It will need special handling for TDX VMs all around the QEMU.
Introduce is_tdx_vm() helper to query if it's a TDX VM.
Cache tdx_guest object thus no need to cast from ms->cgs every time.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
Reviewed-by: Isaku Yamahata
---
changes in v3:
- replace
For each TDVF sections, QEMU needs to copy the content to guest
private memory via KVM API (KVM_TDX_INIT_MEM_REGION).
Introduce a field @mem_ptr for TdxFirmwareEntry to track the memory
pointer of each TDVF sections. So that QEMU can add/copy them to guest
private memory later.
TDVF sections can
Reuse "-cpu,tsc-frequency=" to get user wanted tsc frequency and call VM
scope VM_SET_TSC_KHZ to set the tsc frequency of TD before KVM_TDX_INIT_VM.
Besides, sanity check the tsc frequency to be in the legal range and
legal granularity (required by TDX module).
Signed-off-by: Xiaoyao Li
Acked-by
TDX vcpu needs to be initialized by SEAMCALL(TDH.VP.INIT) and KVM
provides vcpu level IOCTL KVM_TDX_INIT_VCPU for it.
KVM_TDX_INIT_VCPU needs the address of the HOB as input. Invoke it for
each vcpu after HOB list is created.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kv
From: Isaku Yamahata
TSC of TDs is not accessible and KVM doesn't allow access of
MSR_IA32_TSC for TDs. To avoid the assert() in kvm_get_tsc, make
kvm_synchronize_all_tsc() noop for TDs,
Signed-off-by: Isaku Yamahata
Reviewed-by: Connor Kuehl
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
Currently, QEMU exposes CPUID 0x1f to guest only when necessary, i.e.,
when topology level that cannot be enumerated by leaf 0xB, e.g., die or
module level, are configured for the guest, e.g., -smp xx,dies=2.
However, TDX architecture forces to require CPUID 0x1f to configure CPU
topology.
Introd
Currently, pmu is not supported for TDX by KVM.
Signed-off-by: Xiaoyao Li
---
chanegs in v6:
- new patch;
---
target/i386/kvm/tdx.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 591de30eedf4..12c1c2503845 100644
--- a/target/i386/k
TDX uses CPUID 0x1f to configure TD guest's CPU topology. So set
enable_cpuid_0x1f for TDs.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 4
1 file changed, 4 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 12c1c2503845..982ed779df4a 100644
--- a/targ
The RAM of TDX VM can be classified into two types:
- TDX_RAM_UNACCEPTED: default type of TDX memory, which needs to be
accepted by TDX guest before it can be used and will be all-zeros
after being accepted.
- TDX_RAM_ADDED: the RAM that is ADD'ed to TD guest before running, and
can be
For TDX, some CPUID feature bit is configured via TD attributes. Adjust
the supported CPUID to mask off the bit if its matched attribute is
unsupported.
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.h | 4
target/i386/kvm/tdx.c | 54 +++
2 files
Invoke KVM_TDX_FINALIZE_VM to finalize the TD's measurement and make
the TD vCPUs runnable once machine initialization is complete.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i
For TDX guest, the phys_bits is not configurable and can only be
host/native value.
Validate phys_bits inside tdx_check_features().
Signed-off-by: Xiaoyao Li
---
target/i386/host-cpu.c | 2 +-
target/i386/host-cpu.h | 1 +
target/i386/kvm/tdx.c | 8
3 files changed, 10 insertions(+),
Use KVM_TDX_GET_CPUID to get the CPUIDs that are managed and enfored
by TDX module for TD guest. Check QEMU's configuration against the
fetched data.
Print wanring message when 1. a feature is not supported but requested
by QEMU or 2. QEMU doesn't want to expose a feature while it is enforced
ena
Mask off the CPUID bits as unsupported if its matched XFAM bit is
not supported. Otherwise, it might fail the check in setup_td_xfam() as
unsupported XFAM being requested.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 39 +++
1 file changed, 39 inserti
KVM translates TDG.VP.VMCALL to KVM_HC_MAP_GPA_RANGE, and QEMU
needs to enable user exit on KVM_HC_MAP_GPA_RANGE in order to handle the
memory conversion requested by TD guest.
Signed-off-by: Xiaoyao Li
---
changes in v6:
- new patch;
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 ins
QEMU calls kvm_arch_put_registers() when vcpu_dirty is true in
kvm_vcpu_exec(). However, for confidential guest, like TDX, putting
registers is disallowed due to guest state is protected.
