[Qemu-devel] [PULL 0/4] target-arm queue
[Qemu-devel] [PULL 00/25] target-arm queue
1
A surprisingly short target-arm queue, but no point in holding
1
Some more outstanding target-arm patches; nothing terribly
2
onto these waiting for more code to arrive :-)
2
exciting. Mostly they're mine; I'm trying to reduce the
3
number of patches I still have in flight, so I've picked
4
out some of the reviewed patches from a couple of sets I've
5
sent out and will resend v2 versions of those sets with the
6
remaining patches with fixes for issues noted in review once
7
this is in master.
3
8
4
thanks
9
thanks
5
-- PMM
10
-- PMM
6
11
7
The following changes since commit 3d0bf8dfdfebd7f2ae41b6f220444b8047d6b1ee:
8
12
9
Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20170710a' into staging (2017-07-10 18:13:03 +0100)
13
The following changes since commit adaec191bfb31e12d40af8ab1b869f5b40d61ee9:
10
14
11
are available in the git repository at:
15
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging (2018-08-20 09:48:03 +0100)
12
16
13
git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20170711
17
are available in the Git repository at:
14
18
15
for you to fetch changes up to 792dac309c8660306557ba058b8b5a6a75ab3c1f:
19
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180820
16
20
17
target-arm: v7M: ignore writes to CONTROL.SPSEL from Thread mode (2017-07-11 11:21:26 +0100)
21
for you to fetch changes up to b85fad1588e812566f897f747e38da345a7016d6:
22
23
hw/dma/pl080: Remove hw_error() if DMA is enabled (2018-08-20 11:24:33 +0100)
18
24
19
----------------------------------------------------------------
25
----------------------------------------------------------------
20
target-arm queue:
26
target-arm queue:
21
* v7M: ignore writes to CONTROL.SPSEL from Thread mode
27
* Fix crash on conditional instruction in an IT block
22
* KVM: Enable in-kernel timers with user space gic
28
* docs/generic-loader: mention U-Boot and Intel HEX executable formats
23
* aspeed: Register all watchdogs
29
* hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset
24
* hw/misc: Add Exynos4210 Pseudo Random Number Generator
30
* imx_serial: Generate interrupt on receive data ready if enabled
31
* Fix various minor bugs in AArch32 Hyp related coprocessor registers
32
* Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
33
* Implement AArch32 ERET instruction
34
* hw/arm/virt: Add virt-3.1 machine type
35
* sdhci: add i.MX SD Stable Clock bit
36
* Remove now-obsolete MMIO request_ptr APIs
37
* hw/timer/m48t59: Move away from old_mmio accessors
38
* hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module
39
* nvic: Expose NMI line
40
* hw/dma/pl080: cleanups and new features required for use in MPS boards
25
41
26
----------------------------------------------------------------
42
----------------------------------------------------------------
27
Alexander Graf (1):
43
Andrew Jones (1):
28
ARM: KVM: Enable in-kernel timers with user space gic
44
hw/arm/virt: Add virt-3.1 machine type
29
45
30
Joel Stanley (1):
46
Hans-Erik Floryd (2):
31
aspeed: Register all watchdogs
47
imx_serial: Generate interrupt on receive data ready if enabled
48
sdhci: add i.MX SD Stable Clock bit
32
49
33
Krzysztof Kozlowski (1):
50
Jia He (1):
34
hw/misc: Add Exynos4210 Pseudo Random Number Generator
51
hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset
35
52
36
Peter Maydell (1):
53
Peter Maydell (19):
37
target-arm: v7M: ignore writes to CONTROL.SPSEL from Thread mode
54
target/arm: Correct typo in HAMAIR1 regdef name
55
target/arm: Add missing .cp = 15 to HMAIR1 and HAMAIR1 regdefs
56
target/arm: Implement AArch32 HVBAR
57
target/arm: Implement AArch32 Hyp FARs
58
target/arm: Implement ESR_EL2/HSR for AArch32 and no-EL2
59
target/arm: Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
60
target/arm: Implement AArch32 ERET instruction
61
hw/ssi/xilinx_spips: Remove unneeded MMIO request_ptr code
62
memory: Remove MMIO request_ptr APIs
63
hw/misc: Remove mmio_interface device
64
hw/timer/m48t59: Move away from old_mmio accessors
65
hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module
66
nvic: Expose NMI line
67
hw/dma/pl080: Allow use as embedded-struct device
68
hw/dma/pl080: Support all three interrupt lines
69
hw/dma/pl080: Don't use CPU address space for DMA accesses
70
hw/dma/pl080: Provide device reset function
71
hw/dma/pl080: Correct bug in register address decode logic
72
hw/dma/pl080: Remove hw_error() if DMA is enabled
38
73
39
hw/misc/Makefile.objs | 2 +-
74
Roman Kapl (1):
40
include/hw/arm/aspeed_soc.h | 4 +-
75
target/arm: Fix crash on conditional instruction in an IT block
41
include/sysemu/kvm.h | 11 ++
42
target/arm/cpu.h | 3 +
43
accel/kvm/kvm-all.c | 5 +
44
accel/stubs/kvm-stub.c | 5 +
45
hw/arm/aspeed_soc.c | 25 ++--
46
hw/arm/exynos4210.c | 4 +
47
hw/intc/arm_gic.c | 7 ++
48
hw/misc/exynos4210_rng.c | 277 ++++++++++++++++++++++++++++++++++++++++++++
49
target/arm/helper.c | 13 ++-
50
target/arm/kvm.c | 51 ++++++++
51
12 files changed, 394 insertions(+), 13 deletions(-)
52
create mode 100644 hw/misc/exynos4210_rng.c
53
76
77
Stefan Hajnoczi (1):
78
docs/generic-loader: mention U-Boot and Intel HEX executable formats
79
80
docs/generic-loader.txt | 20 +-
81
Makefile.objs | 1 +
82
hw/misc/Makefile.objs | 1 -
83
hw/watchdog/Makefile.objs | 1 +
84
hw/sd/sdhci-internal.h | 2 +
85
include/exec/memory.h | 35 ----
86
include/hw/char/imx_serial.h | 1 +
87
include/hw/dma/pl080.h | 71 +++++++
88
include/hw/misc/mmio_interface.h | 49 -----
89
include/hw/watchdog/cmsdk-apb-watchdog.h | 59 ++++++
90
hw/arm/armv7m.c | 1 +
91
hw/arm/realview.c | 8 +-
92
hw/arm/versatilepb.c | 9 +-
93
hw/arm/virt.c | 23 ++-
94
hw/char/imx_serial.c | 3 +-
95
hw/dma/pl080.c | 113 ++++++-----
96
hw/intc/arm_gicv3_its_kvm.c | 2 +-
97
hw/intc/armv7m_nvic.c | 19 ++
98
hw/misc/mmio_interface.c | 135 -------------
99
hw/sd/sdhci.c | 8 +
100
hw/ssi/xilinx_spips.c | 46 -----
101
hw/timer/m48t59.c | 59 ++----
102
hw/watchdog/cmsdk-apb-watchdog.c | 326 +++++++++++++++++++++++++++++++
103
memory.c | 110 -----------
104
target/arm/helper.c | 36 +++-
105
target/arm/op_helper.c | 22 +--
106
target/arm/translate.c | 76 +++++--
107
MAINTAINERS | 3 +
108
default-configs/arm-softmmu.mak | 1 +
109
hw/intc/trace-events | 1 +
110
hw/watchdog/trace-events | 6 +
111
31 files changed, 717 insertions(+), 530 deletions(-)
112
create mode 100644 include/hw/dma/pl080.h
113
delete mode 100644 include/hw/misc/mmio_interface.h
114
create mode 100644 include/hw/watchdog/cmsdk-apb-watchdog.h
115
delete mode 100644 hw/misc/mmio_interface.c
116
create mode 100644 hw/watchdog/cmsdk-apb-watchdog.c
117
create mode 100644 hw/watchdog/trace-events
118
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 01/25] target/arm: Fix crash on conditional instruction in an IT block
1
From: Roman Kapl <rka@sysgo.com>
1
2
3
If an instruction is conditional (like CBZ) and it is executed
4
conditionally (using the ITx instruction), a jump to an undefined
5
label is generated, and QEMU crashes.
6
7
CBZ in IT block is an UNPREDICTABLE behavior, but we should not
8
crash. Honouring the condition code is allowed by the spec in this
9
case (constrained unpredictable, ARMv8, section K1.1.7), and matches
10
what we do for other "UNPREDICTABLE inside an IT block" instructions.
11
12
Fix the 'skip on condition' code to create a new label only if it
13
does not already exist. Previously multiple labels were created, but
14
only the last one of them was set.
15
16
Signed-off-by: Roman Kapl <rka@sysgo.com>
17
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
18
Message-id: 20180816120533.6587-1-rka@sysgo.com
19
[PMM: fixed ^ 1 being applied to wrong argument, fixed typo]
20
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
21
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
---
23
target/arm/translate.c | 35 +++++++++++++++++++++--------------
24
1 file changed, 21 insertions(+), 14 deletions(-)
25
26
diff --git a/target/arm/translate.c b/target/arm/translate.c
27
index XXXXXXX..XXXXXXX 100644
28
--- a/target/arm/translate.c
29
+++ b/target/arm/translate.c
30
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
31
s->base.is_jmp = DISAS_UPDATE;
32
}
33
34
+/* Generate a label used for skipping this instruction */
35
+static void arm_gen_condlabel(DisasContext *s)
36
+{
37
+ if (!s->condjmp) {
38
+ s->condlabel = gen_new_label();
39
+ s->condjmp = 1;
40
+ }
41
+}
42
+
43
+/* Skip this instruction if the ARM condition is false */
44
+static void arm_skip_unless(DisasContext *s, uint32_t cond)
45
+{
46
+ arm_gen_condlabel(s);
47
+ arm_gen_test_cc(cond ^ 1, s->condlabel);
48
+}
49
+
50
static void disas_arm_insn(DisasContext *s, unsigned int insn)
51
{
52
unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
53
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
54
if (cond != 0xe) {
55
/* if not always execute, we generate a conditional jump to
56
next instruction */
57
- s->condlabel = gen_new_label();
58
- arm_gen_test_cc(cond ^ 1, s->condlabel);
59
- s->condjmp = 1;
60
+ arm_skip_unless(s, cond);
61
}
62
if ((insn & 0x0f900000) == 0x03000000) {
63
if ((insn & (1 << 21)) == 0) {
64
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
65
/* Conditional branch. */
66
op = (insn >> 22) & 0xf;
67
/* Generate a conditional jump to next instruction. */
68
- s->condlabel = gen_new_label();
69
- arm_gen_test_cc(op ^ 1, s->condlabel);
70
- s->condjmp = 1;
71
+ arm_skip_unless(s, op);
72
73
/* offset[11:1] = insn[10:0] */
74
offset = (insn & 0x7ff) << 1;
75
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
76
case 1: case 3: case 9: case 11: /* czb */
77
rm = insn & 7;
78
tmp = load_reg(s, rm);
79
- s->condlabel = gen_new_label();
80
- s->condjmp = 1;
81
+ arm_gen_condlabel(s);
82
if (insn & (1 << 11))
83
tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
84
else
85
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
86
break;
87
}
88
/* generate a conditional jump to next instruction */
89
- s->condlabel = gen_new_label();
90
- arm_gen_test_cc(cond ^ 1, s->condlabel);
91
- s->condjmp = 1;
92
+ arm_skip_unless(s, cond);
93
94
/* jump to the offset */
95
val = (uint32_t)s->pc + 2;
96
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
97
uint32_t cond = dc->condexec_cond;
98
99
if (cond != 0x0e) { /* Skip conditional when condition is AL. */
100
- dc->condlabel = gen_new_label();
101
- arm_gen_test_cc(cond ^ 1, dc->condlabel);
102
- dc->condjmp = 1;
103
+ arm_skip_unless(dc, cond);
104
}
105
}
106
107
--
108
2.18.0
109
110
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 02/25] docs/generic-loader: mention U-Boot and Intel HEX executable formats
1
From: Stefan Hajnoczi <stefanha@redhat.com>
1
2
3
The generic loader device supports the U-Boot and Intel HEX executable
4
formats in addition to the document raw and ELF formats. Reword the
5
documentation to include these formats and explain how various options
6
depend on the executable format.
7
8
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
10
Message-id: 20180816145554.9814-1-stefanha@redhat.com
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
14
docs/generic-loader.txt | 20 ++++++++++----------
15
1 file changed, 10 insertions(+), 10 deletions(-)
16
17
diff --git a/docs/generic-loader.txt b/docs/generic-loader.txt
18
index XXXXXXX..XXXXXXX 100644
19
--- a/docs/generic-loader.txt
20
+++ b/docs/generic-loader.txt
21
@@ -XXX,XX +XXX,XX @@ An example of setting CPU 0's PC to 0x8000 is:
22
23
Loading Files
24
-------------
25
-The loader device also allows files to be loaded into memory. It can load raw
26
-files and ELF executable files. Raw files are loaded verbatim. ELF executable
27
-files are loaded by an ELF loader. The syntax is shown below:
28
+The loader device also allows files to be loaded into memory. It can load ELF,
29
+U-Boot, and Intel HEX executable formats as well as raw images. The syntax is
30
+shown below:
31
32
-device loader,file=<file>[,addr=<addr>][,cpu-num=<cpu-num>][,force-raw=<raw>]
33
34
<file> - A file to be loaded into memory
35
- <addr> - The addr in memory that the file should be loaded. This is
36
- ignored if you are using an ELF (unless force-raw is true).
37
- This is required if you aren't loading an ELF.
38
+ <addr> - The memory address where the file should be loaded. This is
39
+ required for raw images and ignored for non-raw files.
40
<cpu-num> - This specifies the CPU that should be used. This is an
41
optional argument and will cause the CPU's PC to be set to
42
- where the image is stored or in the case of an ELF file to
43
- the value in the header. This option should only be used
44
- for the boot image.
45
+ the memory address where the raw file is loaded or the entry
46
+ point specified in the executable format header. This option
47
+ should only be used for the boot image.
48
This will also cause the image to be written to the specified
49
CPU's address space. If not specified, the default is CPU 0.
50
<force-raw> - Setting force-raw=on forces the file to be treated as a raw
51
- image. This can be used to load ELF files as if they were raw.
52
+ image. This can be used to load supported executable formats
53
+ as if they were raw.
54
55
All values are parsed using the standard QemuOps parsing. This allows the user
56
to specify any values in any format supported. By default the values
57
--
58
2.18.0
59
60
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 03/25] hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset
1
From: Jia He <hejianet@gmail.com>
1
2
3
In scripts/arch-run.bash of kvm-unit-tests, it will check the qemu
4
output log with:
5
if [ -z "$(echo "$errors" | grep -vi warning)" ]; then
6
7
Thus without the warning prefix, all of the test fail.
8
9
Since it is not unrecoverable error in kvm_arm_its_reset for
10
current implementation, downgrading the report from error to
11
warn makes sense.
12
13
Signed-off-by: Jia He <jia.he@hxt-semitech.com>
14
Message-id: 1531969910-32843-1-git-send-email-jia.he@hxt-semitech.com
15
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
---
18
hw/intc/arm_gicv3_its_kvm.c | 2 +-
19
1 file changed, 1 insertion(+), 1 deletion(-)
20
21
diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c
22
index XXXXXXX..XXXXXXX 100644
23
--- a/hw/intc/arm_gicv3_its_kvm.c
24
+++ b/hw/intc/arm_gicv3_its_kvm.c
25
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_its_reset(DeviceState *dev)
26
return;
27
}
28
29
- error_report("ITS KVM: full reset is not supported by the host kernel");
30
+ warn_report("ITS KVM: full reset is not supported by the host kernel");
31
32
if (!kvm_device_check_attr(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_ITS_REGS,
33
GITS_CTLR)) {
34
--
35
2.18.0
36
37
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 04/25] imx_serial: Generate interrupt on receive data ready if enabled
1
From: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com>
1
2
3
Generate an interrupt if USR2_RDR and UCR4_DREN are both set.
4
5
Signed-off-by: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com>
6
Message-id: 1534341354-11956-1-git-send-email-hans-erik.floryd@rt-labs.com
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
include/hw/char/imx_serial.h | 1 +
11
hw/char/imx_serial.c | 3 ++-
12
2 files changed, 3 insertions(+), 1 deletion(-)
13
14
diff --git a/include/hw/char/imx_serial.h b/include/hw/char/imx_serial.h
15
index XXXXXXX..XXXXXXX 100644
16
--- a/include/hw/char/imx_serial.h
17
+++ b/include/hw/char/imx_serial.h
18
@@ -XXX,XX +XXX,XX @@
19
#define UCR2_RXEN (1<<1) /* Receiver enable */
20
#define UCR2_SRST (1<<0) /* Reset complete */
21
22
+#define UCR4_DREN BIT(0) /* Receive Data Ready interrupt enable */
23
#define UCR4_TCEN BIT(3) /* TX complete interrupt enable */
24
25
#define UTS1_TXEMPTY (1<<6)
26
diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
27
index XXXXXXX..XXXXXXX 100644
28
--- a/hw/char/imx_serial.c
29
+++ b/hw/char/imx_serial.c
30
@@ -XXX,XX +XXX,XX @@ static void imx_update(IMXSerialState *s)
31
mask = (s->ucr1 & UCR1_TXMPTYEN) ? USR2_TXFE : 0;
32
/*
33
* TCEN and TXDC are both bit 3
34
+ * RDR and DREN are both bit 0
35
*/
36
- mask |= s->ucr4 & UCR4_TCEN;
37
+ mask |= s->ucr4 & (UCR4_TCEN | UCR4_DREN);
38
39
usr2 = s->usr2 & mask;
40
41
--
42
2.18.0
43
44
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 05/25] target/arm: Correct typo in HAMAIR1 regdef name
1
We implement the HAMAIR1 register as RAZ/WI; we had a typo in the
2
regdef, though, and were incorrectly naming it HMAIR1 (which is
3
a different register which we also implement as RAZ/WI).
