From: Peter Maydell
aio_context_set_thread_pool_params() takes two int64_t arguments to
set the minimum and maximum number of threads in the pool. We do
some bounds checking on these, but we don't catch the case where the
inputs are negative. This means that later in the function when we
assign
From: Amjad Alsharafi
How this `abort` was intended to check for was:
- if the `mapping->first_mapping_index` is not the same as
`first_mapping_index`, which **should** happen only in one case,
when we are handling the first mapping, in that case
`mapping->first_mapping_index == -1`, in all
From: Richard Henderson
AdvSIMD instructions are supposed to zero bits beyond 128.
Affects SSHLL, USHLL, SSHLL2, USHLL2.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Richard Henderson
Message-id: 20240717060903.205098-15-richard.hender...@linaro.org
Reviewed-by: Peter Maydell
Signed-off-by: Peter
From: Paolo Bonzini
sgx_epc_get_section assumes a PC platform is in use:
bool sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
{
PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
However, sgx_epc_get_section is called by CPUID regardless of whether
SGX state has been
From: Stefano Garzarella
libblkio supports BLKIO_REQ_FUA with write zeros requests only since
version 1.4.0, so let's inform the block layer that the blkio driver
supports it only in this case. Otherwise we can have runtime errors
as reported in https://issues.redhat.com/browse/RHEL-32878
Fixes:
From: Bibo Mao
Loongson IPI is only available in little-endian,
so use that to access the guest memory (in case
we run on a big-endian host).
Cc: qemu-sta...@nongnu.org
Signed-off-by: Bibo Mao
Fixes: f6783e3438 ("hw/loongarch: Add LoongArch ipi interrupt support")
[PMD: Extracted from bigger co
From: Eric Blake
A malicious client can attempt to connect to an NBD server, and then
intentionally delay progress in the handshake, including if it does
not know the TLS secrets. Although the previous two patches reduce
this behavior by capping the default max-connections parameter and
killing
From: Akihiko Odaki
hvf did not advance PC when raising an exception for most unhandled
system registers, but it mistakenly advanced PC when raising an
exception for GICv3 registers.
Cc: qemu-sta...@nongnu.org
Fixes: a2260983c655 ("hvf: arm: Add support for GICv3")
Signed-off-by: Akihiko Odaki
From: Clément Mathieu--Drif
The constant must be unsigned, otherwise the two's complement
overrides the other fields when a PASID is present.
Fixes: 1b2b12376c8a ("intel-iommu: PASID support")
Signed-off-by: Clément Mathieu--Drif
Reviewed-by: Yi Liu
Reviewed-by: Zhenzhong Duan
Reviewed-by: Mi
From: Amjad Alsharafi
Before this commit, the behavior when calling `commit_one_file` for
example with `offset=0x2000` (second cluster), what will happen is that
we won't fetch the next cluster from the fat, and instead use the first
cluster for the read operation.
This is due to off-by-one erro
From: Peter Maydell
The UMOPA/UMOPS instructions are supposed to multiply unsigned 8 or
16 bit elements and accumulate the products into a 64-bit element.
In the Arm ARM pseudocode, this is done with the usual
infinite-precision signed arithmetic. However our implementation
doesn't quite get it
From: Manos Pitsidianakis
When setting the parameters of a PCM stream, we compute the bit flag
with the format and rate values as shift operand to check if they are
set in supported_formats and supported_rates.
If the guest provides a format/rate value which when shifting 1 results
in a value bi
From: Peter Maydell
In newer versions of Sphinx the env.doc2path() API is going to change
to return a Path object rather than a str. This was originally visible
in Sphinx 8.0.0rc1, but has been rolled back for the final 8.0.0
release. However it will probably emit a deprecation warning and is
lik
From: Peter Maydell
When we converted the LDAPR/STLR instructions to decodetree we
accidentally introduced a regression where the offset is negative.
The 9-bit immediate field is signed, and the old hand decoder
correctly used sextract32() to get it out of the insn word,
but the ldapr_stlr_i patt
From: Philippe Mathieu-Daudé
We neglected to clear the @data_count index on ADMA error,
allowing to trigger assertion in sdhci_read_dataport() or
sdhci_write_dataport().
