From 298c31de9871b971b86356164633b9a5861af3db Mon Sep 17 00:00:00 2001 From: John Millikin Date: Thu, 4 Aug 2022 21:29:51 +0900 Subject: [PATCH 01/96] scsi-disk: support setting CD-ROM block size via device options SunOS expects CD-ROM devices to have a block size of 512, and will fail to mount or install using QEMU's default block size of 2048. When initializing the SCSI device, allow the `physical_block_size' block device option to override the default block size. Signed-off-by: John Millikin Message-Id: <20220804122950.1577012-1-john@john-millikin.com> Signed-off-by: Paolo Bonzini --- hw/scsi/scsi-disk.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index 399e1787ea..e493c28814 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -2544,6 +2544,7 @@ static void scsi_cd_realize(SCSIDevice *dev, Error **errp) SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev); AioContext *ctx; int ret; + uint32_t blocksize = 2048; if (!dev->conf.blk) { /* Anonymous BlockBackend for an empty drive. As we put it into @@ -2553,9 +2554,13 @@ static void scsi_cd_realize(SCSIDevice *dev, Error **errp) assert(ret == 0); } + if (dev->conf.physical_block_size != 0) { + blocksize = dev->conf.physical_block_size; + } + ctx = blk_get_aio_context(dev->conf.blk); aio_context_acquire(ctx); - s->qdev.blocksize = 2048; + s->qdev.blocksize = blocksize; s->qdev.type = TYPE_ROM; s->features |= 1 << SCSI_DISK_F_REMOVABLE; if (!s->product) { From 12f89a39cf3c5760cba82ce68929d748961f62df Mon Sep 17 00:00:00 2001 From: Chenyi Qiang Date: Thu, 29 Sep 2022 15:20:11 +0800 Subject: [PATCH 02/96] i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault For the direct triple faults, i.e. hardware detected and KVM morphed to VM-Exit, KVM will never lose them. But for triple faults sythesized by KVM, e.g. the RSM path, if KVM exits to userspace before the request is serviced, userspace could migrate the VM and lose the triple fault. A new flag KVM_VCPUEVENT_VALID_TRIPLE_FAULT is defined to signal that the event.triple_fault_pending field contains a valid state if the KVM_CAP_X86_TRIPLE_FAULT_EVENT capability is enabled. Acked-by: Peter Xu Signed-off-by: Chenyi Qiang Message-Id: <20220929072014.20705-2-chenyi.qiang@intel.com> Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 1 + target/i386/cpu.h | 1 + target/i386/kvm/kvm.c | 20 ++++++++++++++++++++ target/i386/machine.c | 20 ++++++++++++++++++++ 4 files changed, 42 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index ad623d91e4..06884177fa 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6017,6 +6017,7 @@ static void x86_cpu_reset(DeviceState *dev) env->exception_has_payload = false; env->exception_payload = 0; env->nmi_injected = false; + env->triple_fault_pending = false; #if !defined(CONFIG_USER_ONLY) /* We hard-wire the BSP to the first CPU. */ apic_designate_bsp(cpu->apic_state, s->cpu_index == 0); diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 82004b65b9..d4124973ce 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -1739,6 +1739,7 @@ typedef struct CPUArchState { uint8_t has_error_code; uint8_t exception_has_payload; uint64_t exception_payload; + uint8_t triple_fault_pending; uint32_t ins_len; uint32_t sipi_vector; bool tsc_valid; diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index f2a96492ce..3ebe8b7f1f 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -132,6 +132,7 @@ static int has_xcrs; static int has_pit_state2; static int has_sregs2; static int has_exception_payload; +static int has_triple_fault_event; static bool has_msr_mcg_ext_ctl; @@ -2479,6 +2480,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s) } } + has_triple_fault_event = kvm_check_extension(s, KVM_CAP_X86_TRIPLE_FAULT_EVENT); + if (has_triple_fault_event) { + ret = kvm_vm_enable_cap(s, KVM_CAP_X86_TRIPLE_FAULT_EVENT, 0, true); + if (ret < 0) { + error_report("kvm: Failed to enable triple fault event cap: %s", + strerror(-ret)); + return ret; + } + } + ret = kvm_get_supported_msrs(s); if (ret < 0) { return ret; @@ -4295,6 +4306,11 @@ static int kvm_put_vcpu_events(X86CPU *cpu, int level) } } + if (has_triple_fault_event) { + events.flags |= KVM_VCPUEVENT_VALID_TRIPLE_FAULT; + events.triple_fault.pending = env->triple_fault_pending; + } + return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events); } @@ -4364,6 +4380,10 @@ static int kvm_get_vcpu_events(X86CPU *cpu) } } + if (events.flags & KVM_VCPUEVENT_VALID_TRIPLE_FAULT) { + env->triple_fault_pending = events.triple_fault.pending; + } + env->sipi_vector = events.sipi_vector; return 0; diff --git a/target/i386/machine.c b/target/i386/machine.c index cecd476e98..310b125235 100644 --- a/target/i386/machine.c +++ b/target/i386/machine.c @@ -1562,6 +1562,25 @@ static const VMStateDescription vmstate_arch_lbr = { } }; +static bool triple_fault_needed(void *opaque) +{ + X86CPU *cpu = opaque; + CPUX86State *env = &cpu->env; + + return env->triple_fault_pending; +} + +static const VMStateDescription vmstate_triple_fault = { + .name = "cpu/triple_fault", + .version_id = 1, + .minimum_version_id = 1, + .needed = triple_fault_needed, + .fields = (VMStateField[]) { + VMSTATE_UINT8(env.triple_fault_pending, X86CPU), + VMSTATE_END_OF_LIST() + } +}; + const VMStateDescription vmstate_x86_cpu = { .name = "cpu", .version_id = 12, @@ -1706,6 +1725,7 @@ const VMStateDescription vmstate_x86_cpu = { &vmstate_amx_xtile, #endif &vmstate_arch_lbr, + &vmstate_triple_fault, NULL } }; From 3dba0a335cf5c53146b606be6ddfab4df81c464e Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 29 Sep 2022 15:20:12 +0800 Subject: [PATCH 03/96] kvm: allow target-specific accelerator properties Several hypervisor capabilities in KVM are target-specific. When exposed to QEMU users as accelerator properties (i.e. -accel kvm,prop=value), they should not be available for all targets. Add a hook for targets to add their own properties to -accel kvm, for now no such property is defined. Signed-off-by: Paolo Bonzini Message-Id: <20220929072014.20705-3-chenyi.qiang@intel.com> Signed-off-by: Paolo Bonzini --- accel/kvm/kvm-all.c | 2 ++ include/sysemu/kvm.h | 2 ++ target/arm/kvm.c | 4 ++++ target/i386/kvm/kvm.c | 4 ++++ target/mips/kvm.c | 4 ++++ target/ppc/kvm.c | 4 ++++ target/riscv/kvm.c | 4 ++++ target/s390x/kvm/kvm.c | 4 ++++ 8 files changed, 28 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 423fb1936f..03a69cf053 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -3731,6 +3731,8 @@ static void kvm_accel_class_init(ObjectClass *oc, void *data) NULL, NULL); object_class_property_set_description(oc, "dirty-ring-size", "Size of KVM dirty page ring buffer (default: 0, i.e. use bitmap)"); + + kvm_arch_accel_class_init(oc); } static const TypeInfo kvm_accel_type = { diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index 790d35ef78..e9a97eda8c 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -349,6 +349,8 @@ bool kvm_device_supported(int vmfd, uint64_t type); extern const KVMCapabilityInfo kvm_arch_required_capabilities[]; +void kvm_arch_accel_class_init(ObjectClass *oc); + void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run); MemTxAttrs kvm_arch_post_run(CPUState *cpu, struct kvm_run *run); diff --git a/target/arm/kvm.c b/target/arm/kvm.c index e5c1bd50d2..d21603cf28 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -1056,3 +1056,7 @@ bool kvm_arch_cpu_check_are_resettable(void) { return true; } + +void kvm_arch_accel_class_init(ObjectClass *oc) +{ +} diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 3ebe8b7f1f..f18d21413c 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -5468,3 +5468,7 @@ void kvm_request_xsave_components(X86CPU *cpu, uint64_t mask) mask &= ~BIT_ULL(bit); } } + +void kvm_arch_accel_class_init(ObjectClass *oc) +{ +} diff --git a/target/mips/kvm.c b/target/mips/kvm.c index caf70decd2..bcb8e06b2c 100644 --- a/target/mips/kvm.c +++ b/target/mips/kvm.c @@ -1294,3 +1294,7 @@ bool kvm_arch_cpu_check_are_resettable(void) { return true; } + +void kvm_arch_accel_class_init(ObjectClass *oc) +{ +} diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c index 466d0d2f4c..7c25348b7b 100644 --- a/target/ppc/kvm.c +++ b/target/ppc/kvm.c @@ -2966,3 +2966,7 @@ bool kvm_arch_cpu_check_are_resettable(void) { return true; } + +void kvm_arch_accel_class_init(ObjectClass *oc) +{ +} diff --git a/target/riscv/kvm.c b/target/riscv/kvm.c index 70b4cff06f..30f21453d6 100644 --- a/target/riscv/kvm.c +++ b/target/riscv/kvm.c @@ -532,3 +532,7 @@ bool kvm_arch_cpu_check_are_resettable(void) { return true; } + +void kvm_arch_accel_class_init(ObjectClass *oc) +{ +} diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c index 6a8dbadf7e..508c24cfec 100644 --- a/target/s390x/kvm/kvm.c +++ b/target/s390x/kvm/kvm.c @@ -2581,3 +2581,7 @@ int kvm_s390_get_zpci_op(void) { return cap_zpci_op; } + +void kvm_arch_accel_class_init(ObjectClass *oc) +{ +} From 5f8a6bce1f1080058ed29d716cae81ea805142ae Mon Sep 17 00:00:00 2001 From: Chenyi Qiang Date: Thu, 29 Sep 2022 15:20:13 +0800 Subject: [PATCH 04/96] kvm: expose struct KVMState Expose struct KVMState out of kvm-all.c so that the field of struct KVMState can be accessed when defining target-specific accelerator properties. Signed-off-by: Chenyi Qiang Message-Id: <20220929072014.20705-4-chenyi.qiang@intel.com> Signed-off-by: Paolo Bonzini --- accel/kvm/kvm-all.c | 74 -------------------------------------- include/sysemu/kvm_int.h | 76 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 74 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 03a69cf053..fbfe948398 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -77,86 +77,12 @@ do { } while (0) #endif -#define KVM_MSI_HASHTAB_SIZE 256 - struct KVMParkedVcpu { unsigned long vcpu_id; int kvm_fd; QLIST_ENTRY(KVMParkedVcpu) node; }; -enum KVMDirtyRingReaperState { - KVM_DIRTY_RING_REAPER_NONE = 0, - /* The reaper is sleeping */ - KVM_DIRTY_RING_REAPER_WAIT, - /* The reaper is reaping for dirty pages */ - KVM_DIRTY_RING_REAPER_REAPING, -}; - -/* - * KVM reaper instance, responsible for collecting the KVM dirty bits - * via the dirty ring. - */ -struct KVMDirtyRingReaper { - /* The reaper thread */ - QemuThread reaper_thr; - volatile uint64_t reaper_iteration; /* iteration number of reaper thr */ - volatile enum KVMDirtyRingReaperState reaper_state; /* reap thr state */ -}; - -struct KVMState -{ - AccelState parent_obj; - - int nr_slots; - int fd; - int vmfd; - int coalesced_mmio; - int coalesced_pio; - struct kvm_coalesced_mmio_ring *coalesced_mmio_ring; - bool coalesced_flush_in_progress; - int vcpu_events; - int robust_singlestep; - int debugregs; -#ifdef KVM_CAP_SET_GUEST_DEBUG - QTAILQ_HEAD(, kvm_sw_breakpoint) kvm_sw_breakpoints; -#endif - int max_nested_state_len; - int many_ioeventfds; - int intx_set_mask; - int kvm_shadow_mem; - bool kernel_irqchip_allowed; - bool kernel_irqchip_required; - OnOffAuto kernel_irqchip_split; - bool sync_mmu; - uint64_t manual_dirty_log_protect; - /* The man page (and posix) say ioctl numbers are signed int, but - * they're not. Linux, glibc and *BSD all treat ioctl numbers as - * unsigned, and treating them as signed here can break things */ - unsigned irq_set_ioctl; - unsigned int sigmask_len; - GHashTable *gsimap; -#ifdef KVM_CAP_IRQ_ROUTING - struct kvm_irq_routing *irq_routes; - int nr_allocated_irq_routes; - unsigned long *used_gsi_bitmap; - unsigned int gsi_count; - QTAILQ_HEAD(, KVMMSIRoute) msi_hashtab[KVM_MSI_HASHTAB_SIZE]; -#endif - KVMMemoryListener memory_listener; - QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus; - - /* For "info mtree -f" to tell if an MR is registered in KVM */ - int nr_as; - struct KVMAs { - KVMMemoryListener *ml; - AddressSpace *as; - } *as; - uint64_t kvm_dirty_ring_bytes; /* Size of the per-vcpu dirty ring */ - uint32_t kvm_dirty_ring_size; /* Number of dirty GFNs per ring */ - struct KVMDirtyRingReaper reaper; -}; - KVMState *kvm_state; bool kvm_kernel_irqchip; bool kvm_split_irqchip; diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h index 1f5487d9b7..3b4adcdc10 100644 --- a/include/sysemu/kvm_int.h +++ b/include/sysemu/kvm_int.h @@ -10,6 +10,7 @@ #define QEMU_KVM_INT_H #include "exec/memory.h" +#include "qapi/qapi-types-common.h" #include "qemu/accel.h" #include "sysemu/kvm.h" @@ -36,6 +37,81 @@ typedef struct KVMMemoryListener { int as_id; } KVMMemoryListener; +#define KVM_MSI_HASHTAB_SIZE 256 + +enum KVMDirtyRingReaperState { + KVM_DIRTY_RING_REAPER_NONE = 0, + /* The reaper is sleeping */ + KVM_DIRTY_RING_REAPER_WAIT, + /* The reaper is reaping for dirty pages */ + KVM_DIRTY_RING_REAPER_REAPING, +}; + +/* + * KVM reaper instance, responsible for collecting the KVM dirty bits + * via the dirty ring. + */ +struct KVMDirtyRingReaper { + /* The reaper thread */ + QemuThread reaper_thr; + volatile uint64_t reaper_iteration; /* iteration number of reaper thr */ + volatile enum KVMDirtyRingReaperState reaper_state; /* reap thr state */ +}; +struct KVMState +{ + AccelState parent_obj; + + int nr_slots; + int fd; + int vmfd; + int coalesced_mmio; + int coalesced_pio; + struct kvm_coalesced_mmio_ring *coalesced_mmio_ring; + bool coalesced_flush_in_progress; + int vcpu_events; + int robust_singlestep; + int debugregs; +#ifdef KVM_CAP_SET_GUEST_DEBUG + QTAILQ_HEAD(, kvm_sw_breakpoint) kvm_sw_breakpoints; +#endif + int max_nested_state_len; + int many_ioeventfds; + int intx_set_mask; + int kvm_shadow_mem; + bool kernel_irqchip_allowed; + bool kernel_irqchip_required; + OnOffAuto kernel_irqchip_split; + bool sync_mmu; + uint64_t manual_dirty_log_protect; + /* The man page (and posix) say ioctl numbers are signed int, but + * they're not. Linux, glibc and *BSD all treat ioctl numbers as + * unsigned, and treating them as signed here can break things */ + unsigned irq_set_ioctl; + unsigned int sigmask_len; + GHashTable *gsimap; +#ifdef KVM_CAP_IRQ_ROUTING + struct kvm_irq_routing *irq_routes; + int nr_allocated_irq_routes; + unsigned long *used_gsi_bitmap; + unsigned int gsi_count; + QTAILQ_HEAD(, KVMMSIRoute) msi_hashtab[KVM_MSI_HASHTAB_SIZE]; +#endif + KVMMemoryListener memory_listener; + QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus; + + /* For "info mtree -f" to tell if an MR is registered in KVM */ + int nr_as; + struct KVMAs { + KVMMemoryListener *ml; + AddressSpace *as; + } *as; + uint64_t kvm_dirty_ring_bytes; /* Size of the per-vcpu dirty ring */ + uint32_t kvm_dirty_ring_size; /* Number of dirty GFNs per ring */ + struct KVMDirtyRingReaper reaper; + NotifyVmexitOption notify_vmexit; + uint32_t notify_window; +}; + void kvm_memory_listener_register(KVMState *s, KVMMemoryListener *kml, AddressSpace *as, int as_id, const char *name); From e2e69f6bb907a70ac518230c54e98e7abcb0c911 Mon Sep 17 00:00:00 2001 From: Chenyi Qiang Date: Thu, 29 Sep 2022 15:20:14 +0800 Subject: [PATCH 05/96] i386: add notify VM exit support There are cases that malicious virtual machine can cause CPU stuck (due to event windows don't open up), e.g., infinite loop in microcode when nested #AC (CVE-2015-5307). No event window means no event (NMI, SMI and IRQ) can be delivered. It leads the CPU to be unavailable to host or other VMs. Notify VM exit is introduced to mitigate such kind of attacks, which will generate a VM exit if no event window occurs in VM non-root mode for a specified amount of time (notify window). A new KVM capability KVM_CAP_X86_NOTIFY_VMEXIT is exposed to user space so that the user can query the capability and set the expected notify window when creating VMs. The format of the argument when enabling this capability is as follows: Bit 63:32 - notify window specified in qemu command Bit 31:0 - some flags (e.g. KVM_X86_NOTIFY_VMEXIT_ENABLED is set to enable the feature.) Users can configure the feature by a new (x86 only) accel property: qemu -accel kvm,notify-vmexit=run|internal-error|disable,notify-window=n The default option of notify-vmexit is run, which will enable the capability and do nothing if the exit happens. The internal-error option raises a KVM internal error if it happens. The disable option does not enable the capability. The default value of notify-window is 0. It is valid only when notify-vmexit is not disabled. The valid range of notify-window is non-negative. It is even safe to set it to zero since there's an internal hardware threshold to be added to ensure no false positive. Because a notify VM exit may happen with VM_CONTEXT_INVALID set in exit qualification (no cases are anticipated that would set this bit), which means VM context is corrupted. It would be reflected in the flags of KVM_EXIT_NOTIFY exit. If KVM_NOTIFY_CONTEXT_INVALID bit is set, raise a KVM internal error unconditionally. Acked-by: Peter Xu Signed-off-by: Chenyi Qiang Message-Id: <20220929072014.20705-5-chenyi.qiang@intel.com> Signed-off-by: Paolo Bonzini --- accel/kvm/kvm-all.c | 2 + qapi/run-state.json | 17 ++++++++ qemu-options.hx | 11 +++++ target/i386/kvm/kvm.c | 98 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 128 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index fbfe948398..f99b0becd8 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -3618,6 +3618,8 @@ static void kvm_accel_instance_init(Object *obj) s->kernel_irqchip_split = ON_OFF_AUTO_AUTO; /* KVM dirty ring is by default off */ s->kvm_dirty_ring_size = 0; + s->notify_vmexit = NOTIFY_VMEXIT_OPTION_RUN; + s->notify_window = 0; } /** diff --git a/qapi/run-state.json b/qapi/run-state.json index 9273ea6516..49989d30e6 100644 --- a/qapi/run-state.json +++ b/qapi/run-state.json @@ -643,3 +643,20 @@ { 'struct': 'MemoryFailureFlags', 'data': { 'action-required': 'bool', 'recursive': 'bool'} } + +## +# @NotifyVmexitOption: +# +# An enumeration of the options specified when enabling notify VM exit +# +# @run: enable the feature, do nothing and continue if the notify VM exit happens. +# +# @internal-error: enable the feature, raise a internal error if the notify +# VM exit happens. +# +# @disable: disable the feature. +# +# Since: 7.2 +## +{ 'enum': 'NotifyVmexitOption', + 'data': [ 'run', 'internal-error', 'disable' ] } \ No newline at end of file diff --git a/qemu-options.hx b/qemu-options.hx index 95b998a13b..606d379186 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -191,6 +191,7 @@ DEF("accel", HAS_ARG, QEMU_OPTION_accel, " split-wx=on|off (enable TCG split w^x mapping)\n" " tb-size=n (TCG translation block cache size)\n" " dirty-ring-size=n (KVM dirty ring GFN count, default 0)\n" + " notify-vmexit=run|internal-error|disable,notify-window=n (enable notify VM exit and set notify window, x86 only)\n" " thread=single|multi (enable multi-threaded TCG)\n", QEMU_ARCH_ALL) SRST ``-accel name[,prop=value[,...]]`` @@ -242,6 +243,16 @@ SRST is disabled (dirty-ring-size=0). When enabled, KVM will instead record dirty pages in a bitmap. + ``notify-vmexit=run|internal-error|disable,notify-window=n`` + Enables or disables notify VM exit support on x86 host and specify + the corresponding notify window to trigger the VM exit if enabled. + ``run`` option enables the feature. It does nothing and continue + if the exit happens. ``internal-error`` option enables the feature. + It raises a internal error. ``disable`` option doesn't enable the feature. + This feature can mitigate the CPU stuck issue due to event windows don't + open up for a specified of time (i.e. notify-window). + Default: notify-vmexit=run,notify-window=0. + ERST DEF("smp", HAS_ARG, QEMU_OPTION_smp, diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index f18d21413c..ec63b5eb10 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -15,6 +15,7 @@ #include "qemu/osdep.h" #include "qapi/qapi-events-run-state.h" #include "qapi/error.h" +#include "qapi/visitor.h" #include #include #include @@ -2595,6 +2596,21 @@ int kvm_arch_init(MachineState *ms, KVMState *s) } } + if (s->notify_vmexit != NOTIFY_VMEXIT_OPTION_DISABLE && + kvm_check_extension(s, KVM_CAP_X86_NOTIFY_VMEXIT)) { + uint64_t notify_window_flags = + ((uint64_t)s->notify_window << 32) | + KVM_X86_NOTIFY_VMEXIT_ENABLED | + KVM_X86_NOTIFY_VMEXIT_USER; + ret = kvm_vm_enable_cap(s, KVM_CAP_X86_NOTIFY_VMEXIT, 0, + notify_window_flags); + if (ret < 0) { + error_report("kvm: Failed to enable notify vmexit cap: %s", + strerror(-ret)); + return ret; + } + } + return 0; } @@ -5137,6 +5153,9 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) X86CPU *cpu = X86_CPU(cs); uint64_t code; int ret; + bool ctx_invalid; + char str[256]; + KVMState *state; switch (run->exit_reason) { case KVM_EXIT_HLT: @@ -5192,6 +5211,21 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) /* already handled in kvm_arch_post_run */ ret = 0; break; + case KVM_EXIT_NOTIFY: + ctx_invalid = !!(run->notify.flags & KVM_NOTIFY_CONTEXT_INVALID); + state = KVM_STATE(current_accel()); + sprintf(str, "Encounter a notify exit with %svalid context in" + " guest. There can be possible misbehaves in guest." + " Please have a look.", ctx_invalid ? "in" : ""); + if (ctx_invalid || + state->notify_vmexit == NOTIFY_VMEXIT_OPTION_INTERNAL_ERROR) { + warn_report("KVM internal error: %s", str); + ret = -1; + } else { + warn_report_once("KVM: %s", str); + ret = 0; + } + break; default: fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason); ret = -1; @@ -5469,6 +5503,70 @@ void kvm_request_xsave_components(X86CPU *cpu, uint64_t mask) } } +static int kvm_arch_get_notify_vmexit(Object *obj, Error **errp) +{ + KVMState *s = KVM_STATE(obj); + return s->notify_vmexit; +} + +static void kvm_arch_set_notify_vmexit(Object *obj, int value, Error **errp) +{ + KVMState *s = KVM_STATE(obj); + + if (s->fd != -1) { + error_setg(errp, "Cannot set properties after the accelerator has been initialized"); + return; + } + + s->notify_vmexit = value; +} + +static void kvm_arch_get_notify_window(Object *obj, Visitor *v, + const char *name, void *opaque, + Error **errp) +{ + KVMState *s = KVM_STATE(obj); + uint32_t value = s->notify_window; + + visit_type_uint32(v, name, &value, errp); +} + +static void kvm_arch_set_notify_window(Object *obj, Visitor *v, + const char *name, void *opaque, + Error **errp) +{ + KVMState *s = KVM_STATE(obj); + Error *error = NULL; + uint32_t value; + + if (s->fd != -1) { + error_setg(errp, "Cannot set properties after the accelerator has been initialized"); + return; + } + + visit_type_uint32(v, name, &value, &error); + if (error) { + error_propagate(errp, error); + return; + } + + s->notify_window = value; +} + void kvm_arch_accel_class_init(ObjectClass *oc) { + object_class_property_add_enum(oc, "notify-vmexit", "NotifyVMexitOption", + &NotifyVmexitOption_lookup, + kvm_arch_get_notify_vmexit, + kvm_arch_set_notify_vmexit); + object_class_property_set_description(oc, "notify-vmexit", + "Enable notify VM exit"); + + object_class_property_add(oc, "notify-window", "uint32", + kvm_arch_get_notify_window, + kvm_arch_set_notify_window, + NULL, NULL); + object_class_property_set_description(oc, "notify-window", + "Clock cycles without an event window " + "after which a notification VM exit occurs"); } From ddf83b35bde680faecae693c0fa03c18814a7a2e Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:10 -0700 Subject: [PATCH 06/96] target/i386: Remove pc_start The DisasContext member and the disas_insn local variable of the same name are identical to DisasContextBase.pc_next. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-2-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 114 +++++++++++++++++++----------------- 1 file changed, 60 insertions(+), 54 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 44af8c107f..16bf56dbc7 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -76,7 +76,6 @@ typedef struct DisasContext { DisasContextBase base; target_ulong pc; /* pc = eip + cs_base */ - target_ulong pc_start; /* pc at TB entry */ target_ulong cs_base; /* base of CS segment */ MemOp aflag; @@ -1345,13 +1344,13 @@ static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip) the instruction is known, but it isn't allowed in the current cpu mode. */ static void gen_illegal_opcode(DisasContext *s) { - gen_exception(s, EXCP06_ILLOP, s->pc_start - s->cs_base); + gen_exception(s, EXCP06_ILLOP, s->base.pc_next - s->cs_base); } /* Generate #GP for the current instruction. */ static void gen_exception_gpf(DisasContext *s) { - gen_exception(s, EXCP0D_GPF, s->pc_start - s->cs_base); + gen_exception(s, EXCP0D_GPF, s->base.pc_next - s->cs_base); } /* Check for cpl == 0; if not, raise #GP and return false. */ @@ -2016,7 +2015,7 @@ static uint64_t advance_pc(CPUX86State *env, DisasContext *s, int num_bytes) } s->pc += num_bytes; - if (unlikely(s->pc - s->pc_start > X86_MAX_INSN_LENGTH)) { + if (unlikely(s->pc - s->base.pc_next > X86_MAX_INSN_LENGTH)) { /* If the instruction's 16th byte is on a different page than the 1st, a * page fault on the second page wins over the general protection fault * caused by the instruction being too long. @@ -2614,7 +2613,7 @@ static void gen_unknown_opcode(CPUX86State *env, DisasContext *s) if (qemu_loglevel_mask(LOG_UNIMP)) { FILE *logfile = qemu_log_trylock(); if (logfile) { - target_ulong pc = s->pc_start, end = s->pc; + target_ulong pc = s->base.pc_next, end = s->pc; fprintf(logfile, "ILLOPC: " TARGET_FMT_lx ":", pc); for (; pc < end; ++pc) { @@ -3226,8 +3225,7 @@ static const struct SSEOpHelper_table7 sse_op_table7[256] = { goto illegal_op; \ } while (0) -static void gen_sse(CPUX86State *env, DisasContext *s, int b, - target_ulong pc_start) +static void gen_sse(CPUX86State *env, DisasContext *s, int b) { int b1, op1_offset, op2_offset, is_xmm, val; int modrm, mod, rm, reg; @@ -3269,7 +3267,7 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, } /* simple MMX/SSE operation */ if (s->flags & HF_TS_MASK) { - gen_exception(s, EXCP07_PREX, pc_start - s->cs_base); + gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); return; } if (s->flags & HF_EM_MASK) { @@ -4717,11 +4715,10 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) MemOp ot, aflag, dflag; int modrm, reg, rm, mod, op, opreg, val; target_ulong next_eip, tval; - target_ulong pc_start = s->base.pc_next; bool orig_cc_op_dirty = s->cc_op_dirty; CCOp orig_cc_op = s->cc_op; - s->pc_start = s->pc = pc_start; + s->pc = s->base.pc_next; s->override = -1; #ifdef TARGET_X86_64 s->rex_w = false; @@ -4745,7 +4742,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) s->base.num_insns--; tcg_remove_ops_after(s->prev_insn_end); s->base.is_jmp = DISAS_TOO_MANY; - return pc_start; + return s->base.pc_next; default: g_assert_not_reached(); } @@ -6079,7 +6076,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) if (s->flags & (HF_EM_MASK | HF_TS_MASK)) { /* if CR0.EM or CR0.TS are set, generate an FPU exception */ /* XXX: what to do if illegal op ? */ - gen_exception(s, EXCP07_PREX, pc_start - s->cs_base); + gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); break; } modrm = x86_ldub_code(env, s); @@ -6620,7 +6617,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) offsetof(CPUX86State, segs[R_CS].selector)); tcg_gen_st16_i32(s->tmp2_i32, cpu_env, offsetof(CPUX86State, fpcs)); - tcg_gen_st_tl(tcg_constant_tl(pc_start - s->cs_base), + tcg_gen_st_tl(tcg_constant_tl(s->base.pc_next - s->cs_base), cpu_env, offsetof(CPUX86State, fpip)); } } @@ -6632,7 +6629,8 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xa5: ot = mo_b_d(b, dflag); if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { - gen_repz_movs(s, ot, pc_start - s->cs_base, s->pc - s->cs_base); + gen_repz_movs(s, ot, s->base.pc_next - s->cs_base, + s->pc - s->cs_base); } else { gen_movs(s, ot); } @@ -6642,7 +6640,8 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xab: ot = mo_b_d(b, dflag); if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { - gen_repz_stos(s, ot, pc_start - s->cs_base, s->pc - s->cs_base); + gen_repz_stos(s, ot, s->base.pc_next - s->cs_base, + s->pc - s->cs_base); } else { gen_stos(s, ot); } @@ -6651,7 +6650,8 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xad: ot = mo_b_d(b, dflag); if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { - gen_repz_lods(s, ot, pc_start - s->cs_base, s->pc - s->cs_base); + gen_repz_lods(s, ot, s->base.pc_next - s->cs_base, + s->pc - s->cs_base); } else { gen_lods(s, ot); } @@ -6660,9 +6660,11 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xaf: ot = mo_b_d(b, dflag); if (prefixes & PREFIX_REPNZ) { - gen_repz_scas(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 1); + gen_repz_scas(s, ot, s->base.pc_next - s->cs_base, + s->pc - s->cs_base, 1); } else if (prefixes & PREFIX_REPZ) { - gen_repz_scas(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 0); + gen_repz_scas(s, ot, s->base.pc_next - s->cs_base, + s->pc - s->cs_base, 0); } else { gen_scas(s, ot); } @@ -6672,9 +6674,11 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0xa7: ot = mo_b_d(b, dflag); if (prefixes & PREFIX_REPNZ) { - gen_repz_cmps(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 1); + gen_repz_cmps(s, ot, s->base.pc_next - s->cs_base, + s->pc - s->cs_base, 1); } else if (prefixes & PREFIX_REPZ) { - gen_repz_cmps(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 0); + gen_repz_cmps(s, ot, s->base.pc_next - s->cs_base, + s->pc - s->cs_base, 0); } else { gen_cmps(s, ot); } @@ -6692,7 +6696,8 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_io_start(); } if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { - gen_repz_ins(s, ot, pc_start - s->cs_base, s->pc - s->cs_base); + gen_repz_ins(s, ot, s->base.pc_next - s->cs_base, + s->pc - s->cs_base); /* jump generated by gen_repz_ins */ } else { gen_ins(s, ot); @@ -6713,7 +6718,8 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) gen_io_start(); } if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { - gen_repz_outs(s, ot, pc_start - s->cs_base, s->pc - s->cs_base); + gen_repz_outs(s, ot, s->base.pc_next - s->cs_base, + s->pc - s->cs_base); /* jump generated by gen_repz_outs */ } else { gen_outs(s, ot); @@ -6825,7 +6831,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) do_lret: if (PE(s) && !VM86(s)) { gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); gen_helper_lret_protected(cpu_env, tcg_const_i32(dflag - 1), tcg_const_i32(val)); } else { @@ -7295,7 +7301,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; val = x86_ldub_code(env, s); if (val == 0) { - gen_exception(s, EXCP00_DIVZ, pc_start - s->cs_base); + gen_exception(s, EXCP00_DIVZ, s->base.pc_next - s->cs_base); } else { gen_helper_aam(cpu_env, tcg_const_i32(val)); set_cc_op(s, CC_OP_LOGICB); @@ -7321,34 +7327,34 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) } if (prefixes & PREFIX_REPZ) { gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); - gen_helper_pause(cpu_env, tcg_const_i32(s->pc - pc_start)); + gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_helper_pause(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); s->base.is_jmp = DISAS_NORETURN; } break; case 0x9b: /* fwait */ if ((s->flags & (HF_MP_MASK | HF_TS_MASK)) == (HF_MP_MASK | HF_TS_MASK)) { - gen_exception(s, EXCP07_PREX, pc_start - s->cs_base); + gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); } else { gen_helper_fwait(cpu_env); } break; case 0xcc: /* int3 */ - gen_interrupt(s, EXCP03_INT3, pc_start - s->cs_base, s->pc - s->cs_base); + gen_interrupt(s, EXCP03_INT3, s->base.pc_next - s->cs_base, s->pc - s->cs_base); break; case 0xcd: /* int N */ val = x86_ldub_code(env, s); if (check_vm86_iopl(s)) { - gen_interrupt(s, val, pc_start - s->cs_base, s->pc - s->cs_base); + gen_interrupt(s, val, s->base.pc_next - s->cs_base, s->pc - s->cs_base); } break; case 0xce: /* into */ if (CODE64(s)) goto illegal_op; gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); - gen_helper_into(cpu_env, tcg_const_i32(s->pc - pc_start)); + gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_helper_into(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); break; #ifdef WANT_ICEBP case 0xf1: /* icebp (undocumented, exits to external debugger) */ @@ -7454,7 +7460,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x132: /* rdmsr */ if (check_cpl0(s)) { gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); if (b & 2) { gen_helper_rdmsr(cpu_env); } else { @@ -7466,7 +7472,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0x131: /* rdtsc */ gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } @@ -7477,7 +7483,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 0x133: /* rdpmc */ gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); gen_helper_rdpmc(cpu_env); s->base.is_jmp = DISAS_NORETURN; break; @@ -7507,8 +7513,8 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x105: /* syscall */ /* XXX: is it usable in real mode ? */ gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); - gen_helper_syscall(cpu_env, tcg_const_i32(s->pc - pc_start)); + gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_helper_syscall(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); /* TF handling for the syscall insn is different. The TF bit is checked after the syscall insn completes. This allows #DB to not be generated after one has entered CPL0 if TF is set in FMASK. */ @@ -7533,14 +7539,14 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) #endif case 0x1a2: /* cpuid */ gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); gen_helper_cpuid(cpu_env); break; case 0xf4: /* hlt */ if (check_cpl0(s)) { gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); - gen_helper_hlt(cpu_env, tcg_const_i32(s->pc - pc_start)); + gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_helper_hlt(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); s->base.is_jmp = DISAS_NORETURN; } break; @@ -7636,7 +7642,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); tcg_gen_mov_tl(s->A0, cpu_regs[R_EAX]); gen_extu(s->aflag, s->A0); gen_add_A0_ds_seg(s); @@ -7648,8 +7654,8 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); - gen_helper_mwait(cpu_env, tcg_const_i32(s->pc - pc_start)); + gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_helper_mwait(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); s->base.is_jmp = DISAS_NORETURN; break; @@ -7726,9 +7732,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; } gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); gen_helper_vmrun(cpu_env, tcg_const_i32(s->aflag - 1), - tcg_const_i32(s->pc - pc_start)); + tcg_const_i32(s->pc - s->base.pc_next)); tcg_gen_exit_tb(NULL, 0); s->base.is_jmp = DISAS_NORETURN; break; @@ -7738,7 +7744,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); gen_helper_vmmcall(cpu_env); break; @@ -7750,7 +7756,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; } gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); gen_helper_vmload(cpu_env, tcg_const_i32(s->aflag - 1)); break; @@ -7762,7 +7768,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; } gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); gen_helper_vmsave(cpu_env, tcg_const_i32(s->aflag - 1)); break; @@ -7788,7 +7794,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; } gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); gen_helper_clgi(cpu_env); break; @@ -7934,7 +7940,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_update_cc_op(s); - gen_jmp_im(s, pc_start - s->cs_base); + gen_jmp_im(s, s->base.pc_next - s->cs_base); if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } @@ -8386,7 +8392,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) { - gen_exception(s, EXCP07_PREX, pc_start - s->cs_base); + gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); break; } gen_lea_modrm(env, s, modrm); @@ -8399,7 +8405,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) { - gen_exception(s, EXCP07_PREX, pc_start - s->cs_base); + gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); break; } gen_lea_modrm(env, s, modrm); @@ -8411,7 +8417,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (s->flags & HF_TS_MASK) { - gen_exception(s, EXCP07_PREX, pc_start - s->cs_base); + gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); break; } gen_lea_modrm(env, s, modrm); @@ -8424,7 +8430,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (s->flags & HF_TS_MASK) { - gen_exception(s, EXCP07_PREX, pc_start - s->cs_base); + gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); break; } gen_helper_update_mxcsr(cpu_env); @@ -8633,7 +8639,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) case 0x1c2: case 0x1c4 ... 0x1c6: case 0x1d0 ... 0x1fe: - gen_sse(env, s, b, pc_start); + gen_sse(env, s, b); break; default: goto unknown_op; From f66c8e8cd923a38e454c2d4731bccc0eede1a652 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:11 -0700 Subject: [PATCH 07/96] target/i386: Return bool from disas_insn MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of returning the new pc, which is present in DisasContext, return true if an insn was translated. This is false when we detect a page crossing and must undo the insn under translation. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20221001140935.465607-3-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 44 +++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 16bf56dbc7..3f3e79c096 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -4707,7 +4707,7 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b) /* convert one instruction. s->base.is_jmp is set if the translation must be stopped. Return the next pc value */ -static target_ulong disas_insn(DisasContext *s, CPUState *cpu) +static bool disas_insn(DisasContext *s, CPUState *cpu) { CPUX86State *env = cpu->env_ptr; int b, prefixes; @@ -4734,15 +4734,16 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) break; case 1: gen_exception_gpf(s); - return s->pc; + return true; case 2: /* Restore state that may affect the next instruction. */ + s->pc = s->base.pc_next; s->cc_op_dirty = orig_cc_op_dirty; s->cc_op = orig_cc_op; s->base.num_insns--; tcg_remove_ops_after(s->prev_insn_end); s->base.is_jmp = DISAS_TOO_MANY; - return s->base.pc_next; + return false; default: g_assert_not_reached(); } @@ -8644,13 +8645,13 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) default: goto unknown_op; } - return s->pc; + return true; illegal_op: gen_illegal_opcode(s); - return s->pc; + return true; unknown_op: gen_unknown_opcode(env, s); - return s->pc; + return true; } void tcg_x86_init(void) @@ -8815,7 +8816,6 @@ static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu) static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) { DisasContext *dc = container_of(dcbase, DisasContext, base); - target_ulong pc_next; #ifdef TARGET_VSYSCALL_PAGE /* @@ -8828,21 +8828,23 @@ static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) } #endif - pc_next = disas_insn(dc, cpu); - dc->base.pc_next = pc_next; + if (disas_insn(dc, cpu)) { + target_ulong pc_next = dc->pc; + dc->base.pc_next = pc_next; - if (dc->base.is_jmp == DISAS_NEXT) { - if (dc->flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)) { - /* - * If single step mode, we generate only one instruction and - * generate an exception. - * If irq were inhibited with HF_INHIBIT_IRQ_MASK, we clear - * the flag and abort the translation to give the irqs a - * chance to happen. - */ - dc->base.is_jmp = DISAS_TOO_MANY; - } else if (!is_same_page(&dc->base, pc_next)) { - dc->base.is_jmp = DISAS_TOO_MANY; + if (dc->base.is_jmp == DISAS_NEXT) { + if (dc->flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)) { + /* + * If single step mode, we generate only one instruction and + * generate an exception. + * If irq were inhibited with HF_INHIBIT_IRQ_MASK, we clear + * the flag and abort the translation to give the irqs a + * chance to happen. + */ + dc->base.is_jmp = DISAS_TOO_MANY; + } else if (!is_same_page(&dc->base, pc_next)) { + dc->base.is_jmp = DISAS_TOO_MANY; + } } } } From 522365508ed88f3c975faae6d4d0ec64f53e14f9 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:12 -0700 Subject: [PATCH 08/96] target/i386: Remove cur_eip argument to gen_exception MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All callers pass s->base.pc_next - s->cs_base, which we can just as well compute within the function. Note the special case of EXCP_VSYSCALL in which s->cs_base wasn't subtracted, but cs_base is always zero in 64-bit mode, when vsyscall is used. Reviewed-by: Paolo Bonzini Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-4-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 3f3e79c096..617832fcb0 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -1332,10 +1332,10 @@ static void gen_helper_fp_arith_STN_ST0(int op, int opreg) } } -static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip) +static void gen_exception(DisasContext *s, int trapno) { gen_update_cc_op(s); - gen_jmp_im(s, cur_eip); + gen_jmp_im(s, s->base.pc_next - s->cs_base); gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno)); s->base.is_jmp = DISAS_NORETURN; } @@ -1344,13 +1344,13 @@ static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip) the instruction is known, but it isn't allowed in the current cpu mode. */ static void gen_illegal_opcode(DisasContext *s) { - gen_exception(s, EXCP06_ILLOP, s->base.pc_next - s->cs_base); + gen_exception(s, EXCP06_ILLOP); } /* Generate #GP for the current instruction. */ static void gen_exception_gpf(DisasContext *s) { - gen_exception(s, EXCP0D_GPF, s->base.pc_next - s->cs_base); + gen_exception(s, EXCP0D_GPF); } /* Check for cpl == 0; if not, raise #GP and return false. */ @@ -3267,7 +3267,7 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b) } /* simple MMX/SSE operation */ if (s->flags & HF_TS_MASK) { - gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); + gen_exception(s, EXCP07_PREX); return; } if (s->flags & HF_EM_MASK) { @@ -6077,7 +6077,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) if (s->flags & (HF_EM_MASK | HF_TS_MASK)) { /* if CR0.EM or CR0.TS are set, generate an FPU exception */ /* XXX: what to do if illegal op ? */ - gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); + gen_exception(s, EXCP07_PREX); break; } modrm = x86_ldub_code(env, s); @@ -7302,7 +7302,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; val = x86_ldub_code(env, s); if (val == 0) { - gen_exception(s, EXCP00_DIVZ, s->base.pc_next - s->cs_base); + gen_exception(s, EXCP00_DIVZ); } else { gen_helper_aam(cpu_env, tcg_const_i32(val)); set_cc_op(s, CC_OP_LOGICB); @@ -7336,7 +7336,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) case 0x9b: /* fwait */ if ((s->flags & (HF_MP_MASK | HF_TS_MASK)) == (HF_MP_MASK | HF_TS_MASK)) { - gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); + gen_exception(s, EXCP07_PREX); } else { gen_helper_fwait(cpu_env); } @@ -8393,7 +8393,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) { - gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); + gen_exception(s, EXCP07_PREX); break; } gen_lea_modrm(env, s, modrm); @@ -8406,7 +8406,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) { - gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); + gen_exception(s, EXCP07_PREX); break; } gen_lea_modrm(env, s, modrm); @@ -8418,7 +8418,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (s->flags & HF_TS_MASK) { - gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); + gen_exception(s, EXCP07_PREX); break; } gen_lea_modrm(env, s, modrm); @@ -8431,7 +8431,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } if (s->flags & HF_TS_MASK) { - gen_exception(s, EXCP07_PREX, s->base.pc_next - s->cs_base); + gen_exception(s, EXCP07_PREX); break; } gen_helper_update_mxcsr(cpu_env); @@ -8822,7 +8822,7 @@ static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) * Detect entry into the vsyscall page and invoke the syscall. */ if ((dc->base.pc_next & TARGET_PAGE_MASK) == TARGET_VSYSCALL_PAGE) { - gen_exception(dc, EXCP_VSYSCALL, dc->base.pc_next); + gen_exception(dc, EXCP_VSYSCALL); dc->base.pc_next = dc->pc + 1; return; } From 8ed6c985016961625b6e1c188e93e817f398b339 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:13 -0700 Subject: [PATCH 09/96] target/i386: Remove cur_eip, next_eip arguments to gen_interrupt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All callers pass s->base.pc_next and s->pc, which we can just as well compute within the function. Adjust to use tcg_constant_i32 while we're at it. Reviewed-by: Paolo Bonzini Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-5-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 617832fcb0..5a9c3b1e71 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -2627,13 +2627,12 @@ static void gen_unknown_opcode(CPUX86State *env, DisasContext *s) /* an interrupt is different from an exception because of the privilege checks */ -static void gen_interrupt(DisasContext *s, int intno, - target_ulong cur_eip, target_ulong next_eip) +static void gen_interrupt(DisasContext *s, int intno) { gen_update_cc_op(s); - gen_jmp_im(s, cur_eip); - gen_helper_raise_interrupt(cpu_env, tcg_const_i32(intno), - tcg_const_i32(next_eip - cur_eip)); + gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_helper_raise_interrupt(cpu_env, tcg_constant_i32(intno), + tcg_constant_i32(s->pc - s->base.pc_next)); s->base.is_jmp = DISAS_NORETURN; } @@ -7342,12 +7341,12 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } break; case 0xcc: /* int3 */ - gen_interrupt(s, EXCP03_INT3, s->base.pc_next - s->cs_base, s->pc - s->cs_base); + gen_interrupt(s, EXCP03_INT3); break; case 0xcd: /* int N */ val = x86_ldub_code(env, s); if (check_vm86_iopl(s)) { - gen_interrupt(s, val, s->base.pc_next - s->cs_base, s->pc - s->cs_base); + gen_interrupt(s, val); } break; case 0xce: /* into */ From 65e4af230d76769fe5a68efaf2145924e128fc51 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:14 -0700 Subject: [PATCH 10/96] target/i386: Create gen_update_eip_cur Like gen_update_cc_op, sync EIP before doing something that could raise an exception. Replace all gen_jmp_im that use s->base.pc_next. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-6-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 52 ++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 24 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 5a9c3b1e71..85253e1e17 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -511,10 +511,14 @@ static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d) } } -static inline void gen_jmp_im(DisasContext *s, target_ulong pc) +static void gen_jmp_im(DisasContext *s, target_ulong pc) { - tcg_gen_movi_tl(s->tmp0, pc); - gen_op_jmp_v(s->tmp0); + gen_op_jmp_v(tcg_constant_tl(pc)); +} + +static void gen_update_eip_cur(DisasContext *s) +{ + gen_jmp_im(s, s->base.pc_next - s->cs_base); } /* Compute SEG:REG into A0. SEG is selected from the override segment @@ -703,7 +707,7 @@ static bool gen_check_io(DisasContext *s, MemOp ot, TCGv_i32 port, target_ulong next_eip = s->pc - s->cs_base; gen_update_cc_op(s); - gen_jmp_im(s, cur_eip); + gen_update_eip_cur(s); if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) { svm_flags |= SVM_IOIO_REP_MASK; } @@ -1335,7 +1339,7 @@ static void gen_helper_fp_arith_STN_ST0(int op, int opreg) static void gen_exception(DisasContext *s, int trapno) { gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno)); s->base.is_jmp = DISAS_NORETURN; } @@ -2630,7 +2634,7 @@ static void gen_unknown_opcode(CPUX86State *env, DisasContext *s) static void gen_interrupt(DisasContext *s, int intno) { gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_raise_interrupt(cpu_env, tcg_constant_i32(intno), tcg_constant_i32(s->pc - s->base.pc_next)); s->base.is_jmp = DISAS_NORETURN; @@ -6831,7 +6835,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) do_lret: if (PE(s) && !VM86(s)) { gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_lret_protected(cpu_env, tcg_const_i32(dflag - 1), tcg_const_i32(val)); } else { @@ -7327,7 +7331,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } if (prefixes & PREFIX_REPZ) { gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_pause(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); s->base.is_jmp = DISAS_NORETURN; } @@ -7353,7 +7357,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) if (CODE64(s)) goto illegal_op; gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_into(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); break; #ifdef WANT_ICEBP @@ -7460,7 +7464,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) case 0x132: /* rdmsr */ if (check_cpl0(s)) { gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); if (b & 2) { gen_helper_rdmsr(cpu_env); } else { @@ -7472,7 +7476,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) break; case 0x131: /* rdtsc */ gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } @@ -7483,7 +7487,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) break; case 0x133: /* rdpmc */ gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_rdpmc(cpu_env); s->base.is_jmp = DISAS_NORETURN; break; @@ -7513,7 +7517,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) case 0x105: /* syscall */ /* XXX: is it usable in real mode ? */ gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_syscall(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); /* TF handling for the syscall insn is different. The TF bit is checked after the syscall insn completes. This allows #DB to not be @@ -7539,13 +7543,13 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) #endif case 0x1a2: /* cpuid */ gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_cpuid(cpu_env); break; case 0xf4: /* hlt */ if (check_cpl0(s)) { gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_hlt(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); s->base.is_jmp = DISAS_NORETURN; } @@ -7642,7 +7646,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); tcg_gen_mov_tl(s->A0, cpu_regs[R_EAX]); gen_extu(s->aflag, s->A0); gen_add_A0_ds_seg(s); @@ -7654,7 +7658,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_mwait(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); s->base.is_jmp = DISAS_NORETURN; break; @@ -7732,7 +7736,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) break; } gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_vmrun(cpu_env, tcg_const_i32(s->aflag - 1), tcg_const_i32(s->pc - s->base.pc_next)); tcg_gen_exit_tb(NULL, 0); @@ -7744,7 +7748,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_vmmcall(cpu_env); break; @@ -7756,7 +7760,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) break; } gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_vmload(cpu_env, tcg_const_i32(s->aflag - 1)); break; @@ -7768,7 +7772,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) break; } gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_vmsave(cpu_env, tcg_const_i32(s->aflag - 1)); break; @@ -7794,7 +7798,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) break; } gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); gen_helper_clgi(cpu_env); break; @@ -7940,7 +7944,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_update_cc_op(s); - gen_jmp_im(s, s->base.pc_next - s->cs_base); + gen_update_eip_cur(s); if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); } @@ -8853,7 +8857,7 @@ static void i386_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) DisasContext *dc = container_of(dcbase, DisasContext, base); if (dc->base.is_jmp == DISAS_TOO_MANY) { - gen_jmp_im(dc, dc->base.pc_next - dc->cs_base); + gen_update_eip_cur(dc); gen_eob(dc); } } From 09e99df4d54225619d57cecd9d3c61c719236a24 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:15 -0700 Subject: [PATCH 11/96] target/i386: Create gen_update_eip_next Sync EIP before exiting a translation block. Replace all gen_jmp_im that use s->pc. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-7-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 45 ++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 85253e1e17..4c1548da8e 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -521,6 +521,11 @@ static void gen_update_eip_cur(DisasContext *s) gen_jmp_im(s, s->base.pc_next - s->cs_base); } +static void gen_update_eip_next(DisasContext *s) +{ + gen_jmp_im(s, s->pc - s->cs_base); +} + /* Compute SEG:REG into A0. SEG is selected from the override segment (OVR_SEG) and the default segment (DEF_SEG). OVR_SEG may be -1 to indicate no override. */ @@ -5719,7 +5724,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_pop_update(s, ot); /* Note that reg == R_SS in gen_movl_seg_T0 always sets is_jmp. */ if (s->base.is_jmp) { - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); if (reg == R_SS) { s->flags &= ~HF_TF_MASK; gen_eob_inhibit_irq(s, true); @@ -5734,7 +5739,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_movl_seg_T0(s, (b >> 3) & 7); gen_pop_update(s, ot); if (s->base.is_jmp) { - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); } break; @@ -5785,7 +5790,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_movl_seg_T0(s, reg); /* Note that reg == R_SS in gen_movl_seg_T0 always sets is_jmp. */ if (s->base.is_jmp) { - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); if (reg == R_SS) { s->flags &= ~HF_TF_MASK; gen_eob_inhibit_irq(s, true); @@ -5983,7 +5988,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) /* then put the data */ gen_op_mov_reg_v(s, ot, reg, s->T1); if (s->base.is_jmp) { - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); } break; @@ -7039,7 +7044,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_pop_update(s, ot); set_cc_op(s, CC_OP_EFLAGS); /* abort translation because TF/AC flag may change */ - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); } break; @@ -7375,7 +7380,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) if (check_iopl(s)) { gen_helper_sti(cpu_env); /* interruptions are enabled only the first insn after sti */ - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob_inhibit_irq(s, true); } break; @@ -7451,7 +7456,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } gen_set_label(l3); - gen_jmp_im(s, next_eip); + gen_update_eip_next(s); tcg_gen_br(l2); gen_set_label(l1); @@ -7469,7 +7474,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_helper_rdmsr(cpu_env); } else { gen_helper_wrmsr(cpu_env); - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); } } @@ -7669,7 +7674,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_helper_clac(cpu_env); - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); break; @@ -7679,7 +7684,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_helper_stac(cpu_env); - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); break; @@ -7724,7 +7729,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]); gen_helper_xsetbv(cpu_env, s->tmp2_i32, s->tmp1_i64); /* End TB because translation flags may change. */ - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); break; @@ -7786,7 +7791,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } gen_update_cc_op(s); gen_helper_stgi(cpu_env); - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); break; @@ -7825,7 +7830,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) tcg_gen_ext32u_tl(s->A0, cpu_regs[R_EAX]); } gen_helper_flush_page(cpu_env, s->A0); - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); break; @@ -7909,7 +7914,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) tcg_gen_andi_tl(s->T1, s->T1, ~0xe); tcg_gen_or_tl(s->T0, s->T0, s->T1); gen_helper_write_crN(cpu_env, tcg_constant_i32(0), s->T0); - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); break; @@ -7920,7 +7925,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_svm_check_intercept(s, SVM_EXIT_INVLPG); gen_lea_modrm(env, s, modrm); gen_helper_flush_page(cpu_env, s->A0); - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); break; @@ -8320,7 +8325,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0 + reg); gen_op_mov_v_reg(s, ot, s->T0, rm); gen_helper_write_crN(cpu_env, tcg_constant_i32(reg), s->T0); - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); } else { gen_svm_check_intercept(s, SVM_EXIT_READ_CR0 + reg); @@ -8355,7 +8360,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_op_mov_v_reg(s, ot, s->T0, rm); tcg_gen_movi_i32(s->tmp2_i32, reg); gen_helper_set_dr(cpu_env, s->tmp2_i32, s->T0); - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); } else { gen_svm_check_intercept(s, SVM_EXIT_READ_DR0 + reg); @@ -8370,7 +8375,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0); gen_helper_clts(cpu_env); /* abort block because static cpu state changed */ - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); } break; @@ -8468,7 +8473,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) /* XRSTOR is how MPX is enabled, which changes how we translate. Thus we need to end the TB. */ gen_update_cc_op(s); - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_eob(s); break; @@ -8602,7 +8607,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) g_assert_not_reached(); #else gen_update_cc_op(s); - gen_jmp_im(s, s->pc - s->cs_base); + gen_update_eip_next(s); gen_helper_rsm(cpu_env); #endif /* CONFIG_USER_ONLY */ gen_eob(s); From 200ef603996bda2cd1e3c5ae63311bfb7d229e3b Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:16 -0700 Subject: [PATCH 12/96] target/i386: Introduce DISAS_EOB* Add a few DISAS_TARGET_* aliases to reduce the number of calls to gen_eob() and gen_eob_inhibit_irq(). So far, only update i386_tr_translate_insn for exiting the block because of single-step or previous inhibit irq. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-8-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 4c1548da8e..caa22af5a7 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -132,6 +132,10 @@ typedef struct DisasContext { TCGOp *prev_insn_end; } DisasContext; +#define DISAS_EOB_ONLY DISAS_TARGET_0 +#define DISAS_EOB_NEXT DISAS_TARGET_1 +#define DISAS_EOB_INHIBIT_IRQ DISAS_TARGET_2 + /* The environment in which user-only runs is constrained. */ #ifdef CONFIG_USER_ONLY #define PE(S) true @@ -8849,7 +8853,7 @@ static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) * the flag and abort the translation to give the irqs a * chance to happen. */ - dc->base.is_jmp = DISAS_TOO_MANY; + dc->base.is_jmp = DISAS_EOB_NEXT; } else if (!is_same_page(&dc->base, pc_next)) { dc->base.is_jmp = DISAS_TOO_MANY; } @@ -8861,9 +8865,24 @@ static void i386_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) { DisasContext *dc = container_of(dcbase, DisasContext, base); - if (dc->base.is_jmp == DISAS_TOO_MANY) { + switch (dc->base.is_jmp) { + case DISAS_NORETURN: + break; + case DISAS_TOO_MANY: + case DISAS_EOB_NEXT: + gen_update_cc_op(dc); gen_update_eip_cur(dc); + /* fall through */ + case DISAS_EOB_ONLY: gen_eob(dc); + break; + case DISAS_EOB_INHIBIT_IRQ: + gen_update_cc_op(dc); + gen_update_eip_cur(dc); + gen_eob_inhibit_irq(dc, true); + break; + default: + g_assert_not_reached(); } } From 4da4523c6ce78299b1a3966ec285441d190562a5 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:17 -0700 Subject: [PATCH 13/96] target/i386: Use DISAS_EOB* in gen_movl_seg_T0 Set is_jmp properly in gen_movl_seg_T0, so that the callers need to nothing special. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-9-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 36 +++++------------------------------- 1 file changed, 5 insertions(+), 31 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index caa22af5a7..8c0ef0f212 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -2457,13 +2457,15 @@ static void gen_movl_seg_T0(DisasContext *s, X86Seg seg_reg) because ss32 may change. For R_SS, translation must always stop as a special handling must be done to disable hardware interrupts for the next instruction */ - if (seg_reg == R_SS || (CODE32(s) && seg_reg < R_FS)) { - s->base.is_jmp = DISAS_TOO_MANY; + if (seg_reg == R_SS) { + s->base.is_jmp = DISAS_EOB_INHIBIT_IRQ; + } else if (CODE32(s) && seg_reg < R_FS) { + s->base.is_jmp = DISAS_EOB_NEXT; } } else { gen_op_movl_seg_T0_vm(s, seg_reg); if (seg_reg == R_SS) { - s->base.is_jmp = DISAS_TOO_MANY; + s->base.is_jmp = DISAS_EOB_INHIBIT_IRQ; } } } @@ -5726,26 +5728,12 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) ot = gen_pop_T0(s); gen_movl_seg_T0(s, reg); gen_pop_update(s, ot); - /* Note that reg == R_SS in gen_movl_seg_T0 always sets is_jmp. */ - if (s->base.is_jmp) { - gen_update_eip_next(s); - if (reg == R_SS) { - s->flags &= ~HF_TF_MASK; - gen_eob_inhibit_irq(s, true); - } else { - gen_eob(s); - } - } break; case 0x1a1: /* pop fs */ case 0x1a9: /* pop gs */ ot = gen_pop_T0(s); gen_movl_seg_T0(s, (b >> 3) & 7); gen_pop_update(s, ot); - if (s->base.is_jmp) { - gen_update_eip_next(s); - gen_eob(s); - } break; /**************************/ @@ -5792,16 +5780,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); gen_movl_seg_T0(s, reg); - /* Note that reg == R_SS in gen_movl_seg_T0 always sets is_jmp. */ - if (s->base.is_jmp) { - gen_update_eip_next(s); - if (reg == R_SS) { - s->flags &= ~HF_TF_MASK; - gen_eob_inhibit_irq(s, true); - } else { - gen_eob(s); - } - } break; case 0x8c: /* mov Gv, seg */ modrm = x86_ldub_code(env, s); @@ -5991,10 +5969,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_movl_seg_T0(s, op); /* then put the data */ gen_op_mov_reg_v(s, ot, reg, s->T1); - if (s->base.is_jmp) { - gen_update_eip_next(s); - gen_eob(s); - } break; /************************/ From 634a405193cc7a828e59c189ea805a8a51a6a959 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:18 -0700 Subject: [PATCH 14/96] target/i386: Use DISAS_EOB_NEXT Replace sequences of gen_update_cc_op, gen_update_eip_next, and gen_eob with the new is_jmp enumerator. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-10-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 40 ++++++++++++------------------------- 1 file changed, 13 insertions(+), 27 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 8c0ef0f212..717c978381 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -7022,8 +7022,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_pop_update(s, ot); set_cc_op(s, CC_OP_EFLAGS); /* abort translation because TF/AC flag may change */ - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; } break; case 0x9e: /* sahf */ @@ -7452,8 +7451,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_helper_rdmsr(cpu_env); } else { gen_helper_wrmsr(cpu_env); - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; } } break; @@ -7652,8 +7650,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_helper_clac(cpu_env); - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; break; case 0xcb: /* stac */ @@ -7662,8 +7659,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; } gen_helper_stac(cpu_env); - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; break; CASE_MODRM_MEM_OP(1): /* sidt */ @@ -7707,8 +7703,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]); gen_helper_xsetbv(cpu_env, s->tmp2_i32, s->tmp1_i64); /* End TB because translation flags may change. */ - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; break; case 0xd8: /* VMRUN */ @@ -7769,8 +7764,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } gen_update_cc_op(s); gen_helper_stgi(cpu_env); - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; break; case 0xdd: /* CLGI */ @@ -7808,8 +7802,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) tcg_gen_ext32u_tl(s->A0, cpu_regs[R_EAX]); } gen_helper_flush_page(cpu_env, s->A0); - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; break; CASE_MODRM_MEM_OP(2): /* lgdt */ @@ -7892,8 +7885,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) tcg_gen_andi_tl(s->T1, s->T1, ~0xe); tcg_gen_or_tl(s->T0, s->T0, s->T1); gen_helper_write_crN(cpu_env, tcg_constant_i32(0), s->T0); - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; break; CASE_MODRM_MEM_OP(7): /* invlpg */ @@ -7903,8 +7895,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_svm_check_intercept(s, SVM_EXIT_INVLPG); gen_lea_modrm(env, s, modrm); gen_helper_flush_page(cpu_env, s->A0); - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; break; case 0xf8: /* swapgs */ @@ -8303,8 +8294,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0 + reg); gen_op_mov_v_reg(s, ot, s->T0, rm); gen_helper_write_crN(cpu_env, tcg_constant_i32(reg), s->T0); - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; } else { gen_svm_check_intercept(s, SVM_EXIT_READ_CR0 + reg); gen_helper_read_crN(s->T0, cpu_env, tcg_constant_i32(reg)); @@ -8338,8 +8328,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_op_mov_v_reg(s, ot, s->T0, rm); tcg_gen_movi_i32(s->tmp2_i32, reg); gen_helper_set_dr(cpu_env, s->tmp2_i32, s->T0); - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; } else { gen_svm_check_intercept(s, SVM_EXIT_READ_DR0 + reg); tcg_gen_movi_i32(s->tmp2_i32, reg); @@ -8353,8 +8342,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0); gen_helper_clts(cpu_env); /* abort block because static cpu state changed */ - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; } break; /* MMX/3DNow!/SSE/SSE2/SSE3/SSSE3/SSE4 support */ @@ -8450,9 +8438,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_helper_xrstor(cpu_env, s->A0, s->tmp1_i64); /* XRSTOR is how MPX is enabled, which changes how we translate. Thus we need to end the TB. */ - gen_update_cc_op(s); - gen_update_eip_next(s); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_NEXT; break; CASE_MODRM_MEM_OP(6): /* xsaveopt / clwb */ From 6424ac8eec7d5e20a0ed6be1031108ca167299e4 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:19 -0700 Subject: [PATCH 15/96] target/i386: USe DISAS_EOB_ONLY Replace lone calls to gen_eob() with the new enumerator. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-11-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 717c978381..6b16c0b62c 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -6835,7 +6835,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) /* add stack offset */ gen_stack_update(s, val + (2 << dflag)); } - gen_eob(s); + s->base.is_jmp = DISAS_EOB_ONLY; break; case 0xcb: /* lret */ val = 0; @@ -6853,7 +6853,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) tcg_const_i32(s->pc - s->cs_base)); } set_cc_op(s, CC_OP_EFLAGS); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_ONLY; break; case 0xe8: /* call im */ { @@ -7439,7 +7439,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_set_label(l1); gen_jmp_im(s, tval); gen_set_label(l2); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_ONLY; } break; case 0x130: /* wrmsr */ @@ -7480,7 +7480,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_exception_gpf(s); } else { gen_helper_sysenter(cpu_env); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_ONLY; } break; case 0x135: /* sysexit */ @@ -7491,7 +7491,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_exception_gpf(s); } else { gen_helper_sysexit(cpu_env, tcg_const_i32(dflag - 1)); - gen_eob(s); + s->base.is_jmp = DISAS_EOB_ONLY; } break; #ifdef TARGET_X86_64 @@ -8574,7 +8574,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_update_eip_next(s); gen_helper_rsm(cpu_env); #endif /* CONFIG_USER_ONLY */ - gen_eob(s); + s->base.is_jmp = DISAS_EOB_ONLY; break; case 0x1b8: /* SSE4.2 popcnt */ if ((prefixes & (PREFIX_REPZ | PREFIX_LOCK | PREFIX_REPNZ)) != From ad1d6f072d02e99114ea28d674131459b9c70897 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:20 -0700 Subject: [PATCH 16/96] target/i386: Create cur_insn_len, cur_insn_len_i32 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Create common routines for computing the length of the insn. Use tcg_constant_i32 in the new function, while we're at it. Reviewed-by: Paolo Bonzini Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-12-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 6b16c0b62c..fe99c4361c 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -530,6 +530,16 @@ static void gen_update_eip_next(DisasContext *s) gen_jmp_im(s, s->pc - s->cs_base); } +static int cur_insn_len(DisasContext *s) +{ + return s->pc - s->base.pc_next; +} + +static TCGv_i32 cur_insn_len_i32(DisasContext *s) +{ + return tcg_constant_i32(cur_insn_len(s)); +} + /* Compute SEG:REG into A0. SEG is selected from the override segment (OVR_SEG) and the default segment (DEF_SEG). OVR_SEG may be -1 to indicate no override. */ @@ -712,9 +722,6 @@ static bool gen_check_io(DisasContext *s, MemOp ot, TCGv_i32 port, gen_helper_check_io(cpu_env, port, tcg_constant_i32(1 << ot)); } if (GUEST(s)) { - target_ulong cur_eip = s->base.pc_next - s->cs_base; - target_ulong next_eip = s->pc - s->cs_base; - gen_update_cc_op(s); gen_update_eip_cur(s); if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) { @@ -723,7 +730,7 @@ static bool gen_check_io(DisasContext *s, MemOp ot, TCGv_i32 port, svm_flags |= 1 << (SVM_IOIO_SIZE_SHIFT + ot); gen_helper_svm_check_io(cpu_env, port, tcg_constant_i32(svm_flags), - tcg_constant_i32(next_eip - cur_eip)); + cur_insn_len_i32(s)); } return true; #endif @@ -2028,7 +2035,7 @@ static uint64_t advance_pc(CPUX86State *env, DisasContext *s, int num_bytes) } s->pc += num_bytes; - if (unlikely(s->pc - s->base.pc_next > X86_MAX_INSN_LENGTH)) { + if (unlikely(cur_insn_len(s) > X86_MAX_INSN_LENGTH)) { /* If the instruction's 16th byte is on a different page than the 1st, a * page fault on the second page wins over the general protection fault * caused by the instruction being too long. @@ -2647,7 +2654,7 @@ static void gen_interrupt(DisasContext *s, int intno) gen_update_cc_op(s); gen_update_eip_cur(s); gen_helper_raise_interrupt(cpu_env, tcg_constant_i32(intno), - tcg_constant_i32(s->pc - s->base.pc_next)); + cur_insn_len_i32(s)); s->base.is_jmp = DISAS_NORETURN; } @@ -7314,7 +7321,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) if (prefixes & PREFIX_REPZ) { gen_update_cc_op(s); gen_update_eip_cur(s); - gen_helper_pause(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); + gen_helper_pause(cpu_env, cur_insn_len_i32(s)); s->base.is_jmp = DISAS_NORETURN; } break; @@ -7340,7 +7347,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) goto illegal_op; gen_update_cc_op(s); gen_update_eip_cur(s); - gen_helper_into(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); + gen_helper_into(cpu_env, cur_insn_len_i32(s)); break; #ifdef WANT_ICEBP case 0xf1: /* icebp (undocumented, exits to external debugger) */ @@ -7499,7 +7506,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) /* XXX: is it usable in real mode ? */ gen_update_cc_op(s); gen_update_eip_cur(s); - gen_helper_syscall(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); + gen_helper_syscall(cpu_env, cur_insn_len_i32(s)); /* TF handling for the syscall insn is different. The TF bit is checked after the syscall insn completes. This allows #DB to not be generated after one has entered CPL0 if TF is set in FMASK. */ @@ -7531,7 +7538,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) if (check_cpl0(s)) { gen_update_cc_op(s); gen_update_eip_cur(s); - gen_helper_hlt(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); + gen_helper_hlt(cpu_env, cur_insn_len_i32(s)); s->base.is_jmp = DISAS_NORETURN; } break; @@ -7640,7 +7647,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } gen_update_cc_op(s); gen_update_eip_cur(s); - gen_helper_mwait(cpu_env, tcg_const_i32(s->pc - s->base.pc_next)); + gen_helper_mwait(cpu_env, cur_insn_len_i32(s)); s->base.is_jmp = DISAS_NORETURN; break; @@ -7716,7 +7723,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_update_cc_op(s); gen_update_eip_cur(s); gen_helper_vmrun(cpu_env, tcg_const_i32(s->aflag - 1), - tcg_const_i32(s->pc - s->base.pc_next)); + cur_insn_len_i32(s)); tcg_gen_exit_tb(NULL, 0); s->base.is_jmp = DISAS_NORETURN; break; From 122e6d7b4a51755eeabab15570a152c8379f652d Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:21 -0700 Subject: [PATCH 17/96] target/i386: Remove cur_eip, next_eip arguments to gen_repz* All callers pass s->base.pc_next and s->pc, which we can just as well compute within the functions. Pull out common helpers and reduce the amount of code under macros. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-13-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 116 ++++++++++++++++++------------------ 1 file changed, 57 insertions(+), 59 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index fe99c4361c..c8ef9f0356 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -736,7 +736,7 @@ static bool gen_check_io(DisasContext *s, MemOp ot, TCGv_i32 port, #endif } -static inline void gen_movs(DisasContext *s, MemOp ot) +static void gen_movs(DisasContext *s, MemOp ot) { gen_string_movl_A0_ESI(s); gen_op_ld_v(s, ot, s->T0, s->A0); @@ -1156,18 +1156,18 @@ static inline void gen_jcc1(DisasContext *s, int b, TCGLabel *l1) /* XXX: does not work with gdbstub "ice" single step - not a serious problem */ -static TCGLabel *gen_jz_ecx_string(DisasContext *s, target_ulong next_eip) +static TCGLabel *gen_jz_ecx_string(DisasContext *s) { TCGLabel *l1 = gen_new_label(); TCGLabel *l2 = gen_new_label(); gen_op_jnz_ecx(s, s->aflag, l1); gen_set_label(l2); - gen_jmp_tb(s, next_eip, 1); + gen_jmp_tb(s, s->pc - s->cs_base, 1); gen_set_label(l1); return l2; } -static inline void gen_stos(DisasContext *s, MemOp ot) +static void gen_stos(DisasContext *s, MemOp ot) { gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX); gen_string_movl_A0_EDI(s); @@ -1176,7 +1176,7 @@ static inline void gen_stos(DisasContext *s, MemOp ot) gen_op_add_reg_T0(s, s->aflag, R_EDI); } -static inline void gen_lods(DisasContext *s, MemOp ot) +static void gen_lods(DisasContext *s, MemOp ot) { gen_string_movl_A0_ESI(s); gen_op_ld_v(s, ot, s->T0, s->A0); @@ -1185,7 +1185,7 @@ static inline void gen_lods(DisasContext *s, MemOp ot) gen_op_add_reg_T0(s, s->aflag, R_ESI); } -static inline void gen_scas(DisasContext *s, MemOp ot) +static void gen_scas(DisasContext *s, MemOp ot) { gen_string_movl_A0_EDI(s); gen_op_ld_v(s, ot, s->T1, s->A0); @@ -1194,7 +1194,7 @@ static inline void gen_scas(DisasContext *s, MemOp ot) gen_op_add_reg_T0(s, s->aflag, R_EDI); } -static inline void gen_cmps(DisasContext *s, MemOp ot) +static void gen_cmps(DisasContext *s, MemOp ot) { gen_string_movl_A0_EDI(s); gen_op_ld_v(s, ot, s->T1, s->A0); @@ -1222,7 +1222,7 @@ static void gen_bpt_io(DisasContext *s, TCGv_i32 t_port, int ot) } } -static inline void gen_ins(DisasContext *s, MemOp ot) +static void gen_ins(DisasContext *s, MemOp ot) { gen_string_movl_A0_EDI(s); /* Note: we must do this dummy write first to be restartable in @@ -1238,7 +1238,7 @@ static inline void gen_ins(DisasContext *s, MemOp ot) gen_bpt_io(s, s->tmp2_i32, ot); } -static inline void gen_outs(DisasContext *s, MemOp ot) +static void gen_outs(DisasContext *s, MemOp ot) { gen_string_movl_A0_ESI(s); gen_op_ld_v(s, ot, s->T0, s->A0); @@ -1252,42 +1252,49 @@ static inline void gen_outs(DisasContext *s, MemOp ot) gen_bpt_io(s, s->tmp2_i32, ot); } -/* same method as Valgrind : we generate jumps to current or next - instruction */ -#define GEN_REPZ(op) \ -static inline void gen_repz_ ## op(DisasContext *s, MemOp ot, \ - target_ulong cur_eip, target_ulong next_eip) \ -{ \ - TCGLabel *l2; \ - gen_update_cc_op(s); \ - l2 = gen_jz_ecx_string(s, next_eip); \ - gen_ ## op(s, ot); \ - gen_op_add_reg_im(s, s->aflag, R_ECX, -1); \ - /* a loop would cause two single step exceptions if ECX = 1 \ - before rep string_insn */ \ - if (s->repz_opt) \ - gen_op_jz_ecx(s, s->aflag, l2); \ - gen_jmp(s, cur_eip); \ +/* Generate jumps to current or next instruction */ +static void gen_repz(DisasContext *s, MemOp ot, + void (*fn)(DisasContext *s, MemOp ot)) +{ + TCGLabel *l2; + gen_update_cc_op(s); + l2 = gen_jz_ecx_string(s); + fn(s, ot); + gen_op_add_reg_im(s, s->aflag, R_ECX, -1); + /* + * A loop would cause two single step exceptions if ECX = 1 + * before rep string_insn + */ + if (s->repz_opt) { + gen_op_jz_ecx(s, s->aflag, l2); + } + gen_jmp(s, s->base.pc_next - s->cs_base); } -#define GEN_REPZ2(op) \ -static inline void gen_repz_ ## op(DisasContext *s, MemOp ot, \ - target_ulong cur_eip, \ - target_ulong next_eip, \ - int nz) \ -{ \ - TCGLabel *l2; \ - gen_update_cc_op(s); \ - l2 = gen_jz_ecx_string(s, next_eip); \ - gen_ ## op(s, ot); \ - gen_op_add_reg_im(s, s->aflag, R_ECX, -1); \ - gen_update_cc_op(s); \ - gen_jcc1(s, (JCC_Z << 1) | (nz ^ 1), l2); \ - if (s->repz_opt) \ - gen_op_jz_ecx(s, s->aflag, l2); \ - gen_jmp(s, cur_eip); \ +#define GEN_REPZ(op) \ + static inline void gen_repz_ ## op(DisasContext *s, MemOp ot) \ + { gen_repz(s, ot, gen_##op); } + +static void gen_repz2(DisasContext *s, MemOp ot, int nz, + void (*fn)(DisasContext *s, MemOp ot)) +{ + TCGLabel *l2; + gen_update_cc_op(s); + l2 = gen_jz_ecx_string(s); + fn(s, ot); + gen_op_add_reg_im(s, s->aflag, R_ECX, -1); + gen_update_cc_op(s); + gen_jcc1(s, (JCC_Z << 1) | (nz ^ 1), l2); + if (s->repz_opt) { + gen_op_jz_ecx(s, s->aflag, l2); + } + gen_jmp(s, s->base.pc_next - s->cs_base); } +#define GEN_REPZ2(op) \ + static inline void gen_repz_ ## op(DisasContext *s, MemOp ot, int nz) \ + { gen_repz2(s, ot, nz, gen_##op); } + GEN_REPZ(movs) GEN_REPZ(stos) GEN_REPZ(lods) @@ -6623,8 +6630,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) case 0xa5: ot = mo_b_d(b, dflag); if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { - gen_repz_movs(s, ot, s->base.pc_next - s->cs_base, - s->pc - s->cs_base); + gen_repz_movs(s, ot); } else { gen_movs(s, ot); } @@ -6634,8 +6640,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) case 0xab: ot = mo_b_d(b, dflag); if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { - gen_repz_stos(s, ot, s->base.pc_next - s->cs_base, - s->pc - s->cs_base); + gen_repz_stos(s, ot); } else { gen_stos(s, ot); } @@ -6644,8 +6649,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) case 0xad: ot = mo_b_d(b, dflag); if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { - gen_repz_lods(s, ot, s->base.pc_next - s->cs_base, - s->pc - s->cs_base); + gen_repz_lods(s, ot); } else { gen_lods(s, ot); } @@ -6654,11 +6658,9 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) case 0xaf: ot = mo_b_d(b, dflag); if (prefixes & PREFIX_REPNZ) { - gen_repz_scas(s, ot, s->base.pc_next - s->cs_base, - s->pc - s->cs_base, 1); + gen_repz_scas(s, ot, 1); } else if (prefixes & PREFIX_REPZ) { - gen_repz_scas(s, ot, s->base.pc_next - s->cs_base, - s->pc - s->cs_base, 0); + gen_repz_scas(s, ot, 0); } else { gen_scas(s, ot); } @@ -6668,11 +6670,9 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) case 0xa7: ot = mo_b_d(b, dflag); if (prefixes & PREFIX_REPNZ) { - gen_repz_cmps(s, ot, s->base.pc_next - s->cs_base, - s->pc - s->cs_base, 1); + gen_repz_cmps(s, ot, 1); } else if (prefixes & PREFIX_REPZ) { - gen_repz_cmps(s, ot, s->base.pc_next - s->cs_base, - s->pc - s->cs_base, 0); + gen_repz_cmps(s, ot, 0); } else { gen_cmps(s, ot); } @@ -6690,8 +6690,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_io_start(); } if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { - gen_repz_ins(s, ot, s->base.pc_next - s->cs_base, - s->pc - s->cs_base); + gen_repz_ins(s, ot); /* jump generated by gen_repz_ins */ } else { gen_ins(s, ot); @@ -6712,8 +6711,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_io_start(); } if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { - gen_repz_outs(s, ot, s->base.pc_next - s->cs_base, - s->pc - s->cs_base); + gen_repz_outs(s, ot); /* jump generated by gen_repz_outs */ } else { gen_outs(s, ot); From faf9ea5fa5558782b4031be16145758caf5e20e5 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:22 -0700 Subject: [PATCH 18/96] target/i386: Introduce DISAS_JUMP Drop the unused dest argument to gen_jr(). Remove most of the calls to gen_jr, and use DISAS_JUMP. Remove some unused loads of eip for lcall and ljmp. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-14-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index c8ef9f0356..7db6f617a1 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -135,6 +135,7 @@ typedef struct DisasContext { #define DISAS_EOB_ONLY DISAS_TARGET_0 #define DISAS_EOB_NEXT DISAS_TARGET_1 #define DISAS_EOB_INHIBIT_IRQ DISAS_TARGET_2 +#define DISAS_JUMP DISAS_TARGET_3 /* The environment in which user-only runs is constrained. */ #ifdef CONFIG_USER_ONLY @@ -222,7 +223,7 @@ STUB_HELPER(wrmsr, TCGv_env env) #endif static void gen_eob(DisasContext *s); -static void gen_jr(DisasContext *s, TCGv dest); +static void gen_jr(DisasContext *s); static void gen_jmp(DisasContext *s, target_ulong eip); static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num); static void gen_op(DisasContext *s1, int op, MemOp ot, int d); @@ -2385,7 +2386,7 @@ static void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip) } else { /* jump to another page */ gen_jmp_im(s, eip); - gen_jr(s, s->tmp0); + gen_jr(s); } } @@ -2754,7 +2755,7 @@ static void gen_eob(DisasContext *s) } /* Jump to register */ -static void gen_jr(DisasContext *s, TCGv dest) +static void gen_jr(DisasContext *s) { do_gen_eob_worker(s, false, false, true); } @@ -5328,7 +5329,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_push_v(s, s->T1); gen_op_jmp_v(s->T0); gen_bnd_jmp(s); - gen_jr(s, s->T0); + s->base.is_jmp = DISAS_JUMP; break; case 3: /* lcall Ev */ if (mod == 3) { @@ -5349,8 +5350,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) tcg_const_i32(dflag - 1), tcg_const_i32(s->pc - s->cs_base)); } - tcg_gen_ld_tl(s->tmp4, cpu_env, offsetof(CPUX86State, eip)); - gen_jr(s, s->tmp4); + s->base.is_jmp = DISAS_JUMP; break; case 4: /* jmp Ev */ if (dflag == MO_16) { @@ -5358,7 +5358,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } gen_op_jmp_v(s->T0); gen_bnd_jmp(s); - gen_jr(s, s->T0); + s->base.is_jmp = DISAS_JUMP; break; case 5: /* ljmp Ev */ if (mod == 3) { @@ -5376,8 +5376,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_op_movl_seg_T0_vm(s, R_CS); gen_op_jmp_v(s->T1); } - tcg_gen_ld_tl(s->tmp4, cpu_env, offsetof(CPUX86State, eip)); - gen_jr(s, s->tmp4); + s->base.is_jmp = DISAS_JUMP; break; case 6: /* push Ev */ gen_push_v(s, s->T0); @@ -6808,7 +6807,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) /* Note that gen_pop_T0 uses a zero-extending load. */ gen_op_jmp_v(s->T0); gen_bnd_jmp(s); - gen_jr(s, s->T0); + s->base.is_jmp = DISAS_JUMP; break; case 0xc3: /* ret */ ot = gen_pop_T0(s); @@ -6816,7 +6815,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) /* Note that gen_pop_T0 uses a zero-extending load. */ gen_op_jmp_v(s->T0); gen_bnd_jmp(s); - gen_jr(s, s->T0); + s->base.is_jmp = DISAS_JUMP; break; case 0xca: /* lret im */ val = x86_ldsw_code(env, s); @@ -8846,6 +8845,9 @@ static void i386_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) gen_update_eip_cur(dc); gen_eob_inhibit_irq(dc, true); break; + case DISAS_JUMP: + gen_jr(dc); + break; default: g_assert_not_reached(); } From 8c03ab9f74eb22d85e698f690e7035c1c7874cdf Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:23 -0700 Subject: [PATCH 19/96] target/i386: Truncate values for lcall_real to i32 Use i32 not int or tl for eip and cs arguments. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-15-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/helper.h | 2 +- target/i386/tcg/seg_helper.c | 6 ++---- target/i386/tcg/translate.c | 3 ++- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/target/i386/helper.h b/target/i386/helper.h index ac3b4d1ee3..39a3c24182 100644 --- a/target/i386/helper.h +++ b/target/i386/helper.h @@ -37,7 +37,7 @@ DEF_HELPER_2(lldt, void, env, int) DEF_HELPER_2(ltr, void, env, int) DEF_HELPER_3(load_seg, void, env, int, int) DEF_HELPER_4(ljmp_protected, void, env, int, tl, tl) -DEF_HELPER_5(lcall_real, void, env, int, tl, int, int) +DEF_HELPER_5(lcall_real, void, env, i32, i32, int, i32) DEF_HELPER_5(lcall_protected, void, env, int, tl, int, tl) DEF_HELPER_2(iret_real, void, env, int) DEF_HELPER_3(iret_protected, void, env, int, int) diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c index bffd82923f..539189b4d1 100644 --- a/target/i386/tcg/seg_helper.c +++ b/target/i386/tcg/seg_helper.c @@ -1504,14 +1504,12 @@ void helper_ljmp_protected(CPUX86State *env, int new_cs, target_ulong new_eip, } /* real mode call */ -void helper_lcall_real(CPUX86State *env, int new_cs, target_ulong new_eip1, - int shift, int next_eip) +void helper_lcall_real(CPUX86State *env, uint32_t new_cs, uint32_t new_eip, + int shift, uint32_t next_eip) { - int new_eip; uint32_t esp, esp_mask; target_ulong ssp; - new_eip = new_eip1; esp = env->regs[R_ESP]; esp_mask = get_sp_mask(env->segs[R_SS].flags); ssp = env->segs[R_SS].base; diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 7db6f617a1..1aa5b37ea6 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -5346,7 +5346,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) tcg_const_tl(s->pc - s->cs_base)); } else { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); - gen_helper_lcall_real(cpu_env, s->tmp2_i32, s->T1, + tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1); + gen_helper_lcall_real(cpu_env, s->tmp2_i32, s->tmp3_i32, tcg_const_i32(dflag - 1), tcg_const_i32(s->pc - s->cs_base)); } From 9e599bf70772808d3bd115902260cb924f88c939 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:24 -0700 Subject: [PATCH 20/96] target/i386: Create eip_next_* Create helpers for loading the address of the next insn. Use tcg_constant_* in adjacent code where convenient. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-16-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 55 +++++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 21 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 1aa5b37ea6..be29ea7a03 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -541,6 +541,27 @@ static TCGv_i32 cur_insn_len_i32(DisasContext *s) return tcg_constant_i32(cur_insn_len(s)); } +static TCGv_i32 eip_next_i32(DisasContext *s) +{ + /* + * This function has two users: lcall_real (always 16-bit mode), and + * iret_protected (16, 32, or 64-bit mode). IRET only uses the value + * when EFLAGS.NT is set, which is illegal in 64-bit mode, which is + * why passing a 32-bit value isn't broken. To avoid using this where + * we shouldn't, return -1 in 64-bit mode so that execution goes into + * the weeds quickly. + */ + if (CODE64(s)) { + return tcg_constant_i32(-1); + } + return tcg_constant_i32(s->pc - s->cs_base); +} + +static TCGv eip_next_tl(DisasContext *s) +{ + return tcg_constant_tl(s->pc - s->cs_base); +} + /* Compute SEG:REG into A0. SEG is selected from the override segment (OVR_SEG) and the default segment (DEF_SEG). OVR_SEG may be -1 to indicate no override. */ @@ -1213,12 +1234,9 @@ static void gen_bpt_io(DisasContext *s, TCGv_i32 t_port, int ot) /* user-mode cpu should not be in IOBPT mode */ g_assert_not_reached(); #else - TCGv_i32 t_size = tcg_const_i32(1 << ot); - TCGv t_next = tcg_const_tl(s->pc - s->cs_base); - + TCGv_i32 t_size = tcg_constant_i32(1 << ot); + TCGv t_next = eip_next_tl(s); gen_helper_bpt_io(cpu_env, t_port, t_size, t_next); - tcg_temp_free_i32(t_size); - tcg_temp_free(t_next); #endif /* CONFIG_USER_ONLY */ } } @@ -5324,9 +5342,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) if (dflag == MO_16) { tcg_gen_ext16u_tl(s->T0, s->T0); } - next_eip = s->pc - s->cs_base; - tcg_gen_movi_tl(s->T1, next_eip); - gen_push_v(s, s->T1); + gen_push_v(s, eip_next_tl(s)); gen_op_jmp_v(s->T0); gen_bnd_jmp(s); s->base.is_jmp = DISAS_JUMP; @@ -5342,14 +5358,14 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) if (PE(s) && !VM86(s)) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); gen_helper_lcall_protected(cpu_env, s->tmp2_i32, s->T1, - tcg_const_i32(dflag - 1), - tcg_const_tl(s->pc - s->cs_base)); + tcg_constant_i32(dflag - 1), + eip_next_tl(s)); } else { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1); gen_helper_lcall_real(cpu_env, s->tmp2_i32, s->tmp3_i32, - tcg_const_i32(dflag - 1), - tcg_const_i32(s->pc - s->cs_base)); + tcg_constant_i32(dflag - 1), + eip_next_i32(s)); } s->base.is_jmp = DISAS_JUMP; break; @@ -5372,7 +5388,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) if (PE(s) && !VM86(s)) { tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); gen_helper_ljmp_protected(cpu_env, s->tmp2_i32, s->T1, - tcg_const_tl(s->pc - s->cs_base)); + eip_next_tl(s)); } else { gen_op_movl_seg_T0_vm(s, R_CS); gen_op_jmp_v(s->T1); @@ -6854,8 +6870,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1)); } else { - gen_helper_iret_protected(cpu_env, tcg_const_i32(dflag - 1), - tcg_const_i32(s->pc - s->cs_base)); + gen_helper_iret_protected(cpu_env, tcg_constant_i32(dflag - 1), + eip_next_i32(s)); } set_cc_op(s, CC_OP_EFLAGS); s->base.is_jmp = DISAS_EOB_ONLY; @@ -6867,15 +6883,13 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } else { tval = (int16_t)insn_get(env, s, MO_16); } - next_eip = s->pc - s->cs_base; - tval += next_eip; + tval += s->pc - s->cs_base; if (dflag == MO_16) { tval &= 0xffff; } else if (!CODE64(s)) { tval &= 0xffffffff; } - tcg_gen_movi_tl(s->T0, next_eip); - gen_push_v(s, s->T0); + gen_push_v(s, eip_next_tl(s)); gen_bnd_jmp(s); gen_jmp(s, tval); } @@ -7409,8 +7423,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) TCGLabel *l1, *l2, *l3; tval = (int8_t)insn_get(env, s, MO_8); - next_eip = s->pc - s->cs_base; - tval += next_eip; + tval += s->pc - s->cs_base; if (dflag == MO_16) { tval &= 0xffff; } From 202005f1f8e0b8a5a3a4b1527c4f484a4be2d5a6 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:25 -0700 Subject: [PATCH 21/96] target/i386: Use DISAS_TOO_MANY to exit after gen_io_start We can set is_jmp early, using only one if, and let that be overwritten by gen_rep*'s calls to gen_jmp_tb. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-17-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 42 +++++++++---------------------------- 1 file changed, 10 insertions(+), 32 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index be29ea7a03..11aaba8a65 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -5660,14 +5660,12 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); + s->base.is_jmp = DISAS_TOO_MANY; } gen_helper_rdrand(s->T0, cpu_env); rm = (modrm & 7) | REX_B(s); gen_op_mov_reg_v(s, dflag, rm, s->T0); set_cc_op(s, CC_OP_EFLAGS); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_jmp(s, s->pc - s->cs_base); - } break; default: @@ -6704,15 +6702,12 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); + s->base.is_jmp = DISAS_TOO_MANY; } if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { gen_repz_ins(s, ot); - /* jump generated by gen_repz_ins */ } else { gen_ins(s, ot); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_jmp(s, s->pc - s->cs_base); - } } break; case 0x6e: /* outsS */ @@ -6725,15 +6720,12 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); + s->base.is_jmp = DISAS_TOO_MANY; } if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { gen_repz_outs(s, ot); - /* jump generated by gen_repz_outs */ } else { gen_outs(s, ot); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_jmp(s, s->pc - s->cs_base); - } } break; @@ -6750,13 +6742,11 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); + s->base.is_jmp = DISAS_TOO_MANY; } gen_helper_in_func(ot, s->T1, s->tmp2_i32); gen_op_mov_reg_v(s, ot, R_EAX, s->T1); gen_bpt_io(s, s->tmp2_i32, ot); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_jmp(s, s->pc - s->cs_base); - } break; case 0xe6: case 0xe7: @@ -6768,14 +6758,12 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); + s->base.is_jmp = DISAS_TOO_MANY; } gen_op_mov_v_reg(s, ot, s->T1, R_EAX); tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1); gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32); gen_bpt_io(s, s->tmp2_i32, ot); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_jmp(s, s->pc - s->cs_base); - } break; case 0xec: case 0xed: @@ -6787,13 +6775,11 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); + s->base.is_jmp = DISAS_TOO_MANY; } gen_helper_in_func(ot, s->T1, s->tmp2_i32); gen_op_mov_reg_v(s, ot, R_EAX, s->T1); gen_bpt_io(s, s->tmp2_i32, ot); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_jmp(s, s->pc - s->cs_base); - } break; case 0xee: case 0xef: @@ -6805,14 +6791,12 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); + s->base.is_jmp = DISAS_TOO_MANY; } gen_op_mov_v_reg(s, ot, s->T1, R_EAX); tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1); gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32); gen_bpt_io(s, s->tmp2_i32, ot); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_jmp(s, s->pc - s->cs_base); - } break; /************************/ @@ -7478,11 +7462,9 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_update_eip_cur(s); if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); + s->base.is_jmp = DISAS_TOO_MANY; } gen_helper_rdtsc(cpu_env); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_jmp(s, s->pc - s->cs_base); - } break; case 0x133: /* rdpmc */ gen_update_cc_op(s); @@ -7939,11 +7921,9 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_update_eip_cur(s); if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); + s->base.is_jmp = DISAS_TOO_MANY; } gen_helper_rdtscp(cpu_env); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_jmp(s, s->pc - s->cs_base); - } break; default: @@ -8307,6 +8287,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { gen_io_start(); + s->base.is_jmp = DISAS_TOO_MANY; } if (b & 2) { gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0 + reg); @@ -8317,9 +8298,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_svm_check_intercept(s, SVM_EXIT_READ_CR0 + reg); gen_helper_read_crN(s->T0, cpu_env, tcg_constant_i32(reg)); gen_op_mov_reg_v(s, ot, rm, s->T0); - if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { - gen_jmp(s, s->pc - s->cs_base); - } } break; From 8760ded661c93b8aa76e74dcbd8c1a94764e8f12 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:26 -0700 Subject: [PATCH 22/96] target/i386: Create gen_jmp_rel Create a common helper for pc-relative branches. The jmp jb insn was missing a mask for CODE32. In all cases the CODE64 check was incorrectly placed, allowing PREFIX_DATA to truncate %rip to 16 bits. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20221001140935.465607-18-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 58 ++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 11aaba8a65..ba1bd7c707 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -226,6 +226,7 @@ static void gen_eob(DisasContext *s); static void gen_jr(DisasContext *s); static void gen_jmp(DisasContext *s, target_ulong eip); static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num); +static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num); static void gen_op(DisasContext *s1, int op, MemOp ot, int d); static void gen_exception_gpf(DisasContext *s); @@ -2792,6 +2793,21 @@ static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num) } } +static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num) +{ + target_ulong dest = s->pc - s->cs_base + diff; + + /* In 64-bit mode, operand size is fixed at 64 bits. */ + if (!CODE64(s)) { + if (ot == MO_16) { + dest &= 0xffff; + } else { + dest &= 0xffffffff; + } + } + gen_jmp_tb(s, dest, tb_num); +} + static void gen_jmp(DisasContext *s, target_ulong eip) { gen_jmp_tb(s, eip, 0); @@ -6862,20 +6878,12 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) break; case 0xe8: /* call im */ { - if (dflag != MO_16) { - tval = (int32_t)insn_get(env, s, MO_32); - } else { - tval = (int16_t)insn_get(env, s, MO_16); - } - tval += s->pc - s->cs_base; - if (dflag == MO_16) { - tval &= 0xffff; - } else if (!CODE64(s)) { - tval &= 0xffffffff; - } + int diff = (dflag != MO_16 + ? (int32_t)insn_get(env, s, MO_32) + : (int16_t)insn_get(env, s, MO_16)); gen_push_v(s, eip_next_tl(s)); gen_bnd_jmp(s); - gen_jmp(s, tval); + gen_jmp_rel(s, dflag, diff, 0); } break; case 0x9a: /* lcall im */ @@ -6893,19 +6901,13 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } goto do_lcall; case 0xe9: /* jmp im */ - if (dflag != MO_16) { - tval = (int32_t)insn_get(env, s, MO_32); - } else { - tval = (int16_t)insn_get(env, s, MO_16); + { + int diff = (dflag != MO_16 + ? (int32_t)insn_get(env, s, MO_32) + : (int16_t)insn_get(env, s, MO_16)); + gen_bnd_jmp(s); + gen_jmp_rel(s, dflag, diff, 0); } - tval += s->pc - s->cs_base; - if (dflag == MO_16) { - tval &= 0xffff; - } else if (!CODE64(s)) { - tval &= 0xffffffff; - } - gen_bnd_jmp(s); - gen_jmp(s, tval); break; case 0xea: /* ljmp im */ { @@ -6922,12 +6924,10 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } goto do_ljmp; case 0xeb: /* jmp Jb */ - tval = (int8_t)insn_get(env, s, MO_8); - tval += s->pc - s->cs_base; - if (dflag == MO_16) { - tval &= 0xffff; + { + int diff = (int8_t)insn_get(env, s, MO_8); + gen_jmp_rel(s, dflag, diff, 0); } - gen_jmp(s, tval); break; case 0x70 ... 0x7f: /* jcc Jb */ tval = (int8_t)insn_get(env, s, MO_8); From 2255da493a92e0f6441c773fa3bfdfb34273e85f Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:27 -0700 Subject: [PATCH 23/96] target/i386: Use gen_jmp_rel for loop, repz, jecxz insns With gen_jmp_rel, we may chain to the next tb instead of merely writing to eip and exiting. For repz, subtract cur_insn_len to restart the current insn. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20221001140935.465607-19-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index ba1bd7c707..434a6ad6cd 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -224,9 +224,9 @@ STUB_HELPER(wrmsr, TCGv_env env) static void gen_eob(DisasContext *s); static void gen_jr(DisasContext *s); -static void gen_jmp(DisasContext *s, target_ulong eip); static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num); static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num); +static void gen_jmp_rel_csize(DisasContext *s, int diff, int tb_num); static void gen_op(DisasContext *s1, int op, MemOp ot, int d); static void gen_exception_gpf(DisasContext *s); @@ -1185,7 +1185,7 @@ static TCGLabel *gen_jz_ecx_string(DisasContext *s) TCGLabel *l2 = gen_new_label(); gen_op_jnz_ecx(s, s->aflag, l1); gen_set_label(l2); - gen_jmp_tb(s, s->pc - s->cs_base, 1); + gen_jmp_rel_csize(s, 0, 1); gen_set_label(l1); return l2; } @@ -1288,7 +1288,7 @@ static void gen_repz(DisasContext *s, MemOp ot, if (s->repz_opt) { gen_op_jz_ecx(s, s->aflag, l2); } - gen_jmp(s, s->base.pc_next - s->cs_base); + gen_jmp_rel_csize(s, -cur_insn_len(s), 0); } #define GEN_REPZ(op) \ @@ -1308,7 +1308,7 @@ static void gen_repz2(DisasContext *s, MemOp ot, int nz, if (s->repz_opt) { gen_op_jz_ecx(s, s->aflag, l2); } - gen_jmp(s, s->base.pc_next - s->cs_base); + gen_jmp_rel_csize(s, -cur_insn_len(s), 0); } #define GEN_REPZ2(op) \ @@ -2793,6 +2793,7 @@ static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num) } } +/* Jump to eip+diff, truncating the result to OT. */ static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num) { target_ulong dest = s->pc - s->cs_base + diff; @@ -2808,9 +2809,11 @@ static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num) gen_jmp_tb(s, dest, tb_num); } -static void gen_jmp(DisasContext *s, target_ulong eip) +/* Jump to eip+diff, truncating to the current code size. */ +static void gen_jmp_rel_csize(DisasContext *s, int diff, int tb_num) { - gen_jmp_tb(s, eip, 0); + /* CODE64 ignores the OT argument, so we need not consider it. */ + gen_jmp_rel(s, CODE32(s) ? MO_32 : MO_16, diff, tb_num); } static inline void gen_ldq_env_A0(DisasContext *s, int offset) @@ -7404,24 +7407,18 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) case 0xe2: /* loop */ case 0xe3: /* jecxz */ { - TCGLabel *l1, *l2, *l3; - - tval = (int8_t)insn_get(env, s, MO_8); - tval += s->pc - s->cs_base; - if (dflag == MO_16) { - tval &= 0xffff; - } + TCGLabel *l1, *l2; + int diff = (int8_t)insn_get(env, s, MO_8); l1 = gen_new_label(); l2 = gen_new_label(); - l3 = gen_new_label(); gen_update_cc_op(s); b &= 3; switch(b) { case 0: /* loopnz */ case 1: /* loopz */ gen_op_add_reg_im(s, s->aflag, R_ECX, -1); - gen_op_jz_ecx(s, s->aflag, l3); + gen_op_jz_ecx(s, s->aflag, l2); gen_jcc1(s, (JCC_Z << 1) | (b ^ 1), l1); break; case 2: /* loop */ @@ -7434,14 +7431,11 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) break; } - gen_set_label(l3); - gen_update_eip_next(s); - tcg_gen_br(l2); + gen_set_label(l2); + gen_jmp_rel_csize(s, 0, 1); gen_set_label(l1); - gen_jmp_im(s, tval); - gen_set_label(l2); - s->base.is_jmp = DISAS_EOB_ONLY; + gen_jmp_rel(s, dflag, diff, 0); } break; case 0x130: /* wrmsr */ From 54b191de675fbaee6886600c69786ad1c5fa158e Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:28 -0700 Subject: [PATCH 24/96] target/i386: Use gen_jmp_rel for gen_jcc Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20221001140935.465607-20-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 57 ++++++++++++------------------------- 1 file changed, 18 insertions(+), 39 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 434a6ad6cd..5b84be4975 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -2409,32 +2409,14 @@ static void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip) } } -static inline void gen_jcc(DisasContext *s, int b, - target_ulong val, target_ulong next_eip) +static void gen_jcc(DisasContext *s, int b, int diff) { - TCGLabel *l1, *l2; + TCGLabel *l1 = gen_new_label(); - if (s->jmp_opt) { - l1 = gen_new_label(); - gen_jcc1(s, b, l1); - - gen_goto_tb(s, 0, next_eip); - - gen_set_label(l1); - gen_goto_tb(s, 1, val); - } else { - l1 = gen_new_label(); - l2 = gen_new_label(); - gen_jcc1(s, b, l1); - - gen_jmp_im(s, next_eip); - tcg_gen_br(l2); - - gen_set_label(l1); - gen_jmp_im(s, val); - gen_set_label(l2); - gen_eob(s); - } + gen_jcc1(s, b, l1); + gen_jmp_rel_csize(s, 0, 1); + gen_set_label(l1); + gen_jmp_rel(s, s->dflag, diff, 0); } static void gen_cmovcc1(CPUX86State *env, DisasContext *s, MemOp ot, int b, @@ -4780,7 +4762,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) int shift; MemOp ot, aflag, dflag; int modrm, reg, rm, mod, op, opreg, val; - target_ulong next_eip, tval; bool orig_cc_op_dirty = s->cc_op_dirty; CCOp orig_cc_op = s->cc_op; @@ -6933,22 +6914,20 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) } break; case 0x70 ... 0x7f: /* jcc Jb */ - tval = (int8_t)insn_get(env, s, MO_8); - goto do_jcc; + { + int diff = (int8_t)insn_get(env, s, MO_8); + gen_bnd_jmp(s); + gen_jcc(s, b, diff); + } + break; case 0x180 ... 0x18f: /* jcc Jv */ - if (dflag != MO_16) { - tval = (int32_t)insn_get(env, s, MO_32); - } else { - tval = (int16_t)insn_get(env, s, MO_16); + { + int diff = (dflag != MO_16 + ? (int32_t)insn_get(env, s, MO_32) + : (int16_t)insn_get(env, s, MO_16)); + gen_bnd_jmp(s); + gen_jcc(s, b, diff); } - do_jcc: - next_eip = s->pc - s->cs_base; - tval += next_eip; - if (dflag == MO_16) { - tval &= 0xffff; - } - gen_bnd_jmp(s); - gen_jcc(s, b, tval, next_eip); break; case 0x190 ... 0x19f: /* setcc Gv */ From 5f7ec6efcc4fb5cc4cd8e8f2d61504d7909dc5b9 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:29 -0700 Subject: [PATCH 25/96] target/i386: Use gen_jmp_rel for DISAS_TOO_MANY With gen_jmp_rel, we may chain between two translation blocks which may only be separated because of TB size limits. Reviewed-by: Paolo Bonzini Signed-off-by: Richard Henderson Message-Id: <20221001140935.465607-21-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 5b84be4975..cf23ae6e5e 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -8798,6 +8798,9 @@ static void i386_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) case DISAS_NORETURN: break; case DISAS_TOO_MANY: + gen_update_cc_op(dc); + gen_jmp_rel_csize(dc, 0, 0); + break; case DISAS_EOB_NEXT: gen_update_cc_op(dc); gen_update_eip_cur(dc); From 0ebacb5d1e6c73365dd9d8435d4014fe0e326308 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:30 -0700 Subject: [PATCH 26/96] target/i386: Remove MemOp argument to gen_op_j*_ecx These functions are always passed aflag, so we might as well read it from DisasContext directly. While we're at it, use a common subroutine for these two functions. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20221001140935.465607-22-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index cf23ae6e5e..9294f12f66 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -676,20 +676,21 @@ static void gen_exts(MemOp ot, TCGv reg) gen_ext_tl(reg, reg, ot, true); } -static inline -void gen_op_jnz_ecx(DisasContext *s, MemOp size, TCGLabel *label1) +static void gen_op_j_ecx(DisasContext *s, TCGCond cond, TCGLabel *label1) { tcg_gen_mov_tl(s->tmp0, cpu_regs[R_ECX]); - gen_extu(size, s->tmp0); - tcg_gen_brcondi_tl(TCG_COND_NE, s->tmp0, 0, label1); + gen_extu(s->aflag, s->tmp0); + tcg_gen_brcondi_tl(cond, s->tmp0, 0, label1); } -static inline -void gen_op_jz_ecx(DisasContext *s, MemOp size, TCGLabel *label1) +static inline void gen_op_jz_ecx(DisasContext *s, TCGLabel *label1) { - tcg_gen_mov_tl(s->tmp0, cpu_regs[R_ECX]); - gen_extu(size, s->tmp0); - tcg_gen_brcondi_tl(TCG_COND_EQ, s->tmp0, 0, label1); + gen_op_j_ecx(s, TCG_COND_EQ, label1); +} + +static inline void gen_op_jnz_ecx(DisasContext *s, TCGLabel *label1) +{ + gen_op_j_ecx(s, TCG_COND_NE, label1); } static void gen_helper_in_func(MemOp ot, TCGv v, TCGv_i32 n) @@ -1183,7 +1184,7 @@ static TCGLabel *gen_jz_ecx_string(DisasContext *s) { TCGLabel *l1 = gen_new_label(); TCGLabel *l2 = gen_new_label(); - gen_op_jnz_ecx(s, s->aflag, l1); + gen_op_jnz_ecx(s, l1); gen_set_label(l2); gen_jmp_rel_csize(s, 0, 1); gen_set_label(l1); @@ -1286,7 +1287,7 @@ static void gen_repz(DisasContext *s, MemOp ot, * before rep string_insn */ if (s->repz_opt) { - gen_op_jz_ecx(s, s->aflag, l2); + gen_op_jz_ecx(s, l2); } gen_jmp_rel_csize(s, -cur_insn_len(s), 0); } @@ -1306,7 +1307,7 @@ static void gen_repz2(DisasContext *s, MemOp ot, int nz, gen_update_cc_op(s); gen_jcc1(s, (JCC_Z << 1) | (nz ^ 1), l2); if (s->repz_opt) { - gen_op_jz_ecx(s, s->aflag, l2); + gen_op_jz_ecx(s, l2); } gen_jmp_rel_csize(s, -cur_insn_len(s), 0); } @@ -7397,16 +7398,16 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) case 0: /* loopnz */ case 1: /* loopz */ gen_op_add_reg_im(s, s->aflag, R_ECX, -1); - gen_op_jz_ecx(s, s->aflag, l2); + gen_op_jz_ecx(s, l2); gen_jcc1(s, (JCC_Z << 1) | (b ^ 1), l1); break; case 2: /* loop */ gen_op_add_reg_im(s, s->aflag, R_ECX, -1); - gen_op_jnz_ecx(s, s->aflag, l1); + gen_op_jnz_ecx(s, l1); break; default: case 3: /* jcxz */ - gen_op_jz_ecx(s, s->aflag, l1); + gen_op_jz_ecx(s, l1); break; } From 900cc7e53679cbd70c8d5b718fc29873f77a0967 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:31 -0700 Subject: [PATCH 27/96] target/i386: Merge gen_jmp_tb and gen_goto_tb into gen_jmp_rel These functions have only one caller, and the logic is more obvious this way. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20221001140935.465607-23-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 50 +++++++++++++------------------------ 1 file changed, 17 insertions(+), 33 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 9294f12f66..2e7b94700b 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -224,7 +224,6 @@ STUB_HELPER(wrmsr, TCGv_env env) static void gen_eob(DisasContext *s); static void gen_jr(DisasContext *s); -static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num); static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num); static void gen_jmp_rel_csize(DisasContext *s, int diff, int tb_num); static void gen_op(DisasContext *s1, int op, MemOp ot, int d); @@ -2393,23 +2392,6 @@ static inline int insn_const_size(MemOp ot) } } -static void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip) -{ - target_ulong pc = s->cs_base + eip; - - if (translator_use_goto_tb(&s->base, pc)) { - /* jump to same page: we can use a direct jump */ - tcg_gen_goto_tb(tb_num); - gen_jmp_im(s, eip); - tcg_gen_exit_tb(s->base.tb, tb_num); - s->base.is_jmp = DISAS_NORETURN; - } else { - /* jump to another page */ - gen_jmp_im(s, eip); - gen_jr(s); - } -} - static void gen_jcc(DisasContext *s, int b, int diff) { TCGLabel *l1 = gen_new_label(); @@ -2762,20 +2744,6 @@ static void gen_jr(DisasContext *s) do_gen_eob_worker(s, false, false, true); } -/* generate a jump to eip. No segment change must happen before as a - direct call to the next block may occur */ -static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num) -{ - gen_update_cc_op(s); - set_cc_op(s, CC_OP_DYNAMIC); - if (s->jmp_opt) { - gen_goto_tb(s, tb_num, eip); - } else { - gen_jmp_im(s, eip); - gen_eob(s); - } -} - /* Jump to eip+diff, truncating the result to OT. */ static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num) { @@ -2789,7 +2757,23 @@ static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num) dest &= 0xffffffff; } } - gen_jmp_tb(s, dest, tb_num); + + gen_update_cc_op(s); + set_cc_op(s, CC_OP_DYNAMIC); + if (!s->jmp_opt) { + gen_jmp_im(s, dest); + gen_eob(s); + } else if (translator_use_goto_tb(&s->base, dest)) { + /* jump to same page: we can use a direct jump */ + tcg_gen_goto_tb(tb_num); + gen_jmp_im(s, dest); + tcg_gen_exit_tb(s->base.tb, tb_num); + s->base.is_jmp = DISAS_NORETURN; + } else { + /* jump to another page */ + gen_jmp_im(s, dest); + gen_jr(s); + } } /* Jump to eip+diff, truncating to the current code size. */ From 75ec746a07b6db4c214102e644319a334c1ab899 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:32 -0700 Subject: [PATCH 28/96] target/i386: Create eip_cur_tl Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20221001140935.465607-24-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 2e7b94700b..5b0dab8633 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -562,6 +562,11 @@ static TCGv eip_next_tl(DisasContext *s) return tcg_constant_tl(s->pc - s->cs_base); } +static TCGv eip_cur_tl(DisasContext *s) +{ + return tcg_constant_tl(s->base.pc_next - s->cs_base); +} + /* Compute SEG:REG into A0. SEG is selected from the override segment (OVR_SEG) and the default segment (DEF_SEG). OVR_SEG may be -1 to indicate no override. */ @@ -6617,7 +6622,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) offsetof(CPUX86State, segs[R_CS].selector)); tcg_gen_st16_i32(s->tmp2_i32, cpu_env, offsetof(CPUX86State, fpcs)); - tcg_gen_st_tl(tcg_constant_tl(s->base.pc_next - s->cs_base), + tcg_gen_st_tl(eip_cur_tl(s), cpu_env, offsetof(CPUX86State, fpip)); } } From f771ca6a6127cdbdf4ed119e9d6c63abdad24181 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:33 -0700 Subject: [PATCH 29/96] target/i386: Add cpu_eip Create a tcg global temp for this, and use it instead of explicit stores. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20221001140935.465607-25-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 5b0dab8633..f08fa060c4 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -64,6 +64,7 @@ /* global register indexes */ static TCGv cpu_cc_dst, cpu_cc_src, cpu_cc_src2; +static TCGv cpu_eip; static TCGv_i32 cpu_cc_op; static TCGv cpu_regs[CPU_NB_REGS]; static TCGv cpu_seg_base[6]; @@ -481,7 +482,7 @@ static void gen_add_A0_im(DisasContext *s, int val) static inline void gen_op_jmp_v(TCGv dest) { - tcg_gen_st_tl(dest, cpu_env, offsetof(CPUX86State, eip)); + tcg_gen_mov_tl(cpu_eip, dest); } static inline @@ -518,7 +519,7 @@ static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d) static void gen_jmp_im(DisasContext *s, target_ulong pc) { - gen_op_jmp_v(tcg_constant_tl(pc)); + tcg_gen_movi_tl(cpu_eip, pc); } static void gen_update_eip_cur(DisasContext *s) @@ -8614,6 +8615,13 @@ void tcg_x86_init(void) [R_EDI] = "edi", [R_EBP] = "ebp", [R_ESP] = "esp", +#endif + }; + static const char eip_name[] = { +#ifdef TARGET_X86_64 + "rip" +#else + "eip" #endif }; static const char seg_base_names[6][8] = { @@ -8640,6 +8648,7 @@ void tcg_x86_init(void) "cc_src"); cpu_cc_src2 = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_src2), "cc_src2"); + cpu_eip = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, eip), eip_name); for (i = 0; i < CPU_NB_REGS; ++i) { cpu_regs[i] = tcg_global_mem_new(cpu_env, From 7db973bece487cb0bb7976f5b67a8ae02fd32df2 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:34 -0700 Subject: [PATCH 30/96] target/i386: Inline gen_jmp_im Expand this function at each of its callers. Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20221001140935.465607-26-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index f08fa060c4..689a45256c 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -517,19 +517,14 @@ static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d) } } -static void gen_jmp_im(DisasContext *s, target_ulong pc) -{ - tcg_gen_movi_tl(cpu_eip, pc); -} - static void gen_update_eip_cur(DisasContext *s) { - gen_jmp_im(s, s->base.pc_next - s->cs_base); + tcg_gen_movi_tl(cpu_eip, s->base.pc_next - s->cs_base); } static void gen_update_eip_next(DisasContext *s) { - gen_jmp_im(s, s->pc - s->cs_base); + tcg_gen_movi_tl(cpu_eip, s->pc - s->cs_base); } static int cur_insn_len(DisasContext *s) @@ -2767,17 +2762,17 @@ static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num) gen_update_cc_op(s); set_cc_op(s, CC_OP_DYNAMIC); if (!s->jmp_opt) { - gen_jmp_im(s, dest); + tcg_gen_movi_tl(cpu_eip, dest); gen_eob(s); } else if (translator_use_goto_tb(&s->base, dest)) { /* jump to same page: we can use a direct jump */ tcg_gen_goto_tb(tb_num); - gen_jmp_im(s, dest); + tcg_gen_movi_tl(cpu_eip, dest); tcg_gen_exit_tb(s->base.tb, tb_num); s->base.is_jmp = DISAS_NORETURN; } else { /* jump to another page */ - gen_jmp_im(s, dest); + tcg_gen_movi_tl(cpu_eip, dest); gen_jr(s); } } From e3a79e0e87831602e41819591a8e6dcc70a2a231 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 1 Oct 2022 07:09:35 -0700 Subject: [PATCH 31/96] target/i386: Enable TARGET_TB_PCREL Signed-off-by: Richard Henderson Reviewed-by: Paolo Bonzini Message-Id: <20221001140935.465607-27-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini --- target/i386/cpu-param.h | 4 ++ target/i386/tcg/tcg-cpu.c | 8 ++- target/i386/tcg/translate.c | 130 ++++++++++++++++++++++++++++-------- 3 files changed, 113 insertions(+), 29 deletions(-) diff --git a/target/i386/cpu-param.h b/target/i386/cpu-param.h index 9740bd7abd..1e79389761 100644 --- a/target/i386/cpu-param.h +++ b/target/i386/cpu-param.h @@ -25,4 +25,8 @@ #define TARGET_PAGE_BITS 12 #define NB_MMU_MODES 3 +#ifndef CONFIG_USER_ONLY +# define TARGET_TB_PCREL 1 +#endif + #endif diff --git a/target/i386/tcg/tcg-cpu.c b/target/i386/tcg/tcg-cpu.c index 6cf14c83ff..828244abe2 100644 --- a/target/i386/tcg/tcg-cpu.c +++ b/target/i386/tcg/tcg-cpu.c @@ -49,9 +49,11 @@ static void x86_cpu_exec_exit(CPUState *cs) static void x86_cpu_synchronize_from_tb(CPUState *cs, const TranslationBlock *tb) { - X86CPU *cpu = X86_CPU(cs); - - cpu->env.eip = tb_pc(tb) - tb->cs_base; + /* The instruction pointer is always up to date with TARGET_TB_PCREL. */ + if (!TARGET_TB_PCREL) { + CPUX86State *env = cs->env_ptr; + env->eip = tb_pc(tb) - tb->cs_base; + } } #ifndef CONFIG_USER_ONLY diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 689a45256c..279a3ae999 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -78,6 +78,7 @@ typedef struct DisasContext { target_ulong pc; /* pc = eip + cs_base */ target_ulong cs_base; /* base of CS segment */ + target_ulong pc_save; MemOp aflag; MemOp dflag; @@ -480,9 +481,10 @@ static void gen_add_A0_im(DisasContext *s, int val) } } -static inline void gen_op_jmp_v(TCGv dest) +static inline void gen_op_jmp_v(DisasContext *s, TCGv dest) { tcg_gen_mov_tl(cpu_eip, dest); + s->pc_save = -1; } static inline @@ -519,12 +521,24 @@ static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d) static void gen_update_eip_cur(DisasContext *s) { - tcg_gen_movi_tl(cpu_eip, s->base.pc_next - s->cs_base); + assert(s->pc_save != -1); + if (TARGET_TB_PCREL) { + tcg_gen_addi_tl(cpu_eip, cpu_eip, s->base.pc_next - s->pc_save); + } else { + tcg_gen_movi_tl(cpu_eip, s->base.pc_next - s->cs_base); + } + s->pc_save = s->base.pc_next; } static void gen_update_eip_next(DisasContext *s) { - tcg_gen_movi_tl(cpu_eip, s->pc - s->cs_base); + assert(s->pc_save != -1); + if (TARGET_TB_PCREL) { + tcg_gen_addi_tl(cpu_eip, cpu_eip, s->pc - s->pc_save); + } else { + tcg_gen_movi_tl(cpu_eip, s->pc - s->cs_base); + } + s->pc_save = s->pc; } static int cur_insn_len(DisasContext *s) @@ -539,6 +553,7 @@ static TCGv_i32 cur_insn_len_i32(DisasContext *s) static TCGv_i32 eip_next_i32(DisasContext *s) { + assert(s->pc_save != -1); /* * This function has two users: lcall_real (always 16-bit mode), and * iret_protected (16, 32, or 64-bit mode). IRET only uses the value @@ -550,17 +565,38 @@ static TCGv_i32 eip_next_i32(DisasContext *s) if (CODE64(s)) { return tcg_constant_i32(-1); } - return tcg_constant_i32(s->pc - s->cs_base); + if (TARGET_TB_PCREL) { + TCGv_i32 ret = tcg_temp_new_i32(); + tcg_gen_trunc_tl_i32(ret, cpu_eip); + tcg_gen_addi_i32(ret, ret, s->pc - s->pc_save); + return ret; + } else { + return tcg_constant_i32(s->pc - s->cs_base); + } } static TCGv eip_next_tl(DisasContext *s) { - return tcg_constant_tl(s->pc - s->cs_base); + assert(s->pc_save != -1); + if (TARGET_TB_PCREL) { + TCGv ret = tcg_temp_new(); + tcg_gen_addi_tl(ret, cpu_eip, s->pc - s->pc_save); + return ret; + } else { + return tcg_constant_tl(s->pc - s->cs_base); + } } static TCGv eip_cur_tl(DisasContext *s) { - return tcg_constant_tl(s->base.pc_next - s->cs_base); + assert(s->pc_save != -1); + if (TARGET_TB_PCREL) { + TCGv ret = tcg_temp_new(); + tcg_gen_addi_tl(ret, cpu_eip, s->base.pc_next - s->pc_save); + return ret; + } else { + return tcg_constant_tl(s->base.pc_next - s->cs_base); + } } /* Compute SEG:REG into A0. SEG is selected from the override segment @@ -2260,7 +2296,12 @@ static TCGv gen_lea_modrm_1(DisasContext *s, AddressParts a) ea = cpu_regs[a.base]; } if (!ea) { - tcg_gen_movi_tl(s->A0, a.disp); + if (TARGET_TB_PCREL && a.base == -2) { + /* With cpu_eip ~= pc_save, the expression is pc-relative. */ + tcg_gen_addi_tl(s->A0, cpu_eip, a.disp - s->pc_save); + } else { + tcg_gen_movi_tl(s->A0, a.disp); + } ea = s->A0; } else if (a.disp != 0) { tcg_gen_addi_tl(s->A0, ea, a.disp); @@ -2748,32 +2789,58 @@ static void gen_jr(DisasContext *s) /* Jump to eip+diff, truncating the result to OT. */ static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num) { - target_ulong dest = s->pc - s->cs_base + diff; + bool use_goto_tb = s->jmp_opt; + target_ulong mask = -1; + target_ulong new_pc = s->pc + diff; + target_ulong new_eip = new_pc - s->cs_base; /* In 64-bit mode, operand size is fixed at 64 bits. */ if (!CODE64(s)) { if (ot == MO_16) { - dest &= 0xffff; + mask = 0xffff; + if (TARGET_TB_PCREL && CODE32(s)) { + use_goto_tb = false; + } } else { - dest &= 0xffffffff; + mask = 0xffffffff; } } + new_eip &= mask; gen_update_cc_op(s); set_cc_op(s, CC_OP_DYNAMIC); - if (!s->jmp_opt) { - tcg_gen_movi_tl(cpu_eip, dest); - gen_eob(s); - } else if (translator_use_goto_tb(&s->base, dest)) { + + if (TARGET_TB_PCREL) { + tcg_gen_addi_tl(cpu_eip, cpu_eip, new_pc - s->pc_save); + /* + * If we can prove the branch does not leave the page and we have + * no extra masking to apply (data16 branch in code32, see above), + * then we have also proven that the addition does not wrap. + */ + if (!use_goto_tb || !is_same_page(&s->base, new_pc)) { + tcg_gen_andi_tl(cpu_eip, cpu_eip, mask); + use_goto_tb = false; + } + } + + if (use_goto_tb && + translator_use_goto_tb(&s->base, new_eip + s->cs_base)) { /* jump to same page: we can use a direct jump */ tcg_gen_goto_tb(tb_num); - tcg_gen_movi_tl(cpu_eip, dest); + if (!TARGET_TB_PCREL) { + tcg_gen_movi_tl(cpu_eip, new_eip); + } tcg_gen_exit_tb(s->base.tb, tb_num); s->base.is_jmp = DISAS_NORETURN; } else { - /* jump to another page */ - tcg_gen_movi_tl(cpu_eip, dest); - gen_jr(s); + if (!TARGET_TB_PCREL) { + tcg_gen_movi_tl(cpu_eip, new_eip); + } + if (s->jmp_opt) { + gen_jr(s); /* jump to another page */ + } else { + gen_eob(s); /* exit to main loop */ + } } } @@ -5329,7 +5396,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) tcg_gen_ext16u_tl(s->T0, s->T0); } gen_push_v(s, eip_next_tl(s)); - gen_op_jmp_v(s->T0); + gen_op_jmp_v(s, s->T0); gen_bnd_jmp(s); s->base.is_jmp = DISAS_JUMP; break; @@ -5359,7 +5426,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) if (dflag == MO_16) { tcg_gen_ext16u_tl(s->T0, s->T0); } - gen_op_jmp_v(s->T0); + gen_op_jmp_v(s, s->T0); gen_bnd_jmp(s); s->base.is_jmp = DISAS_JUMP; break; @@ -5377,7 +5444,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) eip_next_tl(s)); } else { gen_op_movl_seg_T0_vm(s, R_CS); - gen_op_jmp_v(s->T1); + gen_op_jmp_v(s, s->T1); } s->base.is_jmp = DISAS_JUMP; break; @@ -6792,7 +6859,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) ot = gen_pop_T0(s); gen_stack_update(s, val + (1 << ot)); /* Note that gen_pop_T0 uses a zero-extending load. */ - gen_op_jmp_v(s->T0); + gen_op_jmp_v(s, s->T0); gen_bnd_jmp(s); s->base.is_jmp = DISAS_JUMP; break; @@ -6800,7 +6867,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) ot = gen_pop_T0(s); gen_pop_update(s, ot); /* Note that gen_pop_T0 uses a zero-extending load. */ - gen_op_jmp_v(s->T0); + gen_op_jmp_v(s, s->T0); gen_bnd_jmp(s); s->base.is_jmp = DISAS_JUMP; break; @@ -6818,7 +6885,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) gen_op_ld_v(s, dflag, s->T0, s->A0); /* NOTE: keeping EIP updated is not a problem in case of exception */ - gen_op_jmp_v(s->T0); + gen_op_jmp_v(s, s->T0); /* pop selector */ gen_add_A0_im(s, 1 << dflag); gen_op_ld_v(s, dflag, s->T0, s->A0); @@ -8680,6 +8747,7 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) int iopl = (flags >> IOPL_SHIFT) & 3; dc->cs_base = dc->base.tb->cs_base; + dc->pc_save = dc->base.pc_next; dc->flags = flags; #ifndef CONFIG_USER_ONLY dc->cpl = cpl; @@ -8743,9 +8811,14 @@ static void i386_tr_tb_start(DisasContextBase *db, CPUState *cpu) static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu) { DisasContext *dc = container_of(dcbase, DisasContext, base); + target_ulong pc_arg = dc->base.pc_next; dc->prev_insn_end = tcg_last_op(); - tcg_gen_insn_start(dc->base.pc_next, dc->cc_op); + if (TARGET_TB_PCREL) { + pc_arg -= dc->cs_base; + pc_arg &= ~TARGET_PAGE_MASK; + } + tcg_gen_insn_start(pc_arg, dc->cc_op); } static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) @@ -8846,7 +8919,12 @@ void restore_state_to_opc(CPUX86State *env, TranslationBlock *tb, target_ulong *data) { int cc_op = data[1]; - env->eip = data[0] - tb->cs_base; + + if (TARGET_TB_PCREL) { + env->eip = (env->eip & TARGET_PAGE_MASK) | data[0]; + } else { + env->eip = data[0] - tb->cs_base; + } if (cc_op != CC_OP_DYNAMIC) { env->cc_op = cc_op; } From 62a44fddb24fec35a6baf7e2c52b0e935a5bfa90 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 5 Oct 2022 00:56:41 +0200 Subject: [PATCH 32/96] x86: Implement MSR_CORE_THREAD_COUNT MSR Intel CPUs starting with Haswell-E implement a new MSR called MSR_CORE_THREAD_COUNT which exposes the number of threads and cores inside of a package. This MSR is used by XNU to populate internal data structures and not implementing it prevents virtual machines with more than 1 vCPU from booting if the emulated CPU generation is at least Haswell-E. This patch propagates the existing hvf logic from patch 027ac0cb516 ("target/i386/hvf: add rdmsr 35H MSR_CORE_THREAD_COUNT") to TCG. Signed-off-by: Alexander Graf Message-Id: <20221004225643.65036-2-agraf@csgraf.de> Signed-off-by: Paolo Bonzini --- target/i386/tcg/sysemu/misc_helper.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/target/i386/tcg/sysemu/misc_helper.c b/target/i386/tcg/sysemu/misc_helper.c index 1328aa656f..e1528b7f80 100644 --- a/target/i386/tcg/sysemu/misc_helper.c +++ b/target/i386/tcg/sysemu/misc_helper.c @@ -450,6 +450,11 @@ void helper_rdmsr(CPUX86State *env) case MSR_IA32_UCODE_REV: val = x86_cpu->ucode_rev; break; + case MSR_CORE_THREAD_COUNT: { + CPUState *cs = CPU(x86_cpu); + val = (cs->nr_threads * cs->nr_cores) | (cs->nr_cores << 16); + break; + } default: if ((uint32_t)env->regs[R_ECX] >= MSR_MC0_CTL && (uint32_t)env->regs[R_ECX] < MSR_MC0_CTL + From 860054d8ce4067ef2bc3deb2a98cf93350fc03e4 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 5 Oct 2022 00:56:42 +0200 Subject: [PATCH 33/96] i386: kvm: Add support for MSR filtering KVM has grown support to deflect arbitrary MSRs to user space since Linux 5.10. For now we don't expect to make a lot of use of this feature, so let's expose it the easiest way possible: With up to 16 individually maskable MSRs. This patch adds a kvm_filter_msr() function that other code can call to install a hook on KVM MSR reads or writes. Signed-off-by: Alexander Graf Message-Id: <20221004225643.65036-3-agraf@csgraf.de> Signed-off-by: Paolo Bonzini --- target/i386/kvm/kvm.c | 123 +++++++++++++++++++++++++++++++++++++ target/i386/kvm/kvm_i386.h | 11 ++++ 2 files changed, 134 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index ec63b5eb10..1d9a50b02b 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -141,6 +141,8 @@ static struct kvm_cpuid2 *cpuid_cache; static struct kvm_cpuid2 *hv_cpuid_cache; static struct kvm_msr_list *kvm_feature_msrs; +static KVMMSRHandlers msr_handlers[KVM_MSR_FILTER_MAX_RANGES]; + #define BUS_LOCK_SLICE_TIME 1000000000ULL /* ns */ static RateLimit bus_lock_ratelimit_ctrl; static int kvm_get_one_msr(X86CPU *cpu, int index, uint64_t *value); @@ -2610,6 +2612,15 @@ int kvm_arch_init(MachineState *ms, KVMState *s) return ret; } } + if (kvm_vm_check_extension(s, KVM_CAP_X86_USER_SPACE_MSR)) { + ret = kvm_vm_enable_cap(s, KVM_CAP_X86_USER_SPACE_MSR, 0, + KVM_MSR_EXIT_REASON_FILTER); + if (ret) { + error_report("Could not enable user space MSRs: %s", + strerror(-ret)); + exit(1); + } + } return 0; } @@ -5109,6 +5120,108 @@ void kvm_arch_update_guest_debug(CPUState *cpu, struct kvm_guest_debug *dbg) } } +static bool kvm_install_msr_filters(KVMState *s) +{ + uint64_t zero = 0; + struct kvm_msr_filter filter = { + .flags = KVM_MSR_FILTER_DEFAULT_ALLOW, + }; + int r, i, j = 0; + + for (i = 0; i < KVM_MSR_FILTER_MAX_RANGES; i++) { + KVMMSRHandlers *handler = &msr_handlers[i]; + if (handler->msr) { + struct kvm_msr_filter_range *range = &filter.ranges[j++]; + + *range = (struct kvm_msr_filter_range) { + .flags = 0, + .nmsrs = 1, + .base = handler->msr, + .bitmap = (__u8 *)&zero, + }; + + if (handler->rdmsr) { + range->flags |= KVM_MSR_FILTER_READ; + } + + if (handler->wrmsr) { + range->flags |= KVM_MSR_FILTER_WRITE; + } + } + } + + r = kvm_vm_ioctl(s, KVM_X86_SET_MSR_FILTER, &filter); + if (r) { + return false; + } + + return true; +} + +bool kvm_filter_msr(KVMState *s, uint32_t msr, QEMURDMSRHandler *rdmsr, + QEMUWRMSRHandler *wrmsr) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(msr_handlers); i++) { + if (!msr_handlers[i].msr) { + msr_handlers[i] = (KVMMSRHandlers) { + .msr = msr, + .rdmsr = rdmsr, + .wrmsr = wrmsr, + }; + + if (!kvm_install_msr_filters(s)) { + msr_handlers[i] = (KVMMSRHandlers) { }; + return false; + } + + return true; + } + } + + return false; +} + +static int kvm_handle_rdmsr(X86CPU *cpu, struct kvm_run *run) +{ + int i; + bool r; + + for (i = 0; i < ARRAY_SIZE(msr_handlers); i++) { + KVMMSRHandlers *handler = &msr_handlers[i]; + if (run->msr.index == handler->msr) { + if (handler->rdmsr) { + r = handler->rdmsr(cpu, handler->msr, + (uint64_t *)&run->msr.data); + run->msr.error = r ? 0 : 1; + return 0; + } + } + } + + assert(false); +} + +static int kvm_handle_wrmsr(X86CPU *cpu, struct kvm_run *run) +{ + int i; + bool r; + + for (i = 0; i < ARRAY_SIZE(msr_handlers); i++) { + KVMMSRHandlers *handler = &msr_handlers[i]; + if (run->msr.index == handler->msr) { + if (handler->wrmsr) { + r = handler->wrmsr(cpu, handler->msr, run->msr.data); + run->msr.error = r ? 0 : 1; + return 0; + } + } + } + + assert(false); +} + static bool has_sgx_provisioning; static bool __kvm_enable_sgx_provisioning(KVMState *s) @@ -5226,6 +5339,16 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) ret = 0; } break; + case KVM_EXIT_X86_RDMSR: + /* We only enable MSR filtering, any other exit is bogus */ + assert(run->msr.reason == KVM_MSR_EXIT_REASON_FILTER); + ret = kvm_handle_rdmsr(cpu, run); + break; + case KVM_EXIT_X86_WRMSR: + /* We only enable MSR filtering, any other exit is bogus */ + assert(run->msr.reason == KVM_MSR_EXIT_REASON_FILTER); + ret = kvm_handle_wrmsr(cpu, run); + break; default: fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason); ret = -1; diff --git a/target/i386/kvm/kvm_i386.h b/target/i386/kvm/kvm_i386.h index 4124912c20..2ed586c11b 100644 --- a/target/i386/kvm/kvm_i386.h +++ b/target/i386/kvm/kvm_i386.h @@ -54,4 +54,15 @@ uint64_t kvm_swizzle_msi_ext_dest_id(uint64_t address); bool kvm_enable_sgx_provisioning(KVMState *s); void kvm_request_xsave_components(X86CPU *cpu, uint64_t mask); +typedef bool QEMURDMSRHandler(X86CPU *cpu, uint32_t msr, uint64_t *val); +typedef bool QEMUWRMSRHandler(X86CPU *cpu, uint32_t msr, uint64_t val); +typedef struct kvm_msr_handlers { + uint32_t msr; + QEMURDMSRHandler *rdmsr; + QEMUWRMSRHandler *wrmsr; +} KVMMSRHandlers; + +bool kvm_filter_msr(KVMState *s, uint32_t msr, QEMURDMSRHandler *rdmsr, + QEMUWRMSRHandler *wrmsr); + #endif From 37656470f67398dd10101d7d940d660053f60ff5 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Wed, 5 Oct 2022 00:56:43 +0200 Subject: [PATCH 34/96] KVM: x86: Implement MSR_CORE_THREAD_COUNT MSR The MSR_CORE_THREAD_COUNT MSR describes CPU package topology, such as number of threads and cores for a given package. This is information that QEMU has readily available and can provide through the new user space MSR deflection interface. This patch propagates the existing hvf logic from patch 027ac0cb516 ("target/i386/hvf: add rdmsr 35H MSR_CORE_THREAD_COUNT") to KVM. Signed-off-by: Alexander Graf Message-Id: <20221004225643.65036-4-agraf@csgraf.de> Signed-off-by: Paolo Bonzini --- target/i386/kvm/kvm.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 1d9a50b02b..bed6c00f2c 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -2401,6 +2401,17 @@ static int kvm_get_supported_msrs(KVMState *s) return ret; } +static bool kvm_rdmsr_core_thread_count(X86CPU *cpu, uint32_t msr, + uint64_t *val) +{ + CPUState *cs = CPU(cpu); + + *val = cs->nr_threads * cs->nr_cores; /* thread count, bits 15..0 */ + *val |= ((uint32_t)cs->nr_cores << 16); /* core count, bits 31..16 */ + + return true; +} + static Notifier smram_machine_done; static KVMMemoryListener smram_listener; static AddressSpace smram_address_space; @@ -2613,6 +2624,8 @@ int kvm_arch_init(MachineState *ms, KVMState *s) } } if (kvm_vm_check_extension(s, KVM_CAP_X86_USER_SPACE_MSR)) { + bool r; + ret = kvm_vm_enable_cap(s, KVM_CAP_X86_USER_SPACE_MSR, 0, KVM_MSR_EXIT_REASON_FILTER); if (ret) { @@ -2620,6 +2633,14 @@ int kvm_arch_init(MachineState *ms, KVMState *s) strerror(-ret)); exit(1); } + + r = kvm_filter_msr(s, MSR_CORE_THREAD_COUNT, + kvm_rdmsr_core_thread_count, NULL); + if (!r) { + error_report("Could not install MSR_CORE_THREAD_COUNT handler: %s", + strerror(-ret)); + exit(1); + } } return 0; From 5154d35beda383af8042061099a5cd2decf88e69 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 7 Oct 2022 15:47:35 +0200 Subject: [PATCH 35/96] linux-user: i386/signal: move fpstate at the end of the 32-bit frames Recent versions of Linux moved the 32-bit fpstate towards the end of the frame, so that the variable-sized xsave data does not overwrite the (ABI-defined) extramask[] field. Follow suit in QEMU. Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini --- linux-user/i386/signal.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/linux-user/i386/signal.c b/linux-user/i386/signal.c index 4372621a4d..76317a3d16 100644 --- a/linux-user/i386/signal.c +++ b/linux-user/i386/signal.c @@ -163,9 +163,16 @@ struct sigframe { abi_ulong pretcode; int sig; struct target_sigcontext sc; - struct target_fpstate fpstate; + /* + * The actual fpstate is placed after retcode[] below, to make + * room for the variable-sized xsave data. The older unused fpstate + * has to be kept to avoid changing the offset of extramask[], which + * is part of the ABI. + */ + struct target_fpstate fpstate_unused; abi_ulong extramask[TARGET_NSIG_WORDS-1]; char retcode[8]; + struct target_fpstate fpstate; }; struct rt_sigframe { @@ -175,8 +182,8 @@ struct rt_sigframe { abi_ulong puc; struct target_siginfo info; struct target_ucontext uc; - struct target_fpstate fpstate; char retcode[8]; + struct target_fpstate fpstate; }; #else From 2796f290b5469a7f6749ea119a48bc17f489effd Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 6 Oct 2022 13:31:06 +0200 Subject: [PATCH 36/96] linux-user: i386/signal: support FXSAVE fpstate on 32-bit emulation Linux can use FXSAVE to save/restore XMM registers even on 32-bit systems. This requires some care in order to keep the FXSAVE area aligned to 16 bytes; for this reason, get_sigframe is changed to pass the offset into the FXSAVE area rather than the full frame size. Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini --- linux-user/i386/signal.c | 129 +++++++++++++++++++++++---------------- 1 file changed, 77 insertions(+), 52 deletions(-) diff --git a/linux-user/i386/signal.c b/linux-user/i386/signal.c index 76317a3d16..58b11be116 100644 --- a/linux-user/i386/signal.c +++ b/linux-user/i386/signal.c @@ -39,29 +39,7 @@ struct target_xmmreg { uint32_t element[4]; }; -struct target_fpstate_32 { - /* Regular FPU environment */ - uint32_t cw; - uint32_t sw; - uint32_t tag; - uint32_t ipoff; - uint32_t cssel; - uint32_t dataoff; - uint32_t datasel; - struct target_fpreg st[8]; - uint16_t status; - uint16_t magic; /* 0xffff = regular FPU data only */ - - /* FXSR FPU environment */ - uint32_t _fxsr_env[6]; /* FXSR FPU env is ignored */ - uint32_t mxcsr; - uint32_t reserved; - struct target_fpxreg fxsr_st[8]; /* FXSR FPU reg data is ignored */ - struct target_xmmreg xmm[8]; - uint32_t padding[56]; -}; - -struct target_fpstate_64 { +struct target_fpstate_fxsave { /* FXSAVE format */ uint16_t cw; uint16_t sw; @@ -75,11 +53,36 @@ struct target_fpstate_64 { uint32_t xmm_space[64]; uint32_t reserved[24]; }; +#define TARGET_FXSAVE_SIZE sizeof(struct target_fpstate_fxsave) +QEMU_BUILD_BUG_ON(TARGET_FXSAVE_SIZE != 512); + +struct target_fpstate_32 { + /* Regular FPU environment */ + uint32_t cw; + uint32_t sw; + uint32_t tag; + uint32_t ipoff; + uint32_t cssel; + uint32_t dataoff; + uint32_t datasel; + struct target_fpreg st[8]; + uint16_t status; + uint16_t magic; /* 0xffff = regular FPU data only */ + struct target_fpstate_fxsave fxsave; +}; + +/* + * For simplicity, setup_frame aligns struct target_fpstate_32 to + * 16 bytes, so ensure that the FXSAVE area is also aligned. + */ +QEMU_BUILD_BUG_ON(offsetof(struct target_fpstate_32, fxsave) & 15); #ifndef TARGET_X86_64 # define target_fpstate target_fpstate_32 +# define TARGET_FPSTATE_FXSAVE_OFFSET offsetof(struct target_fpstate_32, fxsave) #else -# define target_fpstate target_fpstate_64 +# define target_fpstate target_fpstate_fxsave +# define TARGET_FPSTATE_FXSAVE_OFFSET 0 #endif struct target_sigcontext_32 { @@ -172,8 +175,16 @@ struct sigframe { struct target_fpstate fpstate_unused; abi_ulong extramask[TARGET_NSIG_WORDS-1]; char retcode[8]; - struct target_fpstate fpstate; + + /* + * This field will be 16-byte aligned in memory. Applying QEMU_ALIGNED + * to it ensures that the base of the frame has an appropriate alignment + * too. + */ + struct target_fpstate fpstate QEMU_ALIGNED(8); }; +#define TARGET_SIGFRAME_FXSAVE_OFFSET ( \ + offsetof(struct sigframe, fpstate) + TARGET_FPSTATE_FXSAVE_OFFSET) struct rt_sigframe { abi_ulong pretcode; @@ -183,25 +194,35 @@ struct rt_sigframe { struct target_siginfo info; struct target_ucontext uc; char retcode[8]; - struct target_fpstate fpstate; + struct target_fpstate fpstate QEMU_ALIGNED(8); }; - +#define TARGET_RT_SIGFRAME_FXSAVE_OFFSET ( \ + offsetof(struct rt_sigframe, fpstate) + TARGET_FPSTATE_FXSAVE_OFFSET) #else struct rt_sigframe { abi_ulong pretcode; struct target_ucontext uc; struct target_siginfo info; - struct target_fpstate fpstate; + struct target_fpstate fpstate QEMU_ALIGNED(16); }; - +#define TARGET_RT_SIGFRAME_FXSAVE_OFFSET ( \ + offsetof(struct rt_sigframe, fpstate) + TARGET_FPSTATE_FXSAVE_OFFSET) #endif /* * Set up a signal frame. */ -/* XXX: save x87 state */ +static void fxsave_sigcontext(CPUX86State *env, struct target_fpstate_fxsave *fxsave, + abi_ulong fxsave_addr) +{ + /* fxsave_addr must be 16 byte aligned for fxsave */ + assert(!(fxsave_addr & 0xf)); + + cpu_x86_fxsave(env, fxsave_addr); +} + static void setup_sigcontext(struct target_sigcontext *sc, struct target_fpstate *fpstate, CPUX86State *env, abi_ulong mask, abi_ulong fpstate_addr) @@ -233,13 +254,14 @@ static void setup_sigcontext(struct target_sigcontext *sc, cpu_x86_fsave(env, fpstate_addr, 1); fpstate->status = fpstate->sw; - magic = 0xffff; + if (!(env->features[FEAT_1_EDX] & CPUID_FXSR)) { + magic = 0xffff; + } else { + fxsave_sigcontext(env, &fpstate->fxsave, + fpstate_addr + TARGET_FPSTATE_FXSAVE_OFFSET); + magic = 0; + } __put_user(magic, &fpstate->magic); - __put_user(fpstate_addr, &sc->fpstate); - - /* non-iBCS2 extensions.. */ - __put_user(mask, &sc->oldmask); - __put_user(env->cr[2], &sc->cr2); #else __put_user(env->regs[R_EDI], &sc->rdi); __put_user(env->regs[R_ESI], &sc->rsi); @@ -269,15 +291,14 @@ static void setup_sigcontext(struct target_sigcontext *sc, __put_user((uint16_t)0, &sc->fs); __put_user(env->segs[R_SS].selector, &sc->ss); + fxsave_sigcontext(env, fpstate, fpstate_addr); +#endif + + __put_user(fpstate_addr, &sc->fpstate); + + /* non-iBCS2 extensions.. */ __put_user(mask, &sc->oldmask); __put_user(env->cr[2], &sc->cr2); - - /* fpstate_addr must be 16 byte aligned for fxsave */ - assert(!(fpstate_addr & 0xf)); - - cpu_x86_fxsave(env, fpstate_addr); - __put_user(fpstate_addr, &sc->fpstate); -#endif } /* @@ -285,7 +306,7 @@ static void setup_sigcontext(struct target_sigcontext *sc, */ static inline abi_ulong -get_sigframe(struct target_sigaction *ka, CPUX86State *env, size_t frame_size) +get_sigframe(struct target_sigaction *ka, CPUX86State *env, size_t fxsave_offset) { unsigned long esp; @@ -309,11 +330,11 @@ get_sigframe(struct target_sigaction *ka, CPUX86State *env, size_t frame_size) #endif } -#ifndef TARGET_X86_64 - return (esp - frame_size) & -8ul; -#else - return ((esp - frame_size) & (~15ul)) - 8; -#endif + if (!(env->features[FEAT_1_EDX] & CPUID_FXSR)) { + return (esp - (fxsave_offset + TARGET_FXSAVE_SIZE)) & -8ul; + } else { + return ((esp - TARGET_FXSAVE_SIZE) & -16ul) - fxsave_offset; + } } #ifndef TARGET_X86_64 @@ -341,7 +362,7 @@ void setup_frame(int sig, struct target_sigaction *ka, struct sigframe *frame; int i; - frame_addr = get_sigframe(ka, env, sizeof(*frame)); + frame_addr = get_sigframe(ka, env, TARGET_SIGFRAME_FXSAVE_OFFSET); trace_user_setup_frame(env, frame_addr); if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) @@ -397,7 +418,7 @@ void setup_rt_frame(int sig, struct target_sigaction *ka, struct rt_sigframe *frame; int i; - frame_addr = get_sigframe(ka, env, sizeof(*frame)); + frame_addr = get_sigframe(ka, env, TARGET_RT_SIGFRAME_FXSAVE_OFFSET); trace_user_setup_rt_frame(env, frame_addr); if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) @@ -529,7 +550,11 @@ restore_sigcontext(CPUX86State *env, struct target_sigcontext *sc) goto badframe; } #ifndef TARGET_X86_64 - cpu_x86_frstor(env, fpstate_addr, 1); + if (!