Only set vcpu_dirty to true with guest state is not protected when
creating the vcpu.
Signed-off-by: Xiaoyao
TDX only supports readonly for shared memory but not for private memory.
In the view of QEMU, it has no idea whether a memslot is used as shared
memory of private. Thus just mark kvm_readonly_mem_enabled to false to
TDX VM for simplicity.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
t
Signed-off-by: Xiaoyao Li
---
Changes in v7:
- fix CPUID_EXT2_SYSCALL by adding it to actual;
---
target/i386/kvm/tdx.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index f6a4f3322e61..58ea6a4d3156 100644
--- a/target/i386/kvm/t
TD guest can use TDG.VP.VMCALL to request
termination. KVM translates such request into KVM_EXIT_SYSTEM_EVENT with
type of KVM_SYSTEM_EVENT_TDX_FATAL.
Add hanlder for such exit. Parse and print the error message, and
terminate the TD guest in the handler.
Signed-off-by: Xiaoyao Li
---
Changes in
1. QEMU's support for Intel PT is borken in general, thus doesn't
support for TDX.
2. Only limited KVM PV features are supported for TD guest.
3. Drop the AMD specific bits that are reserved on Intel platform.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 44
Introduce kvm_arch_pre_create_vcpu(), to perform arch-dependent
work prior to create any vcpu. This is for i386 TDX because it needs
call TDX_INIT_VM before creating any vcpu.
The specific implemnet of i386 will be added in the future patch.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
To allow execute confidential guest specific cpu init operations.
Signed-off-by: Xiaoyao Li
---
Changes in v6:
- new patch;
---
target/i386/confidential-guest.h | 11 +++
target/i386/cpu.c| 10 ++
2 files changed, 21 insertions(+)
diff --git a/target/i386/confid
On 1/23/2025 8:53 PM, Igor Mammedov wrote:
On Tue, 14 Jan 2025 21:01:27 +0800
Xiaoyao Li wrote:
On 12/13/2024 6:39 AM, Ira Weiny wrote:
On Tue, Nov 05, 2024 at 01:23:49AM -0500, Xiaoyao Li wrote:
From: Isaku Yamahata
When level trigger isn't supported on x86 platform,
it used to be level
Thomas Huth writes:
> We don't have any functional tests for this machine yet, thus let's
> add a test with a MicroPython binary that is available online
We do have a basic system test:
test-armv6m-undef: test-armv6m-undef.S
$(CC) -mcpu=cortex-m0 -mfloat-abi=soft \
There is no interface in KVM to report the support bits of TD guest.
QEMU has to maintain the knowledge itself. E.g., fixed0 and fixed1 are
already hardcoded in tdx_fixed0_bits and tdx_fixed1_bits.
For configurable bits, KVM might filer some due to KVM lacks the support
currently. The filtered bit
Invoke KVM_TDX_INIT in kvm_arch_pre_create_vcpu() that KVM_TDX_INIT
configures global TD configurations, e.g. the canonical CPUID config,
and must be executed prior to creating vCPUs.
Use kvm_x86_arch_cpuid() to setup the CPUID settings for TDX VM.
Note, this doesn't address the fact that QEMU ma
On Wed, Jan 22, 2025 at 05:05:12PM +0800, Zhao Liu wrote:
> Hi folks,
>
> Sorry for the long wait, but RFC v2 is here at last.
>
> Compared with v1 [1], v2 mianly makes `action` as a global parameter,
> and all events (and fixed counters) are based on a unified action.
>
> Learned from the discu
Hello, I have a basic question about emulation by QEMU when there is no
hardware peripheral. How does QEMU emulate wifi functionality for VMs if
the underlying hardware doesn't have wifi RF module ? Basically, how does
it give the user of the VM internet access through WiFi ? This question can
be g
They will be used by TDX.
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.c | 3 ---
target/i386/cpu.h | 5 +
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 4088bf63c48f..f1330627adbb 100644
--- a/target/i386/cpu.c
+++ b/target/i386/c
On 1/21/25 06:23, Philippe Mathieu-Daudé wrote:
Signed-off-by: Philippe Mathieu-Daudé
---
target/sh4/cpu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson
r~
On 1/21/25 06:23, Philippe Mathieu-Daudé wrote:
Move has_work() from CPUClass to SysemuCPUOps, simplifying
xtensa_cpu_has_work() by directly using CPU env.
