From: Mohamed Mediouni <mohamed@unpredictable.fr>
To: Lucas Amaral <lucaaamaral@gmail.com>
Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, agraf@csgraf.de
Subject: Re: [PATCH v2 1/3] target/arm: add AArch64 ISV=0 instruction emulation library
Date: Fri, 13 Mar 2026 07:33:35 +0100 [thread overview]
Message-ID: <D80C2CE1-DDA8-4627-8196-252DC8BF6BB6@unpredictable.fr> (raw)
In-Reply-To: <20260313021850.42379-2-lucaaamaral@gmail.com>
> On 13. Mar 2026, at 03:18, Lucas Amaral <lucaaamaral@gmail.com> wrote:
>
> Add a shared emulation library in target/arm/emulate/ using a
> decodetree decoder (a64-ldst.decode) and a callback-based interface
> (struct arm_emul_ops) that any hypervisor backend can implement.
>
> The hypervisor cannot emulate ISV=0 data aborts without decoding the
> faulting instruction, since the ESR syndrome does not carry the access
> size or target register.
>
> Signed-off-by: Lucas Amaral <lucaaamaral@gmail.com>
[…]
> +/**
> + * struct arm_emul_ops - hypervisor register/memory callbacks
> + *
> + * GPR reg 31 = SP (the XZR/SP distinction is handled internally).
> + * Memory callbacks use guest virtual addresses.
> + */
> +struct arm_emul_ops {
> + uint64_t (*read_gpr)(CPUState *cpu, int reg);
> + void (*write_gpr)(CPUState *cpu, int reg, uint64_t val);
> +
> + /* @size: access width in bytes (4, 8, or 16) */
> + void (*read_fpreg)(CPUState *cpu, int reg, void *buf, int size);
> + void (*write_fpreg)(CPUState *cpu, int reg, const void *buf, int size);
Hello,
Can be good to have, but you should have a default implementation using CPUState in an arm_helpers
to not duplicate them across each backend. and then do an if(ctx->ops->read_gpr) { use override } else { default }
with a default implementation.
> +
> + /* Returns 0 on success, non-zero on failure */
> + int (*read_mem)(CPUState *cpu, uint64_t va, void *buf, int size);
> + int (*write_mem)(CPUState *cpu, uint64_t va, const void *buf, int size);
> +};
A memory access - especially one that will be emulated - can span multiple (physical) pages under
the hood. If everything is mapped you’re fine, but that’s a bit depending on precious luck, especially
as the AArch64 glibc does unaligned accesses on memcpy.
On x86 side of things, was able to run Windows (NT) and Linux but not Haiku, (the Hurd needs more complexity that I don’t even handle yet for x86), and Win9x without handling such a fault case.
And there are memory to memory instructions on the way (FEAT_MOPS) where that’s even more likely to happen.
The downside of read_mem/write_mem is even if you return a fault code, you don’t know which one of the two pages
(or more potentially for memory-to-memory instructions) raised the fault.
Made a design change away to an mmu_gva_to_gpa callback and not having read/write ops anymore like this because of that factor (see target/i386/emulate/x86_mmu.c x86_write_mem_ex/x86_read_mem_ex)
Maybe you could keep a read_mem/write_mem matching those two on top of mmu_gva_to_gpa for your unit tests. Or run those
in a guest context as kvm-unit-tests does.
Thank you,
> +
> +/**
> + * arm_emul_insn - decode and emulate one AArch64 instruction
> + *
> + * Caller must synchronize CPU state and fetch @insn before calling.
> + */
> +ArmEmulResult arm_emul_insn(CPUState *cpu, const struct arm_emul_ops *ops,
> + uint32_t insn);
> +
> +#endif /* ARM_EMULATE_H */
> diff --git a/target/arm/emulate/meson.build b/target/arm/emulate/meson.build
> new file mode 100644
> index 0000000..29b7879
> --- /dev/null
> +++ b/target/arm/emulate/meson.build
> @@ -0,0 +1,16 @@
> +gen_a64_ldst = decodetree.process('a64-ldst.decode',
> + extra_args: ['--static-decode=decode_a64_ldst'])
> +
> +arm_common_system_ss.add(when: 'TARGET_AARCH64', if_true: [
> + gen_a64_ldst, files('arm_emulate.c')
> +])
> +
> +# Static library for unit testing (links emulation code + decodetree decoder)
> +arm_emulate_test_lib = static_library('arm-emulate-test',
> + sources: [files('arm_emulate.c'), gen_a64_ldst],
> + dependencies: [qemuutil],
> + include_directories: include_directories('.'))
