Changes v1->v2: it turns out that the raspi3 support exposes a

preexisting bug in our register definitions for VMPIDR/VMIDR:

https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg04181.html

The following changes since commit f003d07337a6d4d02c43429b26a4270459afb51a:

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging (2018-02-15 15:45:33 +0000)

git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180215-1

for you to fetch changes up to bade58166f4466546600d824a2695a00269d10eb:

raspi: Raspberry Pi 3 support (2018-02-15 18:33:46 +0000)

* aspeed: code cleanup to use unimplemented_device

* preparatory work for 'raspi3' RaspberryPi 3 machine model

* more SVE prep work

* v8M: add minor missing registers

* v7M: fix bug where we weren't migrating v7m.other_sp

* v7M: fix bugs in handling of interrupt registers for

external interrupts beyond 32

Pekka Enberg (2):

bcm2836: Make CPU type configurable

raspi: Raspberry Pi 3 support

Peter Maydell (11):

hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVIC

hw/intc/armv7m_nvic: Fix ICSR PENDNMISET/CLR handling

hw/intc/armv7m_nvic: Implement M profile cache maintenance ops

hw/intc/armv7m_nvic: Implement v8M CPPWR register

hw/intc/armv7m_nvic: Implement cache ID registers

hw/intc/armv7m_nvic: Implement SCR

target/arm: Implement writing to CONTROL_NS for v8M

hw/intc/armv7m_nvic: Fix byte-to-interrupt number conversions

target/arm: Add AIRCR to vmstate struct

target/arm: Migrate v7m.other_sp

target/arm: Implement v8M MSPLIM and PSPLIM registers

Philippe Mathieu-Daudé (2):

hw/arm/aspeed: directly map the serial device to the system address space

hw/arm/aspeed: simplify using the 'unimplemented device' for aspeed_soc.io

Richard Henderson (5):

target/arm: Remove ARM_CP_64BIT from ZCR_EL registers

target/arm: Enforce FP access to FPCR/FPSR

target/arm: Suppress TB end for FPCR/FPSR

target/arm: Enforce access to ZCR_EL at translation

target/arm: Handle SVE registers when using clear_vec_high

include/hw/arm/aspeed_soc.h | 1 -

include/hw/arm/bcm2836.h | 1 +

target/arm/cpu.h | 71 ++++++++++++-----

target/arm/internals.h | 6 ++

hw/arm/aspeed_soc.c | 35 ++-------

hw/arm/bcm2836.c | 17 +++--

hw/arm/raspi.c | 34 ++++++---

hw/intc/armv7m_nvic.c | 98 ++++++++++++++++++------

target/arm/cpu.c | 28 +++++++

target/arm/helper.c | 84 +++++++++++++++-----

target/arm/machine.c | 84 ++++++++++++++++++++

target/arm/translate-a64.c | 181 ++++++++++++++++++++------------------------

12 files changed, 429 insertions(+), 211 deletions(-)

In many of the NVIC registers relating to interrupts, we

have to convert from a byte offset within a register set

into the number of the first interrupt which is affected.

We were getting this wrong for:

* reads of NVIC_ISPR<n>, NVIC_ISER<n>, NVIC_ICPR<n>, NVIC_ICER<n>,

NVIC_IABR<n> -- in all these cases we were missing the "* 8"

needed to convert from the byte offset to the interrupt number

(since all these registers use one bit per interrupt)

* writes of NVIC_IPR<n> had the opposite problem of a spurious

"* 8" (since these registers use one byte per interrupt)

Message-id: 20180209165810.6668-9-peter.maydell@linaro.org

hw/intc/armv7m_nvic.c | 8 ++++----

1 file changed, 4 insertions(+), 4 deletions(-)

@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,

/* fall through */

case 0x180 ... 0x1bf: /* NVIC Clear enable */

val = 0;

