[Qemu-devel] [PULL 00/20] target-arm queue
[PULL 00/34] target-arm queue
1
Mostly my stuff with a few easy patches from others. I know I have
1
I might squeeze in another pullreq before softfreeze, but the
2
a few big series in my to-review queue, but I've been too jetlagged
2
queue was already big enough that I wanted to send this lot out now.
3
to try to tackle those :-(
4
3
5
thanks
6
-- PMM
4
-- PMM
7
5
8
The following changes since commit a26a98dfb9d448d7234d931ae3720feddf6f0651:
6
The following changes since commit 4abf70a661a5df3886ac9d7c19c3617fa92b922a:
9
7
10
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20171006' into staging (2017-10-06 13:19:03 +0100)
8
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-06-24' into staging (2020-07-03 15:34:45 +0100)
11
9
12
are available in the git repository at:
10
are available in the Git repository at:
13
11
14
git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171006
12
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200703
15
13
16
for you to fetch changes up to 04829ce334bece78d4fa1d0fdbc8bc27dae9b242:
14
for you to fetch changes up to 0f10bf84a9d489259a5b11c6aa1b05c1175b76ea:
17
15
18
nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit (2017-10-06 16:46:49 +0100)
16
Deprecate TileGX port (2020-07-03 16:59:46 +0100)
19
17
20
----------------------------------------------------------------
18
----------------------------------------------------------------
21
target-arm:
19
target-arm queue:
22
* v8M: more preparatory work
20
* i.MX6UL EVK board: put PHYs in the correct places
23
* nvic: reset properly rather than leaving the nvic in a weird state
21
* hw/arm/virt: Let the virtio-iommu bypass MSIs
24
* xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false
22
* target/arm: kvm: Handle DABT with no valid ISS
25
* sd: fix out-of-bounds check for multi block reads
23
* hw/arm/virt-acpi-build: Only expose flash on older machine types
26
* arm: Fix SMC reporting to EL2 when QEMU provides PSCI
24
* target/arm: Fix temp double-free in sve ldr/str
25
* hw/display/bcm2835_fb.c: Initialize all fields of struct
26
* hw/arm/spitz: Code cleanup to fix Coverity-detected memory leak
27
* Deprecate TileGX port
27
28
28
----------------------------------------------------------------
29
----------------------------------------------------------------
29
Jan Kiszka (1):
30
Andrew Jones (4):
30
arm: Fix SMC reporting to EL2 when QEMU provides PSCI
31
tests/acpi: remove stale allowed tables
32
tests/acpi: virt: allow DSDT acpi table changes
33
hw/arm/virt-acpi-build: Only expose flash on older machine types
34
tests/acpi: virt: update golden masters for DSDT
31
35
32
Michael Olbrich (1):
36
Beata Michalska (2):
33
hw/sd: fix out-of-bounds check for multi block reads
37
target/arm: kvm: Handle DABT with no valid ISS
38
target/arm: kvm: Handle misconfigured dabt injection
34
39
35
Peter Maydell (17):
40
Eric Auger (5):
36
nvic: Clear the vector arrays and prigroup on reset
41
qdev: Introduce DEFINE_PROP_RESERVED_REGION
37
target/arm: Don't switch to target stack early in v7M exception return
42
virtio-iommu: Implement RESV_MEM probe request
38
target/arm: Prepare for CONTROL.SPSEL being nonzero in Handler mode
43
virtio-iommu: Handle reserved regions in the translation process
39
target/arm: Restore security state on exception return
44
virtio-iommu-pci: Add array of Interval properties
40
target/arm: Restore SPSEL to correct CONTROL register on exception return
45
hw/arm/virt: Let the virtio-iommu bypass MSIs
41
target/arm: Check for xPSR mismatch usage faults earlier for v8M
42
target/arm: Warn about restoring to unaligned stack
43
target/arm: Don't warn about exception return with PC low bit set for v8M
44
target/arm: Add new-in-v8M SFSR and SFAR
45
target/arm: Update excret sanity checks for v8M
46
target/arm: Add support for restoring v8M additional state context
47
target/arm: Add v8M support to exception entry code
48
nvic: Implement Security Attribution Unit registers
49
target/arm: Implement security attribute lookups for memory accesses
50
target/arm: Fix calculation of secure mm_idx values
51
target/arm: Factor out "get mmuidx for specified security state"
52
nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit
53
46
54
Thomas Huth (1):
47
Jean-Christophe Dubois (3):
55
hw/arm/xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false
48
Add a phy-num property to the i.MX FEC emulator
49
Add the ability to select a different PHY for each i.MX6UL FEC interface
50
Select MDIO device 2 and 1 as PHY devices for i.MX6UL EVK board.
56
51
57
target/arm/cpu.h | 60 ++++-
52
Peter Maydell (19):
58
target/arm/internals.h | 15 ++
53
hw/display/bcm2835_fb.c: Initialize all fields of struct
59
hw/arm/xlnx-zynqmp.c | 2 +
54
hw/arm/spitz: Detabify
60
hw/intc/armv7m_nvic.c | 158 ++++++++++-
55
hw/arm/spitz: Create SpitzMachineClass abstract base class
61
hw/sd/sd.c | 12 +-
56
hw/arm/spitz: Keep pointers to MPU and SSI devices in SpitzMachineState
62
target/arm/cpu.c | 27 ++
57
hw/arm/spitz: Keep pointers to scp0, scp1 in SpitzMachineState
63
target/arm/helper.c | 691 +++++++++++++++++++++++++++++++++++++++++++------
58
hw/arm/spitz: Implement inbound GPIO lines for bit5 and power signals
64
target/arm/machine.c | 16 ++
59
hw/misc/max111x: provide QOM properties for setting initial values
65
target/arm/op_helper.c | 27 +-
60
hw/misc/max111x: Don't use vmstate_register()
66
9 files changed, 898 insertions(+), 110 deletions(-)
61
ssi: Add ssi_realize_and_unref()
62
hw/arm/spitz: Use max111x properties to set initial values
63
hw/misc/max111x: Use GPIO lines rather than max111x_set_input()
64
hw/misc/max111x: Create header file for documentation, TYPE_ macros
65
hw/arm/spitz: Encapsulate misc GPIO handling in a device
66
hw/gpio/zaurus.c: Use LOG_GUEST_ERROR for bad guest register accesses
67
hw/arm/spitz: Use LOG_GUEST_ERROR for bad guest register accesses
68
hw/arm/pxa2xx_pic: Use LOG_GUEST_ERROR for bad guest register accesses
69
hw/arm/spitz: Provide usual QOM macros for corgi-ssp and spitz-lcdtg
70
Replace uses of FROM_SSI_SLAVE() macro with QOM casts
71
Deprecate TileGX port
67
72
73
Richard Henderson (1):
74
target/arm: Fix temp double-free in sve ldr/str
75
76
docs/system/deprecated.rst | 11 +
77
include/exec/memory.h | 6 +
78
include/hw/arm/fsl-imx6ul.h | 2 +
79
include/hw/arm/pxa.h | 1 -
80
include/hw/arm/sharpsl.h | 3 -
81
include/hw/arm/virt.h | 8 +
82
include/hw/misc/max111x.h | 56 +++
83
include/hw/net/imx_fec.h | 1 +
84
include/hw/qdev-properties.h | 3 +
85
include/hw/ssi/ssi.h | 31 +-
86
include/hw/virtio/virtio-iommu.h | 2 +
87
include/qemu/typedefs.h | 1 +
88
target/arm/cpu.h | 2 +
89
target/arm/kvm_arm.h | 10 +
90
target/arm/translate-a64.h | 1 +
91
tests/qtest/bios-tables-test-allowed-diff.h | 18 -
92
hw/arm/fsl-imx6ul.c | 10 +
93
hw/arm/mcimx6ul-evk.c | 2 +
94
hw/arm/pxa2xx_pic.c | 9 +-
95
hw/arm/spitz.c | 507 ++++++++++++++++------------
96
hw/arm/virt-acpi-build.c | 5 +-
97
hw/arm/virt.c | 33 ++
98
hw/arm/z2.c | 11 +-
99
hw/core/qdev-properties.c | 89 +++++
100
hw/display/ads7846.c | 9 +-
101
hw/display/bcm2835_fb.c | 4 +
102
hw/display/ssd0323.c | 10 +-
103
hw/gpio/zaurus.c | 12 +-
104
hw/misc/max111x.c | 86 +++--
105
hw/net/imx_fec.c | 24 +-
106
hw/sd/ssi-sd.c | 4 +-
107
hw/ssi/ssi.c | 7 +-
108
hw/virtio/virtio-iommu-pci.c | 11 +
109
hw/virtio/virtio-iommu.c | 114 ++++++-
110
target/arm/kvm.c | 80 +++++
111
target/arm/kvm32.c | 34 ++
112
target/arm/kvm64.c | 49 +++
113
target/arm/translate-a64.c | 6 +
114
target/arm/translate-sve.c | 8 +-
115
MAINTAINERS | 1 +
116
hw/net/trace-events | 4 +-
117
hw/virtio/trace-events | 1 +
118
tests/data/acpi/virt/DSDT | Bin 5307 -> 5205 bytes
119
tests/data/acpi/virt/DSDT.memhp | Bin 6668 -> 6566 bytes
120
tests/data/acpi/virt/DSDT.numamem | Bin 5307 -> 5205 bytes
121
45 files changed, 974 insertions(+), 312 deletions(-)
122
create mode 100644 include/hw/misc/max111x.h
123
diff view generated by jsdifflib
New patch
[PULL 01/34] Add a phy-num property to the i.MX FEC emulator
1
From: Jean-Christophe Dubois <jcd@tribudubois.net>
1
2
3
We need a solution to use an Ethernet PHY that is not the first device
4
on the MDIO bus (device 0 on MDIO bus).
5
6
As an example with the i.MX6UL the NXP SOC has 2 Ethernet devices but
7
only one MDIO bus on which the 2 related PHY are connected but at unique
8
addresses.
9
10
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
11
Message-id: a1a5c0e139d1c763194b8020573dcb6025daeefa.1593296112.git.jcd@tribudubois.net
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
15
include/hw/net/imx_fec.h | 1 +
16
hw/net/imx_fec.c | 24 +++++++++++++++++-------
17
hw/net/trace-events | 4 ++--
18
3 files changed, 20 insertions(+), 9 deletions(-)
19
20
diff --git a/include/hw/net/imx_fec.h b/include/hw/net/imx_fec.h
21
index XXXXXXX..XXXXXXX 100644
22
--- a/include/hw/net/imx_fec.h
23
+++ b/include/hw/net/imx_fec.h
24
@@ -XXX,XX +XXX,XX @@ typedef struct IMXFECState {
25
uint32_t phy_advertise;
26
uint32_t phy_int;
27
uint32_t phy_int_mask;
28
+ uint32_t phy_num;
29
30
bool is_fec;
31
32
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
33
index XXXXXXX..XXXXXXX 100644
34
--- a/hw/net/imx_fec.c
35
+++ b/hw/net/imx_fec.c
36
@@ -XXX,XX +XXX,XX @@ static void imx_phy_reset(IMXFECState *s)
37
static uint32_t imx_phy_read(IMXFECState *s, int reg)
38
{
39
uint32_t val;
40
+ uint32_t phy = reg / 32;
41
42
- if (reg > 31) {
43
- /* we only advertise one phy */
44
+ if (phy != s->phy_num) {
45
+ qemu_log_mask(LOG_GUEST_ERROR, "[%s.phy]%s: Bad phy num %u\n",
46
+ TYPE_IMX_FEC, __func__, phy);
47
return 0;
48
}
49
50
+ reg %= 32;
51
+
52
switch (reg) {
53
case 0: /* Basic Control */
54
val = s->phy_control;
55
@@ -XXX,XX +XXX,XX @@ static uint32_t imx_phy_read(IMXFECState *s, int reg)
56
break;
57
}
58
59
- trace_imx_phy_read(val, reg);
60
+ trace_imx_phy_read(val, phy, reg);
61
62
return val;
63
}
64
65
static void imx_phy_write(IMXFECState *s, int reg, uint32_t val)
66
{
67
- trace_imx_phy_write(val, reg);
68
+ uint32_t phy = reg / 32;
69
70
- if (reg > 31) {
71
- /* we only advertise one phy */
72
+ if (phy != s->phy_num) {
73
+ qemu_log_mask(LOG_GUEST_ERROR, "[%s.phy]%s: Bad phy num %u\n",
74
+ TYPE_IMX_FEC, __func__, phy);
75
return;
76
}
77
78
+ reg %= 32;
79
+
80
+ trace_imx_phy_write(val, phy, reg);
81
+
82
switch (reg) {
83
case 0: /* Basic Control */
84
if (val & 0x8000) {
85
@@ -XXX,XX +XXX,XX @@ static void imx_eth_write(void *opaque, hwaddr offset, uint64_t value,
86
extract32(value,
87
18, 10)));
88
} else {
89
- /* This a write operation */
90
+ /* This is a write operation */
91
imx_phy_write(s, extract32(value, 18, 10), extract32(value, 0, 16));
92
}
93
/* raise the interrupt as the PHY operation is done */
94
@@ -XXX,XX +XXX,XX @@ static void imx_eth_realize(DeviceState *dev, Error **errp)
95
static Property imx_eth_properties[] = {
96
DEFINE_NIC_PROPERTIES(IMXFECState, conf),
97
DEFINE_PROP_UINT32("tx-ring-num", IMXFECState, tx_ring_num, 1),
98
+ DEFINE_PROP_UINT32("phy-num", IMXFECState, phy_num, 0),
99
DEFINE_PROP_END_OF_LIST(),
100
};
101
102
diff --git a/hw/net/trace-events b/hw/net/trace-events
103
index XXXXXXX..XXXXXXX 100644
104
--- a/hw/net/trace-events
105
+++ b/hw/net/trace-events
106
@@ -XXX,XX +XXX,XX @@ i82596_set_multicast(uint16_t count) "Added %d multicast entries"
107
i82596_channel_attention(void *s) "%p: Received CHANNEL ATTENTION"
108
109
# imx_fec.c
110
-imx_phy_read(uint32_t val, int reg) "0x%04"PRIx32" <= reg[%d]"
111
-imx_phy_write(uint32_t val, int reg) "0x%04"PRIx32" => reg[%d]"
112
+imx_phy_read(uint32_t val, int phy, int reg) "0x%04"PRIx32" <= phy[%d].reg[%d]"
113
+imx_phy_write(uint32_t val, int phy, int reg) "0x%04"PRIx32" => phy[%d].reg[%d]"
114
imx_phy_update_link(const char *s) "%s"
115
imx_phy_reset(void) ""
116
imx_fec_read_bd(uint64_t addr, int flags, int len, int data) "tx_bd 0x%"PRIx64" flags 0x%04x len %d data 0x%08x"
117
--
118
2.20.1
119
120
diff view generated by jsdifflib
New patch
[PULL 02/34] Add the ability to select a different PHY for each i.MX6UL FEC interface
1
From: Jean-Christophe Dubois <jcd@tribudubois.net>
1
2
3
Add properties to the i.MX6UL processor to be able to select a
4
particular PHY on the MDIO bus for each FEC device.
5
6
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
7
Message-id: ea1d604198b6b73ea6521676e45bacfc597aba53.1593296112.git.jcd@tribudubois.net
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
include/hw/arm/fsl-imx6ul.h | 2 ++
12
hw/arm/fsl-imx6ul.c | 10 ++++++++++
13
2 files changed, 12 insertions(+)
14
15
diff --git a/include/hw/arm/fsl-imx6ul.h b/include/hw/arm/fsl-imx6ul.h
16
index XXXXXXX..XXXXXXX 100644
17
--- a/include/hw/arm/fsl-imx6ul.h
18
+++ b/include/hw/arm/fsl-imx6ul.h
19
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX6ULState {
20
MemoryRegion caam;
21
MemoryRegion ocram;
22
MemoryRegion ocram_alias;
23
+
24
+ uint32_t phy_num[FSL_IMX6UL_NUM_ETHS];
25
} FslIMX6ULState;
26
27
enum FslIMX6ULMemoryMap {
28
diff --git a/hw/arm/fsl-imx6ul.c b/hw/arm/fsl-imx6ul.c
29
index XXXXXXX..XXXXXXX 100644
30
--- a/hw/arm/fsl-imx6ul.c
31
+++ b/hw/arm/fsl-imx6ul.c
32
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_realize(DeviceState *dev, Error **errp)
33
FSL_IMX6UL_ENET2_TIMER_IRQ,
34
};
35
36
+ object_property_set_uint(OBJECT(&s->eth[i]),
37
+ s->phy_num[i],
38
+ "phy-num", &error_abort);
39
object_property_set_uint(OBJECT(&s->eth[i]),
40
FSL_IMX6UL_ETH_NUM_TX_RINGS,
41
"tx-ring-num", &error_abort);
42
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_realize(DeviceState *dev, Error **errp)
43
FSL_IMX6UL_OCRAM_ALIAS_ADDR, &s->ocram_alias);
44
}
45
46
+static Property fsl_imx6ul_properties[] = {
47
+ DEFINE_PROP_UINT32("fec1-phy-num", FslIMX6ULState, phy_num[0], 0),
48
+ DEFINE_PROP_UINT32("fec2-phy-num", FslIMX6ULState, phy_num[1], 1),
49
+ DEFINE_PROP_END_OF_LIST(),
50
+};
51
+
52
static void fsl_imx6ul_class_init(ObjectClass *oc, void *data)
53
{
54
DeviceClass *dc = DEVICE_CLASS(oc);
55
56
+ device_class_set_props(dc, fsl_imx6ul_properties);
57
dc->realize = fsl_imx6ul_realize;
58
dc->desc = "i.MX6UL SOC";
59
/* Reason: Uses serial_hds and nd_table in realize() directly */
60
--
61
2.20.1
62
63
diff view generated by jsdifflib
New patch
[PULL 03/34] Select MDIO device 2 and 1 as PHY devices for i.MX6UL EVK board.
1
From: Jean-Christophe Dubois <jcd@tribudubois.net>
1
2
3
The i.MX6UL EVK 14x14 board uses:
4
- PHY 2 for FEC 1
5
- PHY 1 for FEC 2
6
7
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
8
Message-id: fb41992126c091a71d76ab3d1898959091f60583.1593296112.git.jcd@tribudubois.net
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
hw/arm/mcimx6ul-evk.c | 2 ++
13
1 file changed, 2 insertions(+)
14
15
diff --git a/hw/arm/mcimx6ul-evk.c b/hw/arm/mcimx6ul-evk.c
16
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/arm/mcimx6ul-evk.c
18
+++ b/hw/arm/mcimx6ul-evk.c
19
@@ -XXX,XX +XXX,XX @@ static void mcimx6ul_evk_init(MachineState *machine)
20
21
s = FSL_IMX6UL(object_new(TYPE_FSL_IMX6UL));
22
object_property_add_child(OBJECT(machine), "soc", OBJECT(s));
23
+ object_property_set_uint(OBJECT(s), 2, "fec1-phy-num", &error_fatal);
24
+ object_property_set_uint(OBJECT(s), 1, "fec2-phy-num", &error_fatal);
25
qdev_realize(DEVICE(s), NULL, &error_fatal);
26
27
memory_region_add_subregion(get_system_memory(), FSL_IMX6UL_MMDC_ADDR,
28
--
29
2.20.1
30
31
diff view generated by jsdifflib
[Qemu-devel] [PULL 17/20] target/arm: Implement security attribute lookups for memory accesses
[PULL 04/34] qdev: Introduce DEFINE_PROP_RESERVED_REGION
1
Implement the security attribute lookups for memory accesses
1
From: Eric Auger <eric.auger@redhat.com>
2
in the get_phys_addr() functions, causing these to generate
3
various kinds of SecureFault for bad accesses.
4
2
5
The major subtlety in this code relates to handling of the
3
Introduce a new property defining a reserved region:
6
case when the security attributes the SAU assigns to the
4
<low address>:<high address>:<type>.
7
address don't match the current security state of the CPU.
8
5
9
In the ARM ARM pseudocode for validating instruction
6
This will be used to encode reserved IOVA regions.
10
accesses, the security attributes of the address determine
11
whether the Secure or NonSecure MPU state is used. At face
12
value, handling this would require us to encode the relevant
13
bits of state into mmu_idx for both S and NS at once, which
14
would result in our needing 16 mmu indexes. Fortunately we
15
don't actually need to do this because a mismatch between
16
address attributes and CPU state means either:
17
* some kind of fault (usually a SecureFault, but in theory
18
perhaps a UserFault for unaligned access to Device memory)
19
* execution of the SG instruction in NS state from a
20
Secure & NonSecure code region
21
7
22
The purpose of SG is simply to flip the CPU into Secure
8
For instance, in virtio-iommu use case, reserved IOVA regions
23
state, so we can handle it by emulating execution of that
9
will be passed by the machine code to the virtio-iommu-pci
24
instruction directly in arm_v7m_cpu_do_interrupt(), which
10
device (an array of those). The type of the reserved region
25
means we can treat all the mismatch cases as "throw an
11
will match the virtio_iommu_probe_resv_mem subtype value:
26
exception" and we don't need to encode the state of the
12
- VIRTIO_IOMMU_RESV_MEM_T_RESERVED (0)
27
other MPU bank into our mmu_idx values.
13
- VIRTIO_IOMMU_RESV_MEM_T_MSI (1)
28
14
29
This commit doesn't include the actual emulation of SG;
15
on PC/Q35 machine, this will be used to inform the
30
it also doesn't include implementation of the IDAU, which
16
virtio-iommu-pci device it should bypass the MSI region.
31
is a per-board way to specify hard-coded memory attributes
17
The reserved region will be: 0xfee00000:0xfeefffff:1.
32
for addresses, which override the CPU-internal SAU if they
33
specify a more secure setting than the SAU is programmed to.
34
18
19
On ARM, we can declare the ITS MSI doorbell as an MSI
20
region to prevent MSIs from being mapped on guest side.
21
22
Signed-off-by: Eric Auger <eric.auger@redhat.com>
23
Reviewed-by: Markus Armbruster <armbru@redhat.com>
24
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
25
Message-id: 20200629070404.10969-2-eric.auger@redhat.com
35
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
26
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
36
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
37
Message-id: 1506092407-26985-15-git-send-email-peter.maydell@linaro.org
38
---
27
---
39
target/arm/internals.h | 15 ++++
28
include/exec/memory.h | 6 +++
40
target/arm/helper.c | 182 ++++++++++++++++++++++++++++++++++++++++++++++++-
29
include/hw/qdev-properties.h | 3 ++
41
2 files changed, 195 insertions(+), 2 deletions(-)
30
include/qemu/typedefs.h | 1 +
31
hw/core/qdev-properties.c | 89 ++++++++++++++++++++++++++++++++++++
32
4 files changed, 99 insertions(+)
42
33
43
diff --git a/target/arm/internals.h b/target/arm/internals.h
34
diff --git a/include/exec/memory.h b/include/exec/memory.h
44
index XXXXXXX..XXXXXXX 100644
35
index XXXXXXX..XXXXXXX 100644
45
--- a/target/arm/internals.h
36
--- a/include/exec/memory.h
46
+++ b/target/arm/internals.h
37
+++ b/include/exec/memory.h
47
@@ -XXX,XX +XXX,XX @@ FIELD(V7M_EXCRET, DCRS, 5, 1)
38
@@ -XXX,XX +XXX,XX @@ extern bool global_dirty_log;
48
FIELD(V7M_EXCRET, S, 6, 1)
39
49
FIELD(V7M_EXCRET, RES1, 7, 25) /* including the must-be-1 prefix */
40
typedef struct MemoryRegionOps MemoryRegionOps;
50
41
51
+/* We use a few fake FSR values for internal purposes in M profile.
42
+struct ReservedRegion {
52
+ * M profile cores don't have A/R format FSRs, but currently our
43
+ hwaddr low;
53
+ * get_phys_addr() code assumes A/R profile and reports failures via
44
+ hwaddr high;
54
+ * an A/R format FSR value. We then translate that into the proper
45
+ unsigned type;
55
+ * M profile exception and FSR status bit in arm_v7m_cpu_do_interrupt().
46
+};
56
+ * Mostly the FSR values we use for this are those defined for v7PMSA,
47
+
57
+ * since we share some of that codepath. A few kinds of fault are
48
typedef struct IOMMUTLBEntry IOMMUTLBEntry;
58
+ * only for M profile and have no A/R equivalent, though, so we have
49
59
+ * to pick a value from the reserved range (which we never otherwise
50
/* See address_space_translate: bit 0 is read, bit 1 is write. */
60
+ * generate) to use for these.
51
diff --git a/include/hw/qdev-properties.h b/include/hw/qdev-properties.h
61
+ * These values will never be visible to the guest.
52
index XXXXXXX..XXXXXXX 100644
53
--- a/include/hw/qdev-properties.h
54
+++ b/include/hw/qdev-properties.h
55
@@ -XXX,XX +XXX,XX @@ extern const PropertyInfo qdev_prop_string;
56
extern const PropertyInfo qdev_prop_chr;
57
extern const PropertyInfo qdev_prop_tpm;
58
extern const PropertyInfo qdev_prop_macaddr;
59
+extern const PropertyInfo qdev_prop_reserved_region;
60
extern const PropertyInfo qdev_prop_on_off_auto;
61
extern const PropertyInfo qdev_prop_multifd_compression;
62
extern const PropertyInfo qdev_prop_losttickpolicy;
63
@@ -XXX,XX +XXX,XX @@ extern const PropertyInfo qdev_prop_pcie_link_width;
64
DEFINE_PROP(_n, _s, _f, qdev_prop_drive_iothread, BlockBackend *)
65
#define DEFINE_PROP_MACADDR(_n, _s, _f) \
66
DEFINE_PROP(_n, _s, _f, qdev_prop_macaddr, MACAddr)
67
+#define DEFINE_PROP_RESERVED_REGION(_n, _s, _f) \
68
+ DEFINE_PROP(_n, _s, _f, qdev_prop_reserved_region, ReservedRegion)
69
#define DEFINE_PROP_ON_OFF_AUTO(_n, _s, _f, _d) \
70
DEFINE_PROP_SIGNED(_n, _s, _f, _d, qdev_prop_on_off_auto, OnOffAuto)
71
#define DEFINE_PROP_MULTIFD_COMPRESSION(_n, _s, _f, _d) \
72
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
73
index XXXXXXX..XXXXXXX 100644
74
--- a/include/qemu/typedefs.h
75
+++ b/include/qemu/typedefs.h
76
@@ -XXX,XX +XXX,XX @@ typedef struct ISABus ISABus;
77
typedef struct ISADevice ISADevice;
78
typedef struct IsaDma IsaDma;
79
typedef struct MACAddr MACAddr;
80
+typedef struct ReservedRegion ReservedRegion;
81
typedef struct MachineClass MachineClass;
82
typedef struct MachineState MachineState;
83
typedef struct MemoryListener MemoryListener;
84
diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
85
index XXXXXXX..XXXXXXX 100644
86
--- a/hw/core/qdev-properties.c
87
+++ b/hw/core/qdev-properties.c
88
@@ -XXX,XX +XXX,XX @@
89
#include "chardev/char.h"
90
#include "qemu/uuid.h"
91
#include "qemu/units.h"
92
+#include "qemu/cutils.h"
93
94
void qdev_prop_set_after_realize(DeviceState *dev, const char *name,
95
Error **errp)
96
@@ -XXX,XX +XXX,XX @@ const PropertyInfo qdev_prop_macaddr = {
97
.set = set_mac,
98
};
99
100
+/* --- Reserved Region --- */
101
+
102
+/*
103
+ * Accepted syntax:
104
+ * <low address>:<high address>:<type>
105
+ * where low/high addresses are uint64_t in hexadecimal
106
+ * and type is a non-negative decimal integer
62
+ */
107
+ */
63
+#define M_FAKE_FSR_NSC_EXEC 0xf /* NS executing in S&NSC memory */
108
+static void get_reserved_region(Object *obj, Visitor *v, const char *name,
64
+#define M_FAKE_FSR_SFAULT 0xe /* SecureFault INVTRAN, INVEP or AUVIOL */
109
+ void *opaque, Error **errp)
110
+{
111
+ DeviceState *dev = DEVICE(obj);
112
+ Property *prop = opaque;
113
+ ReservedRegion *rr = qdev_get_prop_ptr(dev, prop);
114
+ char buffer[64];
115
+ char *p = buffer;
116
+ int rc;
65
+
117
+
66
/*
118
+ rc = snprintf(buffer, sizeof(buffer), "0x%"PRIx64":0x%"PRIx64":%u",
67
* For AArch64, map a given EL to an index in the banked_spsr array.
119
+ rr->low, rr->high, rr->type);
68
* Note that this mapping and the AArch32 mapping defined in bank_number()
120
+ assert(rc < sizeof(buffer));
69
diff --git a/target/arm/helper.c b/target/arm/helper.c
70
index XXXXXXX..XXXXXXX 100644
71
--- a/target/arm/helper.c
72
+++ b/target/arm/helper.c
73
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
74
target_ulong *page_size_ptr, uint32_t *fsr,
75
ARMMMUFaultInfo *fi);
76
77
+/* Security attributes for an address, as returned by v8m_security_lookup. */
78
+typedef struct V8M_SAttributes {
79
+ bool ns;
80
+ bool nsc;
81
+ uint8_t sregion;
82
+ bool srvalid;
83
+ uint8_t iregion;
84
+ bool irvalid;
85
+} V8M_SAttributes;
86
+
121
+
87
/* Definitions for the PMCCNTR and PMCR registers */
122
+ visit_type_str(v, name, &p, errp);
88
#define PMCRD 0x8
89
#define PMCRC 0x4
90
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
91
* raises the fault, in the A profile short-descriptor format.
92
*/
93
switch (env->exception.fsr & 0xf) {
94
+ case M_FAKE_FSR_NSC_EXEC:
95
+ /* Exception generated when we try to execute code at an address
96
+ * which is marked as Secure & Non-Secure Callable and the CPU
97
+ * is in the Non-Secure state. The only instruction which can
98
+ * be executed like this is SG (and that only if both halves of
99
+ * the SG instruction have the same security attributes.)
100
+ * Everything else must generate an INVEP SecureFault, so we
101
+ * emulate the SG instruction here.
102
+ * TODO: actually emulate SG.
103
+ */
104
+ env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK;
105
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
106
+ qemu_log_mask(CPU_LOG_INT,
107
+ "...really SecureFault with SFSR.INVEP\n");
108
+ break;
109
+ case M_FAKE_FSR_SFAULT:
110
+ /* Various flavours of SecureFault for attempts to execute or
111
+ * access data in the wrong security state.
112
+ */
113
+ switch (cs->exception_index) {
114
+ case EXCP_PREFETCH_ABORT:
115
+ if (env->v7m.secure) {
116
+ env->v7m.sfsr |= R_V7M_SFSR_INVTRAN_MASK;
117
+ qemu_log_mask(CPU_LOG_INT,
118
+ "...really SecureFault with SFSR.INVTRAN\n");
119
+ } else {
120
+ env->v7m.sfsr |= R_V7M_SFSR_INVEP_MASK;
121
+ qemu_log_mask(CPU_LOG_INT,
122
+ "...really SecureFault with SFSR.INVEP\n");
123
+ }
124
+ break;
125
+ case EXCP_DATA_ABORT:
126
+ /* This must be an NS access to S memory */
127
+ env->v7m.sfsr |= R_V7M_SFSR_AUVIOL_MASK;
128
+ qemu_log_mask(CPU_LOG_INT,
129
+ "...really SecureFault with SFSR.AUVIOL\n");
130
+ break;
131
+ }
132
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
133
+ break;
134
case 0x8: /* External Abort */
135
switch (cs->exception_index) {
136
case EXCP_PREFETCH_ABORT:
137
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
138
return !(*prot & (1 << access_type));
139
}
140
141
+static bool v8m_is_sau_exempt(CPUARMState *env,
142
+ uint32_t address, MMUAccessType access_type)
143
+{
144
+ /* The architecture specifies that certain address ranges are
145
+ * exempt from v8M SAU/IDAU checks.
146
+ */
147
+ return
148
+ (access_type == MMU_INST_FETCH && m_is_system_region(env, address)) ||
149
+ (address >= 0xe0000000 && address <= 0xe0002fff) ||
150
+ (address >= 0xe000e000 && address <= 0xe000efff) ||
151
+ (address >= 0xe002e000 && address <= 0xe002efff) ||
152
+ (address >= 0xe0040000 && address <= 0xe0041fff) ||
153
+ (address >= 0xe00ff000 && address <= 0xe00fffff);
154
+}
123
+}
155
+
124
+
156
+static void v8m_security_lookup(CPUARMState *env, uint32_t address,
125
+static void set_reserved_region(Object *obj, Visitor *v, const char *name,
157
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
126
+ void *opaque, Error **errp)
158
+ V8M_SAttributes *sattrs)
159
+{
127
+{
160
+ /* Look up the security attributes for this address. Compare the
128
+ DeviceState *dev = DEVICE(obj);
161
+ * pseudocode SecurityCheck() function.
129
+ Property *prop = opaque;
162
+ * We assume the caller has zero-initialized *sattrs.