> +
> +arm_emulate_test = declare_dependency(
> + link_with: arm_emulate_test_lib,
> + include_directories: include_directories('.'))
> diff --git a/target/arm/meson.build b/target/arm/meson.build
> index 6e0e504..a4b2291 100644
> --- a/target/arm/meson.build
> +++ b/target/arm/meson.build
> @@ -57,6 +57,7 @@ arm_common_system_ss.add(files(
> 'vfp_fpscr.c',
> ))
>
> +subdir('emulate')
> subdir('hvf')
> subdir('whpx')
>
> --
> 2.52.0
>
>
next prev parent reply other threads:[~2026-03-13 6:34 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-09 21:48 [PATCH] target/arm/hvf: emulate ISV=0 data abort instructions Lucas Amaral
2026-03-10 1:28 ` Mohamed Mediouni
2026-03-10 9:23 ` Peter Maydell
2026-03-13 2:18 ` [PATCH v2 0/3] target/arm: ISV=0 data abort emulation library Lucas Amaral
2026-03-13 2:18 ` [PATCH v2 1/3] target/arm: add AArch64 ISV=0 instruction " Lucas Amaral
2026-03-13 6:33 ` Mohamed Mediouni [this message]
2026-03-13 8:59 ` Peter Maydell
2026-03-13 2:18 ` [PATCH v2 2/3] tests: add unit tests for ISV=0 " Lucas Amaral
2026-03-13 2:18 ` [PATCH v2 3/3] target/arm: wire ISV=0 emulation into HVF and WHPX Lucas Amaral
2026-03-15 3:41 ` [PATCH v3 0/6] target/arm: ISV=0 data abort emulation library Lucas Amaral
2026-03-15 3:41 ` [PATCH v3 1/6] target/arm/emulate: add ISV=0 emulation library with load/store immediate Lucas Amaral
2026-03-15 3:41 ` [PATCH v3 2/6] target/arm/emulate: add load/store register offset Lucas Amaral
2026-03-15 3:41 ` [PATCH v3 3/6] target/arm/emulate: add load/store pair Lucas Amaral
2026-03-15 3:41 ` [PATCH v3 4/6] target/arm/emulate: add load/store exclusive Lucas Amaral
2026-03-15 3:41 ` [PATCH v3 5/6] target/arm/emulate: add atomic, compare-and-swap, and PAC load Lucas Amaral
2026-03-15 3:41 ` [PATCH v3 6/6] target/arm/hvf, whpx: wire ISV=0 emulation for data aborts Lucas Amaral
2026-03-16 2:50 ` [PATCH v4 0/6] target/arm: ISV=0 data abort emulation library Lucas Amaral
2026-03-16 2:50 ` [PATCH v4 1/6] target/arm/emulate: add ISV=0 emulation library with load/store immediate Lucas Amaral
2026-03-19 22:00 ` Richard Henderson
2026-03-16 2:50 ` [PATCH v4 2/6] target/arm/emulate: add load/store register offset Lucas Amaral
2026-03-16 2:50 ` [PATCH v4 3/6] target/arm/emulate: add load/store pair Lucas Amaral
2026-03-16 2:50 ` [PATCH v4 4/6] target/arm/emulate: add load/store exclusive Lucas Amaral
2026-03-16 2:50 ` [PATCH v4 5/6] target/arm/emulate: add atomic, compare-and-swap, and PAC load Lucas Amaral
2026-03-16 2:50 ` [PATCH v4 6/6] target/arm/hvf, whpx: wire ISV=0 emulation for data aborts Lucas Amaral
2026-03-17 14:27 ` [PATCH v4 0/6] target/arm: ISV=0 data abort emulation library Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D80C2CE1-DDA8-4627-8196-252DC8BF6BB6@unpredictable.fr \
--to=mohamed@unpredictable.fr \
--cc=agraf@csgraf.de \
--cc=lucaaamaral@gmail.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.