(env->features[FEAT_1_EDX] & CPUID_FXSR)) { + cpu_x86_frstor(env, fpstate_addr, 1); + } else { + cpu_x86_fxrstor(env, fpstate_addr + TARGET_FPSTATE_FXSAVE_OFFSET); + } #else cpu_x86_fxrstor(env, fpstate_addr); #endif From 4d31ff32a65adfae015e035931b864bd1c521d6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:29 +0200 Subject: [PATCH 37/96] audio: refactor code in audio_run_out() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Refactoring the code in audio_run_out() avoids code duplication in the next patch. There's no functional change. Signed-off-by: Volker Rümelin Reviewed-by: Marc-André Lureau Message-Id: <20220923183640.8314-1-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/audio.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/audio/audio.c b/audio/audio.c index df6818ed55..08aec51e70 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -1121,8 +1121,12 @@ static void audio_run_out (AudioState *s) HWVoiceOut *hw = NULL; SWVoiceOut *sw; - if (!audio_get_pdo_out(s->dev)->mixing_engine) { - while ((hw = audio_pcm_hw_find_any_enabled_out(s, hw))) { + while ((hw = audio_pcm_hw_find_any_enabled_out(s, hw))) { + size_t played, live, prev_rpos; + size_t hw_free = audio_pcm_hw_get_free(hw); + int nb_live; + + if (!audio_get_pdo_out(s->dev)->mixing_engine) { /* there is exactly 1 sw for each hw with no mixeng */ sw = hw->sw_head.lh_first; @@ -1137,14 +1141,9 @@ static void audio_run_out (AudioState *s) if (sw->active) { sw->callback.fn(sw->callback.opaque, INT_MAX); } - } - return; - } - while ((hw = audio_pcm_hw_find_any_enabled_out(s, hw))) { - size_t played, live, prev_rpos; - size_t hw_free = audio_pcm_hw_get_free(hw); - int nb_live; + continue; + } for (sw = hw->sw_head.lh_first; sw; sw = sw->entries.le_next) { if (sw->active) { From 7099a6a220c33d9c115e19e9f03ac61caa8358b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:30 +0200 Subject: [PATCH 38/96] audio: fix GUS audio playback with out.mixing-engine=off MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix GUS audio playback with out.mixing-engine=off. The GUS audio device needs to know the amount of samples to produce in advance. To reproduce start qemu with -parallel none -device gus,audiodev=audio0 -audiodev pa,id=audio0,out.mixing-engine=off and start the cartoon.exe demo in a FreeDOS guest. The demo file is available on the download page of the GUSemu32 author. Signed-off-by: Volker Rümelin Acked-by: Marc-André Lureau Message-Id: <20220923183640.8314-2-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/audio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/audio/audio.c b/audio/audio.c index 08aec51e70..29da359b41 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -1139,7 +1139,8 @@ static void audio_run_out (AudioState *s) } if (sw->active) { - sw->callback.fn(sw->callback.opaque, INT_MAX); + sw->callback.fn(sw->callback.opaque, + hw_free * sw->info.bytes_per_frame); } continue; From dd052dbfbf608cc656082173541973f09867747a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:31 +0200 Subject: [PATCH 39/96] audio: run downstream playback queue unconditionally MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Run the downstream playback queue even if the emulated audio device didn't write new samples. There still may be buffered audio samples downstream. This is for the -audiodev out.mixing-engine=off case. Commit a8a98cfd42 ("audio: run downstream playback queue uncondition- ally") fixed the out.mixing-engine=on case. Signed-off-by: Volker Rümelin Acked-by: Marc-André Lureau Message-Id: <20220923183640.8314-3-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/audio.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/audio/audio.c b/audio/audio.c index 29da359b41..567f953e66 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -1143,6 +1143,10 @@ static void audio_run_out (AudioState *s) hw_free * sw->info.bytes_per_frame); } + if (hw->pcm_ops->run_buffer_out) { + hw->pcm_ops->run_buffer_out(hw); + } + continue; } @@ -1501,10 +1505,6 @@ size_t audio_generic_write(HWVoiceOut *hw, void *buf, size_t size) } } - if (hw->pcm_ops->run_buffer_out) { - hw->pcm_ops->run_buffer_out(hw); - } - return total; } From 5a9d7ae25175d19f9380128ac17f87816fe6f049 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:32 +0200 Subject: [PATCH 40/96] alsaaudio: reduce playback latency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change the buffer_get_free pcm_ops function to report the free ALSA playback buffer. The generic buffer becomes a temporary buffer and is empty after a call to audio_run_out(). Signed-off-by: Volker Rümelin Acked-by: Marc-André Lureau Message-Id: <20220923183640.8314-4-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/alsaaudio.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c index 4a61378cd7..7a2a94cd42 100644 --- a/audio/alsaaudio.c +++ b/audio/alsaaudio.c @@ -602,6 +602,42 @@ static int alsa_open(bool in, struct alsa_params_req *req, return -1; } +static size_t alsa_buffer_get_free(HWVoiceOut *hw) +{ + ALSAVoiceOut *alsa = (ALSAVoiceOut *)hw; + snd_pcm_sframes_t avail; + size_t alsa_free, generic_free, generic_in_use; + + avail = snd_pcm_avail_update(alsa->handle); + if (avail < 0) { + if (avail == -EPIPE) { + if (!alsa_recover(alsa->handle)) { + avail = snd_pcm_avail_update(alsa->handle); + } + } + if (avail < 0) { + alsa_logerr(avail, + "Could not obtain number of available frames\n"); + avail = 0; + } + } + + alsa_free = avail * hw->info.bytes_per_frame; + generic_free = audio_generic_buffer_get_free(hw); + generic_in_use = hw->samples * hw->info.bytes_per_frame - generic_free; + if (generic_in_use) { + /* + * This code can only be reached in the unlikely case that + * snd_pcm_avail_update() returned a larger number of frames + * than snd_pcm_writei() could write. Make sure that all + * remaining bytes in the generic buffer can be written. + */ + alsa_free = alsa_free > generic_in_use ? alsa_free - generic_in_use : 0; + } + + return alsa_free; +} + static size_t alsa_write(HWVoiceOut *hw, void *buf, size_t len) { ALSAVoiceOut *alsa = (ALSAVoiceOut *) hw; @@ -916,7 +952,7 @@ static struct audio_pcm_ops alsa_pcm_ops = { .init_out = alsa_init_out, .fini_out = alsa_fini_out, .write = alsa_write, - .buffer_get_free = audio_generic_buffer_get_free, + .buffer_get_free = alsa_buffer_get_free, .run_buffer_out = audio_generic_run_buffer_out, .enable_out = alsa_enable_out, From 02732641c0ffdedb6533b9ddeaf8e95a3be88ec6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:33 +0200 Subject: [PATCH 41/96] audio: add more audio rate control functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The next patch needs two new rate control functions. The first one returns the bytes needed at call time to maintain the selected rate. The second one adjusts the bytes actually sent. Split the audio_rate_get_bytes() function into these two functions and reintroduce audio_rate_get_bytes(). Signed-off-by: Volker Rümelin Reviewed-by: Marc-André Lureau Message-Id: <20220923183640.8314-5-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/audio.c | 35 ++++++++++++++++++++++++----------- audio/audio_int.h | 2 ++ 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/audio/audio.c b/audio/audio.c index 567f953e66..61cdd73df5 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -2251,26 +2251,39 @@ void audio_rate_start(RateCtl *rate) rate->start_ticks = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); } -size_t audio_rate_get_bytes(struct audio_pcm_info *info, RateCtl *rate, - size_t bytes_avail) +size_t audio_rate_peek_bytes(RateCtl *rate, struct audio_pcm_info *info) { int64_t now; int64_t ticks; int64_t bytes; - int64_t samples; - size_t ret; + int64_t frames; now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); ticks = now - rate->start_ticks; bytes = muldiv64(ticks, info->bytes_per_second, NANOSECONDS_PER_SECOND); - samples = (bytes - rate->bytes_sent) / info->bytes_per_frame; - if (samples < 0 || samples > 65536) { - AUD_log(NULL, "Resetting rate control (%" PRId64 " samples)\n", samples); + frames = (bytes - rate->bytes_sent) / info->bytes_per_frame; + if (frames < 0 || frames > 65536) { + AUD_log(NULL, "Resetting rate control (%" PRId64 " frames)\n", frames); audio_rate_start(rate); - samples = 0; + frames = 0; } - ret = MIN(samples * info->bytes_per_frame, bytes_avail); - rate->bytes_sent += ret; - return ret; + return frames * info->bytes_per_frame; +} + +void audio_rate_add_bytes(RateCtl *rate, size_t bytes_used) +{ + rate->bytes_sent += bytes_used; +} + +size_t audio_rate_get_bytes(struct audio_pcm_info *info, RateCtl *rate, + size_t bytes_avail) +{ + size_t bytes; + + bytes = audio_rate_peek_bytes(rate, info); + bytes = MIN(bytes, bytes_avail); + audio_rate_add_bytes(rate, bytes); + + return bytes; } diff --git a/audio/audio_int.h b/audio/audio_int.h index 2a6914d2aa..97e20e8429 100644 --- a/audio/audio_int.h +++ b/audio/audio_int.h @@ -263,6 +263,8 @@ typedef struct RateCtl { } RateCtl; void audio_rate_start(RateCtl *rate); +size_t audio_rate_peek_bytes(RateCtl *rate, struct audio_pcm_info *info); +void audio_rate_add_bytes(RateCtl *rate, size_t bytes_used); size_t audio_rate_get_bytes(struct audio_pcm_info *info, RateCtl *rate, size_t bytes_avail); From 90320051ea998b6ac336cd635f8014ccb31154bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:34 +0200 Subject: [PATCH 42/96] spiceaudio: add a pcm_ops buffer_get_free function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It seems there is a demand [1] for low latency playback over SPICE. Add a pcm_ops buffer_get_free function to reduce the playback latency. The mixing engine buffer becomes a temporary buffer. [1] https://lists.nongnu.org/archive/html/qemu-devel/2022-01/msg01644.html Signed-off-by: Volker Rümelin Reviewed-by: Marc-André Lureau Message-Id: <20220923183640.8314-6-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/spiceaudio.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/audio/spiceaudio.c b/audio/spiceaudio.c index a8d370fe6f..22892a7b9d 100644 --- a/audio/spiceaudio.c +++ b/audio/spiceaudio.c @@ -120,6 +120,13 @@ static void line_out_fini (HWVoiceOut *hw) spice_server_remove_interface (&out->sin.base); } +static size_t line_out_get_free(HWVoiceOut *hw) +{ + SpiceVoiceOut *out = container_of(hw, SpiceVoiceOut, hw); + + return audio_rate_peek_bytes(&out->rate, &hw->info); +} + static void *line_out_get_buffer(HWVoiceOut *hw, size_t *size) { SpiceVoiceOut *out = container_of(hw, SpiceVoiceOut, hw); @@ -133,8 +140,6 @@ static void *line_out_get_buffer(HWVoiceOut *hw, size_t *size) *size = MIN((out->fsize - out->fpos) << 2, *size); } - *size = audio_rate_get_bytes(&hw->info, &out->rate, *size); - return out->frame + out->fpos; } @@ -142,6 +147,8 @@ static size_t line_out_put_buffer(HWVoiceOut *hw, void *buf, size_t size) { SpiceVoiceOut *out = container_of(hw, SpiceVoiceOut, hw); + audio_rate_add_bytes(&out->rate, size); + if (buf) { assert(buf == out->frame + out->fpos && out->fpos <= out->fsize); out->fpos += size >> 2; @@ -282,6 +289,7 @@ static struct audio_pcm_ops audio_callbacks = { .init_out = line_out_init, .fini_out = line_out_fini, .write = audio_generic_write, + .buffer_get_free = line_out_get_free, .get_buffer_out = line_out_get_buffer, .put_buffer_out = line_out_put_buffer, .enable_out = line_out_enable, From 70ded68b45b90cf43a9a757df6483503055485f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:35 +0200 Subject: [PATCH 43/96] spiceaudio: update comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace a comment with a question with the answer. Signed-off-by: Volker Rümelin Reviewed-by: Marc-André Lureau Message-Id: <20220923183640.8314-7-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/spiceaudio.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/audio/spiceaudio.c b/audio/spiceaudio.c index 22892a7b9d..f52f3a8bbb 100644 --- a/audio/spiceaudio.c +++ b/audio/spiceaudio.c @@ -242,7 +242,10 @@ static size_t line_in_read(HWVoiceIn *hw, void *buf, size_t len) uint64_t to_read = audio_rate_get_bytes(&hw->info, &in->rate, len) >> 2; size_t ready = spice_server_record_get_samples(&in->sin, buf, to_read); - /* XXX: do we need this? */ + /* + * If the client didn't send new frames, it most likely disconnected. + * Generate silence in this case to avoid a stalled audio stream. + */ if (ready == 0) { memset(buf, 0, to_read << 2); ready = to_read; From 613fe02b2a127d921b37843cb514e919ecbe53f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:36 +0200 Subject: [PATCH 44/96] audio: swap audio_rate_get_bytes() function parameters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Swap the rate and info parameters of the audio_rate_get_bytes() function to align the parameter order with the rest of the audio_rate_*() functions. Signed-off-by: Volker Rümelin Reviewed-by: Marc-André Lureau Message-Id: <20220923183640.8314-8-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/audio.c | 2 +- audio/audio_int.h | 2 +- audio/dbusaudio.c | 4 ++-- audio/noaudio.c | 4 ++-- audio/spiceaudio.c | 2 +- audio/wavaudio.c | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/audio/audio.c b/audio/audio.c index 61cdd73df5..7213f8bf07 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -2276,7 +2276,7 @@ void audio_rate_add_bytes(RateCtl *rate, size_t bytes_used) rate->bytes_sent += bytes_used; } -size_t audio_rate_get_bytes(struct audio_pcm_info *info, RateCtl *rate, +size_t audio_rate_get_bytes(RateCtl *rate, struct audio_pcm_info *info, size_t bytes_avail) { size_t bytes; diff --git a/audio/audio_int.h b/audio/audio_int.h index 97e20e8429..e87ce014a0 100644 --- a/audio/audio_int.h +++ b/audio/audio_int.h @@ -265,7 +265,7 @@ typedef struct RateCtl { void audio_rate_start(RateCtl *rate); size_t audio_rate_peek_bytes(RateCtl *rate, struct audio_pcm_info *info); void audio_rate_add_bytes(RateCtl *rate, size_t bytes_used); -size_t audio_rate_get_bytes(struct audio_pcm_info *info, RateCtl *rate, +size_t audio_rate_get_bytes(RateCtl *rate, struct audio_pcm_info *info, size_t bytes_avail); static inline size_t audio_ring_dist(size_t dst, size_t src, size_t len) diff --git a/audio/dbusaudio.c b/audio/dbusaudio.c index a3d656d3b0..722df0355e 100644 --- a/audio/dbusaudio.c +++ b/audio/dbusaudio.c @@ -82,7 +82,7 @@ static void *dbus_get_buffer_out(HWVoiceOut *hw, size_t *size) } *size = MIN(vo->buf_size - vo->buf_pos, *size); - *size = audio_rate_get_bytes(&hw->info, &vo->rate, *size); + *size = audio_rate_get_bytes(&vo->rate, &hw->info, *size); return vo->buf + vo->buf_pos; @@ -343,7 +343,7 @@ dbus_read(HWVoiceIn *hw, void *buf, size_t size) trace_dbus_audio_read(size); - /* size = audio_rate_get_bytes(&hw->info, &vo->rate, size); */ + /* size = audio_rate_get_bytes(&vo->rate, &hw->info, size); */ g_hash_table_iter_init(&iter, da->in_listeners); while (g_hash_table_iter_next(&iter, NULL, (void **)&listener)) { diff --git a/audio/noaudio.c b/audio/noaudio.c index 84a6bfbb1c..4fdee5adec 100644 --- a/audio/noaudio.c +++ b/audio/noaudio.c @@ -44,7 +44,7 @@ typedef struct NoVoiceIn { static size_t no_write(HWVoiceOut *hw, void *buf, size_t len) { NoVoiceOut *no = (NoVoiceOut *) hw; - return audio_rate_get_bytes(&hw->info, &no->rate, len); + return audio_rate_get_bytes(&no->rate, &hw->info, len); } static int no_init_out(HWVoiceOut *hw, struct audsettings *as, void *drv_opaque) @@ -89,7 +89,7 @@ static void no_fini_in (HWVoiceIn *hw) static size_t no_read(HWVoiceIn *hw, void *buf, size_t size) { NoVoiceIn *no = (NoVoiceIn *) hw; - int64_t bytes = audio_rate_get_bytes(&hw->info, &no->rate, size); + int64_t bytes = audio_rate_get_bytes(&no->rate, &hw->info, size); audio_pcm_info_clear_buf(&hw->info, buf, bytes / hw->info.bytes_per_frame); return bytes; diff --git a/audio/spiceaudio.c b/audio/spiceaudio.c index f52f3a8bbb..d17ef1a25e 100644 --- a/audio/spiceaudio.c +++ b/audio/spiceaudio.c @@ -239,7 +239,7 @@ static void line_in_fini (HWVoiceIn *hw) static size_t line_in_read(HWVoiceIn *hw, void *buf, size_t len) { SpiceVoiceIn *in = container_of (hw, SpiceVoiceIn, hw); - uint64_t to_read = audio_rate_get_bytes(&hw->info, &in->rate, len) >> 2; + uint64_t to_read = audio_rate_get_bytes(&in->rate, &hw->info, len) >> 2; size_t ready = spice_server_record_get_samples(&in->sin, buf, to_read); /* diff --git a/audio/wavaudio.c b/audio/wavaudio.c index ac666335c7..3e1d84db83 100644 --- a/audio/wavaudio.c +++ b/audio/wavaudio.c @@ -42,7 +42,7 @@ typedef struct WAVVoiceOut { static size_t wav_write_out(HWVoiceOut *hw, void *buf, size_t len) { WAVVoiceOut *wav = (WAVVoiceOut *) hw; - int64_t bytes = audio_rate_get_bytes(&hw->info, &wav->rate, len); + int64_t bytes = audio_rate_get_bytes(&wav->rate, &hw->info, len); assert(bytes % hw->info.bytes_per_frame == 0); if (bytes && fwrite(buf, bytes, 1, wav->f) != 1) { From c4e592647e161fe23adc3eccd8743b285e4b342b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:37 +0200 Subject: [PATCH 45/96] audio: rename audio_sw_bytes_free() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rename and refactor audio_sw_bytes_free(). This function is not limited to calculate the free audio buffer size. The renamed function returns the number of frames instead of bytes. Signed-off-by: Volker Rümelin Reviewed-by: Marc-André Lureau Message-Id: <20220923183640.8314-9-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/audio.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/audio/audio.c b/audio/audio.c index 7213f8bf07..28262ffd58 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -1010,9 +1010,16 @@ static size_t audio_get_avail (SWVoiceIn *sw) return (((int64_t) live << 32) / sw->ratio) * sw->info.bytes_per_frame; } -static size_t audio_sw_bytes_free(SWVoiceOut *sw, size_t free) +/** + * audio_frontend_frames_out() - returns the number of frames needed to + * get frames_out frames after resampling + * + * @sw: audio playback frontend + * @frames_out: number of frames + */ +static size_t audio_frontend_frames_out(SWVoiceOut *sw, size_t frames_out) { - return (((int64_t)free << 32) / sw->ratio) * sw->info.bytes_per_frame; + return ((int64_t)frames_out << 32) / sw->ratio; } static size_t audio_get_free(SWVoiceOut *sw) @@ -1034,8 +1041,8 @@ static size_t audio_get_free(SWVoiceOut *sw) dead = sw->hw->mix_buf->size - live; #ifdef DEBUG_OUT - dolog("%s: get_free live %zu dead %zu sw_bytes %zu\n", - SW_NAME(sw), live, dead, audio_sw_bytes_free(sw, dead)); + dolog("%s: get_free live %zu dead %zu frontend frames %zu\n", + SW_NAME(sw), live, dead, audio_frontend_frames_out(sw, dead)); #endif return dead; @@ -1156,13 +1163,14 @@ static void audio_run_out (AudioState *s) size_t free; if (hw_free > sw->total_hw_samples_mixed) { - free = audio_sw_bytes_free(sw, + free = audio_frontend_frames_out(sw, MIN(sw_free, hw_free - sw->total_hw_samples_mixed)); } else { free = 0; } if (free > 0) { - sw->callback.fn(sw->callback.opaque, free); + sw->callback.fn(sw->callback.opaque, + free * sw->info.bytes_per_frame); } } } From 0724c57988f4ad826b02f12093ace5ef657cec21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:38 +0200 Subject: [PATCH 46/96] audio: refactor audio_get_avail() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Split out the code in audio_get_avail() that calculates the buffer size that the audio frontend can read. This is similar to the code changes in audio_get_free(). Signed-off-by: Volker Rümelin Reviewed-by: Marc-André Lureau Message-Id: <20220923183640.8314-10-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/audio.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/audio/audio.c b/audio/audio.c index 28262ffd58..ed2b9d5f7e 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -986,6 +986,18 @@ void AUD_set_active_in (SWVoiceIn *sw, int on) } } +/** + * audio_frontend_frames_in() - returns the number of frames the resampling + * code generates from frames_in frames + * + * @sw: audio recording frontend + * @frames_in: number of frames + */ +static size_t audio_frontend_frames_in(SWVoiceIn *sw, size_t frames_in) +{ + return ((int64_t)frames_in << 32) / sw->ratio; +} + static size_t audio_get_avail (SWVoiceIn *sw) { size_t live; @@ -1002,12 +1014,12 @@ static size_t audio_get_avail (SWVoiceIn *sw) } ldebug ( - "%s: get_avail live %zu ret %" PRId64 "\n", + "%s: get_avail live %zu frontend frames %zu\n", SW_NAME (sw), - live, (((int64_t) live << 32) / sw->ratio) * sw->info.bytes_per_frame + live, audio_frontend_frames_in(sw, live) ); - return (((int64_t) live << 32) / sw->ratio) * sw->info.bytes_per_frame; + return live; } /** @@ -1309,11 +1321,13 @@ static void audio_run_in (AudioState *s) sw->total_hw_samples_acquired -= min; if (sw->active) { + size_t sw_avail = audio_get_avail(sw); size_t avail; - avail = audio_get_avail (sw); + avail = audio_frontend_frames_in(sw, sw_avail); if (avail > 0) { - sw->callback.fn (sw->callback.opaque, avail); + sw->callback.fn(sw->callback.opaque, + avail * sw->info.bytes_per_frame); } } } From b73ef11ff68f05418c8b60945b1e1783a72bd822 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:39 +0200 Subject: [PATCH 47/96] audio: fix sw->buf size for audio recording MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The calculation of the buffer size needed to store audio samples after resampling is wrong for audio recording. For audio recording sw->ratio is calculated as sw->ratio = frontend sample rate / backend sample rate. From this follows frontend samples = frontend sample rate / backend sample rate * backend samples frontend samples = sw->ratio * backend samples In 2 of 3 places in the audio recording code where sw->ratio is used in a calculation to get the number of frontend frames, the calculation is wrong. Fix this. The 3rd formula in audio_pcm_sw_read() is correct. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/71 Signed-off-by: Volker Rümelin Acked-by: Marc-André Lureau Message-Id: <20220923183640.8314-11-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/audio.c | 2 +- audio/audio_template.h | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/audio/audio.c b/audio/audio.c index ed2b9d5f7e..886725747b 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -995,7 +995,7 @@ void AUD_set_active_in (SWVoiceIn *sw, int on) */ static size_t audio_frontend_frames_in(SWVoiceIn *sw, size_t frames_in) { - return ((int64_t)frames_in << 32) / sw->ratio; + return (int64_t)frames_in * sw->ratio >> 32; } static size_t audio_get_avail (SWVoiceIn *sw) diff --git a/audio/audio_template.h b/audio/audio_template.h index 98ab557684..720a32e57e 100644 --- a/audio/audio_template.h +++ b/audio/audio_template.h @@ -110,7 +110,11 @@ static int glue (audio_pcm_sw_alloc_resources_, TYPE) (SW *sw) return 0; } +#ifdef DAC samples = ((int64_t) sw->HWBUF->size << 32) / sw->ratio; +#else + samples = (int64_t)sw->HWBUF->size * sw->ratio >> 32; +#endif sw->buf = audio_calloc(__func__, samples, sizeof(struct st_sample)); if (!sw->buf) { From b6d93282ccac79e42d87d02652db353894cd1db9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Volker=20R=C3=BCmelin?= Date: Fri, 23 Sep 2022 20:36:40 +0200 Subject: [PATCH 48/96] audio: prevent an integer overflow in resampling code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There are corner cases where rate->opos can overflow. For example, if QEMU is started with -audiodev pa,id=audio0, out.frequency=11025 -device ich9-intel-hda -device hda-duplex, audiodev=audio0 and the guest plays audio with a sampling frequency of 44100Hz, rate->opos will overflow after 27.05h and the audio stream will be silent for a long time. To prevent a rate->opos and also a rate->ipos overflow, both are wrapped around after a short time. The wrap around point rate->ipos >= 0x10001 is an arbitrarily selected value and can be any small value, 0 and 1 included. The comment that an ipos overflow will result in an infinite loop has been removed, because in this case the resampling code only generates no more output samples and the audio stream stalls. However, there is no infinite loop. Signed-off-by: Volker Rümelin Message-Id: <20220923183640.8314-12-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- audio/rate_template.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/audio/rate_template.h b/audio/rate_template.h index f94c940c61..b432719ebb 100644 --- a/audio/rate_template.h +++ b/audio/rate_template.h @@ -72,11 +72,6 @@ void NAME (void *opaque, struct st_sample *ibuf, struct st_sample *obuf, ilast = *ibuf++; rate->ipos++; - /* if ipos overflow, there is a infinite loop */ - if (rate->ipos == 0xffffffff) { - rate->ipos = 1; - rate->opos = rate->opos & 0xffffffff; - } /* See if we finished the input buffer yet */ if (ibuf >= iend) { goto the_end; @@ -85,6 +80,12 @@ void NAME (void *opaque, struct st_sample *ibuf, struct st_sample *obuf, icur = *ibuf; + /* wrap ipos and opos around long before they overflow */ + if (rate->ipos >= 0x10001) { + rate->ipos = 1; + rate->opos &= 0xffffffff; + } + /* interpolate */ #ifdef FLOAT_MIXENG #ifdef RECIPROCAL From 5d2456789ac50b11c2bd560ddf3470fe820bb0ff Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 10 Oct 2022 15:28:54 +0200 Subject: [PATCH 49/96] linux-user: i386/signal: support XSAVE/XRSTOR for signal frame fpstate Add support for saving/restoring extended save states when signals are delivered. This allows using AVX, MPX or PKRU registers in signal handlers. Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini --- linux-user/i386/signal.c | 119 +++++++++++++++++++++++++++++------ target/i386/cpu.c | 2 +- target/i386/cpu.h | 3 + target/i386/tcg/fpu_helper.c | 64 +++++++++++-------- 4 files changed, 142 insertions(+), 46 deletions(-) diff --git a/linux-user/i386/signal.c b/linux-user/i386/signal.c index 58b11be116..60fa07d6f9 100644 --- a/linux-user/i386/signal.c +++ b/linux-user/i386/signal.c @@ -24,6 +24,10 @@ /* from the Linux kernel - /arch/x86/include/uapi/asm/sigcontext.h */ +#define TARGET_FP_XSTATE_MAGIC1 0x46505853U /* FPXS */ +#define TARGET_FP_XSTATE_MAGIC2 0x46505845U /* FPXE */ +#define TARGET_FP_XSTATE_MAGIC2_SIZE 4 + struct target_fpreg { uint16_t significand[4]; uint16_t exponent; @@ -39,6 +43,15 @@ struct target_xmmreg { uint32_t element[4]; }; +struct target_fpx_sw_bytes { + uint32_t magic1; + uint32_t extended_size; + uint64_t xfeatures; + uint32_t xstate_size; + uint32_t reserved[7]; +}; +QEMU_BUILD_BUG_ON(sizeof(struct target_fpx_sw_bytes) != 12*4); + struct target_fpstate_fxsave { /* FXSAVE format */ uint16_t cw; @@ -51,10 +64,13 @@ struct target_fpstate_fxsave { uint32_t mxcsr_mask; uint32_t st_space[32]; uint32_t xmm_space[64]; - uint32_t reserved[24]; + uint32_t hw_reserved[12]; + struct target_fpx_sw_bytes sw_reserved; + uint8_t xfeatures[]; }; #define TARGET_FXSAVE_SIZE sizeof(struct target_fpstate_fxsave) QEMU_BUILD_BUG_ON(TARGET_FXSAVE_SIZE != 512); +QEMU_BUILD_BUG_ON(offsetof(struct target_fpstate_fxsave, sw_reserved) != 464); struct target_fpstate_32 { /* Regular FPU environment */ @@ -214,13 +230,39 @@ struct rt_sigframe { * Set up a signal frame. */ -static void fxsave_sigcontext(CPUX86State *env, struct target_fpstate_fxsave *fxsave, - abi_ulong fxsave_addr) +static void xsave_sigcontext(CPUX86State *env, struct target_fpstate_fxsave *fxsave, + abi_ulong fxsave_addr) { - /* fxsave_addr must be 16 byte aligned for fxsave */ - assert(!(fxsave_addr & 0xf)); + if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) { + /* fxsave_addr must be 16 byte aligned for fxsave */ + assert(!(fxsave_addr & 0xf)); - cpu_x86_fxsave(env, fxsave_addr); + cpu_x86_fxsave(env, fxsave_addr); + __put_user(0, &fxsave->sw_reserved.magic1); + } else { + uint32_t xstate_size = xsave_area_size(env->xcr0, false); + uint32_t xfeatures_size = xstate_size - TARGET_FXSAVE_SIZE; + + /* + * extended_size is the offset from fpstate_addr to right after the end + * of the extended save states. On 32-bit that includes the legacy + * FSAVE area. + */ + uint32_t extended_size = TARGET_FPSTATE_FXSAVE_OFFSET + + xstate_size + TARGET_FP_XSTATE_MAGIC2_SIZE; + + /* fxsave_addr must be 64 byte aligned for xsave */ + assert(!(fxsave_addr & 0x3f)); + + /* Zero the header, XSAVE *adds* features to an existing save state. */ + memset(fxsave->xfeatures, 0, 64); + cpu_x86_xsave(env, fxsave_addr); + __put_user(TARGET_FP_XSTATE_MAGIC1, &fxsave->sw_reserved.magic1); + __put_user(extended_size, &fxsave->sw_reserved.extended_size); + __put_user(env->xcr0, &fxsave->sw_reserved.xfeatures); + __put_user(xstate_size, &fxsave->sw_reserved.xstate_size); + __put_user(TARGET_FP_XSTATE_MAGIC2, (uint32_t *) &fxsave->xfeatures[xfeatures_size]); + } } static void setup_sigcontext(struct target_sigcontext *sc, @@ -257,8 +299,8 @@ static void setup_sigcontext(struct target_sigcontext *sc, if (!(env->features[FEAT_1_EDX] & CPUID_FXSR)) { magic = 0xffff; } else { - fxsave_sigcontext(env, &fpstate->fxsave, - fpstate_addr + TARGET_FPSTATE_FXSAVE_OFFSET); + xsave_sigcontext(env, &fpstate->fxsave, + fpstate_addr + TARGET_FPSTATE_FXSAVE_OFFSET); magic = 0; } __put_user(magic, &fpstate->magic); @@ -291,7 +333,7 @@ static void setup_sigcontext(struct target_sigcontext *sc, __put_user((uint16_t)0, &sc->fs); __put_user(env->segs[R_SS].selector, &sc->ss); - fxsave_sigcontext(env, fpstate, fpstate_addr); + xsave_sigcontext(env, fpstate, fpstate_addr); #endif __put_user(fpstate_addr, &sc->fpstate); @@ -332,8 +374,12 @@ get_sigframe(struct target_sigaction *ka, CPUX86State *env, size_t fxsave_offset if (!(env->features[FEAT_1_EDX] & CPUID_FXSR)) { return (esp - (fxsave_offset + TARGET_FXSAVE_SIZE)) & -8ul; - } else { + } else if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) { return ((esp - TARGET_FXSAVE_SIZE) & -16ul) - fxsave_offset; + } else { + size_t xstate_size = + xsave_area_size(env->xcr0, false) + TARGET_FP_XSTATE_MAGIC2_SIZE; + return ((esp - xstate_size) & -64ul) - fxsave_offset; } } @@ -437,7 +483,11 @@ void setup_rt_frame(int sig, struct target_sigaction *ka, } /* Create the ucontext. */ - __put_user(0, &frame->uc.tuc_flags); + if (env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE) { + __put_user(1, &frame->uc.tuc_flags); + } else { + __put_user(0, &frame->uc.tuc_flags); + } __put_user(0, &frame->uc.tuc_link); target_save_altstack(&frame->uc.tuc_stack, env); setup_sigcontext(&frame->uc.tuc_mcontext, &frame->fpstate, env, @@ -491,10 +541,37 @@ give_sigsegv: force_sigsegv(sig); } +static int xrstor_sigcontext(CPUX86State *env, struct target_fpstate_fxsave *fxsave, + abi_ulong fxsave_addr) +{ + if (env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE) { + uint32_t extended_size = tswapl(fxsave->sw_reserved.extended_size); + uint32_t xstate_size = tswapl(fxsave->sw_reserved.xstate_size); + uint32_t xfeatures_size = xstate_size - TARGET_FXSAVE_SIZE; + + /* Linux checks MAGIC2 using xstate_size, not extended_size. */ + if (tswapl(fxsave->sw_reserved.magic1) == TARGET_FP_XSTATE_MAGIC1 && + extended_size >= TARGET_FPSTATE_FXSAVE_OFFSET + xstate_size + TARGET_FP_XSTATE_MAGIC2_SIZE) { + if (!access_ok(env_cpu(env), VERIFY_READ, fxsave_addr, + extended_size - TARGET_FPSTATE_FXSAVE_OFFSET)) { + return 1; + } + if (tswapl(*(uint32_t *) &fxsave->xfeatures[xfeatures_size]) == TARGET_FP_XSTATE_MAGIC2) { + cpu_x86_xrstor(env, fxsave_addr); + return 0; + } + } + /* fall through to fxrstor */ + } + + cpu_x86_fxrstor(env, fxsave_addr); + return 0; +} + static int restore_sigcontext(CPUX86State *env, struct target_sigcontext *sc) { - unsigned int err = 0; + int err = 1; abi_ulong fpstate_addr; unsigned int tmpflags; @@ -545,24 +622,28 @@ restore_sigcontext(CPUX86State *env, struct target_sigcontext *sc) fpstate_addr = tswapl(sc->fpstate); if (fpstate_addr != 0) { - if (!access_ok(env_cpu(env), VERIFY_READ, fpstate_addr, - sizeof(struct target_fpstate))) { - goto badframe; + struct target_fpstate *fpstate; + if (!lock_user_struct(VERIFY_READ, fpstate, fpstate_addr, + sizeof(struct target_fpstate))) { + return err; } #ifndef TARGET_X86_64 if (!(env->features[FEAT_1_EDX] & CPUID_FXSR)) { cpu_x86_frstor(env, fpstate_addr, 1); + err = 0; } else { - cpu_x86_fxrstor(env, fpstate_addr + TARGET_FPSTATE_FXSAVE_OFFSET); + err = xrstor_sigcontext(env, &fpstate->fxsave, + fpstate_addr + TARGET_FPSTATE_FXSAVE_OFFSET); } #else - cpu_x86_fxrstor(env, fpstate_addr); + err = xrstor_sigcontext(env, fpstate, fpstate_addr); #endif + unlock_user_struct(fpstate, fpstate_addr, 0); + } else { + err = 0; } return err; -badframe: - return 1; } /* Note: there is no sigreturn on x86_64, there is only rt_sigreturn */ diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 06884177fa..8a11470507 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -1467,7 +1467,7 @@ ExtSaveArea x86_ext_save_areas[XSAVE_STATE_AREA_COUNT] = { }, }; -static uint32_t xsave_area_size(uint64_t mask, bool compacted) +uint32_t xsave_area_size(uint64_t mask, bool compacted) { uint64_t ret = x86_ext_save_areas[0].size; const ExtSaveArea *esa; diff --git a/target/i386/cpu.h b/target/i386/cpu.h index d4124973ce..9327353fff 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -2071,6 +2071,8 @@ void cpu_x86_fsave(CPUX86State *s, target_ulong ptr, int data32); void cpu_x86_frstor(CPUX86State *s, target_ulong ptr, int data32); void cpu_x86_fxsave(CPUX86State *s, target_ulong ptr); void cpu_x86_fxrstor(CPUX86State *s, target_ulong ptr); +void cpu_x86_xsave(CPUX86State *s, target_ulong ptr); +void cpu_x86_xrstor(CPUX86State *s, target_ulong ptr); /* cpu.c */ void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1, @@ -2327,6 +2329,7 @@ bool cpu_is_bsp(X86CPU *cpu); void x86_cpu_xrstor_all_areas(X86CPU *cpu, const void *buf, uint32_t buflen); void x86_cpu_xsave_all_areas(X86CPU *cpu, void *buf, uint32_t buflen); +uint32_t xsave_area_size(uint64_t mask, bool compacted); void x86_update_hflags(CPUX86State* env); static inline bool hyperv_feat_enabled(X86CPU *cpu, int feat) diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c index 30bc44fcf8..ad58931751 100644 --- a/target/i386/tcg/fpu_helper.c +++ b/target/i386/tcg/fpu_helper.c @@ -2502,18 +2502,6 @@ void helper_frstor(CPUX86State *env, target_ulong ptr, int data32) do_frstor(env, ptr, data32, GETPC()); } -#if defined(CONFIG_USER_ONLY) -void cpu_x86_fsave(CPUX86State *env, target_ulong ptr, int data32) -{ - do_fsave(env, ptr, data32, 0); -} - -void cpu_x86_frstor(CPUX86State *env, target_ulong ptr, int data32) -{ - do_frstor(env, ptr, data32, 0); -} -#endif - #define XO(X) offsetof(X86XSaveArea, X) static void do_xsave_fpu(CPUX86State *env, target_ulong ptr, uintptr_t ra) @@ -2787,21 +2775,8 @@ void helper_fxrstor(CPUX86State *env, target_ulong ptr) do_fxrstor(env, ptr, GETPC()); } -#if defined(CONFIG_USER_ONLY) -void cpu_x86_fxsave(CPUX86State *env, target_ulong ptr) +static void do_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm, uintptr_t ra) { - do_fxsave(env, ptr, 0); -} - -void cpu_x86_fxrstor(CPUX86State *env, target_ulong ptr) -{ - do_fxrstor(env, ptr, 0); -} -#endif - -void helper_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm) -{ - uintptr_t ra = GETPC(); uint64_t xstate_bv, xcomp_bv, reserve0; rfbm &= env->xcr0; @@ -2894,6 +2869,43 @@ void helper_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm) #undef XO +void helper_xrstor(CPUX86State *env, target_ulong ptr, uint64_t rfbm) +{ + do_xrstor(env, ptr, rfbm, GETPC()); +} + +#if defined(CONFIG_USER_ONLY) +void cpu_x86_fsave(CPUX86State *env, target_ulong ptr, int data32) +{ + do_fsave(env, ptr, data32, 0); +} + +void cpu_x86_frstor(CPUX86State *env, target_ulong ptr, int data32) +{ + do_frstor(env, ptr, data32, 0); +} + +void cpu_x86_fxsave(CPUX86State *env, target_ulong ptr) +{ + do_fxsave(env, ptr, 0); +} + +void cpu_x86_fxrstor(CPUX86State *env, target_ulong ptr) +{ + do_fxrstor(env, ptr, 0); +} + +void cpu_x86_xsave(CPUX86State *env, target_ulong ptr) +{ + do_xsave(env, ptr, -1, get_xinuse(env), -1, 0); +} + +void cpu_x86_xrstor(CPUX86State *env, target_ulong ptr) +{ + do_xrstor(env, ptr, -1, 0); +} +#endif + uint64_t helper_xgetbv(CPUX86State *env, uint32_t ecx) { /* The OS must have enabled XSAVE. */ From f15cfe419eebc49d28949f4fa75259e530136eab Mon Sep 17 00:00:00 2001 From: Juan Quintela Date: Fri, 2 Sep 2022 18:51:19 +0200 Subject: [PATCH 50/96] qtest: "-display none" is set in qtest_init() So we don't need to set anywhere else. Signed-off-by: Juan Quintela [thuth: Drop changes in tests/qtest/fuzz/ since the fuzzers still need this] Message-Id: <20220902165126.1482-2-quintela@redhat.com> Signed-off-by: Thomas Huth --- tests/qtest/bios-tables-test.c | 2 +- tests/qtest/fuzz-lsi53c895a-test.c | 2 +- tests/qtest/fuzz-megasas-test.c | 2 +- tests/qtest/fuzz-sb16-test.c | 6 +++--- tests/qtest/fuzz-sdcard-test.c | 6 +++--- tests/qtest/fuzz-virtio-scsi-test.c | 2 +- tests/qtest/fuzz-xlnx-dp-test.c | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c index 2ebeb530b2..e6096e7f73 100644 --- a/tests/qtest/bios-tables-test.c +++ b/tests/qtest/bios-tables-test.c @@ -725,7 +725,7 @@ static char *test_acpi_create_args(test_data *data, const char *params, } } else { args = g_strdup_printf("-machine %s %s -accel tcg " - "-net none -display none %s " + "-net none %s " "-drive id=hd0,if=none,file=%s,format=raw " "-device %s,drive=hd0 ", data->machine, data->tcg_only ? "" : "-accel kvm", diff --git a/tests/qtest/fuzz-lsi53c895a-test.c b/tests/qtest/fuzz-lsi53c895a-test.c index 434c16bf42..392a7ae7ed 100644 --- a/tests/qtest/fuzz-lsi53c895a-test.c +++ b/tests/qtest/fuzz-lsi53c895a-test.c @@ -21,7 +21,7 @@ static void test_lsi_do_msgout_cancel_req(void) return; } - s = qtest_init("-M q35 -m 2G -display none -nodefaults " + s = qtest_init("-M q35 -m 2G -nodefaults " "-device lsi53c895a,id=scsi " "-device scsi-hd,drive=disk0 " "-drive file=null-co://,id=disk0,if=none,format=raw"); diff --git a/tests/qtest/fuzz-megasas-test.c b/tests/qtest/fuzz-megasas-test.c index 287fe19fc7..8d7ed3723a 100644 --- a/tests/qtest/fuzz-megasas-test.c +++ b/tests/qtest/fuzz-megasas-test.c @@ -40,7 +40,7 @@ static void test_lp1878263_megasas_zero_iov_cnt(void) */ static void test_gitlab_issue521_megasas_sgl_ovf(void) { - QTestState *s = qtest_init("-display none -m 32M -machine q35 " + QTestState *s = qtest_init("-m 32M -machine q35 " "-nodefaults -device megasas " "-device scsi-cd,drive=null0 " "-blockdev " diff --git a/tests/qtest/fuzz-sb16-test.c b/tests/qtest/fuzz-sb16-test.c index add2a2ad39..fc445b1871 100644 --- a/tests/qtest/fuzz-sb16-test.c +++ b/tests/qtest/fuzz-sb16-test.c @@ -15,7 +15,7 @@ */ static void test_fuzz_sb16_0x1c(void) { - QTestState *s = qtest_init("-M q35 -display none " + QTestState *s = qtest_init("-M q35 " "-device sb16,audiodev=snd0 " "-audiodev none,id=snd0"); qtest_outw(s, 0x22c, 0x41); @@ -27,7 +27,7 @@ static void test_fuzz_sb16_0x1c(void) static void test_fuzz_sb16_0x91(void) { - QTestState *s = qtest_init("-M pc -display none " + QTestState *s = qtest_init("-M pc " "-device sb16,audiodev=none " "-audiodev id=none,driver=none"); qtest_outw(s, 0x22c, 0xf141); @@ -43,7 +43,7 @@ static void test_fuzz_sb16_0x91(void) */ static void test_fuzz_sb16_0xd4(void) { - QTestState *s = qtest_init("-M pc -display none " + QTestState *s = qtest_init("-M pc " "-device sb16,audiodev=none " "-audiodev id=none,driver=none"); qtest_outb(s, 0x22c, 0x41); diff --git a/tests/qtest/fuzz-sdcard-test.c b/tests/qtest/fuzz-sdcard-test.c index e7fd818148..cd134cdf55 100644 --- a/tests/qtest/fuzz-sdcard-test.c +++ b/tests/qtest/fuzz-sdcard-test.c @@ -18,7 +18,7 @@ static void oss_fuzz_29225(void) { QTestState *s; - s = qtest_init(" -display none -m 512m -nodefaults -nographic" + s = qtest_init(" -m 512m -nodefaults -nographic" " -device sdhci-pci,sd-spec-version=3" " -device sd-card,drive=d0" " -drive if=none,index=0,file=null-co://,format=raw,id=d0"); @@ -61,7 +61,7 @@ static void oss_fuzz_36217(void) { QTestState *s; - s = qtest_init(" -display none -m 32 -nodefaults -nographic" + s = qtest_init(" -m 32 -nodefaults -nographic" " -device sdhci-pci,sd-spec-version=3 " "-device sd-card,drive=d0 " "-drive if=none,index=0,file=null-co://,format=raw,id=d0"); @@ -95,7 +95,7 @@ static void oss_fuzz_36391(void) { QTestState *s; - s = qtest_init(" -display none -m 512M -nodefaults -nographic" + s = qtest_init(" -m 512M -nodefaults -nographic" " -device sdhci-pci,sd-spec-version=3" " -device sd-card,drive=drv" " -drive if=none,index=0,file=null-co://,format=raw,id=drv"); diff --git a/tests/qtest/fuzz-virtio-scsi-test.c b/tests/qtest/fuzz-virtio-scsi-test.c index 71c91b0356..e37b48b2cc 100644 --- a/tests/qtest/fuzz-virtio-scsi-test.c +++ b/tests/qtest/fuzz-virtio-scsi-test.c @@ -19,7 +19,7 @@ static void test_mmio_oob_from_memory_region_cache(void) { QTestState *s; - s = qtest_init("-M pc-q35-5.2 -display none -m 512M " + s = qtest_init("-M pc-q35-5.2 -m 512M " "-device virtio-scsi,num_queues=8,addr=03.0 "); qtest_outl(s, 0xcf8, 0x80001811); diff --git a/tests/qtest/fuzz-xlnx-dp-test.c b/tests/qtest/fuzz-xlnx-dp-test.c index 51e9a37300..e8c483965f 100644 --- a/tests/qtest/fuzz-xlnx-dp-test.c +++ b/tests/qtest/fuzz-xlnx-dp-test.c @@ -14,7 +14,7 @@ */ static void test_fuzz_xlnx_dp_0x3ac(void) { - QTestState *s = qtest_init("-M xlnx-zcu102 -display none "); + QTestState *s = qtest_init("-M xlnx-zcu102 "); qtest_readl(s, 0xfd4a03ac); qtest_quit(s); } From 770beadb984d630a89b5a7327925a4cfba4488d5 Mon Sep 17 00:00:00 2001 From: dinglimin Date: Wed, 28 Sep 2022 16:05:55 +0800 Subject: [PATCH 51/96] tests/migration: remove the unused local variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove the unused local variable "records". Signed-off-by: dinglimin Reviewed-by: Ján Tomko Message-Id: <20220928080555.2263-1-dinglimin@cmss.chinamobile.com> Signed-off-by: Thomas Huth --- tests/migration/guestperf/engine.