130
+ ReservedRegion *rr = qdev_get_prop_ptr(dev, prop);
163
+ */
131
+ Error *local_err = NULL;
164
+ ARMCPU *cpu = arm_env_get_cpu(env);
132
+ const char *endptr;
165
+ int r;
133
+ char *str;
134
+ int ret;
166
+
135
+
167
+ /* TODO: implement IDAU */
136
+ if (dev->realized) {
168
+
137
+ qdev_prop_set_after_realize(dev, name, errp);
169
+ if (access_type == MMU_INST_FETCH && extract32(address, 28, 4) == 0xf) {
170
+ /* 0xf0000000..0xffffffff is always S for insn fetches */
171
+ return;
138
+ return;
172
+ }
139
+ }
173
+
140
+
174
+ if (v8m_is_sau_exempt(env, address, access_type)) {
141
+ visit_type_str(v, name, &str, &local_err);
175
+ sattrs->ns = !regime_is_secure(env, mmu_idx);
142
+ if (local_err) {
143
+ error_propagate(errp, local_err);
176
+ return;
144
+ return;
177
+ }
145
+ }
178
+
146
+
179
+ switch (env->sau.ctrl & 3) {
147
+ ret = qemu_strtou64(str, &endptr, 16, &rr->low);
180
+ case 0: /* SAU.ENABLE == 0, SAU.ALLNS == 0 */
148
+ if (ret) {
181
+ break;
149
+ error_setg(errp, "start address of '%s'"
182
+ case 2: /* SAU.ENABLE == 0, SAU.ALLNS == 1 */
150
+ " must be a hexadecimal integer", name);
183
+ sattrs->ns = true;
151
+ goto out;
184
+ break;
152
+ }
185
+ default: /* SAU.ENABLE == 1 */
153
+ if (*endptr != ':') {
186
+ for (r = 0; r < cpu->sau_sregion; r++) {
154
+ goto separator_error;
187
+ if (env->sau.rlar[r] & 1) {
155
+ }
188
+ uint32_t base = env->sau.rbar[r] & ~0x1f;
189
+ uint32_t limit = env->sau.rlar[r] | 0x1f;
190
+
156
+
191
+ if (base <= address && limit >= address) {
157
+ ret = qemu_strtou64(endptr + 1, &endptr, 16, &rr->high);
192
+ if (sattrs->srvalid) {
158
+ if (ret) {
193
+ /* If we hit in more than one region then we must report
159
+ error_setg(errp, "end address of '%s'"
194
+ * as Secure, not NS-Callable, with no valid region
160
+ " must be a hexadecimal integer", name);
195
+ * number info.
161
+ goto out;
196
+ */
162
+ }
197
+ sattrs->ns = false;
163
+ if (*endptr != ':') {
198
+ sattrs->nsc = false;
164
+ goto separator_error;
199
+ sattrs->sregion = 0;
165
+ }
200
+ sattrs->srvalid = false;
201
+ break;
202
+ } else {
203
+ if (env->sau.rlar[r] & 2) {
204
+ sattrs->nsc = true;
205
+ } else {
206
+ sattrs->ns = true;
207
+ }
208
+ sattrs->srvalid = true;
209
+ sattrs->sregion = r;
210
+ }
211
+ }
212
+ }
213
+ }
214
+
166
+
215
+ /* TODO when we support the IDAU then it may override the result here */
167
+ ret = qemu_strtoui(endptr + 1, &endptr, 10, &rr->type);
216
+ break;
168
+ if (ret) {
169
+ error_setg(errp, "type of '%s'"
170
+ " must be a non-negative decimal integer", name);
217
+ }
171
+ }
172
+ goto out;
173
+
174
+separator_error:
175
+ error_setg(errp, "reserved region fields must be separated with ':'");
176
+out:
177
+ g_free(str);
178
+ return;
218
+}
179
+}
219
+
180
+
220
static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
181
+const PropertyInfo qdev_prop_reserved_region = {
221
MMUAccessType access_type, ARMMMUIdx mmu_idx,
182
+ .name = "reserved_region",
222
- hwaddr *phys_ptr, int *prot, uint32_t *fsr)
183
+ .description = "Reserved Region, example: 0xFEE00000:0xFEEFFFFF:0",
223
+ hwaddr *phys_ptr, MemTxAttrs *txattrs,
184
+ .get = get_reserved_region,
224
+ int *prot, uint32_t *fsr)
185
+ .set = set_reserved_region,
225
{
186
+};
226
ARMCPU *cpu = arm_env_get_cpu(env);
227
bool is_user = regime_is_user(env, mmu_idx);
228
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
229
int n;
230
int matchregion = -1;
231
bool hit = false;
232
+ V8M_SAttributes sattrs = {};
233
234
*phys_ptr = address;
235
*prot = 0;
236
237
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
238
+ v8m_security_lookup(env, address, access_type, mmu_idx, &sattrs);
239
+ if (access_type == MMU_INST_FETCH) {
240
+ /* Instruction fetches always use the MMU bank and the
241
+ * transaction attribute determined by the fetch address,
242
+ * regardless of CPU state. This is painful for QEMU
243
+ * to handle, because it would mean we need to encode
244
+ * into the mmu_idx not just the (user, negpri) information
245
+ * for the current security state but also that for the
246
+ * other security state, which would balloon the number
247
+ * of mmu_idx values needed alarmingly.
248
+ * Fortunately we can avoid this because it's not actually
249
+ * possible to arbitrarily execute code from memory with
250
+ * the wrong security attribute: it will always generate
251
+ * an exception of some kind or another, apart from the
252
+ * special case of an NS CPU executing an SG instruction
253
+ * in S&NSC memory. So we always just fail the translation
254
+ * here and sort things out in the exception handler
255
+ * (including possibly emulating an SG instruction).
256
+ */
257
+ if (sattrs.ns != !secure) {
258
+ *fsr = sattrs.nsc ? M_FAKE_FSR_NSC_EXEC : M_FAKE_FSR_SFAULT;
259
+ return true;
260
+ }
261
+ } else {
262
+ /* For data accesses we always use the MMU bank indicated
263
+ * by the current CPU state, but the security attributes
264
+ * might downgrade a secure access to nonsecure.
265
+ */
266
+ if (sattrs.ns) {
267
+ txattrs->secure = false;
268
+ } else if (!secure) {
269
+ /* NS access to S memory must fault.
270
+ * Architecturally we should first check whether the
271
+ * MPU information for this address indicates that we
272
+ * are doing an unaligned access to Device memory, which
273
+ * should generate a UsageFault instead. QEMU does not
274
+ * currently check for that kind of unaligned access though.
275
+ * If we added it we would need to do so as a special case
276
+ * for M_FAKE_FSR_SFAULT in arm_v7m_cpu_do_interrupt().
277
+ */
278
+ *fsr = M_FAKE_FSR_SFAULT;
279
+ return true;
280
+ }
281
+ }
282
+ }
283
+
187
+
284
/* Unlike the ARM ARM pseudocode, we don't need to check whether this
188
/* --- on/off/auto --- */
285
* was an exception vector read from the vector table (which is always
189
286
* done using the default system address map), because those accesses
190
const PropertyInfo qdev_prop_on_off_auto = {
287
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
288
if (arm_feature(env, ARM_FEATURE_V8)) {
289
/* PMSAv8 */
290
ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx,
291
- phys_ptr, prot, fsr);
292
+ phys_ptr, attrs, prot, fsr);
293
} else if (arm_feature(env, ARM_FEATURE_V7)) {
294
/* PMSAv7 */
295
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
296
--
191
--
297
2.7.4
192
2.20.1
298
193
299
194
diff view generated by jsdifflib
New patch
[PULL 05/34] virtio-iommu: Implement RESV_MEM probe request
1
1
From: Eric Auger <eric.auger@redhat.com>
2
3
This patch implements the PROBE request. At the moment,
4
only THE RESV_MEM property is handled. The first goal is
5
to report iommu wide reserved regions such as the MSI regions
6
set by the machine code. On x86 this will be the IOAPIC MSI
7
region, [0xFEE00000 - 0xFEEFFFFF], on ARM this may be the ITS
8
doorbell.
9
10
In the future we may introduce per device reserved regions.
11
This will be useful when protecting host assigned devices
12
which may expose their own reserved regions
13
14
Signed-off-by: Eric Auger <eric.auger@redhat.com>
15
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
16
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
17
Message-id: 20200629070404.10969-3-eric.auger@redhat.com
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
---
20
include/hw/virtio/virtio-iommu.h | 2 +
21
hw/virtio/virtio-iommu.c | 94 ++++++++++++++++++++++++++++++--
22
hw/virtio/trace-events | 1 +
23
3 files changed, 93 insertions(+), 4 deletions(-)
24
25
diff --git a/include/hw/virtio/virtio-iommu.h b/include/hw/virtio/virtio-iommu.h
26
index XXXXXXX..XXXXXXX 100644
27
--- a/include/hw/virtio/virtio-iommu.h
28
+++ b/include/hw/virtio/virtio-iommu.h
29
@@ -XXX,XX +XXX,XX @@ typedef struct VirtIOIOMMU {
30
GHashTable *as_by_busptr;
31
IOMMUPciBus *iommu_pcibus_by_bus_num[PCI_BUS_MAX];
32
PCIBus *primary_bus;
33
+ ReservedRegion *reserved_regions;
34
+ uint32_t nb_reserved_regions;
35
GTree *domains;
36
QemuMutex mutex;
37
GTree *endpoints;
38
diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
39
index XXXXXXX..XXXXXXX 100644
40
--- a/hw/virtio/virtio-iommu.c
41
+++ b/hw/virtio/virtio-iommu.c
42
@@ -XXX,XX +XXX,XX @@
43
44
/* Max size */
45
#define VIOMMU_DEFAULT_QUEUE_SIZE 256
46
+#define VIOMMU_PROBE_SIZE 512
47
48
typedef struct VirtIOIOMMUDomain {
49
uint32_t id;
50
@@ -XXX,XX +XXX,XX @@ static int virtio_iommu_unmap(VirtIOIOMMU *s,
51
return ret;
52
}
53
54
+static ssize_t virtio_iommu_fill_resv_mem_prop(VirtIOIOMMU *s, uint32_t ep,
55
+ uint8_t *buf, size_t free)
56
+{
57
+ struct virtio_iommu_probe_resv_mem prop = {};
58
+ size_t size = sizeof(prop), length = size - sizeof(prop.head), total;
59
+ int i;
60
+
61
+ total = size * s->nb_reserved_regions;
62
+
63
+ if (total > free) {
64
+ return -ENOSPC;
65
+ }
66
+
67
+ for (i = 0; i < s->nb_reserved_regions; i++) {
68
+ unsigned subtype = s->reserved_regions[i].type;
69
+
70
+ assert(subtype == VIRTIO_IOMMU_RESV_MEM_T_RESERVED ||
71
+ subtype == VIRTIO_IOMMU_RESV_MEM_T_MSI);
72
+ prop.head.type = cpu_to_le16(VIRTIO_IOMMU_PROBE_T_RESV_MEM);
73
+ prop.head.length = cpu_to_le16(length);
74
+ prop.subtype = subtype;
75
+ prop.start = cpu_to_le64(s->reserved_regions[i].low);
76
+ prop.end = cpu_to_le64(s->reserved_regions[i].high);
77
+
78
+ memcpy(buf, &prop, size);
79
+
80
+ trace_virtio_iommu_fill_resv_property(ep, prop.subtype,
81
+ prop.start, prop.end);
82
+ buf += size;
83
+ }
84
+ return total;
85
+}
86
+
87
+/**
88
+ * virtio_iommu_probe - Fill the probe request buffer with
89
+ * the properties the device is able to return
90
+ */
91
+static int virtio_iommu_probe(VirtIOIOMMU *s,
92
+ struct virtio_iommu_req_probe *req,
93
+ uint8_t *buf)
94
+{
95
+ uint32_t ep_id = le32_to_cpu(req->endpoint);
96
+ size_t free = VIOMMU_PROBE_SIZE;
97
+ ssize_t count;
98
+
99
+ if (!virtio_iommu_mr(s, ep_id)) {
100
+ return VIRTIO_IOMMU_S_NOENT;
101
+ }
102
+
103
+ count = virtio_iommu_fill_resv_mem_prop(s, ep_id, buf, free);
104
+ if (count < 0) {
105
+ return VIRTIO_IOMMU_S_INVAL;
106
+ }
107
+ buf += count;
108
+ free -= count;
109
+
110
+ return VIRTIO_IOMMU_S_OK;
111
+}
112
+
113
static int virtio_iommu_iov_to_req(struct iovec *iov,
114
unsigned int iov_cnt,
115
void *req, size_t req_sz)
116
@@ -XXX,XX +XXX,XX @@ virtio_iommu_handle_req(detach)
117
virtio_iommu_handle_req(map)
118
virtio_iommu_handle_req(unmap)
119
120
+static int virtio_iommu_handle_probe(VirtIOIOMMU *s,
121
+ struct iovec *iov,
122
+ unsigned int iov_cnt,
123
+ uint8_t *buf)
124
+{
125
+ struct virtio_iommu_req_probe req;
126
+ int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, sizeof(req));
127
+
128
+ return ret ? ret : virtio_iommu_probe(s, &req, buf);
129
+}
130
+
131
static void virtio_iommu_handle_command(VirtIODevice *vdev, VirtQueue *vq)
132
{
133
VirtIOIOMMU *s = VIRTIO_IOMMU(vdev);
134
struct virtio_iommu_req_head head;
135
struct virtio_iommu_req_tail tail = {};
136
+ size_t output_size = sizeof(tail), sz;
137
VirtQueueElement *elem;
138
unsigned int iov_cnt;
139
struct iovec *iov;
140
- size_t sz;
141
+ void *buf = NULL;
142
143
for (;;) {
144
elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
145
@@ -XXX,XX +XXX,XX @@ static void virtio_iommu_handle_command(VirtIODevice *vdev, VirtQueue *vq)
146
case VIRTIO_IOMMU_T_UNMAP:
147
tail.status = virtio_iommu_handle_unmap(s, iov, iov_cnt);
148
break;
149
+ case VIRTIO_IOMMU_T_PROBE:
150
+ {
151
+ struct virtio_iommu_req_tail *ptail;
152
+
153
+ output_size = s->config.probe_size + sizeof(tail);
154
+ buf = g_malloc0(output_size);
155
+
156
+ ptail = (struct virtio_iommu_req_tail *)
157
+ (buf + s->config.probe_size);
158
+ ptail->status = virtio_iommu_handle_probe(s, iov, iov_cnt, buf);
159
+ }
160
default:
161
tail.status = VIRTIO_IOMMU_S_UNSUPP;
162
}
163
@@ -XXX,XX +XXX,XX @@ static void virtio_iommu_handle_command(VirtIODevice *vdev, VirtQueue *vq)
164
165
out:
166
sz = iov_from_buf(elem->in_sg, elem->in_num, 0,
167
- &tail, sizeof(tail));
168
- assert(sz == sizeof(tail));
169
+ buf ? buf : &tail, output_size);
170
+ assert(sz == output_size);
171
172
- virtqueue_push(vq, elem, sizeof(tail));
173
+ virtqueue_push(vq, elem, sz);
174
virtio_notify(vdev, vq);
175
g_free(elem);
176
+ g_free(buf);
177
}
178
}
179
180
@@ -XXX,XX +XXX,XX @@ static void virtio_iommu_device_realize(DeviceState *dev, Error **errp)
181
s->config.page_size_mask = TARGET_PAGE_MASK;
182
s->config.input_range.end = -1UL;
183
s->config.domain_range.end = 32;
184
+ s->config.probe_size = VIOMMU_PROBE_SIZE;
185
186
virtio_add_feature(&s->features, VIRTIO_RING_F_EVENT_IDX);
187
virtio_add_feature(&s->features, VIRTIO_RING_F_INDIRECT_DESC);
188
@@ -XXX,XX +XXX,XX @@ static void virtio_iommu_device_realize(DeviceState *dev, Error **errp)
189
virtio_add_feature(&s->features, VIRTIO_IOMMU_F_MAP_UNMAP);
190
virtio_add_feature(&s->features, VIRTIO_IOMMU_F_BYPASS);
191
virtio_add_feature(&s->features, VIRTIO_IOMMU_F_MMIO);
192
+ virtio_add_feature(&s->features, VIRTIO_IOMMU_F_PROBE);
193
194
qemu_mutex_init(&s->mutex);
195
196
diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
197
index XXXXXXX..XXXXXXX 100644
198
--- a/hw/virtio/trace-events
199
+++ b/hw/virtio/trace-events
200
@@ -XXX,XX +XXX,XX @@ virtio_iommu_get_domain(uint32_t domain_id) "Alloc domain=%d"
201
virtio_iommu_put_domain(uint32_t domain_id) "Free domain=%d"
202
virtio_iommu_translate_out(uint64_t virt_addr, uint64_t phys_addr, uint32_t sid) "0x%"PRIx64" -> 0x%"PRIx64 " for sid=%d"
203
virtio_iommu_report_fault(uint8_t reason, uint32_t flags, uint32_t endpoint, uint64_t addr) "FAULT reason=%d flags=%d endpoint=%d address =0x%"PRIx64
204
+virtio_iommu_fill_resv_property(uint32_t devid, uint8_t subtype, uint64_t start, uint64_t end) "dev= %d, type=%d start=0x%"PRIx64" end=0x%"PRIx64
205
--
206
2.20.1
207
208
diff view generated by jsdifflib
New patch
[PULL 06/34] virtio-iommu: Handle reserved regions in the translation process
1
From: Eric Auger <eric.auger@redhat.com>
1
2
3
When translating an address we need to check if it belongs to
4
a reserved virtual address range. If it does, there are 2 cases:
5
6
- it belongs to a RESERVED region: the guest should neither use
7
this address in a MAP not instruct the end-point to DMA on
8
them. We report an error
9
10
- It belongs to an MSI region: we bypass the translation.
11
12
Signed-off-by: Eric Auger <eric.auger@redhat.com>
13
Reviewed-by: Peter Xu <peterx@redhat.com>
14
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
15
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
16
Message-id: 20200629070404.10969-4-eric.auger@redhat.com
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
---
19
hw/virtio/virtio-iommu.c | 20 ++++++++++++++++++++
20
1 file changed, 20 insertions(+)
21
22
diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
23
index XXXXXXX..XXXXXXX 100644
24
--- a/hw/virtio/virtio-iommu.c
25
+++ b/hw/virtio/virtio-iommu.c
26
@@ -XXX,XX +XXX,XX @@ static IOMMUTLBEntry virtio_iommu_translate(IOMMUMemoryRegion *mr, hwaddr addr,
27
uint32_t sid, flags;
28
bool bypass_allowed;
29
bool found;
30
+ int i;
31
32
interval.low = addr;
33
interval.high = addr + 1;
34
@@ -XXX,XX +XXX,XX @@ static IOMMUTLBEntry virtio_iommu_translate(IOMMUMemoryRegion *mr, hwaddr addr,
35
goto unlock;
36
}
37
38
+ for (i = 0; i < s->nb_reserved_regions; i++) {
39
+ ReservedRegion *reg = &s->reserved_regions[i];
40
+
41
+ if (addr >= reg->low && addr <= reg->high) {
42
+ switch (reg->type) {
43
+ case VIRTIO_IOMMU_RESV_MEM_T_MSI:
44
+ entry.perm = flag;
45
+ break;
46
+ case VIRTIO_IOMMU_RESV_MEM_T_RESERVED:
47
+ default:
48
+ virtio_iommu_report_fault(s, VIRTIO_IOMMU_FAULT_R_MAPPING,
49
+ VIRTIO_IOMMU_FAULT_F_ADDRESS,
50
+ sid, addr);
51
+ break;
52
+ }
53
+ goto unlock;
54
+ }
55
+ }
56
+
57
if (!ep->domain) {
58
if (!bypass_allowed) {
59
error_report_once("%s %02x:%02x.%01x not attached to any domain",
60
--
61
2.20.1
62
63
diff view generated by jsdifflib
New patch
[PULL 07/34] virtio-iommu-pci: Add array of Interval properties
1
From: Eric Auger <eric.auger@redhat.com>
1
2
3
The machine may need to pass reserved regions to the
4
virtio-iommu-pci device (such as the MSI window on x86
5
or the MSI doorbells on ARM).
6
7
So let's add an array of Interval properties.
8
9
Note: if some reserved regions are already set by the
10
machine code - which should be the case in general -,
11
the length of the property array is already set and
12
prevents the end-user from modifying them. For example,
13
attempting to use:
14
15
-device virtio-iommu-pci,\
16
len-reserved-regions=1,reserved-regions[0]=0xfee00000:0xfeefffff:1
17
18
would result in the following error message:
19
20
qemu-system-aarch64: -device virtio-iommu-pci,addr=0xa,
21
len-reserved-regions=1,reserved-regions[0]=0xfee00000:0xfeefffff:1:
22
array size property len-reserved-regions may not be set more than once
23
24
Otherwise, for example, adding two reserved regions is achieved
25
using the following options:
26
27
-device virtio-iommu-pci,addr=0xa,len-reserved-regions=2,\
28
reserved-regions[0]=0xfee00000:0xfeefffff:1,\
29
reserved-regions[1]=0x1000000:100ffff:1
30
31
Signed-off-by: Eric Auger <eric.auger@redhat.com>
32
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
33
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
34
Reviewed-by: Peter Xu <peterx@redhat.com>
35
Message-id: 20200629070404.10969-5-eric.auger@redhat.com
36
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
37
---
38
hw/virtio/virtio-iommu-pci.c | 11 +++++++++++
39
1 file changed, 11 insertions(+)
40
41
diff --git a/hw/virtio/virtio-iommu-pci.c b/hw/virtio/virtio-iommu-pci.c
42
index XXXXXXX..XXXXXXX 100644
43
--- a/hw/virtio/virtio-iommu-pci.c
44
+++ b/hw/virtio/virtio-iommu-pci.c
45
@@ -XXX,XX +XXX,XX @@ struct VirtIOIOMMUPCI {
46
47
static Property virtio_iommu_pci_properties[] = {
48
DEFINE_PROP_UINT32("class", VirtIOPCIProxy, class_code, 0),
49
+ DEFINE_PROP_ARRAY("reserved-regions", VirtIOIOMMUPCI,
50
+ vdev.nb_reserved_regions, vdev.reserved_regions,
51
+ qdev_prop_reserved_region, ReservedRegion),
52
DEFINE_PROP_END_OF_LIST(),
53
};
54
55
@@ -XXX,XX +XXX,XX @@ static void virtio_iommu_pci_realize(VirtIOPCIProxy *vpci_dev, Error **errp)
56
{
57
VirtIOIOMMUPCI *dev = VIRTIO_IOMMU_PCI(vpci_dev);
58
DeviceState *vdev = DEVICE(&dev->vdev);
59
+ VirtIOIOMMU *s = VIRTIO_IOMMU(vdev);
60
61
if (!qdev_get_machine_hotplug_handler(DEVICE(vpci_dev))) {
62
MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
63
@@ -XXX,XX +XXX,XX @@ static void virtio_iommu_pci_realize(VirtIOPCIProxy *vpci_dev, Error **errp)
64
"-no-acpi\n");
65
return;
66
}
67
+ for (int i = 0; i < s->nb_reserved_regions; i++) {
68
+ if (s->reserved_regions[i].type != VIRTIO_IOMMU_RESV_MEM_T_RESERVED &&
69
+ s->reserved_regions[i].type != VIRTIO_IOMMU_RESV_MEM_T_MSI) {
70
+ error_setg(errp, "reserved region %d has an invalid type", i);
71
+ error_append_hint(errp, "Valid values are 0 and 1\n");
72
+ }
73
+ }
74
object_property_set_link(OBJECT(dev),
75
OBJECT(pci_get_bus(&vpci_dev->pci_dev)),
76
"primary-bus", &error_abort);
77
--
78
2.20.1
79
80
diff view generated by jsdifflib
[Qemu-devel] [PULL 01/20] arm: Fix SMC reporting to EL2 when QEMU provides PSCI
[PULL 08/34] hw/arm/virt: Let the virtio-iommu bypass MSIs
1
From: Jan Kiszka <jan.kiszka@siemens.com>
1
From: Eric Auger <eric.auger@redhat.com>
2
2
3
This properly forwards SMC events to EL2 when PSCI is provided by QEMU
3
At the moment the virtio-iommu translates MSI transactions.
4
itself and, thus, ARM_FEATURE_EL3 is off.
4
This behavior is inherited from ARM SMMU. The virt machine
5
code knows where the guest MSI doorbells are so we can easily
6
declare those regions as VIRTIO_IOMMU_RESV_MEM_T_MSI. With that
7
setting the guest will not map MSIs through the IOMMU and those
8
transactions will be simply bypassed.
5
9
6
Found and tested with the Jailhouse hypervisor. Solution based on
10
Depending on which MSI controller is in use (ITS or GICV2M),
7
suggestions by Peter Maydell.
11
we declare either:
12
- the ITS interrupt translation space (ITS_base + 0x10000),
13
containing the GITS_TRANSLATOR or
14
- The GICV2M single frame, containing the MSI_SETSP_NS register.
8
15
9
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
16
Signed-off-by: Eric Auger <eric.auger@redhat.com>
10
Message-id: 4f243068-aaea-776f-d18f-f9e05e7be9cd@siemens.com
17
Message-id: 20200629070404.10969-6-eric.auger@redhat.com
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
18
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
20
---
14
target/arm/helper.c | 9 ++++++++-
21
include/hw/arm/virt.h | 7 +++++++
15
target/arm/op_helper.c | 27 +++++++++++++++++----------
22
hw/arm/virt.c | 30 ++++++++++++++++++++++++++++++
16
2 files changed, 25 insertions(+), 11 deletions(-)
23
2 files changed, 37 insertions(+)
17
24
18
diff --git a/target/arm/helper.c b/target/arm/helper.c
25
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
19
index XXXXXXX..XXXXXXX 100644
26
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/helper.c
27
--- a/include/hw/arm/virt.h
21
+++ b/target/arm/helper.c
28
+++ b/include/hw/arm/virt.h
22
@@ -XXX,XX +XXX,XX @@ static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
29
@@ -XXX,XX +XXX,XX @@ typedef enum VirtIOMMUType {
23
30
VIRT_IOMMU_VIRTIO,
24
if (arm_feature(env, ARM_FEATURE_EL3)) {
31
} VirtIOMMUType;
25
valid_mask &= ~HCR_HCD;
32
26
- } else {
33
+typedef enum VirtMSIControllerType {
27
+ } else if (cpu->psci_conduit != QEMU_PSCI_CONDUIT_SMC) {
34
+ VIRT_MSI_CTRL_NONE,
28
+ /* Architecturally HCR.TSC is RES0 if EL3 is not implemented.
35
+ VIRT_MSI_CTRL_GICV2M,
29
+ * However, if we're using the SMC PSCI conduit then QEMU is
36
+ VIRT_MSI_CTRL_ITS,
30
+ * effectively acting like EL3 firmware and so the guest at
37
+} VirtMSIControllerType;
31
+ * EL2 should retain the ability to prevent EL1 from being
38
+
32
+ * able to make SMC calls into the ersatz firmware, so in
39
typedef enum VirtGICType {
33
+ * that case HCR.TSC should be read/write.
40
VIRT_GIC_VERSION_MAX,
34
+ */
41
VIRT_GIC_VERSION_HOST,
35
valid_mask &= ~HCR_TSC;
42
@@ -XXX,XX +XXX,XX @@ typedef struct {
43
OnOffAuto acpi;
44
VirtGICType gic_version;
45
VirtIOMMUType iommu;
46
+ VirtMSIControllerType msi_controller;
47
uint16_t virtio_iommu_bdf;
48
struct arm_boot_info bootinfo;
49
MemMapEntry *memmap;
50
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
51
index XXXXXXX..XXXXXXX 100644
52
--- a/hw/arm/virt.c
53
+++ b/hw/arm/virt.c
54
@@ -XXX,XX +XXX,XX @@ static void create_its(VirtMachineState *vms)
55
sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, vms->memmap[VIRT_GIC_ITS].base);
56
57
fdt_add_its_gic_node(vms);
58
+ vms->msi_controller = VIRT_MSI_CTRL_ITS;
59
}
60
61
static void create_v2m(VirtMachineState *vms)
62
@@ -XXX,XX +XXX,XX @@ static void create_v2m(VirtMachineState *vms)
36
}
63
}
37
64
38
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
65
fdt_add_v2m_gic_node(vms);
39
index XXXXXXX..XXXXXXX 100644
66
+ vms->msi_controller = VIRT_MSI_CTRL_GICV2M;
40
--- a/target/arm/op_helper.c
67
}
41
+++ b/target/arm/op_helper.c
68
42
@@ -XXX,XX +XXX,XX @@ void HELPER(pre_smc)(CPUARMState *env, uint32_t syndrome)
69
static void create_gic(VirtMachineState *vms)
43
*/
70
@@ -XXX,XX +XXX,XX @@ out:
44
bool undef = arm_feature(env, ARM_FEATURE_AARCH64) ? smd : smd && !secure;
71
static void virt_machine_device_pre_plug_cb(HotplugHandler *hotplug_dev,
45
72
DeviceState *dev, Error **errp)
46
- if (arm_is_psci_call(cpu, EXCP_SMC)) {
73
{
47
- /* If PSCI is enabled and this looks like a valid PSCI call then
74
+ VirtMachineState *vms = VIRT_MACHINE(hotplug_dev);
48
- * that overrides the architecturally mandated SMC behaviour.
75
+
49
+ if (!arm_feature(env, ARM_FEATURE_EL3) &&
76
if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
50
+ cpu->psci_conduit != QEMU_PSCI_CONDUIT_SMC) {
77
virt_memory_pre_plug(hotplug_dev, dev, errp);
51
+ /* If we have no EL3 then SMC always UNDEFs and can't be
78
+ } else if (object_dynamic_cast(OBJECT(dev), TYPE_VIRTIO_IOMMU_PCI)) {
52
+ * trapped to EL2. PSCI-via-SMC is a sort of ersatz EL3
79
+ hwaddr db_start = 0, db_end = 0;
53
+ * firmware within QEMU, and we want an EL2 guest to be able
80
+ char *resv_prop_str;
54
+ * to forbid its EL1 from making PSCI calls into QEMU's
81
+
55
+ * "firmware" via HCR.TSC, so for these purposes treat
82
+ switch (vms->msi_controller) {
56
+ * PSCI-via-SMC as implying an EL3.
83
+ case VIRT_MSI_CTRL_NONE:
57
*/
84
+ return;
58
- return;
85
+ case VIRT_MSI_CTRL_ITS:
59
- }
86
+ /* GITS_TRANSLATER page */
60
-
87
+ db_start = base_memmap[VIRT_GIC_ITS].base + 0x10000;
61
- if (!arm_feature(env, ARM_FEATURE_EL3)) {
88
+ db_end = base_memmap[VIRT_GIC_ITS].base +
62
- /* If we have no EL3 then SMC always UNDEFs */
89
+ base_memmap[VIRT_GIC_ITS].size - 1;
63
undef = true;
90
+ break;
64
} else if (!secure && cur_el == 1 && (env->cp15.hcr_el2 & HCR_TSC)) {
91
+ case VIRT_MSI_CTRL_GICV2M:
65
- /* In NS EL1, HCR controlled routing to EL2 has priority over SMD. */
92
+ /* MSI_SETSPI_NS page */
66
+ /* In NS EL1, HCR controlled routing to EL2 has priority over SMD.
93
+ db_start = base_memmap[VIRT_GIC_V2M].base;
67
+ * We also want an EL2 guest to be able to forbid its EL1 from
94
+ db_end = db_start + base_memmap[VIRT_GIC_V2M].size - 1;
68
+ * making PSCI calls into QEMU's "firmware" via HCR.TSC.
95
+ break;
69
+ */
96
+ }
70
raise_exception(env, EXCP_HYP_TRAP, syndrome, 2);
97
+ resv_prop_str = g_strdup_printf("0x%"PRIx64":0x%"PRIx64":%u",
98
+ db_start, db_end,
99
+ VIRTIO_IOMMU_RESV_MEM_T_MSI);
100
+
101
+ qdev_prop_set_uint32(dev, "len-reserved-regions", 1);
102
+ qdev_prop_set_string(dev, "reserved-regions[0]", resv_prop_str);
103
+ g_free(resv_prop_str);
71
}
104
}
72
105
}
73
- if (undef) {
106
74
+ /* If PSCI is enabled and this looks like a valid PSCI call then
75
+ * suppress the UNDEF -- we'll catch the SMC exception and
76
+ * implement the PSCI call behaviour there.
77
+ */
78
+ if (undef && !arm_is_psci_call(cpu, EXCP_SMC)) {
79
raise_exception(env, EXCP_UDEF, syn_uncategorized(),
80
exception_target_el(env));
81
}
82
--
107
--
83
2.7.4
108
2.20.1
84
109
85
110
diff view generated by jsdifflib
[Qemu-devel] [PULL 13/20] target/arm: Update excret sanity checks for v8M
[PULL 09/34] target/arm: kvm: Handle DABT with no valid ISS
1
In v8M, more bits are defined in the exception-return magic
1
From: Beata Michalska <beata.michalska@linaro.org>
2
values; update the code that checks these so we accept
3
the v8M values when the CPU permits them.
4
2
3
On ARMv7 & ARMv8 some load/store instructions might trigger a data abort
4
exception with no valid ISS info to be decoded. The lack of decode info
5
makes it at least tricky to emulate those instruction which is one of the
6
(many) reasons why KVM will not even try to do so.
7
8
Add support for handling those by requesting KVM to inject external
9
dabt into the quest.
