target-arm queue: mostly just cleanup/minor stuff, but this does

include the raspi3 board model.

The following changes since commit 9f9c53368b219a9115eddb39f0ff5ad19c977134:

Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-2.12-pull-request' into staging (2018-02-15 10:14:11 +0000)

git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180215

for you to fetch changes up to e545f0f9be1f9e60951017c1e6558216732cc14e:

target/arm: Implement v8M MSPLIM and PSPLIM registers (2018-02-15 13:48:11 +0000)

* aspeed: code cleanup to use unimplemented_device

* add 'raspi3' RaspberryPi 3 machine model

* more SVE prep work

* v8M: add minor missing registers

* v7M: fix bug where we weren't migrating v7m.other_sp

* v7M: fix bugs in handling of interrupt registers for

external interrupts beyond 32

Pekka Enberg (3):

bcm2836: Make CPU type configurable

raspi: Raspberry Pi 3 support

raspi: Add "raspi3" machine type

Peter Maydell (11):

hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVIC

hw/intc/armv7m_nvic: Fix ICSR PENDNMISET/CLR handling

hw/intc/armv7m_nvic: Implement M profile cache maintenance ops

hw/intc/armv7m_nvic: Implement v8M CPPWR register

hw/intc/armv7m_nvic: Implement cache ID registers

hw/intc/armv7m_nvic: Implement SCR

target/arm: Implement writing to CONTROL_NS for v8M

hw/intc/armv7m_nvic: Fix byte-to-interrupt number conversions

target/arm: Add AIRCR to vmstate struct

target/arm: Migrate v7m.other_sp

target/arm: Implement v8M MSPLIM and PSPLIM registers

Philippe Mathieu-Daudé (2):

hw/arm/aspeed: directly map the serial device to the system address space

hw/arm/aspeed: simplify using the 'unimplemented device' for aspeed_soc.io

Richard Henderson (5):

target/arm: Remove ARM_CP_64BIT from ZCR_EL registers

target/arm: Enforce FP access to FPCR/FPSR

target/arm: Suppress TB end for FPCR/FPSR

target/arm: Enforce access to ZCR_EL at translation

target/arm: Handle SVE registers when using clear_vec_high

include/hw/arm/aspeed_soc.h | 1 -

include/hw/arm/bcm2836.h | 1 +

target/arm/cpu.h | 71 ++++++++++++-----

target/arm/internals.h | 6 ++

hw/arm/aspeed_soc.c | 35 ++-------

hw/arm/bcm2836.c | 17 +++--

hw/arm/raspi.c | 57 +++++++++++---

hw/intc/armv7m_nvic.c | 98 ++++++++++++++++++------

target/arm/cpu.c | 28 +++++++

target/arm/helper.c | 84 +++++++++++++++-----

target/arm/machine.c | 84 ++++++++++++++++++++

target/arm/translate-a64.c | 181 ++++++++++++++++++++------------------------

12 files changed, 452 insertions(+), 211 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Because they are ARM_CP_STATE_AA64, ARM_CP_64BIT is implied.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20180211205848.4568-2-richard.henderson@linaro.org

target/arm/helper.c | 8 ++++----

1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c

--- a/target/arm/helper.c

+++ b/target/arm/helper.c

@@ -XXX,XX +XXX,XX @@ static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,

static const ARMCPRegInfo zcr_el1_reginfo = {

.name = "ZCR_EL1", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 0, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL1_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,

+ .access = PL1_RW, .accessfn = zcr_access,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[1]),

.writefn = zcr_write, .raw_writefn = raw_write

};

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el1_reginfo = {

static const ARMCPRegInfo zcr_el2_reginfo = {

.name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL2_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,

+ .access = PL2_RW, .accessfn = zcr_access,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[2]),

.writefn = zcr_write, .raw_writefn = raw_write

};

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el2_reginfo = {

static const ARMCPRegInfo zcr_no_el2_reginfo = {

.name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL2_RW, .type = ARM_CP_64BIT,

+ .access = PL2_RW,

.readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore

};

static const ARMCPRegInfo zcr_el3_reginfo = {

.name = "ZCR_EL3", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 6, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL3_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,

+ .access = PL3_RW, .accessfn = zcr_access,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[3]),

.writefn = zcr_write, .raw_writefn = raw_write

};

2.16.1

From: Richard Henderson <richard.henderson@linaro.org>

When storing to an AdvSIMD FP register, all of the high

bits of the SVE register are zeroed. Therefore, call it

more often with is_q as a parameter.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20180211205848.4568-6-richard.henderson@linaro.org

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

target/arm/translate-a64.c | 162 +++++++++++++++++----------------------------

1 file changed, 62 insertions(+), 100 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static TCGv_i32 read_fp_sreg(DisasContext *s, int reg)

return v;

}

+/* Clear the bits above an N-bit vector, for N = (is_q ? 128 : 64).