Cc: qemu-sta...@nongnu.org
Fixes: d7dfca0807 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Zheyu Ma
Resolv
From: Zhao Liu
QEMU crashes (Segmentation fault) when getting cxl-fmw property via
qmp:
(QEMU) qom-get path=machine property=cxl-fmw
This issue is caused by accessing wrong callback (opaque) type in
machine_get_cfmw().
cxl_machine_init() sets the callback as `CXLState *` type but
machine_get_c
From: Peter Maydell
For an instruction which accesses a 128-bit element tile when
the SVL is also 128 (for example MOV z0.Q, p0/M, ZA0H.Q[w0,0]),
we will assert in get_tile_rowcol():
qemu-system-aarch64: ../../tcg/tcg-op.c:926: tcg_gen_deposit_z_i32: Assertion
`len > 0' failed.
This happens be
From: Richard Henderson
This operation has float16 inputs and thus must use
the FZ16 control not the FZ control.
Cc: qemu-sta...@nongnu.org
Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)")
Reported-by: Daniyal Khan
Signed-off-by: Richard Henderson
Reviewed-by: Alex Bennée
From: Manos Pitsidianakis
When reading input audio in the virtio-snd input callback,
virtio_snd_pcm_in_cb(), we do not check whether the iov can actually fit
the data buffer. This is because we use the buffer->size field as a
total-so-far accumulator instead of byte-size-left like in TX buffers.
From: songziming
If I use `-serial stdio` on Windows, after QEMU exits, the terminal
could not handle arrow keys and tab any more. Because stdio backend
on Windows sets console mode to virtual terminal input when starts,
but does not restore the old mode when finalize.
This small patch saves the
From: Peter Maydell
The documentation of the "Set palette" mailbox property at
https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface#set-palette
says it has the form:
Length: 24..1032
Value:
u32: offset: first palette index to set (0-255)
u32: length: nu
From: Peter Maydell
In commit c1a1f80518d360b when we added the FEAT_LSE2 relaxations to
the alignment requirements for atomic and ordered loads and stores,
we didn't quite get it right for LDAPR/LDAPRH/LDAPRB with no
immediate offset. These instructions were handled in the old decoder
as part o
From: Markus Armbruster
Commit 8f9a9259d32c added ObjectType member @x-vfio-user-server with
feature unstable, but neglected to explain why it is unstable. Do
that now.
Fixes: 8f9a9259d32c (vfio-user: define vfio-user-server object)
Cc: Elena Ufimtseva
Cc: John G Johnson
Cc: Jagannathan Raman
From: Zheyu Ma
The allocated memory to hold LBA ranges leaks in the nvme_dsm function. This
happens because the allocated memory for iocb->range is not freed in all
error handling paths.
Fix this by adding a free to ensure that the allocated memory is properly freed.
ASAN log:
==3075137==ERROR:
From: Daniyal Khan
We made a copy above because the fp exception flags
are not propagated back to the FPST register, but
then failed to use the copy.
Cc: qemu-sta...@nongnu.org
Fixes: 558e956c719 ("target/arm: Implement FMOPA, FMOPS (non-widening)")
Signed-off-by: Daniyal Khan
Signed-off-by: Ri
I'm extending support for qemu 8.2 series for a little longer,
in a way how 7.2 series is handled, - let's see how it works.
The following patches are queued for QEMU stable v8.2.7:
https://gitlab.com/qemu-project/qemu/-/commits/staging-8.2
Patch freeze is 2024-09-16, and the release is planne
On 05/09/2024 23.03, Fabiano Rosas wrote:
Hi,
This series silences QEMU stderr unless the QTEST_LOG variable is set
and silences -qtest-log unless both QTEST_LOG and gtest's --verbose
flag is passed.
This was motivated by Peter Maydell's ask to suppress deprecation
warn_report messages from the
clear masked events from the aer queue when get log page is issued with
rae=0 without checking for the presence of outstanding aer requests
Signed-off-by: Arun Kumar
---
hw/nvme/ctrl.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
ind
From: Peter Maydell
The documentation of the "Set palette" mailbox property at
https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface#set-palette
says it has the form:
Length: 24..1032
Value:
u32: offset: first palette index to set (0-255)
u32: length: nu
From: Zheyu Ma
The allocated memory to hold LBA ranges leaks in the nvme_dsm function. This
happens because the allocated memory for iocb->range is not freed in all
error handling paths.
Fix this by adding a free to ensure that the allocated memory is properly freed.
