hvf: fix lflags_to_rflags

Paolo Bonzini via Qemu-commits Thu, 08 May 2025 08:18:49 -0700

  Branch: refs/heads/staging-9.2
  Home:   https://github.com/qemu/qemu
  Commit: 1cc062970e49e8387ae14b120bc94b1009b634c1
      
https://github.com/qemu/qemu/commit/1cc062970e49e8387ae14b120bc94b1009b634c1
  Author: Paolo Bonzini <pbonz...@redhat.com>
  Date:   2025-04-24 (Thu, 24 Apr 2025)


  Changed paths:
    M target/i386/hvf/x86_flags.c

  Log Message:
  -----------
  target/i386/hvf: fix lflags_to_rflags

Clear the flags before adding in the ones computed from lflags.

Cc: Wei Liu <li...@linux.microsoft.com>
Cc: qemu-sta...@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit 94a159f3dc737d00749cc930adaec112abe07b3c)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 9f8bb7edacd4f5833740fe6d81509d5396f8b7cc
      
https://github.com/qemu/qemu/commit/9f8bb7edacd4f5833740fe6d81509d5396f8b7cc
  Author: Richard Henderson <richard.hender...@linaro.org>
  Date:   2025-04-24 (Thu, 24 Apr 2025)

  Changed paths:
    M target/avr/insn.decode
    M target/avr/translate.c

  Log Message:
  -----------
  target/avr: Improve decode of LDS, STS

The comment about not being able to define a field with
zero bits is out of date since 94597b6146f3
("decodetree: Allow !function with no input bits").

This fixes the missing load of imm in the disassembler.

Cc: qemu-sta...@nongnu.org
Fixes: 9d8caa67a24 ("target/avr: Add support for disassembling via option '-d 
in_asm'")
Reviewed-by: Pierrick Bouvier <pierrick.bouv...@linaro.org>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
(cherry picked from commit 6b661b7ed7cd02c54a78426d5eb7dd8543b030ed)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: e6e49667ae966037e3c4c682ec6275dc3128d459
      
https://github.com/qemu/qemu/commit/e6e49667ae966037e3c4c682ec6275dc3128d459
  Author: Philippe Mathieu-Daudé <phi...@linaro.org>
  Date:   2025-04-29 (Tue, 29 Apr 2025)

  Changed paths:
    M hw/core/machine-qmp-cmds.c
    M target/ppc/cpu_init.c

  Log Message:
  -----------
  hw/core: Get default_cpu_type calling machine_class_default_cpu_type()

Since commit 62b4a227a33 the default cpu type can come from the
valid_cpu_types[] array. Call the machine_class_default_cpu_type()
instead of accessing MachineClass::default_cpu_type field.

Cc: qemu-sta...@nongnu.org
Fixes: 62b4a227a33 ("hw/core: Add machine_class_default_cpu_type()")
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouv...@linaro.org>
Reviewed-by: Zhao Liu <zhao1....@intel.com>
Message-Id: <20250422084114.39499-1-phi...@linaro.org>
(cherry picked from commit d5f241834be1b323ea697a469ff0f1335a1823fe)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: c7e01899822a8780136656004ddba4e756dc59d6
      
https://github.com/qemu/qemu/commit/c7e01899822a8780136656004ddba4e756dc59d6
  Author: Peter Maydell <peter.mayd...@linaro.org>
  Date:   2025-04-29 (Tue, 29 Apr 2025)

  Changed paths:
    M include/hw/core/cpu.h

  Log Message:
  -----------
  hw/core/cpu: gdb_arch_name string should not be freed

The documentation for the CPUClass::gdb_arch_name method claims that
the returned string should be freed with g_free().  This is not
correct: in commit a650683871ba728 we changed this method to
instead return a simple constant string, but forgot to update
the documentation.

Make the documentation match the new semantics.

Fixes: a650683871ba728 ("hw/core/cpu: Return static value with gdb_arch_name()")
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Alex Bennée <alex.ben...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250317142819.900029-2-peter.mayd...@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 56a9f0d4c4a483ce217e5290db69cb1788586787)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 639cee5ed76c21201fc0e7321e11dbb7974f093d
      
https://github.com/qemu/qemu/commit/639cee5ed76c21201fc0e7321e11dbb7974f093d
  Author: Hauke Mehrtens <ha...@hauke-m.de>
  Date:   2025-04-29 (Tue, 29 Apr 2025)

  Changed paths:
    M target/mips/tcg/mips16e_translate.c.inc

  Log Message:
  -----------
  target/mips: Fix MIPS16e translation

Fix a wrong conversion to gen_op_addr_addi(). The framesize should be
added like it was done before.

