Call the helper_hyp_tlb_flush() function on hfence instructions which
will generate an illegal insruction execption if we don't have
permission to flush the Hypervisor level TLBs.
Backports commit 2761db5fc20943bbd606b6fd49640ac000398de6 from qemu
The function that makes NaN-boxing when a 32-bit value is assigned
to a 64-bit FP register is split out to a helper gen_nanbox_fpr().
Then it is applied in translating of the FLW instruction.
Backports commit 354908cee1f7ff761b5fedbdb6376c378c10f941 from qemu
The RISC-V ISA spec version 1.09.1 has been deprecated in QEMU since
4.1. It's not commonly used so let's remove support for it.
Backports commit 1a9540d1f1a9c5022d9273d0244e5809679dd33b from qemu
The sifive-e34 cpu type is the same as the sifive-e31 with the
single precision floating-point extension enabled.
Backports commit d784733bf1875c1ba355c69739518f24d56f1260 from qemu
Remove the user version information. This was never used and never
publically exposed in a release of QEMU, so let's just remove it. In
future to manage versions we can extend the extension properties to
specify version.
Backports commit c9a73910c34a2147bcf6a3b5194d27abb19c2e54 from qemu
As-per RISC-V H-Extension v0.5 draft, the Stage2 SV32 page table has
12bits of VPN[1] and 10bits of VPN[0]. The additional 2bits in VPN[1]
is required to handle the 34bit intermediate physical address coming
from Stage1 SV32 page table. The 12bits of VPN[1] implies that Stage2
SV32 level-0 page table will be 16KB in size with total 4096 enteries
where each entry maps 4MB of memory (same as Stage1 SV32 page table).
The get_physical_address() function is broken for Stage2 SV32 level-0
page table because it incorrectly computes output physical address for
Stage2 SV32 level-0 page table entry.
The root cause of the issue is that get_physical_address() uses the
"widened" variable to compute level-0 physical address mapping which
changes level-0 mapping size (instead of 4MB). We should use the
"widened" variable only for computing index of Stage2 SV32 level-0
page table.
Backports commit ee79e7cd47ef47074d7c20c221321c5d31d3683d from qemu
Take the result of stage-1 and stage-2 page table walks and AND the two
protection flags together. This way we require both to set permissions
instead of just stage-2.
Backports commit 8f67cd6db7375f9133d900b13b300931fbc2e1d8 from qemu
When doing the fist of a two stage lookup (Hypervisor extensions) don't
set the current protection flags from the second stage lookup of the
base address PTE.
Backports commit 384728905441279e54fa3d714b11bf1b1bcbfd27 from qemu
Currently riscv_cpu_local_irq_pending is used to find out pending
interrupt and VS mode interrupts are being shifted to represent
S mode interrupts in this function. So when the cause returned by
this function is passed to riscv_cpu_do_interrupt to actually
forward the interrupt, the VS mode forwarding check does not work
as intended and interrupt is actually forwarded to hypervisor. This
patch fixes this issue.
Backports commit c5969a3a3c2cb9ea02ffb7e86acb059d3cf8c264 from qemu
As reported in: https://bugs.launchpad.net/qemu/+bug/1851939 we weren't
correctly handling illegal instructions based on the value of MSTATUS_TSR
and the current privledge level.
This patch fixes the issue raised in the bug by raising an illegal
instruction if TSR is set and we are in S-Mode.
Backports commit ed5abf46b3c414ef58e647145f19b3966700b206 from qemu
Currently, TIME CSRs are emulated only for user-only mode. This
patch add TIME CSRs emulation for privileged mode.
For privileged mode, the TIME CSRs will return value provided
by rdtime callback which is registered by QEMU machine/platform
emulation (i.e. CLINT emulation). If rdtime callback is not
available then the monitor (i.e. OpenSBI) will trap-n-emulate
TIME CSRs in software.
We see 25+% performance improvement in hackbench numbers when
TIME CSRs are not trap-n-emulated.
Backports commit c695724868ce4049fd79c5a509880dbdf171e744 from qemu
Add a helper macro MSTATUS_MPV_ISSET() which will determine if the
MSTATUS_MPV bit is set for both 32-bit and 64-bit RISC-V.
Backports commit e44b50b5b2e508fdd24915ab0e44ac49685e1de3 from qemu
mark_fs_dirty() is the only place in translate.c that uses the
virt_enabled bool. Let's respect the contents of MSTATUS.MPRV and
HSTATUS.SPRV when setting the bool as this is used for performing
floating point operations when V=0.
Backports commit ae84dd0ab7eaf7e98cd6ee05b2063cce8ff9bc02 from qemu
When the Hypervisor extension is in use we only enable floating point
support when both status and vsstatus have enabled floating point
support.
Backports commit 29409c1d921d607873268671bf11a088efb5558e from qemu
The hret instruction does not exist in the new spec versions, so remove
it from QEMU.
Backports commit 0736febb2d0e1bb503ca07091c16a16e78480366 from qemu
To ensure our TLB isn't out-of-date we flush it on all virt mode
changes. Unlike priv mode this isn't saved in the mmu_idx as all
guests share V=1. The easiest option is just to flush on all changes.
Backports commit eccc5a12c2fd1c646c69a1e7de29183b7a559973 from qemu
Add a FORCE_HS_EXCEP mode to the RISC-V virtulisation status. This bit
specifies if an exeption should be taken to HS mode no matter the
current delegation status. This is used when an exeption must be taken
to HS mode, such as when handling interrupts.
Backports commit c7b1bbc80fc2af17395d3986c346fd2307e57829 from qemu
Add the Hypervisor CSRs to CPUState and at the same time (to avoid
bisect issues) update the CSR macros for the v0.5 Hyp spec.
Backports commit bd023ce33b85d73791b7bc78fd04a8115c60995e from qemu
The MIP CSR is a xlen CSR, it was only 32-bits to allow atomic access.
Now that we don't use atomics for MIP we can change this back to a xlen
CSR.
Backports commit 028616130d5f0abc8a3b96f28963da51a875024b from qemu