Signed-off-by: Philippe Mathieu-Daudé
---
target/xtensa/cpu.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
Review
On 1/21/25 06:23, Philippe Mathieu-Daudé wrote:
Signed-off-by: Philippe Mathieu-Daudé
---
target/sparc/cpu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Reviewed-by: Richard Henderson
r~
We directly use fp_status_f16 in a handful of helpers that
are AArch32-specific; switch to fp_status_f16_a32 for these.
Signed-off-by: Peter Maydell
---
target/arm/tcg/vec_helper.c | 4 ++--
target/arm/vfp_helper.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/target
On 24/1/25 18:17, Richard Henderson wrote:
On 1/21/25 06:23, Philippe Mathieu-Daudé wrote:
Signed-off-by: Philippe Mathieu-Daudé
---
target/riscv/cpu.h | 9 +
target/riscv/internals.h | 3 ---
target/riscv/cpu.c | 8 +++-
3 files changed, 8 insertions(+), 12 deletio
We want to pass another flag that will be stored in MemTxAttrs. So pass
MemTxAttrs directly.
Signed-off-by: David Hildenbrand
---
hw/core/loader.c | 2 +-
hw/remote/vfio-user-obj.c | 2 +-
include/exec/memory.h | 5 +++--
system/memory_ldst.c.inc | 18 +-
system/
This is used inconjuction with the cache plugin (with port
parameter supplied) and the CXL Type 3 device with a hotness
monitoring unit (chmu-port parameter supplied).
It implements a very basic oracle with a counter per 4KiB page
and simple loop to find large counts. The hotlist length is
contro
The tacoma-bmc machine has recently been removed, so let's remove
it from the documentation now, too.
Fixes: 2b1b66e01f ("arm: Remove tacoma-bmc machine")
Signed-off-by: Thomas Huth
---
docs/system/arm/aspeed.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/system
On 24/1/25 18:50, Philippe Mathieu-Daudé wrote:
QOM types are now registered using as TypeInfo via DEFINE_TYPES()
or type_init(). Update TYPE_SH_SERIAL, removing the empty QOM
instance_init/finalize handlers.
Signed-off-by: Philippe Mathieu-Daudé
---
hw/char/sh_serial.c | 23 +++--
On Wed, 2025-01-15 at 14:31 +0100, Shalini Chellathurai Saroja wrote:
> This commit saves the state of CPI values in the guest and
> transfers this state during live migration of the guest.
IMO, using active voice and directly stating what is done is preferable.
Something like:
Register Control-P
On Wed, 2025-01-15 at 14:31 +0100, Shalini Chellathurai Saroja wrote:
> This commit adds the firmware control-program
> identifiers received from a KVM guest via the
> SCLP event type Control-Program Identification to QOM.
> A timestamp in which the data is received is also
> added to QOM.
>
> Exa
Definitely not suggesting to install an invalid pointer anywhere. The
mapped pointer will still be valid for gmem for example, but the fault
isn't. We need to differenciate two things (1) virtual address mapping,
then (2) permission and accesses on the folios / pages of the mapping.
Here I think
On 1/21/25 06:23, Philippe Mathieu-Daudé wrote:
SysemuCPUOps::has_work() is similar to CPUClass::has_work(),
but only exposed on system emulation.
Signed-off-by: Philippe Mathieu-Daudé
---
include/hw/core/sysemu-cpu-ops.h | 4
hw/core/cpu-system.c | 4
2 files changed,
On 1/21/25 06:23, Philippe Mathieu-Daudé wrote:
Signed-off-by: Philippe Mathieu-Daudé
---
target/arm/cpu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Reviewed-by: Richard Henderson
r~
On 1/24/25 18:52, Philippe Mathieu-Daudé wrote:
On 22/1/25 19:09, del...@kernel.org wrote:
From: Helge Deller
Allow up to 256 GB RAM, which is the maximum a rp8440 machine (the very
last 64-bit PA-RISC machine) physically supports.
Signed-off-by: Helge Deller
---
hw/hppa/hppa_hardware.h |
This series introduces the concept of the relaxed translation requirement
for s390x guests in order to allow bypass of the guest IOMMU for more
efficient PCI passthrough.
