[PATCH v5 0/2] accel/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[PATCH v5 0/2] accel/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[Philippe Mathieu-Daudé]

Since v4:
- Addressed Akihiko's comments
 . Do not introduce hvf_arch_cpu_synchronize_[pre/post]exec() hooks
 . Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0 in hvf_[put/get]_registers()

Philippe Mathieu-Daudé (2):
  target/arm/hvf: Move hvf_sysreg_[read,write]_cp() functions around
  target/arm/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

 target/arm/hvf/hvf.c | 167 +++++++++++++++++++++++++------------------
 1 file changed, 96 insertions(+), 71 deletions(-)

-- 
2.52.0

[PATCH v5 1/2] target/arm/hvf: Move hvf_sysreg_[read, write]_cp() functions around

[Philippe Mathieu-Daudé]

Next commit will use these functions prototype earlier. Rather
than forward-declaring them, move them around.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 target/arm/hvf/hvf.c | 142 +++++++++++++++++++++----------------------
 1 file changed, 71 insertions(+), 71 deletions(-)

diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index e4c0d936f1f..fcb7fa3b30c 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -423,6 +423,77 @@ static const hv_sys_reg_t hvf_sreg_list[] = {
 
 #undef DEF_SYSREG
 
+static uint32_t hvf_reg2cp_reg(uint32_t reg)
+{
+    return ENCODE_AA64_CP_REG((reg >> SYSREG_OP0_SHIFT) & SYSREG_OP0_MASK,
+                              (reg >> SYSREG_OP1_SHIFT) & SYSREG_OP1_MASK,
+                              (reg >> SYSREG_CRN_SHIFT) & SYSREG_CRN_MASK,
+                              (reg >> SYSREG_CRM_SHIFT) & SYSREG_CRM_MASK,
+                              (reg >> SYSREG_OP2_SHIFT) & SYSREG_OP2_MASK);
+}
+
+static bool hvf_sysreg_read_cp(CPUState *cpu, const char *cpname,
+                               uint32_t reg, uint64_t *val)
+{
+    ARMCPU *arm_cpu = ARM_CPU(cpu);
+    CPUARMState *env = &arm_cpu->env;
+    const ARMCPRegInfo *ri;
+
+    ri = get_arm_cp_reginfo(arm_cpu->cp_regs, hvf_reg2cp_reg(reg));
+    if (ri) {
+        if (!cp_access_ok(1, ri, true)) {
+            return false;
+        }
+        if (ri->accessfn) {
+            if (ri->accessfn(env, ri, true) != CP_ACCESS_OK) {
+                return false;
+            }
+        }
+        if (ri->type & ARM_CP_CONST) {
+            *val = ri->resetvalue;
+        } else if (ri->readfn) {
+            *val = ri->readfn(env, ri);
+        } else {
+            *val = raw_read(env, ri);
+        }
+        trace_hvf_emu_reginfo_read(cpname, ri->name, *val);
+        return true;
+    }
+
+    return false;
+}
+
+static bool hvf_sysreg_write_cp(CPUState *cpu, const char *cpname,
+                                uint32_t reg, uint64_t val)
+{
+    ARMCPU *arm_cpu = ARM_CPU(cpu);
+    CPUARMState *env = &arm_cpu->env;
+    const ARMCPRegInfo *ri;
+
+    ri = get_arm_cp_reginfo(arm_cpu->cp_regs, hvf_reg2cp_reg(reg));
+
+    if (ri) {
+        if (!cp_access_ok(1, ri, false)) {
+            return false;
+        }
+        if (ri->accessfn) {
+            if (ri->accessfn(env, ri, false) != CP_ACCESS_OK) {
+                return false;
+            }
+        }
+        if (ri->writefn) {
+            ri->writefn(env, ri, val);
+        } else {
+            raw_write(env, ri, val);
+        }
+
+        trace_hvf_emu_reginfo_write(cpname, ri->name, val);
+        return true;
+    }
+
+    return false;
+}
+
 int hvf_arch_get_registers(CPUState *cpu)
 {
     ARMCPU *arm_cpu = ARM_CPU(cpu);
@@ -1161,46 +1232,6 @@ static bool is_id_sysreg(uint32_t reg)
            SYSREG_CRM(reg) < 8;
 }
 
