On m68k there are two varities of stack pointers: USP with SSP or ISP/MSP.
Only the 68020/30/40 support the MSP register the stack swap helpers don't
support this feature.
This patch adds this support, as well as comments to CPUM68KState to
make it clear how stacks are handled
Backports 7525a9b94c0c5733b8450c9451ca1de334f71ed8
Add CPU class detection for each CR type in the m68k_move_to/from helpers,
so that it throws and exception if an unsupported register is requested
for that CPU class.
Reclassified MOVEC insn. as only supported from 68010.
Backports 8df0e6aedad33c6746f4bc2a4d0cfdd432877084
The BUSCR/PCR CR defines were missing for 68060, and the move_to/from helper
functions were also missing a decode for the 68060 M68K_CR_CAAR CR register.
Added missing defines, and respective decodes for all three CR registers to
the helpers.
Although this patch defines them, the implementation is empty in this patch
and these registers will result in a cpu abort - which is the default prior
to this patch.
This patch aims to reach full coverage of all CR registers within the helpers.
Backports 5736526ce2da32205022b10dcdf9807e735e451a
Add more detailed comments to each case of m68k_move_to/from helpers to list
the supported CPUs for that CR as they were wrong in some cases, and
missing some cpu classes in other cases.
Backports 60d8e96453d090f71027f95e47e5ddbe17f670e3
Improvement in comments for the instantiation functions.
This is to highlight what each cpu class, in the 68000 series, contains
in terms of instructions/features.
Backports ee2fc6c6da8b2d6f961c8559d62e990c65f67736
Move the feature comment from after the feature name to the preceding line to
allow for longer feature names and descriptions without hitting the 80
character line limit.
Backports 469949c90252d80693aa70652d8251d1d602557e
If a NuBus slot doesn't contain a card, the Quadra hardware generates a physical
bus error if the CPU attempts to access the slot address space. Both Linux and
MacOS use a separate bus error handler during NuBus accesses in order to detect
and recover when addressing empty slots.
According to the MC68040 users manual the ATC bit of the SSW is used to
distinguish between ATC faults and physical bus errors. MacOS specifically checks
the stack frame generated by a NuBus error and panics if the SSW ATC bit is set.
Update m68k_cpu_transaction_failed() so that the SSW ATC bit is not set if the
memory API returns MEMTX_DECODE_ERROR which will be used to indicate that an
access to an empty NuBus slot occurred.
Backports d6cbd8f7a19e6f0fd22a598aad992c4913f481f2
This is needed to boot MacOS ROM.
Pull the condition code and the program counter from the stack.
Operation:
(SP) -> CCR
SP + 2 -> SP
(SP) -> PC
SP + 4 -> SP
This operation is not privileged.
Backports 6abcec36741e589c855084e59195fc3454bf4be6
As per the privilege specification, any access from S/U mode should fail
if no pmp region is configured.
Backports d102f19a2085ac931cb998e6153b73248cca49f1
Update the function definitions generated in helper.h to match the
actual function implementations.
Also remove all compile time XLEN checks when building.
Backports 5b6c291b8db8effff625db321be232e0c4dcdb6c
The TW and TSR fields should be bits 21 and 22 and not 30/29.
This was found while comparing QEMU behaviour against the sail formal
model (https://github.com/rems-project/sail-riscv/).
Backports 529577457cbba9e429af629c46204f63e50fa832
We found that the hypervisor virtual-machine load and store instructions,
included HLVX/HLV/HSV, couldn't access guest userspace memory.
In the riscv-privileged spec, HLVX/HLV/HSV is defined as follow:
"As usual when V=1, two-stage address translation is applied, and
the HS-level sstatus.SUM is ignored."
But get_physical_address() doesn't ignore sstatus.SUM, when HLVX/HLV/HSV
accesses guest userspace memory. So this patch fixes it.
Backports c63ca4ff7f81116c26984973052991ff0bd7caec
Split the hypervisor execute load functions into two seperate functions.
This avoids us having to pass the memop to the C helper functions.
Backports 7687537ab0c16e0b1e69e7707456573a64b8e13b
Remove the special Virtulisation load and store functions and just use
the standard tcg tcg_gen_qemu_ld_tl() and tcg_gen_qemu_st_tl() functions
instead.
As part of this change we ensure we still run an access check to make
sure we can perform the operations.
Backports 743077b35b1ed88ed243daefafe9403d88a958f6
The HS_TWO_STAGE flag is no longer required as the MMU index contains
the information if we are performing a two stage access.
Backports 1c1c060aa866986ef8b7eb334abbb8c104a46e5c
When performing the hypervisor load/store operations set the MMU mode to
indicate that we are virtualised.
Backports 3e5979046f3f5f65828d3950d0c3ec9846d63715
mstatus/mstatush and vsstatus/vsstatush are two halved for RISCV32.
This patch expands mstatus and vsstatus to uint64_t instead of
target_ulong so that it can be saved as one unit and reduce some
ifdefs in the code.
Backports 284d697c74ef3f4210cbccc5cd6b4894740e4ab3
VS-stage translation at get_physical_address needs to translate pte
address by G-stage translation. But the G-stage translation error
can not be distinguished from VS-stage translation error in
riscv_cpu_tlb_fill. On migration, destination needs to rebuild pte,
and this G-stage translation error must be handled by HS-mode. So
introduce TRANSLATE_STAGE2_FAIL so that riscv_cpu_tlb_fill could
distinguish and raise it to HS-mode.