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/migration/guestperf/engine.py b/tests/migration/guestperf/engine.py index 87a6ab2009..59fca2c70b 100644 --- a/tests/migration/guestperf/engine.py +++ b/tests/migration/guestperf/engine.py @@ -65,7 +65,6 @@ class Engine(object): return records def _cpu_timing(self, pid): - records = [] now = time.time() jiffies_per_sec = os.sysconf(os.sysconf_names['SC_CLK_TCK']) From ea42a6c405269229d0923719854637425be07b31 Mon Sep 17 00:00:00 2001 From: Michael Labiuk Date: Fri, 30 Sep 2022 01:35:39 +0300 Subject: [PATCH 52/96] tests/x86: add helper qtest_qmp_device_del_send() Move sending 'device_del' command to separate function. Function can be used in case of addition action is needed to start actual removing device after sending command. Signed-off-by: Michael Labiuk Message-Id: <20220929223547.1429580-2-michael.labiuk@virtuozzo.com> Reviewed-by: Thomas Huth [thuth: Fixed typo] Signed-off-by: Thomas Huth --- tests/qtest/device-plug-test.c | 15 ++------------- tests/qtest/drive_del-test.c | 6 +----- tests/qtest/libqos/pci-pc.c | 8 +------- tests/qtest/libqtest.c | 18 +++++++++++------- tests/qtest/libqtest.h | 10 ++++++++++ 5 files changed, 25 insertions(+), 32 deletions(-) diff --git a/tests/qtest/device-plug-test.c b/tests/qtest/device-plug-test.c index e595b45b66..3841de1b8c 100644 --- a/tests/qtest/device-plug-test.c +++ b/tests/qtest/device-plug-test.c @@ -15,17 +15,6 @@ #include "qapi/qmp/qdict.h" #include "qapi/qmp/qstring.h" -static void device_del(QTestState *qtest, const char *id) -{ - QDict *resp; - - resp = qtest_qmp(qtest, - "{'execute': 'device_del', 'arguments': { 'id': %s } }", id); - - g_assert(qdict_haskey(resp, "return")); - qobject_unref(resp); -} - static void system_reset(QTestState *qtest) { QDict *resp; @@ -68,7 +57,7 @@ static void process_device_remove(QTestState *qtest, const char *id) * be processed. However during system reset, the removal will be * handled, removing the device. */ - device_del(qtest, id); + qtest_qmp_device_del_send(qtest, id); system_reset(qtest); wait_device_deleted_event(qtest, id); } @@ -112,7 +101,7 @@ static void test_ccw_unplug(void) { QTestState *qtest = qtest_initf("-device virtio-balloon-ccw,id=dev0"); - device_del(qtest, "dev0"); + qtest_qmp_device_del_send(qtest, "dev0"); wait_device_deleted_event(qtest, "dev0"); qtest_quit(qtest); diff --git a/tests/qtest/drive_del-test.c b/tests/qtest/drive_del-test.c index 5e6d58b4dd..467e752b0d 100644 --- a/tests/qtest/drive_del-test.c +++ b/tests/qtest/drive_del-test.c @@ -143,11 +143,7 @@ static void device_del(QTestState *qts, bool and_reset) { QDict *response; - response = qtest_qmp(qts, "{'execute': 'device_del'," - " 'arguments': { 'id': 'dev0' } }"); - g_assert(response); - g_assert(qdict_haskey(response, "return")); - qobject_unref(response); + qtest_qmp_device_del_send(qts, "dev0"); if (and_reset) { response = qtest_qmp(qts, "{'execute': 'system_reset' }"); diff --git a/tests/qtest/libqos/pci-pc.c b/tests/qtest/libqos/pci-pc.c index 81c2c055ca..96046287ac 100644 --- a/tests/qtest/libqos/pci-pc.c +++ b/tests/qtest/libqos/pci-pc.c @@ -179,13 +179,7 @@ void qpci_free_pc(QPCIBus *bus) void qpci_unplug_acpi_device_test(QTestState *qts, const char *id, uint8_t slot) { - QDict *response; - - response = qtest_qmp(qts, "{'execute': 'device_del'," - " 'arguments': {'id': %s}}", id); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - qobject_unref(response); + qtest_qmp_device_del_send(qts, id); qtest_outl(qts, ACPI_PCIHP_ADDR + PCI_EJ_BASE, 1 << slot); diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c index 4f4b2d6477..7b6152807b 100644 --- a/tests/qtest/libqtest.c +++ b/tests/qtest/libqtest.c @@ -1371,15 +1371,19 @@ void qtest_qmp_add_client(QTestState *qts, const char *protocol, int fd) * * {"return": {}} */ +void qtest_qmp_device_del_send(QTestState *qts, const char *id) +{ + QDict *rsp = qtest_qmp(qts, "{'execute': 'device_del', " + "'arguments': {'id': %s}}", id); + g_assert(rsp); + g_assert(qdict_haskey(rsp, "return")); + g_assert(!qdict_haskey(rsp, "error")); + qobject_unref(rsp); +} + void qtest_qmp_device_del(QTestState *qts, const char *id) { - QDict *rsp; - - rsp = qtest_qmp(qts, "{'execute': 'device_del', 'arguments': {'id': %s}}", - id); - - g_assert(qdict_haskey(rsp, "return")); - qobject_unref(rsp); + qtest_qmp_device_del_send(qts, id); qtest_qmp_eventwait(qts, "DEVICE_DELETED"); } diff --git a/tests/qtest/libqtest.h b/tests/qtest/libqtest.h index 3abc75964d..65c040e504 100644 --- a/tests/qtest/libqtest.h +++ b/tests/qtest/libqtest.h @@ -761,12 +761,22 @@ void qtest_qmp_device_add(QTestState *qts, const char *driver, const char *id, void qtest_qmp_add_client(QTestState *qts, const char *protocol, int fd); #endif /* _WIN32 */ +/** + * qtest_qmp_device_del_send: + * @qts: QTestState instance to operate on + * @id: Identification string + * + * Generic hot-unplugging test via the device_del QMP command. + */ +void qtest_qmp_device_del_send(QTestState *qts, const char *id); + /** * qtest_qmp_device_del: * @qts: QTestState instance to operate on * @id: Identification string * * Generic hot-unplugging test via the device_del QMP command. + * Waiting for command completion event. */ void qtest_qmp_device_del(QTestState *qts, const char *id); From a12f1a7e56b7f21fee49f419dd4220c4b9e0ee7f Mon Sep 17 00:00:00 2001 From: Michael Labiuk Date: Fri, 30 Sep 2022 01:35:40 +0300 Subject: [PATCH 53/96] tests/x86: Add subtest with 'q35' machine type to device-plug-test Configure pci bridge setting to plug pci device and unplug. Signed-off-by: Michael Labiuk Message-Id: <20220929223547.1429580-3-michael.labiuk@virtuozzo.com> Reviewed-by: Thomas Huth Signed-off-by: Thomas Huth --- tests/qtest/device-plug-test.c | 41 ++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/tests/qtest/device-plug-test.c b/tests/qtest/device-plug-test.c index 3841de1b8c..3f44f731d1 100644 --- a/tests/qtest/device-plug-test.c +++ b/tests/qtest/device-plug-test.c @@ -79,6 +79,19 @@ static void test_pci_unplug_request(void) qtest_quit(qtest); } +static void test_q35_pci_unplug_request(void) +{ + + QTestState *qtest = qtest_initf("-machine q35 " + "-device pcie-root-port,id=p1 " + "-device pcie-pci-bridge,bus=p1,id=b1 " + "-device virtio-mouse-pci,bus=b1,id=dev0"); + + process_device_remove(qtest, "dev0"); + + qtest_quit(qtest); +} + static void test_pci_unplug_json_request(void) { const char *arch = qtest_get_arch(); @@ -97,6 +110,27 @@ static void test_pci_unplug_json_request(void) qtest_quit(qtest); } +static void test_q35_pci_unplug_json_request(void) +{ + const char *port = "-device '{\"driver\": \"pcie-root-port\", " + "\"id\": \"p1\"}'"; + + const char *bridge = "-device '{\"driver\": \"pcie-pci-bridge\", " + "\"id\": \"b1\", " + "\"bus\": \"p1\"}'"; + + const char *device = "-device '{\"driver\": \"virtio-mouse-pci\", " + "\"bus\": \"b1\", " + "\"id\": \"dev0\"}'"; + + QTestState *qtest = qtest_initf("-machine q35 %s %s %s", + port, bridge, device); + + process_device_remove(qtest, "dev0"); + + qtest_quit(qtest); +} + static void test_ccw_unplug(void) { QTestState *qtest = qtest_initf("-device virtio-balloon-ccw,id=dev0"); @@ -176,5 +210,12 @@ int main(int argc, char **argv) test_spapr_phb_unplug_request); } + if (!strcmp(arch, "x86_64") && qtest_has_machine("q35")) { + qtest_add_func("/device-plug/q35-pci-unplug-request", + test_q35_pci_unplug_request); + qtest_add_func("/device-plug/q35-pci-unplug-json-request", + test_q35_pci_unplug_json_request); + } + return g_test_run(); } From 19bc7e3e16214eb27bc6bb0c18de675ea71b66b2 Mon Sep 17 00:00:00 2001 From: Michael Labiuk Date: Fri, 30 Sep 2022 01:35:41 +0300 Subject: [PATCH 54/96] tests/x86: Refactor hot unplug hd-geo-test Moving common code to function. Signed-off-by: Michael Labiuk Message-Id: <20220929223547.1429580-4-michael.labiuk@virtuozzo.com> Reviewed-by: Thomas Huth Signed-off-by: Thomas Huth --- tests/qtest/hd-geo-test.c | 136 +++++++++++++++----------------------- 1 file changed, 53 insertions(+), 83 deletions(-) diff --git a/tests/qtest/hd-geo-test.c b/tests/qtest/hd-geo-test.c index ba772f4d7a..61f4c24b81 100644 --- a/tests/qtest/hd-geo-test.c +++ b/tests/qtest/hd-geo-test.c @@ -691,7 +691,8 @@ static void add_virtio_disk(TestArgs *args, args->n_virtio_disks++; } -static void test_override(TestArgs *args, CHSResult expected[]) +static void test_override(TestArgs *args, const char *arch, + CHSResult expected[]) { QTestState *qts; char *joined_args; @@ -700,7 +701,7 @@ static void test_override(TestArgs *args, CHSResult expected[]) joined_args = g_strjoinv(" ", args->argv); - qts = qtest_initf("-machine pc %s", joined_args); + qts = qtest_initf("-machine %s %s", arch, joined_args); fw_cfg = pc_fw_cfg_init(qts); read_bootdevices(fw_cfg, expected); @@ -737,7 +738,7 @@ static void test_override_ide(void) add_ide_disk(args, 1, 0, 1, 9000, 120, 30); add_ide_disk(args, 2, 1, 0, 0, 1, 1); add_ide_disk(args, 3, 1, 1, 1, 0, 0); - test_override(args, expected); + test_override(args, "pc", expected); } static void test_override_scsi(void) @@ -759,7 +760,7 @@ static void test_override_scsi(void) add_scsi_disk(args, 1, 0, 0, 1, 0, 9000, 120, 30); add_scsi_disk(args, 2, 0, 0, 2, 0, 1, 0, 0); add_scsi_disk(args, 3, 0, 0, 3, 0, 0, 1, 0); - test_override(args, expected); + test_override(args, "pc", expected); } static void test_override_scsi_2_controllers(void) @@ -782,7 +783,7 @@ static void test_override_scsi_2_controllers(void) add_scsi_disk(args, 1, 0, 0, 1, 0, 9000, 120, 30); add_scsi_disk(args, 2, 1, 0, 0, 1, 1, 0, 0); add_scsi_disk(args, 3, 1, 0, 1, 2, 0, 1, 0); - test_override(args, expected); + test_override(args, "pc", expected); } static void test_override_virtio_blk(void) @@ -797,7 +798,7 @@ static void test_override_virtio_blk(void) add_drive_with_mbr(args, empty_mbr, 1); add_virtio_disk(args, 0, "pci.0", 3, 10000, 120, 30); add_virtio_disk(args, 1, "pci.0", 4, 9000, 120, 30); - test_override(args, expected); + test_override(args, "pc", expected); } static void test_override_zero_chs(void) @@ -808,16 +809,54 @@ static void test_override_zero_chs(void) }; add_drive_with_mbr(args, empty_mbr, 1); add_ide_disk(args, 0, 1, 1, 0, 0, 0); - test_override(args, expected); + test_override(args, "pc", expected); } -static void test_override_scsi_hot_unplug(void) +static void test_override_hot_unplug(TestArgs *args, const char *devid, + CHSResult expected[], CHSResult expected2[]) { QTestState *qts; char *joined_args; QFWCFG *fw_cfg; QDict *response; int i; + + joined_args = g_strjoinv(" ", args->argv); + + qts = qtest_initf("%s", joined_args); + fw_cfg = pc_fw_cfg_init(qts); + + read_bootdevices(fw_cfg, expected); + + /* unplug device an restart */ + qtest_qmp_device_del_send(qts, devid); + + response = qtest_qmp(qts, + "{ 'execute': 'system_reset', 'arguments': { }}"); + g_assert(response); + g_assert(!qdict_haskey(response, "error")); + qobject_unref(response); + + qtest_qmp_eventwait(qts, "RESET"); + + read_bootdevices(fw_cfg, expected2); + + g_free(joined_args); + qtest_quit(qts); + + g_free(fw_cfg); + + for (i = 0; i < args->n_drives; i++) { + unlink(args->drives[i]); + g_free(args->drives[i]); + } + g_free(args->drives); + g_strfreev(args->argv); + g_free(args); +} + +static void test_override_scsi_hot_unplug(void) +{ TestArgs *args = create_args(); CHSResult expected[] = { {"/pci@i0cf8/scsi@2/channel@0/disk@0,0", {10000, 120, 30} }, @@ -834,51 +873,14 @@ static void test_override_scsi_hot_unplug(void) add_scsi_disk(args, 0, 0, 0, 0, 0, 10000, 120, 30); add_scsi_disk(args, 1, 0, 0, 1, 0, 20, 20, 20); - joined_args = g_strjoinv(" ", args->argv); + args->argc = append_arg(args->argc, args->argv, ARGV_SIZE, + g_strdup("-machine pc")); - qts = qtest_initf("-machine pc %s", joined_args); - fw_cfg = pc_fw_cfg_init(qts); - - read_bootdevices(fw_cfg, expected); - - /* unplug device an restart */ - response = qtest_qmp(qts, - "{ 'execute': 'device_del'," - " 'arguments': {'id': 'scsi-disk0' }}"); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - qobject_unref(response); - response = qtest_qmp(qts, - "{ 'execute': 'system_reset', 'arguments': { }}"); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - qobject_unref(response); - - qtest_qmp_eventwait(qts, "RESET"); - - read_bootdevices(fw_cfg, expected2); - - g_free(joined_args); - qtest_quit(qts); - - g_free(fw_cfg); - - for (i = 0; i < args->n_drives; i++) { - unlink(args->drives[i]); - g_free(args->drives[i]); - } - g_free(args->drives); - g_strfreev(args->argv); - g_free(args); + test_override_hot_unplug(args, "scsi-disk0", expected, expected2); } static void test_override_virtio_hot_unplug(void) { - QTestState *qts; - char *joined_args; - QFWCFG *fw_cfg; - QDict *response; - int i; TestArgs *args = create_args(); CHSResult expected[] = { {"/pci@i0cf8/scsi@2/disk@0,0", {10000, 120, 30} }, @@ -894,42 +896,10 @@ static void test_override_virtio_hot_unplug(void) add_virtio_disk(args, 0, "pci.0", 2, 10000, 120, 30); add_virtio_disk(args, 1, "pci.0", 3, 20, 20, 20); - joined_args = g_strjoinv(" ", args->argv); + args->argc = append_arg(args->argc, args->argv, ARGV_SIZE, + g_strdup("-machine pc")); - qts = qtest_initf("-machine pc %s", joined_args); - fw_cfg = pc_fw_cfg_init(qts); - - read_bootdevices(fw_cfg, expected); - - /* unplug device an restart */ - response = qtest_qmp(qts, - "{ 'execute': 'device_del'," - " 'arguments': {'id': 'virtio-disk0' }}"); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - qobject_unref(response); - response = qtest_qmp(qts, - "{ 'execute': 'system_reset', 'arguments': { }}"); - g_assert(response); - g_assert(!qdict_haskey(response, "error")); - qobject_unref(response); - - qtest_qmp_eventwait(qts, "RESET"); - - read_bootdevices(fw_cfg, expected2); - - g_free(joined_args); - qtest_quit(qts); - - g_free(fw_cfg); - - for (i = 0; i < args->n_drives; i++) { - unlink(args->drives[i]); - g_free(args->drives[i]); - } - g_free(args->drives); - g_strfreev(args->argv); - g_free(args); + test_override_hot_unplug(args, "virtio-disk0", expected, expected2); } int main(int argc, char **argv) From c46b126088b5616d8b7cd3ff83aaf5d097c36633 Mon Sep 17 00:00:00 2001 From: Michael Labiuk Date: Fri, 30 Sep 2022 01:35:42 +0300 Subject: [PATCH 55/96] tests/x86: Add 'q35' machine type to override-tests in hd-geo-test Signed-off-by: Michael Labiuk Message-Id: <20220929223547.1429580-5-michael.labiuk@virtuozzo.com> Signed-off-by: Thomas Huth --- tests/qtest/hd-geo-test.c | 97 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/tests/qtest/hd-geo-test.c b/tests/qtest/hd-geo-test.c index 61f4c24b81..278464c379 100644 --- a/tests/qtest/hd-geo-test.c +++ b/tests/qtest/hd-geo-test.c @@ -741,6 +741,27 @@ static void test_override_ide(void) test_override(args, "pc", expected); } +static void test_override_sata(void) +{ + TestArgs *args = create_args(); + CHSResult expected[] = { + {"/pci@i0cf8/pci8086,2922@1f,2/drive@0/disk@0", {10000, 120, 30} }, + {"/pci@i0cf8/pci8086,2922@1f,2/drive@1/disk@0", {9000, 120, 30} }, + {"/pci@i0cf8/pci8086,2922@1f,2/drive@2/disk@0", {0, 1, 1} }, + {"/pci@i0cf8/pci8086,2922@1f,2/drive@3/disk@0", {1, 0, 0} }, + {NULL, {0, 0, 0} } + }; + add_drive_with_mbr(args, empty_mbr, 1); + add_drive_with_mbr(args, empty_mbr, 1); + add_drive_with_mbr(args, empty_mbr, 1); + add_drive_with_mbr(args, empty_mbr, 1); + add_ide_disk(args, 0, 0, 0, 10000, 120, 30); + add_ide_disk(args, 1, 1, 0, 9000, 120, 30); + add_ide_disk(args, 2, 2, 0, 0, 1, 1); + add_ide_disk(args, 3, 3, 0, 1, 0, 0); + test_override(args, "q35", expected); +} + static void test_override_scsi(void) { TestArgs *args = create_args(); @@ -763,6 +784,42 @@ static void test_override_scsi(void) test_override(args, "pc", expected); } +static void setup_pci_bridge(TestArgs *args, const char *id, const char *rootid) +{ + + char *root, *br; + root = g_strdup_printf("-device pcie-root-port,id=%s", rootid); + br = g_strdup_printf("-device pcie-pci-bridge,bus=%s,id=%s", rootid, id); + + args->argc = append_arg(args->argc, args->argv, ARGV_SIZE, root); + args->argc = append_arg(args->argc, args->argv, ARGV_SIZE, br); +} + +static void test_override_scsi_q35(void) +{ + TestArgs *args = create_args(); + CHSResult expected[] = { + { "/pci@i0cf8/pci-bridge@1/scsi@3/channel@0/disk@0,0", + {10000, 120, 30} + }, + {"/pci@i0cf8/pci-bridge@1/scsi@3/channel@0/disk@1,0", {9000, 120, 30} }, + {"/pci@i0cf8/pci-bridge@1/scsi@3/channel@0/disk@2,0", {1, 0, 0} }, + {"/pci@i0cf8/pci-bridge@1/scsi@3/channel@0/disk@3,0", {0, 1, 0} }, + {NULL, {0, 0, 0} } + }; + add_drive_with_mbr(args, empty_mbr, 1); + add_drive_with_mbr(args, empty_mbr, 1); + add_drive_with_mbr(args, empty_mbr, 1); + add_drive_with_mbr(args, empty_mbr, 1); + setup_pci_bridge(args, "pcie.0", "br"); + add_scsi_controller(args, "lsi53c895a", "br", 3); + add_scsi_disk(args, 0, 0, 0, 0, 0, 10000, 120, 30); + add_scsi_disk(args, 1, 0, 0, 1, 0, 9000, 120, 30); + add_scsi_disk(args, 2, 0, 0, 2, 0, 1, 0, 0); + add_scsi_disk(args, 3, 0, 0, 3, 0, 0, 1, 0); + test_override(args, "q35", expected); +} + static void test_override_scsi_2_controllers(void) { TestArgs *args = create_args(); @@ -801,6 +858,22 @@ static void test_override_virtio_blk(void) test_override(args, "pc", expected); } +static void test_override_virtio_blk_q35(void) +{ + TestArgs *args = create_args(); + CHSResult expected[] = { + {"/pci@i0cf8/pci-bridge@1/scsi@3/disk@0,0", {10000, 120, 30} }, + {"/pci@i0cf8/pci-bridge@1/scsi@4/disk@0,0", {9000, 120, 30} }, + {NULL, {0, 0, 0} } + }; + add_drive_with_mbr(args, empty_mbr, 1); + add_drive_with_mbr(args, empty_mbr, 1); + setup_pci_bridge(args, "pcie.0", "br"); + add_virtio_disk(args, 0, "br", 3, 10000, 120, 30); + add_virtio_disk(args, 1, "br", 4, 9000, 120, 30); + test_override(args, "q35", expected); +} + static void test_override_zero_chs(void) { TestArgs *args = create_args(); @@ -812,6 +885,17 @@ static void test_override_zero_chs(void) test_override(args, "pc", expected); } +static void test_override_zero_chs_q35(void) +{ + TestArgs *args = create_args(); + CHSResult expected[] = { + {NULL, {0, 0, 0} } + }; + add_drive_with_mbr(args, empty_mbr, 1); + add_ide_disk(args, 0, 0, 0, 0, 0, 0); + test_override(args, "q35", expected); +} + static void test_override_hot_unplug(TestArgs *args, const char *devid, CHSResult expected[], CHSResult expected2[]) { @@ -944,6 +1028,19 @@ int main(int argc, char **argv) test_override_scsi_hot_unplug); qtest_add_func("hd-geo/override/virtio_hot_unplug", test_override_virtio_hot_unplug); + + if (qtest_has_machine("q35")) { + qtest_add_func("hd-geo/override/sata", test_override_sata); + qtest_add_func("hd-geo/override/virtio_blk_q35", + test_override_virtio_blk_q35); + qtest_add_func("hd-geo/override/zero_chs_q35", + test_override_zero_chs_q35); + + if (qtest_has_device("lsi53c895a")) { + qtest_add_func("hd-geo/override/scsi_q35", + test_override_scsi_q35); + } + } } else { g_test_message("QTEST_QEMU_IMG not set or qemu-img missing; " "skipping hd-geo/override/* tests"); From a30433dd4f72c446534862ea60d9e01ffdc97dfe Mon Sep 17 00:00:00 2001 From: Michael Labiuk Date: Fri, 30 Sep 2022 01:35:43 +0300 Subject: [PATCH 56/96] tests/x86: Add 'q35' machine type to hotplug hd-geo-test Add pci bridge setting to test hotplug. Duplicate tests for plugging scsi and virtio devices for q35 machine type. Signed-off-by: Michael Labiuk Message-Id: <20220929223547.1429580-6-michael.labiuk@virtuozzo.com> Signed-off-by: Thomas Huth --- tests/qtest/hd-geo-test.c | 76 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 75 insertions(+), 1 deletion(-) diff --git a/tests/qtest/hd-geo-test.c b/tests/qtest/hd-geo-test.c index 278464c379..4a7628077b 100644 --- a/tests/qtest/hd-geo-test.c +++ b/tests/qtest/hd-geo-test.c @@ -963,6 +963,42 @@ static void test_override_scsi_hot_unplug(void) test_override_hot_unplug(args, "scsi-disk0", expected, expected2); } +static void test_override_scsi_hot_unplug_q35(void) +{ + TestArgs *args = create_args(); + CHSResult expected[] = { + { + "/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@2/channel@0/disk@0,0", + {10000, 120, 30} + }, + { + "/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@2/channel@0/disk@1,0", + {20, 20, 20} + }, + {NULL, {0, 0, 0} } + }; + CHSResult expected2[] = { + { + "/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@2/channel@0/disk@1,0", + {20, 20, 20} + }, + {NULL, {0, 0, 0} } + }; + + args->argc = append_arg(args->argc, args->argv, ARGV_SIZE, + g_strdup("-device pcie-root-port,id=p0 " + "-device pcie-pci-bridge,bus=p0,id=b1 " + "-machine q35")); + + add_drive_with_mbr(args, empty_mbr, 1); + add_drive_with_mbr(args, empty_mbr, 1); + add_scsi_controller(args, "virtio-scsi-pci", "b1", 2); + add_scsi_disk(args, 0, 0, 0, 0, 0, 10000, 120, 30); + add_scsi_disk(args, 1, 0, 0, 1, 0, 20, 20, 20); + + test_override_hot_unplug(args, "scsi-disk0", expected, expected2); +} + static void test_override_virtio_hot_unplug(void) { TestArgs *args = create_args(); @@ -986,6 +1022,41 @@ static void test_override_virtio_hot_unplug(void) test_override_hot_unplug(args, "virtio-disk0", expected, expected2); } +static void test_override_virtio_hot_unplug_q35(void) +{ + TestArgs *args = create_args(); + CHSResult expected[] = { + { + "/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@2/disk@0,0", + {10000, 120, 30} + }, + { + "/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@3/disk@0,0", + {20, 20, 20} + }, + {NULL, {0, 0, 0} } + }; + CHSResult expected2[] = { + { + "/pci@i0cf8/pci-bridge@1/pci-bridge@0/scsi@3/disk@0,0", + {20, 20, 20} + }, + {NULL, {0, 0, 0} } + }; + + args->argc = append_arg(args->argc, args->argv, ARGV_SIZE, + g_strdup("-device pcie-root-port,id=p0 " + "-device pcie-pci-bridge,bus=p0,id=b1 " + "-machine q35")); + + add_drive_with_mbr(args, empty_mbr, 1); + add_drive_with_mbr(args, empty_mbr, 1); + add_virtio_disk(args, 0, "b1", 2, 10000, 120, 30); + add_virtio_disk(args, 1, "b1", 3, 20, 20, 20); + + test_override_hot_unplug(args, "virtio-disk0", expected, expected2); +} + int main(int argc, char **argv) { Backend i; @@ -1035,11 +1106,14 @@ int main(int argc, char **argv) test_override_virtio_blk_q35); qtest_add_func("hd-geo/override/zero_chs_q35", test_override_zero_chs_q35); - if (qtest_has_device("lsi53c895a")) { qtest_add_func("hd-geo/override/scsi_q35", test_override_scsi_q35); } + qtest_add_func("hd-geo/override/scsi_hot_unplug_q35", + test_override_scsi_hot_unplug_q35); + qtest_add_func("hd-geo/override/virtio_hot_unplug_q35", + test_override_virtio_hot_unplug_q35); } } else { g_test_message("QTEST_QEMU_IMG not set or qemu-img missing; " From cb06b3d924a97312c2fb89ddcf1c1f347d040aa9 Mon Sep 17 00:00:00 2001 From: Michael Labiuk Date: Fri, 30 Sep 2022 01:35:44 +0300 Subject: [PATCH 57/96] tests/x86: Fix comment typo in drive_del-test Signed-off-by: Michael Labiuk Message-Id: <20220929223547.1429580-7-michael.labiuk@virtuozzo.com> Reviewed-by: Thomas Huth Signed-off-by: Thomas Huth --- tests/qtest/drive_del-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qtest/drive_del-test.c b/tests/qtest/drive_del-test.c index 467e752b0d..44b9578801 100644 --- a/tests/qtest/drive_del-test.c +++ b/tests/qtest/drive_del-test.c @@ -327,7 +327,7 @@ static void test_blockdev_add_device_add_and_del(void) qts = qtest_init(machine_addition); /* - * blockdev_add/device_add and device_del. The it drive is used by a + * blockdev_add/device_add and device_del. The drive is used by a * device that unplugs after reset, but it doesn't go away. */ blockdev_add_with_media(qts); From 5356d752ed9e1115c763b8d470812bb7dd912e54 Mon Sep 17 00:00:00 2001 From: Michael Labiuk Date: Fri, 30 Sep 2022 01:35:45 +0300 Subject: [PATCH 58/96] tests/x86: replace snprint() by g_strdup_printf() in drive_del-test Using g_autofree char* and g_strdup_printf(...) instead of ugly snprintf on stack array. Signed-off-by: Michael Labiuk Message-Id: <20220929223547.1429580-8-michael.labiuk@virtuozzo.com> Reviewed-by: Thomas Huth Signed-off-by: Thomas Huth --- tests/qtest/drive_del-test.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/qtest/drive_del-test.c b/tests/qtest/drive_del-test.c index 44b9578801..106c613f4f 100644 --- a/tests/qtest/drive_del-test.c +++ b/tests/qtest/drive_del-test.c @@ -123,12 +123,10 @@ static const char *qvirtio_get_dev_type(void) static void device_add(QTestState *qts) { - QDict *response; - char driver[32]; - snprintf(driver, sizeof(driver), "virtio-blk-%s", - qvirtio_get_dev_type()); - - response = qtest_qmp(qts, "{'execute': 'device_add'," + g_autofree char *driver = g_strdup_printf("virtio-blk-%s", + qvirtio_get_dev_type()); + QDict *response = + qtest_qmp(qts, "{'execute': 'device_add'," " 'arguments': {" " 'driver': %s," " 'drive': 'drive0'," From eb4440ef3aff1206be8e444db7962123bf85cec2 Mon Sep 17 00:00:00 2001 From: Michael Labiuk Date: Fri, 30 Sep 2022 01:35:46 +0300 Subject: [PATCH 59/96] tests/x86: Add 'q35' machine type to drive_del-test Configure pci bridge setting to run tests on 'q35' machine type. Signed-off-by: Michael Labiuk Message-Id: <20220929223547.1429580-9-michael.labiuk@virtuozzo.com> Reviewed-by: Thomas Huth Signed-off-by: Thomas Huth --- tests/qtest/drive_del-test.c | 107 +++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) diff --git a/tests/qtest/drive_del-test.c b/tests/qtest/drive_del-test.c index 106c613f4f..9a750395a9 100644 --- a/tests/qtest/drive_del-test.c +++ b/tests/qtest/drive_del-test.c @@ -252,6 +252,27 @@ static void test_cli_device_del(void) qtest_quit(qts); } +static void test_cli_device_del_q35(void) +{ + QTestState *qts; + + /* + * -drive/-device and device_del. Start with a drive used by a + * device that unplugs after reset. + */ + qts = qtest_initf("-drive if=none,id=drive0,file=null-co://," + "file.read-zeroes=on,format=raw " + "-machine q35 -device pcie-root-port,id=p1 " + "-device pcie-pci-bridge,bus=p1,id=b1 " + "-device virtio-blk-%s,drive=drive0,bus=b1,id=dev0", + qvirtio_get_dev_type()); + + device_del(qts, true); + g_assert(!has_drive(qts)); + + qtest_quit(qts); +} + static void test_empty_device_del(void) { QTestState *qts; @@ -288,6 +309,43 @@ static void test_device_add_and_del(void) qtest_quit(qts); } +static void device_add_q35(QTestState *qts) +{ + g_autofree char *driver = g_strdup_printf("virtio-blk-%s", + qvirtio_get_dev_type()); + QDict *response = + qtest_qmp(qts, "{'execute': 'device_add'," + " 'arguments': {" + " 'driver': %s," + " 'drive': 'drive0'," + " 'id': 'dev0'," + " 'bus': 'b1'" + "}}", driver); + g_assert(response); + g_assert(qdict_haskey(response, "return")); + qobject_unref(response); +} + +static void test_device_add_and_del_q35(void) +{ + QTestState *qts; + + /* + * -drive/device_add and device_del. Start with a drive used by a + * device that unplugs after reset. + */ + qts = qtest_initf("-machine q35 -device pcie-root-port,id=p1 " + "-device pcie-pci-bridge,bus=p1,id=b1 " + "-drive if=none,id=drive0,file=null-co://," + "file.read-zeroes=on,format=raw"); + + device_add_q35(qts); + device_del(qts, true); + g_assert(!has_drive(qts)); + + qtest_quit(qts); +} + static void test_drive_add_device_add_and_del(void) { QTestState *qts; @@ -312,6 +370,25 @@ static void test_drive_add_device_add_and_del(void) qtest_quit(qts); } +static void test_drive_add_device_add_and_del_q35(void) +{ + QTestState *qts; + + qts = qtest_init("-machine q35 -device pcie-root-port,id=p1 " + "-device pcie-pci-bridge,bus=p1,id=b1"); + + /* + * drive_add/device_add and device_del. The drive is used by a + * device that unplugs after reset. + */ + drive_add_with_media(qts); + device_add_q35(qts); + device_del(qts, true); + g_assert(!has_drive(qts)); + + qtest_quit(qts); +} + static void test_blockdev_add_device_add_and_del(void) { QTestState *qts; @@ -336,6 +413,25 @@ static void test_blockdev_add_device_add_and_del(void) qtest_quit(qts); } +static void test_blockdev_add_device_add_and_del_q35(void) +{ + QTestState *qts; + + qts = qtest_init("-machine q35 -device pcie-root-port,id=p1 " + "-device pcie-pci-bridge,bus=p1,id=b1"); + + /* + * blockdev_add/device_add and device_del. The drive is used by a + * device that unplugs after reset, but it doesn't go away. + */ + blockdev_add_with_media(qts); + device_add_q35(qts); + device_del(qts, true); + g_assert(has_blockdev(qts)); + + qtest_quit(qts); +} + int main(int argc, char **argv) { g_test_init(&argc, &argv, NULL); @@ -357,6 +453,17 @@ int main(int argc, char **argv) test_empty_device_del); qtest_add_func("/device_del/blockdev", test_blockdev_add_device_add_and_del); + + if (qtest_has_machine("q35")) { + qtest_add_func("/device_del/drive/cli_device_q35", + test_cli_device_del_q35); + qtest_add_func("/device_del/drive/device_add_q35", + test_device_add_and_del_q35); + qtest_add_func("/device_del/drive/drive_add_device_add_q35", + test_drive_add_device_add_and_del_q35); + qtest_add_func("/device_del/blockdev_q35", + test_blockdev_add_device_add_and_del_q35); + } } return g_test_run(); From 46d11f9d77b0c0f01fc6f78b2b8e5386abd03209 Mon Sep 17 00:00:00 2001 From: Michael Labiuk Date: Fri, 30 Sep 2022 01:35:47 +0300 Subject: [PATCH 60/96] tests/x86: Add 'q35' machine type to ivshmem-test Configure pci bridge setting to test ivshmem on 'q35'. Signed-off-by: Michael Labiuk Message-Id: <20220929223547.1429580-10-michael.labiuk@virtuozzo.com> Reviewed-by: Thomas Huth Signed-off-by: Thomas Huth --- tests/qtest/ivshmem-test.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/qtest/ivshmem-test.c b/tests/qtest/ivshmem-test.c index 9611d05eb5..cd550c8935 100644 --- a/tests/qtest/ivshmem-test.c +++ b/tests/qtest/ivshmem-test.c @@ -378,6 +378,20 @@ static void test_ivshmem_server(void) close(thread.pipe[0]); } +static void test_ivshmem_hotplug_q35(void) +{ + QTestState *qts = qtest_init("-object memory-backend-ram,size=1M,id=mb1 " + "-device pcie-root-port,id=p1 " + "-device pcie-pci-bridge,bus=p1,id=b1 " + "-machine q35"); + + qtest_qmp_device_add(qts, "ivshmem-plain", "iv1", + "{'memdev': 'mb1', 'bus': 'b1'}"); + qtest_qmp_device_del_send(qts, "iv1"); + + qtest_quit(qts); +} + #define PCI_SLOT_HP 0x06 static void test_ivshmem_hotplug(void) @@ -469,6 +483,7 @@ int main(int argc, char **argv) { int ret, fd; gchar dir[] = "/tmp/ivshmem-test.XXXXXX"; + const char *arch = qtest_get_arch(); g_test_init(&argc, &argv, NULL); @@ -494,6 +509,9 @@ int main(int argc, char **argv) qtest_add_func("/ivshmem/pair", test_ivshmem_pair); qtest_add_func("/ivshmem/server", test_ivshmem_server); } + if (!strcmp(arch, "x86_64") && qtest_has_machine("q35")) { + qtest_add_func("/ivshmem/hotplug-q35", test_ivshmem_hotplug_q35); + } out: ret = g_test_run(); From d307040b18bfcb1393b910f1bae753d5c12a4dc7 Mon Sep 17 00:00:00 2001 From: Mauro Matteo Cascella Date: Sun, 25 Sep 2022 22:45:11 +0200 Subject: [PATCH 61/96] ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext Extended ClientCutText messages start with a 4-byte header. If len < 4, an integer underflow occurs in vnc_client_cut_text_ext. The result is used to decompress data in a while loop in inflate_buffer, leading to CPU consumption and denial of service. Prevent this by checking dlen in protocol_client_msg. Fixes: CVE-2022-3165 Fixes: 0bf41cab93e5 ("ui/vnc: clipboard support") Reported-by: TangPeng Signed-off-by: Mauro Matteo Cascella Message-Id: <20220925204511.1103214-1-mcascell@redhat.com> Signed-off-by: Gerd Hoffmann --- ui/vnc.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ui/vnc.c b/ui/vnc.c index 6a05d06147..acb3629cd8 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2442,8 +2442,8 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) if (len == 1) { return 8; } + uint32_t dlen = abs(read_s32(data, 4)); if (len == 8) { - uint32_t dlen = abs(read_s32(data, 4)); if (dlen > (1 << 20)) { error_report("vnc: client_cut_text msg payload has %u bytes" " which exceeds our limit of 1MB.", dlen); @@ -2456,8 +2456,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) } if (read_s32(data, 4) < 0) { - vnc_client_cut_text_ext(vs, abs(read_s32(data, 4)), - read_u32(data, 8), data + 12); + if (dlen < 4) { + error_report("vnc: malformed payload (header less than 4 bytes)" + " in extended clipboard pseudo-encoding."); + vnc_client_error(vs); + break; + } + vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12); break; } vnc_client_cut_text(vs, read_u32(data, 4), data + 8); From 604a86895feb6639417fe957dfc95191f7f63565 Mon Sep 17 00:00:00 2001 From: Dongwon Kim Date: Wed, 28 Sep 2022 14:58:05 -0700 Subject: [PATCH 62/96] ui/gtk-egl: egl context needs to be unbound in the end of gd_egl_switch A thread often fails to bind an egl context to itself after guest VM is rebooted because the context is still owned by another thread. It is not very clear what condition makes this happen but this can be prevented by unbinding the context from the thread in the end of gd_egl_switch. Cc: Gerd Hoffmann Signed-off-by: Dongwon Kim Message-Id: <20220928215805.4661-1-dongwon.kim@intel.com> Signed-off-by: Gerd Hoffmann --- ui/gtk-egl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c index b5bffbab25..35f917ceb1 100644 --- a/ui/gtk-egl.c +++ b/ui/gtk-egl.c @@ -195,6 +195,9 @@ void gd_egl_switch(DisplayChangeListener *dcl, if (resized) { gd_update_windowsize(vc); } + + eglMakeCurrent(qemu_egl_display, EGL_NO_SURFACE, EGL_NO_SURFACE, + EGL_NO_CONTEXT); } QEMUGLContext gd_egl_create_context(DisplayGLCtx *dgc, From 0793fe014c4fc8649288044cd81024482b197cfc Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Sat, 1 Oct 2022 20:52:24 +0100 Subject: [PATCH 63/96] tests/avocado: Add missing require_netdev('user') checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some avocado tests fail if QEMU was built without libslirp. Add require_netdev('user') checks where necessary: These tests try to ping 10.0.2.2 and expect it to succeed: boot_linux_console.py:BootLinuxConsole.test_arm_emcraft_sf2 boot_linux_console.py:BootLinuxConsole.test_arm_orangepi_sd ppc_bamboo.py:BambooMachine.test_ppc_bamboo These tests run a commandline that includes '-net user': machine_aspeed.py:AST2x00Machine.test_arm_ast2500_evb_builroot (and others that use the do_test_arm_aspeed_buidroot_start() or do_test_arm_aspeed_sdk_start() helper functions) These changes seem to be sufficient for 'make check-avocado' to not fail on a --disable-slirp build. Signed-off-by: Peter Maydell Message-Id: <20221001195224.2453581-1-peter.maydell@linaro.org> Reviewed-by: Thomas Huth Reviewed-by: Alex Bennée Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Thomas Huth --- tests/avocado/boot_linux_console.py | 4 ++++ tests/avocado/machine_aspeed.py | 3 +++ tests/avocado/ppc_bamboo.py | 1 + 3 files changed, 8 insertions(+) diff --git a/tests/avocado/boot_linux_console.py b/tests/avocado/boot_linux_console.py index f26e036ab5..ca9d09b0d7 100644 --- a/tests/avocado/boot_linux_console.py +++ b/tests/avocado/boot_linux_console.py @@ -381,6 +381,8 @@ class BootLinuxConsole(LinuxKernelTest): :avocado: tags=u-boot :avocado: tags=accel:tcg """ + self.require_netdev('user') + uboot_url = ('https://raw.githubusercontent.com/' 'Subbaraya-Sundeep/qemu-test-binaries/' 'fe371d32e50ca682391e1e70ab98c2942aeffb01/u-boot') @@ -779,6 +781,8 @@ class BootLinuxConsole(LinuxKernelTest): :avocado: tags=machine:orangepi-pc :avocado: tags=device:sd """ + self.require_netdev('user') + deb_url = ('https://apt.armbian.com/pool/main/l/' 'linux-5.10.16-sunxi/linux-image-current-sunxi_21.02.2_armhf.deb') deb_hash = '9fa84beda245cabf0b4fa84cf6eaa7738ead1da0' diff --git a/tests/avocado/machine_aspeed.py b/tests/avocado/machine_aspeed.py index 0f64eb636c..124649a24b 100644 --- a/tests/avocado/machine_aspeed.py +++ b/tests/avocado/machine_aspeed.py @@ -93,6 +93,8 @@ class AST2x00Machine(QemuSystemTest): self.do_test_arm_aspeed(image_path) def do_test_arm_aspeed_buidroot_start(self, image, cpu_id): + self.require_netdev('user') + self.vm.set_console() self.vm.add_args('-drive', 'file=' + image + ',if=mtd,format=raw', '-net', 'nic', '-net', 'user') @@ -193,6 +195,7 @@ class AST2x00MachineSDK(QemuSystemTest): vm=vm) def do_test_arm_aspeed_sdk_start(self, image, cpu_id): + self.require_netdev('user') self.vm.set_console() self.vm.add_args('-drive', 'file=' + image + ',if=mtd,format=raw', '-net', 'nic', '-net', 'user') diff --git a/tests/avocado/ppc_bamboo.py b/tests/avocado/ppc_bamboo.py index 102ff252df..a81be3d608 100644 --- a/tests/avocado/ppc_bamboo.py +++ b/tests/avocado/ppc_bamboo.py @@ -23,6 +23,7 @@ class BambooMachine(QemuSystemTest): :avocado: tags=accel:tcg """ self.require_accelerator("tcg") + self.require_netdev('user') tar_url = ('http://landley.net/aboriginal/downloads/binaries/' 'system-image-powerpc-440fp.tar.gz') tar_hash = '53e5f16414b195b82d2c70272f81c2eedb39bad9' From f57559891d9527627747d36cbdc7def0e278c5ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 6 Oct 2022 17:05:13 +0400 Subject: [PATCH 64/96] qtest: start a VNC test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is some of the simplest test we could perform, it simply connects to the VNC server via passed-in socket FDs and checks the connection can be established. Another series will make this test work on Windows as well. As always, more tests can be added later! :) Signed-off-by: Marc-André Lureau Message-Id: <20221006130513.2683873-1-marcandre.lureau@redhat.com> Signed-off-by: Thomas Huth --- tests/qtest/meson.build | 8 ++- tests/qtest/vnc-display-test.c | 103 +++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 tests/qtest/vnc-display-test.c diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index 455f1bbb7e..c07a5b1a5f 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -306,8 +306,14 @@ qtests = { 'vmgenid-test': files('boot-sector.c', 'acpi-utils.c'), } +gvnc = dependency('gvnc-1.0', required: false) +if gvnc.found() + qtests += {'vnc-display-test': [gvnc]} + qtests_generic += [ 'vnc-display-test' ] +endif + if dbus_display -qtests += {'dbus-display-test': [dbus_display1, gio]} + qtests += {'dbus-display-test': [dbus_display1, gio]} endif qtest_executables = {} diff --git a/tests/qtest/vnc-display-test.c b/tests/qtest/vnc-display-test.c new file mode 100644 index 0000000000..e2a9d682bb --- /dev/null +++ b/tests/qtest/vnc-display-test.c @@ -0,0 +1,103 @@ +/* + * VNC display tests + * + * Copyright (c) 2022 Red Hat, Inc. + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "qemu/sockets.h" +#include "libqtest.h" +#include +#include + +typedef struct Test { + QTestState *qts; + VncConnection *conn; + GMainLoop *loop; +} Test; + +static void on_vnc_error(VncConnection* self, + const char* msg) +{ + g_error("vnc-error: %s", msg); +} + +static void on_vnc_auth_failure(VncConnection *self, + const char *msg) +{ + g_error("vnc-auth-failure: %s", msg); +} + +static bool +test_setup(Test *test) +{ +#ifdef WIN32 + g_test_skip("Not supported on Windows yet"); + return false; +#else + int pair[2]; + + test->qts = qtest_init("-vnc none -name vnc-test"); + + g_assert_cmpint(qemu_socketpair(AF_UNIX, SOCK_STREAM, 0, pair), ==, 0); + + qtest_qmp_add_client(test->qts, "vnc", pair[1]); + + test->conn = vnc_connection_new(); + g_signal_connect(test->conn, "vnc-error", + G_CALLBACK(on_vnc_error), NULL); + g_signal_connect(test->conn, "vnc-auth-failure", + G_CALLBACK(on_vnc_auth_failure), NULL); + vnc_connection_set_auth_type(test->conn, VNC_CONNECTION_AUTH_NONE); + vnc_connection_open_fd(test->conn, pair[0]); + + test->loop = g_main_loop_new(NULL, FALSE); + return true; +#endif +} + +static void +test_vnc_basic_on_vnc_initialized(VncConnection *self, + Test *test) +{ + const char *name = vnc_connection_get_name(test->conn); + + g_assert_cmpstr(name, ==, "QEMU (vnc-test)"); + g_main_loop_quit(test->loop); +} + +static void +test_vnc_basic(void) +{ + Test test; + + if (!test_setup(&test)) { + return; + } + + g_signal_connect(test.conn, "vnc-initialized", + G_CALLBACK(test_vnc_basic_on_vnc_initialized), &test); + + g_main_loop_run(test.loop); + + qtest_quit(test.qts); + g_object_unref(test.conn); + g_main_loop_unref(test.loop); +} + +int +main(int argc, char **argv) +{ + if (getenv("GTK_VNC_DEBUG")) { + vnc_util_set_debug(true); + } + + g_test_init(&argc, &argv, NULL); + + qtest_add_func("/vnc-display/basic", test_vnc_basic); + + return g_test_run(); +} From e5553c1b8d28fde6b69dc9e6ac148515d361a86c Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Thu, 6 Oct 2022 23:19:13 +0800 Subject: [PATCH 65/96] tests/qtest: migration-test: Avoid using hardcoded /tmp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This case was written to use hardcoded /tmp directory for temporary files. Update to use g_dir_make_tmp() for a portable implementation. Signed-off-by: Bin Meng Reviewed-by: Marc-André Lureau Message-Id: <20221006151927.2079583-5-bmeng.cn@gmail.com> Signed-off-by: Thomas Huth --- tests/qtest/migration-test.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/qtest/migration-test.c b/tests/qtest/migration-test.c index 0d153d6b5e..ef4427ff4d 100644 --- a/tests/qtest/migration-test.c +++ b/tests/qtest/migration-test.c @@ -102,7 +102,7 @@ static bool ufd_version_check(void) #endif -static const char *tmpfs; +static char *tmpfs; /* The boot file modifies memory area in [start_address, end_address) * repeatedly. It outputs a 'B' at a fixed rate while it's still running. @@ -2451,10 +2451,10 @@ static bool kvm_dirty_ring_supported(void) int main(int argc, char **argv) { - char template[] = "/tmp/migration-test-XXXXXX"; const bool has_kvm = qtest_has_accel("kvm"); const bool has_uffd = ufd_version_check(); const char *arch = qtest_get_arch(); + g_autoptr(GError) err = NULL; int ret; g_test_init(&argc, &argv, NULL); @@ -2479,9 +2479,10 @@ int main(int argc, char **argv) return g_test_run(); } - tmpfs = g_mkdtemp(template); + tmpfs = g_dir_make_tmp("migration-test-XXXXXX", &err); if (!tmpfs) { - g_test_message("g_mkdtemp on path (%s): %s", template, strerror(errno)); + g_test_message("g_dir_make_tmp on path (%s): %s", tmpfs, + err->message); } g_assert(tmpfs); @@ -2612,6 +2613,7 @@ int main(int argc, char **argv) g_test_message("unable to rmdir: path (%s): %s", tmpfs, strerror(errno)); } + g_free(tmpfs); return ret; } From 969d1f6e13fd34350b4b3fa72184e050ba77cd1c Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Thu, 6 Oct 2022 23:19:19 +0800 Subject: [PATCH 66/96] tests/qtest: libqtest: Install signal handler via signal() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit At present the codes uses sigaction() to install signal handler with a flag SA_RESETHAND. Such usage can be covered by the signal() API that is a simplified interface to the general sigaction() facility. Update to use signal() to install the signal handler, as it is available on Windows which we are going to support. Signed-off-by: Bin Meng Reviewed-by: Marc-André Lureau Message-Id: <20221006151927.2079583-11-bmeng.cn@gmail.com> Signed-off-by: Thomas Huth --- tests/qtest/libqtest.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c index 7b6152807b..b23eb3edc3 100644 --- a/tests/qtest/libqtest.c +++ b/tests/qtest/libqtest.c @@ -66,7 +66,7 @@ struct QTestState }; static GHookList abrt_hooks; -static struct sigaction sigact_old; +static void (*sighandler_old)(int); static int qtest_query_target_endianness(QTestState *s); @@ -179,20 +179,12 @@ static void sigabrt_handler(int signo) static void setup_sigabrt_handler(void) { - struct sigaction sigact; - - /* Catch SIGABRT to clean up on g_assert() failure */ - sigact = (struct sigaction){ - .sa_handler = sigabrt_handler, - .sa_flags = SA_RESETHAND, - }; - sigemptyset(&sigact.sa_mask); - sigaction(SIGABRT, &sigact, &sigact_old); + sighandler_old = signal(SIGABRT, sigabrt_handler); } static void cleanup_sigabrt_handler(void) { - sigaction(SIGABRT, &sigact_old, NULL); + signal(SIGABRT, sighandler_old); } static bool hook_list_is_empty(GHookList *hook_list) From 2fba4e9c4938406fa676bfd3566e416e095cf93a Mon Sep 17 00:00:00 2001 From: lu zhipeng Date: Thu, 29 Sep 2022 20:23:52 +0800 Subject: [PATCH 67/96] cirrus_vga: fix potential memory overflow Signed-off-by: lu zhipeng Message-Id: <20220929122352.1891-1-luzhipeng@cestc.cn> Signed-off-by: Gerd Hoffmann --- hw/display/cirrus_vga.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c index 3bb6a58698..2577005d03 100644 --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c @@ -834,7 +834,7 @@ static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s) word alignment, so we keep them for the next line */ /* XXX: keep alignment to speed up transfer */ end_ptr = s->cirrus_bltbuf + s->cirrus_blt_srcpitch; - copy_count = s->cirrus_srcptr_end - end_ptr; + copy_count = MIN(s->cirrus_srcptr_end - end_ptr, CIRRUS_BLTBUFSIZE); memmove(s->cirrus_bltbuf, end_ptr, copy_count); s->cirrus_srcptr = s->cirrus_bltbuf + copy_count; s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch; From 23b45173faf37b13d2f6ae77353b7b27e7abf8e1 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 30 Sep 2022 15:32:20 +0200 Subject: [PATCH 68/96] docs: add firmware feature flags Add new firmware feature flags for the recently added confidential computing operating modes by amd and intel. While being at it also fix the path to the amd sev documentation. Signed-off-by: Gerd Hoffmann Reviewed-by: Kashyap Chamarthy Message-Id: <20220930133220.1771336-1-kraxel@redhat.com> --- docs/interop/firmware.json | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/docs/interop/firmware.json b/docs/interop/firmware.json index 4e049b1c7c..56814f02b3 100644 --- a/docs/interop/firmware.json +++ b/docs/interop/firmware.json @@ -113,13 +113,22 @@ # Virtualization, as specified in the AMD64 Architecture # Programmer's Manual. QEMU command line options related to # this feature are documented in -# "docs/amd-memory-encryption.txt". +# "docs/system/i386/amd-memory-encryption.rst". # # @amd-sev-es: The firmware supports running under AMD Secure Encrypted # Virtualization - Encrypted State, as specified in the AMD64 # Architecture Programmer's Manual. QEMU command line options # related to this feature are documented in -# "docs/amd-memory-encryption.txt". +# "docs/system/i386/amd-memory-encryption.rst". +# +# @amd-sev-snp: The firmware supports running under AMD Secure Encrypted +# Virtualization - Secure Nested Paging, as specified in the +# AMD64 Architecture Programmer's Manual. QEMU command line +# options related to this feature are documented in +# "docs/system/i386/amd-memory-encryption.rst". +# +# @intel-tdx: The firmware supports running under Intel Trust Domain +# Extensions (TDX). # # @enrolled-keys: The variable store (NVRAM) template associated with # the firmware binary has the UEFI Secure Boot @@ -185,9 +194,11 @@ # Since: 3.0 ## { 'enum' : 'FirmwareFeature', - 'data' : [ 'acpi-s3', 'acpi-s4', 'amd-sev', 'amd-sev-es', 'enrolled-keys', - 'requires-smm', 'secure-boot', 'verbose-dynamic', - 'verbose-static' ] } + 'data' : [ 'acpi-s3', 'acpi-s4', + 'amd-sev', 'amd-sev-es', 'amd-sev-snp', + 'intel-tdx', + 'enrolled-keys', 'requires-smm', 'secure-boot', + 'verbose-dynamic', 'verbose-static' ] } ## # @FirmwareFlashFile: From c82190fa1ba738b66513cf8869f25d45b1061ac6 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 4 Oct 2022 13:20:56 +0200 Subject: [PATCH 69/96] pci-ids: drop PCI_DEVICE_ID_VIRTIO_IOMMU Not needed for a virtio 1.0 device. virtio_pci_device_plugged() overrides them anyway (so no functional change). Signed-off-by: Gerd Hoffmann Reviewed-by: Eric Auger Tested-by: Eric Auger Message-Id: <20221004112100.301935-2-kraxel@redhat.com> --- hw/virtio/virtio-iommu-pci.c | 4 +--- include/hw/pci/pci.h | 1 - 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/hw/virtio/virtio-iommu-pci.c b/hw/virtio/virtio-iommu-pci.c index 844d647704..79ea8334f0 100644 --- a/hw/virtio/virtio-iommu-pci.c +++ b/hw/virtio/virtio-iommu-pci.c @@ -74,8 +74,6 @@ static void virtio_iommu_pci_class_init(ObjectClass *klass, void *data) k->realize = virtio_iommu_pci_realize; set_bit(DEVICE_CATEGORY_MISC, dc->categories); device_class_set_props(dc, virtio_iommu_pci_properties); - pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET; - pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_IOMMU; pcidev_k->revision = VIRTIO_PCI_ABI_VERSION; pcidev_k->class_id = PCI_CLASS_OTHERS; dc->hotpluggable = false; @@ -90,7 +88,7 @@ static void virtio_iommu_pci_instance_init(Object *obj) } static const VirtioPCIDeviceTypeInfo virtio_iommu_pci_info = { - .generic_name = TYPE_VIRTIO_IOMMU_PCI, + .generic_name = TYPE_VIRTIO_IOMMU_PCI, .instance_size = sizeof(VirtIOIOMMUPCI), .instance_init = virtio_iommu_pci_instance_init, .class_init = virtio_iommu_pci_class_init, diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h index b54b6ef88f..89eaca4293 100644 --- a/include/hw/pci/pci.h +++ b/include/hw/pci/pci.h @@ -85,7 +85,6 @@ extern bool pci_available; #define PCI_DEVICE_ID_VIRTIO_9P 0x1009 #define PCI_DEVICE_ID_VIRTIO_VSOCK 0x1012 #define PCI_DEVICE_ID_VIRTIO_PMEM 0x1013 -#define PCI_DEVICE_ID_VIRTIO_IOMMU 0x1014 #define PCI_DEVICE_ID_VIRTIO_MEM 0x1015 #define PCI_VENDOR_ID_REDHAT 0x1b36 From 58de96e2ebc4977e3d0a042946a70a3e4bdde4ba Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 4 Oct 2022 13:20:57 +0200 Subject: [PATCH 70/96] pci-ids: drop PCI_DEVICE_ID_VIRTIO_MEM Not needed for a virtio 1.0 device. virtio_pci_device_plugged() overrides them anyway (so no functional change). Signed-off-by: Gerd Hoffmann Reviewed-by: David Hildenbrand Message-Id: <20221004112100.301935-3-kraxel@redhat.com> --- hw/virtio/virtio-mem-pci.c | 2 -- include/hw/pci/pci.h | 1 - 2 files changed, 3 deletions(-) diff --git a/hw/virtio/virtio-mem-pci.c b/hw/virtio/virtio-mem-pci.c index be2383b0c5..5c5c1e3ae3 100644 --- a/hw/virtio/virtio-mem-pci.c +++ b/hw/virtio/virtio-mem-pci.c @@ -104,8 +104,6 @@ static void virtio_mem_pci_class_init(ObjectClass *klass, void *data) k->realize = virtio_mem_pci_realize; set_bit(DEVICE_CATEGORY_MISC, dc->categories); - pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET; - pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_MEM; pcidev_k->revision = VIRTIO_PCI_ABI_VERSION; pcidev_k->class_id = PCI_CLASS_OTHERS; diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h index 89eaca4293..b6aefb33fb 100644 --- a/include/hw/pci/pci.h +++ b/include/hw/pci/pci.h @@ -85,7 +85,6 @@ extern bool pci_available; #define PCI_DEVICE_ID_VIRTIO_9P 0x1009 #define PCI_DEVICE_ID_VIRTIO_VSOCK 0x1012 #define PCI_DEVICE_ID_VIRTIO_PMEM 0x1013 -#define PCI_DEVICE_ID_VIRTIO_MEM 0x1015 #define PCI_VENDOR_ID_REDHAT 0x1b36 #define PCI_DEVICE_ID_REDHAT_BRIDGE 0x0001 From cbd56573f769f8ebefd6a1241169a101ca639f85 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 4 Oct 2022 13:20:58 +0200 Subject: [PATCH 71/96] pci-ids: drop PCI_DEVICE_ID_VIRTIO_PMEM Not needed for a virtio 1.0 device. virtio_pci_device_plugged() overrides them anyway (so no functional change). Signed-off-by: Gerd Hoffmann Reviewed-by: David Hildenbrand Reviewed-by: Pankaj Gupta Tested-by: Pankaj Gupta Message-Id: <20221004112100.301935-4-kraxel@redhat.com> --- hw/virtio/virtio-pmem-pci.c | 2 -- include/hw/pci/pci.h | 1 - 2 files changed, 3 deletions(-) diff --git a/hw/virtio/virtio-pmem-pci.c b/hw/virtio/virtio-pmem-pci.c index 2b2a0b1eae..7d9f4ec189 100644 --- a/hw/virtio/virtio-pmem-pci.c +++ b/hw/virtio/virtio-pmem-pci.c @@ -90,8 +90,6 @@ static void virtio_pmem_pci_class_init(ObjectClass *klass, void *data) k->realize = virtio_pmem_pci_realize; set_bit(DEVICE_CATEGORY_MISC, dc->categories); - pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET; - pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_PMEM; pcidev_k->revision = VIRTIO_PCI_ABI_VERSION; pcidev_k->class_id = PCI_CLASS_OTHERS; diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h index b6aefb33fb..42c83cb5ed 100644 --- a/include/hw/pci/pci.h +++ b/include/hw/pci/pci.h @@ -84,7 +84,6 @@ extern bool pci_available; #define PCI_DEVICE_ID_VIRTIO_RNG 0x1005 #define PCI_DEVICE_ID_VIRTIO_9P 0x1009 #define PCI_DEVICE_ID_VIRTIO_VSOCK 0x1012 -#define PCI_DEVICE_ID_VIRTIO_PMEM 0x1013 #define PCI_VENDOR_ID_REDHAT 0x1b36 #define PCI_DEVICE_ID_REDHAT_BRIDGE 0x0001 From 55f01e76a305df90fe6b8f02dbeb88a2d7a04f97 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 4 Oct 2022 13:20:59 +0200 Subject: [PATCH 72/96] pci-ids: drop list of modern virtio devices Drop the list of modern virtio devices and explain how they are calculated instead. Signed-off-by: Gerd Hoffmann Reviewed-by: Eric Auger Message-Id: <20221004112100.301935-5-kraxel@redhat.com> --- docs/specs/pci-ids.txt | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/docs/specs/pci-ids.txt b/docs/specs/pci-ids.txt index dd6859d039..e463c4cb3a 100644 --- a/docs/specs/pci-ids.txt +++ b/docs/specs/pci-ids.txt @@ -22,16 +22,14 @@ maintained as part of the virtio specification. 