- startvec = offset - 0x180 + NVIC_FIRST_IRQ; /* vector # */

+ startvec = 8 * (offset - 0x180) + NVIC_FIRST_IRQ; /* vector # */

if (s->vectors[startvec + i].enabled &&

@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,

/* fall through */

case 0x280 ... 0x2bf: /* NVIC Clear pend */

val = 0;

- startvec = offset - 0x280 + NVIC_FIRST_IRQ; /* vector # */

+ startvec = 8 * (offset - 0x280) + NVIC_FIRST_IRQ; /* vector # */

for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {

if (s->vectors[startvec + i].pending &&

(attrs.secure || s->itns[startvec + i])) {

@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,

break;

case 0x300 ... 0x33f: /* NVIC Active */

val = 0;

- startvec = offset - 0x300 + NVIC_FIRST_IRQ; /* vector # */

+ startvec = 8 * (offset - 0x300) + NVIC_FIRST_IRQ; /* vector # */

for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {

if (s->vectors[startvec + i].active &&

@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,

case 0x300 ... 0x33f: /* NVIC Active */

return MEMTX_OK; /* R/O */

case 0x400 ... 0x5ef: /* NVIC Priority */

- startvec = 8 * (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */

+ startvec = (offset - 0x400) + NVIC_FIRST_IRQ; /* vector # */

for (i = 0; i < size && startvec + i < s->num_irq; i++) {

if (attrs.secure || s->itns[startvec + i]) {

2.16.1

Nothing in either register affects the TB.

Message-id: 20180211205848.4568-4-richard.henderson@linaro.org

target/arm/helper.c | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {

.writefn = aa64_daif_write, .resetfn = arm_cp_reset_ignore },

{ .name = "FPCR", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 4,

- .access = PL0_RW, .type = ARM_CP_FPU,

+ .access = PL0_RW, .type = ARM_CP_FPU | ARM_CP_SUPPRESS_TB_END,

.readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },

{ .name = "FPSR", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 4,

- .access = PL0_RW, .type = ARM_CP_FPU,

+ .access = PL0_RW, .type = ARM_CP_FPU | ARM_CP_SUPPRESS_TB_END,

.readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },

{ .name = "DCZID_EL0", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .opc2 = 7, .crn = 0, .crm = 0,

2.16.1

Because they are ARM_CP_STATE_AA64, ARM_CP_64BIT is implied.

Message-id: 20180211205848.4568-2-richard.henderson@linaro.org

target/arm/helper.c | 8 ++++----

1 file changed, 4 insertions(+), 4 deletions(-)

@@ -XXX,XX +XXX,XX @@ static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,

static const ARMCPRegInfo zcr_el1_reginfo = {

.name = "ZCR_EL1", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 0, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL1_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,

+ .access = PL1_RW, .accessfn = zcr_access,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[1]),

.writefn = zcr_write, .raw_writefn = raw_write

};

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el1_reginfo = {

static const ARMCPRegInfo zcr_el2_reginfo = {

.name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL2_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,

+ .access = PL2_RW, .accessfn = zcr_access,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[2]),

.writefn = zcr_write, .raw_writefn = raw_write

};

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el2_reginfo = {

static const ARMCPRegInfo zcr_no_el2_reginfo = {

.name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL2_RW, .type = ARM_CP_64BIT,

+ .access = PL2_RW,

.readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore

};

static const ARMCPRegInfo zcr_el3_reginfo = {

.name = "ZCR_EL3", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 6, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL3_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,

+ .access = PL3_RW, .accessfn = zcr_access,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[3]),

.writefn = zcr_write, .raw_writefn = raw_write

};

2.16.1

Message-id: 20180211205848.4568-3-richard.henderson@linaro.org

target/arm/cpu.h | 35 ++++++++++++++++++-----------------

target/arm/helper.c | 6 ++++--

target/arm/translate-a64.c | 3 +++

3 files changed, 25 insertions(+), 19 deletions(-)

@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)

/* ARMCPRegInfo type field bits. If the SPECIAL bit is set this is a

- * special-behaviour cp reg and bits [15..8] indicate what behaviour

+ * special-behaviour cp reg and bits [11..8] indicate what behaviour

* it has. Otherwise it is a simple cp reg, where CONST indicates that

* TCG can assume the value to be constant (ie load at translate time)

* and 64BIT indicates a 64 bit wide coprocessor register. SUPPRESS_TB_END

@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)

* need to be surrounded by gen_io_start()/gen_io_end(). In particular,

* registers which implement clocks or timers require this.

