A last arm pullreq before rc0. This is mostly bug fixes,

though you could call adding the missing local timer

support to bcm2836_control a new feature I suppose --

in any case it's a small and localised change.

The following changes since commit 7074ab12c81a1b2b1e0e1c40983f56b2c5ccc494:

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-pull-request' into staging (2019-03-14 16:19:37 +0000)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190315

for you to fetch changes up to 5de56742a3c91de3d646326bec43a989bba83ca4:

target/arm: Check access permission to ADDVL/ADDPL/RDVL (2019-03-15 11:12:29 +0000)

* Add missing SVE-enabled check to ADDVL/ADDPL/RDVL

* virt-acpi-build: use PCIE_MMCFG_BUS to retrieve end_bus_number

* virt-acpi-build: Fix SMMUv3 GSIV values

* Allow EL0 to write to arch timer registers, not just read them

* bcm2836_control: Implement local timer

Amir Charif (1):

target/arm: Check access permission to ADDVL/ADDPL/RDVL

Dongjiu Geng (1):

target/arm: change arch timer registers access permission

Eric Auger (1):

hw/arm/virt-acpi-build: Fix SMMUv3 GSIV values

Wei Yang (1):

hw/arm/virt-acpi-build: use PCIE_MMCFG_BUS to retrieve end_bus_number

Zoltán Baldaszti (1):

hw/intc/bcm2836_control: Implement local timer

From: Zoltán Baldaszti <bztemail@gmail.com>

The BCM2836 control logic module includes a simple

"local timer" which is a programmable down-counter that

can generates an interrupt. Implement this functionality.

Signed-off-by: Zoltán Baldaszti <bztemail@gmail.com>

[PMM: wrote commit message; wrapped long line; tweaked

some comments to match the final version of the code]

include/hw/intc/bcm2836_control.h | 9 +++

hw/intc/bcm2836_control.c | 101 +++++++++++++++++++++++++++++-

2 files changed, 108 insertions(+), 2 deletions(-)

diff --git a/include/hw/intc/bcm2836_control.h b/include/hw/intc/bcm2836_control.h

--- a/include/hw/intc/bcm2836_control.h

+++ b/include/hw/intc/bcm2836_control.h

@@ -XXX,XX +XXX,XX @@

* Rasperry Pi 2 emulation and refactoring Copyright (c) 2015, Microsoft

* Written by Andrew Baumann

*

+ * ARM Local Timer IRQ Copyright (c) 2019. Zoltán Baldaszti

+ * Added basic IRQ_TIMER interrupt support

+ *

* This code is licensed under the GNU GPLv2 and later.

*/

@@ -XXX,XX +XXX,XX @@

#define BCM2836_CONTROL_H

#include "hw/sysbus.h"

+#include "qemu/timer.h"

/* 4 mailboxes per core, for 16 total */

#define BCM2836_NCORES 4

@@ -XXX,XX +XXX,XX @@ typedef struct BCM2836ControlState {

bool gpu_irq, gpu_fiq;

uint8_t timerirqs[BCM2836_NCORES];

+ /* local timer */

+ QEMUTimer timer;

+ uint32_t local_timer_control;

+ uint8_t route_localtimer;

+

/* interrupt source registers, post-routing (also input-derived; visible) */

uint32_t irqsrc[BCM2836_NCORES];

uint32_t fiqsrc[BCM2836_NCORES];

diff --git a/hw/intc/bcm2836_control.c b/hw/intc/bcm2836_control.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/intc/bcm2836_control.c

+++ b/hw/intc/bcm2836_control.c

@@ -XXX,XX +XXX,XX @@

* This code is licensed under the GNU GPLv2 and later.

*

* At present, only implements interrupt routing, and mailboxes (i.e.,

- * not local timer, PMU interrupt, or AXI counters).

+ * not PMU interrupt, or AXI counters).