10
11
Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
12
Reviewed-by: Andrew Jones <drjones@redhat.com>
13
Message-id: 20200629114110.30723-2-beata.michalska@linaro.org
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 1506092407-26985-11-git-send-email-peter.maydell@linaro.org
8
---
15
---
9
target/arm/helper.c | 73 ++++++++++++++++++++++++++++++++++++++++++-----------
16
target/arm/kvm.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++
10
1 file changed, 58 insertions(+), 15 deletions(-)
17
1 file changed, 52 insertions(+)
11
18
12
diff --git a/target/arm/helper.c b/target/arm/helper.c
19
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
13
index XXXXXXX..XXXXXXX 100644
20
index XXXXXXX..XXXXXXX 100644
14
--- a/target/arm/helper.c
21
--- a/target/arm/kvm.c
15
+++ b/target/arm/helper.c
22
+++ b/target/arm/kvm.c
16
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
23
@@ -XXX,XX +XXX,XX @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
17
uint32_t excret;
24
18
uint32_t xpsr;
25
static bool cap_has_mp_state;
19
bool ufault = false;
26
static bool cap_has_inject_serror_esr;
20
- bool return_to_sp_process = false;
27
+static bool cap_has_inject_ext_dabt;
21
- bool return_to_handler = false;
28
22
+ bool sfault = false;
29
static ARMHostCPUFeatures arm_host_cpu_features;
23
+ bool return_to_sp_process;
30
24
+ bool return_to_handler;
31
@@ -XXX,XX +XXX,XX @@ int kvm_arch_init(MachineState *ms, KVMState *s)
25
bool rettobase = false;
32
ret = -EINVAL;
26
bool exc_secure = false;
27
bool return_to_secure;
28
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
29
excret);
30
}
33
}
31
34
32
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
35
+ if (kvm_check_extension(s, KVM_CAP_ARM_NISV_TO_USER)) {
33
+ /* EXC_RETURN.ES validation check (R_SMFL). We must do this before
36
+ if (kvm_vm_enable_cap(s, KVM_CAP_ARM_NISV_TO_USER, 0)) {
34
+ * we pick which FAULTMASK to clear.
37
+ error_report("Failed to enable KVM_CAP_ARM_NISV_TO_USER cap");
35
+ */
38
+ } else {
36
+ if (!env->v7m.secure &&
39
+ /* Set status for supporting the external dabt injection */
37
+ ((excret & R_V7M_EXCRET_ES_MASK) ||
40
+ cap_has_inject_ext_dabt = kvm_check_extension(s,
38
+ !(excret & R_V7M_EXCRET_DCRS_MASK))) {
41
+ KVM_CAP_ARM_INJECT_EXT_DABT);
39
+ sfault = 1;
40
+ /* For all other purposes, treat ES as 0 (R_HXSR) */
41
+ excret &= ~R_V7M_EXCRET_ES_MASK;
42
+ }
42
+ }
43
+ }
43
+ }
44
+
44
+
45
if (env->v7m.exception != ARMV7M_EXCP_NMI) {
45
return ret;
46
/* Auto-clear FAULTMASK on return from other than NMI.
46
}
47
* If the security extension is implemented then this only
47
48
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
48
@@ -XXX,XX +XXX,XX @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
49
g_assert_not_reached();
50
}
49
}
51
50
}
52
+ return_to_handler = !(excret & R_V7M_EXCRET_MODE_MASK);
51
53
+ return_to_sp_process = excret & R_V7M_EXCRET_SPSEL_MASK;
52
+/**
54
return_to_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
53
+ * kvm_arm_handle_dabt_nisv:
55
(excret & R_V7M_EXCRET_S_MASK);
54
+ * @cs: CPUState
56
55
+ * @esr_iss: ISS encoding (limited) for the exception from Data Abort
57
- switch (excret & 0xf) {
56
+ * ISV bit set to '0b0' -> no valid instruction syndrome
58
- case 1: /* Return to Handler */
57
+ * @fault_ipa: faulting address for the synchronous data abort
59
- return_to_handler = true;
58
+ *
60
- break;
59
+ * Returns: 0 if the exception has been handled, < 0 otherwise
61
- case 13: /* Return to Thread using Process stack */
60
+ */
62
- return_to_sp_process = true;
61
+static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
63
- /* fall through */
62
+ uint64_t fault_ipa)
64
- case 9: /* Return to Thread using Main stack */
63
+{
65
- if (!rettobase &&
64
+ /*
66
- !(env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_NONBASETHRDENA_MASK)) {
65
+ * Request KVM to inject the external data abort into the guest
67
+ if (arm_feature(env, ARM_FEATURE_V8)) {
66
+ */
68
+ if (!arm_feature(env, ARM_FEATURE_M_SECURITY)) {
67
+ if (cap_has_inject_ext_dabt) {
69
+ /* UNPREDICTABLE if S == 1 or DCRS == 0 or ES == 1 (R_XLCP);
68
+ struct kvm_vcpu_events events = { };
70
+ * we choose to take the UsageFault.
69
+ /*
71
+ */
70
+ * The external data abort event will be handled immediately by KVM
72
+ if ((excret & R_V7M_EXCRET_S_MASK) ||
71
+ * using the address fault that triggered the exit on given VCPU.
73
+ (excret & R_V7M_EXCRET_ES_MASK) ||
72
+ * Requesting injection of the external data abort does not rely
74
+ !(excret & R_V7M_EXCRET_DCRS_MASK)) {
73
+ * on any other VCPU state. Therefore, in this particular case, the VCPU
75
+ ufault = true;
74
+ * synchronization can be exceptionally skipped.
76
+ }
75
+ */
77
+ }
76
+ events.exception.ext_dabt_pending = 1;
78
+ if (excret & R_V7M_EXCRET_RES0_MASK) {
77
+ /* KVM_CAP_ARM_INJECT_EXT_DABT implies KVM_CAP_VCPU_EVENTS */
79
ufault = true;
78
+ return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
80
}
81
- break;
82
- default:
83
- ufault = true;
84
+ } else {
79
+ } else {
85
+ /* For v7M we only recognize certain combinations of the low bits */
80
+ error_report("Data abort exception triggered by guest memory access "
86
+ switch (excret & 0xf) {
81
+ "at physical address: 0x" TARGET_FMT_lx,
87
+ case 1: /* Return to Handler */
82
+ (target_ulong)fault_ipa);
88
+ break;
83
+ error_printf("KVM unable to emulate faulting instruction.\n");
89
+ case 13: /* Return to Thread using Process stack */
90
+ case 9: /* Return to Thread using Main stack */
91
+ /* We only need to check NONBASETHRDENA for v7M, because in
92
+ * v8M this bit does not exist (it is RES1).
93
+ */
94
+ if (!rettobase &&
95
+ !(env->v7m.ccr[env->v7m.secure] &
96
+ R_V7M_CCR_NONBASETHRDENA_MASK)) {
97
+ ufault = true;
98
+ }
99
+ break;
100
+ default:
101
+ ufault = true;
102
+ }
103
+ }
84
+ }
85
+ return -1;
86
+}
104
+
87
+
105
+ if (sfault) {
88
int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
106
+ env->v7m.sfsr |= R_V7M_SFSR_INVER_MASK;
89
{
107
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
90
int ret = 0;
108
+ v7m_exception_taken(cpu, excret);
91
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
109
+ qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing "
92
ret = EXCP_DEBUG;
110
+ "stackframe: failed EXC_RETURN.ES validity check\n");
93
} /* otherwise return to guest */
111
+ return;
94
break;
112
}
95
+ case KVM_EXIT_ARM_NISV:
113
96
+ /* External DABT with no valid iss to decode */
114
if (ufault) {
97
+ ret = kvm_arm_handle_dabt_nisv(cs, run->arm_nisv.esr_iss,
98
+ run->arm_nisv.fault_ipa);
99
+ break;
100
default:
101
qemu_log_mask(LOG_UNIMP, "%s: un-handled exit reason %d\n",
102
__func__, run->exit_reason);
115
--
103
--
116
2.7.4
104
2.20.1
117
105
118
106
diff view generated by jsdifflib
[Qemu-devel] [PULL 12/20] target/arm: Add new-in-v8M SFSR and SFAR
[PULL 10/34] target/arm: kvm: Handle misconfigured dabt injection
1
Add the new M profile Secure Fault Status Register
1
From: Beata Michalska <beata.michalska@linaro.org>
2
and Secure Fault Address Register.
2
3
3
Injecting external data abort through KVM might trigger
4
an issue on kernels that do not get updated to include the KVM fix.
5
For those and aarch32 guests, the injected abort gets misconfigured
6
to be an implementation defined exception. This leads to the guest
7
repeatedly re-running the faulting instruction.
8
9
Add support for handling that case.
10
11
[
12
Fixed-by: 018f22f95e8a
13
    ('KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests')
14
Fixed-by: 21aecdbd7f3a
15
    ('KVM: arm: Make inject_abt32() inject an external abort instead')
16
]
17
18
Signed-off-by: Beata Michalska <beata.michalska@linaro.org>
19
Acked-by: Andrew Jones <drjones@redhat.com>
20
Message-id: 20200629114110.30723-3-beata.michalska@linaro.org
21
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Message-id: 1506092407-26985-10-git-send-email-peter.maydell@linaro.org
7
---
23
---
8
target/arm/cpu.h | 12 ++++++++++++
24
target/arm/cpu.h | 2 ++
9
hw/intc/armv7m_nvic.c | 34 ++++++++++++++++++++++++++++++++++
25
target/arm/kvm_arm.h | 10 +++++++++
10
target/arm/machine.c | 2 ++
26
target/arm/kvm.c | 30 ++++++++++++++++++++++++++-
11
3 files changed, 48 insertions(+)
27
target/arm/kvm32.c | 34 ++++++++++++++++++++++++++++++
28
target/arm/kvm64.c | 49 ++++++++++++++++++++++++++++++++++++++++++++
29
5 files changed, 124 insertions(+), 1 deletion(-)
12
30
13
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
31
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
14
index XXXXXXX..XXXXXXX 100644
32
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/cpu.h
33
--- a/target/arm/cpu.h
16
+++ b/target/arm/cpu.h
34
+++ b/target/arm/cpu.h
17
@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
35
@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
18
uint32_t cfsr[M_REG_NUM_BANKS]; /* Configurable Fault Status */
36
uint64_t esr;
19
uint32_t hfsr; /* HardFault Status */
37
} serror;
20
uint32_t dfsr; /* Debug Fault Status Register */
38
21
+ uint32_t sfsr; /* Secure Fault Status Register */
39
+ uint8_t ext_dabt_raised; /* Tracking/verifying injection of ext DABT */
22
uint32_t mmfar[M_REG_NUM_BANKS]; /* MemManage Fault Address */
40
+
23
uint32_t bfar; /* BusFault Address */
41
/* State of our input IRQ/FIQ/VIRQ/VFIQ lines */
24
+ uint32_t sfar; /* Secure Fault Address Register */
42
uint32_t irq_line_state;
25
unsigned mpu_ctrl[M_REG_NUM_BANKS]; /* MPU_CTRL */
43
26
int exception;
44
diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
27
uint32_t primask[M_REG_NUM_BANKS];
45
index XXXXXXX..XXXXXXX 100644
28
@@ -XXX,XX +XXX,XX @@ FIELD(V7M_DFSR, DWTTRAP, 2, 1)
46
--- a/target/arm/kvm_arm.h
29
FIELD(V7M_DFSR, VCATCH, 3, 1)
47
+++ b/target/arm/kvm_arm.h
30
FIELD(V7M_DFSR, EXTERNAL, 4, 1)
48
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_hw_debug_active(CPUState *cs);
31
49
struct kvm_guest_debug_arch;
32
+/* V7M SFSR bits */
50
void kvm_arm_copy_hw_debug_data(struct kvm_guest_debug_arch *ptr);
33
+FIELD(V7M_SFSR, INVEP, 0, 1)
51
34
+FIELD(V7M_SFSR, INVIS, 1, 1)
52
+/**
35
+FIELD(V7M_SFSR, INVER, 2, 1)
53
+ * kvm_arm_verify_ext_dabt_pending:
36
+FIELD(V7M_SFSR, AUVIOL, 3, 1)
54
+ * @cs: CPUState
37
+FIELD(V7M_SFSR, INVTRAN, 4, 1)
55
+ *
38
+FIELD(V7M_SFSR, LSPERR, 5, 1)
56
+ * Verify the fault status code wrt the Ext DABT injection
39
+FIELD(V7M_SFSR, SFARVALID, 6, 1)
57
+ *
40
+FIELD(V7M_SFSR, LSERR, 7, 1)
58
+ * Returns: true if the fault status code is as expected, false otherwise
41
+
59
+ */
42
/* v7M MPU_CTRL bits */
60
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs);
43
FIELD(V7M_MPU_CTRL, ENABLE, 0, 1)
61
+
44
FIELD(V7M_MPU_CTRL, HFNMIENA, 1, 1)
62
/**
45
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
63
* its_class_name:
46
index XXXXXXX..XXXXXXX 100644
64
*
47
--- a/hw/intc/armv7m_nvic.c
65
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
48
+++ b/hw/intc/armv7m_nvic.c
66
index XXXXXXX..XXXXXXX 100644
49
@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
67
--- a/target/arm/kvm.c
50
goto bad_offset;
68
+++ b/target/arm/kvm.c
51
}
69
@@ -XXX,XX +XXX,XX @@ int kvm_get_vcpu_events(ARMCPU *cpu)
52
return cpu->env.pmsav8.mair1[attrs.secure];
70
53
+ case 0xde4: /* SFSR */
71
void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
54
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
72
{
55
+ goto bad_offset;
73
+ ARMCPU *cpu = ARM_CPU(cs);
56
+ }
74
+ CPUARMState *env = &cpu->env;
57
+ if (!attrs.secure) {
75
+
76
+ if (unlikely(env->ext_dabt_raised)) {
77
+ /*
78
+ * Verifying that the ext DABT has been properly injected,
79
+ * otherwise risking indefinitely re-running the faulting instruction
80
+ * Covering a very narrow case for kernels 5.5..5.5.4
81
+ * when injected abort was misconfigured to be
82
+ * an IMPLEMENTATION DEFINED exception (for 32-bit EL1)
83
+ */
84
+ if (!arm_feature(env, ARM_FEATURE_AARCH64) &&
85
+ unlikely(!kvm_arm_verify_ext_dabt_pending(cs))) {
86
+
87
+ error_report("Data abort exception with no valid ISS generated by "
88
+ "guest memory access. KVM unable to emulate faulting "
89
+ "instruction. Failed to inject an external data abort "
90
+ "into the guest.");
91
+ abort();
92
+ }
93
+ /* Clear the status */
94
+ env->ext_dabt_raised = 0;
95
+ }
96
}
97
98
MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
99
@@ -XXX,XX +XXX,XX @@ void kvm_arm_vm_state_change(void *opaque, int running, RunState state)
100
static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
101
uint64_t fault_ipa)
102
{
103
+ ARMCPU *cpu = ARM_CPU(cs);
104
+ CPUARMState *env = &cpu->env;
105
/*
106
* Request KVM to inject the external data abort into the guest
107
*/
108
@@ -XXX,XX +XXX,XX @@ static int kvm_arm_handle_dabt_nisv(CPUState *cs, uint64_t esr_iss,
109
*/
110
events.exception.ext_dabt_pending = 1;
111
/* KVM_CAP_ARM_INJECT_EXT_DABT implies KVM_CAP_VCPU_EVENTS */
112
- return kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events);
113
+ if (!kvm_vcpu_ioctl(cs, KVM_SET_VCPU_EVENTS, &events)) {
114
+ env->ext_dabt_raised = 1;
58
+ return 0;
115
+ return 0;
59
+ }
116
+ }
60
+ return cpu->env.v7m.sfsr;
117
} else {
61
+ case 0xde8: /* SFAR */
118
error_report("Data abort exception triggered by guest memory access "
62
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
119
"at physical address: 0x" TARGET_FMT_lx,
63
+ goto bad_offset;
120
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
121
index XXXXXXX..XXXXXXX 100644
122
--- a/target/arm/kvm32.c
123
+++ b/target/arm/kvm32.c
124
@@ -XXX,XX +XXX,XX @@ void kvm_arm_pmu_init(CPUState *cs)
125
{
126
qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
127
}
128
+
129
+#define ARM_REG_DFSR ARM_CP15_REG32(0, 5, 0, 0)
130
+#define ARM_REG_TTBCR ARM_CP15_REG32(0, 2, 0, 2)
131
+/*
132
+ *DFSR:
133
+ * TTBCR.EAE == 0
134
+ * FS[4] - DFSR[10]
135
+ * FS[3:0] - DFSR[3:0]
136
+ * TTBCR.EAE == 1
137
+ * FS, bits [5:0]
138
+ */
139
+#define DFSR_FSC(lpae, v) \
140
+ ((lpae) ? ((v) & 0x3F) : (((v) >> 6) | ((v) & 0x1F)))
141
+
142
+#define DFSC_EXTABT(lpae) ((lpae) ? 0x10 : 0x08)
143
+
144
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
145
+{
146
+ uint32_t dfsr_val;
147
+
148
+ if (!kvm_get_one_reg(cs, ARM_REG_DFSR, &dfsr_val)) {
149
+ ARMCPU *cpu = ARM_CPU(cs);
150
+ CPUARMState *env = &cpu->env;
151
+ uint32_t ttbcr;
152
+ int lpae = 0;
153
+
154
+ if (!kvm_get_one_reg(cs, ARM_REG_TTBCR, &ttbcr)) {
155
+ lpae = arm_feature(env, ARM_FEATURE_LPAE) && (ttbcr & TTBCR_EAE);
64
+ }
156
+ }
65
+ if (!attrs.secure) {
157
+ /* The verification is based on FS filed of the DFSR reg only*/
66
+ return 0;
158
+ return (DFSR_FSC(lpae, dfsr_val) == DFSC_EXTABT(lpae));
159
+ }
160
+ return false;
161
+}
162
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
163
index XXXXXXX..XXXXXXX 100644
164
--- a/target/arm/kvm64.c
165
+++ b/target/arm/kvm64.c
166
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_handle_debug(CPUState *cs, struct kvm_debug_exit_arch *debug_exit)
167
168
return false;
169
}
170
+
171
+#define ARM64_REG_ESR_EL1 ARM64_SYS_REG(3, 0, 5, 2, 0)
172
+#define ARM64_REG_TCR_EL1 ARM64_SYS_REG(3, 0, 2, 0, 2)
173
+
174
+/*
175
+ * ESR_EL1
176
+ * ISS encoding
177
+ * AARCH64: DFSC, bits [5:0]
178
+ * AARCH32:
179
+ * TTBCR.EAE == 0
180
+ * FS[4] - DFSR[10]
181
+ * FS[3:0] - DFSR[3:0]
182
+ * TTBCR.EAE == 1
183
+ * FS, bits [5:0]
184
+ */
185
+#define ESR_DFSC(aarch64, lpae, v) \
186
+ ((aarch64 || (lpae)) ? ((v) & 0x3F) \
187
+ : (((v) >> 6) | ((v) & 0x1F)))
188
+
189
+#define ESR_DFSC_EXTABT(aarch64, lpae) \
190
+ ((aarch64) ? 0x10 : (lpae) ? 0x10 : 0x8)
191
+
192
+bool kvm_arm_verify_ext_dabt_pending(CPUState *cs)
193
+{
194
+ uint64_t dfsr_val;
195
+
196
+ if (!kvm_get_one_reg(cs, ARM64_REG_ESR_EL1, &dfsr_val)) {
197
+ ARMCPU *cpu = ARM_CPU(cs);
198
+ CPUARMState *env = &cpu->env;
199
+ int aarch64_mode = arm_feature(env, ARM_FEATURE_AARCH64);
200
+ int lpae = 0;
201
+
202
+ if (!aarch64_mode) {
203
+ uint64_t ttbcr;
204
+
205
+ if (!kvm_get_one_reg(cs, ARM64_REG_TCR_EL1, &ttbcr)) {
206
+ lpae = arm_feature(env, ARM_FEATURE_LPAE)
207
+ && (ttbcr & TTBCR_EAE);
208
+ }
67
+ }
209
+ }
68
+ return cpu->env.v7m.sfar;
210
+ /*
69
default:
211
+ * The verification here is based on the DFSC bits
70
bad_offset:
212
+ * of the ESR_EL1 reg only
71
qemu_log_mask(LOG_GUEST_ERROR, "NVIC: Bad read offset 0x%x\n", offset);
213
+ */
72
@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
214
+ return (ESR_DFSC(aarch64_mode, lpae, dfsr_val) ==
73
* only affect cacheability, and we don't implement caching.
215
+ ESR_DFSC_EXTABT(aarch64_mode, lpae));
74
*/
216
+ }
75
break;
217
+ return false;
76
+ case 0xde4: /* SFSR */
218
+}
77
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
78
+ goto bad_offset;
79
+ }
80
+ if (!attrs.secure) {
81
+ return;
82
+ }
83
+ cpu->env.v7m.sfsr &= ~value; /* W1C */
84
+ break;
85
+ case 0xde8: /* SFAR */
86
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
87
+ goto bad_offset;
88
+ }
89
+ if (!attrs.secure) {
90
+ return;
91
+ }
92
+ cpu->env.v7m.sfsr = value;
93
+ break;
94
case 0xf00: /* Software Triggered Interrupt Register */
95
{
96
int excnum = (value & 0x1ff) + NVIC_FIRST_IRQ;
97
diff --git a/target/arm/machine.c b/target/arm/machine.c
98
index XXXXXXX..XXXXXXX 100644
99
--- a/target/arm/machine.c
100
+++ b/target/arm/machine.c
101
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_security = {
102
VMSTATE_UINT32(env.v7m.ccr[M_REG_S], ARMCPU),
103
VMSTATE_UINT32(env.v7m.mmfar[M_REG_S], ARMCPU),
104
VMSTATE_UINT32(env.v7m.cfsr[M_REG_S], ARMCPU),
105
+ VMSTATE_UINT32(env.v7m.sfsr, ARMCPU),
106
+ VMSTATE_UINT32(env.v7m.sfar, ARMCPU),
107
VMSTATE_END_OF_LIST()
108
}
109
};
110
--
219
--
111
2.7.4
220
2.20.1
112
221
113
222
diff view generated by jsdifflib
New patch
[PULL 11/34] tests/acpi: remove stale allowed tables
1
From: Andrew Jones <drjones@redhat.com>
1
2
3
Fixes: 93dd625f8bf7 ("tests/acpi: update expected data files")
4
Signed-off-by: Andrew Jones <drjones@redhat.com>
5
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
6
Reviewed-by: Eric Auger <eric.auger@redhat.com>
7
Message-id: 20200629140938.17566-2-drjones@redhat.com
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
tests/qtest/bios-tables-test-allowed-diff.h | 18 ------------------
11
1 file changed, 18 deletions(-)
12
13
diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
14
index XXXXXXX..XXXXXXX 100644
15
--- a/tests/qtest/bios-tables-test-allowed-diff.h
16
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
17
@@ -1,19 +1 @@
18
/* List of comma-separated changed AML files to ignore */
19
-"tests/data/acpi/pc/DSDT",
20
-"tests/data/acpi/pc/DSDT.acpihmat",
21
-"tests/data/acpi/pc/DSDT.bridge",
22
-"tests/data/acpi/pc/DSDT.cphp",
23
-"tests/data/acpi/pc/DSDT.dimmpxm",
24
-"tests/data/acpi/pc/DSDT.ipmikcs",
25
-"tests/data/acpi/pc/DSDT.memhp",
26
-"tests/data/acpi/pc/DSDT.numamem",
27
-"tests/data/acpi/q35/DSDT",
28
-"tests/data/acpi/q35/DSDT.acpihmat",
29
-"tests/data/acpi/q35/DSDT.bridge",
30
-"tests/data/acpi/q35/DSDT.cphp",
31
-"tests/data/acpi/q35/DSDT.dimmpxm",
32
-"tests/data/acpi/q35/DSDT.ipmibt",
33
-"tests/data/acpi/q35/DSDT.memhp",
34
-"tests/data/acpi/q35/DSDT.mmio64",
35
-"tests/data/acpi/q35/DSDT.numamem",
36
-"tests/data/acpi/q35/DSDT.tis",
37
--
38
2.20.1
39
40
diff view generated by jsdifflib
New patch
[PULL 12/34] tests/acpi: virt: allow DSDT acpi table changes
1
From: Andrew Jones <drjones@redhat.com>
1
2
3
Signed-off-by: Andrew Jones <drjones@redhat.com>
4
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
5
Reviewed-by: Eric Auger <eric.auger@redhat.com>
6
Message-id: 20200629140938.17566-3-drjones@redhat.com
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
9
tests/qtest/bios-tables-test-allowed-diff.h | 3 +++
10
1 file changed, 3 insertions(+)
11
12
diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
13
index XXXXXXX..XXXXXXX 100644
14
--- a/tests/qtest/bios-tables-test-allowed-diff.h
15
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
16
@@ -1 +1,4 @@
17
/* List of comma-separated changed AML files to ignore */
18
+"tests/data/acpi/virt/DSDT",
19
+"tests/data/acpi/virt/DSDT.memhp",
20
+"tests/data/acpi/virt/DSDT.numamem",
21
--
22
2.20.1
23
24
diff view generated by jsdifflib
[Qemu-devel] [PULL 02/20] hw/sd: fix out-of-bounds check for multi block reads
[PULL 13/34] hw/arm/virt-acpi-build: Only expose flash on older machine types
1
From: Michael Olbrich <m.olbrich@pengutronix.de>
1
From: Andrew Jones <drjones@redhat.com>
2
2
3
The current code checks if the next block exceeds the size of the card.
3
The flash device is exclusively for the host-controlled firmware, so
4
This generates an error while reading the last block of the card.
4
we should not expose it to the OS. Exposing it risks the OS messing
5
Do the out-of-bounds check when starting to read a new block to fix this.
5
with it, which could break firmware runtime services and surprise the
6
OS when all its changes disappear after reboot.
6
7
7
This issue became visible with increased error checking in Linux 4.13.
8
As firmware needs the device and uses DT, we leave the device exposed
9
there. It's up to firmware to remove the nodes from DT before sending
10
it on to the OS. However, there's no need to force firmware to remove
11
tables from ACPI (which it doesn't know how to do anyway), so we
12
simply don't add the tables in the first place. But, as we've been
13
adding the tables for quite some time and don't want to change the
14
default hardware exposed to versioned machines, then we only stop
15
exposing the flash device tables for 5.1 and later machine types.
8
16
9
Cc: qemu-stable@nongnu.org
17
Suggested-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
10
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
18
Suggested-by: Laszlo Ersek <lersek@redhat.com>
11
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
19
Signed-off-by: Andrew Jones <drjones@redhat.com>
12
Message-id: 20170916091611.10241-1-m.olbrich@pengutronix.de
20
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
21
Reviewed-by: Eric Auger <eric.auger@redhat.com>
22
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
23
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
24
Message-id: 20200629140938.17566-4-drjones@redhat.com
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
25
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
26
---
15
hw/sd/sd.c | 12 ++++++------
27
include/hw/arm/virt.h | 1 +
16
1 file changed, 6 insertions(+), 6 deletions(-)
28
hw/arm/virt-acpi-build.c | 5 ++++-
29
hw/arm/virt.c | 3 +++
30
3 files changed, 8 insertions(+), 1 deletion(-)
17
31
18
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
32
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
19
index XXXXXXX..XXXXXXX 100644
33
index XXXXXXX..XXXXXXX 100644
20
--- a/hw/sd/sd.c
34
--- a/include/hw/arm/virt.h
21
+++ b/hw/sd/sd.c
35
+++ b/include/hw/arm/virt.h
22
@@ -XXX,XX +XXX,XX @@ uint8_t sd_read_data(SDState *sd)
36
@@ -XXX,XX +XXX,XX @@ typedef struct {
23
break;
37
bool no_highmem_ecam;
24
38
bool no_ged; /* Machines < 4.2 has no support for ACPI GED device */
25
case 18:    /* CMD18: READ_MULTIPLE_BLOCK */
39
bool kvm_no_adjvtime;
26
- if (sd->data_offset == 0)
40
+ bool acpi_expose_flash;
27
+ if (sd->data_offset == 0) {
41
} VirtMachineClass;
28
+ if (sd->data_start + io_len > sd->size) {
42
29
+ sd->card_status |= ADDRESS_ERROR;
43
typedef struct {
30
+ return 0x00;
44
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
31
+ }
45
index XXXXXXX..XXXXXXX 100644
32
BLK_READ_BLOCK(sd->data_start, io_len);
46
--- a/hw/arm/virt-acpi-build.c
33
+ }
47
+++ b/hw/arm/virt-acpi-build.c
34
ret = sd->data[sd->data_offset ++];
48
@@ -XXX,XX +XXX,XX @@ static void build_fadt_rev5(GArray *table_data, BIOSLinker *linker,
35
49
static void
36
if (sd->data_offset >= io_len) {
50
build_dsdt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
37
@@ -XXX,XX +XXX,XX @@ uint8_t sd_read_data(SDState *sd)
51
{
38
break;
52
+ VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms);
39
}
53
Aml *scope, *dsdt;
40
}
54
MachineState *ms = MACHINE(vms);
41
-
55
const MemMapEntry *memmap = vms->memmap;
42
- if (sd->data_start + io_len > sd->size) {
56
@@ -XXX,XX +XXX,XX @@ build_dsdt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
43
- sd->card_status |= ADDRESS_ERROR;
57
acpi_dsdt_add_cpus(scope, vms->smp_cpus);
44
- break;
58
acpi_dsdt_add_uart(scope, &memmap[VIRT_UART],
45
- }
59
(irqmap[VIRT_UART] + ARM_SPI_BASE));
46
}
60
- acpi_dsdt_add_flash(scope, &memmap[VIRT_FLASH]);
47
break;
61
+ if (vmc->acpi_expose_flash) {
62
+ acpi_dsdt_add_flash(scope, &memmap[VIRT_FLASH]);
63
+ }
64
acpi_dsdt_add_fw_cfg(scope, &memmap[VIRT_FW_CFG]);
65
acpi_dsdt_add_virtio(scope, &memmap[VIRT_MMIO],
66
(irqmap[VIRT_MMIO] + ARM_SPI_BASE), NUM_VIRTIO_TRANSPORTS);
67
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
68
index XXXXXXX..XXXXXXX 100644
69
--- a/hw/arm/virt.c
70
+++ b/hw/arm/virt.c
71
@@ -XXX,XX +XXX,XX @@ DEFINE_VIRT_MACHINE_AS_LATEST(5, 1)
72
73
static void virt_machine_5_0_options(MachineClass *mc)
74
{
75
+ VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
76
+
77
virt_machine_5_1_options(mc);
78
compat_props_add(mc->compat_props, hw_compat_5_0, hw_compat_5_0_len);
79
mc->numa_mem_supported = true;
80
+ vmc->acpi_expose_flash = true;
81
}
82
DEFINE_VIRT_MACHINE(5, 0)
48
83
49
--
84
--
50
2.7.4
85
2.20.1
51
86
52
87
diff view generated by jsdifflib
New patch
[PULL 14/34] tests/acpi: virt: update golden masters for DSDT
1
From: Andrew Jones <drjones@redhat.com>
1
2
3
Differences between disassembled ASL files for DSDT:
4
5
@@ -XXX,XX +XXX,XX @@
6
*
7
* Disassembling to symbolic ASL+ operators
8
*
9
- * Disassembly of a, Mon Jun 29 09:50:01 2020
10
+ * Disassembly of b, Mon Jun 29 09:50:03 2020
11
*
12
* Original Table Header:
13
* Signature "DSDT"
14
- * Length 0x000014BB (5307)
15
+ * Length 0x00001455 (5205)
16
* Revision 0x02
17
- * Checksum 0xD1
18
+ * Checksum 0xE1
19
* OEM ID "BOCHS "
20
* OEM Table ID "BXPCDSDT"
21
* OEM Revision 0x00000001 (1)
22
@@ -XXX,XX +XXX,XX @@
23
})
24
}
25
26
- Device (FLS0)
27
- {
28
- Name (_HID, "LNRO0015") // _HID: Hardware ID
29
- Name (_UID, Zero) // _UID: Unique ID
30
- Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
31
- {
32
- Memory32Fixed (ReadWrite,
33
- 0x00000000, // Address Base
34
- 0x04000000, // Address Length
35
- )
36
- })
37
- }
38
-
39
- Device (FLS1)
40
- {
41
- Name (_HID, "LNRO0015") // _HID: Hardware ID
42
- Name (_UID, One) // _UID: Unique ID
43
- Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
44
- {
45
- Memory32Fixed (ReadWrite,
46
- 0x04000000, // Address Base
47
- 0x04000000, // Address Length
48
- )
49
- })
50
- }
51
-
52
Device (FWCF)
53
{
54
Name (_HID, "QEMU0002") // _HID: Hardware ID
55
56
The other two binaries have the same changes (the removal of the
57
flash devices).