*/

-#define ARM_CP_SPECIAL 1

-#define ARM_CP_CONST 2

-#define ARM_CP_64BIT 4

-#define ARM_CP_SUPPRESS_TB_END 8

-#define ARM_CP_OVERRIDE 16

-#define ARM_CP_ALIAS 32

-#define ARM_CP_IO 64

-#define ARM_CP_NO_RAW 128

-#define ARM_CP_NOP (ARM_CP_SPECIAL | (1 << 8))

-#define ARM_CP_WFI (ARM_CP_SPECIAL | (2 << 8))

-#define ARM_CP_NZCV (ARM_CP_SPECIAL | (3 << 8))

-#define ARM_CP_CURRENTEL (ARM_CP_SPECIAL | (4 << 8))

-#define ARM_CP_DC_ZVA (ARM_CP_SPECIAL | (5 << 8))

-#define ARM_LAST_SPECIAL ARM_CP_DC_ZVA

+#define ARM_CP_SPECIAL 0x0001

+#define ARM_CP_CONST 0x0002

+#define ARM_CP_64BIT 0x0004

+#define ARM_CP_SUPPRESS_TB_END 0x0008

+#define ARM_CP_OVERRIDE 0x0010

+#define ARM_CP_ALIAS 0x0020

+#define ARM_CP_IO 0x0040

+#define ARM_CP_NO_RAW 0x0080

+#define ARM_CP_NOP (ARM_CP_SPECIAL | 0x0100)

+#define ARM_CP_WFI (ARM_CP_SPECIAL | 0x0200)

+#define ARM_CP_NZCV (ARM_CP_SPECIAL | 0x0300)

+#define ARM_CP_CURRENTEL (ARM_CP_SPECIAL | 0x0400)

+#define ARM_CP_DC_ZVA (ARM_CP_SPECIAL | 0x0500)

+#define ARM_LAST_SPECIAL ARM_CP_DC_ZVA

+#define ARM_CP_FPU 0x1000

/* Used only as a terminator for ARMCPRegInfo lists */

-#define ARM_CP_SENTINEL 0xffff

+#define ARM_CP_SENTINEL 0xffff

/* Mask of only the flag bits in a type field */

-#define ARM_CP_FLAG_MASK 0xff

+#define ARM_CP_FLAG_MASK 0x10ff

/* Valid values for ARMCPRegInfo state field, indicating which of

* the AArch32 and AArch64 execution states this register is visible in.

diff --git a/target/arm/helper.c b/target/arm/helper.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/helper.c

+++ b/target/arm/helper.c

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {

.writefn = aa64_daif_write, .resetfn = arm_cp_reset_ignore },

{ .name = "FPCR", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 4,

- .access = PL0_RW, .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },

+ .access = PL0_RW, .type = ARM_CP_FPU,

+ .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },

{ .name = "FPSR", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 4,

- .access = PL0_RW, .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },

+ .access = PL0_RW, .type = ARM_CP_FPU,

+ .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },

{ .name = "DCZID_EL0", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .opc2 = 7, .crn = 0, .crm = 0,

.access = PL0_R, .type = ARM_CP_NO_RAW,

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

index XXXXXXX..XXXXXXX 100644

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

default:

break;

+ if ((ri->type & ARM_CP_FPU) && !fp_access_check(s)) {

+ return;

+ }

if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {

gen_io_start();

2.16.1

M profile cores have a similar setup for cache ID registers

to A profile:

* Cache Level ID Register (CLIDR) is a fixed value

* Cache Type Register (CTR) is a fixed value

* Cache Size ID Registers (CCSIDR) are a bank of registers;

which one you see is selected by the Cache Size Selection

Register (CSSELR)

The only difference is that they're in the NVIC memory mapped

register space rather than being coprocessor registers.