This bug broke booting OpenWrt MIPS32 BE malta Linux system images
generated by OpenWrt.

Cc: qemu-sta...@nongnu.org
Fixes: d0b24b7f50e1 ("target/mips: Use gen_op_addr_addi() when possible")
Signed-off-by: Hauke Mehrtens <ha...@hauke-m.de>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250412194003.181411-1-ha...@hauke-m.de>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit d4a785ba30ce6d8acf0206f049fb4a7494e0898a)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: dc13fed5f0d4c0d07bf3af865e6f67a52d2783e3
      
https://github.com/qemu/qemu/commit/dc13fed5f0d4c0d07bf3af865e6f67a52d2783e3
  Author: Akihiko Odaki <akihiko.od...@daynix.com>
  Date:   2025-04-29 (Tue, 29 Apr 2025)

  Changed paths:
    M meson.build

  Log Message:
  -----------
  meson: Use has_header_symbol() to check getcpu()

The use of gnu_source_prefix in the detection of getcpu() was
ineffective because the header file that declares getcpu() when
_GNU_SOURCE is defined was not included. Pass sched.h to
has_header_symbol() so that the existence of the declaration will be
properly checked.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Tested-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250424-buildsys-v1-1-97655e3b2...@daynix.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 563cd698dffb977eea0ccfef3b95f6f9786766f3)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 8696da0495624cfc3ce8d5cb105c24d8bf796cd0
      
https://github.com/qemu/qemu/commit/8696da0495624cfc3ce8d5cb105c24d8bf796cd0
  Author: Akihiko Odaki <akihiko.od...@daynix.com>
  Date:   2025-04-29 (Tue, 29 Apr 2025)

  Changed paths:
    M meson.build

  Log Message:
  -----------
  meson: Remove CONFIG_STATX and CONFIG_STATX_MNT_ID

CONFIG_STATX and CONFIG_STATX_MNT_ID are not used since commit
e0dc2631ec4 ("virtiofsd: Remove source").

Cc: qemu-sta...@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Tested-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250424-buildsys-v1-2-97655e3b2...@daynix.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 6804b89fb531f5dd49c1e038214c89272383e220)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 83c926daf87b02e95f4d69327883db6d2c5379ed
      
https://github.com/qemu/qemu/commit/83c926daf87b02e95f4d69327883db6d2c5379ed
  Author: Richard Henderson <richard.hender...@linaro.org>
  Date:   2025-05-07 (Wed, 07 May 2025)

  Changed paths:
    M accel/tcg/translate-all.c

  Log Message:
  -----------
  accel/tcg: Don't use TARGET_LONG_BITS in decode_sleb128

When we changed decode_sleb128 from target_long to
int64_t, we failed to adjust the shift limit.

Cc: qemu-sta...@nongnu.org
Fixes: c9ad8d27caa ("tcg: Widen gen_insn_data to uint64_t")
Reviewed-by: Pierrick Bouvier <pierrick.bouv...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
(cherry picked from commit 9401f91b9b0c46886388735b3f2033a9c254895a)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 7407d2319d405b4d67b2c107a31f9a59c8196c70
      
https://github.com/qemu/qemu/commit/7407d2319d405b4d67b2c107a31f9a59c8196c70
  Author: Peter Maydell <peter.mayd...@linaro.org>
  Date:   2025-05-08 (Thu, 08 May 2025)

  Changed paths:
    M target/arm/tcg/translate.c

  Log Message:
  -----------
  target/arm: Don't assert() for ISB/SB inside IT block

If the guest code has an ISB or SB insn inside an IT block, we
generate incorrect code which trips a TCG assertion:

qemu-system-arm: ../tcg/tcg-op.c:3343: void tcg_gen_goto_tb(unsigned int): 
Assertion `(tcg_ctx->goto_tb_issue_mask & (1 << idx)) == 0' failed.

This is because we call gen_goto_tb(dc, 1, ...) twice:

 brcond_i32 ZF,$0x0,ne,$L1
 add_i32 pc,pc,$0x4
 goto_tb $0x1
 exit_tb $0x73d948001b81
 set_label $L1
 add_i32 pc,pc,$0x4
 goto_tb $0x1
 exit_tb $0x73d948001b81

Both calls are in arm_tr_tb_stop(), one for the
DISAS_NEXT/DISAS_TOO_MANY handling, and one for the dc->condjump
condition-failed codepath.  The DISAS_NEXT handling doesn't have this
problem because arm_post_translate_insn() does the handling of "emit
the label for the condition-failed conditional execution" and so
arm_tr_tb_stop() doesn't have dc->condjump set.  But for
DISAS_TOO_MANY we don't do that.