+ * If SVE is not enabled, then there are only 128 bits in the vector.

+ */

+static void clear_vec_high(DisasContext *s, bool is_q, int rd)

+{

+ unsigned ofs = fp_reg_offset(s, rd, MO_64);

+ unsigned vsz = vec_full_reg_size(s);

+ if (!is_q) {

+ TCGv_i64 tcg_zero = tcg_const_i64(0);

+ tcg_gen_st_i64(tcg_zero, cpu_env, ofs + 8);

+ tcg_temp_free_i64(tcg_zero);

+ }

+ if (vsz > 16) {

+ tcg_gen_gvec_dup8i(ofs + 16, vsz - 16, vsz - 16, 0);

+ }

+}

static void write_fp_dreg(DisasContext *s, int reg, TCGv_i64 v)

{

- TCGv_i64 tcg_zero = tcg_const_i64(0);

+ unsigned ofs = fp_reg_offset(s, reg, MO_64);

- tcg_gen_st_i64(v, cpu_env, fp_reg_offset(s, reg, MO_64));

- tcg_gen_st_i64(tcg_zero, cpu_env, fp_reg_hi_offset(s, reg));

- tcg_temp_free_i64(tcg_zero);

+ tcg_gen_st_i64(v, cpu_env, ofs);

+ clear_vec_high(s, false, reg);

}

static void write_fp_sreg(DisasContext *s, int reg, TCGv_i32 v)

@@ -XXX,XX +XXX,XX @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size)

tcg_temp_free_i64(tmplo);

tcg_temp_free_i64(tmphi);

+

+ clear_vec_high(s, true, destidx);

}

/*

@@ -XXX,XX +XXX,XX @@ static void write_vec_element_i32(DisasContext *s, TCGv_i32 tcg_src,

}

}

-/* Clear the high 64 bits of a 128 bit vector (in general non-quad

- * vector ops all need to do this).

- */

-static void clear_vec_high(DisasContext *s, int rd)

-{

- TCGv_i64 tcg_zero = tcg_const_i64(0);

-

- write_vec_element(s, tcg_zero, rd, 1, MO_64);

- tcg_temp_free_i64(tcg_zero);

-}

-

/* Store from vector register to memory */

static void do_vec_st(DisasContext *s, int srcidx, int element,

TCGv_i64 tcg_addr, int size)

@@ -XXX,XX +XXX,XX @@ static void disas_ldst_multiple_struct(DisasContext *s, uint32_t insn)

/* For non-quad operations, setting a slice of the low

* 64 bits of the register clears the high 64 bits (in

* the ARM ARM pseudocode this is implicit in the fact

- * that 'rval' is a 64 bit wide variable). We optimize

- * by noticing that we only need to do this the first

- * time we touch a register.

+ * that 'rval' is a 64 bit wide variable).

+ * For quad operations, we might still need to zero the

+ * high bits of SVE. We optimize by noticing that we only

+ * need to do this the first time we touch a register.

*/

- if (!is_q && e == 0 && (r == 0 || xs == selem - 1)) {

- clear_vec_high(s, tt);

+ if (e == 0 && (r == 0 || xs == selem - 1)) {

+ clear_vec_high(s, is_q, tt);

}

}

tcg_gen_addi_i64(tcg_addr, tcg_addr, ebytes);

@@ -XXX,XX +XXX,XX @@ static void disas_ldst_single_struct(DisasContext *s, uint32_t insn)

write_vec_element(s, tcg_tmp, rt, 0, MO_64);

if (is_q) {

write_vec_element(s, tcg_tmp, rt, 1, MO_64);

- } else {

- clear_vec_high(s, rt);

2.16.1

From: Richard Henderson <richard.henderson@linaro.org>

This also makes sure that we get the correct ordering of

SVE vs FP exceptions.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20180211205848.4568-5-richard.henderson@linaro.org

target/arm/cpu.h | 3 ++-

target/arm/internals.h | 6 ++++++

target/arm/helper.c | 22 ++++------------------

target/arm/translate-a64.c | 16 ++++++++++++++++

4 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h

--- a/target/arm/cpu.h

+++ b/target/arm/cpu.h

@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)