Implement the M profile view of them.

Since neither Cortex-M3 nor Cortex-M4 implement caches,

we don't need to update their init functions and can leave

the ctr/clidr/ccsidr[] fields in their ARMCPU structs at zero.

Newer cores (like the Cortex-M33) will want to be able to

set these ID registers to non-zero values, though.

Message-id: 20180209165810.6668-6-peter.maydell@linaro.org

target/arm/cpu.h | 26 ++++++++++++++++++++++++++

hw/intc/armv7m_nvic.c | 16 ++++++++++++++++

target/arm/machine.c | 36 ++++++++++++++++++++++++++++++++++++

3 files changed, 78 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h

--- a/target/arm/cpu.h

+++ b/target/arm/cpu.h

@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {

uint32_t faultmask[M_REG_NUM_BANKS];

uint32_t aircr; /* only holds r/w state if security extn implemented */

uint32_t secure; /* Is CPU in Secure state? (not guest visible) */

+ uint32_t csselr[M_REG_NUM_BANKS];

} v7m;

/* Information associated with an exception about to be taken:

@@ -XXX,XX +XXX,XX @@ FIELD(V7M_MPU_CTRL, ENABLE, 0, 1)

FIELD(V7M_MPU_CTRL, HFNMIENA, 1, 1)

FIELD(V7M_MPU_CTRL, PRIVDEFENA, 2, 1)

+/* v7M CLIDR bits */

+FIELD(V7M_CLIDR, CTYPE_ALL, 0, 21)

+FIELD(V7M_CLIDR, LOUIS, 21, 3)

+FIELD(V7M_CLIDR, LOC, 24, 3)

+FIELD(V7M_CLIDR, LOUU, 27, 3)

+FIELD(V7M_CLIDR, ICB, 30, 2)

+

+FIELD(V7M_CSSELR, IND, 0, 1)

+FIELD(V7M_CSSELR, LEVEL, 1, 3)

+/* We use the combination of InD and Level to index into cpu->ccsidr[];

+ * define a mask for this and check that it doesn't permit running off

+ * the end of the array.

+ */

+FIELD(V7M_CSSELR, INDEX, 0, 4)

+

+QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);

+

/* If adding a feature bit which corresponds to a Linux ELF

* HWCAP bit, remember to update the feature-bit-to-hwcap

* mapping in linux-user/elfload.c:get_elf_hwcap().

@@ -XXX,XX +XXX,XX @@ static inline int arm_debug_target_el(CPUARMState *env)

}

+static inline bool arm_v7m_csselr_razwi(ARMCPU *cpu)

+ /* If all the CLIDR.Ctypem bits are 0 there are no caches, and

+ * CSSELR is RAZ/WI.

+ */

+ return (cpu->clidr & R_V7M_CLIDR_CTYPE_ALL_MASK) != 0;

static inline bool aa64_generate_debug_exceptions(CPUARMState *env)

if (arm_is_secure(env)) {

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c

--- a/hw/intc/armv7m_nvic.c

+++ b/hw/intc/armv7m_nvic.c

@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)

return cpu->id_isar4;

case 0xd74: /* ISAR5. */

return cpu->id_isar5;

+ case 0xd78: /* CLIDR */

+ return cpu->clidr;

+ case 0xd7c: /* CTR */

+ return cpu->ctr;

+ case 0xd80: /* CSSIDR */

+ {

+ int idx = cpu->env.v7m.csselr[attrs.secure] & R_V7M_CSSELR_INDEX_MASK;

+ return cpu->ccsidr[idx];

