From nobody Sun Feb 8 23:11:14 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; dkim=fail spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1497462667472715.4712707972454; Wed, 14 Jun 2017 10:51:07 -0700 (PDT) Received: from localhost ([::1]:50280 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dLCRe-0001M9-6U for importer@patchew.org; Wed, 14 Jun 2017 13:51:06 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54626) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dLCMp-0005lz-Rq for qemu-devel@nongnu.org; Wed, 14 Jun 2017 13:46:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dLCMo-00015Y-P3 for qemu-devel@nongnu.org; Wed, 14 Jun 2017 13:46:07 -0400 Received: from mail-lf0-x243.google.com ([2a00:1450:4010:c07::243]:35459) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dLCMo-00015K-Dh for qemu-devel@nongnu.org; Wed, 14 Jun 2017 13:46:06 -0400 Received: by mail-lf0-x243.google.com with SMTP id v20so963979lfa.2 for ; Wed, 14 Jun 2017 10:46:06 -0700 (PDT) Received: from localhost (81-231-233-234-no56.tbcn.telia.com. [81.231.233.234]) by smtp.gmail.com with ESMTPSA id b2sm146821lje.56.2017.06.14.10.46.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 14 Jun 2017 10:46:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Oqd/1w10vgKZjIjPLKQaH8QOesbzJLaVqYcw6h8natM=; b=ofM9R71O7FXhwqTo/2JwJNhhG94JTfr6FUrx5cnbHDced739jQyna7ehHngDXMLyug Gf2YJ/usIwD27xHmIRjiTTDf2ormvb6MF9NkgiuJcr0/TYYROdPm5fMVPEYNygPKTvji CBvZRK0RC0MH83k3gN0H8S5MYDxLWcjzJhrRGndsKWN7oNloEBm2i4NnYjr38FDiI+OT bWToxMiIUpOKXYS/0/gVlAZVHp0tg2x8gu7o+/jVubjbmMURy1FvdSC0/nJvSOIejiVK 6WrEnPEQ01X6IDaSNuwDZ0SJ9yrvMI1GLcb93xNRuruYv5uEWEgRKhu5gaNJdPFlKylb gxbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Oqd/1w10vgKZjIjPLKQaH8QOesbzJLaVqYcw6h8natM=; b=YcRLv+m0mPpFsdPOq6ZC9rjgdcPxeN2BQ6flFgkAoJuS6/j8XuctLF2iS8drIZeP4B qhGEmPEJQk86z1/FibRRZqzxnkOtA+BO+1jIZJiqVevwuiDtsm0mcc5q1EIWnI+JAzl/ xfsj6IQHi+aN8faqQk1bo3jzhq6WEfPwdXXBCdPEorgunmsr7/KK5uoRKnK3bUK8BJAZ qmyeCp71wsAIrzfw548tCSeniiDWcMTqAy1DuHAxvXuD1TgHAoKkOCmWEk/d1kfZEyHF DeeJVSgZiNDuJJ1WLPz/jYQTqpmjS80ekvy/s7YPlfUcHN4Q2MTVp4Dw7vt/5+3VVQbY 5MGg== X-Gm-Message-State: AKS2vOwWHgnTWsROrxViQzmlyvjg5d2DqS1duz3sTnp21QSdzXJiAh6w Usu6kymUWY5evZKk X-Received: by 10.46.9.4 with SMTP id 4mr425616ljj.23.1497462364958; Wed, 14 Jun 2017 10:46:04 -0700 (PDT) From: "Edgar E. Iglesias" To: qemu-devel@nongnu.org, peter.maydell@linaro.org Date: Wed, 14 Jun 2017 19:45:53 +0200 Message-Id: <1497462353-3432-8-git-send-email-edgar.iglesias@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1497462353-3432-1-git-send-email-edgar.iglesias@gmail.com> References: <1497462353-3432-1-git-send-email-edgar.iglesias@gmail.com> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4010:c07::243 Subject: [Qemu-devel] [PULL v1 7/7] xilinx_spips: allow mmio execution X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: edgar.iglesias@xilinx.com, pbonzini@redhat.com, rth@twiddle.net, fred.konrad@greensocs.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: KONRAD Frederic This allows to execute from the lqspi area. When the request_ptr is called the device loads 1024bytes from the SPI devi= ce. Then this code can be executed by the guest. Tested-by: Edgar E. Iglesias Reviewed-by: Edgar E. Iglesias Signed-off-by: KONRAD Frederic --- hw/ssi/xilinx_spips.c | 74 ++++++++++++++++++++++++++++++++++++++---------= ---- 1 file changed, 55 insertions(+), 19 deletions(-) diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c index da8adfa..e833028 100644 --- a/hw/ssi/xilinx_spips.c +++ b/hw/ssi/xilinx_spips.c @@ -496,6 +496,18 @@ static const MemoryRegionOps spips_ops =3D { .endianness =3D DEVICE_LITTLE_ENDIAN, }; =20 +static void xilinx_qspips_invalidate_mmio_ptr(XilinxQSPIPS *q) +{ + XilinxSPIPS *s =3D &q->parent_obj; + + if (q->lqspi_cached_addr !