From b98348b41174d982527aca8bff6be1df0e776a59 Mon Sep 17 00:00:00 2001 From: Richard W.M. Jones Date: Jan 25 2020 10:43:21 +0000 Subject: Add miscellaneous fixes for RISC-V (RHBZ#1794902). --- diff --git a/0001-riscv-sifive_u-fix-a-memory-leak-in-soc_realize.patch b/0001-riscv-sifive_u-fix-a-memory-leak-in-soc_realize.patch new file mode 100644 index 0000000..3f0e784 --- /dev/null +++ b/0001-riscv-sifive_u-fix-a-memory-leak-in-soc_realize.patch @@ -0,0 +1,34 @@ +From bb8136df698bd565ee4f6c18d26c50dee320bfe4 Mon Sep 17 00:00:00 2001 +From: Pan Nengyuan +Date: Tue, 10 Dec 2019 15:14:37 +0800 +Subject: [PATCH 1/5] riscv/sifive_u: fix a memory leak in soc_realize() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix a minor memory leak in riscv_sifive_u_soc_realize() + +Reported-by: Euler Robot +Signed-off-by: Pan Nengyuan +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Alistair Francis +Signed-off-by: Palmer Dabbelt +--- + hw/riscv/sifive_u.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c +index 0140e95732..0e12b3ccef 100644 +--- a/hw/riscv/sifive_u.c ++++ b/hw/riscv/sifive_u.c +@@ -542,6 +542,7 @@ static void riscv_sifive_u_soc_realize(DeviceState *dev, Error **errp) + SIFIVE_U_PLIC_CONTEXT_BASE, + SIFIVE_U_PLIC_CONTEXT_STRIDE, + memmap[SIFIVE_U_PLIC].size); ++ g_free(plic_hart_config); + sifive_uart_create(system_memory, memmap[SIFIVE_U_UART0].base, + serial_hd(0), qdev_get_gpio_in(DEVICE(s->plic), SIFIVE_U_UART0_IRQ)); + sifive_uart_create(system_memory, memmap[SIFIVE_U_UART1].base, +-- +2.24.1 + diff --git a/0002-riscv-Set-xPIE-to-1-after-xRET.patch b/0002-riscv-Set-xPIE-to-1-after-xRET.patch new file mode 100644 index 0000000..4bd340a --- /dev/null +++ b/0002-riscv-Set-xPIE-to-1-after-xRET.patch @@ -0,0 +1,43 @@ +From a37f21c27d3e2342c2080aafd4cfe7e949612428 Mon Sep 17 00:00:00 2001 +From: Yiting Wang +Date: Fri, 3 Jan 2020 11:53:42 +0800 +Subject: [PATCH 2/5] riscv: Set xPIE to 1 after xRET + +When executing an xRET instruction, supposing xPP holds the +value y, xIE is set to xPIE; the privilege mode is changed to y; +xPIE is set to 1. But QEMU sets xPIE to 0 incorrectly. + +Signed-off-by: Yiting Wang +Reviewed-by: Bin Meng +Tested-by: Bin Meng +Reviewed-by: Alistair Francis +Signed-off-by: Palmer Dabbelt +--- + target/riscv/op_helper.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c +index 331cc36232..e87c9115bc 100644 +--- a/target/riscv/op_helper.c ++++ b/target/riscv/op_helper.c +@@ -93,7 +93,7 @@ target_ulong helper_sret(CPURISCVState *env, target_ulong cpu_pc_deb) + env->priv_ver >= PRIV_VERSION_1_10_0 ? + MSTATUS_SIE : MSTATUS_UIE << prev_priv, + get_field(mstatus, MSTATUS_SPIE)); +- mstatus = set_field(mstatus, MSTATUS_SPIE, 0); ++ mstatus = set_field(mstatus, MSTATUS_SPIE, 1); + mstatus = set_field(mstatus, MSTATUS_SPP, PRV_U); + riscv_cpu_set_mode(env, prev_priv); + env->mstatus = mstatus; +@@ -118,7 +118,7 @@ target_ulong helper_mret(CPURISCVState *env, target_ulong cpu_pc_deb) + env->priv_ver >= PRIV_VERSION_1_10_0 ? + MSTATUS_MIE : MSTATUS_UIE << prev_priv, + get_field(mstatus, MSTATUS_MPIE)); +- mstatus = set_field(mstatus, MSTATUS_MPIE, 0); ++ mstatus = set_field(mstatus, MSTATUS_MPIE, 1); + mstatus = set_field(mstatus, MSTATUS_MPP, PRV_U); + riscv_cpu_set_mode(env, prev_priv); + env->mstatus = mstatus; +-- +2.24.1 + diff --git a/0003-target-riscv-Fix-tb-flags-FS-status.patch b/0003-target-riscv-Fix-tb-flags-FS-status.patch new file mode 100644 index 0000000..93e5287 --- /dev/null +++ b/0003-target-riscv-Fix-tb-flags-FS-status.patch @@ -0,0 +1,48 @@ +From 613fa160e19abe8e1fe44423fcfa8ec73d3d48e5 Mon Sep 17 00:00:00 2001 +From: ShihPo Hung +Date: Tue, 14 Jan 2020 22:17:31 -0800 +Subject: [PATCH 3/5] target/riscv: Fix tb->flags FS status + +It was found that running libquantum on riscv-linux qemu produced an +incorrect result. After investigation, FP registers are not saved +during context switch due to incorrect mstatus.FS. + +In current implementation tb->flags merges all non-disabled state to +dirty. This means the code in mark_fs_dirty in translate.c that +handles initial and clean states is unreachable. + +This patch fixes it and is successfully tested with: + libquantum + +Thanks to Richard for pointing out the actual bug. + +v3: remove the redundant condition +v2: root cause FS problem + +Suggested-by: Richard Henderson +Signed-off-by: ShihPo Hung +Reviewed-by: Richard Henderson +Signed-off-by: Palmer Dabbelt +--- + target/riscv/cpu.h | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h +index e59343e13c..de0a8d893a 100644 +--- a/target/riscv/cpu.h ++++ b/target/riscv/cpu.h +@@ -293,10 +293,7 @@ static inline void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong *pc, + #ifdef CONFIG_USER_ONLY + *flags = TB_FLAGS_MSTATUS_FS; + #else +- *flags = cpu_mmu_index(env, 0); +- if (riscv_cpu_fp_enabled(env)) { +- *flags |= TB_FLAGS_MSTATUS_FS; +- } ++ *flags = cpu_mmu_index(env, 0) | (env->mstatus & MSTATUS_FS); + #endif + } + +-- +2.24.1 + diff --git a/0004-target-riscv-fsd-fsw-doesn-t-dirty-FP-state.patch b/0004-target-riscv-fsd-fsw-doesn-t-dirty-FP-state.patch new file mode 100644 index 0000000..6b5a896 --- /dev/null +++ b/0004-target-riscv-fsd-fsw-doesn-t-dirty-FP-state.patch @@ -0,0 +1,41 @@ +From a59796eb6d59bbd74ce28ddbddb1b83e60674e96 Mon Sep 17 00:00:00 2001 +From: ShihPo Hung +Date: Tue, 14 Jan 2020 22:17:32 -0800 +Subject: [PATCH 4/5] target/riscv: fsd/fsw doesn't dirty FP state + +Signed-off-by: ShihPo Hung +Reviewed-by: Richard Henderson +Reviewed-by: Alistair Francis +Signed-off-by: Palmer Dabbelt +--- + target/riscv/insn_trans/trans_rvd.inc.c | 1 - + target/riscv/insn_trans/trans_rvf.inc.c | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/target/riscv/insn_trans/trans_rvd.inc.c b/target/riscv/insn_trans/trans_rvd.inc.c +index 393fa0248c..ea1044f13b 100644 +--- a/target/riscv/insn_trans/trans_rvd.inc.c ++++ b/target/riscv/insn_trans/trans_rvd.inc.c +@@ -43,7 +43,6 @@ static bool trans_fsd(DisasContext *ctx, arg_fsd *a) + + tcg_gen_qemu_st_i64(cpu_fpr[a->rs2], t0, ctx->mem_idx, MO_TEQ); + +- mark_fs_dirty(ctx); + tcg_temp_free(t0); + return true; + } +diff --git a/target/riscv/insn_trans/trans_rvf.inc.c b/target/riscv/insn_trans/trans_rvf.inc.c +index 172dbfa919..e23cd639a6 100644 +--- a/target/riscv/insn_trans/trans_rvf.inc.c ++++ b/target/riscv/insn_trans/trans_rvf.inc.c +@@ -52,7 +52,6 @@ static bool trans_fsw(DisasContext *ctx, arg_fsw *a) + tcg_gen_qemu_st_i64(cpu_fpr[a->rs2], t0, ctx->mem_idx, MO_TEUL); + + tcg_temp_free(t0); +- mark_fs_dirty(ctx); + return true; + } + +-- +2.24.1 + diff --git a/0005-target-riscv-update-mstatus.SD-when-FS-is-set-dirty.patch b/0005-target-riscv-update-mstatus.SD-when-FS-is-set-dirty.patch new file mode 100644 index 0000000..b3733a6 --- /dev/null +++ b/0005-target-riscv-update-mstatus.SD-when-FS-is-set-dirty.patch @@ -0,0 +1,47 @@ +From 82f014671cf057de51c4a577c9e2ad637dcec6f9 Mon Sep 17 00:00:00 2001 +From: ShihPo Hung +Date: Tue, 14 Jan 2020 22:17:33 -0800 +Subject: [PATCH 5/5] target/riscv: update mstatus.SD when FS is set dirty + +remove the check becuase SD bit should summarize FS and XS fields +unconditionally. + +Signed-off-by: ShihPo Hung +Reviewed-by: Richard Henderson +Reviewed-by: Alistair Francis +Signed-off-by: Palmer Dabbelt +--- + target/riscv/csr.c | 3 +-- + target/riscv/translate.c | 2 +- + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/target/riscv/csr.c b/target/riscv/csr.c +index da02f9f0b1..0e34c292c5 100644 +--- a/target/riscv/csr.c ++++ b/target/riscv/csr.c +@@ -341,8 +341,7 @@ static int write_mstatus(CPURISCVState *env, int csrno, target_ulong val) + + mstatus = (mstatus & ~mask) | (val & mask); + +- dirty = (riscv_cpu_fp_enabled(env) && +- ((mstatus & MSTATUS_FS) == MSTATUS_FS)) | ++ dirty = ((mstatus & MSTATUS_FS) == MSTATUS_FS) | + ((mstatus & MSTATUS_XS) == MSTATUS_XS); + mstatus = set_field(mstatus, MSTATUS_SD, dirty); + env->mstatus = mstatus; +diff --git a/target/riscv/translate.c b/target/riscv/translate.c +index ab6a891dc3..8e40ed3ac4 100644 +--- a/target/riscv/translate.c ++++ b/target/riscv/translate.c +@@ -394,7 +394,7 @@ static void mark_fs_dirty(DisasContext *ctx) + + tmp = tcg_temp_new(); + tcg_gen_ld_tl(tmp, cpu_env, offsetof(CPURISCVState, mstatus)); +- tcg_gen_ori_tl(tmp, tmp, MSTATUS_FS); ++ tcg_gen_ori_tl(tmp, tmp, MSTATUS_FS | MSTATUS_SD); + tcg_gen_st_tl(tmp, cpu_env, offsetof(CPURISCVState, mstatus)); + tcg_temp_free(tmp); + } +-- +2.24.1 + diff --git a/qemu.spec b/qemu.spec index 76a7077..eb965e5 100644 --- a/qemu.spec +++ b/qemu.spec @@ -161,7 +161,7 @@ Summary: QEMU is a FAST! processor emulator Name: qemu Version: 4.2.0 -Release: 2%{?rcrel}%{?dist} +Release: 3%{?rcrel}%{?dist} Epoch: 2 License: GPLv2 and BSD and MIT and CC-BY URL: http://www.qemu.org/ @@ -171,6 +171,14 @@ Source0: http://wiki.qemu-project.org/download/%{name}-%{version}%{?rcstr}.tar.x # Fix a test suite error Patch1: 0001-tests-fix-modules-test-duplicate-test-case-error.patch +# Miscellaneous fixes for RISC-V, merged upstream in commit +# ba2ed84fe6a78f64b2da441750fc6e925d94106a. +Patch2: 0001-riscv-sifive_u-fix-a-memory-leak-in-soc_realize.patch +Patch3: 0002-riscv-Set-xPIE-to-1-after-xRET.patch +Patch4: 0003-target-riscv-Fix-tb-flags-FS-status.patch +Patch5: 0004-target-riscv-fsd-fsw-doesn-t-dirty-FP-state.patch +Patch6: 0005-target-riscv-update-mstatus.SD-when-FS-is-set-dirty.patch + # guest agent service Source10: qemu-guest-agent.service Source17: qemu-ga.sysconfig @@ -1887,6 +1895,9 @@ getent passwd qemu >/dev/null || \ %changelog +* Sat Jan 25 2019 Mohan Boddu - 4.2.0-3 +- Add miscellaneous fixes for RISC-V (RHBZ#1794902). + * Thu Dec 19 2019 Mohan Boddu - 4.2.0-2 - Rebuild for xen 4.13