+ }

+ case 0xd84: /* CSSELR */

+ return cpu->env.v7m.csselr[attrs.secure];

/* TODO: Implement debug registers. */

case 0xd90: /* MPU_TYPE */

/* Unified MPU; if the MPU is not present this value is zero */

@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,

qemu_log_mask(LOG_UNIMP,

"NVIC: Aux fault status registers unimplemented\n");

break;

+ case 0xd84: /* CSSELR */

+ if (!arm_v7m_csselr_razwi(cpu)) {

+ cpu->env.v7m.csselr[attrs.secure] = value & R_V7M_CSSELR_INDEX_MASK;

+ }

+ break;

case 0xd90: /* MPU_TYPE */

return; /* RO */

case 0xd94: /* MPU_CTRL */

diff --git a/target/arm/machine.c b/target/arm/machine.c

--- a/target/arm/machine.c

+++ b/target/arm/machine.c

@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_faultmask_primask = {

};

+/* CSSELR is in a subsection because we didn't implement it previously.

+ * Migration from an old implementation will leave it at zero, which

+ * is OK since the only CPUs in the old implementation make the

+ * register RAZ/WI.

+ * Since there was no version of QEMU which implemented the CSSELR for

+ * just non-secure, we transfer both banks here rather than putting

+ * the secure banked version in the m-security subsection.

+ */

+static bool csselr_vmstate_validate(void *opaque, int version_id)

+{

+ ARMCPU *cpu = opaque;

+

+ return cpu->env.v7m.csselr[M_REG_NS] <= R_V7M_CSSELR_INDEX_MASK

+ && cpu->env.v7m.csselr[M_REG_S] <= R_V7M_CSSELR_INDEX_MASK;

+}

+

+static bool m_csselr_needed(void *opaque)

+{

+ ARMCPU *cpu = opaque;

+

+ return !arm_v7m_csselr_razwi(cpu);

+}

+

+static const VMStateDescription vmstate_m_csselr = {

+ .name = "cpu/m/csselr",

+ .version_id = 1,

+ .minimum_version_id = 1,

+ .needed = m_csselr_needed,

+ .fields = (VMStateField[]) {

+ VMSTATE_UINT32_ARRAY(env.v7m.csselr, ARMCPU, M_REG_NUM_BANKS),

+ VMSTATE_VALIDATE("CSSELR is valid", csselr_vmstate_validate),

+ VMSTATE_END_OF_LIST()

+ }

+};

+

static const VMStateDescription vmstate_m = {

.name = "cpu/m",

.version_id = 4,

@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m = {

},

.subsections = (const VMStateDescription*[]) {

&vmstate_m_faultmask_primask,

+ &vmstate_m_csselr,

NULL

};

2.16.1

In commit abc24d86cc0364f we accidentally broke migration of

the stack pointer value for the mode (process, handler) the CPU

is not currently running as. (The commit correctly removed the

no-longer-used v7m.current_sp flag from the VMState but also

deleted the still very much in use v7m.other_sp SP value field.)

Add a subsection to migrate it again. (We don't need to care

about trying to retain compatibility with pre-abc24d86cc0364f

versions of QEMU, because that commit bumped the version_id

and we've since bumped it again a couple of times.)

Message-id: 20180209165810.6668-11-peter.maydell@linaro.org

target/arm/machine.c | 11 +++++++++++

1 file changed, 11 insertions(+)

diff --git a/target/arm/machine.c b/target/arm/machine.c

--- a/target/arm/machine.c

+++ b/target/arm/machine.c

@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_scr = {

};

+static const VMStateDescription vmstate_m_other_sp = {

+ .name = "cpu/m/other-sp",

+ .version_id = 1,

+ .minimum_version_id = 1,

+ .fields = (VMStateField[]) {

+ VMSTATE_UINT32(env.v7m.other_sp, ARMCPU),

+ VMSTATE_END_OF_LIST()

+ }

+};

+

static const VMStateDescription vmstate_m = {

.name = "cpu/m",

.version_id = 4,

@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m = {

&vmstate_m_faultmask_primask,

&vmstate_m_csselr,

&vmstate_m_scr,

+ &vmstate_m_other_sp,

NULL

}

};

2.16.1

The PENDNMISET/CLR bits in the ICSR should be RAZ/WI from

NonSecure state if the AIRCR.BFHFNMINS bit is zero. We had

misimplemented this as making the bits RAZ/WI from both

Secure and NonSecure states. Fix this bug by checking

attrs.secure so that Secure code can pend and unpend NMIs.

