From 3347421cfc27630da8303c6a2ae4974b9d3bd491 Mon Sep 17 00:00:00 2001 From: Gary Beihl Date: Tue, 17 Mar 2026 18:31:39 -0400 Subject: [PATCH 1/3] arm: Add missing VFP3 feature flag for Cortex-A7 The Cortex-A7 CPU init sets ARM_FEATURE_VFP and ARM_FEATURE_VFP4 but is missing ARM_FEATURE_VFP3. Since VFP4 is a superset of VFP3, VFP3 must always be set when VFP4 is. Without it, the MVFR0/MVFR1 access path in translate.c rejects all reads (even kernel-mode) because it gates on ARM_FEATURE_VFP3. This causes Linux to crash at vfp_init with an undefined instruction exception on 'vmrs r2, mvfr1'. Every other Cortex-A CPU (A5, A8, A9, A15) correctly sets VFP3. Signed-off-by: Gary Beihl --- arch/arm/helper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm/helper.c b/arch/arm/helper.c index 98f77e892..dc9216e60 100644 --- a/arch/arm/helper.c +++ b/arch/arm/helper.c @@ -161,6 +161,7 @@ static void cpu_reset_model_id(CPUState *env, uint32_t id) set_feature(env, ARM_FEATURE_AUXCR); set_feature(env, ARM_FEATURE_THUMB2); set_feature(env, ARM_FEATURE_VFP); + set_feature(env, ARM_FEATURE_VFP3); set_feature(env, ARM_FEATURE_VFP4); set_feature(env, ARM_FEATURE_NEON); set_feature(env, ARM_FEATURE_GENERIC_TIMER); From 72a381a67f87221942f654f23cdd413b6d7556d8 Mon Sep 17 00:00:00 2001 From: Gary Beihl Date: Wed, 18 Mar 2026 17:33:16 -0400 Subject: [PATCH 2/3] arm: Fix VFP feature flags for Cortex-A7 and Cortex-A15 Cortex-A7 was missing ARM_FEATURE_VFP_FP16, causing MVFR0 reads to report incorrect half-precision support. Cortex-A15 was missing ARM_FEATURE_VFP and ARM_FEATURE_VFP3 (only had VFP4). The VFP feature flags are hierarchical: VFP4 requires VFP3 requires VFP. Without VFP/VFP3 set, MVFR0/MVFR1 coprocessor register access was rejected, causing Linux kernel VFP init to fail. Signed-off-by: Gary Beihl --- arch/arm/helper.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm/helper.c b/arch/arm/helper.c index dc9216e60..c67c73f71 100644 --- a/arch/arm/helper.c +++ b/arch/arm/helper.c @@ -163,6 +163,7 @@ static void cpu_reset_model_id(CPUState *env, uint32_t id) set_feature(env, ARM_FEATURE_VFP); set_feature(env, ARM_FEATURE_VFP3); set_feature(env, ARM_FEATURE_VFP4); + set_feature(env, ARM_FEATURE_VFP_FP16); set_feature(env, ARM_FEATURE_NEON); set_feature(env, ARM_FEATURE_GENERIC_TIMER); set_feature(env, ARM_FEATURE_THUMB2EE); @@ -248,6 +249,8 @@ static void cpu_reset_model_id(CPUState *env, uint32_t id) set_feature(env, ARM_FEATURE_THUMB2); set_feature(env, ARM_FEATURE_V7); set_feature(env, ARM_FEATURE_V7SEC); + set_feature(env, ARM_FEATURE_VFP); + set_feature(env, ARM_FEATURE_VFP3); set_feature(env, ARM_FEATURE_VFP4); set_feature(env, ARM_FEATURE_VFP_FP16); set_feature(env, ARM_FEATURE_NEON); From 107ac3502cdb68cfa194f3e15cf6ab8d10b9c85e Mon Sep 17 00:00:00 2001 From: Gary Beihl Date: Wed, 18 Mar 2026 17:33:25 -0400 Subject: [PATCH 3/3] arm: Generate UDEF exception for VFP access without coprocessor When VFP coprocessor access fails the feature check, generate EXCP_UDEF (undefined instruction) on ARM-A profile instead of silently returning 1. The previous behavior caused the translator to fall through to other instruction decoders, producing incorrect execution. The Cortex-M path already raised EXCP_NOCP correctly. Both paths now lock the translation block after generating the exception to prevent further instruction decode in the same block. Signed-off-by: Gary Beihl --- arch/arm/translate.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm/translate.c b/arch/arm/translate.c index 7797906e7..e344a04ca 100644 --- a/arch/arm/translate.c +++ b/arch/arm/translate.c @@ -3439,11 +3439,11 @@ static int disas_vfp_insn(CPUState *env, DisasContext *s, uint32_t insn) if((insn & 0x0fe00fff) != 0x0ee00a10) { #ifdef TARGET_PROTO_ARM_M gen_exception_insn(s, 4, EXCP_NOCP); - LOCK_TB(s->base.tb); - return 0; #else - return 1; + gen_exception_insn(s, 4, EXCP_UDEF); #endif + LOCK_TB(s->base.tb); + return 0; } rn = (insn >> 16) & 0xf;