58
59
Signed-off-by: Andrew Jones <drjones@redhat.com>
60
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
61
Reviewed-by: Eric Auger <eric.auger@redhat.com>
62
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
63
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
64
Message-id: 20200629140938.17566-5-drjones@redhat.com
65
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
66
---
67
tests/qtest/bios-tables-test-allowed-diff.h | 3 ---
68
tests/data/acpi/virt/DSDT | Bin 5307 -> 5205 bytes
69
tests/data/acpi/virt/DSDT.memhp | Bin 6668 -> 6566 bytes
70
tests/data/acpi/virt/DSDT.numamem | Bin 5307 -> 5205 bytes
71
4 files changed, 3 deletions(-)
72
73
diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
74
index XXXXXXX..XXXXXXX 100644
75
--- a/tests/qtest/bios-tables-test-allowed-diff.h
76
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
77
@@ -1,4 +1 @@
78
/* List of comma-separated changed AML files to ignore */
79
-"tests/data/acpi/virt/DSDT",
80
-"tests/data/acpi/virt/DSDT.memhp",
81
-"tests/data/acpi/virt/DSDT.numamem",
82
diff --git a/tests/data/acpi/virt/DSDT b/tests/data/acpi/virt/DSDT
83
index XXXXXXX..XXXXXXX 100644
84
GIT binary patch
85
delta 28
86
kcmdn3c~yhUCD<h-RD^+n>ET2!X{H9}iRuX(-<}f&0DgxFc>n+a
87
88
delta 156
89
zcmcbrv0IbNCD<iow+I6R)5VEg(oAih6V(&y4c&Z#4LIUGJY9Hw{DS-q3=B;fIO0P+
90
zU4W!>P_UpN7hfAE10w?juv9WcH-WSmV$;Hiu7w4t3#`S$E!^1+q9xGPH`KtuzzAr5
91
LaERl^1zUvy_;n(J
92
93
diff --git a/tests/data/acpi/virt/DSDT.memhp b/tests/data/acpi/virt/DSDT.memhp
94
index XXXXXXX..XXXXXXX 100644
95
GIT binary patch
96
delta 28
97
kcmeA%S!T@T66_MPOp<|tiD@F2G*jb@iRuX(-^xn@0CHUjRR910
98
99
delta 156
100
zcmZ2x++)J!66_MfBgMeL^l>7WG*kP$iRuaUhHgH=1|0Doo-VvTenI{Q28N~#9Py!^
101
zE<n;bC|FRCi?5B7fsp|MSSlH!n?PC&v1wsM*TMqS1=eEW7Vhi@(GuwD8){%+U<5Qj
102
LIK*+|0yaqism~!^
103
104
diff --git a/tests/data/acpi/virt/DSDT.numamem b/tests/data/acpi/virt/DSDT.numamem
105
index XXXXXXX..XXXXXXX 100644
106
GIT binary patch
107
delta 28
108
kcmdn3c~yhUCD<h-RD^+n>ET2!X{H9}iRuX(-<}f&0DgxFc>n+a
109
110
delta 156
111
zcmcbrv0IbNCD<iow+I6R)5VEg(oAih6V(&y4c&Z#4LIUGJY9Hw{DS-q3=B;fIO0P+
112
zU4W!>P_UpN7hfAE10w?juv9WcH-WSmV$;Hiu7w4t3#`S$E!^1+q9xGPH`KtuzzAr5
113
LaERl^1zUvy_;n(J
114
115
--
116
2.20.1
117
118
diff view generated by jsdifflib
[Qemu-devel] [PULL 03/20] hw/arm/xlnx-zynqmp: Mark the "xlnx, zynqmp" device with user_creatable = false
[PULL 15/34] target/arm: Fix temp double-free in sve ldr/str
1
From: Thomas Huth <thuth@redhat.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
The device uses serial_hds in its realize function and thus can't be
3
The temp that gets assigned to clean_addr has been allocated with
4
used twice. Apart from that, the comma in its name makes it quite hard
4
new_tmp_a64, which means that it will be freed at the end of the
5
to use for the user anyway, since a comma is normally used to separate
5
instruction. Freeing it earlier leads to assertion failure.
6
the device name from its properties when using the "-device" parameter
7
or the "device_add" HMP command.
8
6
9
Signed-off-by: Thomas Huth <thuth@redhat.com>
7
The loop creates a complication, in which we allocate a new local
10
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
8
temp, which does need freeing, and the final code path is shared
11
Message-id: 1506441116-16627-1-git-send-email-thuth@redhat.com
9
between the loop and non-loop.
10
11
Fix this complication by adding new_tmp_a64_local so that the new
12
local temp is freed at the end, and can be treated exactly like
13
the non-loop path.
14
15
Fixes: bba87d0a0f4
16
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
17
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
18
Message-id: 20200702175605.1987125-1-richard.henderson@linaro.org
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
20
---
14
hw/arm/xlnx-zynqmp.c | 2 ++
21
target/arm/translate-a64.h | 1 +
15
1 file changed, 2 insertions(+)
22
target/arm/translate-a64.c | 6 ++++++
23
target/arm/translate-sve.c | 8 ++------
24
3 files changed, 9 insertions(+), 6 deletions(-)
16
25
17
diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
26
diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h
18
index XXXXXXX..XXXXXXX 100644
27
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/arm/xlnx-zynqmp.c
28
--- a/target/arm/translate-a64.h
20
+++ b/hw/arm/xlnx-zynqmp.c
29
+++ b/target/arm/translate-a64.h
21
@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_class_init(ObjectClass *oc, void *data)
30
@@ -XXX,XX +XXX,XX @@ void unallocated_encoding(DisasContext *s);
22
31
} while (0)
23
dc->props = xlnx_zynqmp_props;
32
24
dc->realize = xlnx_zynqmp_realize;
33
TCGv_i64 new_tmp_a64(DisasContext *s);
25
+ /* Reason: Uses serial_hds in realize function, thus can't be used twice */
34
+TCGv_i64 new_tmp_a64_local(DisasContext *s);
26
+ dc->user_creatable = false;
35
TCGv_i64 new_tmp_a64_zero(DisasContext *s);
36
TCGv_i64 cpu_reg(DisasContext *s, int reg);
37
TCGv_i64 cpu_reg_sp(DisasContext *s, int reg);
38
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
39
index XXXXXXX..XXXXXXX 100644
40
--- a/target/arm/translate-a64.c
41
+++ b/target/arm/translate-a64.c
42
@@ -XXX,XX +XXX,XX @@ TCGv_i64 new_tmp_a64(DisasContext *s)
43
return s->tmp_a64[s->tmp_a64_count++] = tcg_temp_new_i64();
27
}
44
}
28
45
29
static const TypeInfo xlnx_zynqmp_type_info = {
46
+TCGv_i64 new_tmp_a64_local(DisasContext *s)
47
+{
48
+ assert(s->tmp_a64_count < TMP_A64_MAX);
49
+ return s->tmp_a64[s->tmp_a64_count++] = tcg_temp_local_new_i64();
50
+}
51
+
52
TCGv_i64 new_tmp_a64_zero(DisasContext *s)
53
{
54
TCGv_i64 t = new_tmp_a64(s);
55
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
56
index XXXXXXX..XXXXXXX 100644
57
--- a/target/arm/translate-sve.c
58
+++ b/target/arm/translate-sve.c
59
@@ -XXX,XX +XXX,XX @@ static void do_ldr(DisasContext *s, uint32_t vofs, int len, int rn, int imm)
60
61
/* Copy the clean address into a local temp, live across the loop. */
62
t0 = clean_addr;
63
- clean_addr = tcg_temp_local_new_i64();
64
+ clean_addr = new_tmp_a64_local(s);
65
tcg_gen_mov_i64(clean_addr, t0);
66
- tcg_temp_free_i64(t0);
67
68
gen_set_label(loop);
69
70
@@ -XXX,XX +XXX,XX @@ static void do_ldr(DisasContext *s, uint32_t vofs, int len, int rn, int imm)
71
tcg_gen_st_i64(t0, cpu_env, vofs + len_align);
72
tcg_temp_free_i64(t0);
73
}
74
- tcg_temp_free_i64(clean_addr);
75
}
76
77
/* Similarly for stores. */
78
@@ -XXX,XX +XXX,XX @@ static void do_str(DisasContext *s, uint32_t vofs, int len, int rn, int imm)
79
80
/* Copy the clean address into a local temp, live across the loop. */
81
t0 = clean_addr;
82
- clean_addr = tcg_temp_local_new_i64();
83
+ clean_addr = new_tmp_a64_local(s);
84
tcg_gen_mov_i64(clean_addr, t0);
85
- tcg_temp_free_i64(t0);
86
87
gen_set_label(loop);
88
89
@@ -XXX,XX +XXX,XX @@ static void do_str(DisasContext *s, uint32_t vofs, int len, int rn, int imm)
90
}
91
tcg_temp_free_i64(t0);
92
}
93
- tcg_temp_free_i64(clean_addr);
94
}
95
96
static bool trans_LDR_zri(DisasContext *s, arg_rri *a)
30
--
97
--
31
2.7.4
98
2.20.1
32
99
33
100
diff view generated by jsdifflib
New patch
[PULL 16/34] hw/display/bcm2835_fb.c: Initialize all fields of struct
1
In bcm2835_fb_mbox_push(), Coverity complains (CID 1429989) that we
2
pass a pointer to a local struct to another function without
3
initializing all its fields. This is a real bug:
4
bcm2835_fb_reconfigure() copies the whole of our new BCM2385FBConfig
5
struct into s->config, so any fields we don't initialize will corrupt
6
the state of the device.
1
7
8
Copy the two fields which we don't want to update (pixo and alpha)
9
from the existing config so we don't accidentally change them.
10
11
Fixes: cfb7ba983857e40e88
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
14
Message-id: 20200628195436.27582-1-peter.maydell@linaro.org
15
---
16
hw/display/bcm2835_fb.c | 4 ++++
17
1 file changed, 4 insertions(+)
18
19
diff --git a/hw/display/bcm2835_fb.c b/hw/display/bcm2835_fb.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/display/bcm2835_fb.c
22
+++ b/hw/display/bcm2835_fb.c
23
@@ -XXX,XX +XXX,XX @@ static void bcm2835_fb_mbox_push(BCM2835FBState *s, uint32_t value)
24
newconf.base = s->vcram_base | (value & 0xc0000000);
25
newconf.base += BCM2835_FB_OFFSET;
26
27
+ /* Copy fields which we don't want to change from the existing config */
28
+ newconf.pixo = s->config.pixo;
29
+ newconf.alpha = s->config.alpha;
30
+
31
bcm2835_fb_validate_config(&newconf);
32
33
pitch = bcm2835_fb_get_pitch(&newconf);
34
--
35
2.20.1
36
37
diff view generated by jsdifflib
New patch
[PULL 17/34] hw/arm/spitz: Detabify
1
1
The spitz board has been around a long time, and still has a fair number
2
of hard-coded tab characters in it. We're about to do some work on
3
this source file, so start out by expanding out the tabs.
4
5
This commit is a pure whitespace only change.
6
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
9
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
10
Message-id: 20200628142429.17111-2-peter.maydell@linaro.org
11
---
12
hw/arm/spitz.c | 156 ++++++++++++++++++++++++-------------------------
13
1 file changed, 78 insertions(+), 78 deletions(-)
14
15
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
16
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/arm/spitz.c
18
+++ b/hw/arm/spitz.c
19
@@ -XXX,XX +XXX,XX @@
20
#include "cpu.h"
21
22
#undef REG_FMT
23
-#define REG_FMT            "0x%02lx"
24
+#define REG_FMT "0x%02lx"
25
26
/* Spitz Flash */
27
-#define FLASH_BASE        0x0c000000
28
-#define FLASH_ECCLPLB        0x00    /* Line parity 7 - 0 bit */
29
-#define FLASH_ECCLPUB        0x04    /* Line parity 15 - 8 bit */
30
-#define FLASH_ECCCP        0x08    /* Column parity 5 - 0 bit */
31
-#define FLASH_ECCCNTR        0x0c    /* ECC byte counter */
32
-#define FLASH_ECCCLRR        0x10    /* Clear ECC */
33
-#define FLASH_FLASHIO        0x14    /* Flash I/O */
34
-#define FLASH_FLASHCTL        0x18    /* Flash Control */
35
+#define FLASH_BASE 0x0c000000
36
+#define FLASH_ECCLPLB 0x00 /* Line parity 7 - 0 bit */
37
+#define FLASH_ECCLPUB 0x04 /* Line parity 15 - 8 bit */
38
+#define FLASH_ECCCP 0x08 /* Column parity 5 - 0 bit */
39
+#define FLASH_ECCCNTR 0x0c /* ECC byte counter */
40
+#define FLASH_ECCCLRR 0x10 /* Clear ECC */
41
+#define FLASH_FLASHIO 0x14 /* Flash I/O */
42
+#define FLASH_FLASHCTL 0x18 /* Flash Control */
43
44
-#define FLASHCTL_CE0        (1 << 0)
45
-#define FLASHCTL_CLE        (1 << 1)
46
-#define FLASHCTL_ALE        (1 << 2)
47
-#define FLASHCTL_WP        (1 << 3)
48
-#define FLASHCTL_CE1        (1 << 4)
49
-#define FLASHCTL_RYBY        (1 << 5)
50
-#define FLASHCTL_NCE        (FLASHCTL_CE0 | FLASHCTL_CE1)
51
+#define FLASHCTL_CE0 (1 << 0)
52
+#define FLASHCTL_CLE (1 << 1)
53
+#define FLASHCTL_ALE (1 << 2)
54
+#define FLASHCTL_WP (1 << 3)
55
+#define FLASHCTL_CE1 (1 << 4)
56
+#define FLASHCTL_RYBY (1 << 5)
57
+#define FLASHCTL_NCE (FLASHCTL_CE0 | FLASHCTL_CE1)
58
59
#define TYPE_SL_NAND "sl-nand"
60
#define SL_NAND(obj) OBJECT_CHECK(SLNANDState, (obj), TYPE_SL_NAND)
61
@@ -XXX,XX +XXX,XX @@ static uint64_t sl_read(void *opaque, hwaddr addr, unsigned size)
62
int ryby;
63
64
switch (addr) {
65
-#define BSHR(byte, from, to)    ((s->ecc.lp[byte] >> (from - to)) & (1 << to))
66
+#define BSHR(byte, from, to) ((s->ecc.lp[byte] >> (from - to)) & (1 << to))
67
case FLASH_ECCLPLB:
68
return BSHR(0, 4, 0) | BSHR(0, 5, 2) | BSHR(0, 6, 4) | BSHR(0, 7, 6) |
69
BSHR(1, 4, 1) | BSHR(1, 5, 3) | BSHR(1, 6, 5) | BSHR(1, 7, 7);
70
71
-#define BSHL(byte, from, to)    ((s->ecc.lp[byte] << (to - from)) & (1 << to))
72
+#define BSHL(byte, from, to) ((s->ecc.lp[byte] << (to - from)) & (1 << to))
73
case FLASH_ECCLPUB:
74
return BSHL(0, 0, 0) | BSHL(0, 1, 2) | BSHL(0, 2, 4) | BSHL(0, 3, 6) |
75
BSHL(1, 0, 1) | BSHL(1, 1, 3) | BSHL(1, 2, 5) | BSHL(1, 3, 7);
76
@@ -XXX,XX +XXX,XX @@ static void sl_nand_realize(DeviceState *dev, Error **errp)
77
78
/* Spitz Keyboard */
79
80
-#define SPITZ_KEY_STROBE_NUM    11
81
-#define SPITZ_KEY_SENSE_NUM    7
82
+#define SPITZ_KEY_STROBE_NUM 11
83
+#define SPITZ_KEY_SENSE_NUM 7
84
85
static const int spitz_gpio_key_sense[SPITZ_KEY_SENSE_NUM] = {
86
12, 17, 91, 34, 36, 38, 39
87
@@ -XXX,XX +XXX,XX @@ static int spitz_keymap[SPITZ_KEY_SENSE_NUM + 1][SPITZ_KEY_STROBE_NUM] = {
88
{ 0x52, 0x43, 0x01, 0x47, 0x49, -1 , -1 , -1 , -1 , -1 , -1 },
89
};
90
91
-#define SPITZ_GPIO_AK_INT    13    /* Remote control */
92
-#define SPITZ_GPIO_SYNC        16    /* Sync button */
93
-#define SPITZ_GPIO_ON_KEY    95    /* Power button */
94
-#define SPITZ_GPIO_SWA        97    /* Lid */
95
-#define SPITZ_GPIO_SWB        96    /* Tablet mode */
96
+#define SPITZ_GPIO_AK_INT 13 /* Remote control */
97
+#define SPITZ_GPIO_SYNC 16 /* Sync button */
98
+#define SPITZ_GPIO_ON_KEY 95 /* Power button */
99
+#define SPITZ_GPIO_SWA 97 /* Lid */
100
+#define SPITZ_GPIO_SWB 96 /* Tablet mode */
101
102
/* The special buttons are mapped to unused keys */
103
static const int spitz_gpiomap[5] = {
104
@@ -XXX,XX +XXX,XX @@ static void spitz_keyboard_keydown(SpitzKeyboardState *s, int keycode)
105
#define SPITZ_MOD_CTRL (1 << 8)
106
#define SPITZ_MOD_FN (1 << 9)
107
108
-#define QUEUE_KEY(c)    s->fifo[(s->fifopos + s->fifolen ++) & 0xf] = c
109
+#define QUEUE_KEY(c) s->fifo[(s->fifopos + s->fifolen ++) & 0xf] = c
110
111
static void spitz_keyboard_handler(void *opaque, int keycode)
112
{
113
@@ -XXX,XX +XXX,XX @@ static void spitz_keyboard_handler(void *opaque, int keycode)
114
uint16_t code;
115
int mapcode;
116
switch (keycode) {
117
- case 0x2a:    /* Left Shift */
118
+ case 0x2a: /* Left Shift */
119
s->modifiers |= 1;
120
break;
121
case 0xaa:
122
s->modifiers &= ~1;
123
break;
124
- case 0x36:    /* Right Shift */
125
+ case 0x36: /* Right Shift */
126
s->modifiers |= 2;
127
break;
128
case 0xb6:
129
s->modifiers &= ~2;
130
break;
131
- case 0x1d:    /* Control */
132
+ case 0x1d: /* Control */
133
s->modifiers |= 4;
134
break;
135
case 0x9d:
136
s->modifiers &= ~4;
137
break;
138
- case 0x38:    /* Alt */
139
+ case 0x38: /* Alt */
140
s->modifiers |= 8;
141
break;
142
case 0xb8:
143
@@ -XXX,XX +XXX,XX @@ static void spitz_keyboard_realize(DeviceState *dev, Error **errp)
144
145
/* LCD backlight controller */
146
147
-#define LCDTG_RESCTL    0x00
148
-#define LCDTG_PHACTRL    0x01
149
-#define LCDTG_DUTYCTRL    0x02
150
-#define LCDTG_POWERREG0    0x03
151
-#define LCDTG_POWERREG1    0x04
152
-#define LCDTG_GPOR3    0x05
153
-#define LCDTG_PICTRL    0x06
154
-#define LCDTG_POLCTRL    0x07
155
+#define LCDTG_RESCTL 0x00
156
+#define LCDTG_PHACTRL 0x01
157
+#define LCDTG_DUTYCTRL 0x02
158
+#define LCDTG_POWERREG0 0x03
159
+#define LCDTG_POWERREG1 0x04
160
+#define LCDTG_GPOR3 0x05
161
+#define LCDTG_PICTRL 0x06
162
+#define LCDTG_POLCTRL 0x07
163
164
typedef struct {
165
SSISlave ssidev;
166
@@ -XXX,XX +XXX,XX @@ static void spitz_lcdtg_realize(SSISlave *dev, Error **errp)
167
168
/* SSP devices */
169
170
-#define CORGI_SSP_PORT        2
171
+#define CORGI_SSP_PORT 2
172
173
-#define SPITZ_GPIO_LCDCON_CS    53
174
-#define SPITZ_GPIO_ADS7846_CS    14
175
-#define SPITZ_GPIO_MAX1111_CS    20
176
-#define SPITZ_GPIO_TP_INT    11
177
+#define SPITZ_GPIO_LCDCON_CS 53
178
+#define SPITZ_GPIO_ADS7846_CS 14
179
+#define SPITZ_GPIO_MAX1111_CS 20
180
+#define SPITZ_GPIO_TP_INT 11
181
182
static DeviceState *max1111;
183
184
@@ -XXX,XX +XXX,XX @@ static void corgi_ssp_gpio_cs(void *opaque, int line, int level)
185
s->enable[line] = !level;
186
}
187
188
-#define MAX1111_BATT_VOLT    1
189
-#define MAX1111_BATT_TEMP    2
190
-#define MAX1111_ACIN_VOLT    3
191
+#define MAX1111_BATT_VOLT 1
192
+#define MAX1111_BATT_TEMP 2
193
+#define MAX1111_ACIN_VOLT 3
194
195
-#define SPITZ_BATTERY_TEMP    0xe0    /* About 2.9V */
196
-#define SPITZ_BATTERY_VOLT    0xd0    /* About 4.0V */
197
-#define SPITZ_CHARGEON_ACIN    0x80    /* About 5.0V */
198
+#define SPITZ_BATTERY_TEMP 0xe0 /* About 2.9V */
199
+#define SPITZ_BATTERY_VOLT 0xd0 /* About 4.0V */
200
+#define SPITZ_CHARGEON_ACIN 0x80 /* About 5.0V */
201
202
static void spitz_adc_temp_on(void *opaque, int line, int level)
203
{
204
@@ -XXX,XX +XXX,XX @@ static void spitz_microdrive_attach(PXA2xxState *cpu, int slot)
205
206
/* Wm8750 and Max7310 on I2C */
207
208
-#define AKITA_MAX_ADDR    0x18
209
-#define SPITZ_WM_ADDRL    0x1b
210
-#define SPITZ_WM_ADDRH    0x1a
211
+#define AKITA_MAX_ADDR 0x18
212
+#define SPITZ_WM_ADDRL 0x1b
213
+#define SPITZ_WM_ADDRH 0x1a
214
215
-#define SPITZ_GPIO_WM    5
216
+#define SPITZ_GPIO_WM 5
217
218
static void spitz_wm8750_addr(void *opaque, int line, int level)
219
{
220
@@ -XXX,XX +XXX,XX @@ static void spitz_out_switch(void *opaque, int line, int level)
221
}
222
}
223
224
-#define SPITZ_SCP_LED_GREEN        1
225
-#define SPITZ_SCP_JK_B            2
226
-#define SPITZ_SCP_CHRG_ON        3
227
-#define SPITZ_SCP_MUTE_L        4
228
-#define SPITZ_SCP_MUTE_R        5
229
-#define SPITZ_SCP_CF_POWER        6
230
-#define SPITZ_SCP_LED_ORANGE        7
231
-#define SPITZ_SCP_JK_A            8
232
-#define SPITZ_SCP_ADC_TEMP_ON        9
233
-#define SPITZ_SCP2_IR_ON        1
234
-#define SPITZ_SCP2_AKIN_PULLUP        2
235
-#define SPITZ_SCP2_BACKLIGHT_CONT    7
236
-#define SPITZ_SCP2_BACKLIGHT_ON        8
237
-#define SPITZ_SCP2_MIC_BIAS        9
238
+#define SPITZ_SCP_LED_GREEN 1
239
+#define SPITZ_SCP_JK_B 2
240
+#define SPITZ_SCP_CHRG_ON 3
241
+#define SPITZ_SCP_MUTE_L 4
242
+#define SPITZ_SCP_MUTE_R 5
243
+#define SPITZ_SCP_CF_POWER 6
244
+#define SPITZ_SCP_LED_ORANGE 7
245
+#define SPITZ_SCP_JK_A 8
246
+#define SPITZ_SCP_ADC_TEMP_ON 9
247
+#define SPITZ_SCP2_IR_ON 1
248
+#define SPITZ_SCP2_AKIN_PULLUP 2
249
+#define SPITZ_SCP2_BACKLIGHT_CONT 7
250
+#define SPITZ_SCP2_BACKLIGHT_ON 8
251
+#define SPITZ_SCP2_MIC_BIAS 9
252
253
static void spitz_scoop_gpio_setup(PXA2xxState *cpu,
254
DeviceState *scp0, DeviceState *scp1)
255
@@ -XXX,XX +XXX,XX @@ static void spitz_scoop_gpio_setup(PXA2xxState *cpu,
256
qdev_connect_gpio_out(scp0, SPITZ_SCP_ADC_TEMP_ON, outsignals[6]);
257
}
258
259
-#define SPITZ_GPIO_HSYNC        22
260
-#define SPITZ_GPIO_SD_DETECT        9
261
-#define SPITZ_GPIO_SD_WP        81
262
-#define SPITZ_GPIO_ON_RESET        89
263
-#define SPITZ_GPIO_BAT_COVER        90
264
-#define SPITZ_GPIO_CF1_IRQ        105
265
-#define SPITZ_GPIO_CF1_CD        94
266
-#define SPITZ_GPIO_CF2_IRQ        106
267
-#define SPITZ_GPIO_CF2_CD        93
268
+#define SPITZ_GPIO_HSYNC 22
269
+#define SPITZ_GPIO_SD_DETECT 9
270
+#define SPITZ_GPIO_SD_WP 81
271
+#define SPITZ_GPIO_ON_RESET 89
272
+#define SPITZ_GPIO_BAT_COVER 90
273
+#define SPITZ_GPIO_CF1_IRQ 105
274
+#define SPITZ_GPIO_CF1_CD 94
275
+#define SPITZ_GPIO_CF2_IRQ 106
276
+#define SPITZ_GPIO_CF2_CD 93
277
278
static int spitz_hsync;
279
280
@@ -XXX,XX +XXX,XX @@ static void spitz_gpio_setup(PXA2xxState *cpu, int slots)
281
/* Board init. */
282
enum spitz_model_e { spitz, akita, borzoi, terrier };
283
284
-#define SPITZ_RAM    0x04000000
285
-#define SPITZ_ROM    0x00800000
286
+#define SPITZ_RAM 0x04000000
287
+#define SPITZ_ROM 0x00800000
288
289
static struct arm_boot_info spitz_binfo = {
290
.loader_start = PXA2XX_SDRAM_BASE,
291
--
292
2.20.1
293
294
diff view generated by jsdifflib
New patch
[PULL 18/34] hw/arm/spitz: Create SpitzMachineClass abstract base class
1
1
For the four Spitz-family machines (akita, borzoi, spitz, terrier)
2
create a proper abstract class SpitzMachineClass which encapsulates
3
the common behaviour, rather than having them all derive directly
4
from TYPE_MACHINE:
5
* instead of each machine class setting mc->init to a wrapper
6
function which calls spitz_common_init() with parameters,
7
put that data in the SpitzMachineClass and make spitz_common_init
8
the SpitzMachineClass machine-init function
9
* move the settings of mc->block_default_type and
10
mc->ignore_memory_transaction_failures into the SpitzMachineClass
11
class init rather than repeating them in each machine's class init
12
13
(The motivation is that we're going to want to keep some state in
14
the SpitzMachineState so we can connect GPIOs between devices created
15
in one sub-function of the machine init to devices created in a
16
different sub-function.)
17
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20
Message-id: 20200628142429.17111-3-peter.maydell@linaro.org
21
---
22
hw/arm/spitz.c | 91 ++++++++++++++++++++++++++++++--------------------
23
1 file changed, 55 insertions(+), 36 deletions(-)
24
25
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
26
index XXXXXXX..XXXXXXX 100644
27
--- a/hw/arm/spitz.c
28
+++ b/hw/arm/spitz.c
29
@@ -XXX,XX +XXX,XX @@
30
#include "exec/address-spaces.h"
31
#include "cpu.h"
32
33
+enum spitz_model_e { spitz, akita, borzoi, terrier };
34
+
35
+typedef struct {
36
+ MachineClass parent;
37
+ enum spitz_model_e model;
38
+ int arm_id;
39
+} SpitzMachineClass;
40
+
41
+typedef struct {
42
+ MachineState parent;
43
+} SpitzMachineState;
44
+
45
+#define TYPE_SPITZ_MACHINE "spitz-common"
46
+#define SPITZ_MACHINE(obj) \
47
+ OBJECT_CHECK(SpitzMachineState, obj, TYPE_SPITZ_MACHINE)
48
+#define SPITZ_MACHINE_GET_CLASS(obj) \
49
+ OBJECT_GET_CLASS(SpitzMachineClass, obj, TYPE_SPITZ_MACHINE)
50
+#define SPITZ_MACHINE_CLASS(klass) \
51
+ OBJECT_CLASS_CHECK(SpitzMachineClass, klass, TYPE_SPITZ_MACHINE)
52
+
53
#undef REG_FMT
54
#define REG_FMT "0x%02lx"
55
56
@@ -XXX,XX +XXX,XX @@ static void spitz_gpio_setup(PXA2xxState *cpu, int slots)
57
}
58
59
/* Board init. */
60
-enum spitz_model_e { spitz, akita, borzoi, terrier };
61
-
62
#define SPITZ_RAM 0x04000000
63
#define SPITZ_ROM 0x00800000
64
65
@@ -XXX,XX +XXX,XX @@ static struct arm_boot_info spitz_binfo = {
66
.ram_size = 0x04000000,
67
};
68
69
-static void spitz_common_init(MachineState *machine,
70
- enum spitz_model_e model, int arm_id)
71
+static void spitz_common_init(MachineState *machine)
72
{
73
+ SpitzMachineClass *smc = SPITZ_MACHINE_GET_CLASS(machine);
74
+ enum spitz_model_e model = smc->model;
75
PXA2xxState *mpu;
76
DeviceState *scp0, *scp1 = NULL;
77
MemoryRegion *address_space_mem = get_system_memory();
78
@@ -XXX,XX +XXX,XX @@ static void spitz_common_init(MachineState *machine,
79
/* A 4.0 GB microdrive is permanently sitting in CF slot 0. */
80
spitz_microdrive_attach(mpu, 0);
81
82
- spitz_binfo.board_id = arm_id;
83
+ spitz_binfo.board_id = smc->arm_id;
84
arm_load_kernel(mpu->cpu, machine, &spitz_binfo);
85
sl_bootparam_write(SL_PXA_PARAM_BASE);
86
}
87
88
-static void spitz_init(MachineState *machine)
89
+static void spitz_common_class_init(ObjectClass *oc, void *data)
90
{
91
- spitz_common_init(machine, spitz, 0x2c9);
92
+ MachineClass *mc = MACHINE_CLASS(oc);
93
+
94
+ mc->block_default_type = IF_IDE;
95
+ mc->ignore_memory_transaction_failures = true;
96
+ mc->init = spitz_common_init;
97
}
98
99
-static void borzoi_init(MachineState *machine)
100
-{
101
- spitz_common_init(machine, borzoi, 0x33f);
102
-}
103
-
104
-static void akita_init(MachineState *machine)
105
-{
106
- spitz_common_init(machine, akita, 0x2e8);
107
-}
108
-
109
-static void terrier_init(MachineState *machine)
110
-{
111
- spitz_common_init(machine, terrier, 0x33f);
112
-}
113
+static const TypeInfo spitz_common_info = {
114
+ .name = TYPE_SPITZ_MACHINE,
115
+ .parent = TYPE_MACHINE,
116
+ .abstract = true,
117
+ .instance_size = sizeof(SpitzMachineState),
118
+ .class_size = sizeof(SpitzMachineClass),
119
+ .class_init = spitz_common_class_init,
120
+};
121
122
static void akitapda_class_init(ObjectClass *oc, void *data)
123
{
124
MachineClass *mc = MACHINE_CLASS(oc);
125
+ SpitzMachineClass *smc = SPITZ_MACHINE_CLASS(oc);
126
127
mc->desc = "Sharp SL-C1000 (Akita) PDA (PXA270)";
128
- mc->init = akita_init;
129
- mc->ignore_memory_transaction_failures = true;
130
mc->default_cpu_type = ARM_CPU_TYPE_NAME("pxa270-c0");
131
+ smc->model = akita;
132
+ smc->arm_id = 0x2e8;
133
}
134
135
static const TypeInfo akitapda_type = {
136
.name = MACHINE_TYPE_NAME("akita"),
137
- .parent = TYPE_MACHINE,
138
+ .parent = TYPE_SPITZ_MACHINE,
139
.class_init = akitapda_class_init,
140
};
141
142
static void spitzpda_class_init(ObjectClass *oc, void *data)
143
{
144
MachineClass *mc = MACHINE_CLASS(oc);
145
+ SpitzMachineClass *smc = SPITZ_MACHINE_CLASS(oc);
146
147
mc->desc = "Sharp SL-C3000 (Spitz) PDA (PXA270)";
148
- mc->init = spitz_init;
149
- mc->block_default_type = IF_IDE;
150
- mc->ignore_memory_transaction_failures = true;
151
mc->default_cpu_type = ARM_CPU_TYPE_NAME("pxa270-c0");
152
+ smc->model = spitz;
153
+ smc->arm_id = 0x2c9;
154
}
155
156
static const TypeInfo spitzpda_type = {
157
.name = MACHINE_TYPE_NAME("spitz"),
158
- .parent = TYPE_MACHINE,
159
+ .parent = TYPE_SPITZ_MACHINE,
160
.class_init = spitzpda_class_init,
161
};
162
163
static void borzoipda_class_init(ObjectClass *oc, void *data)
164
{
165
MachineClass *mc = MACHINE_CLASS(oc);
166
+ SpitzMachineClass *smc = SPITZ_MACHINE_CLASS(oc);
167
168
mc->desc = "Sharp SL-C3100 (Borzoi) PDA (PXA270)";
169
- mc->init = borzoi_init;
170
- mc->block_default_type = IF_IDE;
171
- mc->ignore_memory_transaction_failures = true;
172
mc->default_cpu_type = ARM_CPU_TYPE_NAME("pxa270-c0");
173
+ smc->model = borzoi;
174
+ smc->arm_id = 0x33f;
175
}
176
177
static const TypeInfo borzoipda_type = {
178
.name = MACHINE_TYPE_NAME("borzoi"),
179
- .parent = TYPE_MACHINE,
180
+ .parent = TYPE_SPITZ_MACHINE,
181
.class_init = borzoipda_class_init,
182
};
183
184
static void terrierpda_class_init(ObjectClass *oc, void *data)
185
{
186
MachineClass *mc = MACHINE_CLASS(oc);
187
+ SpitzMachineClass *smc = SPITZ_MACHINE_CLASS(oc);
188
189
mc->desc = "Sharp SL-C3200 (Terrier) PDA (PXA270)";
190
- mc->init = terrier_init;
191
- mc->block_default_type = IF_IDE;
192
- mc->ignore_memory_transaction_failures = true;
193
mc->default_cpu_type = ARM_CPU_TYPE_NAME("pxa270-c5");
194
+ smc->model = terrier;
195
+ smc->arm_id = 0x33f;
196
}
197
198
static const TypeInfo terrierpda_type = {
199
.name = MACHINE_TYPE_NAME("terrier"),
200
- .parent = TYPE_MACHINE,
201
+ .parent = TYPE_SPITZ_MACHINE,
202
.class_init = terrierpda_class_init,
203
};
204
205
static void spitz_machine_init(void)
206
{
207
+ type_register_static(&spitz_common_info);
208
type_register_static(&akitapda_type);
209
type_register_static(&spitzpda_type);
210
type_register_static(&borzoipda_type);
211
--
212
2.20.1
213
214
diff view generated by jsdifflib
New patch
[PULL 19/34] hw/arm/spitz: Keep pointers to MPU and SSI devices in SpitzMachineState
1
Keep pointers to the MPU and the SSI devices in SpitzMachineState.
