Ten arm-related bug fixes for 2.12... thanks -- PMM The following changes since commit 4c2c1015905fa1d616750dfe024b4c0b35875950: Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20180323' into staging (2018-03-23 10:20:54 +0000) are available in the Git repository at: git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180323 for you to fetch changes up to 548f514cf89dd9ab39c0cb4c063097bccf141fdd: target/arm: Always set FAR to a known unknown value for debug exceptions (2018-03-23 18:26:46 +0000) ---------------------------------------------------------------- target-arm queue: * arm/translate-a64: don't lose interrupts after unmasking via write to DAIF * sdhci: fix incorrect use of Error * * hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses * hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 * i.MX: Support serial RS-232 break properly * mach-virt: Set VM's SMBIOS system version to mc->name * target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK * target/arm: Factor out code to calculate FSR for debug exceptions * target/arm: Set FSR for BKPT, BRK when raising exception * target/arm: Always set FAR to a known unknown value for debug exceptions ---------------------------------------------------------------- Paolo Bonzini (1): sdhci: fix incorrect use of Error * Peter Maydell (6): hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK target/arm: Factor out code to calculate FSR for debug exceptions target/arm: Set FSR for BKPT, BRK when raising exception target/arm: Always set FAR to a known unknown value for debug exceptions Trent Piepho (1): i.MX: Support serial RS-232 break properly Victor Kamensky (1): arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT Wei Huang (1): mach-virt: Set VM's SMBIOS system version to mc->name include/hw/arm/virt.h | 1 + include/hw/char/imx_serial.h | 1 + target/arm/helper.h | 1 + target/arm/internals.h | 25 +++++++++++++++++++++++++ hw/arm/bcm2836.c | 2 +- hw/arm/raspi.c | 2 +- hw/arm/virt.c | 8 +++++++- hw/char/imx_serial.c | 5 ++++- hw/intc/arm_gicv3_cpuif.c | 6 +++--- hw/sd/sdhci.c | 4 ++-- target/arm/helper.c | 1 - target/arm/op_helper.c | 33 ++++++++++++++++++++++----------- target/arm/translate-a64.c | 21 ++++++++++++++++----- target/arm/translate.c | 19 ++++++++++++++----- 14 files changed, 98 insertions(+), 31 deletions(-) From: Victor Kamensky <kamensky@cisco.com> In OE project 4.15 linux kernel boot hang was observed under single cpu aarch64 qemu. Kernel code was in a loop waiting for vtimer arrival, spinning in TC generated blocks, while interrupt was pending unprocessed. This happened because when qemu tried to handle vtimer interrupt target had interrupts disabled, as result flag indicating TCG exit, cpu->icount_decr.u16.high, was cleared but arm_cpu_exec_interrupt function did not call arm_cpu_do_interrupt to process interrupt. Later when target reenabled interrupts, it happened without exit into main loop, so following code that waited for result of interrupt execution run in infinite loop. To solve the problem instructions that operate on CPU sys state (i.e enable/disable interrupt), and marked as DISAS_UPDATE, should be considered as DISAS_EXIT variant, and should be forced to exit back to main loop so qemu will have a chance processing pending CPU state updates, including pending interrupts. This change brings consistency with how DISAS_UPDATE is treated in aarch32 case. CC: Peter Maydell <peter.maydell@linaro.org> CC: Alex Bennée <alex.bennee@linaro.org> CC: qemu-stable@nongnu.org Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Victor Kamensky <kamensky@cisco.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1521526368-1996-1-git-send-email-kamensky@cisco.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/translate-a64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) case DISAS_UPDATE: gen_a64_set_pc_im(dc->pc); /* fall through */ - case DISAS_JUMP: - tcg_gen_lookup_and_goto_ptr(); - break; case DISAS_EXIT: tcg_gen_exit_tb(0); break; + case DISAS_JUMP: + tcg_gen_lookup_and_goto_ptr(); + break; case DISAS_NORETURN: case DISAS_SWI: break; -- 2.16.2 From: Paolo Bonzini <pbonzini@redhat.com> Detected by Coverity (CID 1386072, 1386073, 1386076, 1386077). local_err was unused, and this made the static analyzer unhappy. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20180320151355.25854-1-pbonzini@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/sd/sdhci.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index XXXXXXX..XXXXXXX 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -XXX,XX +XXX,XX @@ static void sdhci_pci_realize(PCIDevice *dev, Error **errp) Error *local_err = NULL; sdhci_initfn(s); - sdhci_common_realize(s, errp); + sdhci_common_realize(s, &local_err); if (local_err) { error_propagate(errp, local_err); return; @@ -XXX,XX +XXX,XX @@ static void sdhci_sysbus_realize(DeviceState *dev, Error ** errp) SysBusDevice *sbd = SYS_BUS_DEVICE(dev); Error *local_err = NULL; - sdhci_common_realize(s, errp); + sdhci_common_realize(s, &local_err); if (local_err) { error_propagate(errp, local_err); return; -- 2.16.2 If the GIC has the security extension support enabled, then a non-secure access to ICC_PMR must take account of the non-secure view of interrupt priorities, where real priorities 0x00..0x7f are secure-only and not visible to the non-secure guest, and priorities 0x80..0xff are shown to the guest as if they were 0x00..0xff. We had the logic here wrong: * on reads, the priority is in the secure range if bit 7 is clear, not if it is set * on writes, we want to set bit 7, not mask everything else Our ICC_RPR read code had the same error as ICC_PMR. (Compare the GICv3 spec pseudocode functions ICC_RPR_EL1 and ICC_PMR_EL1.) Fixes: https://bugs.launchpad.net/qemu/+bug/1748434 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 20180315133441.24149-1-peter.maydell@linaro.org --- hw/intc/arm_gicv3_cpuif.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/arm_gicv3_cpuif.c +++ b/hw/intc/arm_gicv3_cpuif.c @@ -XXX,XX +XXX,XX @@ static uint64_t icc_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri) /* NS access and Group 0 is inaccessible to NS: return the * NS view of the current priority */ - if (value & 0x80) { + if ((value & 0x80) == 0) { /* Secure priorities not visible to NS */ value = 0; } else if (value != 0xff) { @@ -XXX,XX +XXX,XX @@ static void icc_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri, /* Current PMR in the secure range, don't allow NS to change it */ return; } - value = (value >> 1) & 0x80; + value = (value >> 1) | 0x80; } cs->icc_pmr_el1 = value; gicv3_cpuif_update(cs); @@ -XXX,XX +XXX,XX @@ static uint64_t icc_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri) if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) { /* NS GIC access and Group 0 is inaccessible to NS */ - if (prio & 0x80) { + if ((prio & 0x80) == 0) { /* NS mustn't see priorities in the Secure half of the range */ prio = 0; } else if (prio != 0xff) { -- 2.16.2 The BCM2836 uses a Cortex-A7, not a Cortex-A15. Update the device to use the correct CPU. https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf When the BCM2836 was introduced (bad5623690b) the Cortex-A7 was not available, so the very similar Cortex-A15 was used. Since dcf578ed8ce we can model the correct core. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair@alistair23.me> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180319110215.16755-1-peter.maydell@linaro.org --- hw/arm/bcm2836.c | 2 +- hw/arm/raspi.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/bcm2836.c +++ b/hw/arm/bcm2836.c @@ -XXX,XX +XXX,XX @@ struct BCM283XInfo { static const BCM283XInfo bcm283x_socs[] = { { .name = TYPE_BCM2836, - .cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"), + .cpu_type = ARM_CPU_TYPE_NAME("cortex-a7"), .clusterid = 0xf, }, #ifdef TARGET_AARCH64 diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -XXX,XX +XXX,XX @@ static void raspi2_machine_init(MachineClass *mc) mc->no_parallel = 1; mc->no_floppy = 1; mc->no_cdrom = 1; - mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"); + mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a7"); mc->max_cpus = BCM283X_NCPUS; mc->min_cpus = BCM283X_NCPUS; mc->default_cpus = BCM283X_NCPUS; -- 2.16.2 From: Trent Piepho <tpiepho@impinj.com> Linux does not detect a break from this IMX serial driver as a magic sysrq. Nor does it note a break in the port error counts. The former is because the Linux driver uses the BRCD bit in the USR2 register to trigger the RS-232 break handler in the kernel, which is where sysrq hooks in. The emulated UART was not setting this status bit. The latter is because the Linux driver expects, in addition to the BRK bit, that the ERR bit is set when a break is read in the FIFO. A break should also count as a frame error, so add that bit too. Cc: Andrey Smirnov <andrew.smirnov@gmail.com> Signed-off-by: Trent Piepho <tpiepho@impinj.com> Message-id: 20180320013657.25038-1-tpiepho@impinj.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/char/imx_serial.h | 1 + hw/char/imx_serial.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/hw/char/imx_serial.h b/include/hw/char/imx_serial.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/char/imx_serial.h +++ b/include/hw/char/imx_serial.h @@ -XXX,XX +XXX,XX @@ #define URXD_CHARRDY (1<<15) /* character read is valid */ #define URXD_ERR (1<<14) /* Character has error */ +#define URXD_FRMERR (1<<12) /* Character has frame error */ #define URXD_BRK (1<<11) /* Break received */ #define USR1_PARTYER (1<<15) /* Parity Error */ diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c index XXXXXXX..XXXXXXX 100644 --- a/hw/char/imx_serial.c +++ b/hw/char/imx_serial.c @@ -XXX,XX +XXX,XX @@ static void imx_put_data(void *opaque, uint32_t value) s->usr2 |= USR2_RDR; s->uts1 &= ~UTS1_RXEMPTY; s->readbuff = value; + if (value & URXD_BRK) { + s->usr2 |= USR2_BRCD; + } imx_update(s); } @@ -XXX,XX +XXX,XX @@ static void imx_receive(void *opaque, const uint8_t *buf, int size) static void imx_event(void *opaque, int event) { if (event == CHR_EVENT_BREAK) { - imx_put_data(opaque, URXD_BRK); + imx_put_data(opaque, URXD_BRK | URXD_FRMERR | URXD_ERR); } } -- 2.16.2 From: Wei Huang <wei@redhat.com> Instead of using "1.0" as the system version of SMBIOS, we should use mc->name for mach-virt machine type to be consistent other architectures. With this patch, "dmidecode -t 1" (e.g., "-M virt-2.12,accel=kvm") will show: Handle 0x0100, DMI type 1, 27 bytes System Information Manufacturer: QEMU Product Name: KVM Virtual Machine Version: virt-2.12 Serial Number: Not Specified ... instead of: Handle 0x0100, DMI type 1, 27 bytes System Information Manufacturer: QEMU Product Name: KVM Virtual Machine Version: 1.0 Serial Number: Not Specified ... For backward compatibility, we allow older machine types to keep "1.0" as the default system version. Signed-off-by: Wei Huang <wei@redhat.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 20180322212318.7182-1-wei@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/arm/virt.h | 1 + hw/arm/virt.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/virt.h +++ b/include/hw/arm/virt.h @@ -XXX,XX +XXX,XX @@ typedef struct { bool no_its; bool no_pmu; bool claim_edge_triggered_timers; + bool smbios_old_sys_ver; } VirtMachineClass; typedef struct { diff --git a/hw/arm/virt.c b/hw/arm/virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -XXX,XX +XXX,XX @@ static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size) static void virt_build_smbios(VirtMachineState *vms) { + MachineClass *mc = MACHINE_GET_CLASS(vms); + VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms); uint8_t *smbios_tables, *smbios_anchor; size_t smbios_tables_len, smbios_anchor_len; const char *product = "QEMU Virtual Machine"; @@ -XXX,XX +XXX,XX @@ static void virt_build_smbios(VirtMachineState *vms) } smbios_set_defaults("QEMU", product, - "1.0", false, true, SMBIOS_ENTRY_POINT_30); + vmc->smbios_old_sys_ver ? "1.0" : mc->name, false, + true, SMBIOS_ENTRY_POINT_30); smbios_get_tables(NULL, 0, &smbios_tables, &smbios_tables_len, &smbios_anchor, &smbios_anchor_len); @@ -XXX,XX +XXX,XX @@ static void virt_2_11_instance_init(Object *obj) static void virt_machine_2_11_options(MachineClass *mc) { + VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc)); + virt_machine_2_12_options(mc); SET_MACHINE_COMPAT(mc, VIRT_COMPAT_2_11); + vmc->smbios_old_sys_ver = true; } DEFINE_VIRT_MACHINE(2, 11) -- 2.16.2 The MDCR_EL2.TDE bit allows the exception level targeted by debug exceptions to be set to EL2 for code executing at EL0. We handle this in the arm_debug_target_el() function, but this is only used for hardware breakpoint and watchpoint exceptions, not for the exception generated when the guest executes an AArch32 BKPT or AArch64 BRK instruction. We don't have enough information for a translate-time equivalent of arm_debug_target_el(), so instead make BKPT and BRK call a special purpose helper which can do the routing, rather than the generic exception_with_syndrome helper. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180320134114.30418-2-peter.maydell@linaro.org --- target/arm/helper.h | 1 + target/arm/op_helper.c | 8 ++++++++ target/arm/translate-a64.c | 15 +++++++++++++-- target/arm/translate.c | 19 ++++++++++++++----- 4 files changed, 36 insertions(+), 7 deletions(-) diff --git a/target/arm/helper.h b/target/arm/helper.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_3(sel_flags, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32) DEF_HELPER_2(exception_internal, void, env, i32) DEF_HELPER_4(exception_with_syndrome, void, env, i32, i32, i32) +DEF_HELPER_2(exception_bkpt_insn, void, env, i32) DEF_HELPER_1(setend, void, env) DEF_HELPER_2(wfi, void, env, i32) DEF_HELPER_1(wfe, void, env) diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -XXX,XX +XXX,XX @@ void HELPER(exception_with_syndrome)(CPUARMState *env, uint32_t excp, raise_exception(env, excp, syndrome, target_el); } +/* Raise an EXCP_BKPT with the specified syndrome register value, + * targeting the correct exception level for debug exceptions. + */ +void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome) +{ + raise_exception(env, EXCP_BKPT, syndrome, arm_debug_target_el(env)); +} + uint32_t HELPER(cpsr_read)(CPUARMState *env) { return cpsr_read(env) & ~(CPSR_EXEC | CPSR_RESERVED); diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void gen_exception_insn(DisasContext *s, int offset, int excp, s->base.is_jmp = DISAS_NORETURN; } +static void gen_exception_bkpt_insn(DisasContext *s, int offset, + uint32_t syndrome) +{ + TCGv_i32 tcg_syn; + + gen_a64_set_pc_im(s->pc - offset); + tcg_syn = tcg_const_i32(syndrome); + gen_helper_exception_bkpt_insn(cpu_env, tcg_syn); + tcg_temp_free_i32(tcg_syn); + s->base.is_jmp = DISAS_NORETURN; +} + static void gen_ss_advance(DisasContext *s) { /* If the singlestep state is Active-not-pending, advance to @@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn) break; } /* BRK */ - gen_exception_insn(s, 4, EXCP_BKPT, syn_aa64_bkpt(imm16), - default_exception_el(s)); + gen_exception_bkpt_insn(s, 4, syn_aa64_bkpt(imm16)); break; case 2: if (op2_ll != 0) { diff --git a/target/arm/translate.c b/target/arm/translate.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -XXX,XX +XXX,XX @@ static void gen_exception_insn(DisasContext *s, int offset, int excp, s->base.is_jmp = DISAS_NORETURN; } +static void gen_exception_bkpt_insn(DisasContext *s, int offset, uint32_t syn) +{ + TCGv_i32 tcg_syn; + + gen_set_condexec(s); + gen_set_pc_im(s, s->pc - offset); + tcg_syn = tcg_const_i32(syn); + gen_helper_exception_bkpt_insn(cpu_env, tcg_syn); + tcg_temp_free_i32(tcg_syn); + s->base.is_jmp = DISAS_NORETURN; +} + /* Force a TB lookup after an instruction that changes the CPU state. */ static inline void gen_lookup_tb(DisasContext *s) { @@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn) case 1: /* bkpt */ ARCH(5); - gen_exception_insn(s, 4, EXCP_BKPT, - syn_aa32_bkpt(imm16, false), - default_exception_el(s)); + gen_exception_bkpt_insn(s, 4, syn_aa32_bkpt(imm16, false)); break; case 2: /* Hypervisor call (v7) */ @@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) { int imm8 = extract32(insn, 0, 8); ARCH(5); - gen_exception_insn(s, 2, EXCP_BKPT, syn_aa32_bkpt(imm8, true), - default_exception_el(s)); + gen_exception_bkpt_insn(s, 2, syn_aa32_bkpt(imm8, true)); break; } -- 2.16.2 When a debug exception is taken to AArch32, it appears as a Prefetch Abort, and the Instruction Fault Status Register (IFSR) must be set. The IFSR has two possible formats, depending on whether LPAE is in use. Factor out the code in arm_debug_excp_handler() which picks an FSR value into its own utility function, update it to use arm_fi_to_lfsc() and arm_fi_to_sfsc() rather than hard-coded constants, and use the correct condition to select long or short format. In particular this fixes a bug where we could select the short format because we're at EL0 and the EL1 translation regime is not using LPAE, but then route the debug exception to EL2 because of MDCR_EL2.TDE and hand EL2 the wrong format FSR. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180320134114.30418-3-peter.maydell@linaro.org --- target/arm/internals.h | 25 +++++++++++++++++++++++++ target/arm/op_helper.c | 12 ++---------- 2 files changed, 27 insertions(+), 10 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -XXX,XX +XXX,XX @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx) } } +/* Return the FSR value for a debug exception (watchpoint, hardware + * breakpoint or BKPT insn) targeting the specified exception level. + */ +static inline uint32_t arm_debug_exception_fsr(CPUARMState *env) +{ + ARMMMUFaultInfo fi = { .type = ARMFault_Debug }; + int target_el = arm_debug_target_el(env); + bool using_lpae = false; + + if (target_el == 2 || arm_el_is_aa64(env, target_el)) { + using_lpae = true; + } else { + if (arm_feature(env, ARM_FEATURE_LPAE) && + (env->cp15.tcr_el[target_el].raw_tcr & TTBCR_EAE)) { + using_lpae = true; + } + } + + if (using_lpae) { + return arm_fi_to_lfsc(&fi); + } else { + return arm_fi_to_sfsc(&fi); + } +} + #endif diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -XXX,XX +XXX,XX @@ void arm_debug_excp_handler(CPUState *cs) cs->watchpoint_hit = NULL; - if (extended_addresses_enabled(env)) { - env->exception.fsr = (1 << 9) | 0x22; - } else { - env->exception.fsr = 0x2; - } + env->exception.fsr = arm_debug_exception_fsr(env); env->exception.vaddress = wp_hit->hitaddr; raise_exception(env, EXCP_DATA_ABORT, syn_watchpoint(same_el, 0, wnr), @@ -XXX,XX +XXX,XX @@ void arm_debug_excp_handler(CPUState *cs) return; } - if (extended_addresses_enabled(env)) { - env->exception.fsr = (1 << 9) | 0x22; - } else { - env->exception.fsr = 0x2; - } + env->exception.fsr = arm_debug_exception_fsr(env); /* FAR is UNKNOWN, so doesn't need setting */ raise_exception(env, EXCP_PREFETCH_ABORT, syn_breakpoint(same_el), -- 2.16.2 Now that we have a helper function specifically for the BRK and BKPT instructions, we can set the exception.fsr there rather than in arm_cpu_do_interrupt_aarch32(). This allows us to use our new arm_debug_exception_fsr() helper. In particular this fixes a bug where we were hardcoding the short-form IFSR value, which is wrong if the target exception level has LPAE enabled. Fixes: https://bugs.launchpad.net/qemu/+bug/1756927 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180320134114.30418-4-peter.maydell@linaro.org --- target/arm/helper.c | 1 - target/arm/op_helper.c | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs) offset = 0; break; case EXCP_BKPT: - env->exception.fsr = 2; /* Fall through to prefetch abort. */ case EXCP_PREFETCH_ABORT: A32_BANKED_CURRENT_REG_SET(env, ifsr, env->exception.fsr); diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -XXX,XX +XXX,XX @@ void HELPER(exception_with_syndrome)(CPUARMState *env, uint32_t excp, */ void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome) { + /* FSR will only be used if the debug target EL is AArch32. */ + env->exception.fsr = arm_debug_exception_fsr(env); raise_exception(env, EXCP_BKPT, syndrome, arm_debug_target_el(env)); } -- 2.16.2 For debug exceptions due to breakpoints or the BKPT instruction which are taken to AArch32, the Fault Address Register is architecturally UNKNOWN. We were using that as license to simply not set env->exception.vaddress, but this isn't correct, because it will expose to the guest whatever old value was in that field when arm_cpu_do_interrupt_aarch32() writes it to the guest IFSR. That old value might be a FAR for a previous guest EL2 or secure exception, in which case we shouldn't show it to an EL1 or non-secure exception handler. It might also be a non-deterministic value, which is bad for record-and-replay. Clear env->exception.vaddress before taking breakpoint debug exceptions, to avoid this minor information leak. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180320134114.30418-5-peter.maydell@linaro.org --- target/arm/op_helper.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -XXX,XX +XXX,XX @@ void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome) { /* FSR will only be used if the debug target EL is AArch32. */ env->exception.fsr = arm_debug_exception_fsr(env); + /* FAR is UNKNOWN: clear vaddress to avoid potentially exposing + * values to the guest that it shouldn't be able to see at its + * exception/security level. + */ + env->exception.vaddress = 0; raise_exception(env, EXCP_BKPT, syndrome, arm_debug_target_el(env)); } @@ -XXX,XX +XXX,XX @@ void arm_debug_excp_handler(CPUState *cs) } env->exception.fsr = arm_debug_exception_fsr(env); - /* FAR is UNKNOWN, so doesn't need setting */ + /* FAR is UNKNOWN: clear vaddress to avoid potentially exposing + * values to the guest that it shouldn't be able to see at its + * exception/security level. + */ + env->exception.vaddress = 0; raise_exception(env, EXCP_PREFETCH_ABORT, syn_breakpoint(same_el), arm_debug_target_el(env)); -- 2.16.2 First target-arm pullreq of the 4.0 series; most of this is Mao's cleanups that finally let us drop sysbus::init; the most interesting user-visible feature is RTH's patches adding some v8.1 and v8.2 architecture features. thanks -- PMM The following changes since commit 6145a6d84b3bf0f25935b88543febe076c61b0f4: Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20181212' into staging (2018-12-13 13:06:09 +0000) are available in the Git repository at: https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181213 for you to fetch changes up to 2d7137c10fafefe40a0a049ff8a7bd78b66e661f: target/arm: Implement the ARMv8.1-LOR extension (2018-12-13 14:41:24 +0000) ---------------------------------------------------------------- target-arm queue: * Convert various devices from sysbus init to instance_init * Remove the now unused sysbus init support entirely * Allow AArch64 processors to boot from a kernel placed over 4GB * hw: arm: musicpal: drop TYPE_WM8750 in object_property_set_link() * versal: minor fixes to virtio-mmio instantation * arm: Implement the ARMv8.1-HPD extension * arm: Implement the ARMv8.2-AA32HPD extension * arm: Implement the ARMv8.1-LOR extension (as the trivial "no limited ordering regions provided" minimum) ---------------------------------------------------------------- Edgar E. Iglesias (4): hw/arm: versal: Remove bogus virtio-mmio creation hw/arm: versal: Reduce number of virtio-mmio instances hw/arm: versal: Use IRQs 111 - 118 for virtio-mmio hw/arm: versal: Correct the nr of IRQs to 192 Li Qiang (1): hw: arm: musicpal: drop TYPE_WM8750 in object_property_set_link() Mao Zhongyi (21): musicpal: Convert sysbus init function to realize function block/noenand: Convert sysbus init function to realize function char/grlib_apbuart: Convert sysbus init function to realize function core/empty_slot: Convert sysbus init function to realize function display/g364fb: Convert sysbus init function to realize function dma/puv3_dma: Convert sysbus init function to realize function gpio/puv3_gpio: Convert sysbus init function to realize function milkymist-softusb: Convert sysbus init function to realize function input/pl050: Convert sysbus init function to realize function intc/puv3_intc: Convert sysbus init function to realize function milkymist-hpdmc: Convert sysbus init function to realize function milkymist-pfpu: Convert sysbus init function to realize function puv3_pm.c: Convert sysbus init function to realize function nvram/ds1225y: Convert sysbus init function to realize function pci-bridge/dec: Convert sysbus init function to realize function timer/etraxfs_timer: Convert sysbus init function to realize function timer/grlib_gptimer: Convert sysbus init function to realize function timer/puv3_ost: Convert sysbus init function to realize function usb/tusb6010: Convert sysbus init function to realize function xen_backend: remove xen_sysdev_init() function core/sysbus: remove the SysBusDeviceClass::init path Peter Maydell (1): target/arm: Move id_aa64mmfr* to ARMISARegisters Ricardo Perez Blanco (1): Allow AArch64 processors to boot from a kernel placed over 4GB Richard Henderson (9): target/arm: Add HCR_EL2 bits up to ARMv8.5 target/arm: Add SCR_EL3 bits up to ARMv8.5 target/arm: Fix HCR_EL2.TGE check in arm_phys_excp_target_el target/arm: Tidy scr_write target/arm: Implement the