Commit 7e637052fa for qemu.org

commit 7e637052fa2a4aa1032284284c9d6733d561d1be
Author: Jason Wright <wrigjl@proton.me>
Date:   Thu May 28 18:19:25 2026 +0000

    target/arm: advertise FEAT_RNG_TRAP on cortex-max

    Set ID_AA64PFR1.RNDR_TRAP=1 on the max CPU model so guests and
    firmware detect FEAT_RNG_TRAP, per the Arm Architecture Reference
    Manual for A-profile architecture (DDI 0487), and document the feature
    as emulated in docs/system/arm/emulation.rst.

    Signed-off-by: Jason Wright <wrigjl@proton.me>
    Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
    Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
index 37ca4e47b8..18c6355967 100644
--- a/docs/system/arm/emulation.rst
+++ b/docs/system/arm/emulation.rst
@@ -136,6 +136,7 @@ the following architecture extensions:
 - FEAT_RME (Realm Management Extension) (NB: support status in QEMU is experimental)
 - FEAT_RME_GPC2 (RME Granule Protection Check 2 Extension)
 - FEAT_RNG (Random number generator)
+- FEAT_RNG_TRAP (Trapping support for RNDR/RNDRRS)
 - FEAT_RPRES (Increased precision of FRECPE and FRSQRTE)
 - FEAT_S1PIE (Stage 1 permission indirections)
 - FEAT_S2PIE (Stage 2 permission indirections)
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
index ce76e09d52..1a4f50486d 100644
--- a/target/arm/tcg/cpu64.c
+++ b/target/arm/tcg/cpu64.c
@@ -1292,6 +1292,7 @@ void aarch64_max_tcg_initfn(Object *obj)
     t = FIELD_DP64(t, ID_AA64PFR1, MTE, 3);       /* FEAT_MTE3 */
     t = FIELD_DP64(t, ID_AA64PFR1, RAS_FRAC, 0);  /* FEAT_RASv1p1 + FEAT_DoubleFault */
     t = FIELD_DP64(t, ID_AA64PFR1, SME, 2);       /* FEAT_SME2 */
+    t = FIELD_DP64(t, ID_AA64PFR1, RNDR_TRAP, 1); /* FEAT_RNG_TRAP */
     t = FIELD_DP64(t, ID_AA64PFR1, CSV2_FRAC, 0); /* FEAT_CSV2_3 */
     t = FIELD_DP64(t, ID_AA64PFR1, NMI, 1);       /* FEAT_NMI */
     t = FIELD_DP64(t, ID_AA64PFR1, GCS, 1);       /* FEAT_GCS */