2
We're going to want to make GPIO connections between some of the
3
SSI devices and the SCPs, so we want to keep hold of a pointer to
4
those; putting the MPU into the struct allows us to pass just
5
one thing to spitz_ssp_attach() rather than two.
1
6
7
We have to retain the setting of the global "max1111" variable
8
for the moment as it is used in spitz_adc_temp_on(); later in
9
this series of commits we will be able to remove it.
10
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
13
Message-id: 20200628142429.17111-4-peter.maydell@linaro.org
14
---
15
hw/arm/spitz.c | 50 ++++++++++++++++++++++++++++----------------------
16
1 file changed, 28 insertions(+), 22 deletions(-)
17
18
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
19
index XXXXXXX..XXXXXXX 100644
20
--- a/hw/arm/spitz.c
21
+++ b/hw/arm/spitz.c
22
@@ -XXX,XX +XXX,XX @@ typedef struct {
23
24
typedef struct {
25
MachineState parent;
26
+ PXA2xxState *mpu;
27
+ DeviceState *mux;
28
+ DeviceState *lcdtg;
29
+ DeviceState *ads7846;
30
+ DeviceState *max1111;
31
} SpitzMachineState;
32
33
#define TYPE_SPITZ_MACHINE "spitz-common"
34
@@ -XXX,XX +XXX,XX @@ static void corgi_ssp_realize(SSISlave *d, Error **errp)
35
s->bus[2] = ssi_create_bus(dev, "ssi2");
36
}
37
38
-static void spitz_ssp_attach(PXA2xxState *cpu)
39
+static void spitz_ssp_attach(SpitzMachineState *sms)
40
{
41
- DeviceState *mux;
42
- DeviceState *dev;
43
void *bus;
44
45
- mux = ssi_create_slave(cpu->ssp[CORGI_SSP_PORT - 1], "corgi-ssp");
46
+ sms->mux = ssi_create_slave(sms->mpu->ssp[CORGI_SSP_PORT - 1], "corgi-ssp");
47
48
- bus = qdev_get_child_bus(mux, "ssi0");
49
- ssi_create_slave(bus, "spitz-lcdtg");
50
+ bus = qdev_get_child_bus(sms->mux, "ssi0");
51
+ sms->lcdtg = ssi_create_slave(bus, "spitz-lcdtg");
52
53
- bus = qdev_get_child_bus(mux, "ssi1");
54
- dev = ssi_create_slave(bus, "ads7846");
55
- qdev_connect_gpio_out(dev, 0,
56
- qdev_get_gpio_in(cpu->gpio, SPITZ_GPIO_TP_INT));
57
+ bus = qdev_get_child_bus(sms->mux, "ssi1");
58
+ sms->ads7846 = ssi_create_slave(bus, "ads7846");
59
+ qdev_connect_gpio_out(sms->ads7846, 0,
60
+ qdev_get_gpio_in(sms->mpu->gpio, SPITZ_GPIO_TP_INT));
61
62
- bus = qdev_get_child_bus(mux, "ssi2");
63
- max1111 = ssi_create_slave(bus, "max1111");
64
- max111x_set_input(max1111, MAX1111_BATT_VOLT, SPITZ_BATTERY_VOLT);
65
- max111x_set_input(max1111, MAX1111_BATT_TEMP, 0);
66
- max111x_set_input(max1111, MAX1111_ACIN_VOLT, SPITZ_CHARGEON_ACIN);
67
+ bus = qdev_get_child_bus(sms->mux, "ssi2");
68
+ sms->max1111 = ssi_create_slave(bus, "max1111");
69
+ max1111 = sms->max1111;
70
+ max111x_set_input(sms->max1111, MAX1111_BATT_VOLT, SPITZ_BATTERY_VOLT);
71
+ max111x_set_input(sms->max1111, MAX1111_BATT_TEMP, 0);
72
+ max111x_set_input(sms->max1111, MAX1111_ACIN_VOLT, SPITZ_CHARGEON_ACIN);
73
74
- qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_LCDCON_CS,
75
- qdev_get_gpio_in(mux, 0));
76
- qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_ADS7846_CS,
77
- qdev_get_gpio_in(mux, 1));
78
- qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_MAX1111_CS,
79
- qdev_get_gpio_in(mux, 2));
80
+ qdev_connect_gpio_out(sms->mpu->gpio, SPITZ_GPIO_LCDCON_CS,
81
+ qdev_get_gpio_in(sms->mux, 0));
82
+ qdev_connect_gpio_out(sms->mpu->gpio, SPITZ_GPIO_ADS7846_CS,
83
+ qdev_get_gpio_in(sms->mux, 1));
84
+ qdev_connect_gpio_out(sms->mpu->gpio, SPITZ_GPIO_MAX1111_CS,
85
+ qdev_get_gpio_in(sms->mux, 2));
86
}
87
88
/* CF Microdrive */
89
@@ -XXX,XX +XXX,XX @@ static struct arm_boot_info spitz_binfo = {
90
static void spitz_common_init(MachineState *machine)
91
{
92
SpitzMachineClass *smc = SPITZ_MACHINE_GET_CLASS(machine);
93
+ SpitzMachineState *sms = SPITZ_MACHINE(machine);
94
enum spitz_model_e model = smc->model;
95
PXA2xxState *mpu;
96
DeviceState *scp0, *scp1 = NULL;
97
@@ -XXX,XX +XXX,XX @@ static void spitz_common_init(MachineState *machine)
98
/* Setup CPU & memory */
99
mpu = pxa270_init(address_space_mem, spitz_binfo.ram_size,
100
machine->cpu_type);
101
+ sms->mpu = mpu;
102
103
sl_flash_register(mpu, (model == spitz) ? FLASH_128M : FLASH_1024M);
104
105
@@ -XXX,XX +XXX,XX @@ static void spitz_common_init(MachineState *machine)
106
/* Setup peripherals */
107
spitz_keyboard_register(mpu);
108
109
- spitz_ssp_attach(mpu);
110
+ spitz_ssp_attach(sms);
111
112
scp0 = sysbus_create_simple("scoop", 0x10800000, NULL);
113
if (model != akita) {
114
--
115
2.20.1
116
117
diff view generated by jsdifflib
[Qemu-devel] [PULL 16/20] nvic: Implement Security Attribution Unit registers
[PULL 20/34] hw/arm/spitz: Keep pointers to scp0, scp1 in SpitzMachineState
1
Implement the register interface for the SAU: SAU_CTRL,
1
Keep pointers to scp0, scp1 in SpitzMachineState, and just pass
2
SAU_TYPE, SAU_RNR, SAU_RBAR and SAU_RLAR. None of the
2
that to spitz_scoop_gpio_setup().
3
actual behaviour is implemented here; registers just
4
read back as written.
5
3
6
When the CPU definition for Cortex-M33 is eventually
4
(We'll want to use some of the other fields in SpitzMachineState
7
added, its initfn will set cpu->sau_sregion, in the same
5
in that function in the next commit.)
8
way that we currently set cpu->pmsav7_dregion for the
9
M3 and M4.
10
11
Number of SAU regions is typically a configurable
12
CPU parameter, but this patch doesn't provide a
13
QEMU CPU property for it. We can easily add one when
14
we have a board that requires it.
15
6
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
18
Message-id: 1506092407-26985-14-git-send-email-peter.maydell@linaro.org
9
Message-id: 20200628142429.17111-5-peter.maydell@linaro.org
19
---
10
---
20
target/arm/cpu.h | 10 +++++
11
hw/arm/spitz.c | 34 +++++++++++++++++++---------------
21
hw/intc/armv7m_nvic.c | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++
12
1 file changed, 19 insertions(+), 15 deletions(-)
22
target/arm/cpu.c | 27 ++++++++++++
23
target/arm/machine.c | 14 ++++++
24
4 files changed, 167 insertions(+)
25
13
26
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
14
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
27
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
28
--- a/target/arm/cpu.h
16
--- a/hw/arm/spitz.c
29
+++ b/target/arm/cpu.h
17
+++ b/hw/arm/spitz.c
30
@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
18
@@ -XXX,XX +XXX,XX @@ typedef struct {
31
uint32_t mair1[M_REG_NUM_BANKS];
19
DeviceState *lcdtg;
32
} pmsav8;
20
DeviceState *ads7846;
33
21
DeviceState *max1111;
34
+ /* v8M SAU */
22
+ DeviceState *scp0;
35
+ struct {
23
+ DeviceState *scp1;
36
+ uint32_t *rbar;
24
} SpitzMachineState;
37
+ uint32_t *rlar;
25
38
+ uint32_t rnr;
26
#define TYPE_SPITZ_MACHINE "spitz-common"
39
+ uint32_t ctrl;
27
@@ -XXX,XX +XXX,XX @@ static void spitz_out_switch(void *opaque, int line, int level)
40
+ } sau;
28
#define SPITZ_SCP2_BACKLIGHT_ON 8
41
+
29
#define SPITZ_SCP2_MIC_BIAS 9
42
void *nvic;
30
43
const struct arm_boot_info *boot_info;
31
-static void spitz_scoop_gpio_setup(PXA2xxState *cpu,
44
/* Store GICv3CPUState to access from this struct */
32
- DeviceState *scp0, DeviceState *scp1)
45
@@ -XXX,XX +XXX,XX @@ struct ARMCPU {
33
+static void spitz_scoop_gpio_setup(SpitzMachineState *sms)
46
bool has_mpu;
34
{
47
/* PMSAv7 MPU number of supported regions */
35
- qemu_irq *outsignals = qemu_allocate_irqs(spitz_out_switch, cpu, 8);
48
uint32_t pmsav7_dregion;
36
+ qemu_irq *outsignals = qemu_allocate_irqs(spitz_out_switch, sms->mpu, 8);
49
+ /* v8M SAU number of supported regions */
37
50
+ uint32_t sau_sregion;
38
- qdev_connect_gpio_out(scp0, SPITZ_SCP_CHRG_ON, outsignals[0]);
51
39
- qdev_connect_gpio_out(scp0, SPITZ_SCP_JK_B, outsignals[1]);
52
/* PSCI conduit used to invoke PSCI methods
40
- qdev_connect_gpio_out(scp0, SPITZ_SCP_LED_GREEN, outsignals[2]);
53
* 0 - disabled, 1 - smc, 2 - hvc
41
- qdev_connect_gpio_out(scp0, SPITZ_SCP_LED_ORANGE, outsignals[3]);
54
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
42
+ qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_CHRG_ON, outsignals[0]);
55
index XXXXXXX..XXXXXXX 100644
43
+ qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_JK_B, outsignals[1]);
56
--- a/hw/intc/armv7m_nvic.c
44
+ qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_LED_GREEN, outsignals[2]);
57
+++ b/hw/intc/armv7m_nvic.c
45
+ qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_LED_ORANGE, outsignals[3]);
58
@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
46
59
goto bad_offset;
47
- if (scp1) {
60
}
48
- qdev_connect_gpio_out(scp1, SPITZ_SCP2_BACKLIGHT_CONT, outsignals[4]);
61
return cpu->env.pmsav8.mair1[attrs.secure];
49
- qdev_connect_gpio_out(scp1, SPITZ_SCP2_BACKLIGHT_ON, outsignals[5]);
62
+ case 0xdd0: /* SAU_CTRL */
50
+ if (sms->scp1) {
63
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
51
+ qdev_connect_gpio_out(sms->scp1, SPITZ_SCP2_BACKLIGHT_CONT,
64
+ goto bad_offset;
52
+ outsignals[4]);
65
+ }
53
+ qdev_connect_gpio_out(sms->scp1, SPITZ_SCP2_BACKLIGHT_ON,
66
+ if (!attrs.secure) {
54
+ outsignals[5]);
67
+ return 0;
68
+ }
69
+ return cpu->env.sau.ctrl;
70
+ case 0xdd4: /* SAU_TYPE */
71
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
72
+ goto bad_offset;
73
+ }
74
+ if (!attrs.secure) {
75
+ return 0;
76
+ }
77
+ return cpu->sau_sregion;
78
+ case 0xdd8: /* SAU_RNR */
79
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
80
+ goto bad_offset;
81
+ }
82
+ if (!attrs.secure) {
83
+ return 0;
84
+ }
85
+ return cpu->env.sau.rnr;
86
+ case 0xddc: /* SAU_RBAR */
87
+ {
88
+ int region = cpu->env.sau.rnr;
89
+
90
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
91
+ goto bad_offset;
92
+ }
93
+ if (!attrs.secure) {
94
+ return 0;
95
+ }
96
+ if (region >= cpu->sau_sregion) {
97
+ return 0;
98
+ }
99
+ return cpu->env.sau.rbar[region];
100
+ }
101
+ case 0xde0: /* SAU_RLAR */
102
+ {
103
+ int region = cpu->env.sau.rnr;
104
+
105
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
106
+ goto bad_offset;
107
+ }
108
+ if (!attrs.secure) {
109
+ return 0;
110
+ }
111
+ if (region >= cpu->sau_sregion) {
112
+ return 0;
113
+ }
114
+ return cpu->env.sau.rlar[region];
115
+ }
116
case 0xde4: /* SFSR */
117
if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
118
goto bad_offset;
119
@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
120
* only affect cacheability, and we don't implement caching.
121
*/
122
break;
123
+ case 0xdd0: /* SAU_CTRL */
124
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
125
+ goto bad_offset;
126
+ }
127
+ if (!attrs.secure) {
128
+ return;
129
+ }
130
+ cpu->env.sau.ctrl = value & 3;
131
+ case 0xdd4: /* SAU_TYPE */
132
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
133
+ goto bad_offset;
134
+ }
135
+ break;
136
+ case 0xdd8: /* SAU_RNR */
137
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
138
+ goto bad_offset;
139
+ }
140
+ if (!attrs.secure) {
141
+ return;
142
+ }
143
+ if (value >= cpu->sau_sregion) {
144
+ qemu_log_mask(LOG_GUEST_ERROR, "SAU region out of range %"
145
+ PRIu32 "/%" PRIu32 "\n",
146
+ value, cpu->sau_sregion);
147
+ } else {
148
+ cpu->env.sau.rnr = value;
149
+ }
150
+ break;
151
+ case 0xddc: /* SAU_RBAR */
152
+ {
153
+ int region = cpu->env.sau.rnr;
154
+
155
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
156
+ goto bad_offset;
157
+ }
158
+ if (!attrs.secure) {
159
+ return;
160
+ }
161
+ if (region >= cpu->sau_sregion) {
162
+ return;
163
+ }
164
+ cpu->env.sau.rbar[region] = value & ~0x1f;
165
+ tlb_flush(CPU(cpu));
166
+ break;
167
+ }
168
+ case 0xde0: /* SAU_RLAR */
169
+ {
170
+ int region = cpu->env.sau.rnr;
171
+
172
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
173
+ goto bad_offset;
174
+ }
175
+ if (!attrs.secure) {
176
+ return;
177
+ }
178
+ if (region >= cpu->sau_sregion) {
179
+ return;
180
+ }
181
+ cpu->env.sau.rlar[region] = value & ~0x1c;
182
+ tlb_flush(CPU(cpu));
183
+ break;
184
+ }
185
case 0xde4: /* SFSR */
186
if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
187
goto bad_offset;
188
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
189
index XXXXXXX..XXXXXXX 100644
190
--- a/target/arm/cpu.c
191
+++ b/target/arm/cpu.c
192
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(CPUState *s)
193
env->pmsav8.mair1[M_REG_S] = 0;
194
}
55
}
195
56
196
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
57
- qdev_connect_gpio_out(scp0, SPITZ_SCP_ADC_TEMP_ON, outsignals[6]);
197
+ if (cpu->sau_sregion > 0) {
58
+ qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_ADC_TEMP_ON, outsignals[6]);
198
+ memset(env->sau.rbar, 0, sizeof(*env->sau.rbar) * cpu->sau_sregion);
59
}
199
+ memset(env->sau.rlar, 0, sizeof(*env->sau.rlar) * cpu->sau_sregion);
60
200
+ }
61
#define SPITZ_GPIO_HSYNC 22
201
+ env->sau.rnr = 0;
62
@@ -XXX,XX +XXX,XX @@ static void spitz_common_init(MachineState *machine)
202
+ /* SAU_CTRL reset value is IMPDEF; we choose 0, which is what
63
SpitzMachineState *sms = SPITZ_MACHINE(machine);
203
+ * the Cortex-M33 does.
64
enum spitz_model_e model = smc->model;
204
+ */
65
PXA2xxState *mpu;
205
+ env->sau.ctrl = 0;
66
- DeviceState *scp0, *scp1 = NULL;
206
+ }
67
MemoryRegion *address_space_mem = get_system_memory();
207
+
68
MemoryRegion *rom = g_new(MemoryRegion, 1);
208
set_flush_to_zero(1, &env->vfp.standard_fp_status);
69
209
set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status);
70
@@ -XXX,XX +XXX,XX @@ static void spitz_common_init(MachineState *machine)
210
set_default_nan_mode(1, &env->vfp.standard_fp_status);
71
211
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
72
spitz_ssp_attach(sms);
212
}
73
74
- scp0 = sysbus_create_simple("scoop", 0x10800000, NULL);
75
+ sms->scp0 = sysbus_create_simple("scoop", 0x10800000, NULL);
76
if (model != akita) {
77
- scp1 = sysbus_create_simple("scoop", 0x08800040, NULL);
78
+ sms->scp1 = sysbus_create_simple("scoop", 0x08800040, NULL);
79
+ } else {
80
+ sms->scp1 = NULL;
213
}
81
}
214
82
215
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
83
- spitz_scoop_gpio_setup(mpu, scp0, scp1);
216
+ uint32_t nr = cpu->sau_sregion;
84
+ spitz_scoop_gpio_setup(sms);
217
+
85
218
+ if (nr > 0xff) {
86
spitz_gpio_setup(mpu, (model == akita) ? 1 : 2);
219
+ error_setg(errp, "v8M SAU #regions invalid %" PRIu32, nr);
87
220
+ return;
221
+ }
222
+
223
+ if (nr) {
224
+ env->sau.rbar = g_new0(uint32_t, nr);
225
+ env->sau.rlar = g_new0(uint32_t, nr);
226
+ }
227
+ }
228
+
229
if (arm_feature(env, ARM_FEATURE_EL3)) {
230
set_feature(env, ARM_FEATURE_VBAR);
231
}
232
@@ -XXX,XX +XXX,XX @@ static void cortex_m4_initfn(Object *obj)
233
cpu->midr = 0x410fc240; /* r0p0 */
234
cpu->pmsav7_dregion = 8;
235
}
236
+
237
static void arm_v7m_class_init(ObjectClass *oc, void *data)
238
{
239
CPUClass *cc = CPU_CLASS(oc);
240
diff --git a/target/arm/machine.c b/target/arm/machine.c
241
index XXXXXXX..XXXXXXX 100644
242
--- a/target/arm/machine.c
243
+++ b/target/arm/machine.c
244
@@ -XXX,XX +XXX,XX @@ static bool s_rnr_vmstate_validate(void *opaque, int version_id)
245
return cpu->env.pmsav7.rnr[M_REG_S] < cpu->pmsav7_dregion;
246
}
247
248
+static bool sau_rnr_vmstate_validate(void *opaque, int version_id)
249
+{
250
+ ARMCPU *cpu = opaque;
251
+
252
+ return cpu->env.sau.rnr < cpu->sau_sregion;
253
+}
254
+
255
static bool m_security_needed(void *opaque)
256
{
257
ARMCPU *cpu = opaque;
258
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_security = {
259
VMSTATE_UINT32(env.v7m.cfsr[M_REG_S], ARMCPU),
260
VMSTATE_UINT32(env.v7m.sfsr, ARMCPU),
261
VMSTATE_UINT32(env.v7m.sfar, ARMCPU),
262
+ VMSTATE_VARRAY_UINT32(env.sau.rbar, ARMCPU, sau_sregion, 0,
263
+ vmstate_info_uint32, uint32_t),
264
+ VMSTATE_VARRAY_UINT32(env.sau.rlar, ARMCPU, sau_sregion, 0,
265
+ vmstate_info_uint32, uint32_t),
266
+ VMSTATE_UINT32(env.sau.rnr, ARMCPU),
267
+ VMSTATE_VALIDATE("SAU_RNR is valid", sau_rnr_vmstate_validate),
268
+ VMSTATE_UINT32(env.sau.ctrl, ARMCPU),
269
VMSTATE_END_OF_LIST()
270
}
271
};
272
--
88
--
273
2.7.4
89
2.20.1
274
90
275
91
diff view generated by jsdifflib
[Qemu-devel] [PULL 08/20] target/arm: Restore SPSEL to correct CONTROL register on exception return
[PULL 21/34] hw/arm/spitz: Implement inbound GPIO lines for bit5 and power signals
1
On exception return for v8M, the SPSEL bit in the EXC_RETURN magic
1
Currently the Spitz board uses a nasty hack for the GPIO lines
2
value should be restored to the SPSEL bit in the CONTROL register
2
that pass "bit5" and "power" information to the LCD controller:
3
banked specified by the EXC_RETURN.ES bit.
3
the lcdtg realize function sets a global variable to point to
4
the instance it just realized, and then the functions spitz_bl_power()
5
and spitz_bl_bit5() use that to find the device they are changing
6
the internal state of. There is a comment reading:
7
FIXME: Implement GPIO properly and remove this hack.
8
which was added in 2009.
4
9
5
Add write_v7m_control_spsel_for_secstate() which behaves like
10
Implement GPIO properly and remove this hack.
6
write_v7m_control_spsel() but allows the caller to specify which
7
CONTROL bank to use, reimplement write_v7m_control_spsel() in
8
terms of it, and use it in exception return.
9
11
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
13
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
12
Message-id: 1506092407-26985-6-git-send-email-peter.maydell@linaro.org
14
Message-id: 20200628142429.17111-6-peter.maydell@linaro.org
13
---
15
---
14
target/arm/helper.c | 40 +++++++++++++++++++++++++++-------------
16
hw/arm/spitz.c | 28 ++++++++++++----------------
15
1 file changed, 27 insertions(+), 13 deletions(-)
17
1 file changed, 12 insertions(+), 16 deletions(-)
16
18
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
19
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
18
index XXXXXXX..XXXXXXX 100644
20
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/helper.c
21
--- a/hw/arm/spitz.c
20
+++ b/target/arm/helper.c
22
+++ b/hw/arm/spitz.c
21
@@ -XXX,XX +XXX,XX @@ static bool v7m_using_psp(CPUARMState *env)
23
@@ -XXX,XX +XXX,XX @@ static void spitz_bl_update(SpitzLCDTG *s)
22
env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK;
24
zaurus_printf("LCD Backlight now off\n");
23
}
25
}
24
26
25
-/* Write to v7M CONTROL.SPSEL bit. This may change the current
27
-/* FIXME: Implement GPIO properly and remove this hack. */
26
- * stack pointer between Main and Process stack pointers.
28
-static SpitzLCDTG *spitz_lcdtg;
27
+/* Write to v7M CONTROL.SPSEL bit for the specified security bank.
29
-
28
+ * This may change the current stack pointer between Main and Process
30
static inline void spitz_bl_bit5(void *opaque, int line, int level)
29
+ * stack pointers if it is done for the CONTROL register for the current
30
+ * security state.
31
*/
32
-static void write_v7m_control_spsel(CPUARMState *env, bool new_spsel)
33
+static void write_v7m_control_spsel_for_secstate(CPUARMState *env,
34
+ bool new_spsel,
35
+ bool secstate)
36
{
31
{
37
- uint32_t tmp;
32
- SpitzLCDTG *s = spitz_lcdtg;
38
- bool new_is_psp, old_is_psp = v7m_using_psp(env);
33
+ SpitzLCDTG *s = opaque;
39
+ bool old_is_psp = v7m_using_psp(env);
34
int prev = s->bl_intensity;
40
35
41
- env->v7m.control[env->v7m.secure] =
36
if (level)
42
- deposit32(env->v7m.control[env->v7m.secure],
37
@@ -XXX,XX +XXX,XX @@ static inline void spitz_bl_bit5(void *opaque, int line, int level)
43
+ env->v7m.control[secstate] =
38
44
+ deposit32(env->v7m.control[secstate],
39
static inline void spitz_bl_power(void *opaque, int line, int level)
45
R_V7M_CONTROL_SPSEL_SHIFT,
40
{
46
R_V7M_CONTROL_SPSEL_LENGTH, new_spsel);
41
- SpitzLCDTG *s = spitz_lcdtg;
47
42
+ SpitzLCDTG *s = opaque;
48
- new_is_psp = v7m_using_psp(env);
43
s->bl_power = !!level;
49
+ if (secstate == env->v7m.secure) {
44
spitz_bl_update(s);
50
+ bool new_is_psp = v7m_using_psp(env);
45
}
51
+ uint32_t tmp;
46
@@ -XXX,XX +XXX,XX @@ static uint32_t spitz_lcdtg_transfer(SSISlave *dev, uint32_t value)
52
47
return 0;
53
- if (old_is_psp != new_is_psp) {
48
}
54
- tmp = env->v7m.other_sp;
49
55
- env->v7m.other_sp = env->regs[13];
50
-static void spitz_lcdtg_realize(SSISlave *dev, Error **errp)
56
- env->regs[13] = tmp;
51
+static void spitz_lcdtg_realize(SSISlave *ssi, Error **errp)
57
+ if (old_is_psp != new_is_psp) {
52
{
58
+ tmp = env->v7m.other_sp;
53
- SpitzLCDTG *s = FROM_SSI_SLAVE(SpitzLCDTG, dev);
59
+ env->v7m.other_sp = env->regs[13];
54
+ SpitzLCDTG *s = FROM_SSI_SLAVE(SpitzLCDTG, ssi);
60
+ env->regs[13] = tmp;
55
+ DeviceState *dev = DEVICE(s);
61
+ }
56
57
- spitz_lcdtg = s;
58
s->bl_power = 0;
59
s->bl_intensity = 0x20;
60
+
61
+ qdev_init_gpio_in_named(dev, spitz_bl_bit5, "bl_bit5", 1);
62
+ qdev_init_gpio_in_named(dev, spitz_bl_power, "bl_power", 1);
63
}
64
65
/* SSP devices */
66
@@ -XXX,XX +XXX,XX @@ static void spitz_out_switch(void *opaque, int line, int level)
67
case 3:
68
zaurus_printf("Orange LED %s.\n", level ? "on" : "off");
69
break;
70
- case 4:
71
- spitz_bl_bit5(opaque, line, level);
72
- break;
73
- case 5:
74
- spitz_bl_power(opaque, line, level);
75
- break;
76
case 6:
77
spitz_adc_temp_on(opaque, line, level);
78
break;
79
+ default:
80
+ g_assert_not_reached();
62
}
81
}
63
}
82
}
64
83
65
+/* Write to v7M CONTROL.SPSEL bit. This may change the current
84
@@ -XXX,XX +XXX,XX @@ static void spitz_scoop_gpio_setup(SpitzMachineState *sms)
66
+ * stack pointer between Main and Process stack pointers.
85
67
+ */
86
if (sms->scp1) {
68
+static void write_v7m_control_spsel(CPUARMState *env, bool new_spsel)
87
qdev_connect_gpio_out(sms->scp1, SPITZ_SCP2_BACKLIGHT_CONT,
69
+{
88
- outsignals[4]);
70
+ write_v7m_control_spsel_for_secstate(env, new_spsel, env->v7m.secure);
89
+ qdev_get_gpio_in_named(sms->lcdtg, "bl_bit5", 0));
71
+}
90
qdev_connect_gpio_out(sms->scp1, SPITZ_SCP2_BACKLIGHT_ON,
72
+
91
- outsignals[5]);
73
void write_v7m_exception(CPUARMState *env, uint32_t new_exc)
92
+ qdev_get_gpio_in_named(sms->lcdtg, "bl_power", 0));
74
{
93
}
75
/* Write a new value to v7m.exception, thus transitioning into or out
94
76
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
95
qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_ADC_TEMP_ON, outsignals[6]);
77
* Handler mode (and will be until we write the new XPSR.Interrupt
78
* field) this does not switch around the current stack pointer.
79
*/
80
- write_v7m_control_spsel(env, return_to_sp_process);
81
+ write_v7m_control_spsel_for_secstate(env, return_to_sp_process, exc_secure);
82
83
switch_v7m_security_state(env, return_to_secure);
84
85
--
96
--
86
2.7.4
97
2.20.1
87
98
88
99
diff view generated by jsdifflib
[Qemu-devel] [PULL 06/20] target/arm: Prepare for CONTROL.SPSEL being nonzero in Handler mode
[PULL 22/34] hw/misc/max111x: provide QOM properties for setting initial values
1
In the v7M architecture, there is an invariant that if the CPU is
1
Add some QOM properties to the max111x ADC device to allow the
2
in Handler mode then the CONTROL.SPSEL bit cannot be nonzero.
2
initial values to be configured. Currently this is done by
3
This in turn means that the current stack pointer is always
3
board code calling max111x_set_input() after it creates the
4
indicated by CONTROL.SPSEL, even though Handler mode always uses
4
device, which doesn't work on system reset.
5
the Main stack pointer.
6
5
7
In v8M, this invariant is removed, and CONTROL.SPSEL may now
6
This requires us to implement a reset method for this device,
8
be nonzero in Handler mode (though Handler mode still always
7
so while we're doing that make sure we reset the other parts
9
uses the Main stack pointer). In preparation for this change,
8
of the device state.
10
change how we handle this bit: rename switch_v7m_sp() to
11
the now more accurate write_v7m_control_spsel(), and make it
12
check both the handler mode state and the SPSEL bit.
13
14
Note that this implicitly changes the point at which we switch
15
active SP on exception exit from before we pop the exception
16
frame to after it.
17
9
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
11
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
21
Message-id: 1506092407-26985-4-git-send-email-peter.maydell@linaro.org
13
Message-id: 20200628142429.17111-7-peter.maydell@linaro.org
22
---
14
---
23
target/arm/cpu.h | 8 ++++++-
15
hw/misc/max111x.c | 57 ++++++++++++++++++++++++++++++++++++++---------
24
hw/intc/armv7m_nvic.c | 2 +-
16
1 file changed, 47 insertions(+), 10 deletions(-)
25
target/arm/helper.c | 65 ++++++++++++++++++++++++++++++++++-----------------
26
3 files changed, 51 insertions(+), 24 deletions(-)
27
17
28
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
18
diff --git a/hw/misc/max111x.c b/hw/misc/max111x.c
29
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
30
--- a/target/arm/cpu.h
20
--- a/hw/misc/max111x.c
31
+++ b/target/arm/cpu.h
21
+++ b/hw/misc/max111x.c
32
@@ -XXX,XX +XXX,XX @@ void pmccntr_sync(CPUARMState *env);
22
@@ -XXX,XX +XXX,XX @@
33
#define PSTATE_MODE_EL1t 4
23
#include "hw/ssi/ssi.h"
34
#define PSTATE_MODE_EL0t 0
24
#include "migration/vmstate.h"
35
25
#include "qemu/module.h"
36
+/* Write a new value to v7m.exception, thus transitioning into or out
26
+#include "hw/qdev-properties.h"
37
+ * of Handler mode; this may result in a change of active stack pointer.