1
4
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
7
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
8
Message-id: 20180814124254.5229-2-peter.maydell@linaro.org
9
---
10
target/arm/helper.c | 4 ++--
11
1 file changed, 2 insertions(+), 2 deletions(-)
12
13
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.c
16
+++ b/target/arm/helper.c
17
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
18
.opc0 = 3, .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 0,
19
.access = PL2_RW, .type = ARM_CP_CONST,
20
.resetvalue = 0 },
21
- { .name = "HMAIR1", .state = ARM_CP_STATE_AA32,
22
+ { .name = "HAMAIR1", .state = ARM_CP_STATE_AA32,
23
.opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
24
.access = PL2_RW, .type = ARM_CP_CONST,
25
.resetvalue = 0 },
26
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
27
.access = PL2_RW, .type = ARM_CP_CONST,
28
.resetvalue = 0 },
29
/* HAMAIR1 is mapped to AMAIR_EL2[63:32] */
30
- { .name = "HMAIR1", .state = ARM_CP_STATE_AA32,
31
+ { .name = "HAMAIR1", .state = ARM_CP_STATE_AA32,
32
.opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
33
.access = PL2_RW, .type = ARM_CP_CONST,
34
.resetvalue = 0 },
35
--
36
2.18.0
37
38
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 06/25] target/arm: Add missing .cp = 15 to HMAIR1 and HAMAIR1 regdefs
1
ARMCPRegInfo structs will default to .cp = 15 if they
2
are ARM_CP_STATE_BOTH, but not if they are ARM_CP_STATE_AA32
3
(because a coprocessor number of 0 is valid for AArch32).
4
We forgot to explicitly set .cp = 15 for the HMAIR1 and
5
HAMAIR1 regdefs, which meant they would UNDEF when the guest
6
tried to access them under cp15.
1
7
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
10
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
11
Message-id: 20180814124254.5229-3-peter.maydell@linaro.org
12
---
13
target/arm/helper.c | 8 ++++----
14
1 file changed, 4 insertions(+), 4 deletions(-)
15
16
diff --git a/target/arm/helper.c b/target/arm/helper.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/helper.c
19
+++ b/target/arm/helper.c
20
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
21
.access = PL2_RW, .type = ARM_CP_CONST,
22
.resetvalue = 0 },
23
{ .name = "HMAIR1", .state = ARM_CP_STATE_AA32,
24
- .opc1 = 4, .crn = 10, .crm = 2, .opc2 = 1,
25
+ .cp = 15, .opc1 = 4, .crn = 10, .crm = 2, .opc2 = 1,
26
.access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
27
{ .name = "AMAIR_EL2", .state = ARM_CP_STATE_BOTH,
28
.opc0 = 3, .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 0,
29
.access = PL2_RW, .type = ARM_CP_CONST,
30
.resetvalue = 0 },
31
{ .name = "HAMAIR1", .state = ARM_CP_STATE_AA32,
32
- .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
33
+ .cp = 15, .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
34
.access = PL2_RW, .type = ARM_CP_CONST,
35
.resetvalue = 0 },
36
{ .name = "AFSR0_EL2", .state = ARM_CP_STATE_BOTH,
37
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
38
.access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.mair_el[2]),
39
.resetvalue = 0 },
40
{ .name = "HMAIR1", .state = ARM_CP_STATE_AA32,
41
- .opc1 = 4, .crn = 10, .crm = 2, .opc2 = 1,
42
+ .cp = 15, .opc1 = 4, .crn = 10, .crm = 2, .opc2 = 1,
43
.access = PL2_RW, .type = ARM_CP_ALIAS,
44
.fieldoffset = offsetofhigh32(CPUARMState, cp15.mair_el[2]) },
45
{ .name = "AMAIR_EL2", .state = ARM_CP_STATE_BOTH,
46
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
47
.resetvalue = 0 },
48
/* HAMAIR1 is mapped to AMAIR_EL2[63:32] */
49
{ .name = "HAMAIR1", .state = ARM_CP_STATE_AA32,
50
- .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
51
+ .cp = 15, .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
52
.access = PL2_RW, .type = ARM_CP_CONST,
53
.resetvalue = 0 },
54
{ .name = "AFSR0_EL2", .state = ARM_CP_STATE_BOTH,
55
--
56
2.18.0
57
58
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 07/25] target/arm: Implement AArch32 HVBAR
1
Implement the AArch32 HVBAR register; we can do this just by
2
making the existing VBAR_EL2 regdefs be STATE_BOTH.
1
3
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
6
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
7
Message-id: 20180814124254.5229-5-peter.maydell@linaro.org
8
---
9
target/arm/helper.c | 4 ++--
10
1 file changed, 2 insertions(+), 2 deletions(-)
11
12
diff --git a/target/arm/helper.c b/target/arm/helper.c
13
index XXXXXXX..XXXXXXX 100644
14
--- a/target/arm/helper.c
15
+++ b/target/arm/helper.c
16
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
17
18
/* Used to describe the behaviour of EL2 regs when EL2 does not exist. */
19
static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
20
- { .name = "VBAR_EL2", .state = ARM_CP_STATE_AA64,
21
+ { .name = "VBAR_EL2", .state = ARM_CP_STATE_BOTH,
22
.opc0 = 3, .opc1 = 4, .crn = 12, .crm = 0, .opc2 = 0,
23
.access = PL2_RW,
24
.readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore },
25
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
26
.opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 0,
27
.access = PL2_RW,
28
.fieldoffset = offsetof(CPUARMState, banked_spsr[BANK_HYP]) },
29
- { .name = "VBAR_EL2", .state = ARM_CP_STATE_AA64,
30
+ { .name = "VBAR_EL2", .state = ARM_CP_STATE_BOTH,
31
.opc0 = 3, .opc1 = 4, .crn = 12, .crm = 0, .opc2 = 0,
32
.access = PL2_RW, .writefn = vbar_write,
33
.fieldoffset = offsetof(CPUARMState, cp15.vbar_el[2]),
34
--
35
2.18.0
36
37
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 08/25] target/arm: Implement AArch32 Hyp FARs
1
The AArch32 virtualization extensions support these fault address
2
registers:
3
* HDFAR: aliased with AArch64 FAR_EL2[31:0] and AArch32 DFAR(S)
4
* HIFAR: aliased with AArch64 FAR_EL2[63:32] and AArch32 IFAR(S)
1
5
6
Implement the accessors for these. This fixes in passing a bug
7
where we weren't implementing the "RES0 from EL3 if EL2 not
8
implemented" behaviour for AArch64 FAR_EL2.
9
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
12
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
13
Message-id: 20180814124254.5229-7-peter.maydell@linaro.org
14
---
15
target/arm/helper.c | 14 +++++++++++++-
16
1 file changed, 13 insertions(+), 1 deletion(-)
17
18
diff --git a/target/arm/helper.c b/target/arm/helper.c
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/helper.c
21
+++ b/target/arm/helper.c
22
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
23
{ .name = "HSTR_EL2", .state = ARM_CP_STATE_BOTH,
24
.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 3,
25
.access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
26
+ { .name = "FAR_EL2", .state = ARM_CP_STATE_BOTH,
27
+ .opc0 = 3, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 0,
28
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
29
+ { .name = "HIFAR", .state = ARM_CP_STATE_AA32,
30
+ .type = ARM_CP_CONST,
31
+ .cp = 15, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 2,
32
+ .access = PL2_RW, .resetvalue = 0 },
33
REGINFO_SENTINEL
34
};
35
36
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
37
{ .name = "ESR_EL2", .state = ARM_CP_STATE_AA64,
38
.opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0,
39
.access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.esr_el[2]) },
40
- { .name = "FAR_EL2", .state = ARM_CP_STATE_AA64,
41
+ { .name = "FAR_EL2", .state = ARM_CP_STATE_BOTH,
42
.opc0 = 3, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 0,
43
.access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.far_el[2]) },
44
+ { .name = "HIFAR", .state = ARM_CP_STATE_AA32,
45
+ .type = ARM_CP_ALIAS,
46
+ .cp = 15, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 2,
47
+ .access = PL2_RW,
48
+ .fieldoffset = offsetofhigh32(CPUARMState, cp15.far_el[2]) },
49
{ .name = "SPSR_EL2", .state = ARM_CP_STATE_AA64,
50
.type = ARM_CP_ALIAS,
51
.opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 0,
52
--
53
2.18.0
54
55
diff view generated by jsdifflib
[Qemu-devel] [PULL 4/4] target-arm: v7M: ignore writes to CONTROL.SPSEL from Thread mode
[Qemu-devel] [PULL 09/25] target/arm: Implement ESR_EL2/HSR for AArch32 and no-EL2
1
For v7M, writes to the CONTROL register are only permitted for
1
The AArch32 HSR is the equivalent of AArch64 ESR_EL2;
2
privileged code. However even if the code is privileged, the
2
we can implement it by marking our existing ESR_EL2 regdef
3
write must not affect the SPSEL bit in the CONTROL register
3
as STATE_BOTH. It also needs to be "RES0 from EL3 if
4
if the CPU is in Thread mode (as documented in the pseudocode
4
EL2 not implemented", so add the missing stanza to
5
for the MSR instruction). Implement this, instead of permitting
5
el3_no_el2_cp_reginfo.
6
SPSEL to be written in all cases.
7
8
This was causing mbed applications not to run, because the
9
RTX RTOS they use relies on this behaviour.
10
6
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
8
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
13
Message-id: 1498820791-8130-1-git-send-email-peter.maydell@linaro.org
9
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
10
Message-id: 20180814124254.5229-8-peter.maydell@linaro.org
14
---
11
---
15
target/arm/helper.c | 13 ++++++++++---
12
target/arm/helper.c | 6 +++++-
16
1 file changed, 10 insertions(+), 3 deletions(-)
13
1 file changed, 5 insertions(+), 1 deletion(-)
17
14
18
diff --git a/target/arm/helper.c b/target/arm/helper.c
15
diff --git a/target/arm/helper.c b/target/arm/helper.c
19
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/helper.c
17
--- a/target/arm/helper.c
21
+++ b/target/arm/helper.c
18
+++ b/target/arm/helper.c
22
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
19
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
23
}
20
.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
24
break;
21
.access = PL2_RW,
25
case 20: /* CONTROL */
22
.readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore },
26
- switch_v7m_sp(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
23
+ { .name = "ESR_EL2", .state = ARM_CP_STATE_BOTH,
27
- env->v7m.control = val & (R_V7M_CONTROL_SPSEL_MASK |
24
+ .opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0,
28
- R_V7M_CONTROL_NPRIV_MASK);
25
+ .access = PL2_RW,
29
+ /* Writing to the SPSEL bit only has an effect if we are in
26
+ .type = ARM_CP_CONST, .resetvalue = 0 },
30
+ * thread mode; other bits can be updated by any privileged code.
27
{ .name = "CPTR_EL2", .state = ARM_CP_STATE_BOTH,
31
+ * switch_v7m_sp() deals with updating the SPSEL bit in
28
.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 2,
32
+ * env->v7m.control, so we only need update the others.
29
.access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
33
+ */
30
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
34
+ if (env->v7m.exception == 0) {
31
.opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 1,
35
+ switch_v7m_sp(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
32
.access = PL2_RW,
36
+ }
33
.fieldoffset = offsetof(CPUARMState, elr_el[2]) },
37
+ env->v7m.control &= ~R_V7M_CONTROL_NPRIV_MASK;
34
- { .name = "ESR_EL2", .state = ARM_CP_STATE_AA64,
38
+ env->v7m.control |= val & R_V7M_CONTROL_NPRIV_MASK;
35
+ { .name = "ESR_EL2", .state = ARM_CP_STATE_BOTH,
39
break;
36
.opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0,
40
default:
37
.access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.esr_el[2]) },
41
qemu_log_mask(LOG_GUEST_ERROR, "Attempt to write unknown special"
38
{ .name = "FAR_EL2", .state = ARM_CP_STATE_BOTH,
42
--
39
--
43
2.7.4
40
2.18.0
44
41
45
42
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 10/25] target/arm: Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
1
The MSR (banked) and MRS (banked) instructions allow accesses to ELR_Hyp
2
from either Monitor or Hyp mode. Our translate time check
3
was overly strict and only permitted access from Monitor mode.
1
4
5
The runtime check we do in msr_mrs_banked_exc_checks() had the
6
correct code in it, but never got there because of the earlier
7
"currmode == tgtmode" check. Special case ELR_Hyp.
8
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
11
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
12
Message-id: 20180814124254.5229-9-peter.maydell@linaro.org
13
---
14
target/arm/op_helper.c | 22 +++++++++++-----------
15
target/arm/translate.c | 10 +++++++---
16
2 files changed, 18 insertions(+), 14 deletions(-)
17
18
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/op_helper.c
21
+++ b/target/arm/op_helper.c
22
@@ -XXX,XX +XXX,XX @@ static void msr_mrs_banked_exc_checks(CPUARMState *env, uint32_t tgtmode,
23
*/
24
int curmode = env->uncached_cpsr & CPSR_M;
25
26
+ if (regno == 17) {
27
+ /* ELR_Hyp: a special case because access from tgtmode is OK */
28
+ if (curmode != ARM_CPU_MODE_HYP && curmode != ARM_CPU_MODE_MON) {
29
+ goto undef;
30
+ }
31
+ return;
32
+ }
33
+
34
if (curmode == tgtmode) {
35
goto undef;
36
}
37
@@ -XXX,XX +XXX,XX @@ static void msr_mrs_banked_exc_checks(CPUARMState *env, uint32_t tgtmode,
38
}
39
40
if (tgtmode == ARM_CPU_MODE_HYP) {
41
- switch (regno) {
42
- case 17: /* ELR_Hyp */
43
- if (curmode != ARM_CPU_MODE_HYP && curmode != ARM_CPU_MODE_MON) {
44
- goto undef;
45
- }
46
- break;
47
- default:
48
- if (curmode != ARM_CPU_MODE_MON) {
49
- goto undef;
50
- }
51
- break;
52
+ /* SPSR_Hyp, r13_hyp: accessible from Monitor mode only */
53
+ if (curmode != ARM_CPU_MODE_MON) {
54
+ goto undef;
55
}
56
}
57
58
diff --git a/target/arm/translate.c b/target/arm/translate.c
59
index XXXXXXX..XXXXXXX 100644
60
--- a/target/arm/translate.c
61
+++ b/target/arm/translate.c
62
@@ -XXX,XX +XXX,XX @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
63
}
64
break;
65
case ARM_CPU_MODE_HYP:
66
- /* Note that we can forbid accesses from EL2 here because they
67
- * must be from Hyp mode itself
68
+ /*
69
+ * SPSR_hyp and r13_hyp can only be accessed from Monitor mode
70
+ * (and so we can forbid accesses from EL2 or below). elr_hyp
71
+ * can be accessed also from Hyp mode, so forbid accesses from
72
+ * EL0 or EL1.
73
*/
74
- if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 3) {
75
+ if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 ||
76
+ (s->current_el < 3 && *regno != 17)) {
77
goto undef;
78
}
79
break;
80
--
81
2.18.0
82
83
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 11/25] target/arm: Implement AArch32 ERET instruction
1
ARMv7VE introduced the ERET instruction, which is necessary to
2
return from an exception taken to Hyp mode. Implement this.
3
In A32 encoding it is a completely new encoding; in T32 it
4
is an adjustment of the behaviour of the existing
5
"SUBS PC, LR, #<imm8>" instruction.
1
6
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
9
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
10
Message-id: 20180814124254.5229-10-peter.maydell@linaro.org
11
---
12
target/arm/translate.c | 31 +++++++++++++++++++++++++++++--
13
1 file changed, 29 insertions(+), 2 deletions(-)
14
15
diff --git a/target/arm/translate.c b/target/arm/translate.c
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/translate.c
18
+++ b/target/arm/translate.c
19
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
20
tcg_temp_free_i32(tmp2);
21
store_reg(s, rd, tmp);
22
break;
23
+ case 0x6: /* ERET */
24
+ if (op1 != 3) {
25
+ goto illegal_op;
26
+ }
27
+ if (!arm_dc_feature(s, ARM_FEATURE_V7VE)) {
28
+ goto illegal_op;
29
+ }
30
+ if ((insn & 0x000fff0f) != 0x0000000e) {
31
+ /* UNPREDICTABLE; we choose to UNDEF */
32
+ goto illegal_op;
33
+ }
34
+
35
+ if (s->current_el == 2) {
36
+ tmp = load_cpu_field(elr_el[2]);
37
+ } else {
38
+ tmp = load_reg(s, 14);
39
+ }
40
+ gen_exception_return(s, tmp);
41
+ break;
42
case 7:
43
{
44
int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12) << 4);
45
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
46
if (rn != 14 || rd != 15) {
47
goto illegal_op;
48
}
49
- tmp = load_reg(s, rn);
50
- tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
51
+ if (s->current_el == 2) {
52
+ /* ERET from Hyp uses ELR_Hyp, not LR */
53
+ if (insn & 0xff) {
54
+ goto illegal_op;
55
+ }
56
+ tmp = load_cpu_field(elr_el[2]);
57
+ } else {
58
+ tmp = load_reg(s, rn);
59
+ tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
60
+ }
61
gen_exception_return(s, tmp);
62
break;
63
case 6: /* MRS */
64
--
65
2.18.0
66
67
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 12/25] hw/arm/virt: Add virt-3.1 machine type
1
From: Andrew Jones <drjones@redhat.com>
1
2
3
Signed-off-by: Andrew Jones <drjones@redhat.com>
4
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
hw/arm/virt.c | 23 +++++++++++++++++------
9
1 file changed, 17 insertions(+), 6 deletions(-)
10
11
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
12
index XXXXXXX..XXXXXXX 100644
13
--- a/hw/arm/virt.c
14
+++ b/hw/arm/virt.c
15
@@ -XXX,XX +XXX,XX @@ static void machvirt_machine_init(void)
16
}
17
type_init(machvirt_machine_init);
18
19
-#define VIRT_COMPAT_2_12 \
20
- HW_COMPAT_2_12
21
-
22
-static void virt_3_0_instance_init(Object *obj)
23
+static void virt_3_1_instance_init(Object *obj)
24
{
25
VirtMachineState *vms = VIRT_MACHINE(obj);
26
VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms);
27
@@ -XXX,XX +XXX,XX @@ static void virt_3_0_instance_init(Object *obj)
28
vms->irqmap = a15irqmap;
29
}
30
31
-static void virt_machine_3_0_options(MachineClass *mc)
32
+static void virt_machine_3_1_options(MachineClass *mc)
33
{
34
}
35
-DEFINE_VIRT_MACHINE_AS_LATEST(3, 0)
36
+DEFINE_VIRT_MACHINE_AS_LATEST(3, 1)
37
+
38
+static void virt_3_0_instance_init(Object *obj)
39
+{
40
+ virt_3_1_instance_init(obj);
41
+}
42
+
43
+static void virt_machine_3_0_options(MachineClass *mc)
44
+{
45
+ virt_machine_3_1_options(mc);
46
+}
47
+DEFINE_VIRT_MACHINE(3, 0)
48
+
49
+#define VIRT_COMPAT_2_12 \
50
+ HW_COMPAT_2_12
51
52
static void virt_2_12_instance_init(Object *obj)
53
{
54
--
55
2.18.0
56
57
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 13/25] sdhci: add i.MX SD Stable Clock bit
1
From: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com>
1
2
3
Add the ESDHC PRSSTAT_SDSTB bit, using the value of SDHC_CLOCK_INT_STABLE.