#define ARM_CP_DC_ZVA (ARM_CP_SPECIAL | 0x0500)

#define ARM_LAST_SPECIAL ARM_CP_DC_ZVA

#define ARM_CP_FPU 0x1000

+#define ARM_CP_SVE 0x2000

/* Used only as a terminator for ARMCPRegInfo lists */

#define ARM_CP_SENTINEL 0xffff

/* Mask of only the flag bits in a type field */

-#define ARM_CP_FLAG_MASK 0x10ff

+#define ARM_CP_FLAG_MASK 0x30ff

/* Valid values for ARMCPRegInfo state field, indicating which of

* the AArch32 and AArch64 execution states this register is visible in.

diff --git a/target/arm/internals.h b/target/arm/internals.h

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/internals.h

+++ b/target/arm/internals.h

@@ -XXX,XX +XXX,XX @@ enum arm_exception_class {

EC_AA64_HVC = 0x16,

EC_AA64_SMC = 0x17,

EC_SYSTEMREGISTERTRAP = 0x18,

+ EC_SVEACCESSTRAP = 0x19,

EC_INSNABORT = 0x20,

EC_INSNABORT_SAME_EL = 0x21,

EC_PCALIGNMENT = 0x22,

@@ -XXX,XX +XXX,XX @@ static inline uint32_t syn_fp_access_trap(int cv, int cond, bool is_16bit)

| (cv << 24) | (cond << 20);

+static inline uint32_t syn_sve_access_trap(void)

+{

+ return EC_SVEACCESSTRAP << ARM_EL_EC_SHIFT;

+}

+

static inline uint32_t syn_insn_abort(int same_el, int ea, int s1ptw, int fsc)

{

return (EC_INSNABORT << ARM_EL_EC_SHIFT) | (same_el << ARM_EL_EC_SHIFT)

diff --git a/target/arm/helper.c b/target/arm/helper.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/helper.c

+++ b/target/arm/helper.c

@@ -XXX,XX +XXX,XX @@ static int sve_exception_el(CPUARMState *env)

return 0;

}

-static CPAccessResult zcr_access(CPUARMState *env, const ARMCPRegInfo *ri,

- bool isread)

-{

- switch (sve_exception_el(env)) {

- case 3:

- return CP_ACCESS_TRAP_EL3;

- case 2:

- return CP_ACCESS_TRAP_EL2;

- case 1:

- return CP_ACCESS_TRAP;

- }

- return CP_ACCESS_OK;

-}

-

static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,

uint64_t value)

{

@@ -XXX,XX +XXX,XX @@ static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,

static const ARMCPRegInfo zcr_el1_reginfo = {

.name = "ZCR_EL1", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 0, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL1_RW, .accessfn = zcr_access,

+ .access = PL1_RW, .type = ARM_CP_SVE | ARM_CP_FPU,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[1]),

.writefn = zcr_write, .raw_writefn = raw_write

};

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el1_reginfo = {

static const ARMCPRegInfo zcr_el2_reginfo = {

.name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL2_RW, .accessfn = zcr_access,

+ .access = PL2_RW, .type = ARM_CP_SVE | ARM_CP_FPU,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[2]),

.writefn = zcr_write, .raw_writefn = raw_write

};

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el2_reginfo = {

static const ARMCPRegInfo zcr_no_el2_reginfo = {

.name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL2_RW,

+ .access = PL2_RW, .type = ARM_CP_SVE | ARM_CP_FPU,

.readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore

};

static const ARMCPRegInfo zcr_el3_reginfo = {

.name = "ZCR_EL3", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 6, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL3_RW, .accessfn = zcr_access,

+ .access = PL3_RW, .type = ARM_CP_SVE | ARM_CP_FPU,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[3]),

.writefn = zcr_write, .raw_writefn = raw_write

};

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static inline bool fp_access_check(DisasContext *s)

return false;

}

+/* Check that SVE access is enabled. If it is, return true.

+ * If not, emit code to generate an appropriate exception and return false.