Message-id: 20180209165810.6668-3-peter.maydell@linaro.org

hw/intc/armv7m_nvic.c | 6 +++---

1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c

--- a/hw/intc/armv7m_nvic.c

+++ b/hw/intc/armv7m_nvic.c

@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)

}

}

/* NMIPENDSET */

- if ((cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) &&

- s->vectors[ARMV7M_EXCP_NMI].pending) {

+ if ((attrs.secure || (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK))

+ && s->vectors[ARMV7M_EXCP_NMI].pending) {

val |= (1 << 31);

}

/* ISRPREEMPT: RES0 when halting debug not implemented */

@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,

break;

case 0xd04: /* Interrupt Control State (ICSR) */

- if (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {

+ if (attrs.secure || cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {

if (value & (1 << 31)) {

armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI, false);

} else if (value & (1 << 30) &&

2.16.1

In commit 50f11062d4c896 we added support for MSR/MRS access

to the NS banked special registers, but we forgot to implement

the support for writing to CONTROL_NS. Correct the omission.

Message-id: 20180209165810.6668-8-peter.maydell@linaro.org

target/arm/helper.c | 10 ++++++++++

1 file changed, 10 insertions(+)

@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)

}

env->v7m.faultmask[M_REG_NS] = val & 1;

return;

+ case 0x94: /* CONTROL_NS */

+ if (!env->v7m.secure) {

+ return;

+ }

+ write_v7m_control_spsel_for_secstate(env,

+ val & R_V7M_CONTROL_SPSEL_MASK,

+ M_REG_NS);

+ env->v7m.control[M_REG_NS] &= ~R_V7M_CONTROL_NPRIV_MASK;

+ env->v7m.control[M_REG_NS] |= val & R_V7M_CONTROL_NPRIV_MASK;

+ return;

case 0x98: /* SP_NS */

{

/* This gives the non-secure SP selected based on whether we're

2.16.1

From: Richard Henderson <richard.henderson@linaro.org>

target/arm/cpu.h | 3 ++-

target/arm/internals.h | 6 ++++++

target/arm/helper.c | 22 ++++------------------

target/arm/translate-a64.c | 16 ++++++++++++++++

4 files changed, 28 insertions(+), 19 deletions(-)

@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)

#define ARM_CP_DC_ZVA (ARM_CP_SPECIAL | 0x0500)

#define ARM_LAST_SPECIAL ARM_CP_DC_ZVA

#define ARM_CP_FPU 0x1000

+#define ARM_CP_SVE 0x2000

/* Used only as a terminator for ARMCPRegInfo lists */

#define ARM_CP_SENTINEL 0xffff

/* Mask of only the flag bits in a type field */

-#define ARM_CP_FLAG_MASK 0x10ff

+#define ARM_CP_FLAG_MASK 0x30ff

/* Valid values for ARMCPRegInfo state field, indicating which of

* the AArch32 and AArch64 execution states this register is visible in.

