test(rw_data, exec_data) &&

+ self_modification_test(rw_data, exec_data)) {

+ return EXIT_SUCCESS;

+ }

+ }

+ }

+

+ return EXIT_FAILURE;

+}

diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target

--- a/tests/tcg/aarch64/Makefile.target

+++ b/tests/tcg/aarch64/Makefile.target

@@ -XXX,XX +XXX,XX @@ AARCH64_SRC=$(SRC_PATH)/tests/tcg/aarch64

VPATH         += $(AARCH64_SRC)

# Base architecture tests

-AARCH64_TESTS=fcvt pcalign-a64

+AARCH64_TESTS=fcvt pcalign-a64 icivau

fcvt: LDFLAGS+=-lm

+icivau: LDFLAGS+=-lrt

run-fcvt: fcvt

    $(call run-test,$<,$(QEMU) $<, "$< on $(TARGET_NAME)")