1af4:1004 SCSI host bus adapter device (legacy) 1af4:1005 entropy generator device (legacy) 1af4:1009 9p filesystem device (legacy) +1af4:1012 vsock device (bug compatibility) -1af4:1041 network device (modern) -1af4:1042 block device (modern) -1af4:1043 console device (modern) -1af4:1044 entropy generator device (modern) -1af4:1045 balloon device (modern) -1af4:1048 SCSI host bus adapter device (modern) -1af4:1049 9p filesystem device (modern) -1af4:1050 virtio gpu device (modern) -1af4:1052 virtio input device (modern) +1af4:1040 Start of ID range for modern virtio devices. The PCI device + to ID is calculated from the virtio device ID by adding the +1af4:10ef 0x1040 offset. The virtio IDs are defined in the virtio + specification. The Linux kernel has a header file with + defines for all virtio IDs (linux/virtio_ids.h), qemu has a + copy in include/standard-headers/. 1af4:10f0 Available for experimental usage without registration. Must get to official ID when the code leaves the test lab (i.e. when seeking From 0468fe82d32e99b6d84085e76d1e946bbe1e80ac Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 4 Oct 2022 13:21:00 +0200 Subject: [PATCH 73/96] pci-ids: document modern virtio-pci ids in pci.h too While being at it add a #define for the magic 0x1040 number. Signed-off-by: Gerd Hoffmann Reviewed-by: Eric Auger Message-Id: <20221004112100.301935-6-kraxel@redhat.com> --- hw/virtio/virtio-pci.c | 2 +- include/hw/pci/pci.h | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index a50c5a57d7..e7d80242b7 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -1688,7 +1688,7 @@ static void virtio_pci_device_plugged(DeviceState *d, Error **errp) pci_set_word(config + PCI_VENDOR_ID, PCI_VENDOR_ID_REDHAT_QUMRANET); pci_set_word(config + PCI_DEVICE_ID, - 0x1040 + virtio_bus_get_vdev_id(bus)); + PCI_DEVICE_ID_VIRTIO_10_BASE + virtio_bus_get_vdev_id(bus)); pci_config_set_revision(config, 1); } config[PCI_INTERRUPT_PIN] = 1; diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h index 42c83cb5ed..d1ac308574 100644 --- a/include/hw/pci/pci.h +++ b/include/hw/pci/pci.h @@ -76,6 +76,7 @@ extern bool pci_available; #define PCI_SUBVENDOR_ID_REDHAT_QUMRANET 0x1af4 #define PCI_SUBDEVICE_ID_QEMU 0x1100 +/* legacy virtio-pci devices */ #define PCI_DEVICE_ID_VIRTIO_NET 0x1000 #define PCI_DEVICE_ID_VIRTIO_BLOCK 0x1001 #define PCI_DEVICE_ID_VIRTIO_BALLOON 0x1002 @@ -85,6 +86,15 @@ extern bool pci_available; #define PCI_DEVICE_ID_VIRTIO_9P 0x1009 #define PCI_DEVICE_ID_VIRTIO_VSOCK 0x1012 +/* + * modern virtio-pci devices get their id assigned automatically, + * there is no need to add #defines here. It gets calculated as + * + * PCI_DEVICE_ID = PCI_DEVICE_ID_VIRTIO_10_BASE + + * virtio_bus_get_vdev_id(bus) + */ +#define PCI_DEVICE_ID_VIRTIO_10_BASE 0x1040 + #define PCI_VENDOR_ID_REDHAT 0x1b36 #define PCI_DEVICE_ID_REDHAT_BRIDGE 0x0001 #define PCI_DEVICE_ID_REDHAT_SERIAL 0x0002 From 8af5f82b90cc860d79171ade228ccea59c7f525e Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sat, 8 Oct 2022 23:01:16 +0900 Subject: [PATCH 74/96] ui/gtk: Fix the implicit mouse ungrabbing logic Although the grab menu item represents the tabbed displays, the old implicit mouse ungrabbing logic changes the grab menu item even for an untabbed display. Leave the grab menu item when implicitly ungrabbing mouse for an untabbed display. The new ungrabbing logic introduced in gd_mouse_mode_change() strictly follows the corresponding grabbing logic found in gd_button_event(). Signed-off-by: Akihiko Odaki Message-Id: <20221008140116.11473-1-akihiko.odaki@daynix.com> Signed-off-by: Gerd Hoffmann --- ui/gtk.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/ui/gtk.c b/ui/gtk.c index 1467b8c7d7..6fc2e23963 100644 --- a/ui/gtk.c +++ b/ui/gtk.c @@ -681,9 +681,13 @@ static void gd_mouse_mode_change(Notifier *notify, void *data) s = container_of(notify, GtkDisplayState, mouse_mode_notifier); /* release the grab at switching to absolute mode */ - if (qemu_input_is_absolute() && gd_is_grab_active(s)) { - gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(s->grab_item), - FALSE); + if (qemu_input_is_absolute() && s->ptr_owner) { + if (!s->ptr_owner->window) { + gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(s->grab_item), + FALSE); + } else { + gd_ungrab_pointer(s); + } } for (i = 0; i < s->nb_vcs; i++) { VirtualConsole *vc = &s->vc[i]; From 04c92d2654b130fd29597a57ae2d71e70895bf2b Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Wed, 12 Oct 2022 10:56:01 +0200 Subject: [PATCH 75/96] tests/unit/test-image-locking: Fix handling of temporary files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit test-image-locking leaves some temporary files around - clean them up. While we're at it, test-image-locking is a unit test, so it should not use "qtest.*" for temporary file names. Give them better names instead, so that it clear where the temporary files come from. Message-Id: <20221012085932.799221-1-thuth@redhat.com> Reviewed-by: Marc-André Lureau Signed-off-by: Thomas Huth --- tests/unit/test-image-locking.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/unit/test-image-locking.c b/tests/unit/test-image-locking.c index a47299c247..2624cec6a0 100644 --- a/tests/unit/test-image-locking.c +++ b/tests/unit/test-image-locking.c @@ -79,7 +79,7 @@ static void test_image_locking_basic(void) g_autofree char *img_path = NULL; uint64_t perm, shared_perm; - int fd = g_file_open_tmp("qtest.XXXXXX", &img_path, NULL); + int fd = g_file_open_tmp("qemu-tst-img-lock.XXXXXX", &img_path, NULL); assert(fd >= 0); perm = BLK_PERM_WRITE | BLK_PERM_CONSISTENT_READ; @@ -120,7 +120,7 @@ static void test_set_perm_abort(void) g_autofree char *img_path = NULL; uint64_t perm, shared_perm; int r; - int fd = g_file_open_tmp("qtest.XXXXXX", &img_path, NULL); + int fd = g_file_open_tmp("qemu-tst-img-lock.XXXXXX", &img_path, NULL); assert(fd >= 0); perm = BLK_PERM_WRITE | BLK_PERM_CONSISTENT_READ; @@ -140,6 +140,8 @@ static void test_set_perm_abort(void) check_locked_bytes(fd, perm, ~shared_perm); blk_unref(blk1); blk_unref(blk2); + close(fd); + unlink(img_path); } int main(int argc, char **argv) From 82a628f887409f8a863482627c6d6ea6f208d3b2 Mon Sep 17 00:00:00 2001 From: Sebastian Mitterle Date: Tue, 11 Oct 2022 17:12:16 +0200 Subject: [PATCH 76/96] qemu-edid: Restrict input parameter -d to avoid division by zero A zero value for dpi will lead to a division by zero in qemu_edid_dpi_to_mm(). Tested by runnig qemu-edid -dX, X = 0, 100. Resolves: qemu-project/qemu#1249 Suggested-by: Thomas Huth Signed-off-by: Sebastian Mitterle Message-Id: <20221011151216.64897-1-smitterl@redhat.com> Signed-off-by: Gerd Hoffmann --- qemu-edid.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/qemu-edid.c b/qemu-edid.c index 20c958d9c7..92e1a660a7 100644 --- a/qemu-edid.c +++ b/qemu-edid.c @@ -92,6 +92,10 @@ int main(int argc, char *argv[]) fprintf(stderr, "not a number: %s\n", optarg); exit(1); } + if (dpi == 0) { + fprintf(stderr, "cannot be zero: %s\n", optarg); + exit(1); + } break; case 'v': info.vendor = optarg; From dbccb1a5a1b5b14b78ea6b27bb562e8cd0a8f317 Mon Sep 17 00:00:00 2001 From: Bryce Mills Date: Tue, 11 Oct 2022 13:58:21 +0000 Subject: [PATCH 77/96] gtk: Add show_menubar=on|off command line option. The patch adds "show_menubar" command line option for GTK UI similar to "show_tabs". This option allows to hide menu bar initially, it still can be toggled by shortcut and other shortcuts still work. Signed-off-by: Bryce Mills Acked-by: Markus Armbruster Message-Id: Signed-off-by: Gerd Hoffmann --- qapi/ui.json | 5 ++++- qemu-options.hx | 3 +++ ui/gtk.c | 15 ++++++++++----- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/qapi/ui.json b/qapi/ui.json index 286c5731d1..0abba3e930 100644 --- a/qapi/ui.json +++ b/qapi/ui.json @@ -1199,13 +1199,16 @@ # interfaces (e.g. VGA and virtual console character devices) # by default. # Since 7.1 +# @show-menubar: Display the main window menubar. Defaults to "on". +# Since 8.0 # # Since: 2.12 ## { 'struct' : 'DisplayGTK', 'data' : { '*grab-on-hover' : 'bool', '*zoom-to-fit' : 'bool', - '*show-tabs' : 'bool' } } + '*show-tabs' : 'bool', + '*show-menubar' : 'bool' } } ## # @DisplayEGLHeadless: diff --git a/qemu-options.hx b/qemu-options.hx index 95b998a13b..bb0979bef9 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1969,6 +1969,7 @@ DEF("display", HAS_ARG, QEMU_OPTION_display, #if defined(CONFIG_GTK) "-display gtk[,full-screen=on|off][,gl=on|off][,grab-on-hover=on|off]\n" " [,show-tabs=on|off][,show-cursor=on|off][,window-close=on|off]\n" + " [,show-menubar=on|off]\n" #endif #if defined(CONFIG_VNC) "-display vnc=[,]\n" @@ -2061,6 +2062,8 @@ SRST ``window-close=on|off`` : Allow to quit qemu with window close button + ``show-menubar=on|off`` : Display the main window menubar, defaults to "on" + ``curses[,charset=]`` Display video output via curses. For graphics device models which support a text mode, QEMU can display this output using a diff --git a/ui/gtk.c b/ui/gtk.c index 6fc2e23963..92daaa6a6e 100644 --- a/ui/gtk.c +++ b/ui/gtk.c @@ -2171,7 +2171,7 @@ static GSList *gd_vc_gfx_init(GtkDisplayState *s, VirtualConsole *vc, return group; } -static GtkWidget *gd_create_menu_view(GtkDisplayState *s) +static GtkWidget *gd_create_menu_view(GtkDisplayState *s, DisplayOptions *opts) { GSList *group = NULL; GtkWidget *view_menu; @@ -2269,7 +2269,8 @@ static GtkWidget *gd_create_menu_view(GtkDisplayState *s) s->show_menubar_item = gtk_check_menu_item_new_with_mnemonic( _("Show Menubar")); gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(s->show_menubar_item), - TRUE); + !opts->u.gtk.has_show_menubar || + opts->u.gtk.show_menubar); gtk_accel_group_connect(s->accel_group, GDK_KEY_m, HOTKEY_MODIFIERS, 0, g_cclosure_new_swap(G_CALLBACK(gd_accel_show_menubar), s, NULL)); gtk_accel_label_set_accel( @@ -2280,13 +2281,13 @@ static GtkWidget *gd_create_menu_view(GtkDisplayState *s) return view_menu; } -static void gd_create_menus(GtkDisplayState *s) +static void gd_create_menus(GtkDisplayState *s, DisplayOptions *opts) { GtkSettings *settings; s->accel_group = gtk_accel_group_new(); s->machine_menu = gd_create_menu_machine(s); - s->view_menu = gd_create_menu_view(s); + s->view_menu = gd_create_menu_view(s, opts); s->machine_menu_item = gtk_menu_item_new_with_mnemonic(_("_Machine")); gtk_menu_item_set_submenu(GTK_MENU_ITEM(s->machine_menu_item), @@ -2363,7 +2364,7 @@ static void gtk_display_init(DisplayState *ds, DisplayOptions *opts) gtk_window_set_icon_name(GTK_WINDOW(s->window), "qemu"); - gd_create_menus(s); + gd_create_menus(s, opts); gd_connect_signals(s); @@ -2378,6 +2379,10 @@ static void gtk_display_init(DisplayState *ds, DisplayOptions *opts) gtk_container_add(GTK_CONTAINER(s->window), s->vbox); gtk_widget_show_all(s->window); + if (opts->u.gtk.has_show_menubar && + !opts->u.gtk.show_menubar) { + gtk_widget_hide(s->menu_bar); + } vc = gd_vc_find_current(s); gtk_widget_set_sensitive(s->view_menu, vc != NULL); From 4db99c9d9cb6ab6290f14609e23d079219102742 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Tue, 13 Sep 2022 21:53:20 +0400 Subject: [PATCH 78/96] win32: set threads name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As described in: https://learn.microsoft.com/en-us/visualstudio/debugger/how-to-set-a-thread-name-in-native-code?view=vs-2022 SetThreadDescription() is available since Windows 10, version 1607 and in some versions only by "Run Time Dynamic Linking". Its declaration is not yet in mingw, so we lookup the function the same way glib does. Tested with Visual Studio Community 2022 debugger. Signed-off-by: Marc-André Lureau Acked-by: Richard Henderson --- util/qemu-thread-win32.c | 54 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/util/qemu-thread-win32.c b/util/qemu-thread-win32.c index a2d5a6e825..b9a467d7db 100644 --- a/util/qemu-thread-win32.c +++ b/util/qemu-thread-win32.c @@ -19,12 +19,39 @@ static bool name_threads; +typedef HRESULT (WINAPI *pSetThreadDescription) (HANDLE hThread, + PCWSTR lpThreadDescription); +static pSetThreadDescription SetThreadDescriptionFunc; +static HMODULE kernel32_module; + +static bool load_set_thread_description(void) +{ + static gsize _init_once = 0; + + if (g_once_init_enter(&_init_once)) { + kernel32_module = LoadLibrary("kernel32.dll"); + if (kernel32_module) { + SetThreadDescriptionFunc = + (pSetThreadDescription)GetProcAddress(kernel32_module, + "SetThreadDescription"); + if (!SetThreadDescriptionFunc) { + FreeLibrary(kernel32_module); + } + } + g_once_init_leave(&_init_once, 1); + } + + return !!SetThreadDescriptionFunc; +} + void qemu_thread_naming(bool enable) { - /* But note we don't actually name them on Windows yet */ name_threads = enable; - fprintf(stderr, "qemu: thread naming not supported on this host\n"); + if (enable && !load_set_thread_description()) { + fprintf(stderr, "qemu: thread naming not supported on this host\n"); + name_threads = false; + } } static void error_exit(int err, const char *msg) @@ -400,6 +427,25 @@ void *qemu_thread_join(QemuThread *thread) return ret; } +static bool set_thread_description(HANDLE h, const char *name) +{ + HRESULT hr; + g_autofree wchar_t *namew = NULL; + + if (!load_set_thread_description()) { + return false; + } + + namew = g_utf8_to_utf16(name, -1, NULL, NULL, NULL); + if (!namew) { + return false; + } + + hr = SetThreadDescriptionFunc(h, namew); + + return SUCCEEDED(hr); +} + void qemu_thread_create(QemuThread *thread, const char *name, void *(*start_routine)(void *), void *arg, int mode) @@ -423,7 +469,11 @@ void qemu_thread_create(QemuThread *thread, const char *name, if (!hThread) { error_exit(GetLastError(), __func__); } + if (name_threads && name && !set_thread_description(hThread, name)) { + fprintf(stderr, "qemu: failed to set thread description: %s\n", name); + } CloseHandle(hThread); + thread->data = data; } From c1f798091319c74cd9a90f36af604c782e7ee7bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 6 Oct 2022 15:36:52 +0400 Subject: [PATCH 79/96] osdep: make readv_writev() work with partial read/write MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With a pipe or other reasons, read/write may return less than the requested bytes. This happens with the test-io-channel-command test on Windows. glib spawn code uses a binary pipe of 4096 bytes, and the first read returns that much (although more are requested), for some unclear reason... Signed-off-by: Marc-André Lureau Reviewed-by: Daniel P. Berrangé Message-Id: <20221006113657.2656108-2-marcandre.lureau@redhat.com> --- util/osdep.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/util/osdep.c b/util/osdep.c index 60fcbbaebe..746d5f7d71 100644 --- a/util/osdep.c +++ b/util/osdep.c @@ -538,18 +538,22 @@ int socket_init(void) #ifndef CONFIG_IOVEC -/* helper function for iov_send_recv() */ static ssize_t readv_writev(int fd, const struct iovec *iov, int iov_cnt, bool do_write) { unsigned i = 0; ssize_t ret = 0; + ssize_t off = 0; while (i < iov_cnt) { ssize_t r = do_write - ? write(fd, iov[i].iov_base, iov[i].iov_len) - : read(fd, iov[i].iov_base, iov[i].iov_len); + ? write(fd, iov[i].iov_base + off, iov[i].iov_len - off) + : read(fd, iov[i].iov_base + off, iov[i].iov_len - off); if (r > 0) { ret += r; + off += r; + if (off < iov[i].iov_len) { + continue; + } } else if (!r) { break; } else if (errno == EINTR) { @@ -562,6 +566,7 @@ readv_writev(int fd, const struct iovec *iov, int iov_cnt, bool do_write) } break; } + off = 0; i++; } return ret; From 3f08376c2e1c3d3bb0b415fb1505b949d72655d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 6 Oct 2022 15:36:53 +0400 Subject: [PATCH 80/96] util: make do_send_recv work with partial send/recv MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit According to msdn documentation and Linux man pages, send() should try to send as much as possible in blocking mode, while recv() may return earlier with a smaller available amount, we should try to continue send/recv from there. Signed-off-by: Marc-André Lureau Reviewed-by: Daniel P. Berrangé Message-Id: <20221006113657.2656108-3-marcandre.lureau@redhat.com> --- util/iov.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/util/iov.c b/util/iov.c index 22d6996cce..b4be580022 100644 --- a/util/iov.c +++ b/util/iov.c @@ -111,12 +111,17 @@ do_send_recv(int sockfd, struct iovec *iov, unsigned iov_cnt, bool do_send) /*XXX Note: windows has WSASend() and WSARecv() */ unsigned i = 0; ssize_t ret = 0; + ssize_t off = 0; while (i < iov_cnt) { ssize_t r = do_send - ? send(sockfd, iov[i].iov_base, iov[i].iov_len, 0) - : recv(sockfd, iov[i].iov_base, iov[i].iov_len, 0); + ? send(sockfd, iov[i].iov_base + off, iov[i].iov_len - off, 0) + : recv(sockfd, iov[i].iov_base + off, iov[i].iov_len - off, 0); if (r > 0) { ret += r; + off += r; + if (off < iov[i].iov_len) { + continue; + } } else if (!r) { break; } else if (errno == EINTR) { @@ -129,6 +134,7 @@ do_send_recv(int sockfd, struct iovec *iov, unsigned iov_cnt, bool do_send) } break; } + off = 0; i++; } return ret; From bb06b0143b492203ab3d17640be1d819cfc33de7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 6 Oct 2022 15:36:54 +0400 Subject: [PATCH 81/96] tests/channel-helper: set blocking in main thread MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The /io/channel/command/echo tests run the reader side and the writer side with the same underlying command channel. Setting the blocking mode of the fd/handles while the other end is already reading/writing may create issues (deadlock in win32 when earlier attempt of this series were using SetNamedPipeHandleState). Let's just do it before spawning the threads to avoid further concurrency issues. Signed-off-by: Marc-André Lureau Reviewed-by: Daniel P. Berrangé Message-Id: <20221006113657.2656108-4-marcandre.lureau@redhat.com> --- tests/unit/io-channel-helpers.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tests/unit/io-channel-helpers.c b/tests/unit/io-channel-helpers.c index ff156ed3c4..c0799c21c2 100644 --- a/tests/unit/io-channel-helpers.c +++ b/tests/unit/io-channel-helpers.c @@ -25,7 +25,6 @@ struct QIOChannelTest { QIOChannel *src; QIOChannel *dst; - bool blocking; size_t len; size_t niov; char *input; @@ -42,8 +41,6 @@ static gpointer test_io_thread_writer(gpointer opaque) { QIOChannelTest *data = opaque; - qio_channel_set_blocking(data->src, data->blocking, NULL); - qio_channel_writev_all(data->src, data->inputv, data->niov, @@ -58,8 +55,6 @@ static gpointer test_io_thread_reader(gpointer opaque) { QIOChannelTest *data = opaque; - qio_channel_set_blocking(data->dst, data->blocking, NULL); - qio_channel_readv_all(data->dst, data->outputv, data->niov, @@ -113,7 +108,9 @@ void qio_channel_test_run_threads(QIOChannelTest *test, test->src = src; test->dst = dst; - test->blocking = blocking; + + qio_channel_set_blocking(test->dst, blocking, NULL); + qio_channel_set_blocking(test->src, blocking, NULL); reader = g_thread_new("reader", test_io_thread_reader, From a95570e3e4d61a7c8e527e512246665c51caa6f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 6 Oct 2022 15:36:55 +0400 Subject: [PATCH 82/96] io/command: use glib GSpawn, instead of open-coding fork/exec MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Simplify qio_channel_command_new_spawn() with GSpawn API. This will allow to build for WIN32 in the following patches. As pointed out by Daniel Berrangé: there is a change in semantics here too. The current code only touches stdin/stdout/stderr. Any other FDs which do NOT have O_CLOEXEC set will be inherited. With the new code, all FDs except stdin/out/err will be explicitly closed, because we don't set the flag G_SPAWN_LEAVE_DESCRIPTORS_OPEN. The only place we use QIOChannelCommand today is the migration exec: protocol, and that is only declared to use stdin/stdout. Reviewed-by: Daniel P. Berrangé Signed-off-by: Marc-André Lureau Message-Id: <20221006113657.2656108-5-marcandre.lureau@redhat.com> --- include/io/channel-command.h | 2 +- io/channel-command.c | 103 ++++++----------------------------- 2 files changed, 18 insertions(+), 87 deletions(-) diff --git a/include/io/channel-command.h b/include/io/channel-command.h index 305ac1d280..8dc58273c0 100644 --- a/include/io/channel-command.h +++ b/include/io/channel-command.h @@ -41,7 +41,7 @@ struct QIOChannelCommand { QIOChannel parent; int writefd; int readfd; - pid_t pid; + GPid pid; }; diff --git a/io/channel-command.c b/io/channel-command.c index 9f2f4a1793..f84d1f03a0 100644 --- a/io/channel-command.c +++ b/io/channel-command.c @@ -31,7 +31,7 @@ * qio_channel_command_new_pid: * @writefd: the FD connected to the command's stdin * @readfd: the FD connected to the command's stdout - * @pid: the PID of the running child command + * @pid: the PID/HANDLE of the running child command * @errp: pointer to a NULL-initialized error object * * Create a channel for performing I/O with the @@ -50,7 +50,7 @@ static QIOChannelCommand * qio_channel_command_new_pid(int writefd, int readfd, - pid_t pid) + GPid pid) { QIOChannelCommand *ioc; @@ -69,94 +69,24 @@ qio_channel_command_new_spawn(const char *const argv[], int flags, Error **errp) { - pid_t pid = -1; - int stdinfd[2] = { -1, -1 }; - int stdoutfd[2] = { -1, -1 }; - int devnull = -1; - bool stdinnull = false, stdoutnull = false; - QIOChannelCommand *ioc; + g_autoptr(GError) err = NULL; + GPid pid = 0; + GSpawnFlags gflags = G_SPAWN_CLOEXEC_PIPES | G_SPAWN_DO_NOT_REAP_CHILD; + int stdinfd = -1, stdoutfd = -1; flags = flags & O_ACCMODE; + gflags |= flags == O_WRONLY ? G_SPAWN_STDOUT_TO_DEV_NULL : 0; - if (flags == O_RDONLY) { - stdinnull = true; - } - if (flags == O_WRONLY) { - stdoutnull = true; + if (!g_spawn_async_with_pipes(NULL, (char **)argv, NULL, gflags, NULL, NULL, + &pid, + flags == O_RDONLY ? NULL : &stdinfd, + flags == O_WRONLY ? NULL : &stdoutfd, + NULL, &err)) { + error_setg(errp, "%s", err->message); + return NULL; } - if (stdinnull || stdoutnull) { - devnull = open("/dev/null", O_RDWR); - if (devnull < 0) { - error_setg_errno(errp, errno, - "Unable to open /dev/null"); - goto error; - } - } - - if ((!stdinnull && !g_unix_open_pipe(stdinfd, FD_CLOEXEC, NULL)) || - (!stdoutnull && !g_unix_open_pipe(stdoutfd, FD_CLOEXEC, NULL))) { - error_setg_errno(errp, errno, - "Unable to open pipe"); - goto error; - } - - pid = qemu_fork(errp); - if (pid < 0) { - goto error; - } - - if (pid == 0) { /* child */ - dup2(stdinnull ? devnull : stdinfd[0], STDIN_FILENO); - dup2(stdoutnull ? devnull : stdoutfd[1], STDOUT_FILENO); - /* Leave stderr connected to qemu's stderr */ - - if (!stdinnull) { - close(stdinfd[0]); - close(stdinfd[1]); - } - if (!stdoutnull) { - close(stdoutfd[0]); - close(stdoutfd[1]); - } - if (devnull != -1) { - close(devnull); - } - - execv(argv[0], (char * const *)argv); - _exit(1); - } - - if (!stdinnull) { - close(stdinfd[0]); - } - if (!stdoutnull) { - close(stdoutfd[1]); - } - - ioc = qio_channel_command_new_pid(stdinnull ? devnull : stdinfd[1], - stdoutnull ? devnull : stdoutfd[0], - pid); - trace_qio_channel_command_new_spawn(ioc, argv[0], flags); - return ioc; - - error: - if (devnull != -1) { - close(devnull); - } - if (stdinfd[0] != -1) { - close(stdinfd[0]); - } - if (stdinfd[1] != -1) { - close(stdinfd[1]); - } - if (stdoutfd[0] != -1) { - close(stdoutfd[0]); - } - if (stdoutfd[1] != -1) { - close(stdoutfd[1]); - } - return NULL; + return qio_channel_command_new_pid(stdinfd, stdoutfd, pid); } #else /* WIN32 */ @@ -221,7 +151,7 @@ static void qio_channel_command_init(Object *obj) QIOChannelCommand *ioc = QIO_CHANNEL_COMMAND(obj); ioc->readfd = -1; ioc->writefd = -1; - ioc->pid = -1; + ioc->pid = 0; } static void qio_channel_command_finalize(Object *obj) @@ -239,6 +169,7 @@ static void qio_channel_command_finalize(Object *obj) #ifndef WIN32 qio_channel_command_abort(ioc, NULL); #endif + g_spawn_close_pid(ioc->pid); } } From ec5b6c9c5de985769a3d816b85cfe707a2decb93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 6 Oct 2022 15:36:56 +0400 Subject: [PATCH 83/96] io/command: implement support for win32 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The initial implementation was changing the pipe state created by GLib to PIPE_NOWAIT, but it turns out it doesn't work (read/write returns an error). Since reading may return less than the requested amount, it seems to be non-blocking already. However, the IO operation may block until the FD is ready, I can't find good sources of information, to be safe we can just poll for readiness before. Alternatively, we could setup the FDs ourself, and use UNIX sockets on Windows, which can be used in blocking/non-blocking mode. I haven't tried it, as I am not sure it is necessary. Signed-off-by: Marc-André Lureau Reviewed-by: Daniel P. Berrangé Message-Id: <20221006113657.2656108-6-marcandre.lureau@redhat.com> --- include/io/channel-command.h | 3 ++ io/channel-command.c | 82 ++++++++++++++++++++++++++---------- 2 files changed, 63 insertions(+), 22 deletions(-) diff --git a/include/io/channel-command.h b/include/io/channel-command.h index 8dc58273c0..98934e6d9e 100644 --- a/include/io/channel-command.h +++ b/include/io/channel-command.h @@ -42,6 +42,9 @@ struct QIOChannelCommand { int writefd; int readfd; GPid pid; +#ifdef WIN32 + bool blocking; +#endif }; diff --git a/io/channel-command.c b/io/channel-command.c index f84d1f03a0..74516252ba 100644 --- a/io/channel-command.c +++ b/io/channel-command.c @@ -26,7 +26,6 @@ #include "qemu/sockets.h" #include "trace.h" -#ifndef WIN32 /** * qio_channel_command_new_pid: * @writefd: the FD connected to the command's stdin @@ -60,7 +59,13 @@ qio_channel_command_new_pid(int writefd, ioc->writefd = writefd; ioc->pid = pid; - trace_qio_channel_command_new_pid(ioc, writefd, readfd, pid); + trace_qio_channel_command_new_pid(ioc, writefd, readfd, +#ifdef WIN32 + GetProcessId(pid) +#else + pid +#endif + ); return ioc; } @@ -89,18 +94,6 @@ qio_channel_command_new_spawn(const char *const argv[], return qio_channel_command_new_pid(stdinfd, stdoutfd, pid); } -#else /* WIN32 */ -QIOChannelCommand * -qio_channel_command_new_spawn(const char *const argv[], - int flags, - Error **errp) -{ - error_setg_errno(errp, ENOSYS, - "Command spawn not supported on this platform"); - return NULL; -} -#endif /* WIN32 */ - #ifndef WIN32 static int qio_channel_command_abort(QIOChannelCommand *ioc, Error **errp) @@ -143,6 +136,23 @@ static int qio_channel_command_abort(QIOChannelCommand *ioc, return 0; } +#else +static int qio_channel_command_abort(QIOChannelCommand *ioc, + Error **errp) +{ + DWORD ret; + + TerminateProcess(ioc->pid, 0); + ret = WaitForSingleObject(ioc->pid, 1000); + if (ret != WAIT_OBJECT_0) { + error_setg(errp, + "Process %llu refused to die", + (unsigned long long)GetProcessId(ioc->pid)); + return -1; + } + + return 0; +} #endif /* ! WIN32 */ @@ -166,13 +176,27 @@ static void qio_channel_command_finalize(Object *obj) } ioc->writefd = ioc->readfd = -1; if (ioc->pid > 0) { -#ifndef WIN32 qio_channel_command_abort(ioc, NULL); -#endif g_spawn_close_pid(ioc->pid); } } +#ifdef WIN32 +static bool win32_fd_poll(int fd, gushort events) +{ + GPollFD pfd = { .fd = _get_osfhandle(fd), .events = events }; + int res; + + do { + res = g_poll(&pfd, 1, 0); + } while (res < 0 && errno == EINTR); + if (res == 0) { + return false; + } + + return true; +} +#endif static ssize_t qio_channel_command_readv(QIOChannel *ioc, const struct iovec *iov, @@ -184,6 +208,12 @@ static ssize_t qio_channel_command_readv(QIOChannel *ioc, QIOChannelCommand *cioc = QIO_CHANNEL_COMMAND(ioc); ssize_t ret; +#ifdef WIN32 + if (!cioc->blocking && !win32_fd_poll(cioc->readfd, G_IO_IN)) { + return QIO_CHANNEL_ERR_BLOCK; + } +#endif + retry: ret = readv(cioc->readfd, iov, niov); if (ret < 0) { @@ -213,6 +243,12 @@ static ssize_t qio_channel_command_writev(QIOChannel *ioc, QIOChannelCommand *cioc = QIO_CHANNEL_COMMAND(ioc); ssize_t ret; +#ifdef WIN32 + if (!cioc->blocking && !win32_fd_poll(cioc->writefd, G_IO_OUT)) { + return QIO_CHANNEL_ERR_BLOCK; + } +#endif + retry: ret = writev(cioc->writefd, iov, niov); if (ret <= 0) { @@ -233,14 +269,14 @@ static int qio_channel_command_set_blocking(QIOChannel *ioc, bool enabled, Error **errp) { -#ifdef WIN32 - /* command spawn is not supported on win32 */ - g_assert_not_reached(); -#else QIOChannelCommand *cioc = QIO_CHANNEL_COMMAND(ioc); - if (!g_unix_set_fd_nonblocking(cioc->writefd, !enabled, NULL) || - !g_unix_set_fd_nonblocking(cioc->readfd, !enabled, NULL)) { +#ifdef WIN32 + cioc->blocking = enabled; +#else + + if ((cioc->writefd >= 0 && !g_unix_set_fd_nonblocking(cioc->writefd, !enabled, NULL)) || + (cioc->readfd >= 0 && !g_unix_set_fd_nonblocking(cioc->readfd, !enabled, NULL))) { error_setg_errno(errp, errno, "Failed to set FD nonblocking"); return -1; } @@ -281,6 +317,8 @@ static int qio_channel_command_close(QIOChannel *ioc, (unsigned long long)cioc->pid); return -1; } +#else + WaitForSingleObject(cioc->pid, INFINITE); #endif if (rv < 0) { From 76f5148c21b4543e62a6ad605ac4b44133421401 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 6 Oct 2022 15:36:57 +0400 Subject: [PATCH 84/96] tests/unit: make test-io-channel-command work on win32 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This has been tested under msys2 & windows 11. I haven't tried to make it work with other environments yet, but that should be enough to validate the channel-command implementation anyway. Here are the changes: - drop tests/ from fifo/pipe path, to avoid directory issues - use g_find_program() to lookup the socat executable (otherwise we would need to change ChanneCommand to use G_SPAWN_SEARCH_PATH, and deal with missing socat differently) - skip the "echo" test when socat is missing as well Signed-off-by: Marc-André Lureau Reviewed-by: Daniel P. Berrangé Message-Id: <20221006113657.2656108-7-marcandre.lureau@redhat.com> --- tests/unit/test-io-channel-command.c | 37 ++++++++++++++-------------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/tests/unit/test-io-channel-command.c b/tests/unit/test-io-channel-command.c index aa09c559cd..7eee939c07 100644 --- a/tests/unit/test-io-channel-command.c +++ b/tests/unit/test-io-channel-command.c @@ -24,29 +24,30 @@ #include "qapi/error.h" #include "qemu/module.h" -#ifndef WIN32 +#define TEST_FIFO "test-io-channel-command.fifo" + +#define SOCAT_SRC "PIPE:" TEST_FIFO ",wronly" +#define SOCAT_DST "PIPE:" TEST_FIFO ",rdonly" + +static char *socat = NULL; + static void test_io_channel_command_fifo(bool async) { -#define TEST_FIFO "tests/test-io-channel-command.fifo" QIOChannel *src, *dst; QIOChannelTest *test; - const char *srcfifo = "PIPE:" TEST_FIFO ",wronly"; - const char *dstfifo = "PIPE:" TEST_FIFO ",rdonly"; const char *srcargv[] = { - "/bin/socat", "-", srcfifo, NULL, + socat, "-", SOCAT_SRC, NULL, }; const char *dstargv[] = { - "/bin/socat", dstfifo, "-", NULL, + socat, SOCAT_DST, "-", NULL, }; - unlink(TEST_FIFO); - if (access("/bin/socat", X_OK) < 0) { - g_test_skip("socat is missing"); + if (!socat) { + g_test_skip("socat is not found in PATH"); return; } - if (mkfifo(TEST_FIFO, 0600) < 0) { - abort(); - } + + unlink(TEST_FIFO); src = QIO_CHANNEL(qio_channel_command_new_spawn(srcargv, O_WRONLY, &error_abort)); @@ -81,11 +82,12 @@ static void test_io_channel_command_echo(bool async) QIOChannel *ioc; QIOChannelTest *test; const char *socatargv[] = { - "/bin/socat", "-", "-", NULL, + socat, "-", "-", NULL, }; - if (access("/bin/socat", X_OK) < 0) { - return; /* Pretend success if socat is not present */ + if (!socat) { + g_test_skip("socat is not found in PATH"); + return; } ioc = QIO_CHANNEL(qio_channel_command_new_spawn(socatargv, @@ -108,7 +110,6 @@ static void test_io_channel_command_echo_sync(void) { test_io_channel_command_echo(false); } -#endif int main(int argc, char **argv) { @@ -116,7 +117,8 @@ int main(int argc, char **argv) g_test_init(&argc, &argv, NULL); -#ifndef WIN32 + socat = g_find_program_in_path("socat"); + g_test_add_func("/io/channel/command/fifo/sync", test_io_channel_command_fifo_sync); g_test_add_func("/io/channel/command/fifo/async", @@ -125,7 +127,6 @@ int main(int argc, char **argv) test_io_channel_command_echo_sync); g_test_add_func("/io/channel/command/echo/async", test_io_channel_command_echo_async); -#endif return g_test_run(); } From a7b7802bfe971b1b33cf85b328a521333e68ce97 Mon Sep 17 00:00:00 2001 From: Helge Konetzka Date: Wed, 12 Oct 2022 13:49:24 +0200 Subject: [PATCH 85/96] audio: fix in.voices test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Calling qemu with valid -audiodev ...,in.voices=0 results in an obsolete warning: audio: Bogus number of capture voices 0, setting to 0 This patch fixes the in.voices test. Signed-off-by: Helge Konetzka Reviewed-by: Marc-André Lureau Message-Id: <20221012114925.5084-2-hk@zapateado.de> Signed-off-by: Gerd Hoffmann --- audio/audio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audio/audio.c b/audio/audio.c index 886725747b..1ecdbc4191 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -1778,7 +1778,7 @@ static AudioState *audio_init(Audiodev *dev, const char *name) s->nb_hw_voices_out = 1; } - if (s->nb_hw_voices_in <= 0) { + if (s->nb_hw_voices_in < 0) { dolog ("Bogus number of capture voices %d, setting to 0\n", s->nb_hw_voices_in); s->nb_hw_voices_in = 0; From 61ddafbcfac4975ee245cd3453be86b0632a5605 Mon Sep 17 00:00:00 2001 From: Helge Konetzka Date: Wed, 12 Oct 2022 13:49:25 +0200 Subject: [PATCH 86/96] audio: improve out.voices test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Improve readability of audio out.voices test: If 1 is logged and set after positive test, 1 should be tested. Signed-off-by: Helge Konetzka Reviewed-by: Marc-André Lureau Message-Id: <20221012114925.5084-3-hk@zapateado.de> Signed-off-by: Gerd Hoffmann --- audio/audio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audio/audio.c b/audio/audio.c index 1ecdbc4191..cc664271eb 100644 --- a/audio/audio.c +++ b/audio/audio.c @@ -1772,7 +1772,7 @@ static AudioState *audio_init(Audiodev *dev, const char *name) s->nb_hw_voices_out = audio_get_pdo_out(dev)->voices; s->nb_hw_voices_in = audio_get_pdo_in(dev)->voices; - if (s->nb_hw_voices_out <= 0) { + if (s->nb_hw_voices_out < 1) { dolog ("Bogus number of playback voices %d, setting to 1\n", s->nb_hw_voices_out); s->nb_hw_voices_out = 1; From 838f717b22fb942f488f2bf5d1cd943736c8eae5 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sun, 9 Oct 2022 15:49:47 +0800 Subject: [PATCH 87/96] hw/riscv: Update comment for qtest check in riscv_find_firmware() Since commit 4211fc553234 ("roms/opensbi: Remove ELF images"), the comment for qtest check in riscv_find_firmware() is out of date. Update it to reflect the latest status. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Message-Id: Signed-off-by: Alistair Francis --- hw/riscv/boot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c index 1ae7596873..f6e8eafa28 100644 --- a/hw/riscv/boot.c +++ b/hw/riscv/boot.c @@ -111,8 +111,8 @@ char *riscv_find_firmware(const char *firmware_filename) if (filename == NULL) { if (!qtest_enabled()) { /* - * We only ship plain binary bios images in the QEMU source. - * With Spike machine that uses ELF images as the default bios, + * We only ship OpenSBI binary bios images in the QEMU source. + * For machines that use images other than the default bios, * running QEMU test will complain hence let's suppress the error * report for QEMU testing. */ From ff3809ef34d39a2b42f0ced5f5f90c36bd550cc9 Mon Sep 17 00:00:00 2001 From: Wilfred Mallawa Date: Fri, 30 Sep 2022 13:32:42 +1000 Subject: [PATCH 88/96] hw/ssi: ibex_spi: fixup coverity issue This patch addresses the coverity issues specified in [1], as suggested, `FIELD_DP32()`/`FIELD_EX32()` macros have been implemented to clean up the code. [1] https://www.mail-archive.com/qemu-devel@nongnu.org/msg887713.html Fixes: Coverity CID 1488107 Signed-off-by: Wilfred Mallawa Reviewed-by: Alistair Francis Reviewed-by: Andrew Jones Message-Id: <20220930033241.206581-2-wilfred.mallawa@opensource.wdc.com> Signed-off-by: Alistair Francis --- hw/ssi/ibex_spi_host.c | 132 +++++++++++++++++++++-------------------- 1 file changed, 68 insertions(+), 64 deletions(-) diff --git a/hw/ssi/ibex_spi_host.c b/hw/ssi/ibex_spi_host.c index 94d7da9cc2..d145a4cdbd 100644 --- a/hw/ssi/ibex_spi_host.c +++ b/hw/ssi/ibex_spi_host.c @@ -108,18 +108,22 @@ static inline uint8_t div4_round_up(uint8_t dividend) static void ibex_spi_rxfifo_reset(IbexSPIHostState *s) { + uint32_t data = s->regs[IBEX_SPI_HOST_STATUS]; /* Empty the RX FIFO and assert RXEMPTY */ fifo8_reset(&s->rx_fifo); - s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_RXFULL_MASK; - s->regs[IBEX_SPI_HOST_STATUS] |= R_STATUS_RXEMPTY_MASK; + data = FIELD_DP32(data, STATUS, RXFULL, 0); + data = FIELD_DP32(data, STATUS, RXEMPTY, 1); + s->regs[IBEX_SPI_HOST_STATUS] = data; } static void ibex_spi_txfifo_reset(IbexSPIHostState *s) { + uint32_t data = s->regs[IBEX_SPI_HOST_STATUS]; /* Empty the TX FIFO and assert TXEMPTY */ fifo8_reset(&s->tx_fifo); - s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_TXFULL_MASK; - s->regs[IBEX_SPI_HOST_STATUS] |= R_STATUS_TXEMPTY_MASK; + data = FIELD_DP32(data, STATUS, TXFULL, 0); + data = FIELD_DP32(data, STATUS, TXEMPTY, 1); + s->regs[IBEX_SPI_HOST_STATUS] = data; } static void ibex_spi_host_reset(DeviceState *dev) @@ -162,37 +166,38 @@ static void ibex_spi_host_reset(DeviceState *dev) */ static void ibex_spi_host_irq(IbexSPIHostState *s) { - bool error_en = s->regs[IBEX_SPI_HOST_INTR_ENABLE] - & R_INTR_ENABLE_ERROR_MASK; - bool event_en = s->regs[IBEX_SPI_HOST_INTR_ENABLE] - & R_INTR_ENABLE_SPI_EVENT_MASK; - bool err_pending = s->regs[IBEX_SPI_HOST_INTR_STATE] - & R_INTR_STATE_ERROR_MASK; - bool status_pending = s->regs[IBEX_SPI_HOST_INTR_STATE] - & R_INTR_STATE_SPI_EVENT_MASK; + uint32_t intr_test_reg = s->regs[IBEX_SPI_HOST_INTR_TEST]; + uint32_t intr_en_reg = s->regs[IBEX_SPI_HOST_INTR_ENABLE]; + uint32_t intr_state_reg = s->regs[IBEX_SPI_HOST_INTR_STATE]; + + uint32_t err_en_reg = s->regs[IBEX_SPI_HOST_ERROR_ENABLE]; + uint32_t event_en_reg = s->regs[IBEX_SPI_HOST_EVENT_ENABLE]; + uint32_t err_status_reg = s->regs[IBEX_SPI_HOST_ERROR_STATUS]; + uint32_t status_reg = s->regs[IBEX_SPI_HOST_STATUS]; + + + bool error_en = FIELD_EX32(intr_en_reg, INTR_ENABLE, ERROR); + bool event_en = FIELD_EX32(intr_en_reg, INTR_ENABLE, SPI_EVENT); + bool err_pending = FIELD_EX32(intr_state_reg, INTR_STATE, ERROR); + bool status_pending = FIELD_EX32(intr_state_reg, INTR_STATE, SPI_EVENT); + int err_irq = 0, event_irq = 0; /* Error IRQ enabled and Error IRQ Cleared */ if (error_en && !err_pending) { /* Event enabled, Interrupt Test Error */ - if (s->regs[IBEX_SPI_HOST_INTR_TEST] & R_INTR_TEST_ERROR_MASK) { + if (FIELD_EX32(intr_test_reg, INTR_TEST, ERROR)) { err_irq = 1; - } else if ((s->regs[IBEX_SPI_HOST_ERROR_ENABLE] - & R_ERROR_ENABLE_CMDBUSY_MASK) && - s->regs[IBEX_SPI_HOST_ERROR_STATUS] - & R_ERROR_STATUS_CMDBUSY_MASK) { + } else if (FIELD_EX32(err_en_reg, ERROR_ENABLE, CMDBUSY) && + FIELD_EX32(err_status_reg, ERROR_STATUS, CMDBUSY)) { /* Wrote to COMMAND when not READY */ err_irq = 1; - } else if ((s->regs[IBEX_SPI_HOST_ERROR_ENABLE] - & R_ERROR_ENABLE_CMDINVAL_MASK) && - s->regs[IBEX_SPI_HOST_ERROR_STATUS] - & R_ERROR_STATUS_CMDINVAL_MASK) { + } else if (FIELD_EX32(err_en_reg, ERROR_ENABLE, CMDINVAL) && + FIELD_EX32(err_status_reg, ERROR_STATUS, CMDINVAL)) { /* Invalid command segment */ err_irq = 1; - } else if ((s->regs[IBEX_SPI_HOST_ERROR_ENABLE] - & R_ERROR_ENABLE_CSIDINVAL_MASK) && - s->regs[IBEX_SPI_HOST_ERROR_STATUS] - & R_ERROR_STATUS_CSIDINVAL_MASK) { + } else if (FIELD_EX32(err_en_reg, ERROR_ENABLE, CSIDINVAL) && + FIELD_EX32(err_status_reg, ERROR_STATUS, CSIDINVAL)) { /* Invalid value for CSID */ err_irq = 1; } @@ -204,22 +209,19 @@ static void ibex_spi_host_irq(IbexSPIHostState *s) /* Event IRQ Enabled and Event IRQ Cleared */ if (event_en && !status_pending) { - if (s->regs[IBEX_SPI_HOST_INTR_TEST] & R_INTR_TEST_SPI_EVENT_MASK) { + if (FIELD_EX32(intr_test_reg, INTR_STATE, SPI_EVENT)) { /* Event enabled, Interrupt Test Event */ event_irq = 1; - } else if ((s->regs[IBEX_SPI_HOST_EVENT_ENABLE] - & R_EVENT_ENABLE_READY_MASK) && - (s->regs[IBEX_SPI_HOST_STATUS] & R_STATUS_READY_MASK)) { + } else if (FIELD_EX32(event_en_reg, EVENT_ENABLE, READY) && + FIELD_EX32(status_reg, STATUS, READY)) { /* SPI Host ready for next command */ event_irq = 1; - } else if ((s->regs[IBEX_SPI_HOST_EVENT_ENABLE] - & R_EVENT_ENABLE_TXEMPTY_MASK) && - (s->regs[IBEX_SPI_HOST_STATUS] & R_STATUS_TXEMPTY_MASK)) { + } else if (FIELD_EX32(event_en_reg, EVENT_ENABLE, TXEMPTY) && + FIELD_EX32(status_reg, STATUS, TXEMPTY)) { /* SPI TXEMPTY, TXFIFO drained */ event_irq = 1; - } else if ((s->regs[IBEX_SPI_HOST_EVENT_ENABLE] - & R_EVENT_ENABLE_RXFULL_MASK) && - (s->regs[IBEX_SPI_HOST_STATUS] & R_STATUS_RXFULL_MASK)) { + } else if (FIELD_EX32(event_en_reg, EVENT_ENABLE, RXFULL) && + FIELD_EX32(status_reg, STATUS, RXFULL)) { /* SPI RXFULL, RXFIFO full */ event_irq = 1; } @@ -232,10 +234,11 @@ static void ibex_spi_host_irq(IbexSPIHostState *s) static void ibex_spi_host_transfer(IbexSPIHostState *s) { - uint32_t rx, tx; + uint32_t rx, tx, data; /* Get num of one byte transfers */ - uint8_t segment_len = ((s->regs[IBEX_SPI_HOST_COMMAND] & R_COMMAND_LEN_MASK) - >> R_COMMAND_LEN_SHIFT); + uint8_t segment_len = FIELD_EX32(s->regs[IBEX_SPI_HOST_COMMAND], + COMMAND, LEN); + while (segment_len > 0) { if (fifo8_is_empty(&s->tx_fifo)) { /* Assert Stall */ @@ -262,22 +265,21 @@ static void ibex_spi_host_transfer(IbexSPIHostState *s) --segment_len; } + data = s->regs[IBEX_SPI_HOST_STATUS]; /* Assert Ready */ - s->regs[IBEX_SPI_HOST_STATUS] |= R_STATUS_READY_MASK; + data = FIELD_DP32(data, STATUS, READY, 1); /* Set RXQD */ - s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_RXQD_MASK; - s->regs[IBEX_SPI_HOST_STATUS] |= (R_STATUS_RXQD_MASK - & div4_round_up(segment_len)); + data = FIELD_DP32(data, STATUS, RXQD, div4_round_up(segment_len)); /* Set TXQD */ - s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_TXQD_MASK; - s->regs[IBEX_SPI_HOST_STATUS] |= (fifo8_num_used(&s->tx_fifo) / 4) - & R_STATUS_TXQD_MASK; + data = FIELD_DP32(data, STATUS, TXQD, fifo8_num_used(&s->tx_fifo) / 4); /* Clear TXFULL */ - s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_TXFULL_MASK; - /* Assert TXEMPTY and drop remaining bytes that exceed segment_len */ - ibex_spi_txfifo_reset(s); + data = FIELD_DP32(data, STATUS, TXFULL, 0); /* Reset RXEMPTY */ - s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_RXEMPTY_MASK; + data = FIELD_DP32(data, STATUS, RXEMPTY, 0); + /* Update register status */ + s->regs[IBEX_SPI_HOST_STATUS] = data; + /* Drop remaining bytes that exceed segment_len */ + ibex_spi_txfifo_reset(s); ibex_spi_host_irq(s); } @@ -340,7 +342,7 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr, { IbexSPIHostState *s = opaque; uint32_t val32 = val64; - uint32_t shift_mask = 0xff; + uint32_t shift_mask = 0xff, status = 0; uint8_t txqd_len; trace_ibex_spi_host_write(addr, size, val64); @@ -397,22 +399,24 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr, s->regs[addr] = val32; /* STALL, IP not enabled */ - if (!(s->regs[IBEX_SPI_HOST_CONTROL] & R_CONTROL_SPIEN_MASK)) { + if (!(FIELD_EX32(s->regs[IBEX_SPI_HOST_CONTROL], + CONTROL, SPIEN))) { return; } /* SPI not ready, IRQ Error */ - if (!(s->regs[IBEX_SPI_HOST_STATUS] & R_STATUS_READY_MASK)) { + if (!