ASAN log:
==3075137==ERROR:
From: Markus Armbruster
Commit 8f9a9259d32c added ObjectType member @x-vfio-user-server with
feature unstable, but neglected to explain why it is unstable. Do
that now.
Fixes: 8f9a9259d32c (vfio-user: define vfio-user-server object)
Cc: Elena Ufimtseva
Cc: John G Johnson
Cc: Jagannathan Raman
From: Peter Maydell
The FMOPA (widening) SME instruction takes pairs of half-precision
floating point values, widens them to single-precision, does a
two-way dot product and accumulates the results into a
single-precision destination. We don't quite correctly handle the
FPCR bits FZ and FZ16 whi
On Mon, Aug 26, 2024 at 12:48 PM Alvin Chang via wrote:
>
> According to RISC-V Debug specification, the optional textra32 and textra64
> trigger CSRs can be used to configure additional matching conditions for the
> triggers.
>
> This series support to write MHVALUE and MHSELECT fields into textr
On Wed, Sep 4, 2024 at 6:17 AM Daniel Henrique Barboza
wrote:
>
> Hi,
>
> In this new version the only significant code change was made in patch
> 3, where we're no longer modifying the host address with the translated
> address. The remaining of the changes consist in adding more in-code
> docs (
From: Eric Blake
A client that opens a socket but does not negotiate is merely hogging
qemu's resources (an open fd and a small amount of memory); and a
malicious client that can access the port where NBD is listening can
attempt a denial of service attack by intentionally opening and
abandoning
From: Amjad Alsharafi
Before this commit, the behavior when calling `commit_one_file` for
example with `offset=0x2000` (second cluster), what will happen is that
we won't fetch the next cluster from the fat, and instead use the first
cluster for the read operation.
This is due to off-by-one erro
From: Richard Henderson
Cc: qemu-sta...@nongnu.org
Fixes: b3e22b2318a ("target/i386: add core of new i386 decoder")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2495
Signed-off-by: Richard Henderson
Link:
https://lore.kernel.org/r/20240812025844.58956-2-richard.hender...@linaro.org
S
From: Peter Maydell
The function tszimm_esz() returns a shift amount, or possibly -1 in
certain cases that correspond to unallocated encodings in the
instruction set. We catch these later in the trans_ functions
(generally with an "a-esz < 0" check), but before we do the
decodetree-generated cod
From: Richard Henderson
Using int32_t meant that the address was sign-extended to uint64_t
when passing to translator_ld*, triggering an assert.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2453
Signed-off-by: Richard Henderson
Tested-by: Thomas Huth
(cherry picked from commit 83340
From: Stefano Garzarella
libblkio supports BLKIO_REQ_FUA with write zeros requests only since
version 1.4.0, so let's inform the block layer that the blkio driver
supports it only in this case. Otherwise we can have runtime errors
as reported in https://issues.redhat.com/browse/RHEL-32878
Fixes:
From: Marco Palumbi
The order of the RX and TX interrupts are swapped.
This commit fixes the order as per the following documents:
* https://developer.arm.com/documentation/dai0505/latest/
* https://developer.arm.com/documentation/dai0521/latest/
* https://developer.arm.com/documentation/dai05
From: thomas
Patch 06b12970174 ("virtio-net: fix network stall under load")
added double-check to test whether the available buffer size
can satisfy the request or not, in case the guest has added
some buffers to the avail ring simultaneously after the first
check. It will be lucky if the availab
From: Peter Maydell
In amdvi_update_iotlb() we will only put a new entry in the hash
table if to_cache.perm is not IOMMU_NONE. However we allocate the
memory for the new AMDVIIOTLBEntry and for the hash table key
regardless. This means that in the IOMMU_NONE case we will leak the
memory we allo
From: Peter Maydell
In newer versions of Sphinx the env.doc2path() API is going to change
to return a Path object rather than a str. This was originally visible
in Sphinx 8.0.0rc1, but has been rolled back for the final 8.0.0
release. However it will probably emit a deprecation warning and is
lik
From: Jianzhou Yue
The real period is zero when both period and period_frac are zero.
Check the method ptimer_set_freq, if freq is larger than 1000 MHz,
the period is zero, but the period_frac is not, in this case, the
ptimer will work but the current code incorrectly recognizes that
the ptimer i
From: Thomas Huth
The unrealize functions of the various vhost-user devices are
calling the corresponding vhost_*_set_status() functions with a
status of 0 to shut down the device correctly.