With this series, QEMU can indicate to the guest that an IOMMU is not
strictly required for a zPCI device. This would subseque
Specifying this bit in the guest CLP response indicates that the guest
can optionally choose to skip translation and instead use
identity-mapped operations.
Signed-off-by: Matthew Rosato
---
hw/s390x/s390-pci-vfio.c| 5 -
include/hw/s390x/s390-pci-clp.h | 1 +
2 files changed, 5 inse
On 1/21/25 06:23, Philippe Mathieu-Daudé wrote:
Signed-off-by: Philippe Mathieu-Daudé
---
target/s390x/s390x-internal.h | 2 ++
1 file changed, 2 insertions(+)
Reviewed-by: Richard Henderson
r~
Il ven 24 gen 2025, 20:05 Stefan Hajnoczi ha scritto:
> Hi Paolo,
> Please take a look at this failure and send a v2 pull request, if
> necessary:
>
> thread '' panicked at 'already borrowed',
> rust/qemu-api/libqemu_api.rlib.p/structured/cell.rs:450:5
> note: run with `RUST_BACKTRACE=1` environm
Hi Jonathan,
thanks for posting this. It's a creative usage of plugins.
I think that your current approach, decoupling plugins, CHMU and device
model is a good thing.
I'm not familiar with CXL, but one question that comes to my mind is:
Is that mandatory to do this analysis during execution (
On 1/14/25 20:55, Eric Farman wrote:
On Tue, 2025-01-14 at 13:51 -0500, Rorie Reyes wrote:
On 1/8/25 2:29 AM, Cédric Le Goater wrote:
Hello Rorie,
On 1/7/25 19:43, Rorie Reyes wrote:
This patch adds enumeration constant VFIO_AP_CFG_CHG_IRQ_INDEX to
specify
an IRQ index for signaling that a ch
In prop_vlen_set function, there is an incorrect comparison between
vlen(bit) and vlenb(byte).
This will cause unexpected error when user applies the `vlen=1024` cpu
option with a vendor predefined cpu type that the default vlen is
1024(vlenb=128).
Signed-off-by: Max Chou
---
target/riscv/cpu.c
On 1/7/25 19:43, Rorie Reyes wrote:
Register an event notifier handler to process AP configuration
change events by queuing the event and generating a CRW to let
the guest know its AP configuration has changed
Signed-off-by: Rorie Reyes
Reviewed-by: Anthony Krowiak
Tested-by: Anthony Krowiak
On 1/7/25 19:43, Rorie Reyes wrote:
Creates an object indicating that an AP configuration change event
has been received and stores it in a queue. These objects will later
be used to store event information for an AP configuration change
when the CHSC instruction is intercepted.
Signed-off-by: R
On 1/7/25 19:43, Rorie Reyes wrote:
These functions can be invoked by the function that handles interception
of the CHSC SEI instruction for requests indicating the accessibility of
one or more adjunct processors has changed.
Signed-off-by: Rorie Reyes
---
hw/vfio/ap.c | 37 ++
On Fri, Jan 24, 2025 at 12:01 PM Duan, Zhenzhong
wrote:
>
>
>
> >-Original Message-
> >From: Jason Wang
> >Subject: Re: [PATCH] hw/virtio/vhost: Disable IOTLB callbacks when IOMMU gets
> >disabled
> >
> >On Fri, Jan 24, 2025 at 11:30 AM Jason Wang wrote:
> >>
> >> On Fri, Jan 24, 2025 at
On Thu, 23 Jan 2025 10:39:03 +0530
Vinayak Holikatti wrote:
> CXL spec 3.1 section 8.2.9.9.5.3 describes media operations commands.
> CXL devices supports media operations Sanitize and Write zero command.
As before, don't indent this.
>
> Signed-off-by: Vinayak Holikatti
> ---
> hw/c
This is a follow-up to [1], implementing it by avoiding the use of
address_space_write_rom() in cpu_memory_rw_debug() completely, and
teaching address_space_write() about debug access instead, the can also
write to ROM.
The goal is to let GDB via cpu_memory_rw_debug() to also properly write to
MMI
On Fri, Jan 24, 2025 at 06:15:20PM +0530, Prasad Pandit wrote:
> Hello Peter,
>
> On Thu, 23 Jan 2025 at 16:39, Prasad Pandit wrote:
> > On Wed, 22 Jan 2025 at 21:40, Peter Xu wrote:
> > > I believe many of the tests can be avoided, but still below is a list of
> > > minimum tests that I think m
We don't need the MemTxAttrs, so let's simply use the simpler function
variant.