+ */

+static inline bool sve_access_check(DisasContext *s)

+{

+ if (s->sve_excp_el) {

+ gen_exception_insn(s, 4, EXCP_UDEF, syn_sve_access_trap(),

+ s->sve_excp_el);

+ return false;

+ }

+ return true;

+}

+

/*

* This utility function is for doing register extension with an

* optional shift. You will likely want to pass a temporary for the

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

default:

break;

}

+ if ((ri->type & ARM_CP_SVE) && !sve_access_check(s)) {

+ return;

+ }

if ((ri->type & ARM_CP_FPU) && !fp_access_check(s)) {

return;

}

2.16.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

(qemu) info mtree

address-space: cpu-memory-0

0000000000000000-ffffffffffffffff (prio 0, i/o): system

0000000000000000-0000000007ffffff (prio 0, rom): aspeed.boot_rom

- 000000001e600000-000000001e7fffff (prio -1, i/o): aspeed_soc.io

+ 000000001e600000-000000001e7fffff (prio -1000, i/o): aspeed_soc.io

000000001e620000-000000001e6200ff (prio 0, i/o): aspeed.smc.ast2500-fmc

000000001e630000-000000001e6300ff (prio 0, i/o): aspeed.smc.ast2500-spi1

000000001e631000-000000001e6310ff (prio 0, i/o): aspeed.smc.ast2500-spi2

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Reviewed-by: Cédric Le Goater <clg@kaod.org>

Reviewed-by: Andrew Jeffery <andrew@aj.id.au>

Message-id: 20180209085755.30414-3-f4bug@amsat.org

include/hw/arm/aspeed_soc.h | 1 -

hw/arm/aspeed_soc.c | 32 +++-----------------------------

2 files changed, 3 insertions(+), 30 deletions(-)

diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h

--- a/include/hw/arm/aspeed_soc.h

+++ b/include/hw/arm/aspeed_soc.h

@@ -XXX,XX +XXX,XX @@ typedef struct AspeedSoCState {

/*< public >*/

ARMCPU cpu;

- MemoryRegion iomem;

MemoryRegion sram;

AspeedVICState vic;

AspeedTimerCtrlState timerctrl;

diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c

--- a/hw/arm/aspeed_soc.c

+++ b/hw/arm/aspeed_soc.c

#include "qemu-common.h"

#include "cpu.h"

#include "exec/address-spaces.h"

+#include "hw/misc/unimp.h"

#include "hw/arm/aspeed_soc.h"

#include "hw/char/serial.h"

#include "qemu/log.h"

@@ -XXX,XX +XXX,XX @@ static const AspeedSoCInfo aspeed_socs[] = {

-/*

- * IO handlers: simply catch any reads/writes to IO addresses that aren't

- * handled by a device mapping.

- */

-

-static uint64_t aspeed_soc_io_read(void *p, hwaddr offset, unsigned size)

-{

- qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " [%u]\n",

- __func__, offset, size);

- return 0;

-}

-

-static void aspeed_soc_io_write(void *opaque, hwaddr offset, uint64_t value,

- unsigned size)

-{

- qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " <- 0x%" PRIx64 " [%u]\n",

- __func__, offset, value, size);

-}

-

-static const MemoryRegionOps aspeed_soc_io_ops = {

- .read = aspeed_soc_io_read,

- .write = aspeed_soc_io_write,

- .endianness = DEVICE_LITTLE_ENDIAN,

-};

-

static void aspeed_soc_init(Object *obj)

{

AspeedSoCState *s = ASPEED_SOC(obj);

@@ -XXX,XX +XXX,XX @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)

Error *err = NULL, *local_err = NULL;

/* IO space */

- memory_region_init_io(&s->iomem, NULL, &aspeed_soc_io_ops, NULL,

- "aspeed_soc.io", ASPEED_SOC_IOMEM_SIZE);

- memory_region_add_subregion_overlap(get_system_memory(),

- ASPEED_SOC_IOMEM_BASE, &s->iomem, -1);

+ create_unimplemented_device("aspeed_soc.io",

+ ASPEED_SOC_IOMEM_BASE, ASPEED_SOC_IOMEM_SIZE);

/* CPU */

object_property_set_bool(OBJECT(&s->cpu), true, "realized", &err);

2.16.1

From: Pekka Enberg <penberg@iki.fi>

This patch adds a "raspi3" machine type, which can now be selected as

the machine to run on by users via the "-M" command line option to QEMU.

The machine type does *not* ignore memory transaction failures so we

likely need to add some dummy devices later when people run something

more complicated than what I'm using for testing.

Signed-off-by: Pekka Enberg <penberg@iki.fi>

[PMM: added #ifdef TARGET_AARCH64 so we don't provide the 64-bit

board in the 32-bit only arm-softmmu build.]