Now these vhost_*_set_status() functions all follow this scheme:
bool should_start = virtio_device_s
From: Eric Blake
Commit 3e7ef738 plugged the use-after-free of the global nbd_server
object, but overlooked a use-after-free of nbd_server->listener.
Although this race is harder to hit, notice that our shutdown path
first drops the reference count of nbd_server->listener, then triggers
actions t
From: Eric Blake
Upcoming patches to fix a CVE need to track an opaque pointer passed
in by the owner of a client object, as well as request for a time
limit on how fast negotiation must complete. Prepare for that by
changing the signature of nbd_client_new() and adding an accessor to
get at the
From: Amjad Alsharafi
How this `abort` was intended to check for was:
- if the `mapping->first_mapping_index` is not the same as
`first_mapping_index`, which **should** happen only in one case,
when we are handling the first mapping, in that case
`mapping->first_mapping_index == -1`, in all
From: Akihiko Odaki
Ensure the queue index points to a valid queue when software RSS
enabled. The new calculation matches with the behavior of Linux's TAP
device with the RSS eBPF program.
Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing")
Reported-by: Zhibin Hu
Cc: qemu-sta...@non
From: Amjad Alsharafi
The field is marked as "the offset in the file (in clusters)", but it
was being used like this
`cluster_size*(nums)+mapping->info.file.offset`, which is incorrect.
Signed-off-by: Amjad Alsharafi
Reviewed-by: Kevin Wolf
Message-ID:
<72f19a7903886dda1aa78bcae0e17702ee93926
From: Alexander Ivanov
Set local_err to NULL after it has been freed in error_report_err(). This
avoids triggering assert(*errp == NULL) failure in error_setv() when
local_err is reused in the loop.
Signed-off-by: Alexander Ivanov
Reviewed-by: Claudio Fontana
Reviewed-by: Denis V. Lunev
Link:
From: Amjad Alsharafi
Added several tests to verify the implementation of the vvfat driver.
We needed a way to interact with it, so created a basic `fat16.py` driver
that handled writing correct sectors for us.
Added `vvfat` to the non-generic formats, as its not a normal image format.
Signed-
From: Eric Blake
Allowing an unlimited number of clients to any web service is a recipe
for a rudimentary denial of service attack: the client merely needs to
open lots of sockets without closing them, until qemu no longer has
any more fds available to allocate.
For qemu-nbd, we default to allow
From: Peter Maydell
When the creds->username property is set we allocate memory
for it in qcrypto_tls_creds_psk_prop_set_username(), but
we never free this when the QCryptoTLSCredsPSK is destroyed.
Free the memory in finalize.
This fixes a LeakSanitizer complaint in migration-test:
$ (cd build/
From: Bibo Mao
Loongson IPI is only available in little-endian,
so use that to access the guest memory (in case
we run on a big-endian host).
Cc: qemu-sta...@nongnu.org
Signed-off-by: Bibo Mao
Fixes: f6783e3438 ("hw/loongarch: Add LoongArch ipi interrupt support")
[PMD: Extracted from bigger co
From: Peter Maydell
When determining the current vector length, the SMCR_EL2.LEN and
SVCR_EL2.LEN settings should only be considered if EL2 is enabled
(compare the pseudocode CurrentSVL and CurrentNSVL which call
EL2Enabled()).
We were checking against ARM_FEATURE_EL2 rather than calling
arm_is_
From: Amjad Alsharafi
When reading with `read_cluster` we get the `mapping` with
`find_mapping_for_cluster` and then we call `open_file` for this
mapping.
The issue appear when its the same file, but a second cluster that is
not immediately after it, imagine clusters `500 -> 503`, this will give
From: Eric Blake
A malicious client can attempt to connect to an NBD server, and then
intentionally delay progress in the handshake, including if it does
not know the TLS secrets. Although the previous two patches reduce
this behavior by capping the default max-connections parameter and
killing
From: Philippe Mathieu-Daudé
We neglected to clear the @data_count index on ADMA error,
allowing to trigger assertion in sdhci_read_dataport() or
sdhci_write_dataport().
Cc: qemu-sta...@nongnu.org
Fixes: d7dfca0807 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Zheyu Ma
Resolv
From: Frederik van Hövell
When a bare-metal application on the raspi3 board reads the
AUX_MU_STAT_REG MMIO register while the device's buffer is
at full receive FIFO capacity
(i.e. `s->read_count == BCM2835_AUX_RX_FIFO_LEN`) the
assertion `assert(s->read_count < BCM2835_AUX_RX_FIFO_LEN)`
fails.