ARMv8.1-HPD extension target/arm: Implement the ARMv8.2-AA32HPD extension target/arm: Introduce arm_hcr_el2_eff target/arm: Use arm_hcr_el2_eff more places target/arm: Implement the ARMv8.1-LOR extension include/hw/arm/xlnx-versal.h | 8 +- include/hw/sysbus.h | 3 - target/arm/cpu.h | 141 ++++++++++++++++----------- target/arm/internals.h | 3 +- hw/arm/boot.c | 35 ++++--- hw/arm/musicpal.c | 11 +-- hw/arm/xlnx-versal-virt.c | 7 +- hw/block/onenand.c | 16 ++-- hw/char/grlib_apbuart.c | 12 +-- hw/core/empty_slot.c | 9 +- hw/core/sysbus.c | 15 +-- hw/display/g364fb.c | 9 +- hw/dma/puv3_dma.c | 10 +- hw/gpio/puv3_gpio.c | 29 +++--- hw/input/milkymist-softusb.c | 16 ++-- hw/input/pl050.c | 11 +-- hw/intc/arm_gicv3_cpuif.c | 21 ++-- hw/intc/puv3_intc.c | 11 +-- hw/misc/milkymist-hpdmc.c | 9 +- hw/misc/milkymist-pfpu.c | 12 +-- hw/misc/puv3_pm.c | 10 +- hw/nvram/ds1225y.c | 12 +-- hw/pci-bridge/dec.c | 12 +-- hw/timer/etraxfs_timer.c | 14 +-- hw/timer/grlib_gptimer.c | 11 +-- hw/timer/puv3_ost.c | 13 ++- hw/usb/tusb6010.c | 8 +- hw/xen/xen_backend.c | 7 -- target/arm/cpu.c | 4 + target/arm/cpu64.c | 11 ++- target/arm/helper.c | 222 ++++++++++++++++++++++++++++++++++++------- target/arm/kvm64.c | 4 + target/arm/op_helper.c | 14 ++- target/arm/translate-a64.c | 12 +++ 34 files changed, 456 insertions(+), 286 deletions(-) From: Li Qiang <liq3ea@gmail.com> The third argument of object_property_set_link() is the name of property, not related with the QOM type name, using the constant string instead. Signed-off-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 1542880825-2604-1-git-send-email-liq3ea@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/musicpal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/musicpal.c +++ b/hw/arm/musicpal.c @@ -XXX,XX +XXX,XX @@ static void musicpal_init(MachineState *machine) dev = qdev_create(NULL, TYPE_MV88W8618_AUDIO); s = SYS_BUS_DEVICE(dev); object_property_set_link(OBJECT(dev), OBJECT(wm8750_dev), - TYPE_WM8750, NULL); + "wm8750", NULL); qdev_init_nofail(dev); sysbus_mmio_map(s, 0, MP_AUDIO_BASE); sysbus_connect_irq(s, 0, pic[MP_AUDIO_IRQ]); -- 2.19.2 From: Ricardo Perez Blanco <ricardo.perez_blanco@nokia.com> Architecturally, it's possible for an AArch64 machine to have all of its RAM over the 4GB mark, but our kernel/initrd loading code in boot.c assumes that the upper half of the addresses to load these images to is always zero. Write the whole 64 bit address into the bootloader code fragment, not just the low half. Note that, currently, none of the existing QEMU machines have their main memory over 4GBs, so this was not a user-visible bug. Signed-off-by: Ricardo Perez Blanco <ricardo.perez_blanco@nokia.com> [PMM: revised commit message and tweaked some long lines] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/boot.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/hw/arm/boot.c b/hw/arm/boot.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -XXX,XX +XXX,XX @@ typedef enum { FIXUP_TERMINATOR, /* end of insns */ FIXUP_BOARDID, /* overwrite with board ID number */ FIXUP_BOARD_SETUP, /* overwrite with board specific setup code address */ - FIXUP_ARGPTR, /* overwrite with pointer to kernel args */ - FIXUP_ENTRYPOINT, /* overwrite with kernel entry point */ + FIXUP_ARGPTR_LO, /* overwrite with pointer to kernel args */ + FIXUP_ARGPTR_HI, /* overwrite with pointer to kernel args (high half) */ + FIXUP_ENTRYPOINT_LO, /* overwrite with kernel entry point */ + FIXUP_ENTRYPOINT_HI, /* overwrite with kernel entry point (high half) */ FIXUP_GIC_CPU_IF, /* overwrite with GIC CPU interface address */ FIXUP_BOOTREG, /* overwrite with boot register address */ FIXUP_DSB, /* overwrite with correct DSB insn for cpu */ @@ -XXX,XX +XXX,XX @@ static const ARMInsnFixup bootloader_aarch64[] = { { 0xaa1f03e3 }, /* mov x3, xzr */ { 0x58000084 }, /* ldr x4, entry ; Load the lower 32-bits of kernel entry */ { 0xd61f0080 }, /* br x4 ; Jump to the kernel entry point */ - { 0, FIXUP_ARGPTR }, /* arg: .word @DTB Lower 32-bits */ - { 0 }, /* .word @DTB Higher 32-bits */ - { 0, FIXUP_ENTRYPOINT }, /* entry: .word @Kernel Entry Lower 32-bits */ - { 0 }, /* .word @Kernel Entry Higher 32-bits */ + { 0, FIXUP_ARGPTR_LO }, /* arg: .word @DTB Lower 32-bits */ + { 0, FIXUP_ARGPTR_HI}, /* .word @DTB Higher 32-bits */ + { 0, FIXUP_ENTRYPOINT_LO }, /* entry: .word @Kernel Entry Lower 32-bits */ + { 0, FIXUP_ENTRYPOINT_HI }, /* .word @Kernel Entry Higher 32-bits */ { 0, FIXUP_TERMINATOR } }; @@ -XXX,XX +XXX,XX @@ static const ARMInsnFixup bootloader[] = { { 0xe59f2004 }, /* ldr r2, [pc, #4] */ { 0xe59ff004 }, /* ldr pc, [pc, #4] */ { 0, FIXUP_BOARDID }, - { 0, FIXUP_ARGPTR }, - { 0, FIXUP_ENTRYPOINT }, + { 0, FIXUP_ARGPTR_LO }, + { 0, FIXUP_ENTRYPOINT_LO }, { 0, FIXUP_TERMINATOR } }; @@ -XXX,XX +XXX,XX @@ static void write_bootloader(const char *name, hwaddr addr, break; case FIXUP_BOARDID: case FIXUP_BOARD_SETUP: - case FIXUP_ARGPTR: - case FIXUP_ENTRYPOINT: + case FIXUP_ARGPTR_LO: + case FIXUP_ARGPTR_HI: + case FIXUP_ENTRYPOINT_LO: + case FIXUP_ENTRYPOINT_HI: case FIXUP_GIC_CPU_IF: case FIXUP_BOOTREG: case FIXUP_DSB: @@ -XXX,XX +XXX,XX @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info) /* Place the DTB after the initrd in memory with alignment. */ info->dtb_start = QEMU_ALIGN_UP(info->initrd_start + initrd_size, align); - fixupcontext[FIXUP_ARGPTR] = info->dtb_start; + fixupcontext[FIXUP_ARGPTR_LO] = info->dtb_start; + fixupcontext[FIXUP_ARGPTR_HI] = info->dtb_start >> 32; } else { - fixupcontext[FIXUP_ARGPTR] = info->loader_start + KERNEL_ARGS_ADDR; + fixupcontext[FIXUP_ARGPTR_LO] = + info->loader_start + KERNEL_ARGS_ADDR; + fixupcontext[FIXUP_ARGPTR_HI] = + (info->loader_start + KERNEL_ARGS_ADDR) >> 32; if (info->ram_size >= (1ULL << 32)) { error_report("RAM size must be less than 4GB to boot" " Linux kernel using ATAGS (try passing a device tree" @@ -XXX,XX +XXX,XX @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info) exit(1); } } - fixupcontext[FIXUP_ENTRYPOINT] = entry; + fixupcontext[FIXUP_ENTRYPOINT_LO] = entry; + fixupcontext[FIXUP_ENTRYPOINT_HI] = entry >> 32; write_bootloader("bootloader", info->loader_start, primary_loader, fixupcontext, as); -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in mv88w8618_wlan_class_init(). Cc: jan.kiszka@web.de Cc: peter.maydell@linaro.org Cc: qemu-arm@nongnu.org Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-2-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/musicpal.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/musicpal.c +++ b/hw/arm/musicpal.c @@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps mv88w8618_wlan_ops = { .endianness = DEVICE_NATIVE_ENDIAN, }; -static int mv88w8618_wlan_init(SysBusDevice *dev) +static void mv88w8618_wlan_realize(DeviceState *dev, Error **errp) { MemoryRegion *iomem = g_new(MemoryRegion, 1); memory_region_init_io(iomem, OBJECT(dev), &mv88w8618_wlan_ops, NULL, "musicpal-wlan", MP_WLAN_SIZE); - sysbus_init_mmio(dev, iomem); - return 0; + sysbus_init_mmio(SYS_BUS_DEVICE(dev), iomem); } /* GPIO register offsets */ @@ -XXX,XX +XXX,XX @@ DEFINE_MACHINE("musicpal", musicpal_machine_init) static void mv88w8618_wlan_class_init(ObjectClass *klass, void *data) { - SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass); + DeviceClass *dc = DEVICE_CLASS(klass); - sdc->init = mv88w8618_wlan_init; + dc->realize = mv88w8618_wlan_realize; } static const TypeInfo mv88w8618_wlan_info = { -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in onenand_class_init(). Cc: kwolf@redhat.com Cc: mreitz@redhat.com Cc: qemu-block@nongnu.org Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-3-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/block/onenand.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/hw/block/onenand.c b/hw/block/onenand.c index XXXXXXX..XXXXXXX 100644 --- a/hw/block/onenand.c +++ b/hw/block/onenand.c @@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps onenand_ops = { .endianness = DEVICE_NATIVE_ENDIAN, }; -static int onenand_initfn(SysBusDevice *sbd) +static void onenand_realize(DeviceState *dev, Error **errp) { - DeviceState *dev = DEVICE(sbd); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); OneNANDState *s = ONE_NAND(dev); uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7)); void *ram; @@ -XXX,XX +XXX,XX @@ static int onenand_initfn(SysBusDevice *sbd) 0xff, size + (size >> 5)); } else { if (blk_is_read_only(s->blk)) { - error_report("Can't use a read-only drive"); - return -1; + error_setg(errp, "Can't use a read-only drive"); + return; } blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, BLK_PERM_ALL, &local_err); if (local_err) { - error_report_err(local_err); - return -1; + error_propagate(errp, local_err); + return; } s->blk_cur = s->blk; } @@ -XXX,XX +XXX,XX @@ static int onenand_initfn(SysBusDevice *sbd) | ((s->id.dev & 0xff) << 8) | (s->id.ver & 0xff), &vmstate_onenand, s); - return 0; } static Property onenand_properties[] = { @@ -XXX,XX +XXX,XX @@ static Property onenand_properties[] = { static void onenand_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); - k->init = onenand_initfn; + dc->realize = onenand_realize; dc->reset = onenand_system_reset; dc->props = onenand_properties; } -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in grlib_apbuart_class_init(). Cc: chouteau@adacore.com Cc: marcandre.lureau@redhat.com Cc: pbonzini@redhat.com Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-4-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/char/grlib_apbuart.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/hw/char/grlib_apbuart.c b/hw/char/grlib_apbuart.c index XXXXXXX..XXXXXXX 100644 --- a/hw/char/grlib_apbuart.c +++ b/hw/char/grlib_apbuart.c @@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps grlib_apbuart_ops = { .endianness = DEVICE_NATIVE_ENDIAN, }; -static int grlib_apbuart_init(SysBusDevice *dev) +static void grlib_apbuart_realize(DeviceState *dev, Error **errp) { UART *uart = GRLIB_APB_UART(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); qemu_chr_fe_set_handlers(&uart->chr, grlib_apbuart_can_receive, @@ -XXX,XX +XXX,XX @@ static int grlib_apbuart_init(SysBusDevice *dev) grlib_apbuart_event, NULL, uart, NULL, true); - sysbus_init_irq(dev, &uart->irq); + sysbus_init_irq(sbd, &uart->irq); memory_region_init_io(&uart->iomem, OBJECT(uart), &grlib_apbuart_ops, uart, "uart", UART_REG_SIZE); - sysbus_init_mmio(dev, &uart->iomem); - - return 0; + sysbus_init_mmio(sbd, &uart->iomem); } static void grlib_apbuart_reset(DeviceState *d) @@ -XXX,XX +XXX,XX @@ static Property grlib_apbuart_properties[] = { static void grlib_apbuart_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); - k->init = grlib_apbuart_init; + dc->realize = grlib_apbuart_realize; dc->reset = grlib_apbuart_reset; dc->props = grlib_apbuart_properties; } -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in empty_slot_class_init(). Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-5-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/core/empty_slot.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/hw/core/empty_slot.c b/hw/core/empty_slot.c index XXXXXXX..XXXXXXX 100644 --- a/hw/core/empty_slot.c +++ b/hw/core/empty_slot.c @@ -XXX,XX +XXX,XX @@ void empty_slot_init(hwaddr addr, uint64_t slot_size) } } -static int empty_slot_init1(SysBusDevice *dev) +static void empty_slot_realize(DeviceState *dev, Error **errp) { EmptySlot *s = EMPTY_SLOT(dev); memory_region_init_io(&s->iomem, OBJECT(s), &empty_slot_ops, s, "empty-slot", s->size); - sysbus_init_mmio(dev, &s->iomem); - return 0; + sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem); } static void empty_slot_class_init(ObjectClass *klass, void *data) { - SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); + DeviceClass *dc = DEVICE_CLASS(klass); - k->init = empty_slot_init1; + dc->realize = empty_slot_realize; } static const TypeInfo empty_slot_info = { -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in g364fb_sysbus_class_init(). Cc: pbonzini@redhat.com Cc: kraxel@redhat.com Cc: f4bug@amsat.org Cc: alistair.francis@wdc.com Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-6-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/display/g364fb.