+ *

+ * ARM Local Timer IRQ Copyright (c) 2019. Zoltán Baldaszti

*

* Ref:

* https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf

@@ -XXX,XX +XXX,XX @@

#include "qemu/log.h"

#define REG_GPU_ROUTE 0x0c

+#define REG_LOCALTIMERROUTING 0x24

+#define REG_LOCALTIMERCONTROL 0x34

+#define REG_LOCALTIMERACK 0x38

#define REG_TIMERCONTROL 0x40

#define REG_MBOXCONTROL 0x50

#define REG_IRQSRC 0x60

@@ -XXX,XX +XXX,XX @@

#define IRQ_TIMER 11

#define IRQ_MAX IRQ_TIMER

+#define LOCALTIMER_FREQ 38400000

+#define LOCALTIMER_INTFLAG (1 << 31)

+#define LOCALTIMER_RELOAD (1 << 30)

+#define LOCALTIMER_INTENABLE (1 << 29)

+#define LOCALTIMER_ENABLE (1 << 28)

+#define LOCALTIMER_VALUE(x) ((x) & 0xfffffff)

+

static void deliver_local(BCM2836ControlState *s, uint8_t core, uint8_t irq,

uint32_t controlreg, uint8_t controlidx)

@@ -XXX,XX +XXX,XX @@ static void bcm2836_control_update(BCM2836ControlState *s)

s->fiqsrc[s->route_gpu_fiq] |= (uint32_t)1 << IRQ_GPU;

}

+ * handle the control module 'local timer' interrupt for one of the

+ * cores' IRQ/FIQ; this is distinct from the per-CPU timer

+ * interrupts handled below.

+ if ((s->local_timer_control & LOCALTIMER_INTENABLE) &&

+ (s->local_timer_control & LOCALTIMER_INTFLAG)) {

+ if (s->route_localtimer & 4) {

+ s->fiqsrc[(s->route_localtimer & 3)] |= (uint32_t)1 << IRQ_TIMER;

+ } else {

+ s->irqsrc[(s->route_localtimer & 3)] |= (uint32_t)1 << IRQ_TIMER;

+ }

+ }

+

for (i = 0; i < BCM2836_NCORES; i++) {

/* handle local timer interrupts for this core */

if (s->timerirqs[i]) {

@@ -XXX,XX +XXX,XX @@ static void bcm2836_control_set_gpu_fiq(void *opaque, int irq, int level)

bcm2836_control_update(s);

+static void bcm2836_control_local_timer_set_next(void *opaque)

+{

+ BCM2836ControlState *s = opaque;

+ uint64_t next_event;

+

+ assert(LOCALTIMER_VALUE(s->local_timer_control) > 0);

+

+ next_event = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +

+ muldiv64(LOCALTIMER_VALUE(s->local_timer_control),

+ NANOSECONDS_PER_SECOND, LOCALTIMER_FREQ);

+ timer_mod(&s->timer, next_event);

+}

+

+static void bcm2836_control_local_timer_tick(void *opaque)

+{

+ BCM2836ControlState *s = opaque;

+

+ bcm2836_control_local_timer_set_next(s);

+

+ s->local_timer_control |= LOCALTIMER_INTFLAG;

+ bcm2836_control_update(s);

+}

+

+static void bcm2836_control_local_timer_control(void *opaque, uint32_t val)

+{

+ BCM2836ControlState *s = opaque;

+

+ s->local_timer_control = val;

+ if (val & LOCALTIMER_ENABLE) {

+ bcm2836_control_local_timer_set_next(s);

+ } else {

+ timer_del(&s->timer);

+ }

+}

+

+static void bcm2836_control_local_timer_ack(void *opaque, uint32_t val)

+{

+ BCM2836ControlState *s = opaque;

+

+ if (val & LOCALTIMER_INTFLAG) {

+ s->local_timer_control &= ~LOCALTIMER_INTFLAG;

+ }

+ if ((val & LOCALTIMER_RELOAD) &&

+ (s->local_timer_control & LOCALTIMER_ENABLE)) {

+ bcm2836_control_local_timer_set_next(s);

+ }

+}

+

static uint64_t bcm2836_control_read(void *opaque, hwaddr offset, unsigned size)

{

BCM2836ControlState *s = opaque;

@@ -XXX,XX +XXX,XX @@ static uint64_t bcm2836_control_read(void *opaque, hwaddr offset, unsigned size)

assert(s->route_gpu_fiq < BCM2836_NCORES

&& s->route_gpu_irq < BCM2836_NCORES);

return ((uint32_t)s->route_gpu_fiq << 2) | s->route_gpu_irq;