(FIELD_EX32(s->regs[IBEX_SPI_HOST_STATUS], + STATUS, READY))) { s->regs[IBEX_SPI_HOST_ERROR_STATUS] |= R_ERROR_STATUS_CMDBUSY_MASK; ibex_spi_host_irq(s); return; } + /* Assert Not Ready */ s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_READY_MASK; - if (((val32 & R_COMMAND_DIRECTION_MASK) >> R_COMMAND_DIRECTION_SHIFT) - != BIDIRECTIONAL_TRANSFER) { - qemu_log_mask(LOG_UNIMP, + if (FIELD_EX32(val32, COMMAND, DIRECTION) != BIDIRECTIONAL_TRANSFER) { + qemu_log_mask(LOG_UNIMP, "%s: Rx Only/Tx Only are not supported\n", __func__); } @@ -452,8 +456,8 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr, return; } /* Byte ordering is set by the IP */ - if ((s->regs[IBEX_SPI_HOST_STATUS] & - R_STATUS_BYTEORDER_MASK) == 0) { + status = s->regs[IBEX_SPI_HOST_STATUS]; + if (FIELD_EX32(status, STATUS, BYTEORDER) == 0) { /* LE: LSB transmitted first (default for ibex processor) */ shift_mask = 0xff << (i * 8); } else { @@ -464,18 +468,18 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr, fifo8_push(&s->tx_fifo, (val32 & shift_mask) >> (i * 8)); } - + status = s->regs[IBEX_SPI_HOST_STATUS]; /* Reset TXEMPTY */ - s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_TXEMPTY_MASK; + status = FIELD_DP32(status, STATUS, TXEMPTY, 0); /* Update TXQD */ - txqd_len = (s->regs[IBEX_SPI_HOST_STATUS] & - R_STATUS_TXQD_MASK) >> R_STATUS_TXQD_SHIFT; + txqd_len = FIELD_EX32(status, STATUS, TXQD); /* Partial bytes (size < 4) are padded, in words. */ txqd_len += 1; - s->regs[IBEX_SPI_HOST_STATUS] &= ~R_STATUS_TXQD_MASK; - s->regs[IBEX_SPI_HOST_STATUS] |= txqd_len; + status = FIELD_DP32(status, STATUS, TXQD, txqd_len); /* Assert Ready */ - s->regs[IBEX_SPI_HOST_STATUS] |= R_STATUS_READY_MASK; + status = FIELD_DP32(status, STATUS, READY, 1); + /* Update register status */ + s->regs[IBEX_SPI_HOST_STATUS] = status; break; case IBEX_SPI_HOST_ERROR_ENABLE: s->regs[addr] = val32; From 6c1876958bbb53396655777401ab34207d0e1afa Mon Sep 17 00:00:00 2001 From: Wilfred Mallawa Date: Fri, 30 Sep 2022 13:32:44 +1000 Subject: [PATCH 89/96] hw/ssi: ibex_spi: fixup/add rw1c functionality This patch adds the `rw1c` functionality to the respective registers. The status fields are cleared when the respective field is set. Signed-off-by: Wilfred Mallawa Reviewed-by: Alistair Francis Message-Id: <20220930033241.206581-3-wilfred.mallawa@opensource.wdc.com> Signed-off-by: Alistair Francis --- hw/ssi/ibex_spi_host.c | 36 +++++++++++++++++++++++++++++++--- include/hw/ssi/ibex_spi_host.h | 4 ++-- 2 files changed, 35 insertions(+), 5 deletions(-) diff --git a/hw/ssi/ibex_spi_host.c b/hw/ssi/ibex_spi_host.c index d145a4cdbd..57df462e3c 100644 --- a/hw/ssi/ibex_spi_host.c +++ b/hw/ssi/ibex_spi_host.c @@ -342,7 +342,7 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr, { IbexSPIHostState *s = opaque; uint32_t val32 = val64; - uint32_t shift_mask = 0xff, status = 0; + uint32_t shift_mask = 0xff, status = 0, data = 0; uint8_t txqd_len; trace_ibex_spi_host_write(addr, size, val64); @@ -352,7 +352,17 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr, switch (addr) { /* Skipping any R/O registers */ - case IBEX_SPI_HOST_INTR_STATE...IBEX_SPI_HOST_INTR_ENABLE: + case IBEX_SPI_HOST_INTR_STATE: + /* rw1c status register */ + if (FIELD_EX32(val32, INTR_STATE, ERROR)) { + data = FIELD_DP32(data, INTR_STATE, ERROR, 0); + } + if (FIELD_EX32(val32, INTR_STATE, SPI_EVENT)) { + data = FIELD_DP32(data, INTR_STATE, SPI_EVENT, 0); + } + s->regs[addr] = data; + break; + case IBEX_SPI_HOST_INTR_ENABLE: s->regs[addr] = val32; break; case IBEX_SPI_HOST_INTR_TEST: @@ -495,7 +505,27 @@ static void ibex_spi_host_write(void *opaque, hwaddr addr, * When an error occurs, the corresponding bit must be cleared * here before issuing any further commands */ - s->regs[addr] = val32; + status = s->regs[addr]; + /* rw1c status register */ + if (FIELD_EX32(val32, ERROR_STATUS, CMDBUSY)) { + status = FIELD_DP32(status, ERROR_STATUS, CMDBUSY, 0); + } + if (FIELD_EX32(val32, ERROR_STATUS, OVERFLOW)) { + status = FIELD_DP32(status, ERROR_STATUS, OVERFLOW, 0); + } + if (FIELD_EX32(val32, ERROR_STATUS, UNDERFLOW)) { + status = FIELD_DP32(status, ERROR_STATUS, UNDERFLOW, 0); + } + if (FIELD_EX32(val32, ERROR_STATUS, CMDINVAL)) { + status = FIELD_DP32(status, ERROR_STATUS, CMDINVAL, 0); + } + if (FIELD_EX32(val32, ERROR_STATUS, CSIDINVAL)) { + status = FIELD_DP32(status, ERROR_STATUS, CSIDINVAL, 0); + } + if (FIELD_EX32(val32, ERROR_STATUS, ACCESSINVAL)) { + status = FIELD_DP32(status, ERROR_STATUS, ACCESSINVAL, 0); + } + s->regs[addr] = status; break; case IBEX_SPI_HOST_EVENT_ENABLE: /* Controls which classes of SPI events raise an interrupt. */ diff --git a/include/hw/ssi/ibex_spi_host.h b/include/hw/ssi/ibex_spi_host.h index 3fedcb6805..1f6d077766 100644 --- a/include/hw/ssi/ibex_spi_host.h +++ b/include/hw/ssi/ibex_spi_host.h @@ -40,7 +40,7 @@ OBJECT_CHECK(IbexSPIHostState, (obj), TYPE_IBEX_SPI_HOST) /* SPI Registers */ -#define IBEX_SPI_HOST_INTR_STATE (0x00 / 4) /* rw */ +#define IBEX_SPI_HOST_INTR_STATE (0x00 / 4) /* rw1c */ #define IBEX_SPI_HOST_INTR_ENABLE (0x04 / 4) /* rw */ #define IBEX_SPI_HOST_INTR_TEST (0x08 / 4) /* wo */ #define IBEX_SPI_HOST_ALERT_TEST (0x0c / 4) /* wo */ @@ -54,7 +54,7 @@ #define IBEX_SPI_HOST_TXDATA (0x28 / 4) #define IBEX_SPI_HOST_ERROR_ENABLE (0x2c / 4) /* rw */ -#define IBEX_SPI_HOST_ERROR_STATUS (0x30 / 4) /* rw */ +#define IBEX_SPI_HOST_ERROR_STATUS (0x30 / 4) /* rw1c */ #define IBEX_SPI_HOST_EVENT_ENABLE (0x34 / 4) /* rw */ /* FIFO Len in Bytes */ From 785a7383dd4832cc772a2c5483bd6fa40ee51302 Mon Sep 17 00:00:00 2001 From: Sunil V L Date: Tue, 4 Oct 2022 14:53:49 +0530 Subject: [PATCH 90/96] hw/arm, loongarch: Move load_image_to_fw_cfg() to common location load_image_to_fw_cfg() is duplicated by both arm and loongarch. The same function will be required by riscv too. So, it's time to refactor and move this function to a common path. Signed-off-by: Sunil V L Reviewed-by: Andrew Jones Reviewed-by: Alistair Francis Reviewed-by: Song Gao Message-Id: <20221004092351.18209-2-sunilvl@ventanamicro.com> Signed-off-by: Alistair Francis --- hw/arm/boot.c | 49 --------------------------------------- hw/loongarch/virt.c | 33 -------------------------- hw/nvram/fw_cfg.c | 32 +++++++++++++++++++++++++ include/hw/nvram/fw_cfg.h | 21 +++++++++++++++++ 4 files changed, 53 insertions(+), 82 deletions(-) diff --git a/hw/arm/boot.c b/hw/arm/boot.c index ee3858b673..b0b92af188 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -822,55 +822,6 @@ static void do_cpu_reset(void *opaque) } } -/** - * load_image_to_fw_cfg() - Load an image file into an fw_cfg entry identified - * by key. - * @fw_cfg: The firmware config instance to store the data in. - * @size_key: The firmware config key to store the size of the loaded - * data under, with fw_cfg_add_i32(). - * @data_key: The firmware config key to store the loaded data under, - * with fw_cfg_add_bytes(). - * @image_name: The name of the image file to load. If it is NULL, the - * function returns without doing anything. - * @try_decompress: Whether the image should be decompressed (gunzipped) before - * adding it to fw_cfg. If decompression fails, the image is - * loaded as-is. - * - * In case of failure, the function prints an error message to stderr and the - * process exits with status 1. - */ -static void load_image_to_fw_cfg(FWCfgState *fw_cfg, uint16_t size_key, - uint16_t data_key, const char *image_name, - bool try_decompress) -{ - size_t size = -1; - uint8_t *data; - - if (image_name == NULL) { - return; - } - - if (try_decompress) { - size = load_image_gzipped_buffer(image_name, - LOAD_IMAGE_MAX_GUNZIP_BYTES, &data); - } - - if (size == (size_t)-1) { - gchar *contents; - gsize length; - - if (!g_file_get_contents(image_name, &contents, &length, NULL)) { - error_report("failed to load \"%s\"", image_name); - exit(1); - } - size = length; - data = (uint8_t *)contents; - } - - fw_cfg_add_i32(fw_cfg, size_key, size); - fw_cfg_add_bytes(fw_cfg, data_key, data, size); -} - static int do_arm_linux_init(Object *obj, void *opaque) { if (object_dynamic_cast(obj, TYPE_ARM_LINUX_BOOT_IF)) { diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c index 29df99727d..4b595a9ea4 100644 --- a/hw/loongarch/virt.c +++ b/hw/loongarch/virt.c @@ -598,39 +598,6 @@ static void reset_load_elf(void *opaque) } } -/* Load an image file into an fw_cfg entry identified by key. */ -static void load_image_to_fw_cfg(FWCfgState *fw_cfg, uint16_t size_key, - uint16_t data_key, const char *image_name, - bool try_decompress) -{ - size_t size = -1; - uint8_t *data; - - if (image_name == NULL) { - return; - } - - if (try_decompress) { - size = load_image_gzipped_buffer(image_name, - LOAD_IMAGE_MAX_GUNZIP_BYTES, &data); - } - - if (size == (size_t)-1) { - gchar *contents; - gsize length; - - if (!g_file_get_contents(image_name, &contents, &length, NULL)) { - error_report("failed to load \"%s\"", image_name); - exit(1); - } - size = length; - data = (uint8_t *)contents; - } - - fw_cfg_add_i32(fw_cfg, size_key, size); - fw_cfg_add_bytes(fw_cfg, data_key, data, size); -} - static void fw_cfg_add_kernel_info(FWCfgState *fw_cfg) { /* diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c index 564bda3395..6edf5ea3e9 100644 --- a/hw/nvram/fw_cfg.c +++ b/hw/nvram/fw_cfg.c @@ -41,6 +41,7 @@ #include "qapi/error.h" #include "hw/acpi/aml-build.h" #include "hw/pci/pci_bus.h" +#include "hw/loader.h" #define FW_CFG_FILE_SLOTS_DFLT 0x20 @@ -1221,6 +1222,37 @@ FWCfgState *fw_cfg_find(void) return FW_CFG(object_resolve_path_type("", TYPE_FW_CFG, NULL)); } +void load_image_to_fw_cfg(FWCfgState *fw_cfg, uint16_t size_key, + uint16_t data_key, const char *image_name, + bool try_decompress) +{ + size_t size = -1; + uint8_t *data; + + if (image_name == NULL) { + return; + } + + if (try_decompress) { + size = load_image_gzipped_buffer(image_name, + LOAD_IMAGE_MAX_GUNZIP_BYTES, &data); + } + + if (size == (size_t)-1) { + gchar *contents; + gsize length; + + if (!g_file_get_contents(image_name, &contents, &length, NULL)) { + error_report("failed to load \"%s\"", image_name); + exit(1); + } + size = length; + data = (uint8_t *)contents; + } + + fw_cfg_add_i32(fw_cfg, size_key, size); + fw_cfg_add_bytes(fw_cfg, data_key, data, size); +} static void fw_cfg_class_init(ObjectClass *klass, void *data) { diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h index e4fef393be..2e503904dc 100644 --- a/include/hw/nvram/fw_cfg.h +++ b/include/hw/nvram/fw_cfg.h @@ -364,4 +364,25 @@ bool fw_cfg_dma_enabled(void *opaque); */ const char *fw_cfg_arch_key_name(uint16_t key); +/** + * load_image_to_fw_cfg() - Load an image file into an fw_cfg entry identified + * by key. + * @fw_cfg: The firmware config instance to store the data in. + * @size_key: The firmware config key to store the size of the loaded + * data under, with fw_cfg_add_i32(). + * @data_key: The firmware config key to store the loaded data under, + * with fw_cfg_add_bytes(). + * @image_name: The name of the image file to load. If it is NULL, the + * function returns without doing anything. + * @try_decompress: Whether the image should be decompressed (gunzipped) before + * adding it to fw_cfg. If decompression fails, the image is + * loaded as-is. + * + * In case of failure, the function prints an error message to stderr and the + * process exits with status 1. + */ +void load_image_to_fw_cfg(FWCfgState *fw_cfg, uint16_t size_key, + uint16_t data_key, const char *image_name, + bool try_decompress); + #endif From 90e26984eede1f4303572a39ee328f4c23b276a0 Mon Sep 17 00:00:00 2001 From: Sunil V L Date: Tue, 4 Oct 2022 14:53:50 +0530 Subject: [PATCH 91/96] hw/riscv: virt: Move create_fw_cfg() prior to loading kernel To enable both -kernel and -pflash options, the fw_cfg needs to be created prior to loading the kernel. Signed-off-by: Sunil V L Reviewed-by: Andrew Jones Reviewed-by: Alistair Francis Message-Id: <20221004092351.18209-3-sunilvl@ventanamicro.com> Signed-off-by: Alistair Francis --- hw/riscv/virt.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c index befa9d2c26..de2efccebf 100644 --- a/hw/riscv/virt.c +++ b/hw/riscv/virt.c @@ -1267,6 +1267,13 @@ static void virt_machine_done(Notifier *notifier, void *data) RISCV64_BIOS_BIN, start_addr, NULL); } + /* + * Init fw_cfg. Must be done before riscv_load_fdt, otherwise the device + * tree cannot be altered and we get FDT_ERR_NOSPACE. + */ + s->fw_cfg = create_fw_cfg(machine); + rom_set_fw(s->fw_cfg); + if (machine->kernel_filename) { kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0], firmware_end_addr); @@ -1300,13 +1307,6 @@ static void virt_machine_done(Notifier *notifier, void *data) start_addr = virt_memmap[VIRT_FLASH].base; } - /* - * Init fw_cfg. Must be done before riscv_load_fdt, otherwise the device - * tree cannot be altered and we get FDT_ERR_NOSPACE. - */ - s->fw_cfg = create_fw_cfg(machine); - rom_set_fw(s->fw_cfg); - /* Compute the fdt load address in dram */ fdt_load_addr = riscv_load_fdt(memmap[VIRT_DRAM].base, machine->ram_size, machine->fdt); From a5b0249dfef6d39d345ed7c9620a04bdb1c2ffb0 Mon Sep 17 00:00:00 2001 From: Sunil V L Date: Tue, 4 Oct 2022 14:53:51 +0530 Subject: [PATCH 92/96] hw/riscv: virt: Enable booting S-mode firmware from pflash To boot S-mode firmware payload like EDK2 from persistent flash storage, qemu needs to pass the flash address as the next_addr in fw_dynamic_info to the opensbi. When both -kernel and -pflash options are provided in command line, the kernel (and initrd if -initrd) will be copied to fw_cfg table. The S-mode FW will load the kernel/initrd from fw_cfg table. If only pflash is given but not -kernel, then it is the job of of the S-mode firmware to locate and load the kernel. In either case, update the kernel_entry with the flash address so that the opensbi can jump to the entry point of the S-mode firmware. Signed-off-by: Sunil V L Reviewed-by: Andrew Jones Reviewed-by: Alistair Francis Message-Id: <20221004092351.18209-4-sunilvl@ventanamicro.com> Signed-off-by: Alistair Francis --- hw/riscv/boot.c | 29 +++++++++++++++++++++++++++++ hw/riscv/virt.c | 18 +++++++++++++++++- include/hw/riscv/boot.h | 1 + 3 files changed, 47 insertions(+), 1 deletion(-) diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c index f6e8eafa28..e82bf27338 100644 --- a/hw/riscv/boot.c +++ b/hw/riscv/boot.c @@ -338,3 +338,32 @@ void riscv_setup_direct_kernel(hwaddr kernel_addr, hwaddr fdt_addr) riscv_cpu->env.fdt_addr = fdt_addr; } } + +void riscv_setup_firmware_boot(MachineState *machine) +{ + if (machine->kernel_filename) { + FWCfgState *fw_cfg; + fw_cfg = fw_cfg_find(); + + assert(fw_cfg); + /* + * Expose the kernel, the command line, and the initrd in fw_cfg. + * We don't process them here at all, it's all left to the + * firmware. + */ + load_image_to_fw_cfg(fw_cfg, + FW_CFG_KERNEL_SIZE, FW_CFG_KERNEL_DATA, + machine->kernel_filename, + true); + load_image_to_fw_cfg(fw_cfg, + FW_CFG_INITRD_SIZE, FW_CFG_INITRD_DATA, + machine->initrd_filename, false); + + if (machine->kernel_cmdline) { + fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, + strlen(machine->kernel_cmdline) + 1); + fw_cfg_add_string(fw_cfg, FW_CFG_CMDLINE_DATA, + machine->kernel_cmdline); + } + } +} diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c index de2efccebf..a5bc7353b4 100644 --- a/hw/riscv/virt.c +++ b/hw/riscv/virt.c @@ -1274,7 +1274,23 @@ static void virt_machine_done(Notifier *notifier, void *data) s->fw_cfg = create_fw_cfg(machine); rom_set_fw(s->fw_cfg); - if (machine->kernel_filename) { + if (drive_get(IF_PFLASH, 0, 1)) { + /* + * S-mode FW like EDK2 will be kept in second plash (unit 1). + * When both kernel, initrd and pflash options are provided in the + * command line, the kernel and initrd will be copied to the fw_cfg + * table and opensbi will jump to the flash address which is the + * entry point of S-mode FW. It is the job of the S-mode FW to load + * the kernel and initrd using fw_cfg table. + * + * If only pflash is given but not -kernel, then it is the job of + * of the S-mode firmware to locate and load the kernel. + * In either case, the next_addr for opensbi will be the flash address. + */ + riscv_setup_firmware_boot(machine); + kernel_entry = virt_memmap[VIRT_FLASH].base + + virt_memmap[VIRT_FLASH].size / 2; + } else if (machine->kernel_filename) { kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0], firmware_end_addr); diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h index a36f7618f5..93e5f8760d 100644 --- a/include/hw/riscv/boot.h +++ b/include/hw/riscv/boot.h @@ -57,5 +57,6 @@ void riscv_rom_copy_firmware_info(MachineState *machine, hwaddr rom_base, uint32_t reset_vec_size, uint64_t kernel_entry); void riscv_setup_direct_kernel(hwaddr kernel_addr, hwaddr fdt_addr); +void riscv_setup_firmware_boot(MachineState *machine); #endif /* RISCV_BOOT_H */ From 07f4964d1785e9c230282074a5aef1eb7368d378 Mon Sep 17 00:00:00 2001 From: Yang Liu Date: Wed, 28 Sep 2022 13:18:42 +0800 Subject: [PATCH 93/96] disas/riscv.c: rvv: Add disas support for vector instructions Tested with https://github.com/ksco/rvv-decoder-tests Expected checkpatch errors for consistency and brevity reasons: ERROR: line over 90 characters ERROR: trailing statements should be on next line ERROR: braces {} are necessary for all arms of this statement Signed-off-by: Yang Liu Acked-by: Alistair Francis Message-Id: <20220928051842.16207-1-liuyang22@iscas.ac.cn> Signed-off-by: Alistair Francis --- disas/riscv.c | 1432 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1430 insertions(+), 2 deletions(-) diff --git a/disas/riscv.c b/disas/riscv.c index f107d94c4c..d216b9c39b 100644 --- a/disas/riscv.c +++ b/disas/riscv.c @@ -158,6 +158,11 @@ typedef enum { rv_codec_css_sqsp, rv_codec_k_bs, rv_codec_k_rnum, + rv_codec_v_r, + rv_codec_v_ldst, + rv_codec_v_i, + rv_codec_vsetvli, + rv_codec_vsetivli, } rv_codec; typedef enum { @@ -560,6 +565,376 @@ typedef enum { rv_op_zip = 396, rv_op_xperm4 = 397, rv_op_xperm8 = 398, + rv_op_vle8_v = 399, + rv_op_vle16_v = 400, + rv_op_vle32_v = 401, + rv_op_vle64_v = 402, + rv_op_vse8_v = 403, + rv_op_vse16_v = 404, + rv_op_vse32_v = 405, + rv_op_vse64_v = 406, + rv_op_vlm_v = 407, + rv_op_vsm_v = 408, + rv_op_vlse8_v = 409, + rv_op_vlse16_v = 410, + rv_op_vlse32_v = 411, + rv_op_vlse64_v = 412, + rv_op_vsse8_v = 413, + rv_op_vsse16_v = 414, + rv_op_vsse32_v = 415, + rv_op_vsse64_v = 416, + rv_op_vluxei8_v = 417, + rv_op_vluxei16_v = 418, + rv_op_vluxei32_v = 419, + rv_op_vluxei64_v = 420, + rv_op_vloxei8_v = 421, + rv_op_vloxei16_v = 422, + rv_op_vloxei32_v = 423, + rv_op_vloxei64_v = 424, + rv_op_vsuxei8_v = 425, + rv_op_vsuxei16_v = 426, + rv_op_vsuxei32_v = 427, + rv_op_vsuxei64_v = 428, + rv_op_vsoxei8_v = 429, + rv_op_vsoxei16_v = 430, + rv_op_vsoxei32_v = 431, + rv_op_vsoxei64_v = 432, + rv_op_vle8ff_v = 433, + rv_op_vle16ff_v = 434, + rv_op_vle32ff_v = 435, + rv_op_vle64ff_v = 436, + rv_op_vl1re8_v = 437, + rv_op_vl1re16_v = 438, + rv_op_vl1re32_v = 439, + rv_op_vl1re64_v = 440, + rv_op_vl2re8_v = 441, + rv_op_vl2re16_v = 442, + rv_op_vl2re32_v = 443, + rv_op_vl2re64_v = 444, + rv_op_vl4re8_v = 445, + rv_op_vl4re16_v = 446, + rv_op_vl4re32_v = 447, + rv_op_vl4re64_v = 448, + rv_op_vl8re8_v = 449, + rv_op_vl8re16_v = 450, + rv_op_vl8re32_v = 451, + rv_op_vl8re64_v = 452, + rv_op_vs1r_v = 453, + rv_op_vs2r_v = 454, + rv_op_vs4r_v = 455, + rv_op_vs8r_v = 456, + rv_op_vadd_vv = 457, + rv_op_vadd_vx = 458, + rv_op_vadd_vi = 459, + rv_op_vsub_vv = 460, + rv_op_vsub_vx = 461, + rv_op_vrsub_vx = 462, + rv_op_vrsub_vi = 463, + rv_op_vwaddu_vv = 464, + rv_op_vwaddu_vx = 465, + rv_op_vwadd_vv = 466, + rv_op_vwadd_vx = 467, + rv_op_vwsubu_vv = 468, + rv_op_vwsubu_vx = 469, + rv_op_vwsub_vv = 470, + rv_op_vwsub_vx = 471, + rv_op_vwaddu_wv = 472, + rv_op_vwaddu_wx = 473, + rv_op_vwadd_wv = 474, + rv_op_vwadd_wx = 475, + rv_op_vwsubu_wv = 476, + rv_op_vwsubu_wx = 477, + rv_op_vwsub_wv = 478, + rv_op_vwsub_wx = 479, + rv_op_vadc_vvm = 480, + rv_op_vadc_vxm = 481, + rv_op_vadc_vim = 482, + rv_op_vmadc_vvm = 483, + rv_op_vmadc_vxm = 484, + rv_op_vmadc_vim = 485, + rv_op_vsbc_vvm = 486, + rv_op_vsbc_vxm = 487, + rv_op_vmsbc_vvm = 488, + rv_op_vmsbc_vxm = 489, + rv_op_vand_vv = 490, + rv_op_vand_vx = 491, + rv_op_vand_vi = 492, + rv_op_vor_vv = 493, + rv_op_vor_vx = 494, + rv_op_vor_vi = 495, + rv_op_vxor_vv = 496, + rv_op_vxor_vx = 497, + rv_op_vxor_vi = 498, + rv_op_vsll_vv = 499, + rv_op_vsll_vx = 500, + rv_op_vsll_vi = 501, + rv_op_vsrl_vv = 502, + rv_op_vsrl_vx = 503, + rv_op_vsrl_vi = 504, + rv_op_vsra_vv = 505, + rv_op_vsra_vx = 506, + rv_op_vsra_vi = 507, + rv_op_vnsrl_wv = 508, + rv_op_vnsrl_wx = 509, + rv_op_vnsrl_wi = 510, + rv_op_vnsra_wv = 511, + rv_op_vnsra_wx = 512, + rv_op_vnsra_wi = 513, + rv_op_vmseq_vv = 514, + rv_op_vmseq_vx = 515, + rv_op_vmseq_vi = 516, + rv_op_vmsne_vv = 517, + rv_op_vmsne_vx = 518, + rv_op_vmsne_vi = 519, + rv_op_vmsltu_vv = 520, + rv_op_vmsltu_vx = 521, + rv_op_vmslt_vv = 522, + rv_op_vmslt_vx = 523, + rv_op_vmsleu_vv = 524, + rv_op_vmsleu_vx = 525, + rv_op_vmsleu_vi = 526, + rv_op_vmsle_vv = 527, + rv_op_vmsle_vx = 528, + rv_op_vmsle_vi = 529, + rv_op_vmsgtu_vx = 530, + rv_op_vmsgtu_vi = 531, + rv_op_vmsgt_vx = 532, + rv_op_vmsgt_vi = 533, + rv_op_vminu_vv = 534, + rv_op_vminu_vx = 535, + rv_op_vmin_vv = 536, + rv_op_vmin_vx = 537, + rv_op_vmaxu_vv = 538, + rv_op_vmaxu_vx = 539, + rv_op_vmax_vv = 540, + rv_op_vmax_vx = 541, + rv_op_vmul_vv = 542, + rv_op_vmul_vx = 543, + rv_op_vmulh_vv = 544, + rv_op_vmulh_vx = 545, + rv_op_vmulhu_vv = 546, + rv_op_vmulhu_vx = 547, + rv_op_vmulhsu_vv = 548, + rv_op_vmulhsu_vx = 549, + rv_op_vdivu_vv = 550, + rv_op_vdivu_vx = 551, + rv_op_vdiv_vv = 552, + rv_op_vdiv_vx = 553, + rv_op_vremu_vv = 554, + rv_op_vremu_vx = 555, + rv_op_vrem_vv = 556, + rv_op_vrem_vx = 557, + rv_op_vwmulu_vv = 558, + rv_op_vwmulu_vx = 559, + rv_op_vwmulsu_vv = 560, + rv_op_vwmulsu_vx = 561, + rv_op_vwmul_vv = 562, + rv_op_vwmul_vx = 563, + rv_op_vmacc_vv = 564, + rv_op_vmacc_vx = 565, + rv_op_vnmsac_vv = 566, + rv_op_vnmsac_vx = 567, + rv_op_vmadd_vv = 568, + rv_op_vmadd_vx = 569, + rv_op_vnmsub_vv = 570, + rv_op_vnmsub_vx = 571, + rv_op_vwmaccu_vv = 572, + rv_op_vwmaccu_vx = 573, + rv_op_vwmacc_vv = 574, + rv_op_vwmacc_vx = 575, + rv_op_vwmaccsu_vv = 576, + rv_op_vwmaccsu_vx = 577, + rv_op_vwmaccus_vx = 578, + rv_op_vmv_v_v = 579, + rv_op_vmv_v_x = 580, + rv_op_vmv_v_i = 581, + rv_op_vmerge_vvm = 582, + rv_op_vmerge_vxm = 583, + rv_op_vmerge_vim = 584, + rv_op_vsaddu_vv = 585, + rv_op_vsaddu_vx = 586, + rv_op_vsaddu_vi = 587, + rv_op_vsadd_vv = 588, + rv_op_vsadd_vx = 589, + rv_op_vsadd_vi = 590, + rv_op_vssubu_vv = 591, + rv_op_vssubu_vx = 592, + rv_op_vssub_vv = 593, + rv_op_vssub_vx = 594, + rv_op_vaadd_vv = 595, + rv_op_vaadd_vx = 596, + rv_op_vaaddu_vv = 597, + rv_op_vaaddu_vx = 598, + rv_op_vasub_vv = 599, + rv_op_vasub_vx = 600, + rv_op_vasubu_vv = 601, + rv_op_vasubu_vx = 602, + rv_op_vsmul_vv = 603, + rv_op_vsmul_vx = 604, + rv_op_vssrl_vv = 605, + rv_op_vssrl_vx = 606, + rv_op_vssrl_vi = 607, + rv_op_vssra_vv = 608, + rv_op_vssra_vx = 609, + rv_op_vssra_vi = 610, + rv_op_vnclipu_wv = 611, + rv_op_vnclipu_wx = 612, + rv_op_vnclipu_wi = 613, + rv_op_vnclip_wv = 614, + rv_op_vnclip_wx = 615, + rv_op_vnclip_wi = 616, + rv_op_vfadd_vv = 617, + rv_op_vfadd_vf = 618, + rv_op_vfsub_vv = 619, + rv_op_vfsub_vf = 620, + rv_op_vfrsub_vf = 621, + rv_op_vfwadd_vv = 622, + rv_op_vfwadd_vf = 623, + rv_op_vfwadd_wv = 624, + rv_op_vfwadd_wf = 625, + rv_op_vfwsub_vv = 626, + rv_op_vfwsub_vf = 627, + rv_op_vfwsub_wv = 628, + rv_op_vfwsub_wf = 629, + rv_op_vfmul_vv = 630, + rv_op_vfmul_vf = 631, + rv_op_vfdiv_vv = 632, + rv_op_vfdiv_vf = 633, + rv_op_vfrdiv_vf = 634, + rv_op_vfwmul_vv = 635, + rv_op_vfwmul_vf = 636, + rv_op_vfmacc_vv = 637, + rv_op_vfmacc_vf = 638, + rv_op_vfnmacc_vv = 639, + rv_op_vfnmacc_vf = 640, + rv_op_vfmsac_vv = 641, + rv_op_vfmsac_vf = 642, + rv_op_vfnmsac_vv = 643, + rv_op_vfnmsac_vf = 644, + rv_op_vfmadd_vv = 645, + rv_op_vfmadd_vf = 646, + rv_op_vfnmadd_vv = 647, + rv_op_vfnmadd_vf = 648, + rv_op_vfmsub_vv = 649, + rv_op_vfmsub_vf = 650, + rv_op_vfnmsub_vv = 651, + rv_op_vfnmsub_vf = 652, + rv_op_vfwmacc_vv = 653, + rv_op_vfwmacc_vf = 654, + rv_op_vfwnmacc_vv = 655, + rv_op_vfwnmacc_vf = 656, + rv_op_vfwmsac_vv = 657, + rv_op_vfwmsac_vf = 658, + rv_op_vfwnmsac_vv = 659, + rv_op_vfwnmsac_vf = 660, + rv_op_vfsqrt_v = 661, + rv_op_vfrsqrt7_v = 662, + rv_op_vfrec7_v = 663, + rv_op_vfmin_vv = 664, + rv_op_vfmin_vf = 665, + rv_op_vfmax_vv = 666, + rv_op_vfmax_vf = 667, + rv_op_vfsgnj_vv = 668, + rv_op_vfsgnj_vf = 669, + rv_op_vfsgnjn_vv = 670, + rv_op_vfsgnjn_vf = 671, + rv_op_vfsgnjx_vv = 672, + rv_op_vfsgnjx_vf = 673, + rv_op_vfslide1up_vf = 674, + rv_op_vfslide1down_vf = 675, + rv_op_vmfeq_vv = 676, + rv_op_vmfeq_vf = 677, + rv_op_vmfne_vv = 678, + rv_op_vmfne_vf = 679, + rv_op_vmflt_vv = 680, + rv_op_vmflt_vf = 681, + rv_op_vmfle_vv = 682, + rv_op_vmfle_vf = 683, + rv_op_vmfgt_vf = 684, + rv_op_vmfge_vf = 685, + rv_op_vfclass_v = 686, + rv_op_vfmerge_vfm = 687, + rv_op_vfmv_v_f = 688, + rv_op_vfcvt_xu_f_v = 689, + rv_op_vfcvt_x_f_v = 690, + rv_op_vfcvt_f_xu_v = 691, + rv_op_vfcvt_f_x_v = 692, + rv_op_vfcvt_rtz_xu_f_v = 693, + rv_op_vfcvt_rtz_x_f_v = 694, + rv_op_vfwcvt_xu_f_v = 695, + rv_op_vfwcvt_x_f_v = 696, + rv_op_vfwcvt_f_xu_v = 697, + rv_op_vfwcvt_f_x_v = 698, + rv_op_vfwcvt_f_f_v = 699, + rv_op_vfwcvt_rtz_xu_f_v = 700, + rv_op_vfwcvt_rtz_x_f_v = 701, + rv_op_vfncvt_xu_f_w = 702, + rv_op_vfncvt_x_f_w = 703, + rv_op_vfncvt_f_xu_w = 704, + rv_op_vfncvt_f_x_w = 705, + rv_op_vfncvt_f_f_w = 706, + rv_op_vfncvt_rod_f_f_w = 707, + rv_op_vfncvt_rtz_xu_f_w = 708, + rv_op_vfncvt_rtz_x_f_w = 709, + rv_op_vredsum_vs = 710, + rv_op_vredand_vs = 711, + rv_op_vredor_vs = 712, + rv_op_vredxor_vs = 713, + rv_op_vredminu_vs = 714, + rv_op_vredmin_vs = 715, + rv_op_vredmaxu_vs = 716, + rv_op_vredmax_vs = 717, + rv_op_vwredsumu_vs = 718, + rv_op_vwredsum_vs = 719, + rv_op_vfredusum_vs = 720, + rv_op_vfredosum_vs = 721, + rv_op_vfredmin_vs = 722, + rv_op_vfredmax_vs = 723, + rv_op_vfwredusum_vs = 724, + rv_op_vfwredosum_vs = 725, + rv_op_vmand_mm = 726, + rv_op_vmnand_mm = 727, + rv_op_vmandn_mm = 728, + rv_op_vmxor_mm = 729, + rv_op_vmor_mm = 730, + rv_op_vmnor_mm = 731, + rv_op_vmorn_mm = 732, + rv_op_vmxnor_mm = 733, + rv_op_vcpop_m = 734, + rv_op_vfirst_m = 735, + rv_op_vmsbf_m = 736, + rv_op_vmsif_m = 737, + rv_op_vmsof_m = 738, + rv_op_viota_m = 739, + rv_op_vid_v = 740, + rv_op_vmv_x_s = 741, + rv_op_vmv_s_x = 742, + rv_op_vfmv_f_s = 743, + rv_op_vfmv_s_f = 744, + rv_op_vslideup_vx = 745, + rv_op_vslideup_vi = 746, + rv_op_vslide1up_vx = 747, + rv_op_vslidedown_vx = 748, + rv_op_vslidedown_vi = 749, + rv_op_vslide1down_vx = 750, + rv_op_vrgather_vv = 751, + rv_op_vrgatherei16_vv = 752, + rv_op_vrgather_vx = 753, + rv_op_vrgather_vi = 754, + rv_op_vcompress_vm = 755, + rv_op_vmv1r_v = 756, + rv_op_vmv2r_v = 757, + rv_op_vmv4r_v = 758, + rv_op_vmv8r_v = 759, + rv_op_vzext_vf2 = 760, + rv_op_vzext_vf4 = 761, + rv_op_vzext_vf8 = 762, + rv_op_vsext_vf2 = 763, + rv_op_vsext_vf4 = 764, + rv_op_vsext_vf8 = 765, + rv_op_vsetvli = 766, + rv_op_vsetivli = 767, + rv_op_vsetvl = 768, } rv_op; /* structures */ @@ -581,6 +956,8 @@ typedef struct { uint8_t rl; uint8_t bs; uint8_t rnum; + uint8_t vm; + uint32_t vzimm; } rv_decode; typedef struct { @@ -619,6 +996,13 @@ static const char rv_freg_name_sym[32][5] = { "fs8", "fs9", "fs10", "fs11", "ft8", "ft9", "ft10", "ft11", }; +static const char rv_vreg_name_sym[32][4] = { + "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", + "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", + "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", + "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31" +}; + /* instruction formats */ #define rv_fmt_none "O\t" @@ -658,6 +1042,34 @@ static const char rv_freg_name_sym[32][5] = { #define rv_fmt_rs2_offset "O\t2,o" #define rv_fmt_rs1_rs2_bs "O\t1,2,b" #define rv_fmt_rd_rs1_rnum "O\t0,1,n" +#define rv_fmt_ldst_vd_rs1_vm "O\tD,(1)m" +#define rv_fmt_ldst_vd_rs1_rs2_vm "O\tD,(1),2m" +#define rv_fmt_ldst_vd_rs1_vs2_vm "O\tD,(1),Fm" +#define rv_fmt_vd_vs2_vs1 "O\tD,F,E" +#define rv_fmt_vd_vs2_vs1_vl "O\tD,F,El" +#define rv_fmt_vd_vs2_vs1_vm "O\tD,F,Em" +#define rv_fmt_vd_vs2_rs1_vl "O\tD,F,1l" +#define rv_fmt_vd_vs2_fs1_vl "O\tD,F,4l" +#define rv_fmt_vd_vs2_rs1_vm "O\tD,F,1m" +#define rv_fmt_vd_vs2_fs1_vm "O\tD,F,4m" +#define rv_fmt_vd_vs2_imm_vl "O\tD,F,il" +#define rv_fmt_vd_vs2_imm_vm "O\tD,F,im" +#define rv_fmt_vd_vs2_uimm_vm "O\tD,F,um" +#define rv_fmt_vd_vs1_vs2_vm "O\tD,E,Fm" +#define rv_fmt_vd_rs1_vs2_vm "O\tD,1,Fm" +#define rv_fmt_vd_fs1_vs2_vm "O\tD,4,Fm" +#define rv_fmt_vd_vs1 "O\tD,E" +#define rv_fmt_vd_rs1 "O\tD,1" +#define rv_fmt_vd_fs1 "O\tD,4" +#define rv_fmt_vd_imm "O\tD,i" +#define rv_fmt_vd_vs2 "O\tD,F" +#define rv_fmt_vd_vs2_vm "O\tD,Fm" +#define rv_fmt_rd_vs2_vm "O\t0,Fm" +#define rv_fmt_rd_vs2 "O\t0,F" +#define rv_fmt_fd_vs2 "O\t3,F" +#define rv_fmt_vd_vm "O\tDm" +#define rv_fmt_vsetvli "O\t0,1,v" +#define rv_fmt_vsetivli "O\t0,u,v" /* pseudo-instruction constraints */ @@ -1283,7 +1695,377 @@ const rv_opcode_data opcode_data[] = { { "unzip", rv_codec_r, rv_fmt_rd_rs1, NULL, 0, 0, 0 }, { "zip", rv_codec_r, rv_fmt_rd_rs1, NULL, 0, 0, 0 }, { "xperm4", rv_codec_r, rv_fmt_rd_rs1_rs2, NULL, 0, 0, 0 }, - { "xperm8", rv_codec_r, rv_fmt_rd_rs1, NULL, 0, 0, 0 } + { "xperm8", rv_codec_r, rv_fmt_rd_rs1, NULL, 0, 0, 0 }, + { "vle8.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vle8_v, rv_op_vle8_v, 0 }, + { "vle16.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vle16_v, rv_op_vle16_v, 0 }, + { "vle32.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vle32_v, rv_op_vle32_v, 0 }, + { "vle64.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vle64_v, rv_op_vle64_v, 0 }, + { "vse8.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vse8_v, rv_op_vse8_v, 0 }, + { "vse16.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vse16_v, rv_op_vse16_v, 0 }, + { "vse32.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vse32_v, rv_op_vse32_v, 0 }, + { "vse64.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vse64_v, rv_op_vse64_v, 0 }, + { "vlm.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vlm_v, rv_op_vlm_v, 0 }, + { "vsm.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vsm_v, rv_op_vsm_v, 0 }, + { "vlse8.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_rs2_vm, NULL, rv_op_vlse8_v, rv_op_vlse8_v, 0 }, + { "vlse16.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_rs2_vm, NULL, rv_op_vlse16_v, rv_op_vlse16_v, 0 }, + { "vlse32.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_rs2_vm, NULL, rv_op_vlse32_v, rv_op_vlse32_v, 0 }, + { "vlse64.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_rs2_vm, NULL, rv_op_vlse64_v, rv_op_vlse64_v, 0 }, + { "vsse8.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_rs2_vm, NULL, rv_op_vsse8_v, rv_op_vsse8_v, 0 }, + { "vsse16.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_rs2_vm, NULL, rv_op_vsse16_v, rv_op_vsse16_v, 0 }, + { "vsse32.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_rs2_vm, NULL, rv_op_vsse32_v, rv_op_vsse32_v, 0 }, + { "vsse64.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_rs2_vm, NULL, rv_op_vsse64_v, rv_op_vsse64_v, 0 }, + { "vluxei8.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vluxei8_v, rv_op_vluxei8_v, 0 }, + { "vluxei16.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vluxei16_v, rv_op_vluxei16_v, 0 }, + { "vluxei32.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vluxei32_v, rv_op_vluxei32_v, 0 }, + { "vluxei64.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vluxei64_v, rv_op_vluxei64_v, 0 }, + { "vloxei8.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vloxei8_v, rv_op_vloxei8_v, 0 }, + { "vloxei16.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vloxei16_v, rv_op_vloxei16_v, 0 }, + { "vloxei32.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vloxei32_v, rv_op_vloxei32_v, 0 }, + { "vloxei64.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vloxei64_v, rv_op_vloxei64_v, 0 }, + { "vsuxei8.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vsuxei8_v, rv_op_vsuxei8_v, 0 }, + { "vsuxei16.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vsuxei16_v, rv_op_vsuxei16_v, 0 }, + { "vsuxei32.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vsuxei32_v, rv_op_vsuxei32_v, 0 }, + { "vsuxei64.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vsuxei64_v, rv_op_vsuxei64_v, 0 }, + { "vsoxei8.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vsoxei8_v, rv_op_vsoxei8_v, 0 }, + { "vsoxei16.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vsoxei16_v, rv_op_vsoxei16_v, 0 }, + { "vsoxei32.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vsoxei32_v, rv_op_vsoxei32_v, 0 }, + { "vsoxei64.v", rv_codec_v_r, rv_fmt_ldst_vd_rs1_vs2_vm, NULL, rv_op_vsoxei64_v, rv_op_vsoxei64_v, 0 }, + { "vle8ff.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vle8ff_v, rv_op_vle8ff_v, 0 }, + { "vle16ff.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vle16ff_v, rv_op_vle16ff_v, 0 }, + { "vle32ff.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vle32ff_v, rv_op_vle32ff_v, 0 }, + { "vle64ff.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vle64ff_v, rv_op_vle64ff_v, 0 }, + { "vl1re8.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl1re8_v, rv_op_vl1re8_v, 0 }, + { "vl1re16.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl1re16_v, rv_op_vl1re16_v, 0 }, + { "vl1re32.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl1re32_v, rv_op_vl1re32_v, 0 }, + { "vl1re64.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl1re64_v, rv_op_vl1re64_v, 0 }, + { "vl2re8.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl2re8_v, rv_op_vl2re8_v, 0 }, + { "vl2re16.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl2re16_v, rv_op_vl2re16_v, 0 }, + { "vl2re32.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl2re32_v, rv_op_vl2re32_v, 0 }, + { "vl2re64.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl2re64_v, rv_op_vl2re64_v, 0 }, + { "vl4re8.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl4re8_v, rv_op_vl4re8_v, 0 }, + { "vl4re16.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl4re16_v, rv_op_vl4re16_v, 0 }, + { "vl4re32.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl4re32_v, rv_op_vl4re32_v, 0 }, + { "vl4re64.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl4re64_v, rv_op_vl4re64_v, 0 }, + { "vl8re8.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl8re8_v, rv_op_vl8re8_v, 0 }, + { "vl8re16.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl8re16_v, rv_op_vl8re16_v, 0 }, + { "vl8re32.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl8re32_v, rv_op_vl8re32_v, 0 }, + { "vl8re64.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vl8re64_v, rv_op_vl8re64_v, 0 }, + { "vs1r.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vs1r_v, rv_op_vs1r_v, 0 }, + { "vs2r.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vs2r_v, rv_op_vs2r_v, 0 }, + { "vs4r.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vs4r_v, rv_op_vs4r_v, 0 }, + { "vs8r.v", rv_codec_v_ldst, rv_fmt_ldst_vd_rs1_vm, NULL, rv_op_vs8r_v, rv_op_vs8r_v, 0 }, + { "vadd.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vadd_vv, rv_op_vadd_vv, 0 }, + { "vadd.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vadd_vx, rv_op_vadd_vx, 0 }, + { "vadd.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vadd_vi, rv_op_vadd_vi, 0 }, + { "vsub.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vsub_vv, rv_op_vsub_vv, 0 }, + { "vsub.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vsub_vx, rv_op_vsub_vx, 0 }, + { "vrsub.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vrsub_vx, rv_op_vrsub_vx, 0 }, + { "vrsub.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vrsub_vi, rv_op_vrsub_vi, 0 }, + { "vwaddu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwaddu_vv, rv_op_vwaddu_vv, 0 }, + { "vwaddu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vwaddu_vx, rv_op_vwaddu_vx, 0 }, + { "vwadd.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwadd_vv, rv_op_vwadd_vv, 0 }, + { "vwadd.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vwadd_vx, rv_op_vwadd_vx, 0 }, + { "vwsubu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwsubu_vv, rv_op_vwsubu_vv, 0 }, + { "vwsubu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vwsubu_vx, rv_op_vwsubu_vx, 0 }, + { "vwsub.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwsub_vv, rv_op_vwsub_vv, 0 }, + { "vwsub.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vwsub_vx, rv_op_vwsub_vx, 0 }, + { "vwaddu.wv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwaddu_wv, rv_op_vwaddu_wv, 0 }, + { "vwaddu.wx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vwaddu_wx, rv_op_vwaddu_wx, 0 }, + { "vwadd.wv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwadd_wv, rv_op_vwadd_wv, 0 }, + { "vwadd.wx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vwadd_wx, rv_op_vwadd_wx, 0 }, + { "vwsubu.wv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwsubu_wv, rv_op_vwsubu_wv, 0 }, + { "vwsubu.wx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vwsubu_wx, rv_op_vwsubu_wx, 0 }, + { "vwsub.wv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwsub_wv, rv_op_vwsub_wv, 0 }, + { "vwsub.wx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vwsub_wx, rv_op_vwsub_wx, 0 }, + { "vadc.vvm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vl, NULL, rv_op_vadc_vvm, rv_op_vadc_vvm, 0 }, + { "vadc.vxm", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vl, NULL, rv_op_vadc_vxm, rv_op_vadc_vxm, 0 }, + { "vadc.vim", rv_codec_v_i, rv_fmt_vd_vs2_imm_vl, NULL, rv_op_vadc_vim, rv_op_vadc_vim, 0 }, + { "vmadc.vvm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vl, NULL, rv_op_vmadc_vvm, rv_op_vmadc_vvm, 0 }, + { "vmadc.vxm", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vl, NULL, rv_op_vmadc_vxm, rv_op_vmadc_vxm, 0 }, + { "vmadc.vim", rv_codec_v_i, rv_fmt_vd_vs2_imm_vl, NULL, rv_op_vmadc_vim, rv_op_vmadc_vim, 0 }, + { "vsbc.vvm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vl, NULL, rv_op_vsbc_vvm, rv_op_vsbc_vvm, 0 }, + { "vsbc.vxm", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vl, NULL, rv_op_vsbc_vxm, rv_op_vsbc_vxm, 0 }, + { "vmsbc.vvm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vl, NULL, rv_op_vmsbc_vvm, rv_op_vmsbc_vvm, 0 }, + { "vmsbc.vxm", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vl, NULL, rv_op_vmsbc_vxm, rv_op_vmsbc_vxm, 0 }, + { "vand.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vand_vv, rv_op_vand_vv, 0 }, + { "vand.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vand_vx, rv_op_vand_vx, 0 }, + { "vand.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vand_vi, rv_op_vand_vi, 0 }, + { "vor.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vor_vv, rv_op_vor_vv, 0 }, + { "vor.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vor_vx, rv_op_vor_vx, 0 }, + { "vor.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vor_vi, rv_op_vor_vi, 0 }, + { "vxor.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vxor_vv, rv_op_vxor_vv, 0 }, + { "vxor.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vxor_vx, rv_op_vxor_vx, 0 }, + { "vxor.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vxor_vi, rv_op_vxor_vi, 0 }, + { "vsll.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vsll_vv, rv_op_vsll_vv, 0 }, + { "vsll.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vsll_vx, rv_op_vsll_vx, 0 }, + { "vsll.vi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vsll_vi, rv_op_vsll_vi, 0 }, + { "vsrl.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vsrl_vv, rv_op_vsrl_vv, 0 }, + { "vsrl.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vsrl_vx, rv_op_vsrl_vx, 0 }, + { "vsrl.vi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vsrl_vi, rv_op_vsrl_vi, 0 }, + { "vsra.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vsra_vv, rv_op_vsra_vv, 0 }, + { "vsra.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vsra_vx, rv_op_vsra_vx, 0 }, + { "vsra.vi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vsra_vi, rv_op_vsra_vi, 0 }, + { "vnsrl.wv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vnsrl_wv, rv_op_vnsrl_wv, 0 }, + { "vnsrl.wx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vnsrl_wx, rv_op_vnsrl_wx, 0 }, + { "vnsrl.wi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vnsrl_wi, rv_op_vnsrl_wi, 0 }, + { "vnsra.wv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vnsra_wv, rv_op_vnsra_wv, 0 }, + { "vnsra.wx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vnsra_wx, rv_op_vnsra_wx, 0 }, + { "vnsra.wi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vnsra_wi, rv_op_vnsra_wi, 0 }, + { "vmseq.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmseq_vv, rv_op_vmseq_vv, 0 }, + { "vmseq.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmseq_vx, rv_op_vmseq_vx, 0 }, + { "vmseq.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vmseq_vi, rv_op_vmseq_vi, 0 }, + { "vmsne.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmsne_vv, rv_op_vmsne_vv, 0 }, + { "vmsne.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmsne_vx, rv_op_vmsne_vx, 0 }, + { "vmsne.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vmsne_vi, rv_op_vmsne_vi, 0 }, + { "vmsltu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmsltu_vv, rv_op_vmsltu_vv, 0 }, + { "vmsltu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmsltu_vx, rv_op_vmsltu_vx, 0 }, + { "vmslt.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmslt_vv, rv_op_vmslt_vv, 0 }, + { "vmslt.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmslt_vx, rv_op_vmslt_vx, 0 }, + { "vmsleu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmsleu_vv, rv_op_vmsleu_vv, 0 }, + { "vmsleu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmsleu_vx, rv_op_vmsleu_vx, 0 }, + { "vmsleu.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vmsleu_vi, rv_op_vmsleu_vi, 0 }, + { "vmsle.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmsle_vv, rv_op_vmsle_vv, 0 }, + { "vmsle.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmsle_vx, rv_op_vmsle_vx, 0 }, + { "vmsle.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vmsle_vi, rv_op_vmsle_vi, 0 }, + { "vmsgtu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmsgtu_vx, rv_op_vmsgtu_vx, 0 }, + { "vmsgtu.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vmsgtu_vi, rv_op_vmsgtu_vi, 0 }, + { "vmsgt.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmsgt_vx, rv_op_vmsgt_vx, 0 }, + { "vmsgt.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vmsgt_vi, rv_op_vmsgt_vi, 0 }, + { "vminu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vminu_vv, rv_op_vminu_vv, 0 }, + { "vminu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vminu_vx, rv_op_vminu_vx, 0 }, + { "vmin.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmin_vv, rv_op_vmin_vv, 0 }, + { "vmin.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmin_vx, rv_op_vmin_vx, 0 }, + { "vmaxu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmaxu_vv, rv_op_vmaxu_vv, 0 }, + { "vmaxu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmaxu_vx, rv_op_vmaxu_vx, 0 }, + { "vmax.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmax_vv, rv_op_vmax_vv, 0 }, + { "vmax.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmax_vx, rv_op_vmax_vx, 0 }, + { "vmul.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmul_vv, rv_op_vmul_vv, 0 }, + { "vmul.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmul_vx, rv_op_vmul_vx, 0 }, + { "vmulh.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmulh_vv, rv_op_vmulh_vv, 0 }, + { "vmulh.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmulh_vx, rv_op_vmulh_vx, 0 }, + { "vmulhu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmulhu_vv, rv_op_vmulhu_vv, 0 }, + { "vmulhu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmulhu_vx, rv_op_vmulhu_vx, 0 }, + { "vmulhsu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmulhsu_vv, rv_op_vmulhsu_vv, 0 }, + { "vmulhsu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vmulhsu_vx, rv_op_vmulhsu_vx, 0 }, + { "vdivu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vdivu_vv, rv_op_vdivu_vv, 0 }, + { "vdivu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vdivu_vx, rv_op_vdivu_vx, 0 }, + { "vdiv.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vdiv_vv, rv_op_vdiv_vv, 0 }, + { "vdiv.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vdiv_vx, rv_op_vdiv_vx, 0 }, + { "vremu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vremu_vv, rv_op_vremu_vv, 0 }, + { "vremu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vremu_vx, rv_op_vremu_vx, 0 }, + { "vrem.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vrem_vv, rv_op_vrem_vv, 0 }, + { "vrem.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vrem_vx, rv_op_vrem_vx, 0 }, + { "vwmulu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwmulu_vv, rv_op_vwmulu_vv, 0 }, + { "vwmulu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vwmulu_vx, rv_op_vwmulu_vx, 0 }, + { "vwmulsu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwmulsu_vv, rv_op_vwmulsu_vv, 0 }, + { "vwmulsu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vwmulsu_vx, rv_op_vwmulsu_vx, 0 }, + { "vwmul.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwmul_vv, rv_op_vwmul_vv, 0 }, + { "vwmul.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vwmul_vx, rv_op_vwmul_vx, 0 }, + { "vmacc.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vmacc_vv, rv_op_vmacc_vv, 0 }, + { "vmacc.vx", rv_codec_v_r, rv_fmt_vd_rs1_vs2_vm, NULL, rv_op_vmacc_vx, rv_op_vmacc_vx, 0 }, + { "vnmsac.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vnmsac_vv, rv_op_vnmsac_vv, 0 }, + { "vnmsac.vx", rv_codec_v_r, rv_fmt_vd_rs1_vs2_vm, NULL, rv_op_vnmsac_vx, rv_op_vnmsac_vx, 0 }, + { "vmadd.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vmadd_vv, rv_op_vmadd_vv, 0 }, + { "vmadd.vx", rv_codec_v_r, rv_fmt_vd_rs1_vs2_vm, NULL, rv_op_vmadd_vx, rv_op_vmadd_vx, 0 }, + { "vnmsub.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vnmsub_vv, rv_op_vnmsub_vv, 0 }, + { "vnmsub.vx", rv_codec_v_r, rv_fmt_vd_rs1_vs2_vm, NULL, rv_op_vnmsub_vx, rv_op_vnmsub_vx, 0 }, + { "vwmaccu.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vwmaccu_vv, rv_op_vwmaccu_vv, 0 }, + { "vwmaccu.vx", rv_codec_v_r, rv_fmt_vd_rs1_vs2_vm, NULL, rv_op_vwmaccu_vx, rv_op_vwmaccu_vx, 0 }, + { "vwmacc.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vwmacc_vv, rv_op_vwmacc_vv, 0 }, + { "vwmacc.vx", rv_codec_v_r, rv_fmt_vd_rs1_vs2_vm, NULL, rv_op_vwmacc_vx, rv_op_vwmacc_vx, 0 }, + { "vwmaccsu.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vwmaccsu_vv, rv_op_vwmaccsu_vv, 0 }, + { "vwmaccsu.vx", rv_codec_v_r, rv_fmt_vd_rs1_vs2_vm, NULL, rv_op_vwmaccsu_vx, rv_op_vwmaccsu_vx, 0 }, + { "vwmaccus.vx", rv_codec_v_r, rv_fmt_vd_rs1_vs2_vm, NULL, rv_op_vwmaccus_vx, rv_op_vwmaccus_vx, 0 }, + { "vmv.v.v", rv_codec_v_r, rv_fmt_vd_vs1, NULL, rv_op_vmv_v_v, rv_op_vmv_v_v, 0 }, + { "vmv.v.x", rv_codec_v_r, rv_fmt_vd_rs1, NULL, rv_op_vmv_v_x, rv_op_vmv_v_x, 0 }, + { "vmv.v.i", rv_codec_v_i, rv_fmt_vd_imm, NULL, rv_op_vmv_v_i, rv_op_vmv_v_i, 0 }, + { "vmerge.vvm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vl, NULL, rv_op_vmerge_vvm, rv_op_vmerge_vvm, 0 }, + { "vmerge.vxm", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vl, NULL, rv_op_vmerge_vxm, rv_op_vmerge_vxm, 0 }, + { "vmerge.vim", rv_codec_v_i, rv_fmt_vd_vs2_imm_vl, NULL, rv_op_vmerge_vim, rv_op_vmerge_vim, 0 }, + { "vsaddu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vsaddu_vv, rv_op_vsaddu_vv, 0 }, + { "vsaddu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vsaddu_vx, rv_op_vsaddu_vx, 0 }, + { "vsaddu.