27
38
+ */
28
typedef struct {
39
+void write_v7m_exception(CPUARMState *env, uint32_t new_exc);
29
SSISlave parent_obj;
30
31
qemu_irq interrupt;
32
+ /* Values of inputs at system reset (settable by QOM property) */
33
+ uint8_t reset_input[8];
40
+
34
+
41
/* Map EL and handler into a PSTATE_MODE. */
35
uint8_t tb1, rb2, rb3;
42
static inline unsigned int aarch64_pstate_mode(unsigned int el, bool handler)
36
int cycle;
43
{
37
44
@@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
38
@@ -XXX,XX +XXX,XX @@ static int max111x_init(SSISlave *d, int inputs)
45
env->condexec_bits |= (val >> 8) & 0xfc;
39
qdev_init_gpio_out(dev, &s->interrupt, 1);
46
}
40
47
if (mask & XPSR_EXCP) {
41
s->inputs = inputs;
48
- env->v7m.exception = val & XPSR_EXCP;
42
- /* TODO: add a user interface for setting these */
49
+ /* Note that this only happens on exception exit */
43
- s->input[0] = 0xf0;
50
+ write_v7m_exception(env, val & XPSR_EXCP);
44
- s->input[1] = 0xe0;
51
}
45
- s->input[2] = 0xd0;
46
- s->input[3] = 0xc0;
47
- s->input[4] = 0xb0;
48
- s->input[5] = 0xa0;
49
- s->input[6] = 0x90;
50
- s->input[7] = 0x80;
51
- s->com = 0;
52
53
vmstate_register(VMSTATE_IF(dev), VMSTATE_INSTANCE_ID_ANY,
54
&vmstate_max111x, s);
55
@@ -XXX,XX +XXX,XX @@ void max111x_set_input(DeviceState *dev, int line, uint8_t value)
56
s->input[line] = value;
52
}
57
}
53
58
54
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
59
+static void max111x_reset(DeviceState *dev)
55
index XXXXXXX..XXXXXXX 100644
60
+{
56
--- a/hw/intc/armv7m_nvic.c
61
+ MAX111xState *s = MAX_111X(dev);
57
+++ b/hw/intc/armv7m_nvic.c
62
+ int i;
58
@@ -XXX,XX +XXX,XX @@ bool armv7m_nvic_acknowledge_irq(void *opaque)
59
vec->active = 1;
60
vec->pending = 0;
61
62
- env->v7m.exception = s->vectpending;
63
+ write_v7m_exception(env, s->vectpending);
64
65
nvic_irq_update(s);
66
67
diff --git a/target/arm/helper.c b/target/arm/helper.c
68
index XXXXXXX..XXXXXXX 100644
69
--- a/target/arm/helper.c
70
+++ b/target/arm/helper.c
71
@@ -XXX,XX +XXX,XX @@ static bool v7m_using_psp(CPUARMState *env)
72
env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK;
73
}
74
75
-/* Switch to V7M main or process stack pointer. */
76
-static void switch_v7m_sp(CPUARMState *env, bool new_spsel)
77
+/* Write to v7M CONTROL.SPSEL bit. This may change the current
78
+ * stack pointer between Main and Process stack pointers.
79
+ */
80
+static void write_v7m_control_spsel(CPUARMState *env, bool new_spsel)
81
{
82
uint32_t tmp;
83
- uint32_t old_control = env->v7m.control[env->v7m.secure];
84
- bool old_spsel = old_control & R_V7M_CONTROL_SPSEL_MASK;
85
+ bool new_is_psp, old_is_psp = v7m_using_psp(env);
86
+
63
+
87
+ env->v7m.control[env->v7m.secure] =
64
+ for (i = 0; i < s->inputs; i++) {
88
+ deposit32(env->v7m.control[env->v7m.secure],
65
+ s->input[i] = s->reset_input[i];
89
+ R_V7M_CONTROL_SPSEL_SHIFT,
90
+ R_V7M_CONTROL_SPSEL_LENGTH, new_spsel);
91
+
92
+ new_is_psp = v7m_using_psp(env);
93
94
- if (old_spsel != new_spsel) {
95
+ if (old_is_psp != new_is_psp) {
96
tmp = env->v7m.other_sp;
97
env->v7m.other_sp = env->regs[13];
98
env->regs[13] = tmp;
99
+ }
66
+ }
67
+ s->com = 0;
68
+ s->tb1 = 0;
69
+ s->rb2 = 0;
70
+ s->rb3 = 0;
71
+ s->cycle = 0;
100
+}
72
+}
101
+
73
+
102
+void write_v7m_exception(CPUARMState *env, uint32_t new_exc)
74
+static Property max1110_properties[] = {
103
+{
75
+ /* Reset values for ADC inputs */
104
+ /* Write a new value to v7m.exception, thus transitioning into or out
76
+ DEFINE_PROP_UINT8("input0", MAX111xState, reset_input[0], 0xf0),
105
+ * of Handler mode; this may result in a change of active stack pointer.
77
+ DEFINE_PROP_UINT8("input1", MAX111xState, reset_input[1], 0xe0),
106
+ */
78
+ DEFINE_PROP_UINT8("input2", MAX111xState, reset_input[2], 0xd0),
107
+ bool new_is_psp, old_is_psp = v7m_using_psp(env);
79
+ DEFINE_PROP_UINT8("input3", MAX111xState, reset_input[3], 0xc0),
108
+ uint32_t tmp;
80
+ DEFINE_PROP_END_OF_LIST(),
109
81
+};
110
- env->v7m.control[env->v7m.secure] = deposit32(old_control,
111
- R_V7M_CONTROL_SPSEL_SHIFT,
112
- R_V7M_CONTROL_SPSEL_LENGTH, new_spsel);
113
+ env->v7m.exception = new_exc;
114
+
82
+
115
+ new_is_psp = v7m_using_psp(env);
83
+static Property max1111_properties[] = {
84
+ /* Reset values for ADC inputs */
85
+ DEFINE_PROP_UINT8("input0", MAX111xState, reset_input[0], 0xf0),
86
+ DEFINE_PROP_UINT8("input1", MAX111xState, reset_input[1], 0xe0),
87
+ DEFINE_PROP_UINT8("input2", MAX111xState, reset_input[2], 0xd0),
88
+ DEFINE_PROP_UINT8("input3", MAX111xState, reset_input[3], 0xc0),
89
+ DEFINE_PROP_UINT8("input4", MAX111xState, reset_input[4], 0xb0),
90
+ DEFINE_PROP_UINT8("input5", MAX111xState, reset_input[5], 0xa0),
91
+ DEFINE_PROP_UINT8("input6", MAX111xState, reset_input[6], 0x90),
92
+ DEFINE_PROP_UINT8("input7", MAX111xState, reset_input[7], 0x80),
93
+ DEFINE_PROP_END_OF_LIST(),
94
+};
116
+
95
+
117
+ if (old_is_psp != new_is_psp) {
96
static void max111x_class_init(ObjectClass *klass, void *data)
118
+ tmp = env->v7m.other_sp;
97
{
119
+ env->v7m.other_sp = env->regs[13];
98
SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
120
+ env->regs[13] = tmp;
99
+ DeviceClass *dc = DEVICE_CLASS(klass);
121
}
100
101
k->transfer = max111x_transfer;
102
+ dc->reset = max111x_reset;
122
}
103
}
123
104
124
@@ -XXX,XX +XXX,XX @@ static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode,
105
static const TypeInfo max111x_info = {
125
bool want_psp = threadmode && spsel;
106
@@ -XXX,XX +XXX,XX @@ static const TypeInfo max111x_info = {
126
107
static void max1110_class_init(ObjectClass *klass, void *data)
127
if (secure == env->v7m.secure) {
108
{
128
- /* Currently switch_v7m_sp switches SP as it updates SPSEL,
109
SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
129
- * so the SP we want is always in regs[13].
110
+ DeviceClass *dc = DEVICE_CLASS(klass);
130
- * When we decouple SPSEL from the actually selected SP
111
131
- * we need to check want_psp against v7m_using_psp()
112
k->realize = max1110_realize;
132
- * to see whether we need regs[13] or v7m.other_sp.
113
+ device_class_set_props(dc, max1110_properties);
133
- */
114
}
134
- return &env->regs[13];
115
135
+ if (want_psp == v7m_using_psp(env)) {
116
static const TypeInfo max1110_info = {
136
+ return &env->regs[13];
117
@@ -XXX,XX +XXX,XX @@ static const TypeInfo max1110_info = {
137
+ } else {
118
static void max1111_class_init(ObjectClass *klass, void *data)
138
+ return &env->v7m.other_sp;
119
{
139
+ }
120
SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
140
} else {
121
+ DeviceClass *dc = DEVICE_CLASS(klass);
141
if (want_psp) {
122
142
return &env->v7m.other_ss_psp;
123
k->realize = max1111_realize;
143
@@ -XXX,XX +XXX,XX @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr)
124
+ device_class_set_props(dc, max1111_properties);
144
uint32_t addr;
125
}
145
126
146
armv7m_nvic_acknowledge_irq(env->nvic);
127
static const TypeInfo max1111_info = {
147
- switch_v7m_sp(env, 0);
148
+ write_v7m_control_spsel(env, 0);
149
arm_clear_exclusive(env);
150
/* Clear IT bits */
151
env->condexec_bits = 0;
152
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
153
return;
154
}
155
156
- /* Set CONTROL.SPSEL from excret.SPSEL. For QEMU this currently
157
- * causes us to switch the active SP, but we will change this
158
- * later to not do that so we can support v8M.
159
+ /* Set CONTROL.SPSEL from excret.SPSEL. Since we're still in
160
+ * Handler mode (and will be until we write the new XPSR.Interrupt
161
+ * field) this does not switch around the current stack pointer.
162
*/
163
- switch_v7m_sp(env, return_to_sp_process);
164
+ write_v7m_control_spsel(env, return_to_sp_process);
165
166
{
167
/* The stack pointer we should be reading the exception frame from
168
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
169
case 20: /* CONTROL */
170
/* Writing to the SPSEL bit only has an effect if we are in
171
* thread mode; other bits can be updated by any privileged code.
172
- * switch_v7m_sp() deals with updating the SPSEL bit in
173
+ * write_v7m_control_spsel() deals with updating the SPSEL bit in
174
* env->v7m.control, so we only need update the others.
175
*/
176
if (!arm_v7m_is_handler_mode(env)) {
177
- switch_v7m_sp(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
178
+ write_v7m_control_spsel(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
179
}
180
env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK;
181
env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK;
182
--
128
--
183
2.7.4
129
2.20.1
184
130
185
131
diff view generated by jsdifflib
[Qemu-devel] [PULL 20/20] nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bit
[PULL 23/34] hw/misc/max111x: Don't use vmstate_register()
1
When we added support for the new SHCSR bits in v8M in commit
1
The max111x is a proper qdev device; we can use dc->vmsd rather than
2
437d59c17e9 the code to support writing to the new HARDFAULTPENDED
2
directly calling vmstate_register().
3
bit was accidentally only added for non-secure writes; the
3
4
secure banked version of the bit should also be writable.
4
It's possible that this is a migration compat break, but the only
5
boards that use this device are the spitz-family ('akita', 'borzoi',
6
'spitz', 'terrier').
5
7
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
9
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
9
Message-id: 1506092407-26985-21-git-send-email-peter.maydell@linaro.org
11
Message-id: 20200628142429.17111-8-peter.maydell@linaro.org
10
---
12
---
11
hw/intc/armv7m_nvic.c | 1 +
13
hw/misc/max111x.c | 3 +--
12
1 file changed, 1 insertion(+)
14
1 file changed, 1 insertion(+), 2 deletions(-)
13
15
14
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
16
diff --git a/hw/misc/max111x.c b/hw/misc/max111x.c
15
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/intc/armv7m_nvic.c
18
--- a/hw/misc/max111x.c
17
+++ b/hw/intc/armv7m_nvic.c
19
+++ b/hw/misc/max111x.c
18
@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
20
@@ -XXX,XX +XXX,XX @@ static int max111x_init(SSISlave *d, int inputs)
19
s->sec_vectors[ARMV7M_EXCP_BUS].enabled = (value & (1 << 17)) != 0;
21
20
s->sec_vectors[ARMV7M_EXCP_USAGE].enabled =
22
s->inputs = inputs;
21
(value & (1 << 18)) != 0;
23
22
+ s->sec_vectors[ARMV7M_EXCP_HARD].pending = (value & (1 << 21)) != 0;
24
- vmstate_register(VMSTATE_IF(dev), VMSTATE_INSTANCE_ID_ANY,
23
/* SecureFault not banked, but RAZ/WI to NS */
25
- &vmstate_max111x, s);
24
s->vectors[ARMV7M_EXCP_SECURE].active = (value & (1 << 4)) != 0;
26
return 0;
25
s->vectors[ARMV7M_EXCP_SECURE].enabled = (value & (1 << 19)) != 0;
27
}
28
29
@@ -XXX,XX +XXX,XX @@ static void max111x_class_init(ObjectClass *klass, void *data)
30
31
k->transfer = max111x_transfer;
32
dc->reset = max111x_reset;
33
+ dc->vmsd = &vmstate_max111x;
34
}
35
36
static const TypeInfo max111x_info = {
26
--
37
--
27
2.7.4
38
2.20.1
28
39
29
40
diff view generated by jsdifflib
[Qemu-devel] [PULL 15/20] target/arm: Add v8M support to exception entry code
[PULL 24/34] ssi: Add ssi_realize_and_unref()
1
Add support for v8M and in particular the security extension
1
Add an ssi_realize_and_unref(), for the benefit of callers
2
to the exception entry code. This requires changes to:
2
who want to be able to create an SSI device, set QOM properties
3
* calculation of the exception-return magic LR value
3
on it, and then do the realize-and-unref afterwards.
4
* push the callee-saves registers in certain cases
4
5
* clear registers when taking non-secure exceptions to avoid
5
The API works on the same principle as the recently added
6
leaking information from the interrupted secure code
6
qdev_realize_and_undef(), sysbus_realize_and_undef(), etc.
7
* switch to the correct security state on entry
8
* use the vector table for the security state we're targeting
9
7
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
12
Message-id: 1506092407-26985-13-git-send-email-peter.maydell@linaro.org
10
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
11
Message-id: 20200628142429.17111-9-peter.maydell@linaro.org
13
---
12
---
14
target/arm/helper.c | 165 +++++++++++++++++++++++++++++++++++++++++++++-------
13
include/hw/ssi/ssi.h | 26 ++++++++++++++++++++++++++
15
1 file changed, 145 insertions(+), 20 deletions(-)
14
hw/ssi/ssi.c | 7 ++++++-
15
2 files changed, 32 insertions(+), 1 deletion(-)
16
16
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
17
diff --git a/include/hw/ssi/ssi.h b/include/hw/ssi/ssi.h
18
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/helper.c
19
--- a/include/hw/ssi/ssi.h
20
+++ b/target/arm/helper.c
20
+++ b/include/hw/ssi/ssi.h
21
@@ -XXX,XX +XXX,XX @@ static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode,
21
@@ -XXX,XX +XXX,XX @@ extern const VMStateDescription vmstate_ssi_slave;
22
}
23
}
22
}
24
23
25
-static uint32_t arm_v7m_load_vector(ARMCPU *cpu)
24
DeviceState *ssi_create_slave(SSIBus *bus, const char *name);
26
+static uint32_t arm_v7m_load_vector(ARMCPU *cpu, bool targets_secure)
25
+/**
27
{
26
+ * ssi_realize_and_unref: realize and unref an SSI slave device
28
CPUState *cs = CPU(cpu);
27
+ * @dev: SSI slave device to realize
29
CPUARMState *env = &cpu->env;
28
+ * @bus: SSI bus to put it on
30
MemTxResult result;
29
+ * @errp: error pointer
31
- hwaddr vec = env->v7m.vecbase[env->v7m.secure] + env->v7m.exception * 4;
30
+ *
32
+ hwaddr vec = env->v7m.vecbase[targets_secure] + env->v7m.exception * 4;
31
+ * Call 'realize' on @dev, put it on the specified @bus, and drop the
33
uint32_t addr;
32
+ * reference to it. Errors are reported via @errp and by returning
34
33
+ * false.
35
addr = address_space_ldl(cs->as, vec,
34
+ *
36
@@ -XXX,XX +XXX,XX @@ static uint32_t arm_v7m_load_vector(ARMCPU *cpu)
35
+ * This function is useful if you have created @dev via qdev_new()
37
* Since we don't model Lockup, we just report this guest error
36
+ * (which takes a reference to the device it returns to you), so that
38
* via cpu_abort().
37
+ * you can set properties on it before realizing it. If you don't need
39
*/
38
+ * to set properties then ssi_create_slave() is probably better (as it
40
- cpu_abort(cs, "Failed to read from exception vector table "
39
+ * does the create, init and realize in one step).
41
- "entry %08x\n", (unsigned)vec);
40
+ *
42
+ cpu_abort(cs, "Failed to read from %s exception vector table "
41
+ * If you are embedding the SSI slave into another QOM device and
43
+ "entry %08x\n", targets_secure ? "secure" : "nonsecure",
42
+ * initialized it via some variant on object_initialize_child() then
44
+ (unsigned)vec);
43
+ * do not use this function, because that family of functions arrange
45
}
44
+ * for the only reference to the child device to be held by the parent
46
return addr;
45
+ * via the child<> property, and so the reference-count-drop done here
47
}
46
+ * would be incorrect. (Instead you would want ssi_realize(), which
48
47
+ * doesn't currently exist but would be trivial to create if we had
49
-static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr)
48
+ * any code that wanted it.)
50
+static void v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain)
49
+ */
50
+bool ssi_realize_and_unref(DeviceState *dev, SSIBus *bus, Error **errp);
51
52
/* Master interface. */
53
SSIBus *ssi_create_bus(DeviceState *parent, const char *name);
54
diff --git a/hw/ssi/ssi.c b/hw/ssi/ssi.c
55
index XXXXXXX..XXXXXXX 100644
56
--- a/hw/ssi/ssi.c
57
+++ b/hw/ssi/ssi.c
58
@@ -XXX,XX +XXX,XX @@ static const TypeInfo ssi_slave_info = {
59
.abstract = true,
60
};
61
62
+bool ssi_realize_and_unref(DeviceState *dev, SSIBus *bus, Error **errp)
51
+{
63
+{
52
+ /* For v8M, push the callee-saves register part of the stack frame.
64
+ return qdev_realize_and_unref(dev, &bus->parent_obj, errp);
53
+ * Compare the v8M pseudocode PushCalleeStack().
54
+ * In the tailchaining case this may not be the current stack.
55
+ */
56
+ CPUARMState *env = &cpu->env;
57
+ CPUState *cs = CPU(cpu);
58
+ uint32_t *frame_sp_p;
59
+ uint32_t frameptr;
60
+
61
+ if (dotailchain) {
62
+ frame_sp_p = get_v7m_sp_ptr(env, true,
63
+ lr & R_V7M_EXCRET_MODE_MASK,
64
+ lr & R_V7M_EXCRET_SPSEL_MASK);
65
+ } else {
66
+ frame_sp_p = &env->regs[13];
67
+ }
68
+
69
+ frameptr = *frame_sp_p - 0x28;
70
+
71
+ stl_phys(cs->as, frameptr, 0xfefa125b);
72
+ stl_phys(cs->as, frameptr + 0x8, env->regs[4]);
73
+ stl_phys(cs->as, frameptr + 0xc, env->regs[5]);
74
+ stl_phys(cs->as, frameptr + 0x10, env->regs[6]);
75
+ stl_phys(cs->as, frameptr + 0x14, env->regs[7]);
76
+ stl_phys(cs->as, frameptr + 0x18, env->regs[8]);
77
+ stl_phys(cs->as, frameptr + 0x1c, env->regs[9]);
78
+ stl_phys(cs->as, frameptr + 0x20, env->regs[10]);
79
+ stl_phys(cs->as, frameptr + 0x24, env->regs[11]);
80
+
81
+ *frame_sp_p = frameptr;
82
+}
65
+}
83
+
66
+
84
+static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain)
67
DeviceState *ssi_create_slave(SSIBus *bus, const char *name)
85
{
68
{
86
/* Do the "take the exception" parts of exception entry,
69
DeviceState *dev = qdev_new(name);
87
* but not the pushing of state to the stack. This is
70
88
@@ -XXX,XX +XXX,XX @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr)
71
- qdev_realize_and_unref(dev, &bus->parent_obj, &error_fatal);
89
*/
72
+ ssi_realize_and_unref(dev, bus, &error_fatal);
90
CPUARMState *env = &cpu->env;
73
return dev;
91
uint32_t addr;
92
+ bool targets_secure;
93
+
94
+ targets_secure = armv7m_nvic_acknowledge_irq(env->nvic);
95
96
- armv7m_nvic_acknowledge_irq(env->nvic);
97
+ if (arm_feature(env, ARM_FEATURE_V8)) {
98
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&
99
+ (lr & R_V7M_EXCRET_S_MASK)) {
100
+ /* The background code (the owner of the registers in the
101
+ * exception frame) is Secure. This means it may either already
102
+ * have or now needs to push callee-saves registers.
103
+ */
104
+ if (targets_secure) {
105
+ if (dotailchain && !(lr & R_V7M_EXCRET_ES_MASK)) {
106
+ /* We took an exception from Secure to NonSecure
107
+ * (which means the callee-saved registers got stacked)
108
+ * and are now tailchaining to a Secure exception.
109
+ * Clear DCRS so eventual return from this Secure
110
+ * exception unstacks the callee-saved registers.
111
+ */
112
+ lr &= ~R_V7M_EXCRET_DCRS_MASK;
113
+ }
114
+ } else {
115
+ /* We're going to a non-secure exception; push the
116
+ * callee-saves registers to the stack now, if they're
117
+ * not already saved.
118
+ */
119
+ if (lr & R_V7M_EXCRET_DCRS_MASK &&
120
+ !(dotailchain && (lr & R_V7M_EXCRET_ES_MASK))) {
121
+ v7m_push_callee_stack(cpu, lr, dotailchain);
122
+ }
123
+ lr |= R_V7M_EXCRET_DCRS_MASK;
124
+ }
125
+ }
126
+
127
+ lr &= ~R_V7M_EXCRET_ES_MASK;
128
+ if (targets_secure || !arm_feature(env, ARM_FEATURE_M_SECURITY)) {
129
+ lr |= R_V7M_EXCRET_ES_MASK;
130
+ }
131
+ lr &= ~R_V7M_EXCRET_SPSEL_MASK;
132
+ if (env->v7m.control[targets_secure] & R_V7M_CONTROL_SPSEL_MASK) {
133
+ lr |= R_V7M_EXCRET_SPSEL_MASK;
134
+ }
135
+
136
+ /* Clear registers if necessary to prevent non-secure exception
137
+ * code being able to see register values from secure code.
138
+ * Where register values become architecturally UNKNOWN we leave
139
+ * them with their previous values.
140
+ */
141
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
142
+ if (!targets_secure) {
143
+ /* Always clear the caller-saved registers (they have been
144
+ * pushed to the stack earlier in v7m_push_stack()).
145
+ * Clear callee-saved registers if the background code is
146
+ * Secure (in which case these regs were saved in
147
+ * v7m_push_callee_stack()).
148
+ */
149
+ int i;
150
+
151
+ for (i = 0; i < 13; i++) {
152
+ /* r4..r11 are callee-saves, zero only if EXCRET.S == 1 */
153
+ if (i < 4 || i > 11 || (lr & R_V7M_EXCRET_S_MASK)) {
154
+ env->regs[i] = 0;
155
+ }
156
+ }
157
+ /* Clear EAPSR */
158
+ xpsr_write(env, 0, XPSR_NZCV | XPSR_Q | XPSR_GE | XPSR_IT);
159
+ }
160
+ }
161
+ }
162
+
163
+ /* Switch to target security state -- must do this before writing SPSEL */
164
+ switch_v7m_security_state(env, targets_secure);
165
write_v7m_control_spsel(env, 0);
166
arm_clear_exclusive(env);
167
/* Clear IT bits */
168
env->condexec_bits = 0;
169
env->regs[14] = lr;
170
- addr = arm_v7m_load_vector(cpu);
171
+ addr = arm_v7m_load_vector(cpu, targets_secure);
172
env->regs[15] = addr & 0xfffffffe;
173
env->thumb = addr & 1;
174
}
74
}
175
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
176
if (sfault) {
177
env->v7m.sfsr |= R_V7M_SFSR_INVER_MASK;
178
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
179
- v7m_exception_taken(cpu, excret);
180
+ v7m_exception_taken(cpu, excret, true);
181
qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing "
182
"stackframe: failed EXC_RETURN.ES validity check\n");
183
return;
184
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
185
*/
186
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
187
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
188
- v7m_exception_taken(cpu, excret);
189
+ v7m_exception_taken(cpu, excret, true);
190
qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
191
"stackframe: failed exception return integrity check\n");
192
return;
193
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
194
/* Take a SecureFault on the current stack */
195
env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK;
196
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
197
- v7m_exception_taken(cpu, excret);
198
+ v7m_exception_taken(cpu, excret, true);
199
qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing "
200
"stackframe: failed exception return integrity "
201
"signature check\n");
202
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
203
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,
204
env->v7m.secure);
205
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
206
- v7m_exception_taken(cpu, excret);
207
+ v7m_exception_taken(cpu, excret, true);
208
qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
209
"stackframe: failed exception return integrity "
210
"check\n");
211
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
212
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, false);
213
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
214
v7m_push_stack(cpu);
215
- v7m_exception_taken(cpu, excret);
216
+ v7m_exception_taken(cpu, excret, false);
217
qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on new stackframe: "
218
"failed exception return integrity check\n");
219
return;
220
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
221
return; /* Never happens. Keep compiler happy. */
222
}
223
224
- lr = R_V7M_EXCRET_RES1_MASK |
225
- R_V7M_EXCRET_S_MASK |
226
- R_V7M_EXCRET_DCRS_MASK |
227
- R_V7M_EXCRET_FTYPE_MASK |
228
- R_V7M_EXCRET_ES_MASK;
229
- if (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) {
230
- lr |= R_V7M_EXCRET_SPSEL_MASK;
231
+ if (arm_feature(env, ARM_FEATURE_V8)) {
232
+ lr = R_V7M_EXCRET_RES1_MASK |
233
+ R_V7M_EXCRET_DCRS_MASK |
234
+ R_V7M_EXCRET_FTYPE_MASK;
235
+ /* The S bit indicates whether we should return to Secure
236
+ * or NonSecure (ie our current state).
237
+ * The ES bit indicates whether we're taking this exception
238
+ * to Secure or NonSecure (ie our target state). We set it
239
+ * later, in v7m_exception_taken().
240
+ * The SPSEL bit is also set in v7m_exception_taken() for v8M.
241
+ * This corresponds to the ARM ARM pseudocode for v8M setting
242
+ * some LR bits in PushStack() and some in ExceptionTaken();
243
+ * the distinction matters for the tailchain cases where we
244
+ * can take an exception without pushing the stack.
245
+ */
246
+ if (env->v7m.secure) {
247
+ lr |= R_V7M_EXCRET_S_MASK;
248
+ }
249
+ } else {
250
+ lr = R_V7M_EXCRET_RES1_MASK |
251
+ R_V7M_EXCRET_S_MASK |
252
+ R_V7M_EXCRET_DCRS_MASK |
253
+ R_V7M_EXCRET_FTYPE_MASK |
254
+ R_V7M_EXCRET_ES_MASK;
255
+ if (env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK) {
256
+ lr |= R_V7M_EXCRET_SPSEL_MASK;
257
+ }
258
}
259
if (!arm_v7m_is_handler_mode(env)) {
260
lr |= R_V7M_EXCRET_MODE_MASK;
261
}
262
263
v7m_push_stack(cpu);
264
- v7m_exception_taken(cpu, lr);
265
+ v7m_exception_taken(cpu, lr, false);
266
qemu_log_mask(CPU_LOG_INT, "... as %d\n", env->v7m.exception);
267
}
268
75
269
--
76
--
270
2.7.4
77
2.20.1
271
78
272
79
diff view generated by jsdifflib
[Qemu-devel] [PULL 14/20] target/arm: Add support for restoring v8M additional state context
[PULL 25/34] hw/arm/spitz: Use max111x properties to set initial values
1
For v8M, exceptions from Secure to Non-Secure state will save
1
Use the new max111x qdev properties to set the initial input
2
callee-saved registers to the exception frame as well as the
2
values rather than calling max111x_set_input(); this means that
3
caller-saved registers. Add support for unstacking these
3
on system reset the inputs will correctly return to their initial
4
registers in exception exit when necessary.
4
values.
5
5
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
8
Message-id: 1506092407-26985-12-git-send-email-peter.maydell@linaro.org
8
Message-id: 20200628142429.17111-10-peter.maydell@linaro.org
9
---
9
---
10
target/arm/helper.c | 30 ++++++++++++++++++++++++++++++
10
hw/arm/spitz.c | 11 +++++++----
11
1 file changed, 30 insertions(+)
11
1 file changed, 7 insertions(+), 4 deletions(-)
12
12
13
diff --git a/target/arm/helper.c b/target/arm/helper.c
13
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
14
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.c
15
--- a/hw/arm/spitz.c
16
+++ b/target/arm/helper.c
16
+++ b/hw/arm/spitz.c
17
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
17
@@ -XXX,XX +XXX,XX @@ static void spitz_ssp_attach(SpitzMachineState *sms)
18
"for destination state is UNPREDICTABLE\n");
18
qdev_get_gpio_in(sms->mpu->gpio, SPITZ_GPIO_TP_INT));
19
}
19
20
20
bus = qdev_get_child_bus(sms->mux, "ssi2");
21
+ /* Do we need to pop callee-saved registers? */
21
- sms->max1111 = ssi_create_slave(bus, "max1111");
22
+ if (return_to_secure &&
22
+ sms->max1111 = qdev_new("max1111");
23
+ ((excret & R_V7M_EXCRET_ES_MASK) == 0 ||
23
max1111 = sms->max1111;
24
+ (excret & R_V7M_EXCRET_DCRS_MASK) == 0)) {
24
- max111x_set_input(sms->max1111, MAX1111_BATT_VOLT, SPITZ_BATTERY_VOLT);
25
+ uint32_t expected_sig = 0xfefa125b;
25
- max111x_set_input(sms->max1111, MAX1111_BATT_TEMP, 0);
26
+ uint32_t actual_sig = ldl_phys(cs->as, frameptr);
26
- max111x_set_input(sms->max1111, MAX1111_ACIN_VOLT, SPITZ_CHARGEON_ACIN);
27
+
27
+ qdev_prop_set_uint8(sms->max1111, "input1" /* BATT_VOLT */,
28
+ if (expected_sig != actual_sig) {
28
+ SPITZ_BATTERY_VOLT);
29
+ /* Take a SecureFault on the current stack */
29
+ qdev_prop_set_uint8(sms->max1111, "input2" /* BATT_TEMP */, 0);
30
+ env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK;
30
+ qdev_prop_set_uint8(sms->max1111, "input3" /* ACIN_VOLT */,
31
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
31
+ SPITZ_CHARGEON_ACIN);
32
+ v7m_exception_taken(cpu, excret);
32
+ ssi_realize_and_unref(sms->max1111, bus, &error_fatal);
33
+ qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing "
33
34
+ "stackframe: failed exception return integrity "
34
qdev_connect_gpio_out(sms->mpu->gpio, SPITZ_GPIO_LCDCON_CS,
35
+ "signature check\n");
35
qdev_get_gpio_in(sms->mux, 0));
36
+ return;
37
+ }
38
+
39
+ env->regs[4] = ldl_phys(cs->as, frameptr + 0x8);
40
+ env->regs[5] = ldl_phys(cs->as, frameptr + 0xc);
41
+ env->regs[6] = ldl_phys(cs->as, frameptr + 0x10);
42
+ env->regs[7] = ldl_phys(cs->as, frameptr + 0x14);
43
+ env->regs[8] = ldl_phys(cs->as, frameptr + 0x18);
44
+ env->regs[9] = ldl_phys(cs->as, frameptr + 0x1c);
45
+ env->regs[10] = ldl_phys(cs->as, frameptr + 0x20);
46
+ env->regs[11] = ldl_phys(cs->as, frameptr + 0x24);
47
+
48
+ frameptr += 0x28;
49
+ }
50
+
51
/* Pop registers. TODO: make these accesses use the correct
52
* attributes and address space (S/NS, priv/unpriv) and handle
53
* memory transaction failures.
54
--
36
--
55
2.7.4
37
2.20.1
56
38
57
39
diff view generated by jsdifflib
[Qemu-devel] [PULL 09/20] target/arm: Check for xPSR mismatch usage faults earlier for v8M
[PULL 26/34] hw/misc/max111x: Use GPIO lines rather than max111x_set_input()
1
ARM v8M specifies that the INVPC usage fault for mismatched
1
The max111x ADC device model allows other code to set the level on
2
xPSR exception field and handler mode bit should be checked
2
the 8 ADC inputs using the max111x_set_input() function. Replace
3
before updating the PSR and SP, so that the fault is taken
3
this with generic qdev GPIO inputs, which also allow inputs to be set
4
with the existing stack frame rather than by pushing a new one.
4
to arbitrary values.
5
Perform this check in the right place for v8M.
6
5
7
Since v7M specifies in its pseudocode that this usage fault
6
Using GPIO lines will make it easier for board code to wire things
8
check should happen later, we have to retain the original
7
up, so that if device A wants to set the ADC input it doesn't need to
9
code for that check rather than being able to merge the two.
8
have a direct pointer to the max111x but can just set that value on
10
(The distinction is architecturally visible but only in
9
its output GPIO, which is then wired up by the board to the
11
very obscure corner cases like attempting an invalid exception
10
appropriate max111x input.
12
return with an exception frame in read only memory.)