The following patches are queued for QEMU stable v7.2.14:
https://gitlab.com/qemu-project/qemu/-/commits/staging-7.2
Patch freeze is 2024-09-16, and the release is planned for 2024-09-18:
https://wiki.qemu.org/Planning/7.2
Please respond here or CC qemu-sta...@nongnu.org on any additional p
From: songziming
If I use `-serial stdio` on Windows, after QEMU exits, the terminal
could not handle arrow keys and tab any more. Because stdio backend
on Windows sets console mode to virtual terminal input when starts,
but does not restore the old mode when finalize.
This small patch saves the
From: Clément Mathieu--Drif
The constant must be unsigned, otherwise the two's complement
overrides the other fields when a PASID is present.
Fixes: 1b2b12376c8a ("intel-iommu: PASID support")
Signed-off-by: Clément Mathieu--Drif
Reviewed-by: Yi Liu
Reviewed-by: Zhenzhong Duan
Reviewed-by: Mi
From: Zhao Liu
QEMU crashes (Segmentation fault) when getting cxl-fmw property via
qmp:
(QEMU) qom-get path=machine property=cxl-fmw
This issue is caused by accessing wrong callback (opaque) type in
machine_get_cfmw().
cxl_machine_init() sets the callback as `CXLState *` type but
machine_get_c
From: Peter Maydell
For an instruction which accesses a 128-bit element tile when
the SVL is also 128 (for example MOV z0.Q, p0/M, ZA0H.Q[w0,0]),
we will assert in get_tile_rowcol():
qemu-system-aarch64: ../../tcg/tcg-op.c:926: tcg_gen_deposit_z_i32: Assertion
`len > 0' failed.
This happens be
From: Peter Maydell
The UMOPA/UMOPS instructions are supposed to multiply unsigned 8 or
16 bit elements and accumulate the products into a 64-bit element.
In the Arm ARM pseudocode, this is done with the usual
infinite-precision signed arithmetic. However our implementation
doesn't quite get it
From: Richard Henderson
This operation has float16 inputs and thus must use
the FZ16 control not the FZ control.
Cc: qemu-sta...@nongnu.org
Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)")
Reported-by: Daniyal Khan
Signed-off-by: Richard Henderson
Reviewed-by: Alex Bennée
From: Peter Maydell
aio_context_set_thread_pool_params() takes two int64_t arguments to
set the minimum and maximum number of threads in the pool. We do
some bounds checking on these, but we don't catch the case where the
inputs are negative. This means that later in the function when we
assign
From: Paolo Bonzini
sgx_epc_get_section assumes a PC platform is in use:
bool sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
{
PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
However, sgx_epc_get_section is called by CPUID regardless of whether
SGX state has been
From: Daniyal Khan
We made a copy above because the fp exception flags
are not propagated back to the FPST register, but
then failed to use the copy.
Cc: qemu-sta...@nongnu.org
Fixes: 558e956c719 ("target/arm: Implement FMOPA, FMOPS (non-widening)")
Signed-off-by: Daniyal Khan
Signed-off-by: Ri
On Mon, Aug 26, 2024 at 12:48 PM Alvin Chang via wrote:
>
> According to RISC-V Debug specification, the optional textra32 and
> textra64 trigger CSRs can be used to configure additional matching
> conditions for the triggers. For example, if the textra.MHSELECT field
> is set to 4 (mcontext), thi
In order to support additional channels of communication using
`-serial`, add several serial ports, up to the standard 4 generally
supported by the 8250 driver.
Signed-off-by: Jason A. Donenfeld
---
hw/loongarch/virt.c| 24 ++--
include/hw/pci-host/ls7a.h | 9 +--
On Fri, Sep 06, 2024 at 06:04:25AM +0200, Jason A. Donenfeld wrote:
> On Fri, Sep 6, 2024 at 3:14 AM maobibo wrote:
> > yeap, will submit a patch to expose ACPI GED pm interface with FDT method.
>
> Clever trick. Works well.