4
Freescale recommends checking this bit when changing clock frequency.
5
6
Signed-off-by: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com>
7
Message-id: 1534507843-4251-1-git-send-email-hans-erik.floryd@rt-labs.com
8
[PMM: fixed indentation]
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
hw/sd/sdhci-internal.h | 2 ++
13
hw/sd/sdhci.c | 8 ++++++++
14
2 files changed, 10 insertions(+)
15
16
diff --git a/hw/sd/sdhci-internal.h b/hw/sd/sdhci-internal.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/hw/sd/sdhci-internal.h
19
+++ b/hw/sd/sdhci-internal.h
20
@@ -XXX,XX +XXX,XX @@ extern const VMStateDescription sdhci_vmstate;
21
#define ESDHC_CTRL_4BITBUS (0x1 << 1)
22
#define ESDHC_CTRL_8BITBUS (0x2 << 1)
23
24
+#define ESDHC_PRNSTS_SDSTB (1 << 3)
25
+
26
#endif
27
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
28
index XXXXXXX..XXXXXXX 100644
29
--- a/hw/sd/sdhci.c
30
+++ b/hw/sd/sdhci.c
31
@@ -XXX,XX +XXX,XX @@ static uint64_t usdhc_read(void *opaque, hwaddr offset, unsigned size)
32
33
break;
34
35
+ case SDHC_PRNSTS:
36
+ /* Add SDSTB (SD Clock Stable) bit to PRNSTS */
37
+ ret = sdhci_read(opaque, offset, size) & ~ESDHC_PRNSTS_SDSTB;
38
+ if (s->clkcon & SDHC_CLOCK_INT_STABLE) {
39
+ ret |= ESDHC_PRNSTS_SDSTB;
40
+ }
41
+ break;
42
+
43
case ESDHC_DLL_CTRL:
44
case ESDHC_TUNE_CTRL_STATUS:
45
case ESDHC_UNDOCUMENTED_REG27:
46
--
47
2.18.0
48
49
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 14/25] hw/ssi/xilinx_spips: Remove unneeded MMIO request_ptr code
1
We now support direct execution from MMIO regions in the
2
core memory subsystem. This means that we don't need to
3
have device-specific support for it, and we can remove
4
the request_ptr handling from the Xilinx SPIPS device.
5
(It was broken anyway due to race conditions, and disabled
6
by default.)
1
7
8
This device is the only in-tree user of this API.
9
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
12
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
13
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
14
Message-id: 20180817114619.22354-2-peter.maydell@linaro.org
15
---
16
hw/ssi/xilinx_spips.c | 46 -------------------------------------------
17
1 file changed, 46 deletions(-)
18
19
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/ssi/xilinx_spips.c
22
+++ b/hw/ssi/xilinx_spips.c
23
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps spips_ops = {
24
25
static void xilinx_qspips_invalidate_mmio_ptr(XilinxQSPIPS *q)
26
{
27
- XilinxSPIPS *s = &q->parent_obj;
28
-
29
- if ((q->mmio_execution_enabled) && (q->lqspi_cached_addr != ~0ULL)) {
30
- /* Invalidate the current mapped mmio */
31
- memory_region_invalidate_mmio_ptr(&s->mmlqspi, q->lqspi_cached_addr,
32
- LQSPI_CACHE_SIZE);
33
- }
34
-
35
q->lqspi_cached_addr = ~0ULL;
36
}
37
38
@@ -XXX,XX +XXX,XX @@ static void lqspi_load_cache(void *opaque, hwaddr addr)
39
}
40
}
41
42
-static void *lqspi_request_mmio_ptr(void *opaque, hwaddr addr, unsigned *size,
43
- unsigned *offset)
44
-{
45
- XilinxQSPIPS *q = opaque;
46
- hwaddr offset_within_the_region;
47
-
48
- if (!q->mmio_execution_enabled) {
49
- return NULL;
50
- }
51
-
52
- offset_within_the_region = addr & ~(LQSPI_CACHE_SIZE - 1);
53
- lqspi_load_cache(opaque, offset_within_the_region);
54
- *size = LQSPI_CACHE_SIZE;
55
- *offset = offset_within_the_region;
56
- return q->lqspi_buf;
57
-}
58
-
59
static uint64_t
60
lqspi_read(void *opaque, hwaddr addr, unsigned int size)
61
{
62
@@ -XXX,XX +XXX,XX @@ lqspi_read(void *opaque, hwaddr addr, unsigned int size)
63
64
static const MemoryRegionOps lqspi_ops = {
65
.read = lqspi_read,
66
- .request_ptr = lqspi_request_mmio_ptr,
67
.endianness = DEVICE_NATIVE_ENDIAN,
68
.valid = {
69
.min_access_size = 1,
70
@@ -XXX,XX +XXX,XX @@ static void xilinx_qspips_realize(DeviceState *dev, Error **errp)
71
sysbus_init_mmio(sbd, &s->mmlqspi);
72
73
q->lqspi_cached_addr = ~0ULL;
74
-
75
- /* mmio_execution breaks migration better aborting than having strange
76
- * bugs.
77
- */
78
- if (q->mmio_execution_enabled) {
79
- error_setg(&q->migration_blocker,
80
- "enabling mmio_execution breaks migration");
81
- migrate_add_blocker(q->migration_blocker, &error_fatal);
82
- }
83
}
84
85
static void xlnx_zynqmp_qspips_realize(DeviceState *dev, Error **errp)
86
@@ -XXX,XX +XXX,XX @@ static Property xilinx_zynqmp_qspips_properties[] = {
87
DEFINE_PROP_END_OF_LIST(),
88
};
89
90
-static Property xilinx_qspips_properties[] = {
91
- /* We had to turn this off for 2.10 as it is not compatible with migration.
92
- * It can be enabled but will prevent the device to be migrated.
93
- * This will go aways when a fix will be released.
94
- */
95
- DEFINE_PROP_BOOL("x-mmio-exec", XilinxQSPIPS, mmio_execution_enabled,
96
- false),
97
- DEFINE_PROP_END_OF_LIST(),
98
-};
99
-
100
static Property xilinx_spips_properties[] = {
101
DEFINE_PROP_UINT8("num-busses", XilinxSPIPS, num_busses, 1),
102
DEFINE_PROP_UINT8("num-ss-bits", XilinxSPIPS, num_cs, 4),
103
@@ -XXX,XX +XXX,XX @@ static void xilinx_qspips_class_init(ObjectClass *klass, void * data)
104
XilinxSPIPSClass *xsc = XILINX_SPIPS_CLASS(klass);
105
106
dc->realize = xilinx_qspips_realize;
107
- dc->props = xilinx_qspips_properties;
108
xsc->reg_ops = &qspips_ops;
109
xsc->rx_fifo_size = RXFF_A_Q;
110
xsc->tx_fifo_size = TXFF_A_Q;
111
--
112
2.18.0
113
114
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 15/25] memory: Remove MMIO request_ptr APIs
1
Remove the obsolete MMIO request_ptr APIs; they have no
2
users now.
1
3
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
6
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
7
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
8
Message-id: 20180817114619.22354-3-peter.maydell@linaro.org
9
---
10
include/exec/memory.h | 35 --------------
11
memory.c | 110 ------------------------------------------
12
2 files changed, 145 deletions(-)
13
14
diff --git a/include/exec/memory.h b/include/exec/memory.h
15
index XXXXXXX..XXXXXXX 100644
16
--- a/include/exec/memory.h
17
+++ b/include/exec/memory.h
18
@@ -XXX,XX +XXX,XX @@ struct MemoryRegionOps {
19
uint64_t data,
20
unsigned size,
21
MemTxAttrs attrs);
22
- /* Instruction execution pre-callback:
23
- * @addr is the address of the access relative to the @mr.
24
- * @size is the size of the area returned by the callback.
25
- * @offset is the location of the pointer inside @mr.
26
- *
27
- * Returns a pointer to a location which contains guest code.
28
- */
29
- void *(*request_ptr)(void *opaque, hwaddr addr, unsigned *size,
30
- unsigned *offset);
31
32
enum device_endian endianness;
33
/* Guest-visible constraints: */
34
@@ -XXX,XX +XXX,XX @@ void memory_global_dirty_log_stop(void);
35
void mtree_info(fprintf_function mon_printf, void *f, bool flatview,
36
bool dispatch_tree, bool owner);
37
38
-/**
39
- * memory_region_request_mmio_ptr: request a pointer to an mmio
40
- * MemoryRegion. If it is possible map a RAM MemoryRegion with this pointer.
41
- * When the device wants to invalidate the pointer it will call
42
- * memory_region_invalidate_mmio_ptr.
43
- *
44
- * @mr: #MemoryRegion to check
45
- * @addr: address within that region
46
- *
47
- * Returns true on success, false otherwise.
48
- */
49
-bool memory_region_request_mmio_ptr(MemoryRegion *mr, hwaddr addr);
50
-
51
-/**
52
- * memory_region_invalidate_mmio_ptr: invalidate the pointer to an mmio
53
- * previously requested.
54
- * In the end that means that if something wants to execute from this area it
55
- * will need to request the pointer again.
56
- *
57
- * @mr: #MemoryRegion associated to the pointer.
58
- * @offset: offset within the memory region
59
- * @size: size of that area.
60
- */
61
-void memory_region_invalidate_mmio_ptr(MemoryRegion *mr, hwaddr offset,
62
- unsigned size);
63
-
64
/**
65
* memory_region_dispatch_read: perform a read directly to the specified
66
* MemoryRegion.
67
diff --git a/memory.c b/memory.c
68
index XXXXXXX..XXXXXXX 100644
69
--- a/memory.c
70
+++ b/memory.c
71
@@ -XXX,XX +XXX,XX @@
72
#include "exec/ram_addr.h"
73
#include "sysemu/kvm.h"
74
#include "sysemu/sysemu.h"
75
-#include "hw/misc/mmio_interface.h"
76
#include "hw/qdev-properties.h"
77
#include "migration/vmstate.h"
78
79
@@ -XXX,XX +XXX,XX @@ void memory_listener_unregister(MemoryListener *listener)
80
listener->address_space = NULL;
81
}
82
83
-bool memory_region_request_mmio_ptr(MemoryRegion *mr, hwaddr addr)
84
-{
85
- void *host;
86
- unsigned size = 0;
87
- unsigned offset = 0;
88
- Object *new_interface;
89
-
90
- if (!mr || !mr->ops->request_ptr) {
91
- return false;
92
- }
93
-
94
- /*
95
- * Avoid an update if the request_ptr call
96
- * memory_region_invalidate_mmio_ptr which seems to be likely when we use
97
- * a cache.
98
- */
99
- memory_region_transaction_begin();
100
-
101
- host = mr->ops->request_ptr(mr->opaque, addr - mr->addr, &size, &offset);
102
-
103
- if (!host || !size) {
104
- memory_region_transaction_commit();
105
- return false;
106
- }
107
-
108
- new_interface = object_new("mmio_interface");
109
- qdev_prop_set_uint64(DEVICE(new_interface), "start", offset);
110
- qdev_prop_set_uint64(DEVICE(new_interface), "end", offset + size - 1);
111
- qdev_prop_set_bit(DEVICE(new_interface), "ro", true);
112
- qdev_prop_set_ptr(DEVICE(new_interface), "host_ptr", host);
113
- qdev_prop_set_ptr(DEVICE(new_interface), "subregion", mr);
114
- object_property_set_bool(OBJECT(new_interface), true, "realized", NULL);
115
-
116
- memory_region_transaction_commit();
117
- return true;
118
-}
119
-
120
-typedef struct MMIOPtrInvalidate {
121
- MemoryRegion *mr;
122
- hwaddr offset;
123
- unsigned size;
124
- int busy;
125
- int allocated;
126
-} MMIOPtrInvalidate;
127
-
128
-#define MAX_MMIO_INVALIDATE 10
129
-static MMIOPtrInvalidate mmio_ptr_invalidate_list[MAX_MMIO_INVALIDATE];
130
-
131
-static void memory_region_do_invalidate_mmio_ptr(CPUState *cpu,
132
- run_on_cpu_data data)
133
-{
134
- MMIOPtrInvalidate *invalidate_data = (MMIOPtrInvalidate *)data.host_ptr;
135
- MemoryRegion *mr = invalidate_data->mr;
136
- hwaddr offset = invalidate_data->offset;
137
- unsigned size = invalidate_data->size;
138
- MemoryRegionSection section = memory_region_find(mr, offset, size);
139
-
140
- qemu_mutex_lock_iothread();
141
-
142
- /* Reset dirty so this doesn't happen later. */
143
- cpu_physical_memory_test_and_clear_dirty(offset, size, 1);
144
-
145
- if (section.mr != mr) {
146
- /* memory_region_find add a ref on section.mr */
147
- memory_region_unref(section.mr);
148
- if (MMIO_INTERFACE(section.mr->owner)) {
149
- /* We found the interface just drop it. */
150
- object_property_set_bool(section.mr->owner, false, "realized",
151
- NULL);
152
- object_unref(section.mr->owner);
153
- object_unparent(section.mr->owner);
154
- }
155
- }
156
-
157
- qemu_mutex_unlock_iothread();
158
-
159
- if (invalidate_data->allocated) {
160
- g_free(invalidate_data);
161
- } else {
162
- invalidate_data->busy = 0;
163
- }
164
-}
165
-
166
-void memory_region_invalidate_mmio_ptr(MemoryRegion *mr, hwaddr offset,
167
- unsigned size)
168
-{
169
- size_t i;
170
- MMIOPtrInvalidate *invalidate_data = NULL;
171
-
172
- for (i = 0; i < MAX_MMIO_INVALIDATE; i++) {
173
- if (atomic_cmpxchg(&(mmio_ptr_invalidate_list[i].busy), 0, 1) == 0) {
174
- invalidate_data = &mmio_ptr_invalidate_list[i];
175
- break;
176
- }
177
- }
178
-
179
- if (!invalidate_data) {
180
- invalidate_data = g_malloc0(sizeof(MMIOPtrInvalidate));
181
- invalidate_data->allocated = 1;
182
- }
183
-
184
- invalidate_data->mr = mr;
185
- invalidate_data->offset = offset;
186
- invalidate_data->size = size;
187
-
188
- async_safe_run_on_cpu(first_cpu, memory_region_do_invalidate_mmio_ptr,
189
- RUN_ON_CPU_HOST_PTR(invalidate_data));
190
-}
191
-
192
void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name)
193
{
194
memory_region_ref(root);
195
--
196
2.18.0
197
198
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 16/25] hw/misc: Remove mmio_interface device
1
1
The mmio_interface device was a purely internal artifact
2
of the implementation of the memory subsystem's request_ptr
3
APIs. Now that we have removed those APIs, we can remove
4
the mmio_interface device too.
5
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
8
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
9
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
10
Message-id: 20180817114619.22354-4-peter.maydell@linaro.org
11
---
12
hw/misc/Makefile.objs | 1 -
13
include/hw/misc/mmio_interface.h | 49 -----------
14
hw/misc/mmio_interface.c | 135 -------------------------------
15
3 files changed, 185 deletions(-)
16
delete mode 100644 include/hw/misc/mmio_interface.h
17
delete mode 100644 hw/misc/mmio_interface.c
18
19
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
20
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/misc/Makefile.objs
22
+++ b/hw/misc/Makefile.objs
23
@@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_PVPANIC) += pvpanic.o
24
obj-$(CONFIG_HYPERV_TESTDEV) += hyperv_testdev.o
25
obj-$(CONFIG_AUX) += auxbus.o
26
obj-$(CONFIG_ASPEED_SOC) += aspeed_scu.o aspeed_sdmc.o
27
-obj-y += mmio_interface.o
28
obj-$(CONFIG_MSF2) += msf2-sysreg.o
29
diff --git a/include/hw/misc/mmio_interface.h b/include/hw/misc/mmio_interface.h
30
deleted file mode 100644
31
index XXXXXXX..XXXXXXX
32
--- a/include/hw/misc/mmio_interface.h
33
+++ /dev/null
34
@@ -XXX,XX +XXX,XX @@
35
-/*
36
- * mmio_interface.h
37
- *
38
- * Copyright (C) 2017 : GreenSocs
39
- * http://www.greensocs.com/ , email: info@greensocs.com
40
- *
41
- * Developed by :
42
- * Frederic Konrad <fred.konrad@greensocs.com>
43
- *
44
- * This program is free software; you can redistribute it and/or modify
45
- * it under the terms of the GNU General Public License as published by
46
- * the Free Software Foundation, either version 2 of the License, or
47
- * (at your option)any later version.