+ } else if (offset == REG_LOCALTIMERROUTING) {

+ return s->route_localtimer;

+ } else if (offset == REG_LOCALTIMERCONTROL) {

+ return s->local_timer_control;

+ } else if (offset == REG_LOCALTIMERACK) {

+ return 0;

} else if (offset >= REG_TIMERCONTROL && offset < REG_MBOXCONTROL) {

return s->timercontrol[(offset - REG_TIMERCONTROL) >> 2];

} else if (offset >= REG_MBOXCONTROL && offset < REG_IRQSRC) {

@@ -XXX,XX +XXX,XX @@ static void bcm2836_control_write(void *opaque, hwaddr offset,

if (offset == REG_GPU_ROUTE) {

s->route_gpu_irq = val & 0x3;

s->route_gpu_fiq = (val >> 2) & 0x3;

+ } else if (offset == REG_LOCALTIMERROUTING) {

+ s->route_localtimer = val & 7;

+ } else if (offset == REG_LOCALTIMERCONTROL) {

+ bcm2836_control_local_timer_control(s, val);

+ } else if (offset == REG_LOCALTIMERACK) {

+ bcm2836_control_local_timer_ack(s, val);

} else if (offset >= REG_TIMERCONTROL && offset < REG_MBOXCONTROL) {

s->timercontrol[(offset - REG_TIMERCONTROL) >> 2] = val & 0xff;

} else if (offset >= REG_MBOXCONTROL && offset < REG_IRQSRC) {

@@ -XXX,XX +XXX,XX @@ static void bcm2836_control_reset(DeviceState *d)

s->route_gpu_irq = s->route_gpu_fiq = 0;

+ timer_del(&s->timer);

+ s->route_localtimer = 0;

+ s->local_timer_control = 0;

+

for (i = 0; i < BCM2836_NCORES; i++) {

s->timercontrol[i] = 0;

s->mailboxcontrol[i] = 0;

@@ -XXX,XX +XXX,XX @@ static void bcm2836_control_init(Object *obj)

/* outputs to CPU cores */

qdev_init_gpio_out_named(dev, s->irq, "irq", BCM2836_NCORES);

qdev_init_gpio_out_named(dev, s->fiq, "fiq", BCM2836_NCORES);

+

+ /* create a qemu virtual timer */

+ timer_init_ns(&s->timer, QEMU_CLOCK_VIRTUAL,

+ bcm2836_control_local_timer_tick, s);

}

static const VMStateDescription vmstate_bcm2836_control = {

.name = TYPE_BCM2836_CONTROL,

- .version_id = 1,

+ .version_id = 2,

.minimum_version_id = 1,

.fields = (VMStateField[]) {

VMSTATE_UINT32_ARRAY(mailboxes, BCM2836ControlState,

@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_bcm2836_control = {

VMSTATE_UINT32_ARRAY(timercontrol, BCM2836ControlState, BCM2836_NCORES),

VMSTATE_UINT32_ARRAY(mailboxcontrol, BCM2836ControlState,

BCM2836_NCORES),

+ VMSTATE_TIMER_V(timer, BCM2836ControlState, 2),

+ VMSTATE_UINT32_V(local_timer_control, BCM2836ControlState, 2),

+ VMSTATE_UINT8_V(route_localtimer, BCM2836ControlState, 2),

VMSTATE_END_OF_LIST()

}

};

2.20.1

From: Eric Auger <eric.auger@redhat.com>

The GSIV numbers of the SPI based interrupts is not correct as

ARM_SPI_BASE was not added to the irqmap[VIRT_SMMU] value. So

this may collide with VIRTIO_MMIO irq window.

Signed-off-by: Eric Auger <eric.auger@redhat.com>

Message-id: 20190312091031.5185-1-eric.auger@redhat.com

Reviewed-by: Shannon Zhao <shannon.zhaosl@gmail.com>

hw/arm/virt-acpi-build.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c

--- a/hw/arm/virt-acpi-build.c

+++ b/hw/arm/virt-acpi-build.c

@@ -XXX,XX +XXX,XX @@ build_iort(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)

its->identifiers[0] = 0; /* MADT translation_id */

if (vms->iommu == VIRT_IOMMU_SMMUV3) {

- int irq = vms->irqmap[VIRT_SMMU];

+ int irq = vms->irqmap[VIRT_SMMU] + ARM_SPI_BASE;

/* SMMUv3 node */

smmu_offset = iort_node_offset + node_size;

2.20.1

From: Dongjiu Geng <gengdongjiu@huawei.com>

Some generic arch timer registers are Config-RW in the EL0,

which means the EL0 exception level can have write permission

if it is appropriately configured.