Backports 33a9a57d2c31ec9ed68858911dc490b5de15f342
The HLVX.WU instruction is supposed to read a machine word,
but prior to this change it read a byte instead.
Fixes: 8c5362acb57 ("target/riscv: Allow generating hlv/hlvx/hsv instructions")
Backports 1da46012eaaeb2feb3aa6a5a8fc0a03200b673aa
When trapping from virt into HS mode, hstatus.SPVP was set to
the value of sstatus.SPP, as according to the specification both
flags should be set to the same value.
However, the assignment of SPVP takes place before SPP itself is
updated, which results in SPVP having an outdated value.
Backports ace544532c4064e995ef69ec9dc93aad62e19988
Currently we log interrupts and exceptions using the trace backend in
riscv_cpu_do_interrupt(). We also log exceptions using the interrupt log
mask (-d int) in riscv_raise_exception().
This patch converts riscv_cpu_do_interrupt() to log both interrupts and
exceptions with the interrupt log mask, so that both are printed when a
user runs QEMU with -d int.
Backports 69430111ab2fe3f32548a0e70437655d0d937a6a
clang's C11 atomic_fetch_*() functions only take a C11 atomic type
pointer argument. QEMU uses direct types (int, etc) and this causes a
compiler error when a QEMU code calls these functions in a source file
that also included <stdatomic.h> via a system header file:
$ CC=clang CXX=clang++ ./configure ... && make
../util/async.c:79:17: error: address argument to atomic operation must be a pointer to _Atomic type ('unsigned int *' invalid)
Avoid using atomic_*() names in QEMU's atomic.h since that namespace is
used by <stdatomic.h>. Prefix QEMU's APIs with 'q' so that atomic.h
and <stdatomic.h> can co-exist. I checked /usr/include on my machine and
searched GitHub for existing "qatomic_" users but there seem to be none.
This patch was generated using:
$ git grep -h -o '\<atomic\(64\)\?_[a-z0-9_]\+' include/qemu/atomic.h | \
sort -u >/tmp/changed_identifiers
$ for identifier in $(</tmp/changed_identifiers); do
sed -i "s%\<$identifier\>%q$identifier%g" \
$(git grep -I -l "\<$identifier\>")
done
I manually fixed line-wrap issues and misaligned rST tables.
Backports d73415a315471ac0b127ed3fad45c8ec5d711de1
At present the CLINT timestamp is using a hard-coded timebase
frequency value SIFIVE_CLINT_TIMEBASE_FREQ. This might not be
true for all boards.
Add a new 'timebase-freq' property to the CLINT device, and
update various functions to accept this as a parameter.
Backports a47ef6e93ab2ca1db8d5ecb61fda3c41f926a26b
Currently the reset vector address is hard-coded in a RISC-V CPU's
instance_init() routine. In a real world we can have 2 exact same
CPUs except for the reset vector address, which is pretty common in
the RISC-V core IP licensing business.
Normally reset vector address is a configurable parameter. Let's
create a 64-bit property to store the reset vector address which
covers both 32-bit and 64-bit CPUs.
Backports 9b4c9b2b2a50fe4eb90d0ac2d8723b46ecb42511
When performing a CSR access let's return a negative exception value on
an error instead of -1. This will allow us to specify the exception in
future patches.
Backports 57cb2083e638bb28616c059cbf067d99552a04bb
The minimum granularity of PMP is 4 bytes, it is small than 4KB page
size, therefore, the pmp checking would be ignored if its range doesn't
start from the alignment of one page. This patch detects the pmp entries
and sets the small page size to TLB if there is a PMP entry which cover
the page size.
Backports af3fc195e3c8e98b62eca3e4ee927f1965381dc3
The real physical address should add the 12 bits page offset. It also
causes the PMP wrong checking due to the minimum granularity of PMP is
4 byte, but we always get the physical address which is 4KB alignment,
that means, we always use the start address of the page to check PMP for
all addresses which in the same page.
Backports 9ef82119b10d996cef63af679af5c1a7a85e6c19
First, sizeof(target_ulong) equals to 4 on riscv32, so this change
does not change the function on riscv32. Second, sizeof(target_ulong)
equals to 8 on riscv64, and 'reg_index * 8 + i' is not a legal
pmp_index (we will explain later), which should be 'reg_index * 4 + i'.
If the parameter reg_index equals to 2 (means that we will change the
value of pmpcfg2, or the second pmpcfg on riscv64), then
pmpcfg_csr_write(env, 2, val) will map write tasks to
pmp_write_cfg(env, 2 * 8 + [0...7], val). However, no cfg csr is indexed
by value 16 or 23 on riscv64, so we consider it as a bug.
We are looking for constant (e.g., define a new constant named
RISCV_WORD_SIZE) in QEMU to help others understand code better,
but none was found. A possible good explanation of this literal is it is
the minimum word length on riscv is 4 bytes (32 bit).
Backports fdd33b86b20d153b131fc6259aea7a0084ab14b8
If a 32-bit input is not properly nanboxed, then the input is replaced
with the default qnan. The only inline expansion is for the sign-changing
set of instructions: FSGNJ.S, FSGNJX.S, FSGNJN.S.
Backports ffe70e4dfc9cf2a6934e674b81b69c847b403c4b