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/hw/display/g364fb.c b/hw/display/g364fb.c index XXXXXXX..XXXXXXX 100644 --- a/hw/display/g364fb.c +++ b/hw/display/g364fb.c @@ -XXX,XX +XXX,XX @@ typedef struct { G364State g364; } G364SysBusState; -static int g364fb_sysbus_init(SysBusDevice *sbd) +static void g364fb_sysbus_realize(DeviceState *dev, Error **errp) { - DeviceState *dev = DEVICE(sbd); G364SysBusState *sbs = G364(dev); G364State *s = &sbs->g364; + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); g364fb_init(dev, s); sysbus_init_irq(sbd, &s->irq); sysbus_init_mmio(sbd, &s->mem_ctrl); sysbus_init_mmio(sbd, &s->mem_vram); - - return 0; } static void g364fb_sysbus_reset(DeviceState *d) @@ -XXX,XX +XXX,XX @@ static Property g364fb_sysbus_properties[] = { static void g364fb_sysbus_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); - k->init = g364fb_sysbus_init; + dc->realize = g364fb_sysbus_realize; set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories); dc->desc = "G364 framebuffer"; dc->reset = g364fb_sysbus_reset; -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in puv3_dma_class_init(). Cc: gxt@mprc.pku.edu.cn Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-7-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/dma/puv3_dma.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/hw/dma/puv3_dma.c b/hw/dma/puv3_dma.c index XXXXXXX..XXXXXXX 100644 --- a/hw/dma/puv3_dma.c +++ b/hw/dma/puv3_dma.c @@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps puv3_dma_ops = { .endianness = DEVICE_NATIVE_ENDIAN, }; -static int puv3_dma_init(SysBusDevice *dev) +static void puv3_dma_realize(DeviceState *dev, Error **errp) { PUV3DMAState *s = PUV3_DMA(dev); int i; @@ -XXX,XX +XXX,XX @@ static int puv3_dma_init(SysBusDevice *dev) memory_region_init_io(&s->iomem, OBJECT(s), &puv3_dma_ops, s, "puv3_dma", PUV3_REGS_OFFSET); - sysbus_init_mmio(dev, &s->iomem); - - return 0; + sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem); } static void puv3_dma_class_init(ObjectClass *klass, void *data) { - SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass); + DeviceClass *dc = DEVICE_CLASS(klass); - sdc->init = puv3_dma_init; + dc->realize = puv3_dma_realize; } static const TypeInfo puv3_dma_info = { -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in puv3_gpio_class_init(). Cc: gxt@mprc.pku.edu.cn Cc: peter.maydell@linaro.org Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-8-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/gpio/puv3_gpio.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/hw/gpio/puv3_gpio.c b/hw/gpio/puv3_gpio.c index XXXXXXX..XXXXXXX 100644 --- a/hw/gpio/puv3_gpio.c +++ b/hw/gpio/puv3_gpio.c @@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps puv3_gpio_ops = { .endianness = DEVICE_NATIVE_ENDIAN, }; -static int puv3_gpio_init(SysBusDevice *dev) +static void puv3_gpio_realize(DeviceState *dev, Error **errp) { PUV3GPIOState *s = PUV3_GPIO(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); s->reg_GPLR = 0; s->reg_GPDR = 0; /* FIXME: these irqs not handled yet */ - sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW0]); - sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW1]); - sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW2]); - sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW3]); - sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW4]); - sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW5]); - sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW6]); - sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOLOW7]); - sysbus_init_irq(dev, &s->irq[PUV3_IRQS_GPIOHIGH]); + sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW0]); + sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW1]); + sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW2]); + sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW3]); + sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW4]); + sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW5]); + sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW6]); + sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOLOW7]); + sysbus_init_irq(sbd, &s->irq[PUV3_IRQS_GPIOHIGH]); memory_region_init_io(&s->iomem, OBJECT(s), &puv3_gpio_ops, s, "puv3_gpio", PUV3_REGS_OFFSET); - sysbus_init_mmio(dev, &s->iomem); - - return 0; + sysbus_init_mmio(sbd, &s->iomem); } static void puv3_gpio_class_init(ObjectClass *klass, void *data) { - SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass); + DeviceClass *dc = DEVICE_CLASS(klass); - sdc->init = puv3_gpio_init; + dc->realize = puv3_gpio_realize; } static const TypeInfo puv3_gpio_info = { -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in milkymist_softusb_class_init(). Cc: michael@walle.cc Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-9-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/input/milkymist-softusb.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/hw/input/milkymist-softusb.c b/hw/input/milkymist-softusb.c index XXXXXXX..XXXXXXX 100644 --- a/hw/input/milkymist-softusb.c +++ b/hw/input/milkymist-softusb.c @@ -XXX,XX +XXX,XX @@ static void milkymist_softusb_reset(DeviceState *d) s->regs[R_CTRL] = CTRL_RESET; } -static int milkymist_softusb_init(SysBusDevice *dev) +static void milkymist_softusb_realize(DeviceState *dev, Error **errp) { MilkymistSoftUsbState *s = MILKYMIST_SOFTUSB(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); - sysbus_init_irq(dev, &s->irq); + sysbus_init_irq(sbd, &s->irq); memory_region_init_io(&s->regs_region, OBJECT(s), &softusb_mmio_ops, s, "milkymist-softusb", R_MAX * 4); - sysbus_init_mmio(dev, &s->regs_region); + sysbus_init_mmio(sbd, &s->regs_region); /* register pmem and dmem */ memory_region_init_ram_nomigrate(&s->pmem, OBJECT(s), "milkymist-softusb.pmem", s->pmem_size, &error_fatal); vmstate_register_ram_global(&s->pmem); s->pmem_ptr = memory_region_get_ram_ptr(&s->pmem); - sysbus_init_mmio(dev, &s->pmem); + sysbus_init_mmio(sbd, &s->pmem); memory_region_init_ram_nomigrate(&s->dmem, OBJECT(s), "milkymist-softusb.dmem", s->dmem_size, &error_fatal); vmstate_register_ram_global(&s->dmem); s->dmem_ptr = memory_region_get_ram_ptr(&s->dmem); - sysbus_init_mmio(dev, &s->dmem); + sysbus_init_mmio(sbd, &s->dmem); hid_init(&s->hid_kbd, HID_KEYBOARD, softusb_kbd_hid_datain); hid_init(&s->hid_mouse, HID_MOUSE, softusb_mouse_hid_datain); - - return 0; } static const VMStateDescription vmstate_milkymist_softusb = { @@ -XXX,XX +XXX,XX @@ static Property milkymist_softusb_properties[] = { static void milkymist_softusb_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); - k->init = milkymist_softusb_init; + dc->realize = milkymist_softusb_realize; dc->reset = milkymist_softusb_reset; dc->vmsd = &vmstate_milkymist_softusb; dc->props = milkymist_softusb_properties; -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in pl050_class_init(). Cc: peter.maydell@linaro.org Cc: qemu-arm@nongnu.org Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-10-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/input/pl050.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/hw/input/pl050.c b/hw/input/pl050.c index XXXXXXX..XXXXXXX 100644 --- a/hw/input/pl050.c +++ b/hw/input/pl050.c @@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps pl050_ops = { .endianness = DEVICE_NATIVE_ENDIAN, }; -static int pl050_initfn(SysBusDevice *dev) +static void pl050_realize(DeviceState *dev, Error **errp) { PL050State *s = PL050(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); memory_region_init_io(&s->iomem, OBJECT(s), &pl050_ops, s, "pl050", 0x1000); - sysbus_init_mmio(dev, &s->iomem); - sysbus_init_irq(dev, &s->irq); + sysbus_init_mmio(sbd, &s->iomem); + sysbus_init_irq(sbd, &s->irq); if (s->is_mouse) { s->dev = ps2_mouse_init(pl050_update, s); } else { s->dev = ps2_kbd_init(pl050_update, s); } - return 0; } static void pl050_keyboard_init(Object *obj) @@ -XXX,XX +XXX,XX @@ static const TypeInfo pl050_mouse_info = { static void pl050_class_init(ObjectClass *oc, void *data) { DeviceClass *dc = DEVICE_CLASS(oc); - SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(oc); - sdc->init = pl050_initfn; + dc->realize = pl050_realize; dc->vmsd = &vmstate_pl050; } -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in puv3_intc_class_init(). Cc: gxt@mprc.pku.edu.cn Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-11-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/intc/puv3_intc.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/hw/intc/puv3_intc.c b/hw/intc/puv3_intc.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/puv3_intc.c +++ b/hw/intc/puv3_intc.c @@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps puv3_intc_ops = { .endianness = DEVICE_NATIVE_ENDIAN, }; -static int puv3_intc_init(SysBusDevice *sbd) +static void puv3_intc_realize(DeviceState *dev, Error **errp) { - DeviceState *dev = DEVICE(sbd); PUV3INTCState *s = PUV3_INTC(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); qdev_init_gpio_in(dev, puv3_intc_handler, PUV3_IRQS_NR); sysbus_init_irq(sbd, &s->parent_irq); @@ -XXX,XX +XXX,XX @@ static int puv3_intc_init(SysBusDevice *sbd) memory_region_init_io(&s->iomem, OBJECT(s), &puv3_intc_ops, s, "puv3_intc", PUV3_REGS_OFFSET); sysbus_init_mmio(sbd, &s->iomem); - - return 0; } static void puv3_intc_class_init(ObjectClass *klass, void *data) { - SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass); - - sdc->init = puv3_intc_init; + DeviceClass *dc = DEVICE_CLASS(klass); + dc->realize = puv3_intc_realize; } static const TypeInfo puv3_intc_info = { -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in milkymist_hpdmc_class_init(). Cc: gxt@mprc.pku.edu.cn Cc: michael@walle.cc Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-12-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/misc/milkymist-hpdmc.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/hw/misc/milkymist-hpdmc.c b/hw/misc/milkymist-hpdmc.c index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/milkymist-hpdmc.c +++ b/hw/misc/milkymist-hpdmc.c @@ -XXX,XX +XXX,XX @@ static void milkymist_hpdmc_reset(DeviceState *d) | IODELAY_PLL2_LOCKED; } -static int milkymist_hpdmc_init(SysBusDevice *dev) +static void milkymist_hpdmc_realize(DeviceState *dev, Error **errp) { MilkymistHpdmcState *s = MILKYMIST_HPDMC(dev); memory_region_init_io(&s->regs_region, OBJECT(dev), &hpdmc_mmio_ops, s, "milkymist-hpdmc", R_MAX * 4); - sysbus_init_mmio(dev, &s->regs_region); - - return 0; + sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->regs_region); } static const VMStateDescription vmstate_milkymist_hpdmc = { @@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_milkymist_hpdmc = { static void milkymist_hpdmc_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); - k->init = milkymist_hpdmc_init; + dc->realize = milkymist_hpdmc_realize; dc->reset = milkymist_hpdmc_reset; dc->vmsd = &vmstate_milkymist_hpdmc; } -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in milkymist_pfpu_class_init(). Cc: michael@walle.cc Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-13-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/misc/milkymist-pfpu.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/hw/misc/milkymist-pfpu.c b/hw/misc/milkymist-pfpu.c index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/milkymist-pfpu.c +++ b/hw/misc/milkymist-pfpu.c @@ -XXX,XX +XXX,XX @@ static void milkymist_pfpu_reset(DeviceState *d) } } -static int milkymist_pfpu_init(SysBusDevice *dev) +static void milkymist_pfpu_realize(DeviceState *dev, Error **errp) { MilkymistPFPUState *s = MILKYMIST_PFPU(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); - sysbus_init_irq(dev, &s->irq); + sysbus_init_irq(sbd, &s->irq); memory_region_init_io(&s->regs_region, OBJECT(dev), &pfpu_mmio_ops, s, "milkymist-pfpu", MICROCODE_END * 4); - sysbus_init_mmio(dev, &s->regs_region); - - return 0; + sysbus_init_mmio(sbd, &s->regs_region); } static const VMStateDescription vmstate_milkymist_pfpu = { @@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_milkymist_pfpu = { static void milkymist_pfpu_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); - k->init = milkymist_pfpu_init; + dc->realize = milkymist_pfpu_realize; dc->reset = milkymist_pfpu_reset; dc->vmsd = &vmstate_milkymist_pfpu; } -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in puv3_pm_class_init(). Cc: gxt@mprc.pku.edu.cn Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-14-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/misc/puv3_pm.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/hw/misc/puv3_pm.c b/hw/misc/puv3_pm.c index XXXXXXX..XXXXXXX 100644 --- a/hw/misc/puv3_pm.c +++ b/hw/misc/puv3_pm.c @@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps puv3_pm_ops = { .endianness = DEVICE_NATIVE_ENDIAN, }; -static int puv3_pm_init(SysBusDevice *dev) +static void puv3_pm_realize(DeviceState *dev, Error **errp) { PUV3PMState *s = PUV3_PM(dev); @@ -XXX,XX +XXX,XX @@ static int puv3_pm_init(SysBusDevice *dev) memory_region_init_io(&s->iomem, OBJECT(s), &puv3_pm_ops, s, "puv3_pm", PUV3_REGS_OFFSET); - sysbus_init_mmio(dev, &s->iomem); - - return 0; + sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem); } static void puv3_pm_class_init(ObjectClass *klass, void *data) { - SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass); + DeviceClass *dc = DEVICE_CLASS(klass); - sdc->init = puv3_pm_init; + dc->realize = puv3_pm_realize; } static const TypeInfo puv3_pm_info = { -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in nvram_sysbus_class_init(). Cc: pbonzini@redhat.com Cc: marcandre.lureau@redhat.com Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-15-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/nvram/ds1225y.