=3D ~0ULL) { + /* Invalidate the current mapped mmio */ + memory_region_invalidate_mmio_ptr(&s->mmlqspi, q->lqspi_cached_add= r, + LQSPI_CACHE_SIZE); + q->lqspi_cached_addr =3D ~0ULL; + } +} + static void xilinx_qspips_write(void *opaque, hwaddr addr, uint64_t value, unsigned size) { @@ -505,7 +517,7 @@ static void xilinx_qspips_write(void *opaque, hwaddr ad= dr, addr >>=3D 2; =20 if (addr =3D=3D R_LQSPI_CFG) { - q->lqspi_cached_addr =3D ~0ULL; + xilinx_qspips_invalidate_mmio_ptr(q); } } =20 @@ -517,27 +529,20 @@ static const MemoryRegionOps qspips_ops =3D { =20 #define LQSPI_CACHE_SIZE 1024 =20 -static uint64_t -lqspi_read(void *opaque, hwaddr addr, unsigned int size) +static void lqspi_load_cache(void *opaque, hwaddr addr) { - int i; XilinxQSPIPS *q =3D opaque; XilinxSPIPS *s =3D opaque; - uint32_t ret; - - if (addr >=3D q->lqspi_cached_addr && - addr <=3D q->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) { - uint8_t *retp =3D &q->lqspi_buf[addr - q->lqspi_cached_addr]; - ret =3D cpu_to_le32(*(uint32_t *)retp); - DB_PRINT_L(1, "addr: %08x, data: %08x\n", (unsigned)addr, - (unsigned)ret); - return ret; - } else { - int flash_addr =3D (addr / num_effective_busses(s)); - int slave =3D flash_addr >> LQSPI_ADDRESS_BITS; - int cache_entry =3D 0; - uint32_t u_page_save =3D s->regs[R_LQSPI_STS] & ~LQSPI_CFG_U_PAGE; - + int i; + int flash_addr =3D ((addr & ~(LQSPI_CACHE_SIZE - 1)) + / num_effective_busses(s)); + int slave =3D flash_addr >> LQSPI_ADDRESS_BITS; + int cache_entry =3D 0; + uint32_t u_page_save =3D s->regs[R_LQSPI_STS] & ~LQSPI_CFG_U_PAGE; + + if (addr < q->lqspi_cached_addr || + addr > q->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) { + xilinx_qspips_invalidate_mmio_ptr(q); s->regs[R_LQSPI_STS] &=3D ~LQSPI_CFG_U_PAGE; s->regs[R_LQSPI_STS] |=3D slave ? LQSPI_CFG_U_PAGE : 0; =20 @@ -589,12 +594,43 @@ lqspi_read(void *opaque, hwaddr addr, unsigned int si= ze) xilinx_spips_update_cs_lines(s); =20 q->lqspi_cached_addr =3D flash_addr * num_effective_busses(s); + } +} + +static void *lqspi_request_mmio_ptr(void *opaque, hwaddr addr, unsigned *s= ize, + unsigned *offset) +{ + XilinxQSPIPS *q =3D opaque; + hwaddr offset_within_the_region =3D addr & ~(LQSPI_CACHE_SIZE - 1); + + lqspi_load_cache(opaque, offset_within_the_region); + *size =3D LQSPI_CACHE_SIZE; + *offset =3D offset_within_the_region; + return q->lqspi_buf; +} + +static uint64_t +lqspi_read(void *opaque, hwaddr addr, unsigned int size) +{ + XilinxQSPIPS *q =3D opaque; + uint32_t ret; + + if (addr >=3D q->lqspi_cached_addr && + addr <=3D q->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) { + uint8_t *retp =3D &q->lqspi_buf[addr - q->lqspi_cached_addr]; + ret =3D cpu_to_le32(*(uint32_t *)retp); + DB_PRINT_L(1, "addr: %08x, data: %08x\n", (unsigned)addr, + (unsigned)ret); + return ret; + } else { + lqspi_load_cache(opaque, addr); return lqspi_read(opaque, addr, size); } } =20 static const MemoryRegionOps lqspi_ops =3D { .read =3D lqspi_read, + .request_ptr =3D lqspi_request_mmio_ptr, .endianness =3D DEVICE_NATIVE_ENDIAN, .valid =3D { .min_access_size =3D 1, --=20 2.7.4