13
11
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
13
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
16
Message-id: 1506092407-26985-7-git-send-email-peter.maydell@linaro.org
14
Message-id: 20200628142429.17111-11-peter.maydell@linaro.org
17
---
15
---
18
target/arm/helper.c | 30 +++++++++++++++++++++++++++---
16
include/hw/ssi/ssi.h | 3 ---
19
1 file changed, 27 insertions(+), 3 deletions(-)
17
hw/arm/spitz.c | 9 +++++----
18
hw/misc/max111x.c | 16 +++++++++-------
19
3 files changed, 14 insertions(+), 14 deletions(-)
20
20
21
diff --git a/target/arm/helper.c b/target/arm/helper.c
21
diff --git a/include/hw/ssi/ssi.h b/include/hw/ssi/ssi.h
22
index XXXXXXX..XXXXXXX 100644
22
index XXXXXXX..XXXXXXX 100644
23
--- a/target/arm/helper.c
23
--- a/include/hw/ssi/ssi.h
24
+++ b/target/arm/helper.c
24
+++ b/include/hw/ssi/ssi.h
25
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
25
@@ -XXX,XX +XXX,XX @@ SSIBus *ssi_create_bus(DeviceState *parent, const char *name);
26
}
26
27
xpsr = ldl_phys(cs->as, frameptr + 0x1c);
27
uint32_t ssi_transfer(SSIBus *bus, uint32_t val);
28
28
29
+ if (arm_feature(env, ARM_FEATURE_V8)) {
29
-/* max111x.c */
30
+ /* For v8M we have to check whether the xPSR exception field
30
-void max111x_set_input(DeviceState *dev, int line, uint8_t value);
31
+ * matches the EXCRET value for return to handler/thread
31
-
32
+ * before we commit to changing the SP and xPSR.
32
#endif
33
+ */
33
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
34
+ bool will_be_handler = (xpsr & XPSR_EXCP) != 0;
34
index XXXXXXX..XXXXXXX 100644
35
+ if (return_to_handler != will_be_handler) {
35
--- a/hw/arm/spitz.c
36
+ /* Take an INVPC UsageFault on the current stack.
36
+++ b/hw/arm/spitz.c
37
+ * By this point we will have switched to the security state
37
@@ -XXX,XX +XXX,XX @@ static void corgi_ssp_gpio_cs(void *opaque, int line, int level)
38
+ * for the background state, so this UsageFault will target
38
39
+ * that state.
39
static void spitz_adc_temp_on(void *opaque, int line, int level)
40
+ */
40
{
41
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,
41
+ int batt_temp;
42
+ env->v7m.secure);
43
+ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
44
+ v7m_exception_taken(cpu, excret);
45
+ qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
46
+ "stackframe: failed exception return integrity "
47
+ "check\n");
48
+ return;
49
+ }
50
+ }
51
+
42
+
52
/* Commit to consuming the stack frame */
43
if (!max1111)
53
frameptr += 0x20;
44
return;
54
/* Undo stack alignment (the SPREALIGN bit indicates that the original
45
55
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
46
- if (level)
56
/* The restored xPSR exception field will be zero if we're
47
- max111x_set_input(max1111, MAX1111_BATT_TEMP, SPITZ_BATTERY_TEMP);
57
* resuming in Thread mode. If that doesn't match what the
48
- else
58
* exception return excret specified then this is a UsageFault.
49
- max111x_set_input(max1111, MAX1111_BATT_TEMP, 0);
59
+ * v7M requires we make this check here; v8M did it earlier.
50
+ batt_temp = level ? SPITZ_BATTERY_TEMP : 0;
60
*/
51
+
61
if (return_to_handler != arm_v7m_is_handler_mode(env)) {
52
+ qemu_set_irq(qdev_get_gpio_in(max1111, MAX1111_BATT_TEMP), batt_temp);
62
- /* Take an INVPC UsageFault by pushing the stack again.
53
}
63
- * TODO: the v8M version of this code should target the
54
64
- * background state for this exception.
55
static void corgi_ssp_realize(SSISlave *d, Error **errp)
65
+ /* Take an INVPC UsageFault by pushing the stack again;
56
diff --git a/hw/misc/max111x.c b/hw/misc/max111x.c
66
+ * we know we're v7M so this is never a Secure UsageFault.
57
index XXXXXXX..XXXXXXX 100644
67
*/
58
--- a/hw/misc/max111x.c
68
+ assert(!arm_feature(env, ARM_FEATURE_V8));
59
+++ b/hw/misc/max111x.c
69
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, false);
60
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_max111x = {
70
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
61
}
71
v7m_push_stack(cpu);
62
};
63
64
+static void max111x_input_set(void *opaque, int line, int value)
65
+{
66
+ MAX111xState *s = MAX_111X(opaque);
67
+
68
+ assert(line >= 0 && line < s->inputs);
69
+ s->input[line] = value;
70
+}
71
+
72
static int max111x_init(SSISlave *d, int inputs)
73
{
74
DeviceState *dev = DEVICE(d);
75
MAX111xState *s = MAX_111X(dev);
76
77
qdev_init_gpio_out(dev, &s->interrupt, 1);
78
+ qdev_init_gpio_in(dev, max111x_input_set, inputs);
79
80
s->inputs = inputs;
81
82
@@ -XXX,XX +XXX,XX @@ static void max1111_realize(SSISlave *dev, Error **errp)
83
max111x_init(dev, 4);
84
}
85
86
-void max111x_set_input(DeviceState *dev, int line, uint8_t value)
87
-{
88
- MAX111xState *s = MAX_111X(dev);
89
- assert(line >= 0 && line < s->inputs);
90
- s->input[line] = value;
91
-}
92
-
93
static void max111x_reset(DeviceState *dev)
94
{
95
MAX111xState *s = MAX_111X(dev);
72
--
96
--
73
2.7.4
97
2.20.1
74
98
75
99
diff view generated by jsdifflib
[Qemu-devel] [PULL 11/20] target/arm: Don't warn about exception return with PC low bit set for v8M
[PULL 27/34] hw/misc/max111x: Create header file for documentation, TYPE_ macros
1
In the v8M architecture, return from an exception to a PC which
1
Create a header file for the hw/misc/max111x device, in the
2
has bit 0 set is not UNPREDICTABLE; it is defined that bit 0
2
usual modern style for QOM devices:
3
is discarded [R_HRJH]. Restrict our complaint about this to v7M.
3
* definition of the TYPE_ constants and macros
4
* definition of the device's state struct so that it can
5
be embedded in other structs if desired
6
* documentation of the interface
7
8
This allows us to use TYPE_MAX_1111 in the spitz.c code rather
9
than the string "max1111".
4
10
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
12
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
13
Message-id: 20200628142429.17111-12-peter.maydell@linaro.org
8
Message-id: 1506092407-26985-9-git-send-email-peter.maydell@linaro.org
9
---
14
---
10
target/arm/helper.c | 22 +++++++++++++++-------
15
include/hw/misc/max111x.h | 56 +++++++++++++++++++++++++++++++++++++++
11
1 file changed, 15 insertions(+), 7 deletions(-)
16
hw/arm/spitz.c | 3 ++-
17
hw/misc/max111x.c | 24 +----------------
18
MAINTAINERS | 1 +
19
4 files changed, 60 insertions(+), 24 deletions(-)
20
create mode 100644 include/hw/misc/max111x.h
12
21
13
diff --git a/target/arm/helper.c b/target/arm/helper.c
22
diff --git a/include/hw/misc/max111x.h b/include/hw/misc/max111x.h
23
new file mode 100644
24
index XXXXXXX..XXXXXXX
25
--- /dev/null
26
+++ b/include/hw/misc/max111x.h
27
@@ -XXX,XX +XXX,XX @@
28
+/*
29
+ * Maxim MAX1110/1111 ADC chip emulation.
30
+ *
31
+ * Copyright (c) 2006 Openedhand Ltd.
32
+ * Written by Andrzej Zaborowski <balrog@zabor.org>
33
+ *
34
+ * This code is licensed under the GNU GPLv2.
35
+ *
36
+ * Contributions after 2012-01-13 are licensed under the terms of the
37
+ * GNU GPL, version 2 or (at your option) any later version.
38
+ */
39
+
40
+#ifndef HW_MISC_MAX111X_H
41
+#define HW_MISC_MAX111X_H
42
+
43
+#include "hw/ssi/ssi.h"
44
+
45
+/*
46
+ * This is a model of the Maxim MAX1110/1111 ADC chip, which for QEMU
47
+ * is an SSI slave device. It has either 4 (max1110) or 8 (max1111)
48
+ * 8-bit ADC channels.
49
+ *
50
+ * QEMU interface:
51
+ * + GPIO inputs 0..3 (for max1110) or 0..7 (for max1111): set the value
52
+ * of each ADC input, as an unsigned 8-bit value
53
+ * + GPIO output 0: interrupt line
54
+ * + Properties "input0" to "input3" (max1110) or "input0" to "input7"
55
+ * (max1111): initial reset values for ADC inputs.
56
+ *
57
+ * Known bugs:
58
+ * + the interrupt line is not correctly implemented, and will never
59
+ * be lowered once it has been asserted.
60
+ */
61
+typedef struct {
62
+ SSISlave parent_obj;
63
+
64
+ qemu_irq interrupt;
65
+ /* Values of inputs at system reset (settable by QOM property) */
66
+ uint8_t reset_input[8];
67
+
68
+ uint8_t tb1, rb2, rb3;
69
+ int cycle;
70
+
71
+ uint8_t input[8];
72
+ int inputs, com;
73
+} MAX111xState;
74
+
75
+#define TYPE_MAX_111X "max111x"
76
+
77
+#define MAX_111X(obj) \
78
+ OBJECT_CHECK(MAX111xState, (obj), TYPE_MAX_111X)
79
+
80
+#define TYPE_MAX_1110 "max1110"
81
+#define TYPE_MAX_1111 "max1111"
82
+
83
+#endif
84
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
14
index XXXXXXX..XXXXXXX 100644
85
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.c
86
--- a/hw/arm/spitz.c
16
+++ b/target/arm/helper.c
87
+++ b/hw/arm/spitz.c
17
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
88
@@ -XXX,XX +XXX,XX @@
18
env->regs[12] = ldl_phys(cs->as, frameptr + 0x10);
89
#include "audio/audio.h"
19
env->regs[14] = ldl_phys(cs->as, frameptr + 0x14);
90
#include "hw/boards.h"
20
env->regs[15] = ldl_phys(cs->as, frameptr + 0x18);
91
#include "hw/sysbus.h"
21
+
92
+#include "hw/misc/max111x.h"
22
+ /* Returning from an exception with a PC with bit 0 set is defined
93
#include "migration/vmstate.h"
23
+ * behaviour on v8M (bit 0 is ignored), but for v7M it was specified
94
#include "exec/address-spaces.h"
24
+ * to be UNPREDICTABLE. In practice actual v7M hardware seems to ignore
95
#include "cpu.h"
25
+ * the lsbit, and there are several RTOSes out there which incorrectly
96
@@ -XXX,XX +XXX,XX @@ static void spitz_ssp_attach(SpitzMachineState *sms)
26
+ * assume the r15 in the stack frame should be a Thumb-style "lsbit
97
qdev_get_gpio_in(sms->mpu->gpio, SPITZ_GPIO_TP_INT));
27
+ * indicates ARM/Thumb" value, so ignore the bit on v7M as well, but
98
28
+ * complain about the badly behaved guest.
99
bus = qdev_get_child_bus(sms->mux, "ssi2");
29
+ */
100
- sms->max1111 = qdev_new("max1111");
30
if (env->regs[15] & 1) {
101
+ sms->max1111 = qdev_new(TYPE_MAX_1111);
31
- qemu_log_mask(LOG_GUEST_ERROR,
102
max1111 = sms->max1111;
32
- "M profile return from interrupt with misaligned "
103
qdev_prop_set_uint8(sms->max1111, "input1" /* BATT_VOLT */,
33
- "PC is UNPREDICTABLE\n");
104
SPITZ_BATTERY_VOLT);
34
- /* Actual hardware seems to ignore the lsbit, and there are several
105
diff --git a/hw/misc/max111x.c b/hw/misc/max111x.c
35
- * RTOSes out there which incorrectly assume the r15 in the stack
106
index XXXXXXX..XXXXXXX 100644
36
- * frame should be a Thumb-style "lsbit indicates ARM/Thumb" value.
107
--- a/hw/misc/max111x.c
37
- */
108
+++ b/hw/misc/max111x.c
38
env->regs[15] &= ~1U;
109
@@ -XXX,XX +XXX,XX @@
39
+ if (!arm_feature(env, ARM_FEATURE_V8)) {
110
*/
40
+ qemu_log_mask(LOG_GUEST_ERROR,
111
41
+ "M profile return from interrupt with misaligned "
112
#include "qemu/osdep.h"
42
+ "PC is UNPREDICTABLE on v7M\n");
113
+#include "hw/misc/max111x.h"
43
+ }
114
#include "hw/irq.h"
44
}
115
-#include "hw/ssi/ssi.h"
45
+
116
#include "migration/vmstate.h"
46
xpsr = ldl_phys(cs->as, frameptr + 0x1c);
117
#include "qemu/module.h"
47
118
#include "hw/qdev-properties.h"
48
if (arm_feature(env, ARM_FEATURE_V8)) {
119
120
-typedef struct {
121
- SSISlave parent_obj;
122
-
123
- qemu_irq interrupt;
124
- /* Values of inputs at system reset (settable by QOM property) */
125
- uint8_t reset_input[8];
126
-
127
- uint8_t tb1, rb2, rb3;
128
- int cycle;
129
-
130
- uint8_t input[8];
131
- int inputs, com;
132
-} MAX111xState;
133
-
134
-#define TYPE_MAX_111X "max111x"
135
-
136
-#define MAX_111X(obj) \
137
- OBJECT_CHECK(MAX111xState, (obj), TYPE_MAX_111X)
138
-
139
-#define TYPE_MAX_1110 "max1110"
140
-#define TYPE_MAX_1111 "max1111"
141
-
142
/* Control-byte bitfields */
143
#define CB_PD0        (1 << 0)
144
#define CB_PD1        (1 << 1)
145
diff --git a/MAINTAINERS b/MAINTAINERS
146
index XXXXXXX..XXXXXXX 100644
147
--- a/MAINTAINERS
148
+++ b/MAINTAINERS
149
@@ -XXX,XX +XXX,XX @@ F: hw/gpio/max7310.c
150
F: hw/gpio/zaurus.c
151
F: hw/misc/mst_fpga.c
152
F: hw/misc/max111x.c
153
+F: include/hw/misc/max111x.h
154
F: include/hw/arm/pxa.h
155
F: include/hw/arm/sharpsl.h
156
F: include/hw/display/tc6393xb.h
49
--
157
--
50
2.7.4
158
2.20.1
51
159
52
160
diff view generated by jsdifflib
New patch
[PULL 28/34] hw/arm/spitz: Encapsulate misc GPIO handling in a device
1
1
Currently we have a free-floating set of IRQs and a function
2
spitz_out_switch() which handle some miscellaneous GPIO lines for the
3
spitz board. Encapsulate this behaviour in a simple QOM device.
4
5
At this point we can finally remove the 'max1111' global, because the
6
ADC battery-temperature value is now handled by the misc-gpio device
7
writing the value to its outbound "adc-temp" GPIO, which the board
8
code wires up to the appropriate inbound GPIO line on the max1111.
9
10
This commit also fixes Coverity issue CID 1421913 (which pointed out
11
that the 'outsignals' in spitz_scoop_gpio_setup() were leaked),
12
because it removes the use of the qemu_allocate_irqs() API from this
13
code entirely.
14
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
17
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
18
Message-id: 20200628142429.17111-13-peter.maydell@linaro.org
19
---
20
hw/arm/spitz.c | 129 +++++++++++++++++++++++++++++++++----------------
21
1 file changed, 87 insertions(+), 42 deletions(-)
22
23
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
24
index XXXXXXX..XXXXXXX 100644
25
--- a/hw/arm/spitz.c
26
+++ b/hw/arm/spitz.c
27
@@ -XXX,XX +XXX,XX @@ typedef struct {
28
DeviceState *max1111;
29
DeviceState *scp0;
30
DeviceState *scp1;
31
+ DeviceState *misc_gpio;
32
} SpitzMachineState;
33
34
#define TYPE_SPITZ_MACHINE "spitz-common"
35
@@ -XXX,XX +XXX,XX @@ static void spitz_lcdtg_realize(SSISlave *ssi, Error **errp)
36
#define SPITZ_GPIO_MAX1111_CS 20
37
#define SPITZ_GPIO_TP_INT 11
38
39
-static DeviceState *max1111;
40
-
41
/* "Demux" the signal based on current chipselect */
42
typedef struct {
43
SSISlave ssidev;
44
@@ -XXX,XX +XXX,XX @@ static void corgi_ssp_gpio_cs(void *opaque, int line, int level)
45
#define SPITZ_BATTERY_VOLT 0xd0 /* About 4.0V */
46
#define SPITZ_CHARGEON_ACIN 0x80 /* About 5.0V */
47
48
-static void spitz_adc_temp_on(void *opaque, int line, int level)
49
-{
50
- int batt_temp;
51
-
52
- if (!max1111)
53
- return;
54
-
55
- batt_temp = level ? SPITZ_BATTERY_TEMP : 0;
56
-
57
- qemu_set_irq(qdev_get_gpio_in(max1111, MAX1111_BATT_TEMP), batt_temp);
58
-}
59
-
60
static void corgi_ssp_realize(SSISlave *d, Error **errp)
61
{
62
DeviceState *dev = DEVICE(d);
63
@@ -XXX,XX +XXX,XX @@ static void spitz_ssp_attach(SpitzMachineState *sms)
64
65
bus = qdev_get_child_bus(sms->mux, "ssi2");
66
sms->max1111 = qdev_new(TYPE_MAX_1111);
67
- max1111 = sms->max1111;
68
qdev_prop_set_uint8(sms->max1111, "input1" /* BATT_VOLT */,
69
SPITZ_BATTERY_VOLT);
70
qdev_prop_set_uint8(sms->max1111, "input2" /* BATT_TEMP */, 0);
71
@@ -XXX,XX +XXX,XX @@ static void spitz_akita_i2c_setup(PXA2xxState *cpu)
72
73
/* Other peripherals */
74
75
-static void spitz_out_switch(void *opaque, int line, int level)
76
+/*
77
+ * Encapsulation of some miscellaneous GPIO line behaviour for the Spitz boards.
78
+ *
79
+ * QEMU interface:
80
+ * + named GPIO inputs "green-led", "orange-led", "charging", "discharging":
81
+ * these currently just print messages that the line has been signalled
82
+ * + named GPIO input "adc-temp-on": set to cause the battery-temperature
83
+ * value to be passed to the max111x ADC
84
+ * + named GPIO output "adc-temp": the ADC value, to be wired up to the max111x
85
+ */
86
+#define TYPE_SPITZ_MISC_GPIO "spitz-misc-gpio"
87
+#define SPITZ_MISC_GPIO(obj) \
88
+ OBJECT_CHECK(SpitzMiscGPIOState, (obj), TYPE_SPITZ_MISC_GPIO)
89
+
90
+typedef struct SpitzMiscGPIOState {
91
+ SysBusDevice parent_obj;
92
+
93
+ qemu_irq adc_value;
94
+} SpitzMiscGPIOState;
95
+
96
+static void spitz_misc_charging(void *opaque, int n, int level)
97
{
98
- switch (line) {
99
- case 0:
100
- zaurus_printf("Charging %s.\n", level ? "off" : "on");
101
- break;
102
- case 1:
103
- zaurus_printf("Discharging %s.\n", level ? "on" : "off");
104
- break;
105
- case 2:
106
- zaurus_printf("Green LED %s.\n", level ? "on" : "off");
107
- break;
108
- case 3:
109
- zaurus_printf("Orange LED %s.\n", level ? "on" : "off");
110
- break;
111
- case 6:
112
- spitz_adc_temp_on(opaque, line, level);
113
- break;
114
- default:
115
- g_assert_not_reached();
116
- }
117
+ zaurus_printf("Charging %s.\n", level ? "off" : "on");
118
+}
119
+
120
+static void spitz_misc_discharging(void *opaque, int n, int level)
121
+{
122
+ zaurus_printf("Discharging %s.\n", level ? "off" : "on");
123
+}
124
+
125
+static void spitz_misc_green_led(void *opaque, int n, int level)
126
+{
127
+ zaurus_printf("Green LED %s.\n", level ? "off" : "on");
128
+}
129
+
130
+static void spitz_misc_orange_led(void *opaque, int n, int level)
131
+{
132
+ zaurus_printf("Orange LED %s.\n", level ? "off" : "on");
133
+}
134
+
135
+static void spitz_misc_adc_temp(void *opaque, int n, int level)
136
+{
137
+ SpitzMiscGPIOState *s = SPITZ_MISC_GPIO(opaque);
138
+ int batt_temp = level ? SPITZ_BATTERY_TEMP : 0;
139
+
140
+ qemu_set_irq(s->adc_value, batt_temp);
141
+}
142
+
143
+static void spitz_misc_gpio_init(Object *obj)
144
+{
145
+ SpitzMiscGPIOState *s = SPITZ_MISC_GPIO(obj);
146
+ DeviceState *dev = DEVICE(obj);
147
+
148
+ qdev_init_gpio_in_named(dev, spitz_misc_charging, "charging", 1);
149
+ qdev_init_gpio_in_named(dev, spitz_misc_discharging, "discharging", 1);
150
+ qdev_init_gpio_in_named(dev, spitz_misc_green_led, "green-led", 1);
151
+ qdev_init_gpio_in_named(dev, spitz_misc_orange_led, "orange-led", 1);
152
+ qdev_init_gpio_in_named(dev, spitz_misc_adc_temp, "adc-temp-on", 1);
153
+
154
+ qdev_init_gpio_out_named(dev, &s->adc_value, "adc-temp", 1);
155
}
156
157
#define SPITZ_SCP_LED_GREEN 1
158
@@ -XXX,XX +XXX,XX @@ static void spitz_out_switch(void *opaque, int line, int level)
159
160
static void spitz_scoop_gpio_setup(SpitzMachineState *sms)
161
{
162
- qemu_irq *outsignals = qemu_allocate_irqs(spitz_out_switch, sms->mpu, 8);
163
+ DeviceState *miscdev = sysbus_create_simple(TYPE_SPITZ_MISC_GPIO, -1, NULL);
164
165
- qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_CHRG_ON, outsignals[0]);
166
- qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_JK_B, outsignals[1]);
167
- qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_LED_GREEN, outsignals[2]);
168
- qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_LED_ORANGE, outsignals[3]);
169
+ sms->misc_gpio = miscdev;
170
+
171
+ qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_CHRG_ON,
172
+ qdev_get_gpio_in_named(miscdev, "charging", 0));
173
+ qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_JK_B,
174
+ qdev_get_gpio_in_named(miscdev, "discharging", 0));
175
+ qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_LED_GREEN,
176
+ qdev_get_gpio_in_named(miscdev, "green-led", 0));
177
+ qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_LED_ORANGE,
178
+ qdev_get_gpio_in_named(miscdev, "orange-led", 0));
179
+ qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_ADC_TEMP_ON,
180
+ qdev_get_gpio_in_named(miscdev, "adc-temp-on", 0));
181
+ qdev_connect_gpio_out_named(miscdev, "adc-temp", 0,
182
+ qdev_get_gpio_in(sms->max1111, MAX1111_BATT_TEMP));
183
184
if (sms->scp1) {
185
qdev_connect_gpio_out(sms->scp1, SPITZ_SCP2_BACKLIGHT_CONT,
186
@@ -XXX,XX +XXX,XX @@ static void spitz_scoop_gpio_setup(SpitzMachineState *sms)
187
qdev_connect_gpio_out(sms->scp1, SPITZ_SCP2_BACKLIGHT_ON,
188
qdev_get_gpio_in_named(sms->lcdtg, "bl_power", 0));
189
}
190
-
191
- qdev_connect_gpio_out(sms->scp0, SPITZ_SCP_ADC_TEMP_ON, outsignals[6]);
192
}
193
194
#define SPITZ_GPIO_HSYNC 22
195
@@ -XXX,XX +XXX,XX @@ static const TypeInfo spitz_lcdtg_info = {
196
.class_init = spitz_lcdtg_class_init,
197
};
198
199
+static const TypeInfo spitz_misc_gpio_info = {
200
+ .name = TYPE_SPITZ_MISC_GPIO,
201
+ .parent = TYPE_SYS_BUS_DEVICE,
202
+ .instance_size = sizeof(SpitzMiscGPIOState),
203
+ .instance_init = spitz_misc_gpio_init,
204
+ /*
205
+ * No class_init required: device has no internal state so does not
206
+ * need to set up reset or vmstate, and does not have a realize method.
207
+ */
208
+};
209
+
210
static void spitz_register_types(void)
211
{
212
type_register_static(&corgi_ssp_info);
213
type_register_static(&spitz_lcdtg_info);
214
type_register_static(&spitz_keyboard_info);
215
type_register_static(&sl_nand_info);
216
+ type_register_static(&spitz_misc_gpio_info);
217
}
218
219
type_init(spitz_register_types)
220
--
221
2.20.1
222
223
diff view generated by jsdifflib
[Qemu-devel] [PULL 19/20] target/arm: Factor out "get mmuidx for specified security state"
[PULL 29/34] hw/gpio/zaurus.c: Use LOG_GUEST_ERROR for bad guest register accesses
1
For the SG instruction and secure function return we are going
1
Instead of logging guest accesses to invalid register offsets in this
2
to want to do memory accesses using the MMU index of the CPU
2
device using zaurus_printf() (which just prints to stderr), use the
3
in secure state, even though the CPU is currently in non-secure
3
usual qemu_log_mask(LOG_GUEST_ERROR,...).
4
state. Write arm_v7m_mmu_idx_for_secstate() to do this job,
4
5
and use it in cpu_mmu_index().
5
Since this was the only use of the zaurus_printf() macro outside
6
spitz.c, we can move the definition of that macro from sharpsl.h
7
to spitz.c.
6
8
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
11
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
10
Message-id: 1506092407-26985-17-git-send-email-peter.maydell@linaro.org
12
Message-id: 20200628142429.17111-14-peter.maydell@linaro.org
11
---
13
---
12
target/arm/cpu.h | 32 +++++++++++++++++++++-----------
14
include/hw/arm/sharpsl.h | 3 ---
13
1 file changed, 21 insertions(+), 11 deletions(-)
15
hw/arm/spitz.c | 3 +++
16
hw/gpio/zaurus.c | 12 +++++++-----
17
3 files changed, 10 insertions(+), 8 deletions(-)
14
18
15
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
19
diff --git a/include/hw/arm/sharpsl.h b/include/hw/arm/sharpsl.h
16
index XXXXXXX..XXXXXXX 100644
20
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/cpu.h
21
--- a/include/hw/arm/sharpsl.h
18
+++ b/target/arm/cpu.h
22
+++ b/include/hw/arm/sharpsl.h
19
@@ -XXX,XX +XXX,XX @@ static inline int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
23
@@ -XXX,XX +XXX,XX @@
24
25
#include "exec/hwaddr.h"
26
27
-#define zaurus_printf(format, ...)    \
28
- fprintf(stderr, "%s: " format, __func__, ##__VA_ARGS__)
29
-
30
/* zaurus.c */
31
32
#define SL_PXA_PARAM_BASE    0xa0000a00
33
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
34
index XXXXXXX..XXXXXXX 100644
35
--- a/hw/arm/spitz.c
36
+++ b/hw/arm/spitz.c
37
@@ -XXX,XX +XXX,XX @@ typedef struct {
38
#define SPITZ_MACHINE_CLASS(klass) \
39
OBJECT_CLASS_CHECK(SpitzMachineClass, klass, TYPE_SPITZ_MACHINE)
40
41
+#define zaurus_printf(format, ...) \
42
+ fprintf(stderr, "%s: " format, __func__, ##__VA_ARGS__)
43
+
44
#undef REG_FMT
45
#define REG_FMT "0x%02lx"
46
47
diff --git a/hw/gpio/zaurus.c b/hw/gpio/zaurus.c
48
index XXXXXXX..XXXXXXX 100644
49
--- a/hw/gpio/zaurus.c
50
+++ b/hw/gpio/zaurus.c
51
@@ -XXX,XX +XXX,XX @@
52
#include "hw/sysbus.h"
53
#include "migration/vmstate.h"
54
#include "qemu/module.h"
55
-
56
-#undef REG_FMT
57
-#define REG_FMT            "0x%02lx"
58
+#include "qemu/log.h"
59
60
/* SCOOP devices */
61
62
@@ -XXX,XX +XXX,XX @@ static uint64_t scoop_read(void *opaque, hwaddr addr,
63
case SCOOP_GPRR:
64
return s->gpio_level;
65
default:
66
- zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
67
+ qemu_log_mask(LOG_GUEST_ERROR,
68
+ "scoop_read: bad register offset 0x%02" HWADDR_PRIx "\n",
69
+ addr);
70
}
71
72
return 0;
73
@@ -XXX,XX +XXX,XX @@ static void scoop_write(void *opaque, hwaddr addr,
74
scoop_gpio_handler_update(s);
75
break;
76
default:
77
- zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
78
+ qemu_log_mask(LOG_GUEST_ERROR,
79
+ "scoop_write: bad register offset 0x%02" HWADDR_PRIx "\n",
80
+ addr);
20
}
81
}
21
}
82
}
22
83
23
+/* Return the MMU index for a v7M CPU in the specified security state */
24
+static inline ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env,
25
+ bool secstate)
26
+{
27
+ int el = arm_current_el(env);
28
+ ARMMMUIdx mmu_idx;
29
+
30
+ if (el == 0) {
31
+ mmu_idx = secstate ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser;
32
+ } else {
33
+ mmu_idx = secstate ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv;
34
+ }
35
+
36
+ if (armv7m_nvic_neg_prio_requested(env->nvic, secstate)) {
37
+ mmu_idx = secstate ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri;
38
+ }
39
+
40
+ return mmu_idx;
41
+}
42
+
43
/* Determine the current mmu_idx to use for normal loads/stores */
44
static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)
45
{
46
int el = arm_current_el(env);
47
48
if (arm_feature(env, ARM_FEATURE_M)) {
49
- ARMMMUIdx mmu_idx;
50
-
51
- if (el == 0) {
52
- mmu_idx = env->v7m.secure ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser;
53
- } else {
54
- mmu_idx = env->v7m.secure ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv;
55
- }
56
-
57
- if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) {
58
- mmu_idx = env->v7m.secure ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri;
59
- }
60
+ ARMMMUIdx mmu_idx = arm_v7m_mmu_idx_for_secstate(env, env->v7m.secure);
61
62
return arm_to_core_mmu_idx(mmu_idx);
63
}
64
--
84
--
65
2.7.4
85
2.20.1
66
86
67
87
diff view generated by jsdifflib
[Qemu-devel] [PULL 18/20] target/arm: Fix calculation of secure mm_idx values
[PULL 30/34] hw/arm/spitz: Use LOG_GUEST_ERROR for bad guest register accesses
1
In cpu_mmu_index() we try to do this:
1
Instead of logging guest accesses to invalid register offsets in the
2
if (env->v7m.secure) {
2
Spitz flash device with zaurus_printf() (which just prints to stderr),
3
mmu_idx += ARMMMUIdx_MSUser;
3
use the usual qemu_log_mask(LOG_GUEST_ERROR,...).
4
}
5
but it will give the wrong answer, because ARMMMUIdx_MSUser
6
includes the 0x40 ARM_MMU_IDX_M field, and so does the
7
mmu_idx we're adding to, and we'll end up with 0x8n rather
8
than 0x4n. This error is then nullified by the call to
9
arm_to_core_mmu_idx() which masks out the high part, but
10
we're about to factor out the code that calculates the
11
ARMMMUIdx values so it can be used without passing it through
12
arm_to_core_mmu_idx(), so fix this bug first.
13
4
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
17
Message-id: 1506092407-26985-16-git-send-email-peter.maydell@linaro.org
8
Message-id: 20200628142429.17111-15-peter.maydell@linaro.org
18
---
9
---
19
target/arm/cpu.h | 12 +++++++-----
10
hw/arm/spitz.c | 12 +++++++-----
20
1 file changed, 7 insertions(+), 5 deletions(-)
11
1 file changed, 7 insertions(+), 5 deletions(-)
21
12
22
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
13
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
23
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
24
--- a/target/arm/cpu.h
15
--- a/hw/arm/spitz.c
25
+++ b/target/arm/cpu.h
16
+++ b/hw/arm/spitz.c
26
@@ -XXX,XX +XXX,XX @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)
17
@@ -XXX,XX +XXX,XX @@
27
int el = arm_current_el(env);
18
#include "hw/ssi/ssi.h"
28
19
#include "hw/block/flash.h"
29
if (arm_feature(env, ARM_FEATURE_M)) {
20
#include "qemu/timer.h"
30
- ARMMMUIdx mmu_idx = el == 0 ? ARMMMUIdx_MUser : ARMMMUIdx_MPriv;
21
+#include "qemu/log.h"
31
+ ARMMMUIdx mmu_idx;
22
#include "hw/arm/sharpsl.h"
32
23
#include "ui/console.h"
33
- if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) {
24
#include "hw/audio/wm8750.h"
34
- mmu_idx = ARMMMUIdx_MNegPri;
25
@@ -XXX,XX +XXX,XX @@ typedef struct {
35
+ if (el == 0) {
26
#define zaurus_printf(format, ...) \
36
+ mmu_idx = env->v7m.secure ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser;
27
fprintf(stderr, "%s: " format, __func__, ##__VA_ARGS__)
37
+ } else {
28
38
+ mmu_idx = env->v7m.secure ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv;
29
-#undef REG_FMT
39
}
30
-#define REG_FMT "0x%02lx"
40
31
-
41
- if (env->v7m.secure) {
32
/* Spitz Flash */
42
- mmu_idx += ARMMMUIdx_MSUser;
33
#define FLASH_BASE 0x0c000000
43
+ if (armv7m_nvic_neg_prio_requested(env->nvic, env->v7m.secure)) {
34
#define FLASH_ECCLPLB 0x00 /* Line parity 7 - 0 bit */
44
+ mmu_idx = env->v7m.secure ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri;
35
@@ -XXX,XX +XXX,XX @@ static uint64_t sl_read(void *opaque, hwaddr addr, unsigned size)
45
}
36
return ecc_digest(&s->ecc, nand_getio(s->nand));
46
37
47
return arm_to_core_mmu_idx(mmu_idx);
38
default:
39
- zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
40
+ qemu_log_mask(LOG_GUEST_ERROR,
41
+ "sl_read: bad register offset 0x%02" HWADDR_PRIx "\n",
42
+ addr);
43
}
44
return 0;
45
}
46
@@ -XXX,XX +XXX,XX @@ static void sl_write(void *opaque, hwaddr addr,
47
break;
48
49
default:
50
- zaurus_printf("Bad register offset " REG_FMT "\n", (unsigned long)addr);
51
+ qemu_log_mask(LOG_GUEST_ERROR,
52
+ "sl_write: bad register offset 0x%02" HWADDR_PRIx "\n",
53
+ addr);
54
}
55
}
56
48
--
57
--
49
2.7.4
58
2.20.1
50
59
51
60
diff view generated by jsdifflib
[Qemu-devel] [PULL 10/20] target/arm: Warn about restoring to unaligned stack
[PULL 31/34] hw/arm/pxa2xx_pic: Use LOG_GUEST_ERROR for bad guest register accesses
1
Attempting to do an exception return with an exception frame that
1
Instead of using printf() for logging guest accesses to invalid
2
is not 8-aligned is UNPREDICTABLE in v8M; warn about this.