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/hw/nvram/ds1225y.c b/hw/nvram/ds1225y.c index XXXXXXX..XXXXXXX 100644 --- a/hw/nvram/ds1225y.c +++ b/hw/nvram/ds1225y.c @@ -XXX,XX +XXX,XX @@ #include "qemu/osdep.h" #include "hw/sysbus.h" #include "trace.h" +#include "qemu/error-report.h" typedef struct { MemoryRegion iomem; @@ -XXX,XX +XXX,XX @@ typedef struct { NvRamState nvram; } SysBusNvRamState; -static int nvram_sysbus_initfn(SysBusDevice *dev) +static void nvram_sysbus_realize(DeviceState *dev, Error **errp) { SysBusNvRamState *sys = DS1225Y(dev); NvRamState *s = &sys->nvram; @@ -XXX,XX +XXX,XX @@ static int nvram_sysbus_initfn(SysBusDevice *dev) memory_region_init_io(&s->iomem, OBJECT(s), &nvram_ops, s, "nvram", s->chip_size); - sysbus_init_mmio(dev, &s->iomem); + sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem); /* Read current file */ file = s->filename ? fopen(s->filename, "rb") : NULL; if (file) { /* Read nvram contents */ if (fread(s->contents, s->chip_size, 1, file) != 1) { - printf("nvram_sysbus_initfn: short read\n"); + error_report("nvram_sysbus_realize: short read"); } fclose(file); } nvram_post_load(s, 0); - - return 0; } static Property nvram_sysbus_properties[] = { @@ -XXX,XX +XXX,XX @@ static Property nvram_sysbus_properties[] = { static void nvram_sysbus_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); - k->init = nvram_sysbus_initfn; + dc->realize = nvram_sysbus_realize; dc->vmsd = &vmstate_nvram; dc->props = nvram_sysbus_properties; } -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in pci_dec_21154_device_class_init(). Cc: david@gibson.dropbear.id.au Cc: mst@redhat.com Cc: marcel.apfelbaum@gmail.com Cc: qemu-ppc@nongnu.org Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: David Gibson <david@gibson.dropbear.id.au> Message-id: 20181130093852.20739-16-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/pci-bridge/dec.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hw/pci-bridge/dec.c b/hw/pci-bridge/dec.c index XXXXXXX..XXXXXXX 100644 --- a/hw/pci-bridge/dec.c +++ b/hw/pci-bridge/dec.c @@ -XXX,XX +XXX,XX @@ PCIBus *pci_dec_21154_init(PCIBus *parent_bus, int devfn) return pci_bridge_get_sec_bus(br); } -static int pci_dec_21154_device_init(SysBusDevice *dev) +static void pci_dec_21154_device_realize(DeviceState *dev, Error **errp) { PCIHostState *phb; + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); phb = PCI_HOST_BRIDGE(dev); @@ -XXX,XX +XXX,XX @@ static int pci_dec_21154_device_init(SysBusDevice *dev) dev, "pci-conf-idx", 0x1000); memory_region_init_io(&phb->data_mem, OBJECT(dev), &pci_host_data_le_ops, dev, "pci-data-idx", 0x1000); - sysbus_init_mmio(dev, &phb->conf_mem); - sysbus_init_mmio(dev, &phb->data_mem); - return 0; + sysbus_init_mmio(sbd, &phb->conf_mem); + sysbus_init_mmio(sbd, &phb->data_mem); } static void dec_21154_pci_host_realize(PCIDevice *d, Error **errp) @@ -XXX,XX +XXX,XX @@ static const TypeInfo dec_21154_pci_host_info = { static void pci_dec_21154_device_class_init(ObjectClass *klass, void *data) { - SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass); + DeviceClass *dc = DEVICE_CLASS(klass); - sdc->init = pci_dec_21154_device_init; + dc->realize = pci_dec_21154_device_realize; } static const TypeInfo pci_dec_21154_device_info = { -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in etraxfs_timer_class_init(). Cc: edgar.iglesias@gmail.com Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20181130093852.20739-17-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/timer/etraxfs_timer.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/hw/timer/etraxfs_timer.c b/hw/timer/etraxfs_timer.c index XXXXXXX..XXXXXXX 100644 --- a/hw/timer/etraxfs_timer.c +++ b/hw/timer/etraxfs_timer.c @@ -XXX,XX +XXX,XX @@ static void etraxfs_timer_reset(void *opaque) qemu_irq_lower(t->irq); } -static int etraxfs_timer_init(SysBusDevice *dev) +static void etraxfs_timer_realize(DeviceState *dev, Error **errp) { ETRAXTimerState *t = ETRAX_TIMER(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); t->bh_t0 = qemu_bh_new(timer0_hit, t); t->bh_t1 = qemu_bh_new(timer1_hit, t); @@ -XXX,XX +XXX,XX @@ static int etraxfs_timer_init(SysBusDevice *dev) t->ptimer_t1 = ptimer_init(t->bh_t1, PTIMER_POLICY_DEFAULT); t->ptimer_wd = ptimer_init(t->bh_wd, PTIMER_POLICY_DEFAULT); - sysbus_init_irq(dev, &t->irq); - sysbus_init_irq(dev, &t->nmi); + sysbus_init_irq(sbd, &t->irq); + sysbus_init_irq(sbd, &t->nmi); memory_region_init_io(&t->mmio, OBJECT(t), &timer_ops, t, "etraxfs-timer", 0x5c); - sysbus_init_mmio(dev, &t->mmio); + sysbus_init_mmio(sbd, &t->mmio); qemu_register_reset(etraxfs_timer_reset, t); - return 0; } static void etraxfs_timer_class_init(ObjectClass *klass, void *data) { - SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass); + DeviceClass *dc = DEVICE_CLASS(klass); - sdc->init = etraxfs_timer_init; + dc->realize = etraxfs_timer_realize; } static const TypeInfo etraxfs_timer_info = { -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in grlib_gptimer_class_init(). Cc: chouteau@adacore.com Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-18-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/timer/grlib_gptimer.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/hw/timer/grlib_gptimer.c b/hw/timer/grlib_gptimer.c index XXXXXXX..XXXXXXX 100644 --- a/hw/timer/grlib_gptimer.c +++ b/hw/timer/grlib_gptimer.c @@ -XXX,XX +XXX,XX @@ static void grlib_gptimer_reset(DeviceState *d) } } -static int grlib_gptimer_init(SysBusDevice *dev) +static void grlib_gptimer_realize(DeviceState *dev, Error **errp) { GPTimerUnit *unit = GRLIB_GPTIMER(dev); unsigned int i; + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); assert(unit->nr_timers > 0); assert(unit->nr_timers <= GPTIMER_MAX_TIMERS); @@ -XXX,XX +XXX,XX @@ static int grlib_gptimer_init(SysBusDevice *dev) timer->id = i; /* One IRQ line for each timer */ - sysbus_init_irq(dev, &timer->irq); + sysbus_init_irq(sbd, &timer->irq); ptimer_set_freq(timer->ptimer, unit->freq_hz); } @@ -XXX,XX +XXX,XX @@ static int grlib_gptimer_init(SysBusDevice *dev) unit, "gptimer", UNIT_REG_SIZE + GPTIMER_REG_SIZE * unit->nr_timers); - sysbus_init_mmio(dev, &unit->iomem); - return 0; + sysbus_init_mmio(sbd, &unit->iomem); } static Property grlib_gptimer_properties[] = { @@ -XXX,XX +XXX,XX @@ static Property grlib_gptimer_properties[] = { static void grlib_gptimer_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); - k->init = grlib_gptimer_init; + dc->realize = grlib_gptimer_realize; dc->reset = grlib_gptimer_reset; dc->props = grlib_gptimer_properties; } -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in puv3_ost_class_init(). Cc: gxt@mprc.pku.edu.cn Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181130093852.20739-19-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/timer/puv3_ost.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/hw/timer/puv3_ost.c b/hw/timer/puv3_ost.c index XXXXXXX..XXXXXXX 100644 --- a/hw/timer/puv3_ost.c +++ b/hw/timer/puv3_ost.c @@ -XXX,XX +XXX,XX @@ static void puv3_ost_tick(void *opaque) } } -static int puv3_ost_init(SysBusDevice *dev) +static void puv3_ost_realize(DeviceState *dev, Error **errp) { PUV3OSTState *s = PUV3_OST(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); s->reg_OIER = 0; s->reg_OSSR = 0; s->reg_OSMR0 = 0; s->reg_OSCR = 0; - sysbus_init_irq(dev, &s->irq); + sysbus_init_irq(sbd, &s->irq); s->bh = qemu_bh_new(puv3_ost_tick, s); s->ptimer = ptimer_init(s->bh, PTIMER_POLICY_DEFAULT); @@ -XXX,XX +XXX,XX @@ static int puv3_ost_init(SysBusDevice *dev) memory_region_init_io(&s->iomem, OBJECT(s), &puv3_ost_ops, s, "puv3_ost", PUV3_REGS_OFFSET); - sysbus_init_mmio(dev, &s->iomem); - - return 0; + sysbus_init_mmio(sbd, &s->iomem); } static void puv3_ost_class_init(ObjectClass *klass, void *data) { - SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass); + DeviceClass *dc = DEVICE_CLASS(klass); - sdc->init = puv3_ost_init; + dc->realize = puv3_ost_realize; } static const TypeInfo puv3_ost_info = { -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Use DeviceClass rather than SysBusDeviceClass in tusb6010_class_init(). Cc: kraxel@redhat.com Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Message-id: 20181130093852.20739-20-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/usb/tusb6010.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/hw/usb/tusb6010.c b/hw/usb/tusb6010.c index XXXXXXX..XXXXXXX 100644 --- a/hw/usb/tusb6010.c +++ b/hw/usb/tusb6010.c @@ -XXX,XX +XXX,XX @@ static void tusb6010_reset(DeviceState *dev) musb_reset(s->musb); } -static int tusb6010_init(SysBusDevice *sbd) +static void tusb6010_realize(DeviceState *dev, Error **errp) { - DeviceState *dev = DEVICE(sbd); TUSBState *s = TUSB(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); s->otg_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, tusb_otg_tick, s); s->pwr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, tusb_power_tick, s); @@ -XXX,XX +XXX,XX @@ static int tusb6010_init(SysBusDevice *sbd) sysbus_init_irq(sbd, &s->irq); qdev_init_gpio_in(dev, tusb6010_irq, musb_irq_max + 1); s->musb = musb_init(dev, 1); - return 0; } static void tusb6010_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); - k->init = tusb6010_init; + dc->realize = tusb6010_realize; dc->reset = tusb6010_reset; } -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> The init function doesn't do anything at all, so we just omit it. Cc: sstabellini@kernel.org Cc: anthony.perard@citrix.com Cc: xen-devel@lists.xenproject.org Cc: peter.maydell@linaro.org Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Acked-by: Anthony PERARD <anthony.perard@citrix.com> Message-id: 20181130093852.20739-21-maozhongyi@cmss.chinamobile.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/xen/xen_backend.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c index XXXXXXX..XXXXXXX 100644 --- a/hw/xen/xen_backend.c +++ b/hw/xen/xen_backend.c @@ -XXX,XX +XXX,XX @@ static const TypeInfo xensysbus_info = { } }; -static int xen_sysdev_init(SysBusDevice *dev) -{ - return 0; -} - static Property xen_sysdev_properties[] = { {/* end of property list */}, }; @@ -XXX,XX +XXX,XX @@ static Property xen_sysdev_properties[] = { static void xen_sysdev_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass); - k->init = xen_sysdev_init; dc->props = xen_sysdev_properties; dc->bus_type = TYPE_XENSYSBUS; } -- 2.19.2 From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Currently, all sysbus devices have been converted to realize(), so remove this path. Cc: ehabkost@redhat.com Cc: thuth@redhat.com Cc: pbonzini@redhat.com Cc: armbru@redhat.com Cc: peter.maydell@linaro.org Cc: richard.henderson@linaro.org Cc: alistair.francis@wdc.com Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> Message-id: 20181130093852.20739-22-maozhongyi@cmss.chinamobile.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/sysbus.h | 3 --- hw/core/sysbus.c | 15 +++++---------- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/include/hw/sysbus.h b/include/hw/sysbus.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/sysbus.h +++ b/include/hw/sysbus.h @@ -XXX,XX +XXX,XX @@ typedef struct SysBusDevice SysBusDevice; typedef struct SysBusDeviceClass { /*< private >*/ DeviceClass parent_class; - /*< public >*/ - - int (*init)(SysBusDevice *dev); /* * Let the sysbus device format its own non-PIO, non-MMIO unit address. diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c index XXXXXXX..XXXXXXX 100644 --- a/hw/core/sysbus.c +++ b/hw/core/sysbus.c @@ -XXX,XX +XXX,XX @@ void sysbus_init_ioports(SysBusDevice *dev, uint32_t ioport, uint32_t size) } } -/* TODO remove once all sysbus devices have been converted to realize */ +/* The purpose of preserving this empty realize function + * is to prevent the parent_realize field of some subclasses + * from being set to NULL to break the normal init/realize + * of some devices. + */ static void sysbus_realize(DeviceState *dev, Error **errp) { - SysBusDevice *sd = SYS_BUS_DEVICE(dev); - SysBusDeviceClass *sbc = SYS_BUS_DEVICE_GET_CLASS(sd); - - if (!sbc->init) { - return; - } - if (sbc->init(sd) < 0) { - error_setg(errp, "Device initialization failed"); - } } DeviceState *sysbus_create_varargs(const char *name, -- 2.19.2 From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com> Remove bogus virtio-mmio creation. This was an accidental left-over an experiment. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Luc Michel <luc.michel@greensocs.com> Message-id: 20181129163655.20370-2-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/xlnx-versal-virt.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/arm/xlnx-versal-virt.c b/hw/arm/xlnx-versal-virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/xlnx-versal-virt.c +++ b/hw/arm/xlnx-versal-virt.c @@ -XXX,XX +XXX,XX @@ static void create_virtio_regions(VersalVirt *s) sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, pic_irq); mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0); memory_region_add_subregion(&s->soc.mr_ps, base, mr); - sysbus_create_simple("virtio-mmio", base, pic_irq); } for (i = 0; i < NUM_VIRTIO_TRANSPORT; i++) { -- 2.19.2 From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com> Reduce number of virtio-mmio instances. This is in preparation for correcting the interrupt setup for Versal. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20181129163655.20370-3-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/xlnx-versal-virt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/arm/xlnx-versal-virt.c b/hw/arm/xlnx-versal-virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/xlnx-versal-virt.c +++ b/hw/arm/xlnx-versal-virt.c @@ -XXX,XX +XXX,XX @@ static void *versal_virt_get_dtb(const struct arm_boot_info *binfo, return board->fdt; } -#define NUM_VIRTIO_TRANSPORT 32 +#define NUM_VIRTIO_TRANSPORT 8 static void create_virtio_regions(VersalVirt *s) { int virtio_mmio_size = 0x200; -- 2.19.2 From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com> Use IRQs 111 - 118 for virtio-mmio. The interrupts we're currently using 160+ are not available in the Versal GIC. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20181129163655.20370-4-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/arm/xlnx-versal.h | 6 +++--- hw/arm/xlnx-versal-virt.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/xlnx-versal.h +++ b/include/hw/arm/xlnx-versal.h @@ -XXX,XX +XXX,XX @@ typedef struct Versal { #define VERSAL_GEM1_IRQ_0 58 #define VERSAL_GEM1_WAKE_IRQ_0 59 -/* Architecturally eserved IRQs suitable for virtualization. */ -#define VERSAL_RSVD_HIGH_IRQ_FIRST 160 -#define VERSAL_RSVD_HIGH_IRQ_LAST 255 +/* Architecturally reserved IRQs suitable for virtualization. */ +#define VERSAL_RSVD_IRQ_FIRST 111 +#define VERSAL_RSVD_IRQ_LAST 118 #define MM_TOP_RSVD 0xa0000000U #define MM_TOP_RSVD_SIZE 0x4000000 diff --git a/hw/arm/xlnx-versal-virt.c b/hw/arm/xlnx-versal-virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/xlnx-versal-virt.c +++ b/hw/arm/xlnx-versal-virt.c @@ -XXX,XX +XXX,XX @@ static void create_virtio_regions(VersalVirt *s) for (i = 0; i < NUM_VIRTIO_TRANSPORT; i++) { char *name = g_strdup_printf("virtio%d", i);; hwaddr base = MM_TOP_RSVD + i * virtio_mmio_size; - int irq = VERSAL_RSVD_HIGH_IRQ_FIRST + i; + int irq = VERSAL_RSVD_IRQ_FIRST + i; MemoryRegion *mr; DeviceState *dev; qemu_irq pic_irq; @@ -XXX,XX +XXX,XX @@ static void create_virtio_regions(VersalVirt *s) for (i = 0; i < NUM_VIRTIO_TRANSPORT; i++) { hwaddr base = MM_TOP_RSVD + i * virtio_mmio_size; - int irq = VERSAL_RSVD_HIGH_IRQ_FIRST + i; + int irq = VERSAL_RSVD_IRQ_FIRST + i; char *name = g_strdup_printf("/virtio_mmio@%" PRIx64, base); qemu_fdt_add_subnode(s->fdt, name); -- 2.19.2 From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com> Correct the nr of IRQs to 192. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20181129163655.20370-5-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/arm/xlnx-versal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/xlnx-versal.h +++ b/include/hw/arm/xlnx-versal.h @@ -XXX,XX +XXX,XX @@ #define XLNX_VERSAL_NR_ACPUS 2 #define XLNX_VERSAL_NR_UARTS 2 #define XLNX_VERSAL_NR_GEMS 2 -#define XLNX_VERSAL_NR_IRQS 256 +#define XLNX_VERSAL_NR_IRQS 192 typedef struct Versal { /*< private >*/ -- 2.19.2 At the same time, define the fields for these registers, and use those defines in arm_pamax(). Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181203203839.757-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: fixed up typo (s/achf/ahcf/) belatedly spotted by RTH] Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 26 ++++++++++++++++++++++++-- target/arm/internals.h | 3 ++- target/arm/cpu64.c | 6 +++--- target/arm/helper.c | 4 ++-- target/arm/kvm64.c | 4 ++++ 5 files changed, 35 insertions(+), 8 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ struct ARMCPU { uint64_t id_aa64isar1; uint64_t id_aa64pfr0; uint64_t id_aa64pfr1; + uint64_t id_aa64mmfr0; + uint64_t id_aa64mmfr1; } isar; uint32_t midr; uint32_t revidr; @@ -XXX,XX +XXX,XX @@ struct ARMCPU { uint64_t id_aa64dfr1; uint64_t id_aa64afr0; uint64_t id_aa64afr1; - uint64_t id_aa64mmfr0; - uint64_t id_aa64mmfr1; uint32_t dbgdidr; uint32_t clidr; uint64_t mp_affinity; /* MP ID without feature bits */ @@ -XXX,XX +XXX,XX @@ FIELD(ID_AA64PFR0, GIC, 24, 4) FIELD(ID_AA64PFR0, RAS, 28, 4) FIELD(ID_AA64PFR0, SVE, 32, 4) +FIELD(ID_AA64MMFR0, PARANGE, 0, 4) +FIELD(ID_AA64MMFR0, ASIDBITS, 4, 4) +FIELD(ID_AA64MMFR0, BIGEND, 8, 4) +FIELD(ID_AA64MMFR0, SNSMEM, 12, 4) +FIELD(ID_AA64MMFR0, BIGENDEL0, 16, 4) +FIELD(ID_AA64MMFR0, TGRAN16, 20, 4) +FIELD(ID_AA64MMFR0, TGRAN64, 24, 4) +FIELD(ID_AA64MMFR0, TGRAN4, 28, 4) +FIELD(ID_AA64MMFR0, TGRAN16_2, 32, 4) +FIELD(ID_AA64MMFR0, TGRAN64_2, 36, 4) +FIELD(ID_AA64MMFR0, TGRAN4_2, 40, 4) +FIELD(ID_AA64MMFR0, EXS, 44, 4) + +FIELD(ID_AA64MMFR1, HAFDBS, 0, 4) +FIELD(ID_AA64MMFR1, VMIDBITS, 4, 4) +FIELD(ID_AA64MMFR1, VH, 8, 4) +FIELD(ID_AA64MMFR1, HPDS, 12, 4) +FIELD(ID_AA64MMFR1, LO, 16, 4) +FIELD(ID_AA64MMFR1, PAN, 20, 4) +FIELD(ID_AA64MMFR1, SPECSEI, 24, 4) +FIELD(ID_AA64MMFR1, XNX, 28, 4) + QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK); /* If adding a feature bit which corresponds to a Linux ELF diff --git a/target/arm/internals.h b/target/arm/internals.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -XXX,XX +XXX,XX @@ static inline unsigned int arm_pamax(ARMCPU *cpu) [4] = 44, [5] = 48, }; - unsigned int parange = extract32(cpu->id_aa64mmfr0, 0, 4); + unsigned int parange = + FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE); /* id_aa64mmfr0 is a read-only register so values outside of the * supported mappings can be considered an implementation error. */ diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_a57_initfn(Object *obj) cpu->pmceid0 = 0x00000000; cpu->pmceid1 = 0x00000000; cpu->isar.id_aa64isar0 = 0x00011120; - cpu->id_aa64mmfr0 = 0x00001124; + cpu->isar.id_aa64mmfr0 = 0x00001124; cpu->dbgdidr = 0x3516d000; cpu->clidr = 0x0a200023; cpu->ccsidr[0] = 0x701fe00a; /* 32KB L1 dcache */ @@ -XXX,XX +XXX,XX @@ static void aarch64_a53_initfn(Object *obj) cpu->isar.id_aa64pfr0 = 0x00002222; cpu->id_aa64dfr0 = 0x10305106; cpu->isar.id_aa64isar0 = 0x00011120; - cpu->id_aa64mmfr0 = 0x00001122; /* 40 bit physical addr */ + cpu->isar.id_aa64mmfr0 = 0x00001122; /* 40 bit physical addr */ cpu->dbgdidr = 0x3516d000; cpu->clidr = 0x0a200023; cpu->ccsidr[0] = 0x700fe01a; /* 32KB L1 dcache */ @@ -XXX,XX +XXX,XX @@ static void aarch64_a72_initfn(Object *obj) cpu->pmceid0 = 0x00000000; cpu->pmceid1 = 0x00000000; cpu->isar.id_aa64isar0 = 0x00011120; - cpu->id_aa64mmfr0 = 0x00001124; + cpu->isar.id_aa64mmfr0 = 0x00001124; cpu->dbgdidr = 0x3516d000; cpu->clidr = 0x0a200023; cpu->ccsidr[0] = 0x701fe00a; /* 32KB L1 dcache */ diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu) { .name = "ID_AA64MMFR0_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0, .access = PL1_R, .type = ARM_CP_CONST, - .resetvalue = cpu->id_aa64mmfr0 }, + .resetvalue = cpu->isar.id_aa64mmfr0 }, { .name = "ID_AA64MMFR1_EL1", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 1, .access = PL1_R, .type = ARM_CP_CONST, - .resetvalue = cpu->id_aa64mmfr1 }, + .resetvalue = cpu->isar.id_aa64mmfr1 }, { .name = "ID_AA64MMFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64, .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 2, .access = PL1_R, .type = ARM_CP_CONST, diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) ARM64_SYS_REG(3, 0, 0, 6, 0)); err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64isar1, ARM64_SYS_REG(3, 0, 0, 6, 1)); + err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64mmfr0, + ARM64_SYS_REG(3, 0, 0, 7, 0)); + err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64mmfr1, + ARM64_SYS_REG(3, 0, 0, 7, 1)); /* * Note that if AArch32 support is not present in the host, -- 2.19.2 From: Richard Henderson <richard.henderson@linaro.org> Post v8.3 bits taken from SysReg_v85_xml-00bet8. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181203203839.757-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) #define HCR_TIDCP (1ULL << 20) #define HCR_TACR (1ULL << 21) #define HCR_TSW (1ULL << 22) -#define HCR_TPC (1ULL << 23) +#define HCR_TPCP (1ULL << 23) #define HCR_TPU (1ULL << 24) #define HCR_TTLB (1ULL << 25) #define HCR_TVM (1ULL << 26) @@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) #define HCR_CD (1ULL << 32) #define HCR_ID (1ULL << 33) #define HCR_E2H (1ULL << 34) +#define HCR_TLOR (1ULL << 35) +#define HCR_TERR (1ULL << 36) +#define HCR_TEA (1ULL << 37) +#define HCR_MIOCNCE (1ULL << 38) +#define HCR_APK (1ULL << 40) +#define HCR_API (1ULL << 41) +#define HCR_NV (1ULL << 42) +#define HCR_NV1 (1ULL << 43) +#define HCR_AT (1ULL << 44) +#define HCR_NV2 (1ULL << 45) +#define HCR_FWB (1ULL << 46) +#define HCR_FIEN (1ULL << 47) +#define HCR_TID4 (1ULL << 49) +#define HCR_TICAB (1ULL << 50) +#define HCR_TOCU (1ULL << 52) +#define HCR_TTLBIS (1ULL << 54) +#define HCR_TTLBOS (1ULL << 55) +#define HCR_ATA (1ULL << 56) +#define HCR_DCT (1ULL << 57) + /* * When we actually implement ARMv8.1-VHE we should add HCR_E2H to * HCR_MASK and then clear it again if the feature bit is not set in -- 2.19.2 From: Richard Henderson <richard.henderson@linaro.org> Post v8.4 bits taken from SysReg_v85_xml-00bet8. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181203203839.757-4-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) #define SCR_ST (1U << 11) #define SCR_TWI (1U << 12) #define SCR_TWE (1U << 13) +#define SCR_TLOR (1U << 14) +#define SCR_TERR (1U << 15) +#define SCR_APK (1U << 16) +#define SCR_API (1U << 17) +#define SCR_EEL2 (1U << 18) +#define SCR_EASE (1U << 19) +#define SCR_NMEA (1U << 20) +#define SCR_FIEN (1U << 21) +#define SCR_ENSCXT (1U << 25) +#define SCR_ATA (1U << 26) #define SCR_AARCH32_MASK (0x3fff & ~(SCR_RW | SCR_ST)) #define SCR_AARCH64_MASK (0x3fff & ~SCR_NET) -- 2.19.2 From: Richard Henderson <richard.henderson@linaro.org> The enable for TGE has already occurred within arm_hcr_el2_amo and friends. Moreover, when E2H is also set, the sense is supposed to be reversed, which has also already occurred within the helpers. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181203203839.757-5-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/helper.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx, break; }; - /* If HCR.TGE is set then HCR is treated as being 1 */ - hcr |= ((env->cp15.hcr_el2 & HCR_TGE) == HCR_TGE); - /* Perform a table-lookup for the target EL given the current state */ target_el = target_el_table[is64][scr][rw][hcr][secure][cur_el]; -- 2.19.2 From: Richard Henderson <richard.henderson@linaro.org> Because EL3 has a fixed execution mode, we can properly decide which of the bits are RES{0,1}. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181203203839.757-8-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 2 -- target/arm/helper.c | 14 +++++++++----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) #define SCR_FIEN (1U << 21) #define SCR_ENSCXT (1U << 25) #define SCR_ATA (1U << 26) -#define SCR_AARCH32_MASK (0x3fff & ~(SCR_RW | SCR_ST)) -#define SCR_AARCH64_MASK (0x3fff & ~SCR_NET) /* Return the current FPSCR value. */ uint32_t vfp_get_fpscr(CPUARMState *env); diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void vbar_write(CPUARMState *env, const ARMCPRegInfo *ri, static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { - /* We only mask off bits that are RES0 both for AArch64 and AArch32. - * For bits that vary between AArch32/64, code needs to check the - * current execution mode before directly using the feature bit. - */ - uint32_t valid_mask = SCR_AARCH64_MASK | SCR_AARCH32_MASK; + /* Begin with base v8.0 state. */ + uint32_t valid_mask = 0x3fff; + + if (arm_el_is_aa64(env, 3)) { + value |= SCR_FW | SCR_AW; /* these two bits are RES1. */ + valid_mask &= ~SCR_NET; + } else { + valid_mask &= ~(SCR_RW | SCR_ST); + } if (!arm_feature(env, ARM_FEATURE_EL2)) { valid_mask &= ~SCR_HCE; -- 2.19.2 From: Richard Henderson <richard.henderson@linaro.org> Since the TCR_*.HPD bits were RES0 in ARMv8.0, we can simply interpret the bits as if ARMv8.1-HPD is present without checking. We will need a slightly different check for hpd for aarch32. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181203203839.757-10-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu64.c | 4 ++++ target/arm/helper.c | 27 ++++++++++++++++++++------- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) t = FIELD_DP64(t, ID_AA64PFR0, ADVSIMD, 1); cpu->isar.id_aa64pfr0 = t; + t = cpu->isar.id_aa64mmfr1; + t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* HPD */ + cpu->isar.id_aa64mmfr1 = t; + /* Replicate the same data to the 32-bit id registers. */ u = cpu->isar.id_isar5; u = FIELD_DP32(u, ID_ISAR5, AES, 2); /* AES + PMULL */ diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, bool ttbr1_valid = true; uint64_t descaddrmask; bool aarch64 = arm_el_is_aa64(env, el); + bool hpd = false; /* TODO: * This code does not handle the different format TCR for VTCR_EL2. @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, if (tg == 2) { /* 16KB pages */ stride = 11; } + if (aarch64) { + if (el > 1) { + hpd = extract64(tcr->raw_tcr, 24, 1); + } else { + hpd = extract64(tcr->raw_tcr, 41, 1); + } + } } else { /* We should only be here if TTBR1 is valid */ assert(ttbr1_valid); @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, if (tg == 1) { /* 16KB pages */ stride = 11; } + if (aarch64) { + hpd = extract64(tcr->raw_tcr, 42, 1); + } } /* Here we should have set up all the parameters for the translation: @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, descaddr = descriptor & descaddrmask; if ((descriptor & 2) && (level < 3)) { - /* Table entry. The top five bits are attributes which may + /* Table entry. The top five bits are attributes which may * propagate down through lower levels of the table (and * which are all arranged so that 0 means "no effect", so * we can gather them up by ORing in the bits at each level). @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, break; } /* Merge in attributes from table descriptors */ - attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */ - attrs |= extract32(tableattrs, 3, 1) << 5; /* APTable[1] => AP[2] */ + attrs |= nstable << 3; /* NS */ + if (hpd) { + /* HPD disables all the table attributes except NSTable. */ + break; + } + attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */ /* The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1 * means "force PL1 access only", which means forcing AP[1] to 0. */ - if (extract32(tableattrs, 2, 1)) { - attrs &= ~(1 << 4); - } - attrs |= nstable << 3; /* NS */ + attrs &= ~(extract32(tableattrs, 2, 1) << 4); /* !APT[0] => AP[1] */ + attrs |= extract32(tableattrs, 3, 1) << 5; /* APT[1] => AP[2] */ break; } /* Here descaddr is the final physical address, and attributes -- 2.19.2 From: Richard Henderson <richard.henderson@linaro.org> The bulk of the work here, beyond base HPD, is defining the TTBCR2 register. In addition we must check TTBCR.T2E, which is not present (RES0) for AArch64. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181203203839.757-11-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 9 +++++++++ target/arm/cpu.c | 4 ++++ target/arm/helper.c | 37 +++++++++++++++++++++++++++++-------- 3 files changed, 42 insertions(+), 8 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ FIELD(ID_ISAR6, FHM, 8, 4) FIELD(ID_ISAR6, SB, 12, 4) FIELD(ID_ISAR6, SPECRES, 16, 4) +FIELD(ID_MMFR4, SPECSEI, 0, 4) +FIELD(ID_MMFR4, AC2, 4, 4) +FIELD(ID_MMFR4, XNX, 8, 4) +FIELD(ID_MMFR4, CNP, 12, 4) +FIELD(ID_MMFR4, HPDS, 16, 4) +FIELD(ID_MMFR4, LSM, 20, 4) +FIELD(ID_MMFR4, CCIDX, 24, 4) +FIELD(ID_MMFR4, EVT, 28, 4) + FIELD(ID_AA64ISAR0, AES, 4, 4) FIELD(ID_AA64ISAR0, SHA1, 8, 4) FIELD(ID_AA64ISAR0, SHA2, 12, 4) diff --git a/target/arm/cpu.c b/target/arm/cpu.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -XXX,XX +XXX,XX @@ static void arm_max_initfn(Object *obj) t = cpu->isar.id_isar6; t = FIELD_DP32(t, ID_ISAR6, DP, 1); cpu->isar.id_isar6 = t; + + t = cpu->id_mmfr4; + t = FIELD_DP32(t, ID_MMFR4, HPDS, 1); /* AA32HPD */ + cpu->id_mmfr4 = t; } #endif } diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { ARMCPU *cpu = arm_env_get_cpu(env); + TCR *tcr = raw_ptr(env, ri); if (arm_feature(env, ARM_FEATURE_LPAE)) { /* With LPAE the TTBCR could result in a change of ASID @@ -XXX,XX +XXX,XX @@ static void vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri, */ tlb_flush(CPU(cpu)); } + /* Preserve the high half of TCR_EL1, set via TTBCR2. */ + value = deposit64(tcr->raw_tcr, 0, 32, value); vmsa_ttbcr_raw_write(env, ri, value); } @@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = { REGINFO_SENTINEL }; +/* Note that unlike TTBCR, writing to TTBCR2 does not require flushing + * qemu tlbs nor adjusting cached masks. + */ +static const ARMCPRegInfo ttbcr2_reginfo = { + .name = "TTBCR2", .cp = 15, .opc1 = 0, .crn = 2, .crm = 0, .opc2 = 3, + .access = PL1_RW, .type = ARM_CP_ALIAS, + .bank_fieldoffsets = { offsetofhigh32(CPUARMState, cp15.tcr_el[3]), + offsetofhigh32(CPUARMState, cp15.tcr_el[1]) }, +}; + static void omap_ticonfig_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { @@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu) } else { define_arm_cp_regs(cpu, vmsa_pmsa_cp_reginfo); define_arm_cp_regs(cpu, vmsa_cp_reginfo); + /* TTCBR2 is introduced with ARMv8.2-A32HPD. */ + if (FIELD_EX32(cpu->id_mmfr4, ID_MMFR4, HPDS) != 0) { + define_one_arm_cp_reg(cpu, &ttbcr2_reginfo); + } } if (arm_feature(env, ARM_FEATURE_THUMB2EE)) { define_arm_cp_regs(cpu, t2ee_cp_reginfo); @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, if (tg == 2) { /* 16KB pages */ stride = 11; } - if (aarch64) { - if (el > 1) { - hpd = extract64(tcr->raw_tcr, 24, 1); - } else { - hpd = extract64(tcr->raw_tcr, 41, 1); - } + if (aarch64 && el > 1) { + hpd = extract64(tcr->raw_tcr, 24, 1); + } else { + hpd = extract64(tcr->raw_tcr, 41, 1); + } + if (!aarch64) { + /* For aarch32, hpd0 is not enabled without t2e as well. */ + hpd &= extract64(tcr->raw_tcr, 6, 1); } } else { /* We should only be here if TTBR1 is valid */ @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address, if (tg == 1) { /* 16KB pages */ stride = 11; } - if (aarch64) { - hpd = extract64(tcr->raw_tcr, 42, 1); + hpd = extract64(tcr->raw_tcr, 42, 1); + if (!aarch64) { + /* For aarch32, hpd1 is not enabled without t2e as well. */ + hpd &= extract64(tcr->raw_tcr, 6, 1); } } -- 2.19.2 From: Richard Henderson <richard.henderson@linaro.org> Replace arm_hcr_el2_{fmo,imo,amo} with a more general routine that also takes SCR_EL3.NS (aka arm_is_secure_below_el3) into account, as documented for the plethora of bits in HCR_EL2. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181210150501.7990-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 67 +++++++++------------------------------ hw/intc/arm_gicv3_cpuif.c | 21 ++++++------ target/arm/helper.c | 66 ++++++++++++++++++++++++++++++++------ 3 files changed, 83 insertions(+), 71 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline bool arm_is_secure(CPUARMState *env) } #endif +/** + * arm_hcr_el2_eff(): Return the effective value of HCR_EL2. + * E.g. when in secure state, fields in HCR_EL2 are suppressed, + * "for all purposes other than a direct read or write access of HCR_EL2." + * Not included here is HCR_RW. + */ +uint64_t arm_hcr_el2_eff(CPUARMState *env); + /* Return true if the specified exception level is running in AArch64 state. */ static inline bool arm_el_is_aa64(CPUARMState *env, int el) { @@ -XXX,XX +XXX,XX @@ bool write_cpustate_to_list(ARMCPU *cpu); # define TARGET_VIRT_ADDR_SPACE_BITS 32 #endif -/** - * arm_hcr_el2_imo(): Return the effective value of HCR_EL2.IMO. - * Depending on the values of HCR_EL2.E2H and TGE, this may be - * "behaves as 1 for all purposes other than direct read/write" or - * "behaves as 0 for all purposes other than direct read/write" - */ -static inline bool arm_hcr_el2_imo(CPUARMState *env) -{ - switch (env->cp15.hcr_el2 & (HCR_TGE | HCR_E2H)) { - case HCR_TGE: - return true; - case HCR_TGE | HCR_E2H: - return false; - default: - return env->cp15.hcr_el2 & HCR_IMO; - } -} - -/** - * arm_hcr_el2_fmo(): Return the effective value of HCR_EL2.FMO. - */ -static inline bool arm_hcr_el2_fmo(CPUARMState *env) -{ - switch (env->cp15.hcr_el2 & (HCR_TGE | HCR_E2H)) { - case HCR_TGE: - return true; - case HCR_TGE | HCR_E2H: - return false; - default: - return env->cp15.hcr_el2 & HCR_FMO; - } -} - -/** - * arm_hcr_el2_amo(): Return the effective value of HCR_EL2.AMO. - */ -static inline bool arm_hcr_el2_amo(CPUARMState *env) -{ - switch (env->cp15.hcr_el2 & (HCR_TGE | HCR_E2H)) { - case HCR_TGE: - return true; - case HCR_TGE | HCR_E2H: - return false; - default: - return env->cp15.hcr_el2 & HCR_AMO; - } -} - static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx, unsigned int target_el) { @@ -XXX,XX +XXX,XX @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx, bool secure = arm_is_secure(env); bool pstate_unmasked; int8_t unmasked = 0; + uint64_t hcr_el2; /* Don't take exceptions if they target a lower EL. * This check should catch any exceptions that would not be taken but left @@ -XXX,XX +XXX,XX @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx, return false; } + hcr_el2 = arm_hcr_el2_eff(env); + switch (excp_idx) { case EXCP_FIQ: pstate_unmasked = !(env->daif & PSTATE_F); @@ -XXX,XX +XXX,XX @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx, break; case EXCP_VFIQ: - if (secure || !arm_hcr_el2_fmo(env) || (env->cp15.hcr_el2 & HCR_TGE)) { + if (secure || !(hcr_el2 & HCR_FMO) || (hcr_el2 & HCR_TGE)) { /* VFIQs are only taken when hypervized and non-secure. */ return false; } return !(env->daif & PSTATE_F); case EXCP_VIRQ: - if (secure || !arm_hcr_el2_imo(env) || (env->cp15.hcr_el2 & HCR_TGE)) { + if (secure || !(hcr_el2 & HCR_IMO) || (hcr_el2 & HCR_TGE)) { /* VIRQs are only taken when hypervized and non-secure. */ return false; } @@ -XXX,XX +XXX,XX @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx, * to the CPSR.F setting otherwise we further assess the state * below. */ - hcr = arm_hcr_el2_fmo(env); + hcr = hcr_el2 & HCR_FMO; scr = (env->cp15.scr_el3 & SCR_FIQ); /* When EL3 is 32-bit, the SCR.FW bit controls whether the @@ -XXX,XX +XXX,XX @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx, * when setting the target EL, so it does not have a further * affect here. */ - hcr = arm_hcr_el2_imo(env); + hcr = hcr_el2 & HCR_IMO; scr = false; break; default: diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/arm_gicv3_cpuif.c +++ b/hw/intc/arm_gicv3_cpuif.c @@ -XXX,XX +XXX,XX @@ static bool icv_access(CPUARMState *env, int hcr_flags) * * access if NS EL1 and either IMO or FMO == 1: * CTLR, DIR, PMR, RPR */ - bool flagmatch = ((hcr_flags & HCR_IMO) && arm_hcr_el2_imo(env)) || - ((hcr_flags & HCR_FMO) && arm_hcr_el2_fmo(env)); + uint64_t hcr_el2 = arm_hcr_el2_eff(env); + bool flagmatch = hcr_el2 & hcr_flags & (HCR_IMO | HCR_FMO); return flagmatch && arm_current_el(env) == 1 && !arm_is_secure_below_el3(env); @@ -XXX,XX +XXX,XX @@ static void icc_dir_write(CPUARMState *env, const ARMCPRegInfo *ri, /* No need to include !IsSecure in route_*_to_el2 as it's only * tested in cases where we know !IsSecure is true. */ - route_fiq_to_el2 = arm_hcr_el2_fmo(env); - route_irq_to_el2 = arm_hcr_el2_imo(env); + uint64_t hcr_el2 = arm_hcr_el2_eff(env); + route_fiq_to_el2 = hcr_el2 & HCR_FMO; + route_irq_to_el2 = hcr_el2 & HCR_IMO; switch (arm_current_el(env)) { case 3: @@ -XXX,XX +XXX,XX @@ static CPAccessResult gicv3_irqfiq_access(CPUARMState *env, if ((env->cp15.scr_el3 & (SCR_FIQ | SCR_IRQ)) == (SCR_FIQ | SCR_IRQ)) { switch (el) { case 1: - if (arm_is_secure_below_el3(env) || - (arm_hcr_el2_imo(env) == 0 && arm_hcr_el2_fmo(env) == 0)) { + /* Note that arm_hcr_el2_eff takes secure state into account. */ + if ((arm_hcr_el2_eff(env) & (HCR_IMO | HCR_FMO)) == 0) { r = CP_ACCESS_TRAP_EL3; } break; @@ -XXX,XX +XXX,XX @@ static CPAccessResult gicv3_dir_access(CPUARMState *env, static CPAccessResult gicv3_sgi_access(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { - if ((arm_hcr_el2_imo(env) || arm_hcr_el2_fmo(env)) && - arm_current_el(env) == 1 && !arm_is_secure_below_el3(env)) { + if (arm_current_el(env) == 1 && + (arm_hcr_el2_eff(env) & (HCR_IMO | HCR_FMO)) != 0) { /* Takes priority over a possible EL3 trap */ return CP_ACCESS_TRAP_EL2; } @@ -XXX,XX +XXX,XX @@ static CPAccessResult gicv3_fiq_access(CPUARMState *env, if (env->cp15.scr_el3 & SCR_FIQ) { switch (el) { case 1: - if (arm_is_secure_below_el3(env) || !arm_hcr_el2_fmo(env)) { + if ((arm_hcr_el2_eff(env) & HCR_FMO) == 0) { r = CP_ACCESS_TRAP_EL3; } break; @@ -XXX,XX +XXX,XX @@ static CPAccessResult gicv3_irq_access(CPUARMState *env, if (env->cp15.scr_el3 & SCR_IRQ) { switch (el) { case 1: - if (arm_is_secure_below_el3(env) || !arm_hcr_el2_imo(env)) { + if ((arm_hcr_el2_eff(env) & HCR_IMO) == 0) { r = CP_ACCESS_TRAP_EL3; } break; diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void csselr_write(CPUARMState *env, const ARMCPRegInfo *ri, static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri) { CPUState *cs = ENV_GET_CPU(env); + uint64_t hcr_el2 = arm_hcr_el2_eff(env); uint64_t ret = 0; - if (arm_hcr_el2_imo(env)) { + if (hcr_el2 & HCR_IMO) { if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) { ret |= CPSR_I; } @@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri) } } - if (arm_hcr_el2_fmo(env)) { + if (hcr_el2 & HCR_FMO) { if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) { ret |= CPSR_F; } @@ -XXX,XX +XXX,XX @@ static void hcr_writelow(CPUARMState *env, const ARMCPRegInfo *ri, hcr_write(env, NULL, value); } +/* + * Return the effective value of HCR_EL2. + * Bits that are not included here: + * RW (read from SCR_EL3.RW as needed) + */ +uint64_t arm_hcr_el2_eff(CPUARMState *env) +{ + uint64_t ret = env->cp15.hcr_el2; + + if (arm_is_secure_below_el3(env)) { + /* + * "This register has no effect if EL2 is not enabled in the + * current Security state". This is ARMv8.4-SecEL2 speak for + * !