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/arm/raspi.c | 23 +++++++++++++++++++++++

1 file changed, 23 insertions(+)

@@ -XXX,XX +XXX,XX @@ static void raspi2_machine_init(MachineClass *mc)

mc->ignore_memory_transaction_failures = true;

};

DEFINE_MACHINE("raspi2", raspi2_machine_init)

+#ifdef TARGET_AARCH64

+static void raspi3_init(MachineState *machine)

+{

+ raspi_init(machine, 3);

+}

+

+static void raspi3_machine_init(MachineClass *mc)

+{

+ mc->desc = "Raspberry Pi 3";

+ mc->init = raspi3_init;

+ mc->block_default_type = IF_SD;

+ mc->no_parallel = 1;

+ mc->no_floppy = 1;

+ mc->no_cdrom = 1;

+ mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");

+ mc->max_cpus = BCM2836_NCPUS;

+ mc->min_cpus = BCM2836_NCPUS;

+ mc->default_cpus = BCM2836_NCPUS;

+ mc->default_ram_size = 1024 * 1024 * 1024;

+}

+DEFINE_MACHINE("raspi3", raspi3_machine_init)

+#endif

2.16.1

In many of the NVIC registers relating to interrupts, we

have to convert from a byte offset within a register set

into the number of the first interrupt which is affected.

We were getting this wrong for:

* reads of NVIC_ISPR<n>, NVIC_ISER<n>, NVIC_ICPR<n>, NVIC_ICER<n>,

NVIC_IABR<n> -- in all these cases we were missing the "* 8"

needed to convert from the byte offset to the interrupt number

(since all these registers use one bit per interrupt)

* writes of NVIC_IPR<n> had the opposite problem of a spurious

"* 8" (since these registers use one byte per interrupt)

Message-id: 20180209165810.6668-9-peter.maydell@linaro.org

hw/intc/armv7m_nvic.c | 8 ++++----

1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c

--- a/hw/intc/armv7m_nvic.c

+++ b/hw/intc/armv7m_nvic.c

@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,

/* fall through */

case 0x180 ... 0x1bf: /* NVIC Clear enable */

val = 0;

- startvec = offset - 0x180 + NVIC_FIRST_IRQ; /* vector # */

+ startvec = 8 * (offset - 0x180) + NVIC_FIRST_IRQ; /* vector # */

for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {

if (s->vectors[startvec + i].enabled &&

@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,

/* fall through */

case 0x280 ... 0x2bf: /* NVIC Clear pend */

val = 0;

- startvec = offset - 0x280 + NVIC_FIRST_IRQ; /* vector # */

+ startvec = 8 * (offset - 0x280) + NVIC_FIRST_IRQ; /* vector # */

for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {

if (s->vectors[startvec + i].pending &&

(attrs.secure || s->itns[startvec + i])) {

@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,

break;

case 0x300 ... 0x33f: /* NVIC Active */

val = 0;

- startvec = offset - 0x300 + NVIC_FIRST_IRQ; /* vector # */

+ startvec = 8 * (offset - 0x300) + NVIC_FIRST_IRQ; /* vector # */

for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {

if (s->vectors[startvec + i].active &&

@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,

case 0x300 ... 0x33f: /* NVIC Active */

return MEMTX_OK; /* R/O */

case 0x400 ... 0x5ef: /* NVIC Priority */

- startvec = 8 * (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */

+ startvec = (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */

for (i = 0; i < size && startvec + i < s->num_irq; i++) {

if (attrs.secure || s->itns[startvec + i]) {

2.16.1

The v8M architecture includes hardware support for enforcing

stack pointer limits. We don't implement this behaviour yet,

but provide the MSPLIM and PSPLIM stack pointer limit registers

as reads-as-written, so that when we do implement the checks

in future this won't break guest migration.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20180209165810.6668-12-peter.maydell@linaro.org

target/arm/cpu.h | 2 ++

target/arm/helper.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++

target/arm/machine.c | 21 +++++++++++++++++++++

3 files changed, 69 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h

--- a/target/arm/cpu.h

+++ b/target/arm/cpu.h

@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {

uint32_t secure; /* Is CPU in Secure state? (not guest visible) */

uint32_t csselr[M_REG_NUM_BANKS];

uint32_t scr[M_REG_NUM_BANKS];

+ uint32_t msplim[M_REG_NUM_BANKS];