48
- *
49
- * This program is distributed in the hope that it will be useful,
50
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
51
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
52
- * GNU General Public License for more details.
53
- *
54
- * You should have received a copy of the GNU General Public License along
55
- * with this program; if not, see <http://www.gnu.org/licenses/>.
56
- *
57
- */
58
-
59
-#ifndef MMIO_INTERFACE_H
60
-#define MMIO_INTERFACE_H
61
-
62
-#include "exec/memory.h"
63
-
64
-#define TYPE_MMIO_INTERFACE "mmio_interface"
65
-#define MMIO_INTERFACE(obj) OBJECT_CHECK(MMIOInterface, (obj), \
66
- TYPE_MMIO_INTERFACE)
67
-
68
-typedef struct MMIOInterface {
69
- DeviceState parent_obj;
70
-
71
- MemoryRegion *subregion;
72
- MemoryRegion ram_mem;
73
- uint64_t start;
74
- uint64_t end;
75
- bool ro;
76
- uint64_t id;
77
- void *host_ptr;
78
-} MMIOInterface;
79
-
80
-void mmio_interface_map(MMIOInterface *s);
81
-void mmio_interface_unmap(MMIOInterface *s);
82
-
83
-#endif /* MMIO_INTERFACE_H */
84
diff --git a/hw/misc/mmio_interface.c b/hw/misc/mmio_interface.c
85
deleted file mode 100644
86
index XXXXXXX..XXXXXXX
87
--- a/hw/misc/mmio_interface.c
88
+++ /dev/null
89
@@ -XXX,XX +XXX,XX @@
90
-/*
91
- * mmio_interface.c
92
- *
93
- * Copyright (C) 2017 : GreenSocs
94
- * http://www.greensocs.com/ , email: info@greensocs.com
95
- *
96
- * Developed by :
97
- * Frederic Konrad <fred.konrad@greensocs.com>
98
- *
99
- * This program is free software; you can redistribute it and/or modify
100
- * it under the terms of the GNU General Public License as published by
101
- * the Free Software Foundation, either version 2 of the License, or
102
- * (at your option)any later version.
103
- *
104
- * This program is distributed in the hope that it will be useful,
105
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
106
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
107
- * GNU General Public License for more details.
108
- *
109
- * You should have received a copy of the GNU General Public License along
110
- * with this program; if not, see <http://www.gnu.org/licenses/>.
111
- *
112
- */
113
-
114
-#include "qemu/osdep.h"
115
-#include "qemu/log.h"
116
-#include "trace.h"
117
-#include "hw/qdev-properties.h"
118
-#include "hw/misc/mmio_interface.h"
119
-#include "qapi/error.h"
120
-
121
-#ifndef DEBUG_MMIO_INTERFACE
122
-#define DEBUG_MMIO_INTERFACE 0
123
-#endif
124
-
125
-static uint64_t mmio_interface_counter;
126
-
127
-#define DPRINTF(fmt, ...) do { \
128
- if (DEBUG_MMIO_INTERFACE) { \
129
- qemu_log("mmio_interface: 0x%" PRIX64 ": " fmt, s->id, ## __VA_ARGS__);\
130
- } \
131
-} while (0)
132
-
133
-static void mmio_interface_init(Object *obj)
134
-{
135
- MMIOInterface *s = MMIO_INTERFACE(obj);
136
-
137
- if (DEBUG_MMIO_INTERFACE) {
138
- s->id = mmio_interface_counter++;
139
- }
140
-
141
- DPRINTF("interface created\n");
142
- s->host_ptr = 0;
143
- s->subregion = 0;
144
-}
145
-
146
-static void mmio_interface_realize(DeviceState *dev, Error **errp)
147
-{
148
- MMIOInterface *s = MMIO_INTERFACE(dev);
149
-
150
- DPRINTF("realize from 0x%" PRIX64 " to 0x%" PRIX64 " map host pointer"
151
- " %p\n", s->start, s->end, s->host_ptr);
152
-
153
- if (!s->host_ptr) {
154
- error_setg(errp, "host_ptr property must be set");
155
- return;
156
- }
157
-
158
- if (!s->subregion) {
159
- error_setg(errp, "subregion property must be set");
160
- return;
161
- }
162
-
163
- memory_region_init_ram_ptr(&s->ram_mem, OBJECT(s), "ram",
164
- s->end - s->start + 1, s->host_ptr);
165
- memory_region_set_readonly(&s->ram_mem, s->ro);
166
- memory_region_add_subregion(s->subregion, s->start, &s->ram_mem);
167
-}
168
-
169
-static void mmio_interface_unrealize(DeviceState *dev, Error **errp)
170
-{
171
- MMIOInterface *s = MMIO_INTERFACE(dev);
172
-
173
- DPRINTF("unrealize from 0x%" PRIX64 " to 0x%" PRIX64 " map host pointer"
174
- " %p\n", s->start, s->end, s->host_ptr);
175
- memory_region_del_subregion(s->subregion, &s->ram_mem);
176
-}
177
-
178
-static void mmio_interface_finalize(Object *obj)
179
-{
180
- MMIOInterface *s = MMIO_INTERFACE(obj);
181
-
182
- DPRINTF("finalize from 0x%" PRIX64 " to 0x%" PRIX64 " map host pointer"
183
- " %p\n", s->start, s->end, s->host_ptr);
184
- object_unparent(OBJECT(&s->ram_mem));
185
-}
186
-
187
-static Property mmio_interface_properties[] = {
188
- DEFINE_PROP_UINT64("start", MMIOInterface, start, 0),
189
- DEFINE_PROP_UINT64("end", MMIOInterface, end, 0),
190
- DEFINE_PROP_PTR("host_ptr", MMIOInterface, host_ptr),
191
- DEFINE_PROP_BOOL("ro", MMIOInterface, ro, false),
192
- DEFINE_PROP_MEMORY_REGION("subregion", MMIOInterface, subregion),
193
- DEFINE_PROP_END_OF_LIST(),
194
-};
195
-
196
-static void mmio_interface_class_init(ObjectClass *oc, void *data)
197
-{
198
- DeviceClass *dc = DEVICE_CLASS(oc);
199
-
200
- dc->realize = mmio_interface_realize;
201
- dc->unrealize = mmio_interface_unrealize;
202
- dc->props = mmio_interface_properties;
203
- /* Reason: pointer property "host_ptr", and this device
204
- * is an implementation detail of the memory subsystem,
205
- * not intended to be created directly by the user.
206
- */
207
- dc->user_creatable = false;
208
-}
209
-
210
-static const TypeInfo mmio_interface_info = {
211
- .name = TYPE_MMIO_INTERFACE,
212
- .parent = TYPE_DEVICE,
213
- .instance_size = sizeof(MMIOInterface),
214
- .instance_init = mmio_interface_init,
215
- .instance_finalize = mmio_interface_finalize,
216
- .class_init = mmio_interface_class_init,
217
-};
218
-
219
-static void mmio_interface_register_types(void)
220
-{
221
- type_register_static(&mmio_interface_info);
222
-}
223
-
224
-type_init(mmio_interface_register_types)
225
--
226
2.18.0
227
228
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 17/25] hw/timer/m48t59: Move away from old_mmio accessors
1
Move the m48t59 device away from using old_mmio MemoryRegionOps
2
accessors.
1
3
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
6
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
7
Message-id: 20180802180602.22047-1-peter.maydell@linaro.org
8
---
9
hw/timer/m48t59.c | 59 +++++++++--------------------------------------
10
1 file changed, 11 insertions(+), 48 deletions(-)
11
12
diff --git a/hw/timer/m48t59.c b/hw/timer/m48t59.c
13
index XXXXXXX..XXXXXXX 100644
14
--- a/hw/timer/m48t59.c
15
+++ b/hw/timer/m48t59.c
16
@@ -XXX,XX +XXX,XX @@ static uint64_t NVRAM_readb(void *opaque, hwaddr addr, unsigned size)
17
return retval;
18
}
19
20
-static void nvram_writeb (void *opaque, hwaddr addr, uint32_t value)
21
-{
22
- M48t59State *NVRAM = opaque;
23
-
24
- m48t59_write(NVRAM, addr, value & 0xff);
25
-}
26
-
27
-static void nvram_writew (void *opaque, hwaddr addr, uint32_t value)
28
-{
29
- M48t59State *NVRAM = opaque;
30
-
31
- m48t59_write(NVRAM, addr, (value >> 8) & 0xff);
32
- m48t59_write(NVRAM, addr + 1, value & 0xff);
33
-}
34
-
35
-static void nvram_writel (void *opaque, hwaddr addr, uint32_t value)
36
-{
37
- M48t59State *NVRAM = opaque;
38
-
39
- m48t59_write(NVRAM, addr, (value >> 24) & 0xff);
40
- m48t59_write(NVRAM, addr + 1, (value >> 16) & 0xff);
41
- m48t59_write(NVRAM, addr + 2, (value >> 8) & 0xff);
42
- m48t59_write(NVRAM, addr + 3, value & 0xff);
43
-}
44
-
45
-static uint32_t nvram_readb (void *opaque, hwaddr addr)
46
+static uint64_t nvram_read(void *opaque, hwaddr addr, unsigned size)
47
{
48
M48t59State *NVRAM = opaque;
49
50
return m48t59_read(NVRAM, addr);
51
}
52
53
-static uint32_t nvram_readw (void *opaque, hwaddr addr)
54
+static void nvram_write(void *opaque, hwaddr addr, uint64_t value,
55
+ unsigned size)
56
{
57
M48t59State *NVRAM = opaque;
58
- uint32_t retval;
59
60
- retval = m48t59_read(NVRAM, addr) << 8;
61
- retval |= m48t59_read(NVRAM, addr + 1);
62
- return retval;
63
-}
64
-
65
-static uint32_t nvram_readl (void *opaque, hwaddr addr)
66
-{
67
- M48t59State *NVRAM = opaque;
68
- uint32_t retval;
69
-
70
- retval = m48t59_read(NVRAM, addr) << 24;
71
- retval |= m48t59_read(NVRAM, addr + 1) << 16;
72
- retval |= m48t59_read(NVRAM, addr + 2) << 8;
73
- retval |= m48t59_read(NVRAM, addr + 3);
74
- return retval;
75
+ return m48t59_write(NVRAM, addr, value);
76
}
77
78
static const MemoryRegionOps nvram_ops = {
79
- .old_mmio = {
80
- .read = { nvram_readb, nvram_readw, nvram_readl, },
81
- .write = { nvram_writeb, nvram_writew, nvram_writel, },
82
- },
83
- .endianness = DEVICE_NATIVE_ENDIAN,
84
+ .read = nvram_read,
85
+ .write = nvram_write,
86
+ .impl.min_access_size = 1,
87
+ .impl.max_access_size = 1,
88
+ .valid.min_access_size = 1,
89
+ .valid.max_access_size = 4,
90
+ .endianness = DEVICE_BIG_ENDIAN,
91
};
92
93
static const VMStateDescription vmstate_m48t59 = {
94
--
95
2.18.0
96
97
diff view generated by jsdifflib
[Qemu-devel] [PULL 1/4] hw/misc: Add Exynos4210 Pseudo Random Number Generator
[Qemu-devel] [PULL 18/25] hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module
1
From: Krzysztof Kozlowski <krzk@kernel.org>
1
The Arm Cortex-M System Design Kit includes a simple watchdog module
2
based on a 32-bit down-counter. Implement this.
2
3
3
Add emulation for Exynos4210 Pseudo Random Number Generator which could
4
work on fixed seeds or with seeds provided by True Random Number
5
Generator block inside the SoC.
6
7
Implement only the fixed seeds part of it in polling mode (no
8
interrupts).
9
10
Emulation tested with two independent Linux kernel exynos-rng drivers:
11
1. New kcapi-rng interface (targeting Linux v4.12),
12
2. Old hwrng inteface
13
# echo "exynos" > /sys/class/misc/hw_random/rng_current
14
# dd if=/dev/hwrng of=/dev/null bs=1 count=16
15
16
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
17
Message-id: 20170425180609.11004-1-krzk@kernel.org
18
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
19
[PMM: wrapped a few overlong lines; more efficient implementation
20
of exynos4210_rng_seed_ready()]
21
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
---
5
---
23
hw/misc/Makefile.objs | 2 +-
6
Makefile.objs | 1 +
24
hw/arm/exynos4210.c | 4 +
7
hw/watchdog/Makefile.objs | 1 +
25
hw/misc/exynos4210_rng.c | 277 +++++++++++++++++++++++++++++++++++++++++++++++
8
include/hw/watchdog/cmsdk-apb-watchdog.h | 59 ++++
26
3 files changed, 282 insertions(+), 1 deletion(-)
9
hw/watchdog/cmsdk-apb-watchdog.c | 326 +++++++++++++++++++++++
27
create mode 100644 hw/misc/exynos4210_rng.c
10
MAINTAINERS | 2 +
11
default-configs/arm-softmmu.mak | 1 +
12
hw/watchdog/trace-events | 6 +
13
7 files changed, 396 insertions(+)
14
create mode 100644 include/hw/watchdog/cmsdk-apb-watchdog.h
15
create mode 100644 hw/watchdog/cmsdk-apb-watchdog.c
16
create mode 100644 hw/watchdog/trace-events
28
17
29
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
18
diff --git a/Makefile.objs b/Makefile.objs
30
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
31
--- a/hw/misc/Makefile.objs
20
--- a/Makefile.objs
32
+++ b/hw/misc/Makefile.objs
21
+++ b/Makefile.objs
33
@@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_IVSHMEM) += ivshmem.o
22
@@ -XXX,XX +XXX,XX @@ trace-events-subdirs += hw/tpm
34
obj-$(CONFIG_REALVIEW) += arm_sysctl.o
23
trace-events-subdirs += hw/usb
35
obj-$(CONFIG_NSERIES) += cbus.o
24
trace-events-subdirs += hw/vfio
36
obj-$(CONFIG_ECCMEMCTL) += eccmemctl.o
25
trace-events-subdirs += hw/virtio
37
-obj-$(CONFIG_EXYNOS4) += exynos4210_pmu.o exynos4210_clk.o
26
+trace-events-subdirs += hw/watchdog
38
+obj-$(CONFIG_EXYNOS4) += exynos4210_pmu.o exynos4210_clk.o exynos4210_rng.o
27
trace-events-subdirs += hw/xen
39
obj-$(CONFIG_IMX) += imx_ccm.o
28
trace-events-subdirs += io
40
obj-$(CONFIG_IMX) += imx31_ccm.o
29
trace-events-subdirs += linux-user
41
obj-$(CONFIG_IMX) += imx25_ccm.o
30
diff --git a/hw/watchdog/Makefile.objs b/hw/watchdog/Makefile.objs
42
diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
43
index XXXXXXX..XXXXXXX 100644
31
index XXXXXXX..XXXXXXX 100644
44
--- a/hw/arm/exynos4210.c
32
--- a/hw/watchdog/Makefile.objs
45
+++ b/hw/arm/exynos4210.c
33
+++ b/hw/watchdog/Makefile.objs
46
@@ -XXX,XX +XXX,XX @@
34
@@ -XXX,XX +XXX,XX @@
47
/* Clock controller SFR base address */
35
common-obj-y += watchdog.o
48
#define EXYNOS4210_CLK_BASE_ADDR 0x10030000
36
+common-obj-$(CONFIG_CMSDK_APB_WATCHDOG) += cmsdk-apb-watchdog.o
49
37
common-obj-$(CONFIG_WDT_IB6300ESB) += wdt_i6300esb.o
50
+/* PRNG/HASH SFR base address */
38
common-obj-$(CONFIG_WDT_IB700) += wdt_ib700.o
51
+#define EXYNOS4210_RNG_BASE_ADDR 0x10830400
39
common-obj-$(CONFIG_WDT_DIAG288) += wdt_diag288.o
52
+
40
diff --git a/include/hw/watchdog/cmsdk-apb-watchdog.h b/include/hw/watchdog/cmsdk-apb-watchdog.h
53
/* Display controllers (FIMD) */
54
#define EXYNOS4210_FIMD0_BASE_ADDR 0x11C00000
55
56
@@ -XXX,XX +XXX,XX @@ Exynos4210State *exynos4210_init(MemoryRegion *system_mem)
57
sysbus_create_simple("exynos4210.pmu", EXYNOS4210_PMU_BASE_ADDR, NULL);
58
59
sysbus_create_simple("exynos4210.clk", EXYNOS4210_CLK_BASE_ADDR, NULL);
60
+ sysbus_create_simple("exynos4210.rng", EXYNOS4210_RNG_BASE_ADDR, NULL);
61
62
/* PWM */
63
sysbus_create_varargs("exynos4210.pwm", EXYNOS4210_PWM_BASE_ADDR,
64
diff --git a/hw/misc/exynos4210_rng.c b/hw/misc/exynos4210_rng.c
65
new file mode 100644
41
new file mode 100644
66
index XXXXXXX..XXXXXXX
42
index XXXXXXX..XXXXXXX
67
--- /dev/null
43
--- /dev/null
68
+++ b/hw/misc/exynos4210_rng.c
44
+++ b/include/hw/watchdog/cmsdk-apb-watchdog.h
69
@@ -XXX,XX +XXX,XX @@
45
@@ -XXX,XX +XXX,XX @@
70
+/*
46
+/*
71
+ * Exynos4210 Pseudo Random Nubmer Generator Emulation
47
+ * ARM CMSDK APB watchdog emulation
72
+ *
48
+ *
73
+ * Copyright (c) 2017 Krzysztof Kozlowski <krzk@kernel.org>
49
+ * Copyright (c) 2018 Linaro Limited
74
+ *
50
+ * Written by Peter Maydell
75
+ * This program is free software; you can redistribute it and/or modify it
51
+ *
76
+ * under the terms of the GNU General Public License as published by the
52
+ * This program is free software; you can redistribute it and/or modify
77
+ * Free Software Foundation; either version 2 of the License, or
53
+ * it under the terms of the GNU General Public License version 2 or
78
+ * (at your option) any later version.