Signed-off-by: David Hildenbrand
---
monitor/hmp-cmds-target.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/monitor/hmp-cmds-target.c b/monitor/hmp-cmds-target.c
index 0300faa8a2..0d2e9dce69
On 24/1/25 16:45, David Hildenbrand wrote:
We want to pass another flag that will be stored in MemTxAttrs. So pass
MemTxAttrs directly.
Signed-off-by: David Hildenbrand
---
hw/core/loader.c | 2 +-
hw/remote/vfio-user-obj.c | 2 +-
include/exec/memory.h | 5 +++--
system/me
On 24/1/25 16:45, David Hildenbrand wrote:
We don't need the MemTxAttrs, so let's simply use the simpler function
variant.
Signed-off-by: David Hildenbrand
---
monitor/hmp-cmds-target.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Reviewed-by: Philippe Mathieu-Daudé
On Thu, 23 Jan 2025 01:17:30 +0800
Tomita Moeko wrote:
> The actual IO BAR4 write quirk in vfio_probe_igd_bar4_quirk() was
> removed in previous change, leaving the function not matching its name,
> so move it into the newly introduced vfio_config_quirk_setup(). There
> is no functional change in
On 24/1/25 15:15, Thomas Huth wrote:
Some tests have a very long runtime and might run into timeout
issues e.g. when QEMU has been compiled with --enable-debug.
Add a decorator for marking them more easily and document the
corresponding environment variable that is used to enable the
tests.
Sign
As documented in commit 4a2e242bbb306 ("memory: Don't use memcpy for
ram_device regions"), we disallow direct access to RAM DEVICE regions.
This change implies that address_space_write_rom() and
cpu_memory_rw_debug() won't be able to write to RAM DEVICE regions. It
will also affect cpu_flush_icach
Hello, Jason, Eric,
On Fri, Jan 24, 2025 at 11:30:56AM +0800, Jason Wang wrote:
> It might be because neither virtio bus nor virtio-net provides a
> shutdown method.
>
> There used to be requests to provide those to unbreak the kexec.
>
> A quick try might be to provide a .driver.shutdown to
> v
Igor Mammedov writes:
> On Thu, 23 Jan 2025 12:23:43 +0100
> Igor Mammedov wrote:
>
>> On Thu, 23 Jan 2025 10:52:15 +
>> Alex Bennée wrote:
>>
>> > Igor Mammedov writes:
>> >
>> > > QEMU will crash with following debug enabled
>> > > # define DEBUG_TLB_GATE 1
>> > > # define DEBUG_
On Fri, Jan 24, 2025 at 02:12:46PM +, Jonathan Cameron wrote:
> On Fri, 18 Oct 2024 12:12:52 -0400
> Gregory Price wrote:
>
> > From: Svetly Todorov
> >
> > Using a shared-memory bytemap, validates that DC adds, releases,
> > and reclamations happen on extents belonging to the appropriate
>
As documented in commit 4a2e242bbb306 ("memory: Don't use memcpy for
ram_device regions"), we disallow direct access to RAM DEVICE regions.
Let's make this clearer to prepare for further changes. Note that romd
regions will never be RAM DEVICE at the same time.
Signed-off-by: David Hildenbrand
-
On Fri, Jan 24, 2025 at 03:15:26PM +0100, Thomas Huth wrote:
> Copy the ReplayKernelBase class from the avocado tests. We are going
> to need it to convert the related replay tests in the following patches.
>
> Signed-off-by: Thomas Huth
> ---
> tests/functional/replay_kernel.py | 84 +++
Let's factor the complete "directly accessible" check independent of
the "write" condition out so we can reuse it next.
We can now split up the checks RAM and ROMD check, so we really only check
for RAM DEVICE in case of RAM -- ROM DEVICE is neither RAM not RAM DEVICE.