-static uint32_t hvf_reg2cp_reg(uint32_t reg)
-{
-    return ENCODE_AA64_CP_REG((reg >> SYSREG_OP0_SHIFT) & SYSREG_OP0_MASK,
-                              (reg >> SYSREG_OP1_SHIFT) & SYSREG_OP1_MASK,
-                              (reg >> SYSREG_CRN_SHIFT) & SYSREG_CRN_MASK,
-                              (reg >> SYSREG_CRM_SHIFT) & SYSREG_CRM_MASK,
-                              (reg >> SYSREG_OP2_SHIFT) & SYSREG_OP2_MASK);
-}
-
-static bool hvf_sysreg_read_cp(CPUState *cpu, const char *cpname,
-                               uint32_t reg, uint64_t *val)
-{
-    ARMCPU *arm_cpu = ARM_CPU(cpu);
-    CPUARMState *env = &arm_cpu->env;
-    const ARMCPRegInfo *ri;
-
-    ri = get_arm_cp_reginfo(arm_cpu->cp_regs, hvf_reg2cp_reg(reg));
-    if (ri) {
-        if (!cp_access_ok(1, ri, true)) {
-            return false;
-        }
-        if (ri->accessfn) {
-            if (ri->accessfn(env, ri, true) != CP_ACCESS_OK) {
-                return false;
-            }
-        }
-        if (ri->type & ARM_CP_CONST) {
-            *val = ri->resetvalue;
-        } else if (ri->readfn) {
-            *val = ri->readfn(env, ri);
-        } else {
-            *val = raw_read(env, ri);
-        }
-        trace_hvf_emu_reginfo_read(cpname, ri->name, *val);
-        return true;
-    }
-
-    return false;
-}
-
 static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint64_t *val)
 {
     ARMCPU *arm_cpu = ARM_CPU(cpu);
@@ -1454,37 +1485,6 @@ static void pmswinc_write(CPUARMState *env, uint64_t value)
     }
 }
 
-static bool hvf_sysreg_write_cp(CPUState *cpu, const char *cpname,
-                                uint32_t reg, uint64_t val)
-{
-    ARMCPU *arm_cpu = ARM_CPU(cpu);
-    CPUARMState *env = &arm_cpu->env;
-    const ARMCPRegInfo *ri;
-
-    ri = get_arm_cp_reginfo(arm_cpu->cp_regs, hvf_reg2cp_reg(reg));
-
-    if (ri) {
-        if (!cp_access_ok(1, ri, false)) {
-            return false;
-        }
-        if (ri->accessfn) {
-            if (ri->accessfn(env, ri, false) != CP_ACCESS_OK) {
-                return false;
-            }
-        }
-        if (ri->writefn) {
-            ri->writefn(env, ri, val);
-        } else {
-            raw_write(env, ri, val);
-        }
-
-        trace_hvf_emu_reginfo_write(cpname, ri->name, val);
-        return true;
-    }
-
-    return false;
-}
-
 static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val)
 {
     ARMCPU *arm_cpu = ARM_CPU(cpu);
-- 
2.52.0

[PATCH v5 2/2] target/arm/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[Philippe Mathieu-Daudé]

Keep CNTV_CTL_EL0 and CNTV_CVAL_EL0 synchronized with the
host hardware accelerator.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 target/arm/hvf/hvf.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index fcb7fa3b30c..9ce720793d8 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -200,6 +200,9 @@ void hvf_arm_init_debug(void)
 #define SYSREG_PMCEID0_EL0    SYSREG(3, 3, 9, 12, 6)
 #define SYSREG_PMCEID1_EL0    SYSREG(3, 3, 9, 12, 7)
 #define SYSREG_PMCCNTR_EL0    SYSREG(3, 3, 9, 13, 0)
+
+#define SYSREG_CNTV_CTL_EL0   SYSREG(3, 3, 14, 3, 1)
+#define SYSREG_CNTV_CVAL_EL0  SYSREG(3, 3, 14, 3, 2)
 #define SYSREG_PMCCFILTR_EL0  SYSREG(3, 3, 14, 15, 7)
 
 #define SYSREG_ICC_AP0R0_EL1     SYSREG(3, 0, 12, 8, 4)
@@ -502,6 +505,7 @@ int hvf_arch_get_registers(CPUState *cpu)
     uint64_t val;
     hv_simd_fp_uchar16_t fpval;
     int i, n;
+    bool b;
 
     for (i = 0; i < ARRAY_SIZE(hvf_reg_match); i++) {
         ret = hv_vcpu_get_reg(cpu->accel->fd, hvf_reg_match[i].reg, &val);
@@ -631,6 +635,16 @@ int hvf_arch_get_registers(CPUState *cpu)
 
     aarch64_restore_sp(env, arm_current_el(env));
 
+    ret = hv_vcpu_get_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CVAL_EL0, &val);
+    assert_hvf_ok(ret);
+    b = hvf_sysreg_write_cp(cpu, "VTimer", SYSREG_CNTV_CVAL_EL0, val);
+    assert(b);
+
+    ret = hv_vcpu_get_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CTL_EL0, &val);
+    assert_hvf_ok(ret);
+    b = hvf_sysreg_write_cp(cpu, "VTimer", SYSREG_CNTV_CTL_EL0, val);
+    assert(b);
+
     return 0;
 }
 
@@ -642,6 +656,7 @@ int hvf_arch_put_registers(CPUState *cpu)
     uint64_t val;
     hv_simd_fp_uchar16_t fpval;
     int i, n;
+    bool b;
 
     for (i = 0; i < ARRAY_SIZE(hvf_reg_match); i++) {
         val = *(uint64_t *)((void *)env + hvf_reg_match[i].offset);
@@ -756,6 +771,16 @@ int hvf_arch_put_registers(CPUState *cpu)
     ret = hv_vcpu_set_vtimer_offset(cpu->accel->fd, hvf_state->vtimer_offset);
     assert_hvf_ok(ret);
 
+    b = hvf_sysreg_read_cp(cpu, "VTimer", SYSREG_CNTV_CVAL_EL0, &val);
+    assert(b);
+    ret = hv_vcpu_set_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CVAL_EL0, val);
+    assert_hvf_ok(ret);
+
+    b = hvf_sysreg_read_cp(cpu, "VTimer", SYSREG_CNTV_CTL_EL0, &val);
+    assert(b);
+    ret = hv_vcpu_set_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CTL_EL0, val);
+    assert_hvf_ok(ret);
+
     return 0;
 }
 
-- 
2.52.0

Re: [PATCH v5 2/2] target/arm/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[Zenghui Yu]

Hi,

On 1/19/26 5:59 AM, Philippe Mathieu-Daudé wrote:
> Keep CNTV_CTL_EL0 and CNTV_CVAL_EL0 synchronized with the
> host hardware accelerator.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>  target/arm/hvf/hvf.c | 25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
> 
> diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
> index fcb7fa3b30c..9ce720793d8 100644
> --- a/target/arm/hvf/hvf.c
> +++ b/target/arm/hvf/hvf.c
> @@ -200,6 +200,9 @@ void hvf_arm_init_debug(void)
>  #define SYSREG_PMCEID0_EL0    SYSREG(3, 3, 9, 12, 6)
>  #define SYSREG_PMCEID1_EL0    SYSREG(3, 3, 9, 12, 7)
>  #define SYSREG_PMCCNTR_EL0    SYSREG(3, 3, 9, 13, 0)
> +
> +#define SYSREG_CNTV_CTL_EL0   SYSREG(3, 3, 14, 3, 1)
> +#define SYSREG_CNTV_CVAL_EL0  SYSREG(3, 3, 14, 3, 2)
>  #define SYSREG_PMCCFILTR_EL0  SYSREG(3, 3, 14, 15, 7)
>  
>  #define SYSREG_ICC_AP0R0_EL1     SYSREG(3, 0, 12, 8, 4)
> @@ -502,6 +505,7 @@ int hvf_arch_get_registers(CPUState *cpu)
>      uint64_t val;
>      hv_simd_fp_uchar16_t fpval;
>      int i, n;
> +    bool b;
>  
>      for (i = 0; i < ARRAY_SIZE(hvf_reg_match); i++) {
>          ret = hv_vcpu_get_reg(cpu->accel->fd, hvf_reg_match[i].reg, &val);
> @@ -631,6 +635,16 @@ int hvf_arch_get_registers(CPUState *cpu)
>  
>      aarch64_restore_sp(env, arm_current_el(env));
>  
> +    ret = hv_vcpu_get_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CVAL_EL0, &val);
> +    assert_hvf_ok(ret);
> +    b = hvf_sysreg_write_cp(cpu, "VTimer", SYSREG_CNTV_CVAL_EL0, val);
> +    assert(b);
> +
> +    ret = hv_vcpu_get_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CTL_EL0, &val);
> +    assert_hvf_ok(ret);
> +    b = hvf_sysreg_write_cp(cpu, "VTimer", SYSREG_CNTV_CTL_EL0, val);
> +    assert(b);
> +
>      return 0;
>  }
>  
> @@ -642,6 +656,7 @@ int hvf_arch_put_registers(CPUState *cpu)
>      uint64_t val;
>      hv_simd_fp_uchar16_t fpval;
>      int i, n;
> +    bool b;
>  
>      for (i = 0; i < ARRAY_SIZE(hvf_reg_match); i++) {
>          val = *(uint64_t *)((void *)env + hvf_reg_match[i].offset);
> @@ -756,6 +771,16 @@ int hvf_arch_put_registers(CPUState *cpu)
>      ret = hv_vcpu_set_vtimer_offset(cpu->accel->fd, hvf_state->vtimer_offset);
>      assert_hvf_ok(ret);
>  
> +    b = hvf_sysreg_read_cp(cpu, "VTimer", SYSREG_CNTV_CVAL_EL0, &val);
> +    assert(b);
> +    ret = hv_vcpu_set_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CVAL_EL0, val);
> +    assert_hvf_ok(ret);
> +
> +    b = hvf_sysreg_read_cp(cpu, "VTimer", SYSREG_CNTV_CTL_EL0, &val);
> +    assert(b);
> +    ret = hv_vcpu_set_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CTL_EL0, val);
> +    assert_hvf_ok(ret);
> +
>      return 0;
>  }

My Linux guest has been unable to start since this patch. I tested it on
M1 (macOS Tahoe 26.2). Not sure if this can be reproduced on your side.

Thanks,
Zenghui

Re: [PATCH v5 2/2] target/arm/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[Philippe Mathieu-Daudé]

Hi,

On 12/2/26 16:05, Zenghui Yu wrote:
> Hi,
> 
> On 1/19/26 5:59 AM, Philippe Mathieu-Daudé wrote:
>> Keep CNTV_CTL_EL0 and CNTV_CVAL_EL0 synchronized with the
>> host hardware accelerator.
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>> ---
>>   target/arm/hvf/hvf.c | 25 +++++++++++++++++++++++++
>>   1 file changed, 25 insertions(+)


> My Linux guest has been unable to start since this patch. I tested it on
> M1 (macOS Tahoe 26.2). Not sure if this can be reproduced on your side.

I apologize for this (it was tested on 15.7). I don't have spare time
(nor hardware) to look at this right now, so better to revert, as
suggested by Mohamed.

Regards,

Phil.

Re: [PATCH v5 2/2] target/arm/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[Mohamed Mediouni]

> On 18. Jan 2026, at 22:59, Philippe Mathieu-Daudé <philmd@linaro.org> wrote:
> 
> Keep CNTV_CTL_EL0 and CNTV_CVAL_EL0 synchronized with the
> host hardware accelerator.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
> target/arm/hvf/hvf.c | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
Hello,

This broke VM save/restore on my setup. Will have a commit to revert this in my next revision
of the HVF nested virt series.

Thanks,
-Mohamed
> 
> diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
> index fcb7fa3b30c..9ce720793d8 100644
> --- a/target/arm/hvf/hvf.c
> +++ b/target/arm/hvf/hvf.c
> @@ -200,6 +200,9 @@ void hvf_arm_init_debug(void)
> #define SYSREG_PMCEID0_EL0    SYSREG(3, 3, 9, 12, 6)
> #define SYSREG_PMCEID1_EL0    SYSREG(3, 3, 9, 12, 7)
> #define SYSREG_PMCCNTR_EL0    SYSREG(3, 3, 9, 13, 0)
> +
> +#define SYSREG_CNTV_CTL_EL0   SYSREG(3, 3, 14, 3, 1)
> +#define SYSREG_CNTV_CVAL_EL0  SYSREG(3, 3, 14, 3, 2)
> #define SYSREG_PMCCFILTR_EL0  SYSREG(3, 3, 14, 15, 7)
> 
> #define SYSREG_ICC_AP0R0_EL1     SYSREG(3, 0, 12, 8, 4)
> @@ -502,6 +505,7 @@ int hvf_arch_get_registers(CPUState *cpu)
>     uint64_t val;
>     hv_simd_fp_uchar16_t fpval;
>     int i, n;
> +    bool b;
> 
>     for (i = 0; i < ARRAY_SIZE(hvf_reg_match); i++) {
>         ret = hv_vcpu_get_reg(cpu->accel->fd, hvf_reg_match[i].reg, &val);
> @@ -631,6 +635,16 @@ int hvf_arch_get_registers(CPUState *cpu)
> 
>     aarch64_restore_sp(env, arm_current_el(env));
> 
> +    ret = hv_vcpu_get_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CVAL_EL0, &val);
> +    assert_hvf_ok(ret);
> +    b = hvf_sysreg_write_cp(cpu, "VTimer", SYSREG_CNTV_CVAL_EL0, val);
> +    assert(b);
> +
> +    ret = hv_vcpu_get_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CTL_EL0, &val);
> +    assert_hvf_ok(ret);
> +    b = hvf_sysreg_write_cp(cpu, "VTimer", SYSREG_CNTV_CTL_EL0, val);
> +    assert(b);
> +
>     return 0;
> }
> 
> @@ -642,6 +656,7 @@ int hvf_arch_put_registers(CPUState *cpu)
>     uint64_t val;
>     hv_simd_fp_uchar16_t fpval;
>     int i, n;
> +    bool b;
> 
>     for (i = 0; i < ARRAY_SIZE(hvf_reg_match); i++) {
>         val = *(uint64_t *)((void *)env + hvf_reg_match[i].offset);
> @@ -756,6 +771,16 @@ int hvf_arch_put_registers(CPUState *cpu)
>     ret = hv_vcpu_set_vtimer_offset(cpu->accel->fd, hvf_state->vtimer_offset);
>     assert_hvf_ok(ret);
> 
> +    b = hvf_sysreg_read_cp(cpu, "VTimer", SYSREG_CNTV_CVAL_EL0, &val);
> +    assert(b);
> +    ret = hv_vcpu_set_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CVAL_EL0, val);
> +    assert_hvf_ok(ret);
> +
> +    b = hvf_sysreg_read_cp(cpu, "VTimer", SYSREG_CNTV_CTL_EL0, &val);
> +    assert(b);
> +    ret = hv_vcpu_set_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CTL_EL0, val);
> +    assert_hvf_ok(ret);
> +
>     return 0;
> }
> 
> -- 
> 2.52.0
> 

Re: [PATCH v5 2/2] target/arm/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[Philippe Mathieu-Daudé]

On 15/2/26 11:15, Mohamed Mediouni wrote:
> 
> 
>> On 18. Jan 2026, at 22:59, Philippe Mathieu-Daudé <philmd@linaro.org> wrote:
>>
>> Keep CNTV_CTL_EL0 and CNTV_CVAL_EL0 synchronized with the
>> host hardware accelerator.
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>> ---
>> target/arm/hvf/hvf.c | 25 +++++++++++++++++++++++++
>> 1 file changed, 25 insertions(+)
> Hello,
> 
> This broke VM save/restore on my setup. Will have a commit to revert this in my next revision
> of the HVF nested virt series.

LGTM, thanks for taking care of it Mohamed!

> 
> Thanks,
> -Mohamed

Re: [PATCH v5 2/2] target/arm/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[Lucas Kornicki]

[-- Attachment #1: Type: text/plain, Size: 3245 bytes --]

Hi. I've found this patch to break EDK2 UEFI on MacOS 15.7
With it applied, the vm is usually stuck on display not initialized, but 
sometimes it will init and hang on the tianocore logo.
I've narrowed it down to

b = hvf_sysreg_write_cp(cpu, "VTimer", SYSREG_CNTV_CVAL_EL0, val);

in hvf_arch_get_registers.

On a related note, I've noticed that when using accel=hvf on aarch64, 
the cpu usage is maxing out all assigned cores even if the guest is 
idle. It looks like it's constantly getting woken up from WFI. Could 
this patch be part of the solution?

On 1/18/26 22:59, Philippe Mathieu-Daudé wrote:
> Keep CNTV_CTL_EL0 and CNTV_CVAL_EL0 synchronized with the
> host hardware accelerator.
>
> Signed-off-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> ---
>   target/arm/hvf/hvf.c | 25 +++++++++++++++++++++++++
>   1 file changed, 25 insertions(+)
>
> diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
> index fcb7fa3b30c..9ce720793d8 100644
> --- a/target/arm/hvf/hvf.c
> +++ b/target/arm/hvf/hvf.c
> @@ -200,6 +200,9 @@ void hvf_arm_init_debug(void)
>   #define SYSREG_PMCEID0_EL0    SYSREG(3, 3, 9, 12, 6)
>   #define SYSREG_PMCEID1_EL0    SYSREG(3, 3, 9, 12, 7)
>   #define SYSREG_PMCCNTR_EL0    SYSREG(3, 3, 9, 13, 0)
> +
> +#define SYSREG_CNTV_CTL_EL0   SYSREG(3, 3, 14, 3, 1)
> +#define SYSREG_CNTV_CVAL_EL0  SYSREG(3, 3, 14, 3, 2)
>   #define SYSREG_PMCCFILTR_EL0  SYSREG(3, 3, 14, 15, 7)
>   
>   #define SYSREG_ICC_AP0R0_EL1     SYSREG(3, 0, 12, 8, 4)
> @@ -502,6 +505,7 @@ int hvf_arch_get_registers(CPUState *cpu)
>       uint64_t val;
>       hv_simd_fp_uchar16_t fpval;
>       int i, n;
> +    bool b;
>   
>       for (i = 0; i < ARRAY_SIZE(hvf_reg_match); i++) {
>           ret = hv_vcpu_get_reg(cpu->accel->fd, hvf_reg_match[i].reg, &val);
> @@ -631,6 +635,16 @@ int hvf_arch_get_registers(CPUState *cpu)
>   
>       aarch64_restore_sp(env, arm_current_el(env));
>   
> +    ret = hv_vcpu_get_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CVAL_EL0, &val);
> +    assert_hvf_ok(ret);
> +    b = hvf_sysreg_write_cp(cpu, "VTimer", SYSREG_CNTV_CVAL_EL0, val);
> +    assert(b);
> +
> +    ret = hv_vcpu_get_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CTL_EL0, &val);
> +    assert_hvf_ok(ret);
> +    b = hvf_sysreg_write_cp(cpu, "VTimer", SYSREG_CNTV_CTL_EL0, val);
> +    assert(b);
> +
>       return 0;
>   }
>   
> @@ -642,6 +656,7 @@ int hvf_arch_put_registers(CPUState *cpu)
>       uint64_t val;
>       hv_simd_fp_uchar16_t fpval;
>       int i, n;
> +    bool b;
>   
>       for (i = 0; i < ARRAY_SIZE(hvf_reg_match); i++) {
>           val = *(uint64_t *)((void *)env + hvf_reg_match[i].offset);
> @@ -756,6 +771,16 @@ int hvf_arch_put_registers(CPUState *cpu)
>       ret = hv_vcpu_set_vtimer_offset(cpu->accel->fd, hvf_state->vtimer_offset);
>       assert_hvf_ok(ret);
>   
> +    b = hvf_sysreg_read_cp(cpu, "VTimer", SYSREG_CNTV_CVAL_EL0, &val);
> +    assert(b);
> +    ret = hv_vcpu_set_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CVAL_EL0, val);
> +    assert_hvf_ok(ret);
> +
> +    b = hvf_sysreg_read_cp(cpu, "VTimer", SYSREG_CNTV_CTL_EL0, &val);
> +    assert(b);
> +    ret = hv_vcpu_set_sys_reg(cpu->accel->fd, HV_SYS_REG_CNTV_CTL_EL0, val);
> +    assert_hvf_ok(ret);
> +
>       return 0;
>   }
>   

[-- Attachment #2: Type: text/html, Size: 3860 bytes --]

Re: [PATCH v5 2/2] target/arm/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[Zenghui Yu]

Hi,

On 2/23/26 9:47 PM, Lucas Kornicki wrote:
> Hi. I've found this patch to break EDK2 UEFI on MacOS 15.7
> With it applied, the vm is usually stuck on display not initialized, but
> sometimes it will init and hang on the tianocore logo.
> I've narrowed it down to
> 
> b = hvf_sysreg_write_cp(cpu, "VTimer", SYSREG_CNTV_CVAL_EL0, val);
> 
> in hvf_arch_get_registers.

It was fixed by a revert. See commit 28b0ed32b32c in master.

> 
> On a related note, I've noticed that when using accel=hvf on aarch64,
> the cpu usage is maxing out all assigned cores even if the guest is
> idle. It looks like it's constantly getting woken up from WFI. Could
> this patch be part of the solution?

This is another issue which I had also reported in [*]. It looks to me
that commit b5f8f7727177 has made the WFI handling "an immediate
re-entering in guest" which results in the high CPU utilization.

Before someone familiar with the code acknowledges it, I just reverted
b5f8f7727177 locally for power saving. ;-)

[*]
https://lore.kernel.org/qemu-devel/92a63a78-2ab8-481a-8b78-3a86fa130fe8@linux.dev

Thanks,
Zenghui

Re: [PATCH v5 0/2] accel/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[Richard Henderson]

On 1/19/26 08:59, Philippe Mathieu-Daudé wrote:
> Since v4:
> - Addressed Akihiko's comments
>   . Do not introduce hvf_arch_cpu_synchronize_[pre/post]exec() hooks
>   . Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0 in hvf_[put/get]_registers()
> 
> Philippe Mathieu-Daudé (2):
>    target/arm/hvf: Move hvf_sysreg_[read,write]_cp() functions around
>    target/arm/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0
> 
>   target/arm/hvf/hvf.c | 167 +++++++++++++++++++++++++------------------
>   1 file changed, 96 insertions(+), 71 deletions(-)
> 

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH v5 0/2] accel/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[Akihiko Odaki]

On 2026/01/19 6:59, Philippe Mathieu-Daudé wrote:
> Since v4:
> - Addressed Akihiko's comments
>   . Do not introduce hvf_arch_cpu_synchronize_[pre/post]exec() hooks
>   . Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0 in hvf_[put/get]_registers()
> 
> Philippe Mathieu-Daudé (2):
>    target/arm/hvf: Move hvf_sysreg_[read,write]_cp() functions around
>    target/arm/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0
> 
>   target/arm/hvf/hvf.c | 167 +++++++++++++++++++++++++------------------
>   1 file changed, 96 insertions(+), 71 deletions(-)
> 

For the whole series,

Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>

Re: [PATCH v5 0/2] accel/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0

[Peter Maydell]

On Sun, 18 Jan 2026 at 21:59, Philippe Mathieu-Daudé <philmd@linaro.org> wrote:
>
> Since v4:
> - Addressed Akihiko's comments
>  . Do not introduce hvf_arch_cpu_synchronize_[pre/post]exec() hooks
>  . Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0 in hvf_[put/get]_registers()
>
> Philippe Mathieu-Daudé (2):
>   target/arm/hvf: Move hvf_sysreg_[read,write]_cp() functions around
>   target/arm/hvf: Sync CNTV_CTL_EL0 & CNTV_CVAL_EL0
>
>  target/arm/hvf/hvf.c | 167 +++++++++++++++++++++++++------------------
>  1 file changed, 96 insertions(+), 71 deletions(-)
>



Applied to target-arm.next, thanks.

-- PMM