Fix the bug by making arm_post_translate_insn() handle the
DISAS_TOO_MANY case.  This only affects the SB and ISB insns when
used in Thumb mode inside an IT block: only these insns specifically
set is_jmp to TOO_MANY, and their A32 encodings are unconditional.

For the major TOO_MANY case (breaking the TB because it would cross a
page boundary) we do that check and set is_jmp to TOO_MANY only after
the call to arm_post_translate_insn(); so arm_post_translate_insn()
sees is_jmp == DISAS_NEXT, and  we emit the correct code for that
situation.

With this fix we generate the somewhat more sensible set of TCG ops:
 brcond_i32 ZF,$0x0,ne,$L1
 set_label $L1
 add_i32 pc,pc,$0x4
 goto_tb $0x1
 exit_tb $0x7c5434001b81

(NB: the TCG optimizer doesn't optimize out the jump-to-next, but
we can't really avoid emitting it because we don't know at the
point we're emitting the handling for the condexec check whether
this insn is going to happen to be a nop for us or not.)

Cc: qemu-sta...@nongnu.org
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/2942
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-id: 20250501125544.727038-1-peter.mayd...@linaro.org
(cherry picked from commit 8ed7c0b6488a7f20318d6ba414f1cbcd0ed92afe)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 9e13cd7232c1e528962acf8c17c664da5e80d548
      
https://github.com/qemu/qemu/commit/9e13cd7232c1e528962acf8c17c664da5e80d548
  Author: Bernhard Beschow <shen...@gmail.com>
  Date:   2025-05-08 (Thu, 08 May 2025)

  Changed paths:
    M hw/gpio/imx_gpio.c

  Log Message:
  -----------
  hw/gpio/imx_gpio: Fix interpretation of GDIR polarity

According to the i.MX 8M Plus reference manual, a GPIO pin is
configured as an output when the corresponding bit in the GDIR
register is set.  The function imx_gpio_set_int_line() is intended to
be a no-op if the pin is configured as an output, returning early in
such cases.  However, it inverts the condition.  Fix this by
returning early when the bit is set.

cc: qemu-sta...@nongnu.org
Fixes: f44272809779 ("i.MX: Add GPIO device")
Signed-off-by: Bernhard Beschow <shen...@gmail.com>
Message-id: 20250501183445.2389-4-shen...@gmail.com
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit eba837a31b9579e30cc6d7ecb4b5c2662a6ffaba)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 4ba45dffdebc2018ab85e4385cb5155e97ebb742
      
https://github.com/qemu/qemu/commit/4ba45dffdebc2018ab85e4385cb5155e97ebb742
  Author: Paolo Bonzini <pbonz...@redhat.com>
  Date:   2025-05-08 (Thu, 08 May 2025)

  Changed paths:
    M target/i386/tcg/emit.c.inc
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: do not trigger IRQ shadow for LSS

Because LSS need not trigger an IRQ shadow, gen_movl_seg can't just use
the destination register to decide whether to inhibit IRQs.  Add an
argument.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit e54ef98c8a80d16158bab4341d9a898701270528)
(back-ported to 10.0)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 5dd4660f5f4d12166018e1d6dc122149264a8832
      
https://github.com/qemu/qemu/commit/5dd4660f5f4d12166018e1d6dc122149264a8832
  Author: Paolo Bonzini <pbonz...@redhat.com>
  Date:   2025-05-08 (Thu, 08 May 2025)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: do not block singlestep for STI

STI will trigger a singlestep exception even if it has inhibit-IRQ
behavior.  Do not suppress single-step for all IRQ-inhibiting
instructions, instead special case MOV SS and POP SS.

Cc: qemu-sta...@nongnu.org
Fixes: f0f0136abba ("target/i386: no single-step exception after MOV or POP 
SS", 2024-05-25)
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit 1e94ddc6854431064c94a7d8f2f2886def285829)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


Compare: https://github.com/qemu/qemu/compare/af01cf195ba1...5dd4660f5f4d

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications

[Qemu-commits] [qemu/qemu] 1cc062: target/i386/hvf: fix lflags_to_rflags

Reply via email to