+ uint32_t psplim[M_REG_NUM_BANKS];

} v7m;

/* Information associated with an exception about to be taken:

diff --git a/target/arm/helper.c b/target/arm/helper.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/helper.c

+++ b/target/arm/helper.c

@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)

return 0;

}

return env->v7m.other_ss_psp;

+ case 0x8a: /* MSPLIM_NS */

+ if (!env->v7m.secure) {

+ return 0;

+ }

+ return env->v7m.msplim[M_REG_NS];

+ case 0x8b: /* PSPLIM_NS */

+ if (!env->v7m.secure) {

+ return 0;

+ }

+ return env->v7m.psplim[M_REG_NS];

case 0x90: /* PRIMASK_NS */

if (!env->v7m.secure) {

return 0;

@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)

return v7m_using_psp(env) ? env->v7m.other_sp : env->regs[13];

case 9: /* PSP */

return v7m_using_psp(env) ? env->regs[13] : env->v7m.other_sp;

+ case 10: /* MSPLIM */

+ if (!arm_feature(env, ARM_FEATURE_V8)) {

+ goto bad_reg;

+ }

+ return env->v7m.msplim[env->v7m.secure];

+ case 11: /* PSPLIM */

+ if (!arm_feature(env, ARM_FEATURE_V8)) {

+ goto bad_reg;

+ }

+ return env->v7m.psplim[env->v7m.secure];

case 16: /* PRIMASK */

return env->v7m.primask[env->v7m.secure];

case 17: /* BASEPRI */

@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)

case 19: /* FAULTMASK */

return env->v7m.faultmask[env->v7m.secure];

default:

+ bad_reg:

qemu_log_mask(LOG_GUEST_ERROR, "Attempt to read unknown special"

" register %d\n", reg);

return 0;

@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)

}

env->v7m.other_ss_psp = val;

return;

+ case 0x8a: /* MSPLIM_NS */

+ if (!env->v7m.secure) {

+ return;

+ }

+ env->v7m.msplim[M_REG_NS] = val & ~7;

+ return;

+ case 0x8b: /* PSPLIM_NS */

+ if (!env->v7m.secure) {

+ return;

+ }

+ env->v7m.psplim[M_REG_NS] = val & ~7;

+ return;

case 0x90: /* PRIMASK_NS */

if (!env->v7m.secure) {

return;

@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)

env->v7m.other_sp = val;

}

break;

+ case 10: /* MSPLIM */

+ if (!arm_feature(env, ARM_FEATURE_V8)) {

+ goto bad_reg;

+ }

+ env->v7m.msplim[env->v7m.secure] = val & ~7;

+ break;

+ case 11: /* PSPLIM */

+ if (!arm_feature(env, ARM_FEATURE_V8)) {

+ goto bad_reg;

+ }

+ env->v7m.psplim[env->v7m.secure] = val & ~7;

+ break;

case 16: /* PRIMASK */

env->v7m.primask[env->v7m.secure] = val & 1;

break;

@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)

env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK;

break;

default:

+ bad_reg:

qemu_log_mask(LOG_GUEST_ERROR, "Attempt to write unknown special"

" register %d\n", reg);

return;

diff --git a/target/arm/machine.c b/target/arm/machine.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/machine.c

+++ b/target/arm/machine.c

@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_other_sp = {

}

};

+static bool m_v8m_needed(void *opaque)

+{

+ ARMCPU *cpu = opaque;

+ CPUARMState *env = &cpu->env;

+ return arm_feature(env, ARM_FEATURE_M) && arm_feature(env, ARM_FEATURE_V8);

+}

+

+static const VMStateDescription vmstate_m_v8m = {

+ .name = "cpu/m/v8m",

+ .version_id = 1,

+ .minimum_version_id = 1,

+ .needed = m_v8m_needed,

+ .fields = (VMStateField[]) {

+ VMSTATE_UINT32_ARRAY(env.v7m.msplim, ARMCPU, M_REG_NUM_BANKS),

+ VMSTATE_UINT32_ARRAY(env.v7m.psplim, ARMCPU, M_REG_NUM_BANKS),

+ VMSTATE_END_OF_LIST()

+ }

+};

+

static const VMStateDescription vmstate_m = {

.name = "cpu/m",

.version_id = 4,

@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m = {

&vmstate_m_csselr,

&vmstate_m_scr,

&vmstate_m_other_sp,

+ &vmstate_m_v8m,

NULL

}

};