Signed-off-by: David Hilden
This patchset implements emulation of the Arm FEAT_AFP and FEAT_RPRES
extensions, which are floating-point related. It's based on the
small i386 bugfix series I sent out a while back:
Based-on: 20250116112536.4117889-1-peter.mayd...@linaro.org
("target/i386: Fix 0 * Inf + QNaN regression")
(It wo
On 24/1/25 17:20, Jonathan Cameron wrote:
On Thu, 23 Jan 2025 09:51:51 +
Jonathan Cameron via wrote:
On Wed, 22 Jan 2025 07:56:24 +0100
Philippe Mathieu-Daudé wrote:
Map the component I/O region as UnimplementedDevice
to be able to trace guest I/O accesses with '-d unimp'.
Signed-off-b
Use fp_status_a32 in the vjcvt helper function; this is called only
from the A32/T32 decoder and is not used inside a
set_rmode/restore_rmode sequence.
Signed-off-by: Peter Maydell
---
target/arm/vfp_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/vfp_help
Now we have moved all the uses of vfp.fp_status and FPST_FPCR
to either the A32 or A64 fields, we can remove these.
Signed-off-by: Peter Maydell
---
target/arm/cpu.h | 2 --
target/arm/tcg/translate.h | 6 --
target/arm/cpu.c | 1 -
target/arm/vfp_helper.c| 8 +---
Use the FPSR_ named constants in vfp_exceptbits_from_host(),
rather than hardcoded magic numbers.
Signed-off-by: Peter Maydell
---
target/arm/vfp_helper.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c
index fc20
The pseudocode ResetSVEState() does:
FPSR = ZeroExtend(0x089f<31:0>, 64);
but QEMU's arm_reset_sve_state() called vfp_set_fpcr() by accident.
Before the advent of FEAT_AFP, this was only setting a collection of
RES0 bits, which vfp_set_fpsr() would then ignore, so the only effect
was that
The Armv8.7 FEAT_AFP feature defines three new control bits in
the FPCR:
* FPCR.AH: "alternate floating point mode"; this changes floating
point behaviour in a variety of ways, including:
- the sign of a default NaN is 1, not 0
- if FPCR.FZ is also 1, denormals detected after rounding
Our float_flag_output_denormal exception flag is set when
the fpu code flushes an output denormal to zero. Rename
it to float_flag_output_denormal_flushed:
* this keeps it parallel with the flag for flushing
input denormals, which we just renamed
* it makes it clearer that it doesn't mean "set
Add a test case which tests some corner case behaviour of
fused-multiply-add on x86:
* 0 * Inf + SNaN should raise Invalid
* 0 * Inf + QNaN shouldh not raise Invalid
* tininess should be detected after rounding
There is also one currently-disabled test case:
* flush-to-zero should be done afte
We want to split the existing fp_status in the Arm CPUState into
separate float_status fields for AArch32 and AArch64. (This is
because new control bits defined by FEAT_AFP only have an effect for
AArch64, not AArch32.) To make this split we will:
* define new fp_status_a32 and fp_status_a64 whic
When FPCR.AH is 1, use FPST_FPCR_AH for:
* AdvSIMD BFCVT, BFCVTN, BFCVTN2
* SVE BFCVT, BFCVTNT
so that they get the required behaviour changes.
Signed-off-by: Peter Maydell
---
target/arm/tcg/translate-a64.c | 27 +--
target/arm/tcg/translate-sve.c | 6 --
2 files
When FPCR.AH is 1, the behaviour of some instructions changes:
* AdvSIMD BFCVT, BFCVTN, BFCVTN2, BFMLALB, BFMLALT
* SVE BFCVT, BFCVTNT, BFMLALB, BFMLALT, BFMLSLB, BFMLSLT
* SME BFCVT, BFCVTN, BFMLAL, BFMLSL (these are all in SME2 which
QEMU does not yet implement)
* FRECPE, FRECPS, FRECPX, F
Now we have moved all the uses of vfp.fp_status_f16 and FPST_FPCR_F16
to the new A32 or A64 fields, we can remove these.
Signed-off-by: Peter Maydell
---
target/arm/cpu.h | 2 --
target/arm/tcg/translate.h | 6 --
target/arm/cpu.c | 1 -
target/arm/vfp_helper.c| 7 ---
The advsimd_addh etc helpers defined in helper-a64.c are identical to
the vfp_addh etc helpers defined in helper-vfp.c: both take two
float16 inputs (in a uint32_t type) plus a float_status* and are
simple wrappers around the softfloat float16_* functions.