@@ -XXX,XX +XXX,XX @@ enum arm_exception_class {

EC_AA64_HVC = 0x16,

EC_AA64_SMC = 0x17,

EC_SYSTEMREGISTERTRAP = 0x18,

+ EC_SVEACCESSTRAP = 0x19,

EC_INSNABORT = 0x20,

EC_INSNABORT_SAME_EL = 0x21,

EC_PCALIGNMENT = 0x22,

@@ -XXX,XX +XXX,XX @@ static inline uint32_t syn_fp_access_trap(int cv, int cond, bool is_16bit)

| (cv << 24) | (cond << 20);

@@ -XXX,XX +XXX,XX @@ static int sve_exception_el(CPUARMState *env)

return 0;

}

-static CPAccessResult zcr_access(CPUARMState *env, const ARMCPRegInfo *ri,

- bool isread)

-{

- switch (sve_exception_el(env)) {

- case 3:

- return CP_ACCESS_TRAP_EL3;

- case 2:

- return CP_ACCESS_TRAP_EL2;

- case 1:

- return CP_ACCESS_TRAP;

- }

- return CP_ACCESS_OK;

-}

-

static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,

uint64_t value)

{

@@ -XXX,XX +XXX,XX @@ static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,

static const ARMCPRegInfo zcr_el1_reginfo = {

.name = "ZCR_EL1", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 0, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL1_RW, .accessfn = zcr_access,

+ .access = PL1_RW, .type = ARM_CP_SVE | ARM_CP_FPU,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[1]),

.writefn = zcr_write, .raw_writefn = raw_write

};

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el1_reginfo = {

static const ARMCPRegInfo zcr_el2_reginfo = {

.name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL2_RW, .accessfn = zcr_access,

+ .access = PL2_RW, .type = ARM_CP_SVE | ARM_CP_FPU,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[2]),

.writefn = zcr_write, .raw_writefn = raw_write

};

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo zcr_el2_reginfo = {

static const ARMCPRegInfo zcr_no_el2_reginfo = {

.name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL2_RW,

+ .access = PL2_RW, .type = ARM_CP_SVE | ARM_CP_FPU,

.readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore

};

static const ARMCPRegInfo zcr_el3_reginfo = {

.name = "ZCR_EL3", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 6, .crn = 1, .crm = 2, .opc2 = 0,

- .access = PL3_RW, .accessfn = zcr_access,

+ .access = PL3_RW, .type = ARM_CP_SVE | ARM_CP_FPU,

.fieldoffset = offsetof(CPUARMState, vfp.zcr_el[3]),

.writefn = zcr_write, .raw_writefn = raw_write

};

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static inline bool fp_access_check(DisasContext *s)

return false;

}

+/* Check that SVE access is enabled. If it is, return true.

+ * If not, emit code to generate an appropriate exception and return false.

+ */

+static inline bool sve_access_check(DisasContext *s)

+{

+ if (s->sve_excp_el) {

+ gen_exception_insn(s, 4, EXCP_UDEF, syn_sve_access_trap(),

+ s->sve_excp_el);

+ return false;

+ }

+ return true;

+}

+

/*

* This utility function is for doing register extension with an

* optional shift. You will likely want to pass a temporary for the

@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,

default:

break;

}

+ if ((ri->type & ARM_CP_SVE) && !sve_access_check(s)) {

+ return;

+ }

if ((ri->type & ARM_CP_FPU) && !fp_access_check(s)) {

return;

}

2.16.1

The v8M architecture includes hardware support for enforcing

stack pointer limits. We don't implement this behaviour yet,

but provide the MSPLIM and PSPLIM stack pointer limit registers

as reads-as-written, so that when we do implement the checks

in future this won't break guest migration.

Message-id: 20180209165810.6668-12-peter.maydell@linaro.org

target/arm/cpu.h | 2 ++

target/arm/helper.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++

target/arm/machine.c | 21 +++++++++++++++++++++

3 files changed, 69 insertions(+)

@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {

uint32_t secure; /* Is CPU in Secure state? (not guest visible) */

uint32_t csselr[M_REG_NUM_BANKS];

uint32_t scr[M_REG_NUM_BANKS];

+ uint32_t msplim[M_REG_NUM_BANKS];

+ uint32_t psplim[M_REG_NUM_BANKS];

} v7m;

/* Information associated with an exception about to be taken: