[Qemu-devel] [PULL 00/12] target-arm queue
[Qemu-devel] [PULL 00/17] target-arm queue
1
Arm patch queue for 2.12 -- a miscellaneous collection
1
v2: dropped a couple of cadence_gem changes to ID regs that
2
of bug fixes.
2
caused new clang sanitizer warnings.
3
3
4
thanks
5
-- PMM
4
-- PMM
6
5
6
The following changes since commit dddb37495b844270088e68e3bf30b764d48d863f:
7
7
8
The following changes since commit fb4fe32d5b6290deabe752b51cc1cc2a9e8573db:
8
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20181015.0' into staging (2018-10-15 18:44:04 +0100)
9
10
Merge remote-tracking branch 'remotes/xtensa/tags/20180409-xtensa' into staging (2018-04-10 10:22:45 +0100)
11
9
12
are available in the Git repository at:
10
are available in the Git repository at:
13
11
14
git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180410
12
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181016-1
15
13
16
for you to fetch changes up to bd49e6027cbc207c87633c7add3ebd7d3474cd35:
14
for you to fetch changes up to 2ef297af07196c29446556537861f8e7dfeeae7b:
17
15
18
fpu: Fix rounding mode for floatN_to_uintM_round_to_zero (2018-04-10 13:02:26 +0100)
16
coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls (2018-10-16 17:14:55 +0100)
19
17
20
----------------------------------------------------------------
18
----------------------------------------------------------------
21
target-arm queue:
19
target-arm queue:
22
* fpu: Fix rounding mode for floatN_to_uintM_round_to_zero
20
* hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
23
* tcg: Fix guest state corruption when running 64-bit Arm
21
* target/arm: Fix aarch64_sve_change_el wrt EL0
24
guests on a 32-bit host (especially when using icount)
22
* target/arm: Define fields of ISAR registers
25
* linux-user/signal.c: Ensure AArch64 signal frame isn't too small
23
* target/arm: Align cortex-r5 id_isar0
26
* cpus.c: ensure running CPU recalculates icount deadlines on timer expiry
24
* target/arm: Fix cortex-a7 id_isar0
27
* target/arm: Report unsupported MPU region sizes more clearly
25
* net/cadence_gem: Fix various bugs, add support for new
28
* hw/arm/fsl-imx: Fix introspection problem with fsl-imx6 and fsl-imx7
26
features that will be used by the Xilinx Versal board
29
* hw/arm/allwinner-a10: Do not use nd_table in instance_init function
27
* target-arm: powerctl: Enable HVC when starting CPUs to EL2
30
* hw/sd/bcm2835_sdhost: Don't raise spurious interrupts
28
* target/arm: Add the Cortex-A72
31
* hw/sd/bcm2835_sdhost: Add tracepoints
29
* target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
32
* target-arm: Check undefined opcodes for SWP in A32 decoder
30
* target/arm: Mask PMOVSR writes based on supported counters
33
* hw/arm/integratorcp: Don't do things that could be fatal in the instance_init
31
* target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
34
* hw/arm: Allow manually specified /psci node
32
* coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
35
33
36
----------------------------------------------------------------
34
----------------------------------------------------------------
37
Andrey Smirnov (1):
35
Aaron Lindsay (2):
38
hw/arm: Allow manually specified /psci node
36
target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
37
target/arm: Mask PMOVSR writes based on supported counters
39
38
40
Onur Sahin (1):
39
Edgar E. Iglesias (8):
41
target-arm: Check undefined opcodes for SWP in A32 decoder
40
net: cadence_gem: Disable TSU feature bit
41
net: cadence_gem: Use uint32_t for 32bit descriptor words
42
net: cadence_gem: Add macro with max number of descriptor words
43
net: cadence_gem: Add support for extended descriptors
44
net: cadence_gem: Add support for selecting the DMA MemoryRegion
45
net: cadence_gem: Implement support for 64bit descriptor addresses
46
target-arm: powerctl: Enable HVC when starting CPUs to EL2
47
target/arm: Add the Cortex-A72
42
48
43
Peter Maydell (5):
49
Jerome Forissier (1):
44
hw/sd/bcm2835_sdhost: Add tracepoints
50
hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
45
hw/sd/bcm2835_sdhost: Don't raise spurious interrupts
46
target/arm: Report unsupported MPU region sizes more clearly
47
cpus.c: ensure running CPU recalculates icount deadlines on timer expiry
48
linux-user/signal.c: Ensure AArch64 signal frame isn't too small
49
51
50
Richard Henderson (2):
52
Peter Maydell (2):
51
tcg: Introduce tcg_set_insn_start_param
53
target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
52
fpu: Fix rounding mode for floatN_to_uintM_round_to_zero
54
coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
53
55
54
Thomas Huth (3):
56
Richard Henderson (4):
55
hw/arm/integratorcp: Don't do things that could be fatal in the instance_init
57
target/arm: Fix aarch64_sve_change_el wrt EL0
56
hw/arm/allwinner-a10: Do not use nd_table in instance_init function
58
target/arm: Define fields of ISAR registers
57
hw/arm/fsl-imx: Fix introspection problem with fsl-imx6 and fsl-imx7
59
target/arm: Align cortex-r5 id_isar0
60
target/arm: Fix cortex-a7 id_isar0
58
61
59
target/arm/translate.h | 2 +-
62
include/hw/net/cadence_gem.h | 7 +-
60
tcg/tcg.h | 10 ++++++++++
63
target/arm/cpu.h | 95 ++++++++++++++-
61
cpus.c | 10 +++++++++-
64
hw/arm/virt.c | 4 +
62
fpu/softfloat.c | 4 ++--
65
hw/net/cadence_gem.c | 185 ++++++++++++++++++++---------
63
hw/arm/allwinner-a10.c | 12 +++++------
66
target/arm/arm-powerctl.c | 10 ++
64
hw/arm/boot.c | 10 ++++++++++
67
target/arm/cpu.c | 7 +-
65
hw/arm/fsl-imx6.c | 14 ++++++-------
68
target/arm/cpu64.c | 66 +++++++++-
66
hw/arm/fsl-imx7.c | 13 ++++++------
69
target/arm/helper.c | 27 +++--
67
hw/arm/integratorcp.c | 23 +++++++++++++--------
70
target/arm/op_helper.c | 6 +-
68
hw/sd/bcm2835_sdhost.c | 54 ++++++++++++++++++++++++++++++++------------------
71
scripts/coccinelle/inplace-byteswaps.cocci | 65 ++++++++++
69
linux-user/signal.c | 6 ++++++
72
10 files changed, 402 insertions(+), 70 deletions(-)
70
target/arm/helper.c | 6 +++---
73
create mode 100644 scripts/coccinelle/inplace-byteswaps.cocci
71
target/arm/translate.c | 9 +++++++--
72
hw/sd/trace-events | 6 ++++++
73
14 files changed, 124 insertions(+), 55 deletions(-)
74
74
diff view generated by jsdifflib
[Qemu-devel] [PULL 01/12] hw/arm: Allow manually specified /psci node
Deleted patch
1
From: Andrey Smirnov <andrew.smirnov@gmail.com>
2
1
3
Change the code to avoid exiting QEMU if user provided DTB contains
4
manually specified /psci node and skip any /psci related fixups
5
instead.
6
7
Fixes: 4cbca7d9b4 ("hw/arm: Move virt's PSCI DT fixup code to
8
arm/boot.c")
9
10
Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
11
Reported-by: Marc Zyngier <marc.zyngier@arm.com>
12
Tested-by: Marc Zyngier <marc.zyngier@arm.com>
13
Message-id: 20180402205654.14572-1-andrew.smirnov@gmail.com
14
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
---
17
hw/arm/boot.c | 10 ++++++++++
18
1 file changed, 10 insertions(+)
19
20
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
21
index XXXXXXX..XXXXXXX 100644
22
--- a/hw/arm/boot.c
23
+++ b/hw/arm/boot.c
24
@@ -XXX,XX +XXX,XX @@ static void fdt_add_psci_node(void *fdt)
25
ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(0));
26
const char *psci_method;
27
int64_t psci_conduit;
28
+ int rc;
29
30
psci_conduit = object_property_get_int(OBJECT(armcpu),
31
"psci-conduit",
32
@@ -XXX,XX +XXX,XX @@ static void fdt_add_psci_node(void *fdt)
33
g_assert_not_reached();
34
}
35
36
+ /*
37
+ * If /psci node is present in provided DTB, assume that no fixup
38
+ * is necessary and all PSCI configuration should be taken as-is
39
+ */
40
+ rc = fdt_path_offset(fdt, "/psci");
41
+ if (rc >= 0) {
42
+ return;
43
+ }
44
+
45
qemu_fdt_add_subnode(fdt, "/psci");
46
if (armcpu->psci_version == 2) {
47
const char comp[] = "arm,psci-0.2\0arm,psci";
48
--
49
2.16.2
50
51
diff view generated by jsdifflib
[Qemu-devel] [PULL 02/12] hw/arm/integratorcp: Don't do things that could be fatal in the instance_init
Deleted patch
1
From: Thomas Huth <thuth@redhat.com>
2
1
3
An instance_init function must not fail - and might be called multiple times,
4
e.g. during device introspection with the 'device-list-properties' QMP
5
command. Since the integratorcm device ignores this rule, QEMU currently
6
aborts in this case (though it really should not):
7
8
echo "{'execute':'qmp_capabilities'}"\
9
"{'execute':'device-list-properties',"\
10
"'arguments':{'typename':'integrator_core'}}" \
11
| arm-softmmu/qemu-system-arm -M integratorcp,accel=qtest -qmp stdio
12
{"QMP": {"version": {"qemu": {"micro": 91, "minor": 11, "major": 2},
13
"package": "build-all"}, "capabilities": []}}
14
{"return": {}}
15
RAMBlock "integrator.flash" already registered, abort!
16
Aborted (core dumped)
17
18
Move the problematic code to the realize() function instead to fix this
19
problem.
20
21
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
22
Signed-off-by: Thomas Huth <thuth@redhat.com>
23
Message-id: 1522906473-11252-1-git-send-email-thuth@redhat.com
24
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
25
---
26
hw/arm/integratorcp.c | 23 +++++++++++++++--------
27
1 file changed, 15 insertions(+), 8 deletions(-)
28
29
diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
30
index XXXXXXX..XXXXXXX 100644
31
--- a/hw/arm/integratorcp.c
32
+++ b/hw/arm/integratorcp.c
33
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps integratorcm_ops = {
34
static void integratorcm_init(Object *obj)
35
{
36
IntegratorCMState *s = INTEGRATOR_CM(obj);
37
- SysBusDevice *dev = SYS_BUS_DEVICE(obj);
38
39
s->cm_osc = 0x01000048;
40
/* ??? What should the high bits of this value be? */
41
@@ -XXX,XX +XXX,XX @@ static void integratorcm_init(Object *obj)
42
s->cm_init = 0x00000112;
43
s->cm_refcnt_offset = muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), 24,
44
1000);
45
- memory_region_init_ram(&s->flash, obj, "integrator.flash", 0x100000,
46
- &error_fatal);
47
48
- memory_region_init_io(&s->iomem, obj, &integratorcm_ops, s,
49
- "integratorcm", 0x00800000);
50
- sysbus_init_mmio(dev, &s->iomem);
51
-
52
- integratorcm_do_remap(s);
53
/* ??? Save/restore. */
54
}
55
56
static void integratorcm_realize(DeviceState *d, Error **errp)
57
{
58
IntegratorCMState *s = INTEGRATOR_CM(d);
59
+ SysBusDevice *dev = SYS_BUS_DEVICE(d);
60
+ Error *local_err = NULL;
61
+
62
+ memory_region_init_ram(&s->flash, OBJECT(d), "integrator.flash", 0x100000,
63
+ &local_err);
64
+ if (local_err) {
65
+ error_propagate(errp, local_err);
66
+ return;
67
+ }
68
+
69
+ memory_region_init_io(&s->iomem, OBJECT(d), &integratorcm_ops, s,
70
+ "integratorcm", 0x00800000);
71
+ sysbus_init_mmio(dev, &s->iomem);
72
+
73
+ integratorcm_do_remap(s);
74
75
if (s->memsz >= 256) {
76
integrator_spd[31] = 64;
77
--
78
2.16.2
79
80
diff view generated by jsdifflib
[Qemu-devel] [PULL 03/12] target-arm: Check undefined opcodes for SWP in A32 decoder
Deleted patch
1
From: Onur Sahin <onursahin08@gmail.com>
2
1
3
Make sure we are not treating architecturally Undefined instructions
4
as a SWP, by verifying the opcodes as per section A8.8.229 of ARMv7-A
5
specification. Bits [21:20] must be zero for this to be a SWP or SWPB.
6
We also choose to UNDEF for the architecturally UNPREDICTABLE case of
7
bits [11:8] not being zero.
8
9
Signed-off-by: Onur Sahin <onursahin08@gmail.com>
10
[PMM: tweaked commit message]
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
14
target/arm/translate.c | 9 +++++++--
15
1 file changed, 7 insertions(+), 2 deletions(-)
16
17
diff --git a/target/arm/translate.c b/target/arm/translate.c
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/translate.c
20
+++ b/target/arm/translate.c
21
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
22
}
23
}
24
tcg_temp_free_i32(addr);
25
- } else {
26
+ } else if ((insn & 0x00300f00) == 0) {
27
+ /* 0bcccc_0001_0x00_xxxx_xxxx_0000_1001_xxxx
28
+ * - SWP, SWPB
29
+ */
30
+
31
TCGv taddr;
32
TCGMemOp opc = s->be_data;
33
34
- /* SWP instruction */
35
rm = (insn) & 0xf;
36
37
if (insn & (1 << 22)) {
38
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
39
get_mem_index(s), opc);
40
tcg_temp_free(taddr);
41
store_reg(s, rd, tmp);
42
+ } else {
43
+ goto illegal_op;
44
}
45
}
46
} else {
47
--
48
2.16.2
49
50
diff view generated by jsdifflib
[Qemu-devel] [PULL 04/12] hw/sd/bcm2835_sdhost: Add tracepoints
Deleted patch
1
Add some tracepoints to the bcm2835_sdhost driver, to assist
2
debugging.
3
1
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
6
Tested-by: Gerd Hoffmann <kraxel@redhat.com>
7
Message-id: 20180319161556.16446-2-peter.maydell@linaro.org
8
---
9
hw/sd/bcm2835_sdhost.c | 10 ++++++++++
10
hw/sd/trace-events | 6 ++++++
11
2 files changed, 16 insertions(+)
12
13
diff --git a/hw/sd/bcm2835_sdhost.c b/hw/sd/bcm2835_sdhost.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/hw/sd/bcm2835_sdhost.c
16
+++ b/hw/sd/bcm2835_sdhost.c
17
@@ -XXX,XX +XXX,XX @@
18
#include "qemu/log.h"
19
#include "sysemu/blockdev.h"
20
#include "hw/sd/bcm2835_sdhost.h"
21
+#include "trace.h"
22
23
#define TYPE_BCM2835_SDHOST_BUS "bcm2835-sdhost-bus"
24
#define BCM2835_SDHOST_BUS(obj) \
25
@@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_update_irq(BCM2835SDHostState *s)
26
{
27
uint32_t irq = s->status &
28
(SDHSTS_BUSY_IRPT | SDHSTS_BLOCK_IRPT | SDHSTS_SDIO_IRPT);
29
+ trace_bcm2835_sdhost_update_irq(irq);
30
qemu_set_irq(s->irq, !!irq);
31
}
32
33
@@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_fifo_run(BCM2835SDHostState *s)
34
35
s->edm &= ~0xf;
36
s->edm |= SDEDM_FSM_DATAMODE;
37
+ trace_bcm2835_sdhost_edm_change("datacnt 0", s->edm);
38
39
if (s->config & SDHCFG_DATA_IRPT_EN) {
40
s->status |= SDHSTS_SDIO_IRPT;
41
@@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_fifo_run(BCM2835SDHostState *s)
42
43
s->edm &= ~(0x1f << 4);
44
s->edm |= ((s->fifo_len & 0x1f) << 4);
45
+ trace_bcm2835_sdhost_edm_change("fifo run", s->edm);
46
}
47
48
static uint64_t bcm2835_sdhost_read(void *opaque, hwaddr offset,
49
@@ -XXX,XX +XXX,XX @@ static uint64_t bcm2835_sdhost_read(void *opaque, hwaddr offset,
50
break;
51
}
52
53
+ trace_bcm2835_sdhost_read(offset, res, size);
54
+
55
return res;
56
}
57
58
@@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_write(void *opaque, hwaddr offset,
59
{
60
BCM2835SDHostState *s = (BCM2835SDHostState *)opaque;
61
62
+ trace_bcm2835_sdhost_write(offset, value, size);
63
+
64
switch (offset) {
65
case SDCMD:
66
s->cmd = value;
67
@@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_write(void *opaque, hwaddr offset,
68
value &= ~0xf;
69
}
70
s->edm = value;
71
+ trace_bcm2835_sdhost_edm_change("guest register write", s->edm);
72
break;
73
case SDHCFG:
74
s->config = value;
75
@@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_reset(DeviceState *dev)
76
s->cmd = 0;
77
s->cmdarg = 0;
78
s->edm = 0x0000c60f;
79
+ trace_bcm2835_sdhost_edm_change("device reset", s->edm);
80
s->config = 0;
81
s->hbct = 0;
82
s->hblc = 0;
83
diff --git a/hw/sd/trace-events b/hw/sd/trace-events
84
index XXXXXXX..XXXXXXX 100644
85
--- a/hw/sd/trace-events
86
+++ b/hw/sd/trace-events
87
@@ -XXX,XX +XXX,XX @@
88
# See docs/devel/tracing.txt for syntax documentation.
89
90
+# hw/sd/bcm2835_sdhost.c
91
+bcm2835_sdhost_read(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
92
+bcm2835_sdhost_write(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
93
+bcm2835_sdhost_edm_change(const char *why, uint32_t edm) "(%s) EDM now 0x%x"
94
+bcm2835_sdhost_update_irq(uint32_t irq) "IRQ bits 0x%x\n"
95
+
96
# hw/sd/core.c
97
sdbus_command(const char *bus_name, uint8_t cmd, uint32_t arg, uint8_t crc) "@%s CMD%02d arg 0x%08x crc 0x%02x"
98
sdbus_read(const char *bus_name, uint8_t value) "@%s value 0x%02x"
99
--
100
2.16.2
101
102
diff view generated by jsdifflib
[Qemu-devel] [PULL 05/12] hw/sd/bcm2835_sdhost: Don't raise spurious interrupts
Deleted patch
1
The Linux bcm2835_sdhost driver doesn't work on QEMU, because our
2
model raises spurious data interrupts. Our function
3
bcm2835_sdhost_fifo_run() will flag an interrupt any time it is
4
called with s->datacnt == 0, even if the host hasn't actually issued
5
a data read or write command yet. This means that the driver gets a
6
spurious data interrupt as soon as it enables IRQs and then does
7
something else that causes us to call the fifo_run routine, like
8
writing to SDHCFG, and before it does the write to SDCMD to issue the
9
read. The driver's IRQ handler then spins forever complaining that
10
there's no data and the SD controller isn't in a state where there's
11
going to be any data:
12
1
13
[ 41.040738] sdhost-bcm2835 3f202000.mmc: fsm 1, hsts 00000000
14
[ 41.042059] sdhost-bcm2835 3f202000.mmc: fsm 1, hsts 00000000
15
(continues forever).
16
17
Move the interrupt flag setting to more plausible places:
18
* for BUSY, raise this as soon as a BUSYWAIT command has executed
19
* for DATA, raise this when the FIFO has any space free (for a write)
20
or any data in it (for a read)
21
* for BLOCK, raise this when the data count is 0 and we've
22
actually done some reading or writing
23
24
This is pure guesswork since the documentation for this hardware is
25
not public, but it is sufficient to get the Linux bcm2835_sdhost
26
driver to work.
27
28
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
29
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
30
Tested-by: Gerd Hoffmann <kraxel@redhat.com>
31
Message-id: 20180319161556.16446-3-peter.maydell@linaro.org
32
---
33
hw/sd/bcm2835_sdhost.c | 46 ++++++++++++++++++++++++++--------------------
34
1 file changed, 26 insertions(+), 20 deletions(-)
35
36
diff --git a/hw/sd/bcm2835_sdhost.c b/hw/sd/bcm2835_sdhost.c
37
index XXXXXXX..XXXXXXX 100644
38
--- a/hw/sd/bcm2835_sdhost.c
39
+++ b/hw/sd/bcm2835_sdhost.c
40
@@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_send_command(BCM2835SDHostState *s)
41
}
42
#undef RWORD
43
}
44
+ /* We never really delay commands, so if this was a 'busywait' command
45
+ * then we've completed it now and can raise the interrupt.
46
+ */
47
+ if ((s->cmd & SDCMD_BUSYWAIT) && (s->config & SDHCFG_BUSY_IRPT_EN)) {
48
+ s->status |= SDHSTS_BUSY_IRPT;
49
+ }
50
return;
51
52
error:
53
@@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_fifo_run(BCM2835SDHostState *s)
54
n++;
55
if (n == 4) {
56
bcm2835_sdhost_fifo_push(s, value);
57
+ s->status |= SDHSTS_DATA_FLAG;
58
+ if (s->config & SDHCFG_DATA_IRPT_EN) {
59
+ s->status |= SDHSTS_SDIO_IRPT;
60
+ }
61
n = 0;
62
value = 0;
63
}
64
}
65
if (n != 0) {
66
bcm2835_sdhost_fifo_push(s, value);
67
+ s->status |= SDHSTS_DATA_FLAG;
68
}
69
} else { /* write */
70
n = 0;
71
while (s->datacnt > 0 && (s->fifo_len > 0 || n > 0)) {
72
if (n == 0) {
73
value = bcm2835_sdhost_fifo_pop(s);
74
+ s->status |= SDHSTS_DATA_FLAG;
75
+ if (s->config & SDHCFG_DATA_IRPT_EN) {
76
+ s->status |= SDHSTS_SDIO_IRPT;
77
+ }
78
n = 4;
79
}
80
n--;
81
@@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_fifo_run(BCM2835SDHostState *s)
82
value >>= 8;
83
}
84
}
85
+ if (s->datacnt == 0) {
86
+ s->edm &= ~SDEDM_FSM_MASK;
87
+ s->edm |= SDEDM_FSM_DATAMODE;
88
+ trace_bcm2835_sdhost_edm_change("datacnt 0", s->edm);
89
+
90
+ if ((s->cmd & SDCMD_WRITE_CMD) &&
91
+ (s->config & SDHCFG_BLOCK_IRPT_EN)) {
92
+ s->status |= SDHSTS_BLOCK_IRPT;
93
+ }
94
+ }
95
}
96
- if (s->datacnt == 0) {
97
- s->status |= SDHSTS_DATA_FLAG;
98
99
- s->edm &= ~0xf;
100
- s->edm |= SDEDM_FSM_DATAMODE;
101
- trace_bcm2835_sdhost_edm_change("datacnt 0", s->edm);
102
-
103
- if (s->config & SDHCFG_DATA_IRPT_EN) {
104
- s->status |= SDHSTS_SDIO_IRPT;
105
- }
106
-
107
- if ((s->cmd & SDCMD_BUSYWAIT) && (s->config & SDHCFG_BUSY_IRPT_EN)) {
108
- s->status |= SDHSTS_BUSY_IRPT;
109
- }
110
-
111
- if ((s->cmd & SDCMD_WRITE_CMD) && (s->config & SDHCFG_BLOCK_IRPT_EN)) {
112
- s->status |= SDHSTS_BLOCK_IRPT;
113
- }
114
-
115
- bcm2835_sdhost_update_irq(s);
116
- }
117
+ bcm2835_sdhost_update_irq(s);
118
119
s->edm &= ~(0x1f << 4);
120
s->edm |= ((s->fifo_len & 0x1f) << 4);
121
--
122
2.16.2
123
124
diff view generated by jsdifflib
[Qemu-devel] [PULL 06/12] hw/arm/allwinner-a10: Do not use nd_table in instance_init function
Deleted patch
1
From: Thomas Huth <thuth@redhat.com>
2
1
3
The instance_init function of a device can be called at any time, even
4
if the device is not going to be used (i.e. not going to be realized).
5
So a instance_init function must not do things that could cause QEMU
6
to exit, like calling qemu_check_nic_model(&nd_table[0], ...) for example.
7
But this is what the instance_init function of the allwinner-a10 device
8
is currently doing - and this causes QEMU to quit unexpectedly when
9
you run the 'device-list-properties' QMP command for example:
10
11
$ echo "{'execute':'qmp_capabilities'}"\
12
"{'execute':'device-list-properties',"\
13
" 'arguments':{'typename':'allwinner-a10'}}" \
14
| arm-softmmu/qemu-system-arm -M mps2-an505,accel=qtest -qmp stdio
15
{"QMP": {"version": {"qemu": {"micro": 91, "minor": 11, "major": 2},
16
"package": "build-all"}, "capabilities": []}}
17
{"return": {}}
18
Unsupported NIC model: lan9118
19
20
... and QEMU quits after printing the last line (which should not happen
21
just because of running 'device-list-properties' here).
22
23
And with the cubieboard, this even causes QEMU to abort():
24
25
$ echo "{'execute':'qmp_capabilities'}"\
26
"{'execute':'device-list-properties',"\
27
" 'arguments':{'typename':'allwinner-a10'}}" \
28
| arm-softmmu/qemu-system-arm -M cubieboard,accel=qtest -qmp stdio
29
{"QMP": {"version": {"qemu": {"micro": 91, "minor": 11, "major": 2},
30
"package": "build-all"}, "capabilities": []}}
31
{"return": {}}
32
Unexpected error in error_set_from_qdev_prop_error() at hw/core/qdev-properties.c:1095:
33
Property 'allwinner-emac.netdev' can't take value 'hub0port0', it's in use
34
Aborted (core dumped)
35
36
To fix the problem we've got to move the offending code to the realize
37
function instead.
38
39
Signed-off-by: Thomas Huth <thuth@redhat.com>
40
Message-id: 1522862420-7484-1-git-send-email-thuth@redhat.com
41
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
42
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
43
---
44
hw/arm/allwinner-a10.c | 12 ++++++------
45
1 file changed, 6 insertions(+), 6 deletions(-)
46
47
diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
48
index XXXXXXX..XXXXXXX 100644
49
--- a/hw/arm/allwinner-a10.c
50
+++ b/hw/arm/allwinner-a10.c
51
@@ -XXX,XX +XXX,XX @@ static void aw_a10_init(Object *obj)
52
53
object_initialize(&s->emac, sizeof(s->emac), TYPE_AW_EMAC);
54
qdev_set_parent_bus(DEVICE(&s->emac), sysbus_get_default());
55
- /* FIXME use qdev NIC properties instead of nd_table[] */
56
- if (nd_table[0].used) {
57
- qemu_check_nic_model(&nd_table[0], TYPE_AW_EMAC);
58
- qdev_set_nic_properties(DEVICE(&s->emac), &nd_table[0]);
59
- }
60
61
object_initialize(&s->sata, sizeof(s->sata), TYPE_ALLWINNER_AHCI);
62
qdev_set_parent_bus(DEVICE(&s->sata), sysbus_get_default());
63
@@ -XXX,XX +XXX,XX @@ static void aw_a10_realize(DeviceState *dev, Error **errp)
64
sysbus_connect_irq(sysbusdev, 4, s->irq[67]);
65
sysbus_connect_irq(sysbusdev, 5, s->irq[68]);
66
67
+ /* FIXME use qdev NIC properties instead of nd_table[] */
68
+ if (nd_table[0].used) {
69
+ qemu_check_nic_model(&nd_table[0], TYPE_AW_EMAC);
70
+ qdev_set_nic_properties(DEVICE(&s->emac), &nd_table[0]);
71
+ }
72
object_property_set_bool(OBJECT(&s->emac), true, "realized", &err);
73
if (err != NULL) {
74
error_propagate(errp, err);
75
@@ -XXX,XX +XXX,XX @@ static void aw_a10_class_init(ObjectClass *oc, void *data)
76
DeviceClass *dc = DEVICE_CLASS(oc);
77
78
dc->realize = aw_a10_realize;
79
- /* Reason: Uses serial_hds in realize and nd_table in instance_init */
80
+ /* Reason: Uses serial_hds and nd_table in realize function */
81
dc->user_creatable = false;
82
}
83
84
--
85
2.16.2
86
87
diff view generated by jsdifflib
[Qemu-devel] [PULL 07/12] hw/arm/fsl-imx: Fix introspection problem with fsl-imx6 and fsl-imx7
Deleted patch
1
From: Thomas Huth <thuth@redhat.com>
2
1
3
QEMU currently exits unexpectedly when trying to introspect the fsl-imx6
4
and fsl-imx7 devices on systems with many SMP CPUs:
5
6
$ echo "{'execute':'qmp_capabilities'}"\
7
"{'execute':'device-list-properties',"\
8
" 'arguments':{'typename':'fsl,imx6'}}" \
9
| arm-softmmu/qemu-system-arm -M virt,accel=qtest -qmp stdio -smp 8
10
{"QMP": {"version": {"qemu": {"micro": 91, "minor": 11, "major": 2},
11
"package": "build-all"}, "capabilities": []}}
12
{"return": {}}
13
fsl,imx6: Only 4 CPUs are supported (8 requested)
14
15
And:
16
17
$ echo "{'execute':'qmp_capabilities'}"\
18
"{'execute':'device-list-properties',"\
19
" 'arguments':{'typename':'fsl,imx7'}}" \
20
| arm-softmmu/qemu-system-arm -M raspi2,accel=qtest -qmp stdio
21
{"QMP": {"version": {"qemu": {"micro": 91, "minor": 11, "major": 2},
22
"package": "build-all"}, "capabilities": []}}
23
{"return": {}}
24
fsl,imx7: Only 2 CPUs are supported (4 requested)
25
26
This happens because these devices are doing an exit() from their
27
instance_init function - which should never be done since instance_init
28
can be called at any time for device introspection! Fix it by moving
29
the deadly check into the realize() function instead.
30
31
Signed-off-by: Thomas Huth <thuth@redhat.com>
32
Message-id: 1522908551-14885-1-git-send-email-thuth@redhat.com
33
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
34
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
35
---
36
hw/arm/fsl-imx6.c | 14 +++++++-------
37
hw/arm/fsl-imx7.c | 13 +++++++------
38
2 files changed, 14 insertions(+), 13 deletions(-)
39
40
diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c
41
index XXXXXXX..XXXXXXX 100644
42
--- a/hw/arm/fsl-imx6.c
43
+++ b/hw/arm/fsl-imx6.c
44
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6_init(Object *obj)
45
char name[NAME_SIZE];
46
int i;
47
48
- if (smp_cpus > FSL_IMX6_NUM_CPUS) {
49
- error_report("%s: Only %d CPUs are supported (%d requested)",
50
- TYPE_FSL_IMX6, FSL_IMX6_NUM_CPUS, smp_cpus);
51
- exit(1);
52
- }
53
-
54
- for (i = 0; i < smp_cpus; i++) {
55
+ for (i = 0; i < MIN(smp_cpus, FSL_IMX6_NUM_CPUS); i++) {
56
object_initialize(&s->cpu[i], sizeof(s->cpu[i]),
57
"cortex-a9-" TYPE_ARM_CPU);
58
snprintf(name, NAME_SIZE, "cpu%d", i);
59
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6_realize(DeviceState *dev, Error **errp)
60
uint16_t i;
61
Error *err = NULL;
62
63
+ if (smp_cpus > FSL_IMX6_NUM_CPUS) {
64
+ error_setg(errp, "%s: Only %d CPUs are supported (%d requested)",
65
+ TYPE_FSL_IMX6, FSL_IMX6_NUM_CPUS, smp_cpus);
66
+ return;
67
+ }
68
+
69
for (i = 0; i < smp_cpus; i++) {
70
71
/* On uniprocessor, the CBAR is set to 0 */
72
diff --git a/hw/arm/fsl-imx7.c b/hw/arm/fsl-imx7.c
73
index XXXXXXX..XXXXXXX 100644
74
--- a/hw/arm/fsl-imx7.c
75
+++ b/hw/arm/fsl-imx7.c
76
@@ -XXX,XX +XXX,XX @@ static void fsl_imx7_init(Object *obj)
77
char name[NAME_SIZE];
78
int i;
79
80
- if (smp_cpus > FSL_IMX7_NUM_CPUS) {
81
- error_report("%s: Only %d CPUs are supported (%d requested)",
82
- TYPE_FSL_IMX7, FSL_IMX7_NUM_CPUS, smp_cpus);
83
- exit(1);
84
- }
85
86
- for (i = 0; i < smp_cpus; i++) {
87
+ for (i = 0; i < MIN(smp_cpus, FSL_IMX7_NUM_CPUS); i++) {
88
object_initialize(&s->cpu[i], sizeof(s->cpu[i]),
89
ARM_CPU_TYPE_NAME("cortex-a7"));
90
snprintf(name, NAME_SIZE, "cpu%d", i);
91
@@ -XXX,XX +XXX,XX @@ static void fsl_imx7_realize(DeviceState *dev, Error **errp)
92
qemu_irq irq;
93
char name[NAME_SIZE];
94
95
+ if (smp_cpus > FSL_IMX7_NUM_CPUS) {
96
+ error_setg(errp, "%s: Only %d CPUs are supported (%d requested)",
97
+ TYPE_FSL_IMX7, FSL_IMX7_NUM_CPUS, smp_cpus);
98
+ return;
99
+ }
100
+
101
for (i = 0; i < smp_cpus; i++) {
102
o = OBJECT(&s->cpu[i]);
103
104
--
105
2.16.2
106
107
diff view generated by jsdifflib
[Qemu-devel] [PULL 08/12] target/arm: Report unsupported MPU region sizes more clearly
Deleted patch
1
Currently our PMSAv7 and ARMv7M MPU implementation cannot handle
2
MPU region sizes smaller than our TARGET_PAGE_SIZE. However we
3
report that in a slightly confusing way:
4
1
5
DRSR[3]: No support for MPU (sub)region alignment of 9 bits. Minimum is 10
6
7
The problem is not the alignment of the region, but its size;
8
tweak the error message to say so:
9
DRSR[3]: No support for MPU (sub)region size of 512 bytes. Minimum is 1024.
10
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
13
Message-id: 20180405172554.27401-1-peter.maydell@linaro.org
14
---
15
target/arm/helper.c | 6 +++---
16
1 file changed, 3 insertions(+), 3 deletions(-)
17
18
diff --git a/target/arm/helper.c b/target/arm/helper.c
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/helper.c
21
+++ b/target/arm/helper.c
22
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
23
}
24
if (rsize < TARGET_PAGE_BITS) {
25
qemu_log_mask(LOG_UNIMP,
26
- "DRSR[%d]: No support for MPU (sub)region "
27
- "alignment of %" PRIu32 " bits. Minimum is %d\n",
28
- n, rsize, TARGET_PAGE_BITS);
29
+ "DRSR[%d]: No support for MPU (sub)region size of"
30
+ " %" PRIu32 " bytes. Minimum is %d.\n",
31
+ n, (1 << rsize), TARGET_PAGE_SIZE);
32
continue;
33
}
34
if (srdis) {
35
--
36
2.16.2
37
38
diff view generated by jsdifflib
[Qemu-devel] [PULL 09/12] cpus.c: ensure running CPU recalculates icount deadlines on timer expiry
Deleted patch
1
When we run in TCG icount mode, we calculate the number of instructions
2
to execute using tcg_get_icount_limit(), which ensures that we stop
3
execution at the next timer deadline. However there is a bug where
4
currently we do not recalculate that limit if the guest reprograms
5
a timer so that the next deadline moves closer, and so we will
6
continue execution until the original limit and fire the timer
7
later than we should.
8
1
9
Fix this bug in qemu_timer_notify_cb(): if we are currently running
10
a VCPU in icount mode, we simply need to kick it out of the main
11
loop and back to tcg_cpu_exec(), where it will recalculate the
12
icount limit. If we are not currently running a VCPU, then we
13
retain the existing logic for waking up a halted CPU.
14
15
Cc: qemu-stable@nongnu.org
16
Fixes: https://bugs.launchpad.net/qemu/+bug/1754038
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
19
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
20
Message-id: 20180406123838.21249-1-peter.maydell@linaro.org
21
---
22
cpus.c | 10 +++++++++-
23
1 file changed, 9 insertions(+), 1 deletion(-)
24
25
diff --git a/cpus.c b/cpus.c
26
index XXXXXXX..XXXXXXX 100644
27
--- a/cpus.c
28
+++ b/cpus.c
29
@@ -XXX,XX +XXX,XX @@ void qemu_timer_notify_cb(void *opaque, QEMUClockType type)
30
return;
31
}
32
33
- if (!qemu_in_vcpu_thread() && first_cpu) {
34
+ if (qemu_in_vcpu_thread()) {
35
+ /* A CPU is currently running; kick it back out to the
36
+ * tcg_cpu_exec() loop so it will recalculate its
37
+ * icount deadline immediately.
38
+ */
39
+ qemu_cpu_kick(current_cpu);
40
+ } else if (first_cpu) {
41
/* qemu_cpu_kick is not enough to kick a halted CPU out of
42
* qemu_tcg_wait_io_event. async_run_on_cpu, instead,
43
* causes cpu_thread_is_idle to return false. This way,
44
* handle_icount_deadline can run.
45
+ * If we have no CPUs at all for some reason, we don't
46
+ * need to do anything.
47
*/
48
async_run_on_cpu(first_cpu, do_nothing, RUN_ON_CPU_NULL);
49
}
50
--
51
2.16.2
52
53
diff view generated by jsdifflib
[Qemu-devel] [PULL 10/12] linux-user/signal.c: Ensure AArch64 signal frame isn't too small
Deleted patch
1
The AArch64 signal frame design was extended for SVE in commit
2
8c5931de0ac77388096d79ceb, so that instead of having a fixed setup we
3
now add various records to the frame, with some of them possibly
4
overflowing into an extra space outside the original 4K reserved
5
block in the target_sigcontext. However, we failed to ensure that we
6
always at least allocate the 4K reserved block. This is ABI, and
7
some userspace programs rely on it. In particular the dash shell
8
would segfault if the frame wasn't as big enough.
9
1
10
(Compare the kernel's sigframe_size() function in
11
arch/arm64/kernel/signal.c.)
12
13
Reported-by: Richard Henwood <richard.henwood@arm.com>
14
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
15
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
16
Message-id: 20180409140714.26841-1-peter.maydell@linaro.org
17
Fixes: https://bugs.launchpad.net/bugs/1761535
18
Fixes: 8c5931de0ac77388096d79ceb
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
---
21
linux-user/signal.c | 6 ++++++
22
1 file changed, 6 insertions(+)
23
24
diff --git a/linux-user/signal.c b/linux-user/signal.c
25
index XXXXXXX..XXXXXXX 100644
26
--- a/linux-user/signal.c
27
+++ b/linux-user/signal.c
28
@@ -XXX,XX +XXX,XX @@ static void target_setup_frame(int usig, struct target_sigaction *ka,
29
fr_ofs = layout.total_size;
30
layout.total_size += sizeof(struct target_rt_frame_record);
31
32
+ /* We must always provide at least the standard 4K reserved space,
33
+ * even if we don't use all of it (this is part of the ABI)
34
+ */
35
+ layout.total_size = MAX(layout.total_size,
36
+ sizeof(struct target_rt_sigframe));
37
+
38
frame_addr = get_sigframe(ka, env, layout.total_size);
39
trace_user_setup_frame(env, frame_addr);
40
if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
41
--
42
2.16.2
43
44
diff view generated by jsdifflib
[Qemu-devel] [PULL 11/12] tcg: Introduce tcg_set_insn_start_param
Deleted patch
1
From: Richard Henderson <richard.henderson@linaro.org>
2
1
3
The parameters for tcg_gen_insn_start are target_ulong, which may be split
4
into two TCGArg parameters for storage in the opcode on 32-bit hosts.
5
6
Fixes the ARM target and its direct use of tcg_set_insn_param, which would
7
set the wrong argument in the 64-on-32 case.
8
9
Cc: qemu-stable@nongnu.org
10
Reported-by: alarson@ddci.com
11
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
12
Message-id: 20180410003558.2470-1-richard.henderson@linaro.org
13
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
---
16
target/arm/translate.h | 2 +-
17
tcg/tcg.h | 10 ++++++++++
18
2 files changed, 11 insertions(+), 1 deletion(-)
19
20
diff --git a/target/arm/translate.h b/target/arm/translate.h
21
index XXXXXXX..XXXXXXX 100644
22
--- a/target/arm/translate.h
23
+++ b/target/arm/translate.h
24
@@ -XXX,XX +XXX,XX @@ static inline void disas_set_insn_syndrome(DisasContext *s, uint32_t syn)
25
26
/* We check and clear insn_start_idx to catch multiple updates. */
27
assert(s->insn_start != NULL);
28
- tcg_set_insn_param(s->insn_start, 2, syn);
29
+ tcg_set_insn_start_param(s->insn_start, 2, syn);
30
s->insn_start = NULL;
31
}
32
33
diff --git a/tcg/tcg.h b/tcg/tcg.h
34
index XXXXXXX..XXXXXXX 100644
35
--- a/tcg/tcg.h
36
+++ b/tcg/tcg.h
37
@@ -XXX,XX +XXX,XX @@ static inline void tcg_set_insn_param(TCGOp *op, int arg, TCGArg v)
38
op->args[arg] = v;
39
}
40
41
+static inline void tcg_set_insn_start_param(TCGOp *op, int arg, target_ulong v)
42
+{
43
+#if TARGET_LONG_BITS <= TCG_TARGET_REG_BITS
44
+ tcg_set_insn_param(op, arg, v);
45
+#else
46
+ tcg_set_insn_param(op, arg * 2, v);
47
+ tcg_set_insn_param(op, arg * 2 + 1, v >> 32);
48
+#endif
49
+}
50
+
51
/* The last op that was emitted. */
52
static inline TCGOp *tcg_last_op(void)
53
{
54
--
55
2.16.2
56
57
diff view generated by jsdifflib
[Qemu-devel] [PULL 12/12] fpu: Fix rounding mode for floatN_to_uintM_round_to_zero
Deleted patch
1
From: Richard Henderson <richard.henderson@linaro.org>
2
1
3
We incorrectly passed in the current rounding mode
4
instead of float_round_to_zero.
5
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20180410055912.934-1-richard.henderson@linaro.org
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
fpu/softfloat.c | 4 ++--
12
1 file changed, 2 insertions(+), 2 deletions(-)
13
14
diff --git a/fpu/softfloat.c b/fpu/softfloat.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/fpu/softfloat.c
17
+++ b/fpu/softfloat.c
18
@@ -XXX,XX +XXX,XX @@ uint ## isz ## _t float ## fsz ## _to_uint ## isz ## _round_to_zero \
19
(float ## fsz a, float_status *s) \
20
{ \
21
FloatParts p = float ## fsz ## _unpack_canonical(a, s); \
22
- return round_to_uint_and_pack(p, s->float_rounding_mode, \
23
- UINT ## isz ## _MAX, s); \
24
+ return round_to_uint_and_pack(p, float_round_to_zero, \
25
+ UINT ## isz ## _MAX, s); \
26
}
27
28
FLOAT_TO_UINT(16, 16)
29
--
30
2.16.2
31
32
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.