54
+ * (at your option) any later version.
79
+ *
80
+ * This program is distributed in the hope that it will be useful, but WITHOUT
81
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
82
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
83
+ * for more details.
84
+ *
85
+ * You should have received a copy of the GNU General Public License along
86
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
87
+ */
55
+ */
88
+
56
+
57
+/*
58
+ * This is a model of the "APB watchdog" which is part of the Cortex-M
59
+ * System Design Kit (CMSDK) and documented in the Cortex-M System
60
+ * Design Kit Technical Reference Manual (ARM DDI0479C):
61
+ * https://developer.arm.com/products/system-design/system-design-kits/cortex-m-system-design-kit
62
+ *
63
+ * QEMU interface:
64
+ * + QOM property "wdogclk-frq": frequency at which the watchdog is clocked
65
+ * + sysbus MMIO region 0: the register bank
66
+ * + sysbus IRQ 0: watchdog interrupt
67
+ *
68
+ * In real hardware the watchdog's reset output is just a GPIO line
69
+ * which can then be masked by the board or treated as a simple interrupt.
70
+ * (For instance the IoTKit does this with the non-secure watchdog, so that
71
+ * secure code can control whether non-secure code can perform a system
72
+ * reset via its watchdog.) In QEMU, we just wire up the watchdog reset
73
+ * to watchdog_perform_action(), at least for the moment.
74
+ */
75
+
76
+#ifndef CMSDK_APB_WATCHDOG_H
77
+#define CMSDK_APB_WATCHDOG_H
78
+
79
+#include "hw/sysbus.h"
80
+#include "hw/ptimer.h"
81
+
82
+#define TYPE_CMSDK_APB_WATCHDOG "cmsdk-apb-watchdog"
83
+#define CMSDK_APB_WATCHDOG(obj) OBJECT_CHECK(CMSDKAPBWatchdog, (obj), \
84
+ TYPE_CMSDK_APB_WATCHDOG)
85
+
86
+typedef struct CMSDKAPBWatchdog {
87
+ /*< private >*/
88
+ SysBusDevice parent_obj;
89
+
90
+ /*< public >*/
91
+ MemoryRegion iomem;
92
+ qemu_irq wdogint;
93
+ uint32_t wdogclk_frq;
94
+ struct ptimer_state *timer;
95
+
96
+ uint32_t control;
97
+ uint32_t intstatus;
98
+ uint32_t lock;
99
+ uint32_t itcr;
100
+ uint32_t itop;
101
+ uint32_t resetstatus;
102
+} CMSDKAPBWatchdog;
103
+
104
+#endif
105
diff --git a/hw/watchdog/cmsdk-apb-watchdog.c b/hw/watchdog/cmsdk-apb-watchdog.c
106
new file mode 100644
107
index XXXXXXX..XXXXXXX
108
--- /dev/null
109
+++ b/hw/watchdog/cmsdk-apb-watchdog.c
110
@@ -XXX,XX +XXX,XX @@
111
+/*
112
+ * ARM CMSDK APB watchdog emulation
113
+ *
114
+ * Copyright (c) 2018 Linaro Limited
115
+ * Written by Peter Maydell
116
+ *
117
+ * This program is free software; you can redistribute it and/or modify
118
+ * it under the terms of the GNU General Public License version 2 or
119
+ * (at your option) any later version.
120
+ */
121
+
122
+/*
123
+ * This is a model of the "APB watchdog" which is part of the Cortex-M
124
+ * System Design Kit (CMSDK) and documented in the Cortex-M System
125
+ * Design Kit Technical Reference Manual (ARM DDI0479C):
126
+ * https://developer.arm.com/products/system-design/system-design-kits/cortex-m-system-design-kit
127
+ */
128
+
89
+#include "qemu/osdep.h"
129
+#include "qemu/osdep.h"
90
+#include "crypto/random.h"
130
+#include "qemu/log.h"
131
+#include "trace.h"
132
+#include "qapi/error.h"
133
+#include "qemu/main-loop.h"
134
+#include "sysemu/watchdog.h"
91
+#include "hw/sysbus.h"
135
+#include "hw/sysbus.h"
92
+#include "qemu/log.h"
136
+#include "hw/registerfields.h"
93
+
137
+#include "hw/watchdog/cmsdk-apb-watchdog.h"
94
+#define DEBUG_EXYNOS_RNG 0
138
+
95
+
139
+REG32(WDOGLOAD, 0x0)
96
+#define DPRINTF(fmt, ...) \
140
+REG32(WDOGVALUE, 0x4)
97
+ do { \
141
+REG32(WDOGCONTROL, 0x8)
98
+ if (DEBUG_EXYNOS_RNG) { \
142
+ FIELD(WDOGCONTROL, INTEN, 0, 1)
99
+ printf("exynos4210_rng: " fmt, ## __VA_ARGS__); \
143
+ FIELD(WDOGCONTROL, RESEN, 1, 1)
100
+ } \
144
+#define R_WDOGCONTROL_VALID_MASK (R_WDOGCONTROL_INTEN_MASK | \
101
+ } while (0)
145
+ R_WDOGCONTROL_RESEN_MASK)
102
+
146
+REG32(WDOGINTCLR, 0xc)
103
+#define TYPE_EXYNOS4210_RNG "exynos4210.rng"
147
+REG32(WDOGRIS, 0x10)
104
+#define EXYNOS4210_RNG(obj) \
148
+ FIELD(WDOGRIS, INT, 0, 1)
105
+ OBJECT_CHECK(Exynos4210RngState, (obj), TYPE_EXYNOS4210_RNG)
149
+REG32(WDOGMIS, 0x14)
106
+
150
+REG32(WDOGLOCK, 0xc00)
107
+/*
151
+#define WDOG_UNLOCK_VALUE 0x1ACCE551
108
+ * Exynos4220, PRNG, only polling mode is supported.
152
+REG32(WDOGITCR, 0xf00)
109
+ */
153
+ FIELD(WDOGITCR, ENABLE, 0, 1)
110
+
154
+#define R_WDOGITCR_VALID_MASK R_WDOGITCR_ENABLE_MASK
111
+/* RNG_CONTROL_1 register bitfields, reset value: 0x0 */
155
+REG32(WDOGITOP, 0xf04)
112
+#define EXYNOS4210_RNG_CONTROL_1_PRNG 0x8
156
+ FIELD(WDOGITOP, WDOGRES, 0, 1)
113
+#define EXYNOS4210_RNG_CONTROL_1_START_INIT BIT(4)
157
+ FIELD(WDOGITOP, WDOGINT, 1, 1)
114
+/* RNG_STATUS register bitfields, reset value: 0x1 */
158
+#define R_WDOGITOP_VALID_MASK (R_WDOGITOP_WDOGRES_MASK | \
115
+#define EXYNOS4210_RNG_STATUS_PRNG_ERROR BIT(7)
159
+ R_WDOGITOP_WDOGINT_MASK)
116
+#define EXYNOS4210_RNG_STATUS_PRNG_DONE BIT(5)
160
+REG32(PID4, 0xfd0)
117
+#define EXYNOS4210_RNG_STATUS_MSG_DONE BIT(4)
161
+REG32(PID5, 0xfd4)
118
+#define EXYNOS4210_RNG_STATUS_PARTIAL_DONE BIT(3)
162
+REG32(PID6, 0xfd8)
119
+#define EXYNOS4210_RNG_STATUS_PRNG_BUSY BIT(2)
163
+REG32(PID7, 0xfdc)
120
+#define EXYNOS4210_RNG_STATUS_SEED_SETTING_DONE BIT(1)
164
+REG32(PID0, 0xfe0)
121
+#define EXYNOS4210_RNG_STATUS_BUFFER_READY BIT(0)
165
+REG32(PID1, 0xfe4)
122
+#define EXYNOS4210_RNG_STATUS_WRITE_MASK (EXYNOS4210_RNG_STATUS_PRNG_DONE \
166
+REG32(PID2, 0xfe8)
123
+ | EXYNOS4210_RNG_STATUS_MSG_DONE \
167
+REG32(PID3, 0xfec)
124
+ | EXYNOS4210_RNG_STATUS_PARTIAL_DONE)
168
+REG32(CID0, 0xff0)
125
+
169
+REG32(CID1, 0xff4)
126
+#define EXYNOS4210_RNG_CONTROL_1 0x0
170
+REG32(CID2, 0xff8)
127
+#define EXYNOS4210_RNG_STATUS 0x10
171
+REG32(CID3, 0xffc)
128
+#define EXYNOS4210_RNG_SEED_IN 0x140
172
+
129
+#define EXYNOS4210_RNG_SEED_IN_OFFSET(n) (EXYNOS4210_RNG_SEED_IN + (n * 0x4))
173
+/* PID/CID values */
130
+#define EXYNOS4210_RNG_PRNG 0x160
174
+static const int watchdog_id[] = {
131
+#define EXYNOS4210_RNG_PRNG_OFFSET(n) (EXYNOS4210_RNG_PRNG + (n * 0x4))
175
+ 0x04, 0x00, 0x00, 0x00, /* PID4..PID7 */
132
+
176
+ 0x24, 0xb8, 0x1b, 0x00, /* PID0..PID3 */
133
+#define EXYNOS4210_RNG_PRNG_NUM 5
177
+ 0x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */
134
+
178
+};
135
+#define EXYNOS4210_RNG_REGS_MEM_SIZE 0x200
179
+
136
+
180
+static bool cmsdk_apb_watchdog_intstatus(CMSDKAPBWatchdog *s)
137
+typedef struct Exynos4210RngState {
181
+{
138
+ SysBusDevice parent_obj;
182
+ /* Return masked interrupt status */
139
+ MemoryRegion iomem;
183
+ return s->intstatus && (s->control & R_WDOGCONTROL_INTEN_MASK);
140
+
184
+}
141
+ int32_t randr_value[EXYNOS4210_RNG_PRNG_NUM];
185
+
142
+ /* bits from 0 to EXYNOS4210_RNG_PRNG_NUM if given seed register was set */
186
+static bool cmsdk_apb_watchdog_resetstatus(CMSDKAPBWatchdog *s)
143
+ uint32_t seed_set;
187
+{
144
+
188
+ /* Return masked reset status */
145
+ /* Register values */
189
+ return s->resetstatus && (s->control & R_WDOGCONTROL_RESEN_MASK);
146
+ uint32_t reg_control;
190
+}
147
+ uint32_t reg_status;
191
+
148
+} Exynos4210RngState;
192
+static void cmsdk_apb_watchdog_update(CMSDKAPBWatchdog *s)
149
+
193
+{
150
+static bool exynos4210_rng_seed_ready(const Exynos4210RngState *s)
194
+ bool wdogint;
151
+{
195
+ bool wdogres;
152
+ uint32_t mask = MAKE_64BIT_MASK(0, EXYNOS4210_RNG_PRNG_NUM);
196
+
153
+
197
+ if (s->itcr) {
154
+ /* Return true if all the seed-set bits are set. */
198
+ wdogint = s->itop & R_WDOGITOP_WDOGINT_MASK;
155
+ return (s->seed_set & mask) == mask;
199
+ wdogres = s->itop & R_WDOGITOP_WDOGRES_MASK;
156
+}
157
+
158
+static void exynos4210_rng_set_seed(Exynos4210RngState *s, unsigned int i,
159
+ uint64_t val)
160
+{
161
+ /*
162
+ * We actually ignore the seed and always generate true random numbers.
163
+ * Theoretically this should not match the device as Exynos has
164
+ * a Pseudo Random Number Generator but testing shown that it always
165
+ * generates random numbers regardless of the seed value.
166
+ */
167
+ s->seed_set |= BIT(i);
168
+
169
+ /* If all seeds were written, update the status to reflect it */
170
+ if (exynos4210_rng_seed_ready(s)) {
171
+ s->reg_status |= EXYNOS4210_RNG_STATUS_SEED_SETTING_DONE;
172
+ } else {
200
+ } else {
173
+ s->reg_status &= ~EXYNOS4210_RNG_STATUS_SEED_SETTING_DONE;
201
+ wdogint = cmsdk_apb_watchdog_intstatus(s);
174
+ }
202
+ wdogres = cmsdk_apb_watchdog_resetstatus(s);
175
+}
203
+ }
176
+
204
+
177
+static void exynos4210_rng_run_engine(Exynos4210RngState *s)
205
+ qemu_set_irq(s->wdogint, wdogint);
178
+{
206
+ if (wdogres) {
179
+ Error *err = NULL;
207
+ watchdog_perform_action();
180
+ int ret;
208
+ }
181
+
209
+}
182
+ /* Seed set? */
210
+
183
+ if ((s->reg_status & EXYNOS4210_RNG_STATUS_SEED_SETTING_DONE) == 0) {
211
+static uint64_t cmsdk_apb_watchdog_read(void *opaque, hwaddr offset,
184
+ goto out;
212
+ unsigned size)
185
+ }
213
+{
186
+
214
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(opaque);
187
+ /* PRNG engine chosen? */
215
+ uint64_t r;
188
+ if ((s->reg_control & EXYNOS4210_RNG_CONTROL_1_PRNG) == 0) {
189
+ goto out;
190
+ }
191
+
192
+ /* PRNG engine started? */
193
+ if ((s->reg_control & EXYNOS4210_RNG_CONTROL_1_START_INIT) == 0) {
194
+ goto out;
195
+ }
196
+
197
+ /* Get randoms */
198
+ ret = qcrypto_random_bytes((uint8_t *)s->randr_value,
199
+ sizeof(s->randr_value), &err);
200
+ if (!ret) {
201
+ /* Notify that PRNG is ready */
202
+ s->reg_status |= EXYNOS4210_RNG_STATUS_PRNG_DONE;
203
+ } else {
204
+ error_report_err(err);
205
+ }
206
+
207
+out:
208
+ /* Always clear start engine bit */
209
+ s->reg_control &= ~EXYNOS4210_RNG_CONTROL_1_START_INIT;
210
+}
211
+
212
+static uint64_t exynos4210_rng_read(void *opaque, hwaddr offset,
213
+ unsigned size)
214
+{
215
+ Exynos4210RngState *s = (Exynos4210RngState *)opaque;
216
+ uint32_t val = 0;
217
+
218
+ assert(size == 4);
219
+
216
+
220
+ switch (offset) {
217
+ switch (offset) {
221
+ case EXYNOS4210_RNG_CONTROL_1:
218
+ case A_WDOGLOAD:
222
+ val = s->reg_control;
219
+ r = ptimer_get_limit(s->timer);
223
+ break;
220
+ break;
224
+
221
+ case A_WDOGVALUE:
225
+ case EXYNOS4210_RNG_STATUS:
222
+ r = ptimer_get_count(s->timer);
226
+ val = s->reg_status;
223
+ break;
227
+ break;
224
+ case A_WDOGCONTROL:
228
+
225
+ r = s->control;
229
+ case EXYNOS4210_RNG_PRNG_OFFSET(0):
226
+ break;
230
+ case EXYNOS4210_RNG_PRNG_OFFSET(1):
227
+ case A_WDOGRIS:
231
+ case EXYNOS4210_RNG_PRNG_OFFSET(2):
228
+ r = s->intstatus;
232
+ case EXYNOS4210_RNG_PRNG_OFFSET(3):
229
+ break;
233
+ case EXYNOS4210_RNG_PRNG_OFFSET(4):
230
+ case A_WDOGMIS:
234
+ val = s->randr_value[(offset - EXYNOS4210_RNG_PRNG_OFFSET(0)) / 4];
231
+ r = cmsdk_apb_watchdog_intstatus(s);
235
+ DPRINTF("returning random @0x%" HWADDR_PRIx ": 0x%" PRIx32 "\n",
232
+ break;
236
+ offset, val);
233
+ case A_WDOGLOCK:
237
+ break;
234
+ r = s->lock;
238
+
235
+ break;
236
+ case A_WDOGITCR:
237
+ r = s->itcr;
238
+ break;
239
+ case A_PID4 ... A_CID3:
240
+ r = watchdog_id[(offset - A_PID4) / 4];
241
+ break;
242
+ case A_WDOGINTCLR:
243
+ case A_WDOGITOP:
244
+ qemu_log_mask(LOG_GUEST_ERROR,
245
+ "CMSDK APB watchdog read: read of WO offset %x\n",
246
+ (int)offset);
247
+ r = 0;
248
+ break;
239
+ default:
249
+ default:
240
+ qemu_log_mask(LOG_GUEST_ERROR,
250
+ qemu_log_mask(LOG_GUEST_ERROR,
241
+ "%s: bad read offset 0x%" HWADDR_PRIx "\n",
251
+ "CMSDK APB watchdog read: bad offset %x\n", (int)offset);
242
+ __func__, offset);
252
+ r = 0;
243
+ }
253
+ break;
244
+
254
+ }
245
+ return val;
255
+ trace_cmsdk_apb_watchdog_read(offset, r, size);
246
+}
256
+ return r;
247
+
257
+}
248
+static void exynos4210_rng_write(void *opaque, hwaddr offset,
258
+
249
+ uint64_t val, unsigned size)
259
+static void cmsdk_apb_watchdog_write(void *opaque, hwaddr offset,
250
+{
260
+ uint64_t value, unsigned size)
251
+ Exynos4210RngState *s = (Exynos4210RngState *)opaque;
261
+{
252
+
262
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(opaque);
253
+ assert(size == 4);
263
+
264
+ trace_cmsdk_apb_watchdog_write(offset, value, size);
265
+
266
+ if (s->lock && offset != A_WDOGLOCK) {
267
+ /* Write access is disabled via WDOGLOCK */
268
+ qemu_log_mask(LOG_GUEST_ERROR,
269
+ "CMSDK APB watchdog write: write to locked watchdog\n");
270
+ return;
271
+ }
254
+
272
+
255
+ switch (offset) {
273
+ switch (offset) {
256
+ case EXYNOS4210_RNG_CONTROL_1:
274
+ case A_WDOGLOAD:
257
+ DPRINTF("RNG_CONTROL_1 = 0x%" PRIx64 "\n", val);
275
+ /*
258
+ s->reg_control = val;
276
+ * Reset the load value and the current count, and make sure
259
+ exynos4210_rng_run_engine(s);
277
+ * we're counting.