When VM access registers, QEMU firstly checks whether they have RW

permission, then check whether it is appropriately configured.

If they are defined to read only in EL0, even though they have been

appropriately configured, they still do not have write permission.

So need to add the write permission according to ARMV8 spec when

define it.

Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>

Message-id: 1552395177-12608-1-git-send-email-gengdongjiu@huawei.com

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

target/arm/helper.c | 30 +++++++++++++++---------------

1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c

--- a/target/arm/helper.c

+++ b/target/arm/helper.c

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {

/* per-timer control */

{ .name = "CNTP_CTL", .cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 1,

.secure = ARM_CP_SECSTATE_NS,

- .type = ARM_CP_IO | ARM_CP_ALIAS, .access = PL1_RW | PL0_R,

+ .type = ARM_CP_IO | ARM_CP_ALIAS, .access = PL0_RW,

.accessfn = gt_ptimer_access,

.fieldoffset = offsetoflow32(CPUARMState,

cp15.c14_timer[GTIMER_PHYS].ctl),

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {

{ .name = "CNTP_CTL_S",

.cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 1,

.secure = ARM_CP_SECSTATE_S,

- .type = ARM_CP_IO | ARM_CP_ALIAS, .access = PL1_RW | PL0_R,

+ .type = ARM_CP_IO | ARM_CP_ALIAS, .access = PL0_RW,

.accessfn = gt_ptimer_access,

.fieldoffset = offsetoflow32(CPUARMState,

cp15.c14_timer[GTIMER_SEC].ctl),

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {

},

{ .name = "CNTP_CTL_EL0", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .crn = 14, .crm = 2, .opc2 = 1,

- .type = ARM_CP_IO, .access = PL1_RW | PL0_R,

+ .type = ARM_CP_IO, .access = PL0_RW,

.accessfn = gt_ptimer_access,

.fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].ctl),

.resetvalue = 0,

.writefn = gt_phys_ctl_write, .raw_writefn = raw_write,

},

{ .name = "CNTV_CTL", .cp = 15, .crn = 14, .crm = 3, .opc1 = 0, .opc2 = 1,

- .type = ARM_CP_IO | ARM_CP_ALIAS, .access = PL1_RW | PL0_R,

+ .type = ARM_CP_IO | ARM_CP_ALIAS, .access = PL0_RW,

.accessfn = gt_vtimer_access,

.fieldoffset = offsetoflow32(CPUARMState,

cp15.c14_timer[GTIMER_VIRT].ctl),

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {

},

{ .name = "CNTV_CTL_EL0", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 1,

- .type = ARM_CP_IO, .access = PL1_RW | PL0_R,

+ .type = ARM_CP_IO, .access = PL0_RW,

.accessfn = gt_vtimer_access,

.fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].ctl),

.resetvalue = 0,

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {

/* TimerValue views: a 32 bit downcounting view of the underlying state */

{ .name = "CNTP_TVAL", .cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 0,

.secure = ARM_CP_SECSTATE_NS,

- .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL1_RW | PL0_R,

+ .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL0_RW,

.accessfn = gt_ptimer_access,

.readfn = gt_phys_tval_read, .writefn = gt_phys_tval_write,

},

{ .name = "CNTP_TVAL_S",

.cp = 15, .crn = 14, .crm = 2, .opc1 = 0, .opc2 = 0,

.secure = ARM_CP_SECSTATE_S,

- .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL1_RW | PL0_R,

+ .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL0_RW,

.accessfn = gt_ptimer_access,

.readfn = gt_sec_tval_read, .writefn = gt_sec_tval_write,

},

{ .name = "CNTP_TVAL_EL0", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .crn = 14, .crm = 2, .opc2 = 0,

