Commit graph

121351 commits

Author SHA1 Message Date
Daniel P. Berrangé
81941aa896 scripts/checkpatch.pl: mandate SPDX tag for Rust src files
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Juraj Marcin
1bd4237cb1 util/qemu-sockets: Introduce inet socket options controlling TCP keep-alive
With the default TCP stack configuration, it could be even 2 hours
before the connection times out due to the other side not being
reachable. However, in some cases, the application needs to be aware of
a connection issue much sooner.

This is the case, for example, for postcopy live migration. If there is
no traffic from the migration destination guest (server-side) to the
migration source guest (client-side), the destination keeps waiting for
pages indefinitely and does not switch to the postcopy-paused state.
This can happen, for example, if the destination QEMU instance is
started with the '-S' command line option and the machine is not started
yet, or if the machine is idle and produces no new page faults for
not-yet-migrated pages.

This patch introduces new inet socket parameters that control count,
idle period, and interval of TCP keep-alive packets before the
connection is considered broken. These parameters are available on
systems where the respective TCP socket options are defined, that
includes Linux, Windows, macOS, but not OpenBSD. Additionally, macOS
defines TCP_KEEPIDLE as TCP_KEEPALIVE instead, so the patch supplies its
own definition.

The default value for all is 0, which means the system configuration is
used.

Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Juraj Marcin
316e8ee8d6 util/qemu-sockets: Refactor inet_parse() to use QemuOpts
Currently, the inet address parser cannot handle multiple options where
one is prefixed with the name of the other. For example, with the
'keep-alive-idle' option added, the current parser cannot parse
'127.0.0.1:5000,keep-alive-idle=60,keep-alive' correctly. Instead, it
fails with "error parsing 'keep-alive' flag '-idle=60,keep-alive'".

To resolve these issues, this patch rewrites the inet address parsing
using the QemuOpts parser, which the inet_parse_flag() function tries to
mimic. This new parser supports all previously supported options and on
top of that the 'numeric' flag is now also supported. The only
difference is, the new parser produces an error if an unknown option is
passed, instead of silently ignoring it.

Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Juraj Marcin
00064705ed util/qemu-sockets: Add support for keep-alive flag to passive sockets
Commit aec21d3175 (qapi: Add InetSocketAddress member keep-alive)
introduces the keep-alive flag, which enables the SO_KEEPALIVE socket
option, but only on client-side sockets. However, this option is also
useful for server-side sockets, so they can check if a client is still
reachable or drop the connection otherwise.

This patch enables the SO_KEEPALIVE socket option on passive server-side
sockets if the keep-alive flag is enabled. This socket option is then
inherited by active server-side sockets communicating with connected
clients.

Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Juraj Marcin
911e0f2c6e util/qemu-sockets: Refactor success and failure paths in inet_listen_saddr()
To get a listening socket, we need to first create a socket, try binding
it to a certain port, and lastly starting listening to it. Each of these
operations can fail due to various reasons, one of them being that the
requested address/port is already in use. In such case, the function
tries the same process with a new port number.

This patch refactors the port number loop, so the success path is no
longer buried inside the 'if' statements in the middle of the loop. Now,
the success path is not nested and ends at the end of the iteration
after successful socket creation, binding, and listening. In case any of
the operations fails, it either continues to the next iteration (and the
next port) or jumps out of the loop to handle the error and exits the
function.

Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Juraj Marcin
b8b5278aca util/qemu-sockets: Refactor setting client sockopts into a separate function
This is done in preparation for enabling the SO_KEEPALIVE support for
server sockets and adding settings for more TCP keep-alive socket
options.

Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Juraj Marcin
0dc051aa85 io: Fix partial struct copy in qio_dns_resolver_lookup_sync_inet()
Commit aec21d3175 (qapi: Add InetSocketAddress member keep-alive)
introduces the keep-alive flag, but this flag is not copied together
with other options in qio_dns_resolver_lookup_sync_inet().

This patch fixes this issue and also prevents future ones by copying the
entire structure first and only then overriding a few attributes that
need to be different.

Fixes: aec21d3175 (qapi: Add InetSocketAddress member keep-alive)
Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Daniel P. Berrangé
1f59381d6c scripts/checkpatch: reject license boilerplate on new files
The previous commit mandates use of SPDX-License-Identifier on common
source files, and encourages it on all other files.

Some contributors are none the less still also including the license
boilerplate text. This is redundant and will potentially cause
trouble if inconsistent with the SPDX declaration.

Match common boilerplate text blurbs and report them as invalid,
for newly added files.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Daniel P. Berrangé
b36934063c scripts/checkpatch: reimplement mandate for SPDX-License-Identifier
Going forward we want all newly created source files to have an
SPDX-License-Identifier tag present.

Initially mandate this for C, Python, Perl, Shell source files,
as well as JSON (QAPI) and Makefiles, while encouraging users
to consider it for other file types.

The new attempt at detecting missing SPDX-License-Identifier relies
on the hooks for relying triggering logic at the end of scanning a
new file in the diff.

Tested-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Daniel P. Berrangé
1d745e6d96 scripts/checkpatch: use new hook for MAINTAINERS update check
When seeing a new/deleted/renamed file we check to see if MAINTAINERS
is updated, but we don't give the user a list of files affected, as
we don't want to repeat the same warning many times over.

Using the new file list hook, we can give a single warning at the
end with a list of filenames included.

Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Daniel P. Berrangé
45abbf209f scripts/checkpatch: expand pattern for matching makefiles
The current regex matches Makefile & Makefile.objs, but the latter is
no longer used, anjd we're missing coverage of Makefile.include and
Makefile.target. Expand the pattern to match any suffix.

Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Daniel P. Berrangé
f48f16ec3d scripts/checkpatch: use new hook for file permissions check
The file permissions check is the kind of check intended to be performed
in the new start of file hook.

Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Daniel P. Berrangé
9bec5f93e7 scripts/checkpatch: use new hook for ACPI test data check
The ACPI test data check needs to analyse a list of all files in a
commit, so can use the new hook for processing the file list.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Daniel P. Berrangé
25374ba59b scripts/checkpatch: introduce tracking of file start/end
Some checks want to be performed either at the start of a new file
within a patch, or at the end. This is complicated by the fact that
the information relevant to the check may be spread across multiple
lines. It is further complicated by a need to support both git and
non-git diffs, and special handling for renames where there might
not be any patch hunks.

To handle this more sanely, introduce explicit tracking of file
start/end, taking account of git metadata, and calling a hook
function at each transition.

Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Daniel P. Berrangé
619bf37594 scripts/checkpatch.pl: fix various indentation mistakes
Various checks in the code were under-indented relative to other
surrounding code. Some places used 4-space indents instead of
single tab, while other places simply used too few tabs.

Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Daniel P. Berrangé
66411ab48b Revert "scripts: mandate that new files have SPDX-License-Identifier"
This reverts commit fa4d79c64d.

The logic in this commit was flawed in two critical ways

 * It always failed to report SPDX validation on the last newly
   added file. IOW, it only worked if at least 2 new files were
   added in a commit

 * If an existing file change, followed a new file change, in
   the commit and the existing file context/changed lines
   included SPDX-License-Identifier, it would incorrectly
   associate this with the previous newly added file.

Simply reverting this commit will make it significantly easier to
understand the improved logic in the following commit.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:41 +01:00
Daniel P. Berrangé
5a56f60d7c crypto: fully drop built-in cipher provider
When originally creating the internal crypto cipher APIs, they were
wired up to use the built-in D3DES and AES implementations, as a way
to gracefully transition to the new APIs without introducing an
immediate hard dep on any external crypto libraries for the VNC
password auth (D3DES) or the qcow2 encryption (AES).

In the 6.1.0 release we dropped the built-in D3DES impl, and also
the XTS mode for the AES impl, leaving only AES with ECB/CBC modes.
The rational was that with the system emulators, it is expected that
3rd party crypto libraries will be available.

The qcow2 LUKS impl is preferred to the legacy raw AES impl, and by
default that requires AES in XTS mode, limiting the usefulness of
the built-in cipher provider.

The built-in AES impl has known timing attacks and is only suitable
for use cases where a security boundary is already not expected to
be provided (TCG).

Providing a built-in cipher impl thus potentially misleads users,
should they configure a QEMU without any crypto library, and try
to use it with the LUKS backend, even if that requires a non-default
configuration choice.

Complete what we started in 6.1.0 and purge the remaining AES
support.

Use of either gnutls, nettle, or libcrypt is now mandatory for any
cipher support, except for TCG impls.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-22 11:24:25 +01:00
Daniel P. Berrangé
01ce649e5d tests: fix skipping cipher tests when AES is not available
This avoid tests breakage when we drop support for using the
built-in AES impl as a fallback for missing crypto libraries.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-21 19:36:43 +01:00
Daniel P. Berrangé
75134a3285 tests: skip legacy qcow2 encryption test if AES is not available
This avoids test breakage when we drop support for using the
built-in AES impl as a fallback for missing crypto libraries.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-21 19:36:43 +01:00
Daniel P. Berrangé
212c217f7d tests: skip encrypted secret tests if AES is not available
This avoids test breakage when we drop support for using the
built-in AES impl as a fallback for missing crypto libraries.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-21 19:36:43 +01:00
Daniel P. Berrangé
63d3209092 ui/vnc: fix tight palette pixel encoding for 8/16-bpp formats
When sending a tight rectangle with the palette filter, if the client
format was 8/16bpp, the colours on big endian hosts are not set as
we're sending the wrong bytes. We must first cast the 32-bit colour
to a 16/8-bit value, and then send the result.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-21 19:36:15 +01:00
Daniel P. Berrangé
7009744285 ui/vnc: take account of client byte order in pixman format
The set_pixel_conversion() method is responsible for determining whether
the VNC client pixel format matches the server format, and thus whether
we can use the fast path "copy" impl for sending pixels, or must use
the generic impl with bit swizzling.

The VNC server format is set at build time to VNC_SERVER_FB_FORMAT,
which corresponds to PIXMAN_x8r8g8b8.

The qemu_pixman_get_format() method is then responsible for converting
the VNC pixel format into a pixman format.

The VNC client pixel shifts are relative to the associated endianness.

The pixman formats are always relative to the host native endianness.

The qemu_pixman_get_format() method does not take into account the
VNC client endianness, and is thus returning a pixman format that is
only valid with the host endianness matches that of the VNC client.

This has been broken since pixman was introduced to the VNC server:

  commit 9f64916da2
  Author: Gerd Hoffmann <kraxel@redhat.com>
  Date:   Wed Oct 10 13:29:43 2012 +0200

    pixman/vnc: use pixman images in vnc.

The flaw can be demonstrated using the Tigervnc client by using

   vncviewer -AutoSelect=0 -PreferredEncoding=raw server:display

connecting from a LE client to a QEMU on a BE server, or the
reverse.

The bug was masked, however, because almost all VNC clients will
advertize support for the "tight" encoding and the QEMU VNC server
will prefer "tight" if advertized.

The tight_pack24 method is responsible for taking a set of pixels
which have already been converted into client endianness and then
repacking them into the TPIXEL format which the RFB spec defines
as

  "TPIXEL is only 3 bytes long, where the first byte is the
   red component, the second byte is the green component,
   and the third byte is the blue component of the pixel
   color value"

IOW, the TPIXEL format is fixed on the wire, regardless of what
the VNC client declare as its endianness.

Since the VNC pixel encoding code was failing to honour the endian
flag of the client, the tight_pack24 method was always operating
on data in native endianness. Its impl cancelled out the VNC pixel
encoding bug.

With the VNC pixel encoding code now fixed, the tight_pack24 method
needs to take into account that it is operating on data in client
endianness, not native endianness. It thus may need to invert the
pixel shifts.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-21 19:28:01 +01:00
Daniel P. Berrangé
7ed96710e8 ui/vnc.c: replace big endian flag with byte order value
It will make it easier to do certain comparisons in future if we
store G_BIG_ENDIAN/G_LITTLE_ENDIAN directly, instead of a boolean
flag, as we can then compare directly to the G_BYTE_ORDER constant.

Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-05-21 19:28:01 +01:00
Stefan Hajnoczi
f0737158b4 * target/riscv: clean up supported MMU modes, declarative CPU definitions,
remove .instance_post_init (reviewed by Alistair)
 * qom: reverse order of instance_post_init calls
 * qapi/misc-target: doc and standard improvements for SGX
 * hw/pci-host/gt64120: Fix endianness handling
 * i386/hvf: Make CPUID_HT supported
 * i386/tcg: Make CPUID_HT and CPUID_EXT3_CMP_LEG supported
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmgsLEsUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroMosgf+IbsERBx/JTsjv2tKfCdAKXGmZ6xv
 JIb6SzXkuA0TBScUm0U1zluimNWHqqnSWQ/ogxhw69rqEkAZiFGbahpt9udD19kN
 7oSLmj64a0a4uJZmWeMQ3rPO8zehg6t5K0sKXyR3d49pghw9NCzWabXdDypaV4VC
 sgl9zS46PMjG12XBSq7zwQsUPGwIE6OICtxM/UMgvlqdoI+sZjYU39MpmBf5I0DQ
 /VwGnZPc1pVwZqYn5sV075N4bjN+JYlaZN4+OcuRrU5bw4M8ZEwKxL+/b65ilp5S
 EqDXuxAilMS/0orC7YpCEf9Dryy/w8n3q4ejV8LQ5K6gnsOFTTurdNlWog==
 =bsKR
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* target/riscv: clean up supported MMU modes, declarative CPU definitions,
  remove .instance_post_init (reviewed by Alistair)
* qom: reverse order of instance_post_init calls
* qapi/misc-target: doc and standard improvements for SGX
* hw/pci-host/gt64120: Fix endianness handling
* i386/hvf: Make CPUID_HT supported
* i386/tcg: Make CPUID_HT and CPUID_EXT3_CMP_LEG supported

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmgsLEsUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMosgf+IbsERBx/JTsjv2tKfCdAKXGmZ6xv
# JIb6SzXkuA0TBScUm0U1zluimNWHqqnSWQ/ogxhw69rqEkAZiFGbahpt9udD19kN
# 7oSLmj64a0a4uJZmWeMQ3rPO8zehg6t5K0sKXyR3d49pghw9NCzWabXdDypaV4VC
# sgl9zS46PMjG12XBSq7zwQsUPGwIE6OICtxM/UMgvlqdoI+sZjYU39MpmBf5I0DQ
# /VwGnZPc1pVwZqYn5sV075N4bjN+JYlaZN4+OcuRrU5bw4M8ZEwKxL+/b65ilp5S
# EqDXuxAilMS/0orC7YpCEf9Dryy/w8n3q4ejV8LQ5K6gnsOFTTurdNlWog==
# =bsKR
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 May 2025 03:16:27 EDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (35 commits)
  qom: reverse order of instance_post_init calls
  target/riscv: remove .instance_post_init
  target/riscv: convert Xiangshan Nanhu to RISCVCPUDef
  target/riscv: convert Ventana V1 to RISCVCPUDef
  target/riscv: convert TT Ascalon to RISCVCPUDef
  target/riscv: convert THead C906 to RISCVCPUDef
  target/riscv: generalize custom CSR functionality
  target/riscv: th: make CSR insertion test a bit more intuitive
  target/riscv: convert SiFive U models to RISCVCPUDef
  target/riscv: convert ibex CPU models to RISCVCPUDef
  target/riscv: convert SiFive E CPU models to RISCVCPUDef
  target/riscv: convert dynamic CPU models to RISCVCPUDef
  target/riscv: convert bare CPU models to RISCVCPUDef
  target/riscv: convert profile CPU models to RISCVCPUDef
  target/riscv: convert abstract CPU classes to RISCVCPUDef
  target/riscv: add more RISCVCPUDef fields
  target/riscv: include default value in cpu_cfg_fields.h.inc
  target/riscv: move RISCVCPUConfig fields to a header file
  target/riscv: merge riscv_cpu_class_init with the class_base function
  target/riscv: store RISCVCPUDef struct directly in the class
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2025-05-20 10:26:30 -04:00
Paolo Bonzini
220c739903 qom: reverse order of instance_post_init calls
Currently, the instance_post_init calls are performed from the leaf
class and all the way up to Object.  This is incorrect because the
leaf class cannot observe property values applied by the superclasses;
for example, a compat property will be set on a device *after*
the class's post_init callback has run.

In particular this makes it impossible for implementations of
accel_cpu_instance_init() to operate based on the actual values of
the properties, though it seems that cxl_dsp_instance_post_init and
rp_instance_post_init might have similar issues.

Follow instead the same order as instance_init, starting with Object
and running the child class's instance_post_init after the parent.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
42bc8af140 target/riscv: remove .instance_post_init
Unlike other uses of .instance_post_init, accel_cpu_instance_init()
*registers* properties, and therefore must be run before
device_post_init() which sets them to their values from -global.

In order to move all registration of properties to .instance_init,
call accel_cpu_instance_init() at the end of riscv_cpu_init().

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
70f48d7fb1 target/riscv: convert Xiangshan Nanhu to RISCVCPUDef
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
0927f7d55c target/riscv: convert Ventana V1 to RISCVCPUDef
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
09ef7d9745 target/riscv: convert TT Ascalon to RISCVCPUDef
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
5f687d77ff target/riscv: convert THead C906 to RISCVCPUDef
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
1016b0364f target/riscv: generalize custom CSR functionality
While at it, constify it so that the RISCVCSR array in RISCVCPUDef
can also be const.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
1d84c2401c target/riscv: th: make CSR insertion test a bit more intuitive
In preparation for generalizing the custom CSR functionality,
make the test return bool instead of int.  Make the insertion_test
optional, too.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
5a62948c91 target/riscv: convert SiFive U models to RISCVCPUDef
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
5106b8ee9a target/riscv: convert ibex CPU models to RISCVCPUDef
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
e89d4931d0 target/riscv: convert SiFive E CPU models to RISCVCPUDef
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
0edc2465ba target/riscv: convert dynamic CPU models to RISCVCPUDef
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
37815d80be target/riscv: convert bare CPU models to RISCVCPUDef
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
198265df8a target/riscv: convert profile CPU models to RISCVCPUDef
Profile CPUs reuse the instance_init function for bare CPUs; make them
proper subclasses instead.  Enabling a profile is now done based on the
RISCVCPUDef struct: even though there is room for only one in RISCVCPUDef,
subclasses check that the parent class's profile is enabled through the
parent profile mechanism.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
4e012d36c8 target/riscv: convert abstract CPU classes to RISCVCPUDef
Start from the top of the hierarchy: dynamic and vendor CPUs are just
markers, whereas bare CPUs can have their instance_init function
replaced by RISCVCPUDef.

The only difference is that the maximum supported SATP mode has to
be specified separately for 32-bit and 64-bit modes.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
a6ba81424a target/riscv: add more RISCVCPUDef fields
Allow using RISCVCPUDef to replicate all the logic of custom .instance_init
functions.  To simulate inheritance, merge the child's RISCVCPUDef with
the parent and then finally move it to the CPUState at the end of
TYPE_RISCV_CPU's own instance_init function.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
407254031e target/riscv: include default value in cpu_cfg_fields.h.inc
In preparation for adding a function to merge two RISCVCPUConfigs
(pulling values from the parent if they are not overridden) annotate
cpu_cfg_fields.h.inc with the default value of the fields.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
12877e739b target/riscv: move RISCVCPUConfig fields to a header file
To support merging a subclass's RISCVCPUDef into the superclass, a list
of all the CPU features is needed.  Put them into a header file that
can be included multiple times, expanding the macros BOOL_FIELD and
TYPE_FIELD to different operations.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
7f9e15d82d target/riscv: merge riscv_cpu_class_init with the class_base function
Since all TYPE_RISCV_CPU subclasses support a class_data of type
RISCVCPUDef, process it even before calling the .class_init function
for the subclasses.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
5fd23f20e1 target/riscv: store RISCVCPUDef struct directly in the class
Prepare for adding more fields to RISCVCPUDef and reading them in
riscv_cpu_init: instead of storing the misa_mxl_max field in
RISCVCPUClass, ensure that there's always a valid RISCVCPUDef struct
and go through it.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:53 +02:00
Paolo Bonzini
71fb3aa5eb target/riscv: introduce RISCVCPUDef
Start putting all the CPU definitions in a struct.  Later this will replace
instance_init functions with declarative code, for now just remove the
ugly cast of class_data.

Reviewed-by: Alistair Francis <alistair23@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:42 +02:00
Paolo Bonzini
80b22be382 target/riscv: move satp_mode.{map,init} out of CPUConfig
They are used to provide the nice QOM properties for svNN,
but the canonical source of the CPU configuration is now
cpu->cfg.max_satp_mode.  Store them in the ArchCPU struct.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:31 +02:00
Paolo Bonzini
dabb54c160 target/riscv: remove supported from RISCVSATPMap
"supported" can be computed on the fly based on the max_satp_mode.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:18:28 +02:00
Paolo Bonzini
211c7f9bb8 target/riscv: update max_satp_mode based on QOM properties
Almost all users of cpu->cfg.satp_mode care about the "max" value
satp_mode_max_from_map(cpu->cfg.satp_mode.map).  Convert the QOM
properties back into it.  For TCG, deduce the bitmap of supported modes
from valid_vm[].

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:04:19 +02:00
Paolo Bonzini
357ce8171a target/riscv: cpu: store max SATP mode as a single integer
The maximum available SATP mode implies all the shorter virtual address sizes.
Store it in RISCVCPUConfig and avoid recomputing it via satp_mode_max_from_map.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:04:19 +02:00
Paolo Bonzini
b22cfa0f44 target/riscv: assert argument to set_satp_mode_max_supported is valid
Check that the argument to set_satp_mode_max_supported is valid for
the MXL value of the CPU.  It would be a bug in the CPU definition
if it weren't.

In fact, there is such a bug in riscv_bare_cpu_init(): not just
SV64 is not a valid VM mode for 32-bit CPUs, SV64 is not a
valid VM mode at all, not yet at least.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-05-20 08:04:19 +02:00