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vsaddu_vi, rv_op_vsaddu_vi, 0 }, + { "vsadd.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vsadd_vv, rv_op_vsadd_vv, 0 }, + { "vsadd.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vsadd_vx, rv_op_vsadd_vx, 0 }, + { "vsadd.vi", rv_codec_v_i, rv_fmt_vd_vs2_imm_vm, NULL, rv_op_vsadd_vi, rv_op_vsadd_vi, 0 }, + { "vssubu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vssubu_vv, rv_op_vssubu_vv, 0 }, + { "vssubu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vssubu_vx, rv_op_vssubu_vx, 0 }, + { "vssub.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vssub_vv, rv_op_vssub_vv, 0 }, + { "vssub.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vssub_vx, rv_op_vssub_vx, 0 }, + { "vaadd.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vaadd_vv, rv_op_vaadd_vv, 0 }, + { "vaadd.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vaadd_vx, rv_op_vaadd_vx, 0 }, + { "vaaddu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vaaddu_vv, rv_op_vaaddu_vv, 0 }, + { "vaaddu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vaaddu_vx, rv_op_vaaddu_vx, 0 }, + { "vasub.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vasub_vv, rv_op_vasub_vv, 0 }, + { "vasub.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vasub_vx, rv_op_vasub_vx, 0 }, + { "vasubu.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vasubu_vv, rv_op_vasubu_vv, 0 }, + { "vasubu.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vasubu_vx, rv_op_vasubu_vx, 0 }, + { "vsmul.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vsmul_vv, rv_op_vsmul_vv, 0 }, + { "vsmul.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vsmul_vx, rv_op_vsmul_vx, 0 }, + { "vssrl.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vssrl_vv, rv_op_vssrl_vv, 0 }, + { "vssrl.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vssrl_vx, rv_op_vssrl_vx, 0 }, + { "vssrl.vi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vssrl_vi, rv_op_vssrl_vi, 0 }, + { "vssra.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vssra_vv, rv_op_vssra_vv, 0 }, + { "vssra.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vssra_vx, rv_op_vssra_vx, 0 }, + { "vssra.vi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vssra_vi, rv_op_vssra_vi, 0 }, + { "vnclipu.wv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vnclipu_wv, rv_op_vnclipu_wv, 0 }, + { "vnclipu.wx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vnclipu_wx, rv_op_vnclipu_wx, 0 }, + { "vnclipu.wi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vnclipu_wi, rv_op_vnclipu_wi, 0 }, + { "vnclip.wv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vnclip_wv, rv_op_vnclip_wv, 0 }, + { "vnclip.wx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vnclip_wx, rv_op_vnclip_wx, 0 }, + { "vnclip.wi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vnclip_wi, rv_op_vnclip_wi, 0 }, + { "vfadd.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfadd_vv, rv_op_vfadd_vv, 0 }, + { "vfadd.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfadd_vf, rv_op_vfadd_vf, 0 }, + { "vfsub.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfsub_vv, rv_op_vfsub_vv, 0 }, + { "vfsub.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfsub_vf, rv_op_vfsub_vf, 0 }, + { "vfrsub.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfrsub_vf, rv_op_vfrsub_vf, 0 }, + { "vfwadd.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfwadd_vv, rv_op_vfwadd_vv, 0 }, + { "vfwadd.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfwadd_vf, rv_op_vfwadd_vf, 0 }, + { "vfwadd.wv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfwadd_wv, rv_op_vfwadd_wv, 0 }, + { "vfwadd.wf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfwadd_wf, rv_op_vfwadd_wf, 0 }, + { "vfwsub.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfwsub_vv, rv_op_vfwsub_vv, 0 }, + { "vfwsub.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfwsub_vf, rv_op_vfwsub_vf, 0 }, + { "vfwsub.wv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfwsub_wv, rv_op_vfwsub_wv, 0 }, + { "vfwsub.wf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfwsub_wf, rv_op_vfwsub_wf, 0 }, + { "vfmul.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfmul_vv, rv_op_vfmul_vv, 0 }, + { "vfmul.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfmul_vf, rv_op_vfmul_vf, 0 }, + { "vfdiv.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfdiv_vv, rv_op_vfdiv_vv, 0 }, + { "vfdiv.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfdiv_vf, rv_op_vfdiv_vf, 0 }, + { "vfrdiv.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfrdiv_vf, rv_op_vfrdiv_vf, 0 }, + { "vfwmul.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfwmul_vv, rv_op_vfwmul_vv, 0 }, + { "vfwmul.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfwmul_vf, rv_op_vfwmul_vf, 0 }, + { "vfmacc.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfmacc_vv, rv_op_vfmacc_vv, 0 }, + { "vfmacc.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfmacc_vf, rv_op_vfmacc_vf, 0 }, + { "vfnmacc.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfnmacc_vv, rv_op_vfnmacc_vv, 0 }, + { "vfnmacc.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfnmacc_vf, rv_op_vfnmacc_vf, 0 }, + { "vfmsac.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfmsac_vv, rv_op_vfmsac_vv, 0 }, + { "vfmsac.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfmsac_vf, rv_op_vfmsac_vf, 0 }, + { "vfnmsac.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfnmsac_vv, rv_op_vfnmsac_vv, 0 }, + { "vfnmsac.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfnmsac_vf, rv_op_vfnmsac_vf, 0 }, + { "vfmadd.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfmadd_vv, rv_op_vfmadd_vv, 0 }, + { "vfmadd.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfmadd_vf, rv_op_vfmadd_vf, 0 }, + { "vfnmadd.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfnmadd_vv, rv_op_vfnmadd_vv, 0 }, + { "vfnmadd.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfnmadd_vf, rv_op_vfnmadd_vf, 0 }, + { "vfmsub.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfmsub_vv, rv_op_vfmsub_vv, 0 }, + { "vfmsub.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfmsub_vf, rv_op_vfmsub_vf, 0 }, + { "vfnmsub.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfnmsub_vv, rv_op_vfnmsub_vv, 0 }, + { "vfnmsub.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfnmsub_vf, rv_op_vfnmsub_vf, 0 }, + { "vfwmacc.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfwmacc_vv, rv_op_vfwmacc_vv, 0 }, + { "vfwmacc.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfwmacc_vf, rv_op_vfwmacc_vf, 0 }, + { "vfwnmacc.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfwnmacc_vv, rv_op_vfwnmacc_vv, 0 }, + { "vfwnmacc.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfwnmacc_vf, rv_op_vfwnmacc_vf, 0 }, + { "vfwmsac.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfwmsac_vv, rv_op_vfwmsac_vv, 0 }, + { "vfwmsac.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfwmsac_vf, rv_op_vfwmsac_vf, 0 }, + { "vfwnmsac.vv", rv_codec_v_r, rv_fmt_vd_vs1_vs2_vm, NULL, rv_op_vfwnmsac_vv, rv_op_vfwnmsac_vv, 0 }, + { "vfwnmsac.vf", rv_codec_v_r, rv_fmt_vd_fs1_vs2_vm, NULL, rv_op_vfwnmsac_vf, rv_op_vfwnmsac_vf, 0 }, + { "vfsqrt.v", rv_codec_v_r, rv_fmt_vd_vs2, NULL, rv_op_vfsqrt_v, rv_op_vfsqrt_v, 0 }, + { "vfrsqrt7.v", rv_codec_v_r, rv_fmt_vd_vs2, NULL, rv_op_vfrsqrt7_v, rv_op_vfrsqrt7_v, 0 }, + { "vfrec7.v", rv_codec_v_r, rv_fmt_vd_vs2, NULL, rv_op_vfrec7_v, rv_op_vfrec7_v, 0 }, + { "vfmin.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfmin_vv, rv_op_vfmin_vv, 0 }, + { "vfmin.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfmin_vf, rv_op_vfmin_vf, 0 }, + { "vfmax.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfmax_vv, rv_op_vfmax_vv, 0 }, + { "vfmax.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfmax_vf, rv_op_vfmax_vf, 0 }, + { "vfsgnj.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfsgnj_vv, rv_op_vfsgnj_vv, 0 }, + { "vfsgnj.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfsgnj_vf, rv_op_vfsgnj_vf, 0 }, + { "vfsgnjn.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfsgnjn_vv, rv_op_vfsgnjn_vv, 0 }, + { "vfsgnjn.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfsgnjn_vf, rv_op_vfsgnjn_vf, 0 }, + { "vfsgnjx.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfsgnjx_vv, rv_op_vfsgnjx_vv, 0 }, + { "vfsgnjx.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfsgnjx_vf, rv_op_vfsgnjx_vf, 0 }, + { "vfslide1up.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfslide1up_vf, rv_op_vfslide1up_vf, 0 }, + { "vfslide1down.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vfslide1down_vf, rv_op_vfslide1down_vf, 0 }, + { "vmfeq.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmfeq_vv, rv_op_vmfeq_vv, 0 }, + { "vmfeq.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vmfeq_vf, rv_op_vmfeq_vf, 0 }, + { "vmfne.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmfne_vv, rv_op_vmfne_vv, 0 }, + { "vmfne.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vmfne_vf, rv_op_vmfne_vf, 0 }, + { "vmflt.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmflt_vv, rv_op_vmflt_vv, 0 }, + { "vmflt.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vmflt_vf, rv_op_vmflt_vf, 0 }, + { "vmfle.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmfle_vv, rv_op_vmfle_vv, 0 }, + { "vmfle.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vmfle_vf, rv_op_vmfle_vf, 0 }, + { "vmfgt.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vmfgt_vf, rv_op_vmfgt_vf, 0 }, + { "vmfge.vf", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vm, NULL, rv_op_vmfge_vf, rv_op_vmfge_vf, 0 }, + { "vfclass.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfclass_v, rv_op_vfclass_v, 0 }, + { "vfmerge.vfm", rv_codec_v_r, rv_fmt_vd_vs2_fs1_vl, NULL, rv_op_vfmerge_vfm, rv_op_vfmerge_vfm, 0 }, + { "vfmv.v.f", rv_codec_v_r, rv_fmt_vd_fs1, NULL, rv_op_vfmv_v_f, rv_op_vfmv_v_f, 0 }, + { "vfcvt.xu.f.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfcvt_xu_f_v, rv_op_vfcvt_xu_f_v, 0 }, + { "vfcvt.x.f.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfcvt_x_f_v, rv_op_vfcvt_x_f_v, 0 }, + { "vfcvt.f.xu.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfcvt_f_xu_v, rv_op_vfcvt_f_xu_v, 0 }, + { "vfcvt.f.x.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfcvt_f_x_v, rv_op_vfcvt_f_x_v, 0 }, + { "vfcvt.rtz.xu.f.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfcvt_rtz_xu_f_v, rv_op_vfcvt_rtz_xu_f_v, 0 }, + { "vfcvt.rtz.x.f.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfcvt_rtz_x_f_v, rv_op_vfcvt_rtz_x_f_v, 0 }, + { "vfwcvt.xu.f.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfwcvt_xu_f_v, rv_op_vfwcvt_xu_f_v, 0 }, + { "vfwcvt.x.f.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfwcvt_x_f_v, rv_op_vfwcvt_x_f_v, 0 }, + { "vfwcvt.f.xu.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfwcvt_f_xu_v, rv_op_vfwcvt_f_xu_v, 0 }, + { "vfwcvt.f.x.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfwcvt_f_x_v, rv_op_vfwcvt_f_x_v, 0 }, + { "vfwcvt.f.f.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfwcvt_f_f_v, rv_op_vfwcvt_f_f_v, 0 }, + { "vfwcvt.rtz.xu.f.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfwcvt_rtz_xu_f_v, rv_op_vfwcvt_rtz_xu_f_v, 0 }, + { "vfwcvt.rtz.x.f.v", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfwcvt_rtz_x_f_v, rv_op_vfwcvt_rtz_x_f_v, 0 }, + { "vfncvt.xu.f.w", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfncvt_xu_f_w, rv_op_vfncvt_xu_f_w, 0 }, + { "vfncvt.x.f.w", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfncvt_x_f_w, rv_op_vfncvt_x_f_w, 0 }, + { "vfncvt.f.xu.w", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfncvt_f_xu_w, rv_op_vfncvt_f_xu_w, 0 }, + { "vfncvt.f.x.w", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfncvt_f_x_w, rv_op_vfncvt_f_x_w, 0 }, + { "vfncvt.f.f.w", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfncvt_f_f_w, rv_op_vfncvt_f_f_w, 0 }, + { "vfncvt.rod.f.f.w", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfncvt_rod_f_f_w, rv_op_vfncvt_rod_f_f_w, 0 }, + { "vfncvt.rtz.xu.f.w", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfncvt_rtz_xu_f_w, rv_op_vfncvt_rtz_xu_f_w, 0 }, + { "vfncvt.rtz.x.f.w", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vfncvt_rtz_x_f_w, rv_op_vfncvt_rtz_x_f_w, 0 }, + { "vredsum.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vredsum_vs, rv_op_vredsum_vs, 0 }, + { "vredand.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vredand_vs, rv_op_vredand_vs, 0 }, + { "vredor.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vredor_vs, rv_op_vredor_vs, 0 }, + { "vredxor.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vredxor_vs, rv_op_vredxor_vs, 0 }, + { "vredminu.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vredminu_vs, rv_op_vredminu_vs, 0 }, + { "vredmin.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vredmin_vs, rv_op_vredmin_vs, 0 }, + { "vredmaxu.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vredmaxu_vs, rv_op_vredmaxu_vs, 0 }, + { "vredmax.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vredmax_vs, rv_op_vredmax_vs, 0 }, + { "vwredsumu.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwredsumu_vs, rv_op_vwredsumu_vs, 0 }, + { "vwredsum.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vwredsum_vs, rv_op_vwredsum_vs, 0 }, + { "vfredusum.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfredusum_vs, rv_op_vfredusum_vs, 0 }, + { "vfredosum.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfredosum_vs, rv_op_vfredosum_vs, 0 }, + { "vfredmin.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfredmin_vs, rv_op_vfredmin_vs, 0 }, + { "vfredmax.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfredmax_vs, rv_op_vfredmax_vs, 0 }, + { "vfwredusum.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfwredusum_vs, rv_op_vfwredusum_vs, 0 }, + { "vfwredosum.vs", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vfwredosum_vs, rv_op_vfwredosum_vs, 0 }, + { "vmand.mm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmand_mm, rv_op_vmand_mm, 0 }, + { "vmnand.mm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmnand_mm, rv_op_vmnand_mm, 0 }, + { "vmandn.mm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmandn_mm, rv_op_vmandn_mm, 0 }, + { "vmxor.mm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmxor_mm, rv_op_vmxor_mm, 0 }, + { "vmor.mm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmor_mm, rv_op_vmor_mm, 0 }, + { "vmnor.mm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmnor_mm, rv_op_vmnor_mm, 0 }, + { "vmorn.mm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmorn_mm, rv_op_vmorn_mm, 0 }, + { "vmxnor.mm", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vmxnor_mm, rv_op_vmxnor_mm, 0 }, + { "vcpop.m", rv_codec_v_r, rv_fmt_rd_vs2_vm, NULL, rv_op_vcpop_m, rv_op_vcpop_m, 0 }, + { "vfirst.m", rv_codec_v_r, rv_fmt_rd_vs2_vm, NULL, rv_op_vfirst_m, rv_op_vfirst_m, 0 }, + { "vmsbf.m", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vmsbf_m, rv_op_vmsbf_m, 0 }, + { "vmsif.m", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vmsif_m, rv_op_vmsif_m, 0 }, + { "vmsof.m", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vmsof_m, rv_op_vmsof_m, 0 }, + { "viota.m", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_viota_m, rv_op_viota_m, 0 }, + { "vid.v", rv_codec_v_r, rv_fmt_vd_vm, NULL, rv_op_vid_v, rv_op_vid_v, 0 }, + { "vmv.x.s", rv_codec_v_r, rv_fmt_rd_vs2, NULL, rv_op_vmv_x_s, rv_op_vmv_x_s, 0 }, + { "vmv.s.x", rv_codec_v_r, rv_fmt_vd_rs1, NULL, rv_op_vmv_s_x, rv_op_vmv_s_x, 0 }, + { "vfmv.f.s", rv_codec_v_r, rv_fmt_fd_vs2, NULL, rv_op_vfmv_f_s, rv_op_vfmv_f_s, 0 }, + { "vfmv.s.f", rv_codec_v_r, rv_fmt_vd_fs1, NULL, rv_op_vfmv_s_f, rv_op_vfmv_s_f, 0 }, + { "vslideup.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vslideup_vx, rv_op_vslideup_vx, 0 }, + { "vslideup.vi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vslideup_vi, rv_op_vslideup_vi, 0 }, + { "vslide1up.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vslide1up_vx, rv_op_vslide1up_vx, 0 }, + { "vslidedown.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vslidedown_vx, rv_op_vslidedown_vx, 0 }, + { "vslidedown.vi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vslidedown_vi, rv_op_vslidedown_vi, 0 }, + { "vslide1down.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vslide1down_vx, rv_op_vslide1down_vx, 0 }, + { "vrgather.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vrgather_vv, rv_op_vrgather_vv, 0 }, + { "vrgatherei16.vv", rv_codec_v_r, rv_fmt_vd_vs2_vs1_vm, NULL, rv_op_vrgatherei16_vv, rv_op_vrgatherei16_vv, 0 }, + { "vrgather.vx", rv_codec_v_r, rv_fmt_vd_vs2_rs1_vm, NULL, rv_op_vrgather_vx, rv_op_vrgather_vx, 0 }, + { "vrgather.vi", rv_codec_v_i, rv_fmt_vd_vs2_uimm_vm, NULL, rv_op_vrgather_vi, rv_op_vrgather_vi, 0 }, + { "vcompress.vm", rv_codec_v_r, rv_fmt_vd_vs2_vs1, NULL, rv_op_vcompress_vm, rv_op_vcompress_vm, 0 }, + { "vmv1r.v", rv_codec_v_r, rv_fmt_vd_vs2, NULL, rv_op_vmv1r_v, rv_op_vmv1r_v, 0 }, + { "vmv2r.v", rv_codec_v_r, rv_fmt_vd_vs2, NULL, rv_op_vmv2r_v, rv_op_vmv2r_v, 0 }, + { "vmv4r.v", rv_codec_v_r, rv_fmt_vd_vs2, NULL, rv_op_vmv4r_v, rv_op_vmv4r_v, 0 }, + { "vmv8r.v", rv_codec_v_r, rv_fmt_vd_vs2, NULL, rv_op_vmv8r_v, rv_op_vmv8r_v, 0 }, + { "vzext.vf2", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vzext_vf2, rv_op_vzext_vf2, 0 }, + { "vzext.vf4", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vzext_vf4, rv_op_vzext_vf4, 0 }, + { "vzext.vf8", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vzext_vf8, rv_op_vzext_vf8, 0 }, + { "vsext.vf2", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vsext_vf2, rv_op_vsext_vf2, 0 }, + { "vsext.vf4", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vsext_vf4, rv_op_vsext_vf4, 0 }, + { "vsext.vf8", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vsext_vf8, rv_op_vsext_vf8, 0 }, + { "vsetvli", rv_codec_vsetvli, rv_fmt_vsetvli, NULL, rv_op_vsetvli, rv_op_vsetvli, 0 }, + { "vsetivli", rv_codec_vsetivli, rv_fmt_vsetivli, NULL, rv_op_vsetivli, rv_op_vsetivli, 0 }, + { "vsetvl", rv_codec_r, rv_fmt_rd_rs1_rs2, NULL, rv_op_vsetvl, rv_op_vsetvl, 0 } }; /* CSR names */ @@ -1297,6 +2079,10 @@ static const char *csr_name(int csrno) case 0x0003: return "fcsr"; case 0x0004: return "uie"; case 0x0005: return "utvec"; + case 0x0008: return "vstart"; + case 0x0009: return "vxsat"; + case 0x000a: return "vxrm"; + case 0x000f: return "vcsr"; case 0x0015: return "seed"; case 0x0040: return "uscratch"; case 0x0041: return "uepc"; @@ -1469,6 +2255,9 @@ static const char *csr_name(int csrno) case 0x0c00: return "cycle"; case 0x0c01: return "time"; case 0x0c02: return "instret"; + case 0x0c20: return "vl"; + case 0x0c21: return "vtype"; + case 0x0c22: return "vlenb"; case 0x0c80: return "cycleh"; case 0x0c81: return "timeh"; case 0x0c82: return "instreth"; @@ -1656,9 +2445,86 @@ static void decode_inst_opcode(rv_decode *dec, rv_isa isa) break; case 1: switch (((inst >> 12) & 0b111)) { + case 0: + switch (((inst >> 20) & 0b111111111111)) { + case 40: op = rv_op_vl1re8_v; break; + case 552: op = rv_op_vl2re8_v; break; + case 1576: op = rv_op_vl4re8_v; break; + case 3624: op = rv_op_vl8re8_v; break; + } + switch (((inst >> 26) & 0b111)) { + case 0: + switch (((inst >> 20) & 0b11111)) { + case 0: op = rv_op_vle8_v; break; + case 11: op = rv_op_vlm_v; break; + case 16: op = rv_op_vle8ff_v; break; + } + break; + case 1: op = rv_op_vluxei8_v; break; + case 2: op = rv_op_vlse8_v; break; + case 3: op = rv_op_vloxei8_v; break; + } + break; case 2: op = rv_op_flw; break; case 3: op = rv_op_fld; break; case 4: op = rv_op_flq; break; + case 5: + switch (((inst >> 20) & 0b111111111111)) { + case 40: op = rv_op_vl1re16_v; break; + case 552: op = rv_op_vl2re16_v; break; + case 1576: op = rv_op_vl4re16_v; break; + case 3624: op = rv_op_vl8re16_v; break; + } + switch (((inst >> 26) & 0b111)) { + case 0: + switch (((inst >> 20) & 0b11111)) { + case 0: op = rv_op_vle16_v; break; + case 16: op = rv_op_vle16ff_v; break; + } + break; + case 1: op = rv_op_vluxei16_v; break; + case 2: op = rv_op_vlse16_v; break; + case 3: op = rv_op_vloxei16_v; break; + } + break; + case 6: + switch (((inst >> 20) & 0b111111111111)) { + case 40: op = rv_op_vl1re32_v; break; + case 552: op = rv_op_vl2re32_v; break; + case 1576: op = rv_op_vl4re32_v; break; + case 3624: op = rv_op_vl8re32_v; break; + } + switch (((inst >> 26) & 0b111)) { + case 0: + switch (((inst >> 20) & 0b11111)) { + case 0: op = rv_op_vle32_v; break; + case 16: op = rv_op_vle32ff_v; break; + } + break; + case 1: op = rv_op_vluxei32_v; break; + case 2: op = rv_op_vlse32_v; break; + case 3: op = rv_op_vloxei32_v; break; + } + break; + case 7: + switch (((inst >> 20) & 0b111111111111)) { + case 40: op = rv_op_vl1re64_v; break; + case 552: op = rv_op_vl2re64_v; break; + case 1576: op = rv_op_vl4re64_v; break; + case 3624: op = rv_op_vl8re64_v; break; + } + switch (((inst >> 26) & 0b111)) { + case 0: + switch (((inst >> 20) & 0b11111)) { + case 0: op = rv_op_vle64_v; break; + case 16: op = rv_op_vle64ff_v; break; + } + break; + case 1: op = rv_op_vluxei64_v; break; + case 2: op = rv_op_vlse64_v; break; + case 3: op = rv_op_vloxei64_v; break; + } + break; } break; case 3: @@ -1783,9 +2649,64 @@ static void decode_inst_opcode(rv_decode *dec, rv_isa isa) break; case 9: switch (((inst >> 12) & 0b111)) { + case 0: + switch (((inst >> 20) & 0b111111111111)) { + case 40: op = rv_op_vs1r_v; break; + case 552: op = rv_op_vs2r_v; break; + case 1576: op = rv_op_vs4r_v; break; + case 3624: op = rv_op_vs8r_v; break; + } + switch (((inst >> 26) & 0b111)) { + case 0: + switch (((inst >> 20) & 0b11111)) { + case 0: op = rv_op_vse8_v; break; + case 11: op = rv_op_vsm_v; break; + } + break; + case 1: op = rv_op_vsuxei8_v; break; + case 2: op = rv_op_vsse8_v; break; + case 3: op = rv_op_vsoxei8_v; break; + } + break; case 2: op = rv_op_fsw; break; case 3: op = rv_op_fsd; break; case 4: op = rv_op_fsq; break; + case 5: + switch (((inst >> 26) & 0b111)) { + case 0: + switch (((inst >> 20) & 0b11111)) { + case 0: op = rv_op_vse16_v; break; + } + break; + case 1: op = rv_op_vsuxei16_v; break; + case 2: op = rv_op_vsse16_v; break; + case 3: op = rv_op_vsoxei16_v; break; + } + break; + case 6: + switch (((inst >> 26) & 0b111)) { + case 0: + switch (((inst >> 20) & 0b11111)) { + case 0: op = rv_op_vse32_v; break; + } + break; + case 1: op = rv_op_vsuxei32_v; break; + case 2: op = rv_op_vsse32_v; break; + case 3: op = rv_op_vsoxei32_v; break; + } + break; + case 7: + switch (((inst >> 26) & 0b111)) { + case 0: + switch (((inst >> 20) & 0b11111)) { + case 0: op = rv_op_vse64_v; break; + } + break; + case 1: op = rv_op_vsuxei64_v; break; + case 2: op = rv_op_vsse64_v; break; + case 3: op = rv_op_vsoxei64_v; break; + } + break; } break; case 11: @@ -2152,6 +3073,408 @@ static void decode_inst_opcode(rv_decode *dec, rv_isa isa) break; } break; + case 21: + switch (((inst >> 12) & 0b111)) { + case 0: + switch (((inst >> 26) & 0b111111)) { + case 0: op = rv_op_vadd_vv; break; + case 2: op = rv_op_vsub_vv; break; + case 4: op = rv_op_vminu_vv; break; + case 5: op = rv_op_vmin_vv; break; + case 6: op = rv_op_vmaxu_vv; break; + case 7: op = rv_op_vmax_vv; break; + case 9: op = rv_op_vand_vv; break; + case 10: op = rv_op_vor_vv; break; + case 11: op = rv_op_vxor_vv; break; + case 12: op = rv_op_vrgather_vv; break; + case 14: op = rv_op_vrgatherei16_vv; break; + case 16: if (((inst >> 25) & 1) == 0) op = rv_op_vadc_vvm; break; + case 17: op = rv_op_vmadc_vvm; break; + case 18: if (((inst >> 25) & 1) == 0) op = rv_op_vsbc_vvm; break; + case 19: op = rv_op_vmsbc_vvm; break; + case 23: + if (((inst >> 20) & 0b111111) == 32) + op = rv_op_vmv_v_v; + else if (((inst >> 25) & 1) == 0) + op = rv_op_vmerge_vvm; + break; + case 24: op = rv_op_vmseq_vv; break; + case 25: op = rv_op_vmsne_vv; break; + case 26: op = rv_op_vmsltu_vv; break; + case 27: op = rv_op_vmslt_vv; break; + case 28: op = rv_op_vmsleu_vv; break; + case 29: op = rv_op_vmsle_vv; break; + case 32: op = rv_op_vsaddu_vv; break; + case 33: op = rv_op_vsadd_vv; break; + case 34: op = rv_op_vssubu_vv; break; + case 35: op = rv_op_vssub_vv; break; + case 37: op = rv_op_vsll_vv; break; + case 39: op = rv_op_vsmul_vv; break; + case 40: op = rv_op_vsrl_vv; break; + case 41: op = rv_op_vsra_vv; break; + case 42: op = rv_op_vssrl_vv; break; + case 43: op = rv_op_vssra_vv; break; + case 44: op = rv_op_vnsrl_wv; break; + case 45: op = rv_op_vnsra_wv; break; + case 46: op = rv_op_vnclipu_wv; break; + case 47: op = rv_op_vnclip_wv; break; + case 48: op = rv_op_vwredsumu_vs; break; + case 49: op = rv_op_vwredsum_vs; break; + } + break; + case 1: + switch (((inst >> 26) & 0b111111)) { + case 0: op = rv_op_vfadd_vv; break; + case 1: op = rv_op_vfredusum_vs; break; + case 2: op = rv_op_vfsub_vv; break; + case 3: op = rv_op_vfredosum_vs; break; + case 4: op = rv_op_vfmin_vv; break; + case 5: op = rv_op_vfredmin_vs; break; + case 6: op = rv_op_vfmax_vv; break; + case 7: op = rv_op_vfredmax_vs; break; + case 8: op = rv_op_vfsgnj_vv; break; + case 9: op = rv_op_vfsgnjn_vv; break; + case 10: op = rv_op_vfsgnjx_vv; break; + case 16: + switch (((inst >> 15) & 0b11111)) { + case 0: if ((inst >> 25) & 1) op = rv_op_vfmv_f_s; break; + } + break; + case 18: + switch (((inst >> 15) & 0b11111)) { + case 0: op = rv_op_vfcvt_xu_f_v; break; + case 1: op = rv_op_vfcvt_x_f_v; break; + case 2: op = rv_op_vfcvt_f_xu_v; break; + case 3: op = rv_op_vfcvt_f_x_v; break; + case 6: op = rv_op_vfcvt_rtz_xu_f_v; break; + case 7: op = rv_op_vfcvt_rtz_x_f_v; break; + case 8: op = rv_op_vfwcvt_xu_f_v; break; + case 9: op = rv_op_vfwcvt_x_f_v; break; + case 10: op = rv_op_vfwcvt_f_xu_v; break; + case 11: op = rv_op_vfwcvt_f_x_v; break; + case 12: op = rv_op_vfwcvt_f_f_v; break; + case 14: op = rv_op_vfwcvt_rtz_xu_f_v; break; + case 15: op = rv_op_vfwcvt_rtz_x_f_v; break; + case 16: op = rv_op_vfncvt_xu_f_w; break; + case 17: op = rv_op_vfncvt_x_f_w; break; + case 18: op = rv_op_vfncvt_f_xu_w; break; + case 19: op = rv_op_vfncvt_f_x_w; break; + case 20: op = rv_op_vfncvt_f_f_w; break; + case 21: op = rv_op_vfncvt_rod_f_f_w; break; + case 22: op = rv_op_vfncvt_rtz_xu_f_w; break; + case 23: op = rv_op_vfncvt_rtz_x_f_w; break; + } + break; + case 19: + switch (((inst >> 15) & 0b11111)) { + case 0: op = rv_op_vfsqrt_v; break; + case 4: op = rv_op_vfrsqrt7_v; break; + case 5: op = rv_op_vfrec7_v; break; + case 16: op = rv_op_vfclass_v; break; + } + break; + case 24: op = rv_op_vmfeq_vv; break; + case 25: op = rv_op_vmfle_vv; break; + case 27: op = rv_op_vmflt_vv; break; + case 28: op = rv_op_vmfne_vv; break; + case 32: op = rv_op_vfdiv_vv; break; + case 36: op = rv_op_vfmul_vv; break; + case 40: op = rv_op_vfmadd_vv; break; + case 41: op = rv_op_vfnmadd_vv; break; + case 42: op = rv_op_vfmsub_vv; break; + case 43: op = rv_op_vfnmsub_vv; break; + case 44: op = rv_op_vfmacc_vv; break; + case 45: op = rv_op_vfnmacc_vv; break; + case 46: op = rv_op_vfmsac_vv; break; + case 47: op = rv_op_vfnmsac_vv; break; + case 48: op = rv_op_vfwadd_vv; break; + case 49: op = rv_op_vfwredusum_vs; break; + case 50: op = rv_op_vfwsub_vv; break; + case 51: op = rv_op_vfwredosum_vs; break; + case 52: op = rv_op_vfwadd_wv; break; + case 54: op = rv_op_vfwsub_wv; break; + case 56: op = rv_op_vfwmul_vv; break; + case 60: op = rv_op_vfwmacc_vv; break; + case 61: op = rv_op_vfwnmacc_vv; break; + case 62: op = rv_op_vfwmsac_vv; break; + case 63: op = rv_op_vfwnmsac_vv; break; + } + break; + case 2: + switch (((inst >> 26) & 0b111111)) { + case 0: op = rv_op_vredsum_vs; break; + case 1: op = rv_op_vredand_vs; break; + case 2: op = rv_op_vredor_vs; break; + case 3: op = rv_op_vredxor_vs; break; + case 4: op = rv_op_vredminu_vs; break; + case 5: op = rv_op_vredmin_vs; break; + case 6: op = rv_op_vredmaxu_vs; break; + case 7: op = rv_op_vredmax_vs; break; + case 8: op = rv_op_vaaddu_vv; break; + case 9: op = rv_op_vaadd_vv; break; + case 10: op = rv_op_vasubu_vv; break; + case 11: op = rv_op_vasub_vv; break; + case 16: + switch (((inst >> 15) & 0b11111)) { + case 0: if ((inst >> 25) & 1) op = rv_op_vmv_x_s; break; + case 16: op = rv_op_vcpop_m; break; + case 17: op = rv_op_vfirst_m; break; + } + break; + case 18: + switch (((inst >> 15) & 0b11111)) { + case 2: op = rv_op_vzext_vf8; break; + case 3: op = rv_op_vsext_vf8; break; + case 4: op = rv_op_vzext_vf4; break; + case 5: op = rv_op_vsext_vf4; break; + case 6: op = rv_op_vzext_vf2; break; + case 7: op = rv_op_vsext_vf2; break; + } + break; + case 20: + switch (((inst >> 15) & 0b11111)) { + case 1: op = rv_op_vmsbf_m; break; + case 2: op = rv_op_vmsof_m; break; + case 3: op = rv_op_vmsif_m; break; + case 16: op = rv_op_viota_m; break; + case 17: if (((inst >> 20) & 0b11111) == 0) op = rv_op_vid_v; break; + } + break; + case 23: if ((inst >> 25) & 1) op = rv_op_vcompress_vm; break; + case 24: if ((inst >> 25) & 1) op = rv_op_vmandn_mm; break; + case 25: if ((inst >> 25) & 1) op = rv_op_vmand_mm; break; + case 26: if ((inst >> 25) & 1) op = rv_op_vmor_mm; break; + case 27: if ((inst >> 25) & 1) op = rv_op_vmxor_mm; break; + case 28: if ((inst >> 25) & 1) op = rv_op_vmorn_mm; break; + case 29: if ((inst >> 25) & 1) op = rv_op_vmnand_mm; break; + case 30: if ((inst >> 25) & 1) op = rv_op_vmnor_mm; break; + case 31: if ((inst >> 25) & 1) op = rv_op_vmxnor_mm; break; + case 32: op = rv_op_vdivu_vv; break; + case 33: op = rv_op_vdiv_vv; break; + case 34: op = rv_op_vremu_vv; break; + case 35: op = rv_op_vrem_vv; break; + case 36: op = rv_op_vmulhu_vv; break; + case 37: op = rv_op_vmul_vv; break; + case 38: op = rv_op_vmulhsu_vv; break; + case 39: op = rv_op_vmulh_vv; break; + case 41: op = rv_op_vmadd_vv; break; + case 43: op = rv_op_vnmsub_vv; break; + case 45: op = rv_op_vmacc_vv; break; + case 47: op = rv_op_vnmsac_vv; break; + case 48: op = rv_op_vwaddu_vv; break; + case 49: op = rv_op_vwadd_vv; break; + case 50: op = rv_op_vwsubu_vv; break; + case 51: op = rv_op_vwsub_vv; break; + case 52: op = rv_op_vwaddu_wv; break; + case 53: op = rv_op_vwadd_wv; break; + case 54: op = rv_op_vwsubu_wv; break; + case 55: op = rv_op_vwsub_wv; break; + case 56: op = rv_op_vwmulu_vv; break; + case 58: op = rv_op_vwmulsu_vv; break; + case 59: op = rv_op_vwmul_vv; break; + case 60: op = rv_op_vwmaccu_vv; break; + case 61: op = rv_op_vwmacc_vv; break; + case 63: op = rv_op_vwmaccsu_vv; break; + } + break; + case 3: + switch (((inst >> 26) & 0b111111)) { + case 0: op = rv_op_vadd_vi; break; + case 3: op = rv_op_vrsub_vi; break; + case 9: op = rv_op_vand_vi; break; + case 10: op = rv_op_vor_vi; break; + case 11: op = rv_op_vxor_vi; break; + case 12: op = rv_op_vrgather_vi; break; + case 14: op = rv_op_vslideup_vi; break; + case 15: op = rv_op_vslidedown_vi; break; + case 16: if (((inst >> 25) & 1) == 0) op = rv_op_vadc_vim; break; + case 17: op = rv_op_vmadc_vim; break; + case 23: + if (((inst >> 20) & 0b111111) == 32) + op = rv_op_vmv_v_i; + else if (((inst >> 25) & 1) == 0) + op = rv_op_vmerge_vim; + break; + case 24: op = rv_op_vmseq_vi; break; + case 25: op = rv_op_vmsne_vi; break; + case 28: op = rv_op_vmsleu_vi; break; + case 29: op = rv_op_vmsle_vi; break; + case 30: op = rv_op_vmsgtu_vi; break; + case 31: op = rv_op_vmsgt_vi; break; + case 32: op = rv_op_vsaddu_vi; break; + case 33: op = rv_op_vsadd_vi; break; + case 37: op = rv_op_vsll_vi; break; + case 39: + switch (((inst >> 15) & 0b11111)) { + case 0: op = rv_op_vmv1r_v; break; + case 1: op = rv_op_vmv2r_v; break; + case 3: op = rv_op_vmv4r_v; break; + case 7: op = rv_op_vmv8r_v; break; + } + break; + case 40: op = rv_op_vsrl_vi; break; + case 41: op = rv_op_vsra_vi; break; + case 42: op = rv_op_vssrl_vi; break; + case 43: op = rv_op_vssra_vi; break; + case 44: op = rv_op_vnsrl_wi; break; + case 45: op = rv_op_vnsra_wi; break; + case 46: op = rv_op_vnclipu_wi; break; + case 47: op = rv_op_vnclip_wi; break; + } + break; + case 4: + switch (((inst >> 26) & 0b111111)) { + case 0: op = rv_op_vadd_vx; break; + case 2: op = rv_op_vsub_vx; break; + case 3: op = rv_op_vrsub_vx; break; + case 4: op = rv_op_vminu_vx; break; + case 5: op = rv_op_vmin_vx; break; + case 6: op = rv_op_vmaxu_vx; break; + case 7: op = rv_op_vmax_vx; break; + case 9: op = rv_op_vand_vx; break; + case 10: op = rv_op_vor_vx; break; + case 11: op = rv_op_vxor_vx; break; + case 12: op = rv_op_vrgather_vx; break; + case 14: op = rv_op_vslideup_vx; break; + case 15: op = rv_op_vslidedown_vx; break; + case 16: if (((inst >> 25) & 1) == 0) op = rv_op_vadc_vxm; break; + case 17: op = rv_op_vmadc_vxm; break; + case 18: if (((inst >> 25) & 1) == 0) op = rv_op_vsbc_vxm; break; + case 19: op = rv_op_vmsbc_vxm; break; + case 23: + if (((inst >> 20) & 0b111111) == 32) + op = rv_op_vmv_v_x; + else if (((inst >> 25) & 1) == 0) + op = rv_op_vmerge_vxm; + break; + case 24: op = rv_op_vmseq_vx; break; + case 25: op = rv_op_vmsne_vx; break; + case 26: op = rv_op_vmsltu_vx; break; + case 27: op = rv_op_vmslt_vx; break; + case 28: op = rv_op_vmsleu_vx; break; + case 29: op = rv_op_vmsle_vx; break; + case 30: op = rv_op_vmsgtu_vx; break; + case 31: op = rv_op_vmsgt_vx; break; + case 32: op = rv_op_vsaddu_vx; break; + case 33: op = rv_op_vsadd_vx; break; + case 34: op = rv_op_vssubu_vx; break; + case 35: op = rv_op_vssub_vx; break; + case 37: op = rv_op_vsll_vx; break; + case 39: op = rv_op_vsmul_vx; break; + case 40: op = rv_op_vsrl_vx; break; + case 41: op = rv_op_vsra_vx; break; + case 42: op = rv_op_vssrl_vx; break; + case 43: op = rv_op_vssra_vx; break; + case 44: op = rv_op_vnsrl_wx; break; + case 45: op = rv_op_vnsra_wx; break; + case 46: op = rv_op_vnclipu_wx; break; + case 47: op = rv_op_vnclip_wx; break; + } + break; + case 5: + switch (((inst >> 26) & 0b111111)) { + case 0: op = rv_op_vfadd_vf; break; + case 2: op = rv_op_vfsub_vf; break; + case 4: op = rv_op_vfmin_vf; break; + case 6: op = rv_op_vfmax_vf; break; + case 8: op = rv_op_vfsgnj_vf; break; + case 9: op = rv_op_vfsgnjn_vf; break; + case 10: op = rv_op_vfsgnjx_vf; break; + case 14: op = rv_op_vfslide1up_vf; break; + case 15: op = rv_op_vfslide1down_vf; break; + case 16: + switch (((inst >> 20) & 0b11111)) { + case 0: if ((inst >> 25) & 1) op = rv_op_vfmv_s_f; break; + } + break; + case 23: + if (((inst >> 25) & 1) == 0) + op = rv_op_vfmerge_vfm; + else if (((inst >> 20) & 0b111111) == 32) + op = rv_op_vfmv_v_f; + break; + case 24: op = rv_op_vmfeq_vf; break; + case 25: op = rv_op_vmfle_vf; break; + case 27: op = rv_op_vmflt_vf; break; + case 28: op = rv_op_vmfne_vf; break; + case 29: op = rv_op_vmfgt_vf; break; + case 31: op = rv_op_vmfge_vf; break; + case 32: op = rv_op_vfdiv_vf; break; + case 33: op = rv_op_vfrdiv_vf; break; + case 36: op = rv_op_vfmul_vf; break; + case 39: op = rv_op_vfrsub_vf; break; + case 40: op = rv_op_vfmadd_vf; break; + case 41: op = rv_op_vfnmadd_vf; break; + case 42: op = rv_op_vfmsub_vf; break; + case 43: op = rv_op_vfnmsub_vf; break; + case 44: op = rv_op_vfmacc_vf; break; + case 45: op = rv_op_vfnmacc_vf; break; + case 46: op = rv_op_vfmsac_vf; break; + case 47: op = rv_op_vfnmsac_vf; break; + case 48: op = rv_op_vfwadd_vf; break; + case 50: op = rv_op_vfwsub_vf; break; + case 52: op = rv_op_vfwadd_wf; break; + case 54: op = rv_op_vfwsub_wf; break; + case 56: op = rv_op_vfwmul_vf; break; + case 60: op = rv_op_vfwmacc_vf; break; + case 61: op = rv_op_vfwnmacc_vf; break; + case 62: op = rv_op_vfwmsac_vf; break; + case 63: op = rv_op_vfwnmsac_vf; break; + } + break; + case 6: + switch (((inst >> 26) & 0b111111)) { + case 8: op = rv_op_vaaddu_vx; break; + case 9: op = rv_op_vaadd_vx; break; + case 10: op = rv_op_vasubu_vx; break; + case 11: op = rv_op_vasub_vx; break; + case 14: op = rv_op_vslide1up_vx; break; + case 15: op = rv_op_vslide1down_vx; break; + case 16: + switch (((inst >> 20) & 0b11111)) { + case 0: if ((inst >> 25) & 1) op = rv_op_vmv_s_x; break; + } + break; + case 32: op = rv_op_vdivu_vx; break; + case 33: op = rv_op_vdiv_vx; break; + case 34: op = rv_op_vremu_vx; break; + case 35: op = rv_op_vrem_vx; break; + case 36: op = rv_op_vmulhu_vx; break; + case 37: op = rv_op_vmul_vx; break; + case 38: op = rv_op_vmulhsu_vx; break; + case 39: op = rv_op_vmulh_vx; break; + case 41: op = rv_op_vmadd_vx; break; + case 43: op = rv_op_vnmsub_vx; break; + case 45: op = rv_op_vmacc_vx; break; + case 47: op = rv_op_vnmsac_vx; break; + case 48: op = rv_op_vwaddu_vx; break; + case 49: op = rv_op_vwadd_vx; break; + case 50: op = rv_op_vwsubu_vx; break; + case 51: op = rv_op_vwsub_vx; break; + case 52: op = rv_op_vwaddu_wx; break; + case 53: op = rv_op_vwadd_wx; break; + case 54: op = rv_op_vwsubu_wx; break; + case 55: op = rv_op_vwsub_wx; break; + case 56: op = rv_op_vwmulu_vx; break; + case 58: op = rv_op_vwmulsu_vx; break; + case 59: op = rv_op_vwmul_vx; break; + case 60: op = rv_op_vwmaccu_vx; break; + case 61: op = rv_op_vwmacc_vx; break; + case 62: op = rv_op_vwmaccus_vx; break; + case 63: op = rv_op_vwmaccsu_vx; break; + } + break; + case 7: + if (((inst >> 31) & 1) == 0) { + op = rv_op_vsetvli; + } else if ((inst >> 30) & 1) { + op = rv_op_vsetivli; + } else if (((inst >> 25) & 0b11111) == 0) { + op = rv_op_vsetvl; + } + break; + } + break; case 22: switch (((inst >> 12) & 0b111)) { case 0: op = rv_op_addid; break; @@ -2530,6 +3853,21 @@ static uint32_t operand_cimmq(rv_inst inst) ((inst << 57) >> 62) << 6; } +static uint32_t operand_vimm(rv_inst inst) +{ + return (int64_t)(inst << 44) >> 59; +} + +static uint32_t operand_vzimm11(rv_inst inst) +{ + return (inst << 33) >> 53; +} + +static uint32_t operand_vzimm10(rv_inst inst) +{ + return (inst << 34) >> 54; +} + static uint32_t operand_bs(rv_inst inst) { return (inst << 32) >> 62; @@ -2540,6 +3878,11 @@ static uint32_t operand_rnum(rv_inst inst) return (inst << 40) >> 60; } +static uint32_t operand_vm(rv_inst inst) +{ + return (inst << 38) >> 63; +} + /* decode operands */ static void decode_inst_operands(rv_decode *dec, rv_isa isa) @@ -2829,6 +4172,33 @@ static void decode_inst_operands(rv_decode *dec, rv_isa isa) dec->rs1 = operand_rs1(inst); dec->rnum = operand_rnum(inst); break; + case rv_codec_v_r: + dec->rd = operand_rd(inst); + dec->rs1 = operand_rs1(inst); + dec->rs2 = operand_rs2(inst); + dec->vm = operand_vm(inst); + break; + case rv_codec_v_ldst: + dec->rd = operand_rd(inst); + dec->rs1 = operand_rs1(inst); + dec->vm = operand_vm(inst); + break; + case rv_codec_v_i: + dec->rd = operand_rd(inst); + dec->rs2 = operand_rs2(inst); + dec->imm = operand_vimm(inst); + dec->vm = operand_vm(inst); + break; + case rv_codec_vsetvli: + dec->rd = operand_rd(inst); + dec->rs1 = operand_rs1(inst); + dec->vzimm = operand_vzimm11(inst); + break; + case rv_codec_vsetivli: + dec->rd = operand_rd(inst); + dec->imm = operand_vimm(inst); + dec->vzimm = operand_vzimm10(inst); + break; }; } @@ -3025,6 +4395,10 @@ static void format_inst(char *buf, size_t buflen, size_t tab, rv_decode *dec) snprintf(tmp, sizeof(tmp), "%d", dec->imm); append(buf, tmp, buflen); break; + case 'u': + snprintf(tmp, sizeof(tmp), "%u", ((uint32_t)dec->imm & 0b11111)); + append(buf, tmp, buflen); + break; case 'o': snprintf(tmp, sizeof(tmp), "%d", dec->imm); append(buf, tmp, buflen); @@ -3113,6 +4487,60 @@ static void format_inst(char *buf, size_t buflen, size_t tab, rv_decode *dec) append(buf, ".rl", buflen); } break; + case 'l': + append(buf, ",v0", buflen); + break; + case 'm': + if (dec->vm == 0) { + append(buf, ",v0.t", buflen); + } + break; + case 'D': + append(buf, rv_vreg_name_sym[dec->rd], buflen); + break; + case 'E': + append(buf, rv_vreg_name_sym[dec->rs1], buflen); + break; + case 'F': + append(buf, rv_vreg_name_sym[dec->rs2], buflen); + break; + case 'G': + append(buf, rv_vreg_name_sym[dec->rs3], buflen); + break; + case 'v': { + char nbuf[32] = {0}; + const int sew = 1 << (((dec->vzimm >> 3) & 0b111) + 3); + sprintf(nbuf, "%d", sew); + const int lmul = dec->vzimm & 0b11; + const int flmul = (dec->vzimm >> 2) & 1; + const char *vta = (dec->vzimm >> 6) & 1 ? "ta" : "tu"; + const char *vma = (dec->vzimm >> 7) & 1 ? "ma" : "mu"; + append(buf, "e", buflen); + append(buf, nbuf, buflen); + append(buf, ",m", buflen); + if (flmul) { + switch (lmul) { + case 3: + sprintf(nbuf, "f2"); + break; + case 2: + sprintf(nbuf, "f4"); + break; + case 1: + sprintf(nbuf, "f8"); + break; + } + append(buf, nbuf, buflen); + } else { + sprintf(nbuf, "%d", 1 << lmul); + append(buf, nbuf, buflen); + } + append(buf, ",", buflen); + append(buf, vta, buflen); + append(buf, ",", buflen); + append(buf, vma, buflen); + break; + } default: break; } @@ -3209,7 +4637,7 @@ disasm_inst(char *buf, size_t buflen, rv_isa isa, uint64_t pc, rv_inst inst) decode_inst_operands(&dec, isa); decode_inst_decompress(&dec, isa); decode_inst_lift_pseudo(&dec); - format_inst(buf, buflen, 16, &dec); + format_inst(buf, buflen, 24, &dec); } #define INST_FMT_2 "%04" PRIx64 " " From 55144a1fd0d1f37b49ea051291decbbe427b7714 Mon Sep 17 00:00:00 2001 From: Jim Shu Date: Mon, 3 Oct 2022 04:14:39 +0000 Subject: [PATCH 94/96] hw/intc: sifive_plic: fix hard-coded max priority level The maximum priority level is hard-coded when writing to interrupt priority register. However, when writing to priority threshold register, the maximum priority level is from num_priorities Property which is configured by platform. Also change interrupt priority register to use num_priorities Property in maximum priority level. Signed-off-by: Emmanuel Blot Signed-off-by: Jim Shu Reviewed-by: Frank Chang Acked-by: Alistair Francis Message-Id: <20221003041440.2320-2-jim.shu@sifive.com> Signed-off-by: Alistair Francis --- hw/intc/sifive_plic.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c index af4ae3630e..f864efa761 100644 --- a/hw/intc/sifive_plic.c +++ b/hw/intc/sifive_plic.c @@ -180,8 +180,10 @@ static void sifive_plic_write(void *opaque, hwaddr addr, uint64_t value, if (addr_between(addr, plic->priority_base, plic->num_sources << 2)) { uint32_t irq = ((addr - plic->priority_base) >> 2) + 1; - plic->source_priority[irq] = value & 7; - sifive_plic_update(plic); + if (value <= plic->num_priorities) { + plic->source_priority[irq] = value; + sifive_plic_update(plic); + } } else if (addr_between(addr, plic->pending_base, plic->num_sources >> 3)) { qemu_log_mask(LOG_GUEST_ERROR, From 1aae4a12dab4bf1adc249c2ac6178d15e4b5a77d Mon Sep 17 00:00:00 2001 From: Jim Shu Date: Mon, 3 Oct 2022 04:14:40 +0000 Subject: [PATCH 95/96] hw/intc: sifive_plic: change interrupt priority register to WARL field MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PLIC spec [1] requires interrupt source priority registers are WARL field and the number of supported priority is power-of-2 to simplify SW discovery. Existing QEMU RISC-V machine (e.g. shakti_c) don't strictly follow PLIC spec, whose number of supported priority is not power-of-2. Just change each bit of interrupt priority register to WARL field when the number of supported priority is power-of-2. [1] https://github.com/riscv/riscv-plic-spec/blob/master/riscv-plic.adoc#interrupt-priorities Signed-off-by: Jim Shu Reviewed-by: Clément Chigot Acked-by: Alistair Francis Message-Id: <20221003041440.2320-3-jim.shu@sifive.com> Signed-off-by: Alistair Francis --- hw/intc/sifive_plic.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c index f864efa761..c2dfacf028 100644 --- a/hw/intc/sifive_plic.c +++ b/hw/intc/sifive_plic.c @@ -180,7 +180,15 @@ static void sifive_plic_write(void *opaque, hwaddr addr, uint64_t value, if (addr_between(addr, plic->priority_base, plic->num_sources << 2)) { uint32_t irq = ((addr - plic->priority_base) >> 2) + 1; - if (value <= plic->num_priorities) { + if (((plic->num_priorities + 1) & plic->num_priorities) == 0) { + /* + * if "num_priorities + 1" is power-of-2, make each register bit of + * interrupt priority WARL (Write-Any-Read-Legal). Just filter + * out the access to unsupported priority bits. + */ + plic->source_priority[irq] = value % (plic->num_priorities + 1); + sifive_plic_update(plic); + } else if (value <= plic->num_priorities) { plic->source_priority[irq] = value; sifive_plic_update(plic); } @@ -207,7 +215,16 @@ static void sifive_plic_write(void *opaque, hwaddr addr, uint64_t value, uint32_t contextid = (addr & (plic->context_stride - 1)); if (contextid == 0) { - if (value <= plic->num_priorities) { + if (((plic->num_priorities + 1) & plic->num_priorities) == 0) { + /* + * if "num_priorities + 1" is power-of-2, each register bit of + * interrupt priority is WARL (Write-Any-Read-Legal). Just + * filter out the access to unsupported priority bits. + */ + plic->target_priority[addrid] = value % + (plic->num_priorities + 1); + sifive_plic_update(plic); + } else if (value <= plic->num_priorities) { plic->target_priority[addrid] = value; sifive_plic_update(plic); } From 47566421f029b0a489b63f8195b3ff944e017056 Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Wed, 12 Oct 2022 11:14:49 +1000 Subject: [PATCH 96/96] target/riscv: pmp: Fixup TLB size calculation Since commit 4047368938f6 "accel/tcg: Introduce tlb_set_page_full" we have been seeing this assert ../accel/tcg/cputlb.c:1294: tlb_set_page_with_attrs: Assertion `is_power_of_2(size)' failed. When running Tock on the OpenTitan machine. The issue is that pmp_get_tlb_size() would return a TLB size that wasn't a power of 2. The size was also smaller then TARGET_PAGE_SIZE. This patch ensures that any TLB size less then TARGET_PAGE_SIZE is rounded down to 1 to ensure it's a valid size. Signed-off-by: Alistair Francis Reviewed-by: LIU Zhiwei Reviewed-by: Richard Henderson Message-id: 20221012011449.506928-1-alistair.francis@opensource.wdc.com Message-Id: <20221012011449.506928-1-alistair.francis@opensource.wdc.com> --- target/riscv/pmp.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c index ea2b67d947..2b43e399b8 100644 --- a/target/riscv/pmp.c +++ b/target/riscv/pmp.c @@ -628,6 +628,18 @@ bool pmp_is_range_in_tlb(CPURISCVState *env, hwaddr tlb_sa, } if (*tlb_size != 0) { + /* + * At this point we have a tlb_size that is the smallest possible size + * That fits within a TARGET_PAGE_SIZE and the PMP region. + * + * If the size is less then TARGET_PAGE_SIZE we drop the size to 1. + * This means the result isn't cached in the TLB and is only used for + * a single translation. + */ + if (*tlb_size < TARGET_PAGE_SIZE) { + *tlb_size = 1; + } + return true; }