260
+ break;
278
+ */
261
+
279
+ ptimer_set_limit(s->timer, value, 1);
262
+ case EXYNOS4210_RNG_STATUS:
280
+ ptimer_run(s->timer, 0);
263
+ /* For clearing status fields */
281
+ break;
264
+ s->reg_status &= ~EXYNOS4210_RNG_STATUS_WRITE_MASK;
282
+ case A_WDOGCONTROL:
265
+ s->reg_status |= val & EXYNOS4210_RNG_STATUS_WRITE_MASK;
283
+ s->control = value & R_WDOGCONTROL_VALID_MASK;
266
+ break;
284
+ cmsdk_apb_watchdog_update(s);
267
+
285
+ break;
268
+ case EXYNOS4210_RNG_SEED_IN_OFFSET(0):
286
+ case A_WDOGINTCLR:
269
+ case EXYNOS4210_RNG_SEED_IN_OFFSET(1):
287
+ s->intstatus = 0;
270
+ case EXYNOS4210_RNG_SEED_IN_OFFSET(2):
288
+ ptimer_set_count(s->timer, ptimer_get_limit(s->timer));
271
+ case EXYNOS4210_RNG_SEED_IN_OFFSET(3):
289
+ cmsdk_apb_watchdog_update(s);
272
+ case EXYNOS4210_RNG_SEED_IN_OFFSET(4):
290
+ break;
273
+ exynos4210_rng_set_seed(s,
291
+ case A_WDOGLOCK:
274
+ (offset - EXYNOS4210_RNG_SEED_IN_OFFSET(0)) / 4,
292
+ s->lock = (value != WDOG_UNLOCK_VALUE);
275
+ val);
293
+ break;
276
+ break;
294
+ case A_WDOGITCR:
277
+
295
+ s->itcr = value & R_WDOGITCR_VALID_MASK;
296
+ cmsdk_apb_watchdog_update(s);
297
+ break;
298
+ case A_WDOGITOP:
299
+ s->itop = value & R_WDOGITOP_VALID_MASK;
300
+ cmsdk_apb_watchdog_update(s);
301
+ break;
302
+ case A_WDOGVALUE:
303
+ case A_WDOGRIS:
304
+ case A_WDOGMIS:
305
+ case A_PID4 ... A_CID3:
306
+ qemu_log_mask(LOG_GUEST_ERROR,
307
+ "CMSDK APB watchdog write: write to RO offset 0x%x\n",
308
+ (int)offset);
309
+ break;
278
+ default:
310
+ default:
279
+ qemu_log_mask(LOG_GUEST_ERROR,
311
+ qemu_log_mask(LOG_GUEST_ERROR,
280
+ "%s: bad write offset 0x%" HWADDR_PRIx "\n",
312
+ "CMSDK APB watchdog write: bad offset 0x%x\n",
281
+ __func__, offset);
313
+ (int)offset);
282
+ }
314
+ break;
283
+}
315
+ }
284
+
316
+}
285
+static const MemoryRegionOps exynos4210_rng_ops = {
317
+
286
+ .read = exynos4210_rng_read,
318
+static const MemoryRegionOps cmsdk_apb_watchdog_ops = {
287
+ .write = exynos4210_rng_write,
319
+ .read = cmsdk_apb_watchdog_read,
288
+ .endianness = DEVICE_NATIVE_ENDIAN,
320
+ .write = cmsdk_apb_watchdog_write,
321
+ .endianness = DEVICE_LITTLE_ENDIAN,
322
+ /* byte/halfword accesses are just zero-padded on reads and writes */
323
+ .impl.min_access_size = 4,
324
+ .impl.max_access_size = 4,
325
+ .valid.min_access_size = 1,
326
+ .valid.max_access_size = 4,
289
+};
327
+};
290
+
328
+
291
+static void exynos4210_rng_reset(DeviceState *dev)
329
+static void cmsdk_apb_watchdog_tick(void *opaque)
292
+{
330
+{
293
+ Exynos4210RngState *s = EXYNOS4210_RNG(dev);
331
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(opaque);
294
+
332
+
295
+ s->reg_control = 0;
333
+ if (!s->intstatus) {
296
+ s->reg_status = EXYNOS4210_RNG_STATUS_BUFFER_READY;
334
+ /* Count expired for the first time: raise interrupt */
297
+ memset(s->randr_value, 0, sizeof(s->randr_value));
335
+ s->intstatus = R_WDOGRIS_INT_MASK;
298
+ s->seed_set = 0;
336
+ } else {
299
+}
337
+ /* Count expired for the second time: raise reset and stop clock */
300
+
338
+ s->resetstatus = 1;
301
+static void exynos4210_rng_init(Object *obj)
339
+ ptimer_stop(s->timer);
302
+{
340
+ }
303
+ Exynos4210RngState *s = EXYNOS4210_RNG(obj);
341
+ cmsdk_apb_watchdog_update(s);
304
+ SysBusDevice *dev = SYS_BUS_DEVICE(obj);
342
+}
305
+
343
+
306
+ memory_region_init_io(&s->iomem, obj, &exynos4210_rng_ops, s,
344
+static void cmsdk_apb_watchdog_reset(DeviceState *dev)
307
+ TYPE_EXYNOS4210_RNG, EXYNOS4210_RNG_REGS_MEM_SIZE);
345
+{
308
+ sysbus_init_mmio(dev, &s->iomem);
346
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(dev);
309
+}
347
+
310
+
348
+ trace_cmsdk_apb_watchdog_reset();
311
+static const VMStateDescription exynos4210_rng_vmstate = {
349
+ s->control = 0;
312
+ .name = TYPE_EXYNOS4210_RNG,
350
+ s->intstatus = 0;
351
+ s->lock = 0;
352
+ s->itcr = 0;
353
+ s->itop = 0;
354
+ s->resetstatus = 0;
355
+ /* Set the limit and the count */
356
+ ptimer_set_limit(s->timer, 0xffffffff, 1);
357
+ ptimer_run(s->timer, 0);
358
+}
359
+
360
+static void cmsdk_apb_watchdog_init(Object *obj)
361
+{
362
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
363
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(obj);
364
+
365
+ memory_region_init_io(&s->iomem, obj, &cmsdk_apb_watchdog_ops,
366
+ s, "cmsdk-apb-watchdog", 0x1000);
367
+ sysbus_init_mmio(sbd, &s->iomem);
368
+ sysbus_init_irq(sbd, &s->wdogint);
369
+}
370
+
371
+static void cmsdk_apb_watchdog_realize(DeviceState *dev, Error **errp)
372
+{
373
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(dev);
374
+ QEMUBH *bh;
375
+
376
+ if (s->wdogclk_frq == 0) {
377
+ error_setg(errp,
378
+ "CMSDK APB watchdog: wdogclk-frq property must be set");
379
+ return;
380
+ }
381
+
382
+ bh = qemu_bh_new(cmsdk_apb_watchdog_tick, s);
383
+ s->timer = ptimer_init(bh,
384
+ PTIMER_POLICY_WRAP_AFTER_ONE_PERIOD |
385
+ PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT |
386
+ PTIMER_POLICY_NO_IMMEDIATE_RELOAD |
387
+ PTIMER_POLICY_NO_COUNTER_ROUND_DOWN);
388
+
389
+ ptimer_set_freq(s->timer, s->wdogclk_frq);
390
+}
391
+
392
+static const VMStateDescription cmsdk_apb_watchdog_vmstate = {
393
+ .name = "cmsdk-apb-watchdog",
313
+ .version_id = 1,
394
+ .version_id = 1,
314
+ .minimum_version_id = 1,
395
+ .minimum_version_id = 1,
315
+ .fields = (VMStateField[]) {
396
+ .fields = (VMStateField[]) {
316
+ VMSTATE_INT32_ARRAY(randr_value, Exynos4210RngState,
397
+ VMSTATE_PTIMER(timer, CMSDKAPBWatchdog),
317
+ EXYNOS4210_RNG_PRNG_NUM),
398
+ VMSTATE_UINT32(control, CMSDKAPBWatchdog),
318
+ VMSTATE_UINT32(seed_set, Exynos4210RngState),
399
+ VMSTATE_UINT32(intstatus, CMSDKAPBWatchdog),
319
+ VMSTATE_UINT32(reg_status, Exynos4210RngState),
400
+ VMSTATE_UINT32(lock, CMSDKAPBWatchdog),
320
+ VMSTATE_UINT32(reg_control, Exynos4210RngState),
401
+ VMSTATE_UINT32(itcr, CMSDKAPBWatchdog),
402
+ VMSTATE_UINT32(itop, CMSDKAPBWatchdog),
403
+ VMSTATE_UINT32(resetstatus, CMSDKAPBWatchdog),
321
+ VMSTATE_END_OF_LIST()
404
+ VMSTATE_END_OF_LIST()
322
+ }
405
+ }
323
+};
406
+};
324
+
407
+
325
+static void exynos4210_rng_class_init(ObjectClass *klass, void *data)
408
+static Property cmsdk_apb_watchdog_properties[] = {
409
+ DEFINE_PROP_UINT32("wdogclk-frq", CMSDKAPBWatchdog, wdogclk_frq, 0),
410
+ DEFINE_PROP_END_OF_LIST(),
411
+};
412
+
413
+static void cmsdk_apb_watchdog_class_init(ObjectClass *klass, void *data)
326
+{
414
+{
327
+ DeviceClass *dc = DEVICE_CLASS(klass);
415
+ DeviceClass *dc = DEVICE_CLASS(klass);
328
+
416
+
329
+ dc->reset = exynos4210_rng_reset;
417
+ dc->realize = cmsdk_apb_watchdog_realize;
330
+ dc->vmsd = &exynos4210_rng_vmstate;
418
+ dc->vmsd = &cmsdk_apb_watchdog_vmstate;
331
+}
419
+ dc->reset = cmsdk_apb_watchdog_reset;
332
+
420
+ dc->props = cmsdk_apb_watchdog_properties;
333
+static const TypeInfo exynos4210_rng_info = {
421
+}
334
+ .name = TYPE_EXYNOS4210_RNG,
422
+
335
+ .parent = TYPE_SYS_BUS_DEVICE,
423
+static const TypeInfo cmsdk_apb_watchdog_info = {
336
+ .instance_size = sizeof(Exynos4210RngState),
424
+ .name = TYPE_CMSDK_APB_WATCHDOG,
337
+ .instance_init = exynos4210_rng_init,
425
+ .parent = TYPE_SYS_BUS_DEVICE,
338
+ .class_init = exynos4210_rng_class_init,
426
+ .instance_size = sizeof(CMSDKAPBWatchdog),
427
+ .instance_init = cmsdk_apb_watchdog_init,
428
+ .class_init = cmsdk_apb_watchdog_class_init,
339
+};
429
+};
340
+
430
+
341
+static void exynos4210_rng_register(void)
431
+static void cmsdk_apb_watchdog_register_types(void)
342
+{
432
+{
343
+ type_register_static(&exynos4210_rng_info);
433
+ type_register_static(&cmsdk_apb_watchdog_info);
344
+}
434
+}
345
+
435
+
346
+type_init(exynos4210_rng_register)
436
+type_init(cmsdk_apb_watchdog_register_types);
437
diff --git a/MAINTAINERS b/MAINTAINERS
438
index XXXXXXX..XXXXXXX 100644
439
--- a/MAINTAINERS
440
+++ b/MAINTAINERS
441
@@ -XXX,XX +XXX,XX @@ F: hw/timer/cmsdk-apb-timer.c
442
F: include/hw/timer/cmsdk-apb-timer.h
443
F: hw/char/cmsdk-apb-uart.c
444
F: include/hw/char/cmsdk-apb-uart.h
445
+F: hw/watchdog/cmsdk-apb-watchdog.c
446
+F: include/hw/watchdog/cmsdk-apb-watchdog.h
447
F: hw/misc/tz-ppc.c
448
F: include/hw/misc/tz-ppc.h
449
F: hw/misc/tz-mpc.c
450
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
451
index XXXXXXX..XXXXXXX 100644
452
--- a/default-configs/arm-softmmu.mak
453
+++ b/default-configs/arm-softmmu.mak
454
@@ -XXX,XX +XXX,XX @@ CONFIG_STM32F205_SOC=y
455
456
CONFIG_CMSDK_APB_TIMER=y
457
CONFIG_CMSDK_APB_UART=y
458
+CONFIG_CMSDK_APB_WATCHDOG=y
459
460
CONFIG_MPS2_FPGAIO=y
461
CONFIG_MPS2_SCC=y
462
diff --git a/hw/watchdog/trace-events b/hw/watchdog/trace-events
463
new file mode 100644
464
index XXXXXXX..XXXXXXX
465
--- /dev/null
466
+++ b/hw/watchdog/trace-events
467
@@ -XXX,XX +XXX,XX @@
468
+# See docs/devel/tracing.txt for syntax documentation.
469
+
470
+# hw/char/cmsdk_apb_watchdog.c
471
+cmsdk_apb_watchdog_read(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB watchdog read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
472
+cmsdk_apb_watchdog_write(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB watchdog write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
473
+cmsdk_apb_watchdog_reset(void) "CMSDK APB watchdog: reset"
347
--
474
--
348
2.7.4
475
2.18.0
349
476
350
477
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 19/25] nvic: Expose NMI line
1
On real v7M hardware, the NMI line is an externally visible signal
2
that an SoC or board can toggle to assert an NMI. Expose it in
3
our QEMU NVIC and armv7m container objects so that a board model
4
can wire it up if it needs to.
1
5
6
In particular, the MPS2 watchdog is wired to NMI.
7
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
---
11
hw/arm/armv7m.c | 1 +
12
hw/intc/armv7m_nvic.c | 19 +++++++++++++++++++
13
hw/intc/trace-events | 1 +
14
3 files changed, 21 insertions(+)
15
16
diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/hw/arm/armv7m.c
19
+++ b/hw/arm/armv7m.c
20
@@ -XXX,XX +XXX,XX @@ static void armv7m_realize(DeviceState *dev, Error **errp)
21
*/
22
qdev_pass_gpios(DEVICE(&s->nvic), dev, NULL);
23
qdev_pass_gpios(DEVICE(&s->nvic), dev, "SYSRESETREQ");
24
+ qdev_pass_gpios(DEVICE(&s->nvic), dev, "NMI");
25
26
/* Wire the NVIC up to the CPU */
27
sbd = SYS_BUS_DEVICE(&s->nvic);
28
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
29
index XXXXXXX..XXXXXXX 100644
30
--- a/hw/intc/armv7m_nvic.c
31
+++ b/hw/intc/armv7m_nvic.c
32
@@ -XXX,XX +XXX,XX @@ static void set_irq_level(void *opaque, int n, int level)
33
}
34
}
35
36
+/* callback when external NMI line is changed */
37
+static void nvic_nmi_trigger(void *opaque, int n, int level)
38
+{
39
+ NVICState *s = opaque;
40
+
41
+ trace_nvic_set_nmi_level(level);
42
+
43
+ /*
44
+ * The architecture doesn't specify whether NMI should share
45
+ * the normal-interrupt behaviour of being resampled on
46
+ * exception handler return. We choose not to, so just
47
+ * set NMI pending here and don't track the current level.
48
+ */
49
+ if (level) {
50
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI, false);
51
+ }
52
+}
53
+
54
static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
55
{
56
ARMCPU *cpu = s->cpu;
57
@@ -XXX,XX +XXX,XX @@ static void armv7m_nvic_instance_init(Object *obj)
58
qdev_init_gpio_out_named(dev, &nvic->sysresetreq, "SYSRESETREQ", 1);
59
qdev_init_gpio_in_named(dev, nvic_systick_trigger, "systick-trigger",
60
M_REG_NUM_BANKS);
61
+ qdev_init_gpio_in_named(dev, nvic_nmi_trigger, "NMI", 1);
62
}
63
64
static void armv7m_nvic_class_init(ObjectClass *klass, void *data)
65
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
66
index XXXXXXX..XXXXXXX 100644
67
--- a/hw/intc/trace-events
68
+++ b/hw/intc/trace-events
69
@@ -XXX,XX +XXX,XX @@ nvic_acknowledge_irq(int irq, int prio) "NVIC acknowledge IRQ: %d now active (pr
70
nvic_get_pending_irq_info(int irq, bool secure) "NVIC next IRQ %d: targets_secure: %d"
71
nvic_complete_irq(int irq, bool secure) "NVIC complete IRQ %d (secure %d)"
72
nvic_set_irq_level(int irq, int level) "NVIC external irq %d level set to %d"
73
+nvic_set_nmi_level(int level) "NVIC external NMI level set to %d"
74
nvic_sysreg_read(uint64_t addr, uint32_t value, unsigned size) "NVIC sysreg read addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u"
75
nvic_sysreg_write(uint64_t addr, uint32_t value, unsigned size) "NVIC sysreg write addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u"
76
77
--
78
2.18.0
79
80
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 20/25] hw/dma/pl080: Allow use as embedded-struct device
1
Create a new include file for the pl081's device struct,
2
type macros, etc, so that it can be instantiated using
3
the "embedded struct" coding style.