>
> >
> > >
> > >> Meanwhile, any idea about adding a second serial to
On Fri, Sep 6, 2024 at 12:56 AM Stefan Hajnoczi wrote:
>
> On Tue, Jul 16, 2024 at 10:21:35AM +0900, David Stevens wrote:
> > On Fri, Jul 12, 2024 at 2:47 PM Michael S. Tsirkin wrote:
> > >
> > > On Fri, Jul 12, 2024 at 11:06:49AM +0900, David Stevens wrote:
> > > > On Thu, Jul 11, 2024 at 7:56 P
On Fri, Sep 6, 2024 at 3:14 AM maobibo wrote:
> yeap, will submit a patch to expose ACPI GED pm interface with FDT method.
Clever trick. Works well.
>
> >
> >> Meanwhile, any idea about adding a second serial to the platform? I've
> >> been futzing with it for a bit now to no avail.
> >
> > No i
This series appears to work in my testing.
Tested-by: Jason A. Donenfeld
On Tue, Aug 20, 2024 at 2:08 AM Ian Brockbank wrote:
>
> [Resubmission now the merge is correct]
>
> This patch set gives an implementation of "RISC-V Core-Local Interrupt
> Controller(CLIC) Version 0.9-draft-20210217". It comes from [1], where
> you can find the pdf format or the source code.
Th
On Tue, Aug 20, 2024 at 2:13 AM Ian Brockbank wrote:
>
> This adds riscv32-clic-test.c, containing qtest test cases for configuring
> CLIC (via virt machine) and for triggering interrupts.
>
> In order to detect the interrupts, qtest.c has been updated to send interrupt
> information back to the t
On Tue, Aug 20, 2024 at 2:14 AM Ian Brockbank wrote:
>
> From: Ian Brockbank
>
> Decode CLIC interrupt information from exccode, includes interrupt
> privilege mode, interrupt level, and irq number.
>
> Then update CSRs xcause, xstatus, xepc, xintstatus and jump to
> correct PC according to the C
On Fri, Sep 6, 2024 at 12:58 PM Alistair Francis wrote:
>
> On Tue, Aug 20, 2024 at 2:15 AM Ian Brockbank
> wrote:
> >
> > From: Ian Brockbank
> >
> > The xie CSR appears hardwired to zero in CLIC mode, replaced by separate
> > memory-mapped interrupt enables (clicintie[i]). Writes to xie will
On Fri, Sep 6, 2024 at 12:44 PM Alistair Francis wrote:
>
> On Tue, Aug 20, 2024 at 2:11 AM Ian Brockbank
> wrote:
> >
> > From: Ian Brockbank
> >
> > CSR mintstatus holds the active interrupt level for each supported
> > privilege mode. sintstatus, and user, uintstatus, provide restricted
> >
On Tue, Aug 20, 2024 at 2:15 AM Ian Brockbank wrote:
>
> From: Ian Brockbank
>
> The new CLIC interrupt-handling mode is encoded as a new state in the
> existing WARL xtvec register, where the low two bits of are 11.
>
> Signed-off-by: LIU Zhiwei
> Signed-off-by: Ian Brockbank
> ---
> target/r
Hi Alistair,
> -Original Message-
> From: Alistair Francis
> Sent: Friday, September 6, 2024 8:29 AM
> To: Alvin Che-Chia Chang(張哲嘉)
> Cc: qemu-ri...@nongnu.org; qemu-devel@nongnu.org;
> alistair.fran...@wdc.com; bin.m...@windriver.com; liwei1...@gmail.com;
> dbarb...@ventanamicro.com; z
On Tue, Aug 20, 2024 at 2:15 AM Ian Brockbank wrote:
>
> From: Ian Brockbank
>
> The xie CSR appears hardwired to zero in CLIC mode, replaced by separate
> memory-mapped interrupt enables (clicintie[i]). Writes to xie will be
> ignored and will not trap (i.e., no access faults).
>
> Signed-off-by
On Tue, Aug 20, 2024 at 2:11 AM Ian Brockbank wrote:
>
> From: Ian Brockbank
>
> The interrupt-level threshold (xintthresh) CSR holds an 8-bit field
> for the threshold level of the associated privilege mode.
>
> For horizontal interrupts, only the ones with higher interrupt levels
> than the thr
On Tue, Aug 20, 2024 at 2:08 AM Ian Brockbank wrote:
>
> [Resubmission now the merge is correct]
>
> This patch set gives an implementation of "RISC-V Core-Local Interrupt
> Controller(CLIC) Version 0.9-draft-20210217". It comes from [1], where
> you can find the pdf format or the source code.