(SCR_EL3.NS==1 || SCR_EL3.EEL2==1). + * + * Prior to that, the language was "In an implementation that + * includes EL3, when the value of SCR_EL3.NS is 0 the PE behaves + * as if this field is 0 for all purposes other than a direct + * read or write access of HCR_EL2". With lots of enumeration + * on a per-field basis. In current QEMU, this is condition + * is arm_is_secure_below_el3. + * + * Since the v8.4 language applies to the entire register, and + * appears to be backward compatible, use that. + */ + ret = 0; + } else if (ret & HCR_TGE) { + /* These bits are up-to-date as of ARMv8.4. */ + if (ret & HCR_E2H) { + ret &= ~(HCR_VM | HCR_FMO | HCR_IMO | HCR_AMO | + HCR_BSU_MASK | HCR_DC | HCR_TWI | HCR_TWE | + HCR_TID0 | HCR_TID2 | HCR_TPCP | HCR_TPU | + HCR_TDZ | HCR_CD | HCR_ID | HCR_MIOCNCE); + } else { + ret |= HCR_FMO | HCR_IMO | HCR_AMO; + } + ret &= ~(HCR_SWIO | HCR_PTW | HCR_VF | HCR_VI | HCR_VSE | + HCR_FB | HCR_TID1 | HCR_TID3 | HCR_TSC | HCR_TACR | + HCR_TSW | HCR_TTLB | HCR_TVM | HCR_HCD | HCR_TRVM | + HCR_TLOR); + } + + return ret; +} + static const ARMCPRegInfo el2_cp_reginfo[] = { { .name = "HCR_EL2", .state = ARM_CP_STATE_AA64, .type = ARM_CP_IO, @@ -XXX,XX +XXX,XX @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx, uint32_t cur_el, bool secure) { CPUARMState *env = cs->env_ptr; - int rw; - int scr; - int hcr; + bool rw; + bool scr; + bool hcr; int target_el; /* Is the highest EL AArch64? */ - int is64 = arm_feature(env, ARM_FEATURE_AARCH64); + bool is64 = arm_feature(env, ARM_FEATURE_AARCH64); + uint64_t hcr_el2; if (arm_feature(env, ARM_FEATURE_EL3)) { rw = ((env->cp15.scr_el3 & SCR_RW) == SCR_RW); @@ -XXX,XX +XXX,XX @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx, rw = is64; } + hcr_el2 = arm_hcr_el2_eff(env); switch (excp_idx) { case EXCP_IRQ: scr = ((env->cp15.scr_el3 & SCR_IRQ) == SCR_IRQ); - hcr = arm_hcr_el2_imo(env); + hcr = hcr_el2 & HCR_IMO; break; case EXCP_FIQ: scr = ((env->cp15.scr_el3 & SCR_FIQ) == SCR_FIQ); - hcr = arm_hcr_el2_fmo(env); + hcr = hcr_el2 & HCR_FMO; break; default: scr = ((env->cp15.scr_el3 & SCR_EA) == SCR_EA); - hcr = arm_hcr_el2_amo(env); + hcr = hcr_el2 & HCR_AMO; break; }; -- 2.19.2 From: Richard Henderson <richard.henderson@linaro.org> Since arm_hcr_el2_eff includes a check against arm_is_secure_below_el3, we can often remove a nearby check against secure state. In some cases, sort the call to arm_hcr_el2_eff to the end of a short-circuit logical sequence. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181210150501.7990-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/helper.c | 12 +++++------- target/arm/op_helper.c | 14 ++++++-------- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri, int el = arm_current_el(env); bool mdcr_el2_tdosa = (env->cp15.mdcr_el2 & MDCR_TDOSA) || (env->cp15.mdcr_el2 & MDCR_TDE) || - (env->cp15.hcr_el2 & HCR_TGE); + (arm_hcr_el2_eff(env) & HCR_TGE); if (el < 2 && mdcr_el2_tdosa && !arm_is_secure_below_el3(env)) { return CP_ACCESS_TRAP_EL2; @@ -XXX,XX +XXX,XX @@ static CPAccessResult access_tdra(CPUARMState *env, const ARMCPRegInfo *ri, int el = arm_current_el(env); bool mdcr_el2_tdra = (env->cp15.mdcr_el2 & MDCR_TDRA) || (env->cp15.mdcr_el2 & MDCR_TDE) || - (env->cp15.hcr_el2 & HCR_TGE); + (arm_hcr_el2_eff(env) & HCR_TGE); if (el < 2 && mdcr_el2_tdra && !arm_is_secure_below_el3(env)) { return CP_ACCESS_TRAP_EL2; @@ -XXX,XX +XXX,XX @@ static CPAccessResult access_tda(CPUARMState *env, const ARMCPRegInfo *ri, int el = arm_current_el(env); bool mdcr_el2_tda = (env->cp15.mdcr_el2 & MDCR_TDA) || (env->cp15.mdcr_el2 & MDCR_TDE) || - (env->cp15.hcr_el2 & HCR_TGE); + (arm_hcr_el2_eff(env) & HCR_TGE); if (el < 2 && mdcr_el2_tda && !arm_is_secure_below_el3(env)) { return CP_ACCESS_TRAP_EL2; @@ -XXX,XX +XXX,XX @@ int sve_exception_el(CPUARMState *env, int el) if (disabled) { /* route_to_el2 */ return (arm_feature(env, ARM_FEATURE_EL2) - && !arm_is_secure(env) - && (env->cp15.hcr_el2 & HCR_TGE) ? 2 : 1); + && (arm_hcr_el2_eff(env) & HCR_TGE) ? 2 : 1); } /* Check CPACR.FPEN. */ @@ -XXX,XX +XXX,XX @@ static int bad_mode_switch(CPUARMState *env, int mode, CPSRWriteType write_type) * and CPS are treated as illegal mode changes. */ if (write_type == CPSRWriteByInstr && - (env->cp15.hcr_el2 & HCR_TGE) && (env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_MON && - !arm_is_secure_below_el3(env)) { + (arm_hcr_el2_eff(env) & HCR_TGE)) { return 1; } return 0; diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -XXX,XX +XXX,XX @@ void raise_exception(CPUARMState *env, uint32_t excp, { CPUState *cs = CPU(arm_env_get_cpu(env)); - if ((env->cp15.hcr_el2 & HCR_TGE) && - target_el == 1 && !arm_is_secure(env)) { + if (target_el == 1 && (arm_hcr_el2_eff(env) & HCR_TGE)) { /* * Redirect NS EL1 exceptions to NS EL2. These are reported with * their original syndrome register value, with the exception of @@ -XXX,XX +XXX,XX @@ static inline int check_wfx_trap(CPUARMState *env, bool is_wfe) * No need for ARM_FEATURE check as if HCR_EL2 doesn't exist the * bits will be zero indicating no trap. */ - if (cur_el < 2 && !arm_is_secure(env)) { - mask = (is_wfe) ? HCR_TWE : HCR_TWI; - if (env->cp15.hcr_el2 & mask) { + if (cur_el < 2) { + mask = is_wfe ? HCR_TWE : HCR_TWI; + if (arm_hcr_el2_eff(env) & mask) { return 2; } } @@ -XXX,XX +XXX,XX @@ void HELPER(pre_smc)(CPUARMState *env, uint32_t syndrome) exception_target_el(env)); } - if (!secure && cur_el == 1 && (env->cp15.hcr_el2 & HCR_TSC)) { + if (cur_el == 1 && (arm_hcr_el2_eff(env) & HCR_TSC)) { /* In NS EL1, HCR controlled routing to EL2 has priority over SMD. * We also want an EL2 guest to be able to forbid its EL1 from * making PSCI calls into QEMU's "firmware" via HCR.TSC. @@ -XXX,XX +XXX,XX @@ void HELPER(exception_return)(CPUARMState *env) goto illegal_return; } - if (new_el == 1 && (env->cp15.hcr_el2 & HCR_TGE) - && !arm_is_secure_below_el3(env)) { + if (new_el == 1 && (arm_hcr_el2_eff(env) & HCR_TGE)) { goto illegal_return; } -- 2.19.2 From: Richard Henderson <richard.henderson@linaro.org> Provide a trivial implementation with zero limited ordering regions, which causes the LDLAR and STLLR instructions to devolve into the LDAR and STLR instructions from the base ARMv8.0 instruction set. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20181210150501.7990-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 5 +++ target/arm/cpu64.c | 1 + target/arm/helper.c | 75 ++++++++++++++++++++++++++++++++++++++ target/arm/translate-a64.c | 12 ++++++ 4 files changed, 93 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_sve(const ARMISARegisters *id) return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, SVE) != 0; } +static inline bool isar_feature_aa64_lor(const ARMISARegisters *id) +{ + return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, LO) != 0; +} + /* * Forward to the above feature tests given an ARMCPU pointer. */ diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) t = cpu->isar.id_aa64mmfr1; t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* HPD */ + t = FIELD_DP64(t, ID_AA64MMFR1, LO, 1); cpu->isar.id_aa64mmfr1 = t; /* Replicate the same data to the 32-bit id registers. */ diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { /* Begin with base v8.0 state. */ uint32_t valid_mask = 0x3fff; + ARMCPU *cpu = arm_env_get_cpu(env); if (arm_el_is_aa64(env, 3)) { value |= SCR_FW | SCR_AW; /* these two bits are RES1. */ @@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) valid_mask &= ~SCR_SMD; } } + if (cpu_isar_feature(aa64_lor, cpu)) { + valid_mask |= SCR_TLOR; + } /* Clear all-context RES0 bits. */ value &= valid_mask; @@ -XXX,XX +XXX,XX @@ static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) */ valid_mask &= ~HCR_TSC; } + if (cpu_isar_feature(aa64_lor, cpu)) { + valid_mask |= HCR_TLOR; + } /* Clear RES0 bits. */ value &= valid_mask; @@ -XXX,XX +XXX,XX @@ static uint64_t id_aa64pfr0_read(CPUARMState *env, const ARMCPRegInfo *ri) return pfr0; } +/* Shared logic between LORID and the rest of the LOR* registers. + * Secure state has already been delt with. + */ +static CPAccessResult access_lor_ns(CPUARMState *env) +{ + int el = arm_current_el(env); + + if (el < 2 && (arm_hcr_el2_eff(env) & HCR_TLOR)) { + return CP_ACCESS_TRAP_EL2; + } + if (el < 3 && (env->cp15.scr_el3 & SCR_TLOR)) { + return CP_ACCESS_TRAP_EL3; + } + return CP_ACCESS_OK; +} + +static CPAccessResult access_lorid(CPUARMState *env, const ARMCPRegInfo *ri, + bool isread) +{ + if (arm_is_secure_below_el3(env)) { + /* Access ok in secure mode. */ + return CP_ACCESS_OK; + } + return access_lor_ns(env); +} + +static CPAccessResult access_lor_other(CPUARMState *env, + const ARMCPRegInfo *ri, bool isread) +{ + if (arm_is_secure_below_el3(env)) { + /* Access denied in secure mode. */ + return CP_ACCESS_TRAP; + } + return access_lor_ns(env); +} + void register_cp_regs_for_features(ARMCPU *cpu) { /* Register all the coprocessor registers based on feature bits */ @@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu) define_one_arm_cp_reg(cpu, &sctlr); } + if (cpu_isar_feature(aa64_lor, cpu)) { + /* + * A trivial implementation of ARMv8.1-LOR leaves all of these + * registers fixed at 0, which indicates that there are zero + * supported Limited Ordering regions. + */ + static const ARMCPRegInfo lor_reginfo[] = { + { .name = "LORSA_EL1", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 0, + .access = PL1_RW, .accessfn = access_lor_other, + .type = ARM_CP_CONST, .resetvalue = 0 }, + { .name = "LOREA_EL1", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 1, + .access = PL1_RW, .accessfn = access_lor_other, + .type = ARM_CP_CONST, .resetvalue = 0 }, + { .name = "LORN_EL1", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 2, + .access = PL1_RW, .accessfn = access_lor_other, + .type = ARM_CP_CONST, .resetvalue = 0 }, + { .name = "LORC_EL1", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 3, + .access = PL1_RW, .accessfn = access_lor_other, + .type = ARM_CP_CONST, .resetvalue = 0 }, + { .name = "LORID_EL1", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 7, + .access = PL1_R, .accessfn = access_lorid, + .type = ARM_CP_CONST, .resetvalue = 0 }, + REGINFO_SENTINEL + }; + define_arm_cp_regs(cpu, lor_reginfo); + } + if (cpu_isar_feature(aa64_sve, cpu)) { define_one_arm_cp_reg(cpu, &zcr_el1_reginfo); if (arm_feature(env, ARM_FEATURE_EL2)) { diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn) } return; + case 0x8: /* STLLR */ + if (!dc_isar_feature(aa64_lor, s)) { + break; + } + /* StoreLORelease is the same as Store-Release for QEMU. */ + /* fall through */ case 0x9: /* STLR */ /* Generate ISS for non-exclusive accesses including LASR. */ if (rn == 31) { @@ -XXX,XX +XXX,XX @@ static void disas_ldst_excl(DisasContext *s, uint32_t insn) disas_ldst_compute_iss_sf(size, false, 0), is_lasr); return; + case 0xc: /* LDLAR */ + if (!dc_isar_feature(aa64_lor, s)) { + break; + } + /* LoadLOAcquire is the same as Load-Acquire for QEMU. */ + /* fall through */ case 0xd: /* LDAR */ /* Generate ISS for non-exclusive accesses including LASR. */ if (rn == 31) { -- 2.19.2