2
register offsets in the pxa2xx PIC device, use the usual
3
(It is not UNPREDICTABLE in v7M, and our implementation can
3
qemu_log_mask(LOG_GUEST_ERROR,...).
4
handle the merely-4-aligned case fine, so we don't need to
4
5
do anything except warn.)
5
This was the only user of the REG_FMT macro in pxa.h, so we can
6
remove that.
6
7
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
9
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
10
Message-id: 1506092407-26985-8-git-send-email-peter.maydell@linaro.org
11
Message-id: 20200628142429.17111-16-peter.maydell@linaro.org
11
---
12
---
12
target/arm/helper.c | 7 +++++++
13
include/hw/arm/pxa.h | 1 -
13
1 file changed, 7 insertions(+)
14
hw/arm/pxa2xx_pic.c | 9 +++++++--
15
2 files changed, 7 insertions(+), 3 deletions(-)
14
16
15
diff --git a/target/arm/helper.c b/target/arm/helper.c
17
diff --git a/include/hw/arm/pxa.h b/include/hw/arm/pxa.h
16
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/helper.c
19
--- a/include/hw/arm/pxa.h
18
+++ b/target/arm/helper.c
20
+++ b/include/hw/arm/pxa.h
19
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
21
@@ -XXX,XX +XXX,XX @@ struct PXA2xxI2SState {
20
return_to_sp_process);
22
};
21
uint32_t frameptr = *frame_sp_p;
23
22
24
# define PA_FMT            "0x%08lx"
23
+ if (!QEMU_IS_ALIGNED(frameptr, 8) &&
25
-# define REG_FMT        "0x" TARGET_FMT_plx
24
+ arm_feature(env, ARM_FEATURE_V8)) {
26
25
+ qemu_log_mask(LOG_GUEST_ERROR,
27
PXA2xxState *pxa270_init(MemoryRegion *address_space, unsigned int sdram_size,
26
+ "M profile exception return with non-8-aligned SP "
28
const char *revision);
27
+ "for destination state is UNPREDICTABLE\n");
29
diff --git a/hw/arm/pxa2xx_pic.c b/hw/arm/pxa2xx_pic.c
28
+ }
30
index XXXXXXX..XXXXXXX 100644
29
+
31
--- a/hw/arm/pxa2xx_pic.c
30
/* Pop registers. TODO: make these accesses use the correct
32
+++ b/hw/arm/pxa2xx_pic.c
31
* attributes and address space (S/NS, priv/unpriv) and handle
33
@@ -XXX,XX +XXX,XX @@
32
* memory transaction failures.
34
#include "qemu/osdep.h"
35
#include "qapi/error.h"
36
#include "qemu/module.h"
37
+#include "qemu/log.h"
38
#include "cpu.h"
39
#include "hw/arm/pxa.h"
40
#include "hw/sysbus.h"
41
@@ -XXX,XX +XXX,XX @@ static uint64_t pxa2xx_pic_mem_read(void *opaque, hwaddr offset,
42
case ICHP:    /* Highest Priority register */
43
return pxa2xx_pic_highest(s);
44
default:
45
- printf("%s: Bad register offset " REG_FMT "\n", __func__, offset);
46
+ qemu_log_mask(LOG_GUEST_ERROR,
47
+ "pxa2xx_pic_mem_read: bad register offset 0x%" HWADDR_PRIx
48
+ "\n", offset);
49
return 0;
50
}
51
}
52
@@ -XXX,XX +XXX,XX @@ static void pxa2xx_pic_mem_write(void *opaque, hwaddr offset,
53
s->priority[32 + ((offset - IPR32) >> 2)] = value & 0x8000003f;
54
break;
55
default:
56
- printf("%s: Bad register offset " REG_FMT "\n", __func__, offset);
57
+ qemu_log_mask(LOG_GUEST_ERROR,
58
+ "pxa2xx_pic_mem_write: bad register offset 0x%"
59
+ HWADDR_PRIx "\n", offset);
60
return;
61
}
62
pxa2xx_pic_update(opaque);
33
--
63
--
34
2.7.4
64
2.20.1
35
65
36
66
diff view generated by jsdifflib
[Qemu-devel] [PULL 07/20] target/arm: Restore security state on exception return
[PULL 32/34] hw/arm/spitz: Provide usual QOM macros for corgi-ssp and spitz-lcdtg
1
Now that we can handle the CONTROL.SPSEL bit not necessarily being
1
The QOM types "spitz-lcdtg" and "corgi-ssp" are missing the
2
in sync with the current stack pointer, we can restore the correct
2
usual QOM TYPE and casting macros; provide and use them.
3
security state on exception return. This happens before we start
3
4
to read registers off the stack frame, but after we have taken
4
In particular, we can safely use the QOM cast macros instead of
5
possible usage faults for bad exception return magic values and
5
FROM_SSI_SLAVE() because in both cases the 'ssidev' field of
6
updated CONTROL.SPSEL.
6
the instance state struct is the first field in it.
7
7
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
Message-id: 1506092407-26985-5-git-send-email-peter.maydell@linaro.org
10
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
11
Message-id: 20200628142429.17111-17-peter.maydell@linaro.org
11
---
12
---
12
target/arm/helper.c | 2 ++
13
hw/arm/spitz.c | 23 +++++++++++++++--------
13
1 file changed, 2 insertions(+)
14
1 file changed, 15 insertions(+), 8 deletions(-)
14
15
15
diff --git a/target/arm/helper.c b/target/arm/helper.c
16
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
16
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/helper.c
18
--- a/hw/arm/spitz.c
18
+++ b/target/arm/helper.c
19
+++ b/hw/arm/spitz.c
19
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
20
@@ -XXX,XX +XXX,XX @@ static void spitz_keyboard_realize(DeviceState *dev, Error **errp)
20
*/
21
#define LCDTG_PICTRL 0x06
21
write_v7m_control_spsel(env, return_to_sp_process);
22
#define LCDTG_POLCTRL 0x07
22
23
23
+ switch_v7m_security_state(env, return_to_secure);
24
+#define TYPE_SPITZ_LCDTG "spitz-lcdtg"
25
+#define SPITZ_LCDTG(obj) OBJECT_CHECK(SpitzLCDTG, (obj), TYPE_SPITZ_LCDTG)
24
+
26
+
25
{
27
typedef struct {
26
/* The stack pointer we should be reading the exception frame from
28
SSISlave ssidev;
27
* depends on bits in the magic exception return type value (and
29
uint32_t bl_intensity;
30
@@ -XXX,XX +XXX,XX @@ static inline void spitz_bl_power(void *opaque, int line, int level)
31
32
static uint32_t spitz_lcdtg_transfer(SSISlave *dev, uint32_t value)
33
{
34
- SpitzLCDTG *s = FROM_SSI_SLAVE(SpitzLCDTG, dev);
35
+ SpitzLCDTG *s = SPITZ_LCDTG(dev);
36
int addr;
37
addr = value >> 5;
38
value &= 0x1f;
39
@@ -XXX,XX +XXX,XX @@ static uint32_t spitz_lcdtg_transfer(SSISlave *dev, uint32_t value)
40
41
static void spitz_lcdtg_realize(SSISlave *ssi, Error **errp)
42
{
43
- SpitzLCDTG *s = FROM_SSI_SLAVE(SpitzLCDTG, ssi);
44
+ SpitzLCDTG *s = SPITZ_LCDTG(ssi);
45
DeviceState *dev = DEVICE(s);
46
47
s->bl_power = 0;
48
@@ -XXX,XX +XXX,XX @@ static void spitz_lcdtg_realize(SSISlave *ssi, Error **errp)
49
#define SPITZ_GPIO_MAX1111_CS 20
50
#define SPITZ_GPIO_TP_INT 11
51
52
+#define TYPE_CORGI_SSP "corgi-ssp"
53
+#define CORGI_SSP(obj) OBJECT_CHECK(CorgiSSPState, (obj), TYPE_CORGI_SSP)
54
+
55
/* "Demux" the signal based on current chipselect */
56
typedef struct {
57
SSISlave ssidev;
58
@@ -XXX,XX +XXX,XX @@ typedef struct {
59
60
static uint32_t corgi_ssp_transfer(SSISlave *dev, uint32_t value)
61
{
62
- CorgiSSPState *s = FROM_SSI_SLAVE(CorgiSSPState, dev);
63
+ CorgiSSPState *s = CORGI_SSP(dev);
64
int i;
65
66
for (i = 0; i < 3; i++) {
67
@@ -XXX,XX +XXX,XX @@ static void corgi_ssp_gpio_cs(void *opaque, int line, int level)
68
static void corgi_ssp_realize(SSISlave *d, Error **errp)
69
{
70
DeviceState *dev = DEVICE(d);
71
- CorgiSSPState *s = FROM_SSI_SLAVE(CorgiSSPState, d);
72
+ CorgiSSPState *s = CORGI_SSP(d);
73
74
qdev_init_gpio_in(dev, corgi_ssp_gpio_cs, 3);
75
s->bus[0] = ssi_create_bus(dev, "ssi0");
76
@@ -XXX,XX +XXX,XX @@ static void spitz_ssp_attach(SpitzMachineState *sms)
77
{
78
void *bus;
79
80
- sms->mux = ssi_create_slave(sms->mpu->ssp[CORGI_SSP_PORT - 1], "corgi-ssp");
81
+ sms->mux = ssi_create_slave(sms->mpu->ssp[CORGI_SSP_PORT - 1],
82
+ TYPE_CORGI_SSP);
83
84
bus = qdev_get_child_bus(sms->mux, "ssi0");
85
- sms->lcdtg = ssi_create_slave(bus, "spitz-lcdtg");
86
+ sms->lcdtg = ssi_create_slave(bus, TYPE_SPITZ_LCDTG);
87
88
bus = qdev_get_child_bus(sms->mux, "ssi1");
89
sms->ads7846 = ssi_create_slave(bus, "ads7846");
90
@@ -XXX,XX +XXX,XX @@ static void corgi_ssp_class_init(ObjectClass *klass, void *data)
91
}
92
93
static const TypeInfo corgi_ssp_info = {
94
- .name = "corgi-ssp",
95
+ .name = TYPE_CORGI_SSP,
96
.parent = TYPE_SSI_SLAVE,
97
.instance_size = sizeof(CorgiSSPState),
98
.class_init = corgi_ssp_class_init,
99
@@ -XXX,XX +XXX,XX @@ static void spitz_lcdtg_class_init(ObjectClass *klass, void *data)
100
}
101
102
static const TypeInfo spitz_lcdtg_info = {
103
- .name = "spitz-lcdtg",
104
+ .name = TYPE_SPITZ_LCDTG,
105
.parent = TYPE_SSI_SLAVE,
106
.instance_size = sizeof(SpitzLCDTG),
107
.class_init = spitz_lcdtg_class_init,
28
--
108
--
29
2.7.4
109
2.20.1
30
110
31
111
diff view generated by jsdifflib
[Qemu-devel] [PULL 05/20] target/arm: Don't switch to target stack early in v7M exception return
[PULL 33/34] Replace uses of FROM_SSI_SLAVE() macro with QOM casts
1
Currently our M profile exception return code switches to the
1
The FROM_SSI_SLAVE() macro predates QOM and is used as a typesafe way
2
target stack pointer relatively early in the process, before
2
to cast from an SSISlave* to the instance struct of a subtype of
3
it tries to pop the exception frame off the stack. This is
3
TYPE_SSI_SLAVE. Switch to using the QOM cast macros instead, which
4
awkward for v8M for two reasons:
4
have the same effect (by writing the QOM macros if the types were
5
* in v8M the process vs main stack pointer is not selected
5
previously missing them.)
6
purely by the value of CONTROL.SPSEL, so updating SPSEL
7
and relying on that to switch to the right stack pointer
8
won't work
9
* the stack we should be reading the stack frame from and
10
the stack we will eventually switch to might not be the
11
same if the guest is doing strange things
12
6
13
Change our exception return code to use a 'frame pointer'
7
(The FROM_SSI_SLAVE() macro allows the SSISlave member of the
14
to read the exception frame rather than assuming that we
8
subtype's struct to be anywhere as long as it is named "ssidev",
15
can switch the live stack pointer this early.
9
whereas a QOM cast macro insists that it is the first thing in the
10
subtype's struct. This is true for all the types we convert here.)
11
12
This removes all the uses of FROM_SSI_SLAVE() so we can delete the
13
definition.
16
14
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
16
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
19
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
20
Message-id: 1506092407-26985-3-git-send-email-peter.maydell@linaro.org
18
Message-id: 20200628142429.17111-18-peter.maydell@linaro.org
21
---
19
---
22
target/arm/helper.c | 130 +++++++++++++++++++++++++++++++++++++++-------------
20
include/hw/ssi/ssi.h | 2 --
23
1 file changed, 98 insertions(+), 32 deletions(-)
21
hw/arm/z2.c | 11 +++++++----
22
hw/display/ads7846.c | 9 ++++++---
23
hw/display/ssd0323.c | 10 +++++++---
24
hw/sd/ssi-sd.c | 4 ++--
25
5 files changed, 22 insertions(+), 14 deletions(-)
24
26
25
diff --git a/target/arm/helper.c b/target/arm/helper.c
27
diff --git a/include/hw/ssi/ssi.h b/include/hw/ssi/ssi.h
26
index XXXXXXX..XXXXXXX 100644
28
index XXXXXXX..XXXXXXX 100644
27
--- a/target/arm/helper.c
29
--- a/include/hw/ssi/ssi.h
28
+++ b/target/arm/helper.c
30
+++ b/include/hw/ssi/ssi.h
29
@@ -XXX,XX +XXX,XX @@ static void v7m_push(CPUARMState *env, uint32_t val)
31
@@ -XXX,XX +XXX,XX @@ struct SSISlave {
30
stl_phys(cs->as, env->regs[13], val);
32
bool cs;
33
};
34
35
-#define FROM_SSI_SLAVE(type, dev) DO_UPCAST(type, ssidev, dev)
36
-
37
extern const VMStateDescription vmstate_ssi_slave;
38
39
#define VMSTATE_SSI_SLAVE(_field, _state) { \
40
diff --git a/hw/arm/z2.c b/hw/arm/z2.c
41
index XXXXXXX..XXXXXXX 100644
42
--- a/hw/arm/z2.c
43
+++ b/hw/arm/z2.c
44
@@ -XXX,XX +XXX,XX @@ typedef struct {
45
int pos;
46
} ZipitLCD;
47
48
+#define TYPE_ZIPIT_LCD "zipit-lcd"
49
+#define ZIPIT_LCD(obj) OBJECT_CHECK(ZipitLCD, (obj), TYPE_ZIPIT_LCD)
50
+
51
static uint32_t zipit_lcd_transfer(SSISlave *dev, uint32_t value)
52
{
53
- ZipitLCD *z = FROM_SSI_SLAVE(ZipitLCD, dev);
54
+ ZipitLCD *z = ZIPIT_LCD(dev);
55
uint16_t val;
56
if (z->selected) {
57
z->buf[z->pos] = value & 0xff;
58
@@ -XXX,XX +XXX,XX @@ static void z2_lcd_cs(void *opaque, int line, int level)
59
60
static void zipit_lcd_realize(SSISlave *dev, Error **errp)
61
{
62
- ZipitLCD *z = FROM_SSI_SLAVE(ZipitLCD, dev);
63
+ ZipitLCD *z = ZIPIT_LCD(dev);
64
z->selected = 0;
65
z->enabled = 0;
66
z->pos = 0;
67
@@ -XXX,XX +XXX,XX @@ static void zipit_lcd_class_init(ObjectClass *klass, void *data)
31
}
68
}
32
69
33
-static uint32_t v7m_pop(CPUARMState *env)
70
static const TypeInfo zipit_lcd_info = {
34
-{
71
- .name = "zipit-lcd",
35
- CPUState *cs = CPU(arm_env_get_cpu(env));
72
+ .name = TYPE_ZIPIT_LCD,
36
- uint32_t val;
73
.parent = TYPE_SSI_SLAVE,
37
-
74
.instance_size = sizeof(ZipitLCD),
38
- val = ldl_phys(cs->as, env->regs[13]);
75
.class_init = zipit_lcd_class_init,
39
- env->regs[13] += 4;
76
@@ -XXX,XX +XXX,XX @@ static void z2_init(MachineState *machine)
40
- return val;
77
41
-}
78
type_register_static(&zipit_lcd_info);
42
-
79
type_register_static(&aer915_info);
43
/* Return true if we're using the process stack pointer (not the MSP) */
80
- z2_lcd = ssi_create_slave(mpu->ssp[1], "zipit-lcd");
44
static bool v7m_using_psp(CPUARMState *env)
81
+ z2_lcd = ssi_create_slave(mpu->ssp[1], TYPE_ZIPIT_LCD);
82
bus = pxa2xx_i2c_bus(mpu->i2c[0]);
83
i2c_create_slave(bus, TYPE_AER915, 0x55);
84
wm = i2c_create_slave(bus, TYPE_WM8750, 0x1b);
85
diff --git a/hw/display/ads7846.c b/hw/display/ads7846.c
86
index XXXXXXX..XXXXXXX 100644
87
--- a/hw/display/ads7846.c
88
+++ b/hw/display/ads7846.c
89
@@ -XXX,XX +XXX,XX @@ typedef struct {
90
int output;
91
} ADS7846State;
92
93
+#define TYPE_ADS7846 "ads7846"
94
+#define ADS7846(obj) OBJECT_CHECK(ADS7846State, (obj), TYPE_ADS7846)
95
+
96
/* Control-byte bitfields */
97
#define CB_PD0        (1 << 0)
98
#define CB_PD1        (1 << 1)
99
@@ -XXX,XX +XXX,XX @@ static void ads7846_int_update(ADS7846State *s)
100
101
static uint32_t ads7846_transfer(SSISlave *dev, uint32_t value)
45
{
102
{
46
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_bxns)(CPUARMState *env, uint32_t dest)
103
- ADS7846State *s = FROM_SSI_SLAVE(ADS7846State, dev);
47
env->regs[15] = dest & ~1;
104
+ ADS7846State *s = ADS7846(dev);
105
106
switch (s->cycle ++) {
107
case 0:
108
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_ads7846 = {
109
static void ads7846_realize(SSISlave *d, Error **errp)
110
{
111
DeviceState *dev = DEVICE(d);
112
- ADS7846State *s = FROM_SSI_SLAVE(ADS7846State, d);
113
+ ADS7846State *s = ADS7846(d);
114
115
qdev_init_gpio_out(dev, &s->interrupt, 1);
116
117
@@ -XXX,XX +XXX,XX @@ static void ads7846_class_init(ObjectClass *klass, void *data)
48
}
118
}
49
119
50
+static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool secure, bool threadmode,
120
static const TypeInfo ads7846_info = {
51
+ bool spsel)
121
- .name = "ads7846",
52
+{
122
+ .name = TYPE_ADS7846,
53
+ /* Return a pointer to the location where we currently store the
123
.parent = TYPE_SSI_SLAVE,
54
+ * stack pointer for the requested security state and thread mode.
124
.instance_size = sizeof(ADS7846State),
55
+ * This pointer will become invalid if the CPU state is updated
125
.class_init = ads7846_class_init,
56
+ * such that the stack pointers are switched around (eg changing
126
diff --git a/hw/display/ssd0323.c b/hw/display/ssd0323.c
57
+ * the SPSEL control bit).
127
index XXXXXXX..XXXXXXX 100644
58
+ * Compare the v8M ARM ARM pseudocode LookUpSP_with_security_mode().
128
--- a/hw/display/ssd0323.c
59
+ * Unlike that pseudocode, we require the caller to pass us in the
129
+++ b/hw/display/ssd0323.c
60
+ * SPSEL control bit value; this is because we also use this
130
@@ -XXX,XX +XXX,XX @@ typedef struct {
61
+ * function in handling of pushing of the callee-saves registers
131
uint8_t framebuffer[128 * 80 / 2];
62
+ * part of the v8M stack frame (pseudocode PushCalleeStack()),
132
} ssd0323_state;
63
+ * and in the tailchain codepath the SPSEL bit comes from the exception
133
64
+ * return magic LR value from the previous exception. The pseudocode
134
+#define TYPE_SSD0323 "ssd0323"
65
+ * opencodes the stack-selection in PushCalleeStack(), but we prefer
135
+#define SSD0323(obj) OBJECT_CHECK(ssd0323_state, (obj), TYPE_SSD0323)
66
+ * to make this utility function generic enough to do the job.
67
+ */
68
+ bool want_psp = threadmode && spsel;
69
+
136
+
70
+ if (secure == env->v7m.secure) {
71
+ /* Currently switch_v7m_sp switches SP as it updates SPSEL,
72
+ * so the SP we want is always in regs[13].
73
+ * When we decouple SPSEL from the actually selected SP
74
+ * we need to check want_psp against v7m_using_psp()
75
+ * to see whether we need regs[13] or v7m.other_sp.
76
+ */
77
+ return &env->regs[13];
78
+ } else {
79
+ if (want_psp) {
80
+ return &env->v7m.other_ss_psp;
81
+ } else {
82
+ return &env->v7m.other_ss_msp;
83
+ }
84
+ }
85
+}
86
+
137
+
87
static uint32_t arm_v7m_load_vector(ARMCPU *cpu)
138
static uint32_t ssd0323_transfer(SSISlave *dev, uint32_t data)
88
{
139
{
89
CPUState *cs = CPU(cpu);
140
- ssd0323_state *s = FROM_SSI_SLAVE(ssd0323_state, dev);
90
@@ -XXX,XX +XXX,XX @@ static void v7m_push_stack(ARMCPU *cpu)
141
+ ssd0323_state *s = SSD0323(dev);
91
static void do_v7m_exception_exit(ARMCPU *cpu)
142
143
switch (s->mode) {
144
case SSD0323_DATA:
145
@@ -XXX,XX +XXX,XX @@ static const GraphicHwOps ssd0323_ops = {
146
static void ssd0323_realize(SSISlave *d, Error **errp)
92
{
147
{
93
CPUARMState *env = &cpu->env;
148
DeviceState *dev = DEVICE(d);
94
+ CPUState *cs = CPU(cpu);
149
- ssd0323_state *s = FROM_SSI_SLAVE(ssd0323_state, d);
95
uint32_t excret;
150
+ ssd0323_state *s = SSD0323(d);
96
uint32_t xpsr;
151
97
bool ufault = false;
152
s->col_end = 63;
98
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
153
s->row_end = 79;
99
bool return_to_handler = false;
154
@@ -XXX,XX +XXX,XX @@ static void ssd0323_class_init(ObjectClass *klass, void *data)
100
bool rettobase = false;
155
}
101
bool exc_secure = false;
156
102
+ bool return_to_secure;
157
static const TypeInfo ssd0323_info = {
103
158
- .name = "ssd0323",
104
/* We can only get here from an EXCP_EXCEPTION_EXIT, and
159
+ .name = TYPE_SSD0323,
105
* gen_bx_excret() enforces the architectural rule
160
.parent = TYPE_SSI_SLAVE,
106
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
161
.instance_size = sizeof(ssd0323_state),
107
g_assert_not_reached();
162
.class_init = ssd0323_class_init,
108
}
163
diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c
109
164
index XXXXXXX..XXXXXXX 100644
110
+ return_to_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
165
--- a/hw/sd/ssi-sd.c
111
+ (excret & R_V7M_EXCRET_S_MASK);
166
+++ b/hw/sd/ssi-sd.c
112
+
167
@@ -XXX,XX +XXX,XX @@ typedef struct {
113
switch (excret & 0xf) {
168
114
case 1: /* Return to Handler */
169
static uint32_t ssi_sd_transfer(SSISlave *dev, uint32_t val)
115
return_to_handler = true;
170
{
116
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
171
- ssi_sd_state *s = FROM_SSI_SLAVE(ssi_sd_state, dev);
117
return;
172
+ ssi_sd_state *s = SSI_SD(dev);
118
}
173
119
174
/* Special case: allow CMD12 (STOP TRANSMISSION) while reading data. */
120
- /* Switch to the target stack. */
175
if (s->mode == SSI_SD_DATA_READ && val == 0x4d) {
121
+ /* Set CONTROL.SPSEL from excret.SPSEL. For QEMU this currently
176
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_ssi_sd = {
122
+ * causes us to switch the active SP, but we will change this
177
123
+ * later to not do that so we can support v8M.
178
static void ssi_sd_realize(SSISlave *d, Error **errp)
124
+ */
179
{
125
switch_v7m_sp(env, return_to_sp_process);
180
- ssi_sd_state *s = FROM_SSI_SLAVE(ssi_sd_state, d);
126
- /* Pop registers. */
181
+ ssi_sd_state *s = SSI_SD(d);
127
- env->regs[0] = v7m_pop(env);
182
DeviceState *carddev;
128
- env->regs[1] = v7m_pop(env);
183
DriveInfo *dinfo;
129
- env->regs[2] = v7m_pop(env);
184
Error *err = NULL;
130
- env->regs[3] = v7m_pop(env);
131
- env->regs[12] = v7m_pop(env);
132
- env->regs[14] = v7m_pop(env);
133
- env->regs[15] = v7m_pop(env);
134
- if (env->regs[15] & 1) {
135
- qemu_log_mask(LOG_GUEST_ERROR,
136
- "M profile return from interrupt with misaligned "
137
- "PC is UNPREDICTABLE\n");
138
- /* Actual hardware seems to ignore the lsbit, and there are several
139
- * RTOSes out there which incorrectly assume the r15 in the stack
140
- * frame should be a Thumb-style "lsbit indicates ARM/Thumb" value.
141
+
142
+ {
143
+ /* The stack pointer we should be reading the exception frame from
144
+ * depends on bits in the magic exception return type value (and
145
+ * for v8M isn't necessarily the stack pointer we will eventually
146
+ * end up resuming execution with). Get a pointer to the location
147
+ * in the CPU state struct where the SP we need is currently being
148
+ * stored; we will use and modify it in place.
149
+ * We use this limited C variable scope so we don't accidentally
150
+ * use 'frame_sp_p' after we do something that makes it invalid.
151
+ */
152
+ uint32_t *frame_sp_p = get_v7m_sp_ptr(env,
153
+ return_to_secure,
154
+ !return_to_handler,
155
+ return_to_sp_process);
156
+ uint32_t frameptr = *frame_sp_p;
157
+
158
+ /* Pop registers. TODO: make these accesses use the correct
159
+ * attributes and address space (S/NS, priv/unpriv) and handle
160
+ * memory transaction failures.
161
*/
162
- env->regs[15] &= ~1U;
163
+ env->regs[0] = ldl_phys(cs->as, frameptr);
164
+ env->regs[1] = ldl_phys(cs->as, frameptr + 0x4);
165
+ env->regs[2] = ldl_phys(cs->as, frameptr + 0x8);
166
+ env->regs[3] = ldl_phys(cs->as, frameptr + 0xc);
167
+ env->regs[12] = ldl_phys(cs->as, frameptr + 0x10);
168
+ env->regs[14] = ldl_phys(cs->as, frameptr + 0x14);
169
+ env->regs[15] = ldl_phys(cs->as, frameptr + 0x18);
170
+ if (env->regs[15] & 1) {
171
+ qemu_log_mask(LOG_GUEST_ERROR,
172
+ "M profile return from interrupt with misaligned "
173
+ "PC is UNPREDICTABLE\n");
174
+ /* Actual hardware seems to ignore the lsbit, and there are several
175
+ * RTOSes out there which incorrectly assume the r15 in the stack
176
+ * frame should be a Thumb-style "lsbit indicates ARM/Thumb" value.
177
+ */
178
+ env->regs[15] &= ~1U;
179
+ }
180
+ xpsr = ldl_phys(cs->as, frameptr + 0x1c);
181
+
182
+ /* Commit to consuming the stack frame */
183
+ frameptr += 0x20;
184
+ /* Undo stack alignment (the SPREALIGN bit indicates that the original
185
+ * pre-exception SP was not 8-aligned and we added a padding word to
186
+ * align it, so we undo this by ORing in the bit that increases it
187
+ * from the current 8-aligned value to the 8-unaligned value. (Adding 4
188
+ * would work too but a logical OR is how the pseudocode specifies it.)
189
+ */
190
+ if (xpsr & XPSR_SPREALIGN) {
191
+ frameptr |= 4;
192
+ }
193
+ *frame_sp_p = frameptr;
194
}
195
- xpsr = v7m_pop(env);
196
+ /* This xpsr_write() will invalidate frame_sp_p as it may switch stack */
197
xpsr_write(env, xpsr, ~XPSR_SPREALIGN);
198
- /* Undo stack alignment. */
199
- if (xpsr & XPSR_SPREALIGN) {
200
- env->regs[13] |= 4;
201
- }
202
203
/* The restored xPSR exception field will be zero if we're
204
* resuming in Thread mode. If that doesn't match what the
205
--
185
--
206
2.7.4
186
2.20.1
207
187
208
188
diff view generated by jsdifflib
[Qemu-devel] [PULL 04/20] nvic: Clear the vector arrays and prigroup on reset
[PULL 34/34] Deprecate TileGX port
1
Reset for devices does not include an automatic clear of the
1
Deprecate our TileGX target support:
2
device state (unlike CPU state, where most of the state
2
* we have no active maintainer for it
3
structure is cleared to zero). Add some missing initialization
3
* it has had essentially no contributions (other than tree-wide cleanups
4
of NVIC state that meant that the device was left in the wrong
4
and similar) since it was first added
5
state if the guest did a warm reset.
5
* the Linux kernel dropped support in 2018, as has glibc
6
6
7
(In particular, since we were resetting the computed state like
7
Note the deprecation in the manual, but don't try to print a warning
8
s->exception_prio but not all the state it was computed
8
when QEMU runs -- printing unsuppressable messages is more obtrusive
9
from like s->vectors[x].active, the NVIC wound up in an
9
for linux-user mode than it would be for system-emulation mode, and
10
inconsistent state that could later trigger assertion failures.)
10
it doesn't seem worth trying to invent a new suppressible-error
11
system for linux-user just for this.
11
12
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
14
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
14
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
15
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
15
Message-id: 1506092407-26985-2-git-send-email-peter.maydell@linaro.org
16
Reviewed-by: Thomas Huth <thuth@redhat.com>
17
Message-id: 20200619154831.26319-1-peter.maydell@linaro.org
16
---
18
---
17
hw/intc/armv7m_nvic.c | 5 +++++
19
docs/system/deprecated.rst | 11 +++++++++++
18
1 file changed, 5 insertions(+)
20
1 file changed, 11 insertions(+)
19
21
20
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
22
diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
21
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
22
--- a/hw/intc/armv7m_nvic.c
24
--- a/docs/system/deprecated.rst
23
+++ b/hw/intc/armv7m_nvic.c
25
+++ b/docs/system/deprecated.rst
24
@@ -XXX,XX +XXX,XX @@ static void armv7m_nvic_reset(DeviceState *dev)
26
@@ -XXX,XX +XXX,XX @@ The above, converted to the current supported format::
25
int resetprio;
27
26
NVICState *s = NVIC(dev);
28
json:{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"}
27
29
28
+ memset(s->vectors, 0, sizeof(s->vectors));
30
+linux-user mode CPUs
29
+ memset(s->sec_vectors, 0, sizeof(s->sec_vectors));
31
+--------------------
30
+ s->prigroup[M_REG_NS] = 0;
31
+ s->prigroup[M_REG_S] = 0;
32
+
32
+
33
s->vectors[ARMV7M_EXCP_NMI].enabled = 1;
33
+``tilegx`` CPUs (since 5.1.0)
34
/* MEM, BUS, and USAGE are enabled through
34
+'''''''''''''''''''''''''''''
35
* the System Handler Control register
35
+
36
+The ``tilegx`` guest CPU support (which was only implemented in
37
+linux-user mode) is deprecated and will be removed in a future version
38
+of QEMU. Support for this CPU was removed from the upstream Linux
39
+kernel in 2018, and has also been dropped from glibc.
40
+
41
Related binaries
42
----------------
43
36
--
44
--
37
2.7.4
45
2.20.1
38
46
39
47
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.