- .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL1_RW | PL0_R,

+ .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL0_RW,

.accessfn = gt_ptimer_access, .resetfn = gt_phys_timer_reset,

.readfn = gt_phys_tval_read, .writefn = gt_phys_tval_write,

},

{ .name = "CNTV_TVAL", .cp = 15, .crn = 14, .crm = 3, .opc1 = 0, .opc2 = 0,

- .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL1_RW | PL0_R,

+ .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL0_RW,

.accessfn = gt_vtimer_access,

.readfn = gt_virt_tval_read, .writefn = gt_virt_tval_write,

},

{ .name = "CNTV_TVAL_EL0", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 0,

- .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL1_RW | PL0_R,

+ .type = ARM_CP_NO_RAW | ARM_CP_IO, .access = PL0_RW,

.accessfn = gt_vtimer_access, .resetfn = gt_virt_timer_reset,

.readfn = gt_virt_tval_read, .writefn = gt_virt_tval_write,

},

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {

/* Comparison value, indicating when the timer goes off */

{ .name = "CNTP_CVAL", .cp = 15, .crm = 14, .opc1 = 2,

.secure = ARM_CP_SECSTATE_NS,

- .access = PL1_RW | PL0_R,

+ .access = PL0_RW,

.type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_ALIAS,

.fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].cval),

.accessfn = gt_ptimer_access,

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {

},

{ .name = "CNTP_CVAL_S", .cp = 15, .crm = 14, .opc1 = 2,

.secure = ARM_CP_SECSTATE_S,

- .access = PL1_RW | PL0_R,

+ .access = PL0_RW,

.type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_ALIAS,

.fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_SEC].cval),

.accessfn = gt_ptimer_access,

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {

},

{ .name = "CNTP_CVAL_EL0", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .crn = 14, .crm = 2, .opc2 = 2,

- .access = PL1_RW | PL0_R,

+ .access = PL0_RW,

.type = ARM_CP_IO,

.fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_PHYS].cval),

.resetvalue = 0, .accessfn = gt_ptimer_access,

.writefn = gt_phys_cval_write, .raw_writefn = raw_write,

},

{ .name = "CNTV_CVAL", .cp = 15, .crm = 14, .opc1 = 3,

- .access = PL1_RW | PL0_R,

+ .access = PL0_RW,

.type = ARM_CP_64BIT | ARM_CP_IO | ARM_CP_ALIAS,

.fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].cval),

.accessfn = gt_vtimer_access,

@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {

},

{ .name = "CNTV_CVAL_EL0", .state = ARM_CP_STATE_AA64,

.opc0 = 3, .opc1 = 3, .crn = 14, .crm = 3, .opc2 = 2,

- .access = PL1_RW | PL0_R,

+ .access = PL0_RW,

.type = ARM_CP_IO,

.fieldoffset = offsetof(CPUARMState, cp15.c14_timer[GTIMER_VIRT].cval),

.resetvalue = 0, .accessfn = gt_vtimer_access,

2.20.1

From: Wei Yang <richardw.yang@linux.intel.com>

This is more proper to use PCIE_MMCFG_BUS to retrieve end_bus_number.

Signed-off-by: Wei Yang <richardw.yang@linux.intel.com>

Reviewed-by: Eric Auger <eric.auger@redhat.com>

Reviewed-by: Igor Mammedov <imammedo@redhat.com>

Message-id: 20190312074953.16671-1-richardw.yang@linux.intel.com

hw/arm/virt-acpi-build.c | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c

--- a/hw/arm/virt-acpi-build.c

+++ b/hw/arm/virt-acpi-build.c

@@ -XXX,XX +XXX,XX @@ build_mcfg(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)

/* Only a single allocation so no need to play with segments */

mcfg->allocation[0].pci_segment = cpu_to_le16(0);

mcfg->allocation[0].start_bus_number = 0;

- mcfg->allocation[0].end_bus_number = (memmap[ecam_id].size

- / PCIE_MMCFG_SIZE_MIN) - 1;

+ mcfg->allocation[0].end_bus_number =

+ PCIE_MMCFG_BUS(memmap[ecam_id].size - 1);

build_header(linker, table_data, (void *)(table_data->data + mcfg_start),

"MCFG", table_data->len - mcfg_start, 1, NULL, NULL);

2.20.1