1
4
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
---
8
include/hw/dma/pl080.h | 62 ++++++++++++++++++++++++++++++++++++++++++
9
hw/dma/pl080.c | 34 ++---------------------
10
MAINTAINERS | 1 +
11
3 files changed, 65 insertions(+), 32 deletions(-)
12
create mode 100644 include/hw/dma/pl080.h
13
14
diff --git a/include/hw/dma/pl080.h b/include/hw/dma/pl080.h
15
new file mode 100644
16
index XXXXXXX..XXXXXXX
17
--- /dev/null
18
+++ b/include/hw/dma/pl080.h
19
@@ -XXX,XX +XXX,XX @@
20
+/*
21
+ * ARM PrimeCell PL080/PL081 DMA controller
22
+ *
23
+ * Copyright (c) 2006 CodeSourcery.
24
+ * Copyright (c) 2018 Linaro Limited
25
+ * Written by Paul Brook, Peter Maydell
26
+ *
27
+ * This program is free software; you can redistribute it and/or modify
28
+ * it under the terms of the GNU General Public License version 2 or
29
+ * (at your option) any later version.
30
+ */
31
+
32
+/* This is a model of the Arm PrimeCell PL080/PL081 DMA controller:
33
+ * The PL080 TRM is:
34
+ * http://infocenter.arm.com/help/topic/com.arm.doc.ddi0196g/DDI0196.pdf
35
+ * and the PL081 TRM is:
36
+ * http://infocenter.arm.com/help/topic/com.arm.doc.ddi0218e/DDI0218.pdf
37
+ *
38
+ * QEMU interface:
39
+ * + sysbus IRQ: DMACINTR combined interrupt line
40
+ * + sysbus MMIO region 0: MemoryRegion for the device's registers
41
+ */
42
+
43
+#ifndef HW_DMA_PL080_H
44
+#define HW_DMA_PL080_H
45
+
46
+#include "hw/sysbus.h"
47
+
48
+#define PL080_MAX_CHANNELS 8
49
+
50
+typedef struct {
51
+ uint32_t src;
52
+ uint32_t dest;
53
+ uint32_t lli;
54
+ uint32_t ctrl;
55
+ uint32_t conf;
56
+} pl080_channel;
57
+
58
+#define TYPE_PL080 "pl080"
59
+#define TYPE_PL081 "pl081"
60
+#define PL080(obj) OBJECT_CHECK(PL080State, (obj), TYPE_PL080)
61
+
62
+typedef struct PL080State {
63
+ SysBusDevice parent_obj;
64
+
65
+ MemoryRegion iomem;
66
+ uint8_t tc_int;
67
+ uint8_t tc_mask;
68
+ uint8_t err_int;
69
+ uint8_t err_mask;
70
+ uint32_t conf;
71
+ uint32_t sync;
72
+ uint32_t req_single;
73
+ uint32_t req_burst;
74
+ pl080_channel chan[PL080_MAX_CHANNELS];
75
+ int nchannels;
76
+ /* Flag to avoid recursive DMA invocations. */
77
+ int running;
78
+ qemu_irq irq;
79
+} PL080State;
80
+
81
+#endif
82
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
83
index XXXXXXX..XXXXXXX 100644
84
--- a/hw/dma/pl080.c
85
+++ b/hw/dma/pl080.c
86
@@ -XXX,XX +XXX,XX @@
87
#include "hw/sysbus.h"
88
#include "exec/address-spaces.h"
89
#include "qemu/log.h"
90
+#include "hw/dma/pl080.h"
91
92
-#define PL080_MAX_CHANNELS 8
93
#define PL080_CONF_E 0x1
94
#define PL080_CONF_M1 0x2
95
#define PL080_CONF_M2 0x4
96
@@ -XXX,XX +XXX,XX @@
97
#define PL080_CCTRL_D 0x02000000
98
#define PL080_CCTRL_S 0x01000000
99
100
-typedef struct {
101
- uint32_t src;
102
- uint32_t dest;
103
- uint32_t lli;
104
- uint32_t ctrl;
105
- uint32_t conf;
106
-} pl080_channel;
107
-
108
-#define TYPE_PL080 "pl080"
109
-#define PL080(obj) OBJECT_CHECK(PL080State, (obj), TYPE_PL080)
110
-
111
-typedef struct PL080State {
112
- SysBusDevice parent_obj;
113
-
114
- MemoryRegion iomem;
115
- uint8_t tc_int;
116
- uint8_t tc_mask;
117
- uint8_t err_int;
118
- uint8_t err_mask;
119
- uint32_t conf;
120
- uint32_t sync;
121
- uint32_t req_single;
122
- uint32_t req_burst;
123
- pl080_channel chan[PL080_MAX_CHANNELS];
124
- int nchannels;
125
- /* Flag to avoid recursive DMA invocations. */
126
- int running;
127
- qemu_irq irq;
128
-} PL080State;
129
-
130
static const VMStateDescription vmstate_pl080_channel = {
131
.name = "pl080_channel",
132
.version_id = 1,
133
@@ -XXX,XX +XXX,XX @@ static const TypeInfo pl080_info = {
134
};
135
136
static const TypeInfo pl081_info = {
137
- .name = "pl081",
138
+ .name = TYPE_PL081,
139
.parent = TYPE_PL080,
140
.instance_init = pl081_init,
141
};
142
diff --git a/MAINTAINERS b/MAINTAINERS
143
index XXXXXXX..XXXXXXX 100644
144
--- a/MAINTAINERS
145
+++ b/MAINTAINERS
146
@@ -XXX,XX +XXX,XX @@ F: hw/char/pl011.c
147
F: include/hw/char/pl011.h
148
F: hw/display/pl110*
149
F: hw/dma/pl080.c
150
+F: include/hw/dma/pl080.h
151
F: hw/dma/pl330.c
152
F: hw/gpio/pl061.c
153
F: hw/input/pl050.c
154
--
155
2.18.0
156
157
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 21/25] hw/dma/pl080: Support all three interrupt lines
1
The PL080 and PL081 have three outgoing interrupt lines:
2
* DMACINTERR signals DMA errors
3
* DMACINTTC is the DMA count interrupt
4
* DMACINTR is a combined interrupt, the logical OR of the other two
1
5
6
We currently only implement DMACINTR, because that's all the
7
realview and versatile boards needed, but the instances of the
8
PL081 in the MPS2 firmware images use all three interrupt lines.
9
Implement the missing DMACINTERR and DMACINTTC.
10
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
13
---
14
include/hw/dma/pl080.h | 6 +++++-
15
hw/dma/pl080.c | 13 ++++++++-----
16
2 files changed, 13 insertions(+), 6 deletions(-)
17
18
diff --git a/include/hw/dma/pl080.h b/include/hw/dma/pl080.h
19
index XXXXXXX..XXXXXXX 100644
20
--- a/include/hw/dma/pl080.h
21
+++ b/include/hw/dma/pl080.h
22
@@ -XXX,XX +XXX,XX @@
23
* http://infocenter.arm.com/help/topic/com.arm.doc.ddi0218e/DDI0218.pdf
24
*
25
* QEMU interface:
26
- * + sysbus IRQ: DMACINTR combined interrupt line
27
+ * + sysbus IRQ 0: DMACINTR combined interrupt line
28
+ * + sysbus IRQ 1: DMACINTERR error interrupt request
29
+ * + sysbus IRQ 2: DMACINTTC count interrupt request
30
* + sysbus MMIO region 0: MemoryRegion for the device's registers
31
*/
32
33
@@ -XXX,XX +XXX,XX @@ typedef struct PL080State {
34
/* Flag to avoid recursive DMA invocations. */
35
int running;
36
qemu_irq irq;
37
+ qemu_irq interr;
38
+ qemu_irq inttc;
39
} PL080State;
40
41
#endif
42
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
43
index XXXXXXX..XXXXXXX 100644
44
--- a/hw/dma/pl080.c
45
+++ b/hw/dma/pl080.c
46
@@ -XXX,XX +XXX,XX @@ static const unsigned char pl081_id[] =
47
48
static void pl080_update(PL080State *s)
49
{
50
- if ((s->tc_int & s->tc_mask)
51
- || (s->err_int & s->err_mask))
52
- qemu_irq_raise(s->irq);
53
- else
54
- qemu_irq_lower(s->irq);
55
+ bool tclevel = (s->tc_int & s->tc_mask);
56
+ bool errlevel = (s->err_int & s->err_mask);
57
+
58
+ qemu_set_irq(s->interr, errlevel);
59
+ qemu_set_irq(s->inttc, tclevel);
60
+ qemu_set_irq(s->irq, errlevel || tclevel);
61
}
62
63
static void pl080_run(PL080State *s)
64
@@ -XXX,XX +XXX,XX @@ static void pl080_init(Object *obj)
65
memory_region_init_io(&s->iomem, OBJECT(s), &pl080_ops, s, "pl080", 0x1000);
66
sysbus_init_mmio(sbd, &s->iomem);
67
sysbus_init_irq(sbd, &s->irq);
68
+ sysbus_init_irq(sbd, &s->interr);
69
+ sysbus_init_irq(sbd, &s->inttc);
70
s->nchannels = 8;
71
}
72
73
--
74
2.18.0
75
76
diff view generated by jsdifflib
[Qemu-devel] [PULL 3/4] ARM: KVM: Enable in-kernel timers with user space gic
[Qemu-devel] [PULL 22/25] hw/dma/pl080: Don't use CPU address space for DMA accesses
1
From: Alexander Graf <agraf@suse.de>
1
Currently our PL080/PL081 model uses a combination of the CPU's
2
address space (via cpu_physical_memory_{read,write}()) and the
3
system address space for performing DMA accesses.
2
4
3
When running with KVM enabled, you can choose between emulating the
5
For the PL081s in the MPS FPGA images, their DMA accesses
4
gic in kernel or user space. If the kernel supports in-kernel virtualization
6
must go via Master Security Controllers. Switch the
5
of the interrupt controller, it will default to that. If not, if will
7
PL080/PL081 model to take a MemoryRegion property which
6
default to user space emulation.
8
defines its downstream for making DMA accesses.
7
9
8
Unfortunately when running in user mode gic emulation, we miss out on
10
Since the PL08x are only used in two board models, we
9
interrupt events which are only available from kernel space, such as the timer.
11
make provision of the 'downstream' link mandatory and convert
10
This patch leverages the new kernel/user space pending line synchronization for
12
both users at once, rather than having it be optional with
11
timer events. It does not handle PMU events yet.
13
a default to the system address space.
12
14
13
Signed-off-by: Alexander Graf <agraf@suse.de>
14
Reviewed-by: Andrew Jones <drjones@redhat.com>
15
Message-id: 1498577737-130264-1-git-send-email-agraf@suse.de
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
17
---
17
---
18
include/sysemu/kvm.h | 11 +++++++++++
18
include/hw/dma/pl080.h | 5 +++++
19
target/arm/cpu.h | 3 +++
19
hw/arm/realview.c | 8 +++++++-
20
accel/kvm/kvm-all.c | 5 +++++
20
hw/arm/versatilepb.c | 9 ++++++++-
21
accel/stubs/kvm-stub.c | 5 +++++
21
hw/dma/pl080.c | 35 +++++++++++++++++++++++++++++------
22
hw/intc/arm_gic.c | 7 +++++++
22
4 files changed, 49 insertions(+), 8 deletions(-)
23
target/arm/kvm.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++
24
6 files changed, 82 insertions(+)
25
23
26
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
24
diff --git a/include/hw/dma/pl080.h b/include/hw/dma/pl080.h
27
index XXXXXXX..XXXXXXX 100644
25
index XXXXXXX..XXXXXXX 100644
28
--- a/include/sysemu/kvm.h
26
--- a/include/hw/dma/pl080.h
29
+++ b/include/sysemu/kvm.h
27
+++ b/include/hw/dma/pl080.h
30
@@ -XXX,XX +XXX,XX @@ int kvm_init_vcpu(CPUState *cpu);
28
@@ -XXX,XX +XXX,XX @@
31
int kvm_cpu_exec(CPUState *cpu);
29
* + sysbus IRQ 1: DMACINTERR error interrupt request
32
int kvm_destroy_vcpu(CPUState *cpu);
30
* + sysbus IRQ 2: DMACINTTC count interrupt request
33
31
* + sysbus MMIO region 0: MemoryRegion for the device's registers
34
+/**
32
+ * + QOM property "downstream": MemoryRegion defining where DMA
35
+ * kvm_arm_supports_user_irq
33
+ * bus master transactions are made
36
+ *
34
*/
37
+ * Not all KVM implementations support notifications for kernel generated
35
38
+ * interrupt events to user space. This function indicates whether the current
36
#ifndef HW_DMA_PL080_H
39
+ * KVM implementation does support them.