Ca
On Tue, Aug 20, 2024 at 2:11 AM Ian Brockbank wrote:
>
> From: Ian Brockbank
>
> CSR mintstatus holds the active interrupt level for each supported
> privilege mode. sintstatus, and user, uintstatus, provide restricted
> views of mintstatus.
>
> Signed-off-by: Ian Brockbank
> Signed-off-by: LIU
ACPI ged is used for power management on LoongArch virt platform, in
general it is parsed from acpi table. However if system boot directly from
elf kernel, no UEFI bios is provided and acpi table cannot be used also.
Here acpi ged pm register is exposed with FDT table, it is compatbile
with syscon
Macro definition is added for acpi ged sleep register, so that ged
emulation driver can use this, also it can be used in FDT table if
ged is exposed with FDT table.
Signed-off-by: Bibo Mao
---
hw/acpi/generic_event_device.c | 6 +++---
include/hw/acpi/generic_event_device.h | 3 +++
2 fi
ACPI ged is used for power management on LoongArch virt platform, in
general it is parsed from acpi table. However if system boot directly from
elf kernel, no UEFI bios is provided and acpi table cannot be used also.
Here acpi ged pm register is exposed with FDT table, it is compatbile
with syscon
Hi, can someone help review this patch?
Signed-off-by: luzhixing12345
Signed-off-by: luzhixing12345
>On Mon, Aug 12, 2024 at 12:53:19PM GMT, 陆知行 wrote:
>>Hi, can someone review this patch?
>>I find requests which call vhost_user_get_u64 does not set NEED_REPLY flag
>
>Can you provide an example to trigger this issue?
>
>Also, with this change all calls to vhost_us
On Fri, Sep 6, 2024 at 1:08 AM Milan P. Stanić wrote:
>
> build fails on musl libc (alpine linux) with this error:
>
> ../util/cpuinfo-riscv.c: In function 'cpuinfo_init':
> ../util/cpuinfo-riscv.c:63:21: error: '__NR_riscv_hwprobe' undeclared (first
> use in this function); did you mean 'riscv_h
On 2024/9/6 上午12:03, Thomas Weißschuh wrote:
On 2024-09-05 17:18:07+, Jason A. Donenfeld wrote:
On Thu, Sep 5, 2024 at 5:16 PM Thomas Weißschuh wrote:
On 2024-09-05 17:07:22+, Jason A. Donenfeld wrote:
On Thu, Sep 5, 2024 at 5:05 PM Thomas Weißschuh wrote:
On 2024-09-05 16:53:5
On 2024/9/5 下午11:49, Jason A. Donenfeld wrote:
On Thu, Sep 05, 2024 at 04:54:41PM +0200, Jason A. Donenfeld wrote:
On Thu, Sep 05, 2024 at 02:11:32PM +0800, maobibo wrote:
On 2024/9/5 下午1:25, Thomas Weißschuh wrote:
On 2024-09-05 06:04:12+, Jason A. Donenfeld wrote:
On Thu, Sep 5, 20
On Fri, Sep 6, 2024 at 1:08 AM Milan P. Stanić wrote:
>
> build fails on musl libc (alpine linux) with this error:
>
> ../util/cpuinfo-riscv.c: In function 'cpuinfo_init':
> ../util/cpuinfo-riscv.c:63:21: error: '__NR_riscv_hwprobe' undeclared (first
> use in this function); did you mean 'riscv_h
On Mon, Sep 2, 2024 at 5:14 PM Tommy Wu wrote:
>
> This patch adds a new instruction `mnret`. `mnret` is an M-mode-only
> instruction that uses the values in `mnepc` and `mnstatus` to return to the
> program counter, privilege mode, and virtualization mode of the
> interrupted context.
>
> Signed-
On Mon, Sep 2, 2024 at 5:14 PM Tommy Wu wrote:
>
> This patchset added support for Smrnmi Extension in RISC-V.
Thanks!
Can you please include a link to the exact spec version used for this?
We have had issues where there are multiple conflicting ratified
versions of a spec, so we are trying to
On Mon, Aug 26, 2024 at 12:48 PM Alvin Chang via wrote:
Your From is still wrong
>
> According to RISC-V Debug specification, the optional textra32 and
> textra64 trigger CSRs can be used to configure additional matching
> conditions for the triggers. For example, if the textra.MHSELECT field
>
1 - 100 of 285 matches
Mail list logo