(The duplication seems to be a historical
Currently in softfloat we canonicalize input denormals and so the
code that implements floating point operations does not need to care
whether the input value was originally normal or denormal. However,
both x86 and Arm FEAT_AFP require that an exception flag is set if:
* an input is denormal
*
Switch from vfp.fp_status to vfp.fp_status_a64 for helpers which:
* directly reference an fp_status field
* are called only from the A64 decoder
* are not called inside a set_rmode/restore_rmode sequence
Signed-off-by: Peter Maydell
---
target/arm/tcg/sme_helper.c | 2 +-
target/arm/tcg/vec_
As the first part of splitting the existing fp_status_f16
into separate float_status fields for AArch32 and AArch64
(so that we can make FEAT_AFP control bits apply only
for AArch64), define the two new fp_status_f16_a32 and
fp_status_f16_a64 fields, but don't use them yet.
Signed-off-by: Peter Ma
Our float_flag_input_denormal exception flag is set when the fpu code
flushes an input denormal to zero. This is what many guest
architectures (eg classic Arm behaviour) require, but it is not the
only donarmal-related reason we might want to set an exception flag.
The x86 behaviour (which we do n
Handle FPCR.NEP for the 1-input scalar operations.
Signed-off-by: Peter Maydell
---
target/arm/tcg/translate-a64.c | 26 ++
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index 944bdf8cafe..6
Currently we implement BFCVT scalar via do_fp1_scalar(). This works
even though BFCVT is a narrowing operation from 32 to 16 bits,
because we can use write_fp_sreg() for float16. However, FPCR.NEP
support requires that we use write_fp_hreg_merging() for float16
outputs, so we can't continue to bor
For FEAT_AFP, we want to emit different code when FPCR.NEP is set, so
that instead of zeroing the high elements of a vector register when
we write the output of a scalar operation to it, we instead merge in
those elements from one of the source registers. Since this affects
the generated code, we
Split the handling of vector FABD so that it calls a different set
of helpers when FPCR.AH is 1, which implement the "no negation of
the sign of a NaN" semantics.
Signed-off-by: Peter Maydell
---
target/arm/helper.h| 4
target/arm/tcg/translate-a64.c | 7 ++-
target/arm/tc
In softfloat-types.h a comment documents that if the float_status
field flush_to_zero is set then we flush denormalised results to 0
and set the inexact flag. This isn't correct: the status flag that
we set when flush_to_zero causes us to flush an output to zero is
float_flag_output_denormal_flush
Handle FPCR.NEP for the 3-input scalar operations which use
do_fmla_scalar_idx() and do_fmadd(), by making them call the
appropriate write_fp_*reg_merging() functions.
Signed-off-by: Peter Maydell
---
target/arm/tcg/translate-a64.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(
In the A32 decoder, use FPST_FPCR_F16_A32 rather than FPST_FPCR_F16.
By doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.
Patch created with
perl -p -i -e 's/FPST_FPCR_F16(?!_)/FPST_FPCR_F16_A64/g'
target/a
In vfp_exceptbits_from_host(), we accumulate the FPSR flags in
an "int", and our return type is also "int". However, the only
callsite returns the same information as a uint32_t, and
more generally we handle FPSR values in the code as uint32_t,
not int. Bring this function in to line with that conv
We directly use fp_status_f16 in a handful of helpers that are
AArch64-specific; switch to fp_status_f16_a64 for these.
Signed-off-by: Peter Maydell
---
target/arm/tcg/sme_helper.c | 4 ++--
target/arm/tcg/vec_helper.c | 8
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/
FPCR.AH == 1 mandates that taking the absolute value of a NaN should
not change its sign bit. This means we can no longer use
gen_vfp_abs*() everywhere but must instead generate slightly more
complex code when FPCR.AH is set.
Implement these semantics for scalar FABS and FABD. This change also
a
Add some fma test cases that check for correct handling of FTZ and
for the flag that indicates that the input denormal was consumed.
Signed-off-by: Peter Maydell
---
tests/tcg/x86_64/fma.c | 12
1 file changed, 12 insertions(+)
diff --git a/tests/tcg/x86_64/fma.c b/tests/tcg/x86_64
When FPCR.AH == 1, floating point FMIN and FMAX have some odd special
cases:
* comparing two zeroes (even of different sign) or comparing a NaN
with anything always returns the second argument (possibly
squashed to zero)
* denormal outputs are not squashed to zero regardless of FZ or FZ16
101 - 200 of 345 matches
Mail list logo