37
@@ -XXX,XX +XXX,XX @@ typedef struct PL080State {
40
+ *
38
qemu_irq irq;
41
+ * Returns: true if KVM supports using kernel generated IRQs from user space
39
qemu_irq interr;
42
+ */
40
qemu_irq inttc;
43
+bool kvm_arm_supports_user_irq(void);
44
+
41
+
45
#ifdef NEED_CPU_H
42
+ MemoryRegion *downstream;
46
#include "cpu.h"
43
+ AddressSpace downstream_as;
47
44
} PL080State;
48
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
45
46
#endif
47
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
49
index XXXXXXX..XXXXXXX 100644
48
index XXXXXXX..XXXXXXX 100644
50
--- a/target/arm/cpu.h
49
--- a/hw/arm/realview.c
51
+++ b/target/arm/cpu.h
50
+++ b/hw/arm/realview.c
52
@@ -XXX,XX +XXX,XX @@ struct ARMCPU {
51
@@ -XXX,XX +XXX,XX @@ static void realview_init(MachineState *machine,
53
void *el_change_hook_opaque;
52
pl011_create(0x1000c000, pic[15], serial_hd(3));
54
53
55
int32_t node_id; /* NUMA node this CPU belongs to */
54
/* DMA controller is optional, apparently. */
55
- sysbus_create_simple("pl081", 0x10030000, pic[24]);
56
+ dev = qdev_create(NULL, "pl081");
57
+ object_property_set_link(OBJECT(dev), OBJECT(sysmem), "downstream",
58
+ &error_fatal);
59
+ qdev_init_nofail(dev);
60
+ busdev = SYS_BUS_DEVICE(dev);
61
+ sysbus_mmio_map(busdev, 0, 0x10030000);
62
+ sysbus_connect_irq(busdev, 0, pic[24]);
63
64
sysbus_create_simple("sp804", 0x10011000, pic[4]);
65
sysbus_create_simple("sp804", 0x10012000, pic[5]);
66
diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
67
index XXXXXXX..XXXXXXX 100644
68
--- a/hw/arm/versatilepb.c
69
+++ b/hw/arm/versatilepb.c
70
@@ -XXX,XX +XXX,XX @@ static void versatile_init(MachineState *machine, int board_id)
71
pl011_create(0x101f3000, pic[14], serial_hd(2));
72
pl011_create(0x10009000, sic[6], serial_hd(3));
73
74
- sysbus_create_simple("pl080", 0x10130000, pic[17]);
75
+ dev = qdev_create(NULL, "pl080");
76
+ object_property_set_link(OBJECT(dev), OBJECT(sysmem), "downstream",
77
+ &error_fatal);
78
+ qdev_init_nofail(dev);
79
+ busdev = SYS_BUS_DEVICE(dev);
80
+ sysbus_mmio_map(busdev, 0, 0x10130000);
81
+ sysbus_connect_irq(busdev, 0, pic[17]);
56
+
82
+
57
+ /* Used to synchronize KVM and QEMU in-kernel device levels */
83
sysbus_create_simple("sp804", 0x101e2000, pic[4]);
58
+ uint8_t device_irq_level;
84
sysbus_create_simple("sp804", 0x101e3000, pic[5]);
59
};
85
60
86
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
61
static inline ARMCPU *arm_env_get_cpu(CPUARMState *env)
62
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
63
index XXXXXXX..XXXXXXX 100644
87
index XXXXXXX..XXXXXXX 100644
64
--- a/accel/kvm/kvm-all.c
88
--- a/hw/dma/pl080.c
65
+++ b/accel/kvm/kvm-all.c
89
+++ b/hw/dma/pl080.c
66
@@ -XXX,XX +XXX,XX @@ int kvm_has_intx_set_mask(void)
90
@@ -XXX,XX +XXX,XX @@
67
return kvm_state->intx_set_mask;
91
#include "exec/address-spaces.h"
92
#include "qemu/log.h"
93
#include "hw/dma/pl080.h"
94
+#include "qapi/error.h"
95
96
#define PL080_CONF_E 0x1
97
#define PL080_CONF_M1 0x2
98
@@ -XXX,XX +XXX,XX @@ again:
99
swidth = 1 << ((ch->ctrl >> 18) & 7);
100
dwidth = 1 << ((ch->ctrl >> 21) & 7);
101
for (n = 0; n < dwidth; n+= swidth) {
102
- cpu_physical_memory_read(ch->src, buff + n, swidth);
103
+ address_space_read(&s->downstream_as, ch->src,
104
+ MEMTXATTRS_UNSPECIFIED, buff + n, swidth);
105
if (ch->ctrl & PL080_CCTRL_SI)
106
ch->src += swidth;
107
}
108
xsize = (dwidth < swidth) ? swidth : dwidth;
109
/* ??? This may pad the value incorrectly for dwidth < 32. */
110
for (n = 0; n < xsize; n += dwidth) {
111
- cpu_physical_memory_write(ch->dest + n, buff + n, dwidth);
112
+ address_space_write(&s->downstream_as, ch->dest + n,
113
+ MEMTXATTRS_UNSPECIFIED, buff + n, dwidth);
114
if (ch->ctrl & PL080_CCTRL_DI)
115
ch->dest += swidth;
116
}
117
@@ -XXX,XX +XXX,XX @@ again:
118
if (size == 0) {
119
/* Transfer complete. */
120
if (ch->lli) {
121
- ch->src = address_space_ldl_le(&address_space_memory,
122
+ ch->src = address_space_ldl_le(&s->downstream_as,
123
ch->lli,
124
MEMTXATTRS_UNSPECIFIED,
125
NULL);
126
- ch->dest = address_space_ldl_le(&address_space_memory,
127
+ ch->dest = address_space_ldl_le(&s->downstream_as,
128
ch->lli + 4,
129
MEMTXATTRS_UNSPECIFIED,
130
NULL);
131
- ch->ctrl = address_space_ldl_le(&address_space_memory,
132
+ ch->ctrl = address_space_ldl_le(&s->downstream_as,
133
ch->lli + 12,
134
MEMTXATTRS_UNSPECIFIED,
135
NULL);
136
- ch->lli = address_space_ldl_le(&address_space_memory,
137
+ ch->lli = address_space_ldl_le(&s->downstream_as,
138
ch->lli + 8,
139
MEMTXATTRS_UNSPECIFIED,
140
NULL);
141
@@ -XXX,XX +XXX,XX @@ static void pl080_init(Object *obj)
142
s->nchannels = 8;
68
}
143
}
69
144
70
+bool kvm_arm_supports_user_irq(void)
145
+static void pl080_realize(DeviceState *dev, Error **errp)
71
+{
146
+{
72
+ return kvm_check_extension(kvm_state, KVM_CAP_ARM_USER_IRQ);
147
+ PL080State *s = PL080(dev);
73
+}
74
+
148
+
75
#ifdef KVM_CAP_SET_GUEST_DEBUG
149
+ if (!s->downstream) {
76
struct kvm_sw_breakpoint *kvm_find_sw_breakpoint(CPUState *cpu,
150
+ error_setg(errp, "PL080 'downstream' link not set");
77
target_ulong pc)
78
diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c
79
index XXXXXXX..XXXXXXX 100644
80
--- a/accel/stubs/kvm-stub.c
81
+++ b/accel/stubs/kvm-stub.c
82
@@ -XXX,XX +XXX,XX @@ void kvm_init_cpu_signals(CPUState *cpu)
83
{
84
abort();
85
}
86
+
87
+bool kvm_arm_supports_user_irq(void)
88
+{
89
+ return false;
90
+}
91
#endif
92
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
93
index XXXXXXX..XXXXXXX 100644
94
--- a/hw/intc/arm_gic.c
95
+++ b/hw/intc/arm_gic.c
96
@@ -XXX,XX +XXX,XX @@
97
#include "qom/cpu.h"
98
#include "qemu/log.h"
99
#include "trace.h"
100
+#include "sysemu/kvm.h"
101
102
/* #define DEBUG_GIC */
103
104
@@ -XXX,XX +XXX,XX @@ static void arm_gic_realize(DeviceState *dev, Error **errp)
105
return;
106
}
107
108
+ if (kvm_enabled() && !kvm_arm_supports_user_irq()) {
109
+ error_setg(errp, "KVM with user space irqchip only works when the "
110
+ "host kernel supports KVM_CAP_ARM_USER_IRQ");
111
+ return;
151
+ return;
112
+ }
152
+ }
113
+
153
+
114
/* This creates distributor and main CPU interface (s->cpuiomem[0]) */
154
+ address_space_init(&s->downstream_as, s->downstream, "pl080-downstream");
115
gic_init_irqs_and_mmio(s, gic_set_irq, gic_ops);
155
+}
116
117
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
118
index XXXXXXX..XXXXXXX 100644
119
--- a/target/arm/kvm.c
120
+++ b/target/arm/kvm.c
121
@@ -XXX,XX +XXX,XX @@ int kvm_arch_init(MachineState *ms, KVMState *s)
122
*/
123
kvm_async_interrupts_allowed = true;
124
125
+ /*
126
+ * PSCI wakes up secondary cores, so we always need to
127
+ * have vCPUs waiting in kernel space
128
+ */
129
+ kvm_halt_in_kernel_allowed = true;
130
+
156
+
131
cap_has_mp_state = kvm_check_extension(s, KVM_CAP_MP_STATE);
157
static void pl081_init(Object *obj)
132
133
type_register_static(&host_arm_cpu_type_info);
134
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
135
136
MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
137
{
158
{
138
+ ARMCPU *cpu;
159
PL080State *s = PL080(obj);
139
+ uint32_t switched_level;
160
@@ -XXX,XX +XXX,XX @@ static void pl081_init(Object *obj)
161
s->nchannels = 2;
162
}
163
164
+static Property pl080_properties[] = {
165
+ DEFINE_PROP_LINK("downstream", PL080State, downstream,
166
+ TYPE_MEMORY_REGION, MemoryRegion *),
167
+ DEFINE_PROP_END_OF_LIST(),
168
+};
140
+
169
+
141
+ if (kvm_irqchip_in_kernel()) {
170
static void pl080_class_init(ObjectClass *oc, void *data)
142
+ /*
171
{
143
+ * We only need to sync timer states with user-space interrupt
172
DeviceClass *dc = DEVICE_CLASS(oc);
144
+ * controllers, so return early and save cycles if we don't.
173
145
+ */
174
dc->vmsd = &vmstate_pl080;
146
+ return MEMTXATTRS_UNSPECIFIED;
175
+ dc->realize = pl080_realize;
147
+ }
176
+ dc->props = pl080_properties;
148
+
149
+ cpu = ARM_CPU(cs);
150
+
151
+ /* Synchronize our shadowed in-kernel device irq lines with the kvm ones */
152
+ if (run->s.regs.device_irq_level != cpu->device_irq_level) {
153
+ switched_level = cpu->device_irq_level ^ run->s.regs.device_irq_level;
154
+
155
+ qemu_mutex_lock_iothread();
156
+
157
+ if (switched_level & KVM_ARM_DEV_EL1_VTIMER) {
158
+ qemu_set_irq(cpu->gt_timer_outputs[GTIMER_VIRT],
159
+ !!(run->s.regs.device_irq_level &
160
+ KVM_ARM_DEV_EL1_VTIMER));
161
+ switched_level &= ~KVM_ARM_DEV_EL1_VTIMER;
162
+ }
163
+
164
+ if (switched_level & KVM_ARM_DEV_EL1_PTIMER) {
165
+ qemu_set_irq(cpu->gt_timer_outputs[GTIMER_PHYS],
166
+ !!(run->s.regs.device_irq_level &
167
+ KVM_ARM_DEV_EL1_PTIMER));
168
+ switched_level &= ~KVM_ARM_DEV_EL1_PTIMER;
169
+ }
170
+
171
+ /* XXX PMU IRQ is missing */
172
+
173
+ if (switched_level) {
174
+ qemu_log_mask(LOG_UNIMP, "%s: unhandled in-kernel device IRQ %x\n",
175
+ __func__, switched_level);
176
+ }
177
+
178
+ /* We also mark unknown levels as processed to not waste cycles */
179
+ cpu->device_irq_level = run->s.regs.device_irq_level;
180
+ qemu_mutex_unlock_iothread();
181
+ }
182
+
183
return MEMTXATTRS_UNSPECIFIED;
184
}
177
}
185
178
179
static const TypeInfo pl080_info = {
186
--
180
--
187
2.7.4
181
2.18.0
188
182
189
183
diff view generated by jsdifflib
[Qemu-devel] [PULL 2/4] aspeed: Register all watchdogs
[Qemu-devel] [PULL 23/25] hw/dma/pl080: Provide device reset function
1
From: Joel Stanley <joel@jms.id.au>
1
The PL080/PL081 model is missing a reset function; implement it.
2
2
3
The ast2400 contains two and the ast2500 contains three watchdogs.
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Add this information to the AspeedSoCInfo and realise the correct number
4
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
5
of watchdogs for that each SoC type.
5
---
6
hw/dma/pl080.c | 25 +++++++++++++++++++++++++
7
1 file changed, 25 insertions(+)
6
8
7
Signed-off-by: Joel Stanley <joel@jms.id.au>
9
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
8
Reviewed-by: Cédric Le Goater <clg@kaod.org>
9
Tested-by: Cédric Le Goater <clg@kaod.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
include/hw/arm/aspeed_soc.h | 4 +++-
13
hw/arm/aspeed_soc.c | 25 +++++++++++++++++--------
14
2 files changed, 20 insertions(+), 9 deletions(-)
15
16
diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
17
index XXXXXXX..XXXXXXX 100644
10
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/arm/aspeed_soc.h
11
--- a/hw/dma/pl080.c
19
+++ b/include/hw/arm/aspeed_soc.h
12
+++ b/hw/dma/pl080.c
20
@@ -XXX,XX +XXX,XX @@
13
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps pl080_ops = {
21
#include "hw/net/ftgmac100.h"
14
.endianness = DEVICE_NATIVE_ENDIAN,
22
23
#define ASPEED_SPIS_NUM 2
24
+#define ASPEED_WDTS_NUM 3
25
26
typedef struct AspeedSoCState {
27
/*< private >*/
28
@@ -XXX,XX +XXX,XX @@ typedef struct AspeedSoCState {
29
AspeedSMCState fmc;
30
AspeedSMCState spi[ASPEED_SPIS_NUM];
31
AspeedSDMCState sdmc;
32
- AspeedWDTState wdt;
33
+ AspeedWDTState wdt[ASPEED_WDTS_NUM];
34
FTGMAC100State ftgmac100;
35
} AspeedSoCState;
36
37
@@ -XXX,XX +XXX,XX @@ typedef struct AspeedSoCInfo {
38
const hwaddr *spi_bases;
39
const char *fmc_typename;
40
const char **spi_typename;
41
+ int wdts_num;
42
} AspeedSoCInfo;
43
44
typedef struct AspeedSoCClass {
45
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
46
index XXXXXXX..XXXXXXX 100644
47
--- a/hw/arm/aspeed_soc.c
48
+++ b/hw/arm/aspeed_soc.c
49
@@ -XXX,XX +XXX,XX @@ static const AspeedSoCInfo aspeed_socs[] = {
50
.spi_bases = aspeed_soc_ast2400_spi_bases,
51
.fmc_typename = "aspeed.smc.fmc",
52
.spi_typename = aspeed_soc_ast2400_typenames,
53
+ .wdts_num = 2,
54
}, {
55
.name = "ast2400-a1",
56
.cpu_model = "arm926",
57
@@ -XXX,XX +XXX,XX @@ static const AspeedSoCInfo aspeed_socs[] = {
58
.spi_bases = aspeed_soc_ast2400_spi_bases,
59
.fmc_typename = "aspeed.smc.fmc",
60
.spi_typename = aspeed_soc_ast2400_typenames,
61
+ .wdts_num = 2,
62
}, {
63
.name = "ast2400",
64
.cpu_model = "arm926",
65
@@ -XXX,XX +XXX,XX @@ static const AspeedSoCInfo aspeed_socs[] = {
66
.spi_bases = aspeed_soc_ast2400_spi_bases,
67
.fmc_typename = "aspeed.smc.fmc",
68
.spi_typename = aspeed_soc_ast2400_typenames,
69
+ .wdts_num = 2,
70
}, {
71
.name = "ast2500-a1",
72
.cpu_model = "arm1176",
73
@@ -XXX,XX +XXX,XX @@ static const AspeedSoCInfo aspeed_socs[] = {
74
.spi_bases = aspeed_soc_ast2500_spi_bases,
75
.fmc_typename = "aspeed.smc.ast2500-fmc",
76
.spi_typename = aspeed_soc_ast2500_typenames,
77
+ .wdts_num = 3,
78
},
79
};
15
};
80
16
81
@@ -XXX,XX +XXX,XX @@ static void aspeed_soc_init(Object *obj)
17
+static void pl080_reset(DeviceState *dev)
82
object_property_add_alias(obj, "ram-size", OBJECT(&s->sdmc),
18
+{
83
"ram-size", &error_abort);
19
+ PL080State *s = PL080(dev);
84
20
+ int i;
85
- object_initialize(&s->wdt, sizeof(s->wdt), TYPE_ASPEED_WDT);
21
+
86
- object_property_add_child(obj, "wdt", OBJECT(&s->wdt), NULL);
22
+ s->tc_int = 0;
87
- qdev_set_parent_bus(DEVICE(&s->wdt), sysbus_get_default());
23
+ s->tc_mask = 0;
88
+ for (i = 0; i < sc->info->wdts_num; i++) {
24
+ s->err_int = 0;
89
+ object_initialize(&s->wdt[i], sizeof(s->wdt[i]), TYPE_ASPEED_WDT);
25
+ s->err_mask = 0;
90
+ object_property_add_child(obj, "wdt[*]", OBJECT(&s->wdt[i]), NULL);
26
+ s->conf = 0;
91
+ qdev_set_parent_bus(DEVICE(&s->wdt[i]), sysbus_get_default());
27
+ s->sync = 0;
28
+ s->req_single = 0;
29
+ s->req_burst = 0;
30
+ s->running = 0;
31
+
32
+ for (i = 0; i < s->nchannels; i++) {
33
+ s->chan[i].src = 0;
34
+ s->chan[i].dest = 0;
35
+ s->chan[i].lli = 0;
36
+ s->chan[i].ctrl = 0;
37
+ s->chan[i].conf = 0;
92
+ }
38
+ }
93
39
+}
94
object_initialize(&s->ftgmac100, sizeof(s->ftgmac100), TYPE_FTGMAC100);
40
+
95
object_property_add_child(obj, "ftgmac100", OBJECT(&s->ftgmac100), NULL);
41
static void pl080_init(Object *obj)
96
@@ -XXX,XX +XXX,XX @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)
42
{
97
sysbus_mmio_map(SYS_BUS_DEVICE(&s->sdmc), 0, ASPEED_SOC_SDMC_BASE);
43
SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
98
44
@@ -XXX,XX +XXX,XX @@ static void pl080_class_init(ObjectClass *oc, void *data)
99
/* Watch dog */
45
dc->vmsd = &vmstate_pl080;
100
- object_property_set_bool(OBJECT(&s->wdt), true, "realized", &err);
46
dc->realize = pl080_realize;
101
- if (err) {
47
dc->props = pl080_properties;
102
- error_propagate(errp, err);
48
+ dc->reset = pl080_reset;
103
- return;
49
}
104
+ for (i = 0; i < sc->info->wdts_num; i++) {
50
105
+ object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized", &err);
51
static const TypeInfo pl080_info = {
106
+ if (err) {
107
+ error_propagate(errp, err);
108
+ return;
109
+ }
110
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt[i]), 0,
111
+ ASPEED_SOC_WDT_BASE + i * 0x20);
112
}
113
- sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt), 0, ASPEED_SOC_WDT_BASE);
114
115
/* Net */
116
qdev_set_nic_properties(DEVICE(&s->ftgmac100), &nd_table[0]);
117
--
52
--
118
2.7.4
53
2.18.0
119
54
120
55
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 24/25] hw/dma/pl080: Correct bug in register address decode logic
1
A bug in the handling of the register address decode logic
2
for the PL08x meant that we were incorrectly treating
3
accesses to the DMA channel registers (DMACCxSrcAddr,
4
DMACCxDestaddr, DMACCxLLI, DMACCxControl, DMACCxConfiguration)
5
as bad offsets. Fix this long-standing bug.
1
6
7
Fixes: https://bugs.launchpad.net/qemu/+bug/1637974
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
---
11
hw/dma/pl080.c | 5 +++--
12
1 file changed, 3 insertions(+), 2 deletions(-)
13
14
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/dma/pl080.c
17
+++ b/hw/dma/pl080.c
18
@@ -XXX,XX +XXX,XX @@ static uint64_t pl080_read(void *opaque, hwaddr offset,
19
i = (offset & 0xe0) >> 5;
20
if (i >= s->nchannels)
21
goto bad_offset;
22
- switch (offset >> 2) {
23
+ switch ((offset >> 2) & 7) {
24
case 0: /* SrcAddr */
25
return s->chan[i].src;
26
case 1: /* DestAddr */
27
@@ -XXX,XX +XXX,XX @@ static void pl080_write(void *opaque, hwaddr offset,
28
i = (offset & 0xe0) >> 5;
29
if (i >= s->nchannels)
30
goto bad_offset;
31
- switch (offset >> 2) {
32
+ switch ((offset >> 2) & 7) {
33
case 0: /* SrcAddr */
34
s->chan[i].src = value;
35
break;
36
@@ -XXX,XX +XXX,XX @@ static void pl080_write(void *opaque, hwaddr offset,
37
pl080_run(s);
38
break;
39
}
40
+ return;
41
}
42
switch (offset >> 2) {
43
case 2: /* IntTCClear */
44
--
45
2.18.0
46
47
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 25/25] hw/dma/pl080: Remove hw_error() if DMA is enabled
1
The PL08x model currently will unconditionally call hw_error()
2
if the DMA engine is enabled by the guest. This has been
3
present since the PL080 model was edded in 2006, and is
4
presumably either unintentional debug code left enabled,
5
or a guard against untested DMA engine code being used.
1
6
7
Remove the hw_error(), since we now have a guest which
8
will actually try to use the DMA engine (the self-test
9
binary for the AN505 MPS2 FPGA image).
10
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
13
---
14
hw/dma/pl080.c | 1 -
15
1 file changed, 1 deletion(-)
16
17
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
18
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/dma/pl080.c
20
+++ b/hw/dma/pl080.c
21
@@ -XXX,XX +XXX,XX @@ static void pl080_run(PL080State *s)
22
if ((s->conf & PL080_CONF_E) == 0)
23
return;
24
25
-hw_error("DMA active\n");
26
/* If we are already in the middle of a DMA operation then indicate that
27
there may be new DMA requests and return immediately. */
28
if (s->running) {
29
--
30
2.18.0
31
32
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.