[Qemu-devel] [PULL 00/19] target-arm queue
[PULL 0/4] target-arm queue
1
First arm pullreq of the 2.13 cycle!
1
Arm patches for rc3 : just a handful of bug fixes.
2
2
3
thanks
3
-- PMM
4
-- PMM
4
5
5
The following changes since commit 4743c23509a51bd4ee85cc272287a41917d1be35:
6
6
7
Update version for v2.12.0 release (2018-04-24 16:44:55 +0100)
7
The following changes since commit 4ecc984210ca1bf508a96a550ec8a93a5f833f6c:
8
9
Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.2-rc3' into staging (2019-11-26 12:36:40 +0000)
8
10
9
are available in the Git repository at:
11
are available in the Git repository at:
10
12
11
git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180426
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20191126
12
14
13
for you to fetch changes up to fbf32752663878947de455ff57cb5b9318f14bec:
15
for you to fetch changes up to 6a4ef4e5d1084ce41fafa7d470a644b0fd3d9317:
14
16
15
xilinx_spips: Correct SNOOP_NONE state when flushing the txfifo (2018-04-26 11:04:40 +0100)
17
target/arm: Honor HCR_EL2.TID3 trapping requirements (2019-11-26 13:55:37 +0000)
16
18
17
----------------------------------------------------------------
19
----------------------------------------------------------------
18
target-arm queue:
20
target-arm queue:
19
* xilinx_spips: Correct SNOOP_NONE state when flushing the txfifo
21
* handle FTYPE flag correctly in v7M exception return
20
* timer/aspeed: fix vmstate version id
22
for v7M CPUs with an FPU (v8M CPUs were already correct)
21
* hw/arm/aspeed_soc: don't use vmstate_register_ram_global for SRAM
23
* versal: Add the CRP as unimplemented
22
* hw/arm/aspeed: don't make 'boot_rom' region 'nomigrate'
24
* Fix ISR_EL1 tracking when executing at EL2
23
* hw/arm/highbank: don't make sysram 'nomigrate'
25
* Honor HCR_EL2.TID3 trapping requirements
24
* hw/arm/raspi: Don't bother setting default_cpu_type
25
* PMU emulation: some minor bugfixes and preparation for
26
support of other events than just the cycle counter
27
* target/arm: Use v7m_stack_read() for reading the frame signature
28
* target/arm: Remove stale TODO comment
29
* arm: always start from first_cpu when registering loader cpu reset callback
30
* device_tree: Increase FDT_MAX_SIZE to 1 MiB
31
26
32
----------------------------------------------------------------
27
----------------------------------------------------------------
33
Aaron Lindsay (9):
28
Edgar E. Iglesias (1):
34
target/arm: Check PMCNTEN for whether PMCCNTR is enabled
29
hw/arm: versal: Add the CRP as unimplemented
35
target/arm: Treat PMCCNTR as alias of PMCCNTR_EL0
36
target/arm: Mask PMU register writes based on PMCR_EL0.N
37
target/arm: Fetch GICv3 state directly from CPUARMState
38
target/arm: Support multiple EL change hooks
39
target/arm: Add pre-EL change hooks
40
target/arm: Allow EL change hooks to do IO
41
target/arm: Fix bitmask for PMCCFILTR writes
42
target/arm: Make PMOVSCLR and PMUSERENR 64 bits wide
43
30
44
Cédric Le Goater (1):
31
Jean-Hugues Deschênes (1):
45
timer/aspeed: fix vmstate version id
32
target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
46
33
47
Geert Uytterhoeven (1):
34
Marc Zyngier (2):
48
device_tree: Increase FDT_MAX_SIZE to 1 MiB
35
target/arm: Fix ISR_EL1 tracking when executing at EL2
36
target/arm: Honor HCR_EL2.TID3 trapping requirements
49
37
50
Igor Mammedov (1):
38
include/hw/arm/xlnx-versal.h | 3 ++
51
arm: always start from first_cpu when registering loader cpu reset callback
39
hw/arm/xlnx-versal.c | 2 ++
40
target/arm/helper.c | 83 ++++++++++++++++++++++++++++++++++++++++++--
41
target/arm/m_helper.c | 7 ++--
42
4 files changed, 89 insertions(+), 6 deletions(-)
52
43
53
Peter Maydell (6):
54
target/arm: Remove stale TODO comment
55
target/arm: Use v7m_stack_read() for reading the frame signature
56
hw/arm/raspi: Don't bother setting default_cpu_type
57
hw/arm/highbank: don't make sysram 'nomigrate'
58
hw/arm/aspeed: don't make 'boot_rom' region 'nomigrate'
59
hw/arm/aspeed_soc: don't use vmstate_register_ram_global for SRAM
60
61
Sai Pavan Boddu (1):
62
xilinx_spips: Correct SNOOP_NONE state when flushing the txfifo
63
64
target/arm/cpu.h | 48 +++++++++++++++++-------------
65
target/arm/internals.h | 14 +++++++--
66
device_tree.c | 2 +-
67
hw/arm/aspeed.c | 2 +-
68
hw/arm/aspeed_soc.c | 3 +-
69
hw/arm/boot.c | 2 +-
70
hw/arm/highbank.c | 2 +-
71
hw/arm/raspi.c | 2 --
72
hw/intc/arm_gicv3_cpuif.c | 10 ++-----
73
hw/ssi/xilinx_spips.c | 3 +-
74
hw/timer/aspeed_timer.c | 2 +-
75
target/arm/cpu.c | 37 +++++++++++++++++++----
76
target/arm/helper.c | 73 ++++++++++++++++++++++++++--------------------
77
target/arm/op_helper.c | 8 +++++
78
target/arm/translate-a64.c | 6 ++++
79
target/arm/translate.c | 12 ++++++++
80
16 files changed, 148 insertions(+), 78 deletions(-)
81
diff view generated by jsdifflib
[Qemu-devel] [PULL 01/19] device_tree: Increase FDT_MAX_SIZE to 1 MiB
Deleted patch
1
From: Geert Uytterhoeven <geert+renesas@glider.be>
2
1
3
It is not uncommon for a contemporary FDT to be larger than 64 KiB,
4
leading to failures loading the device tree from sysfs:
5
6
qemu-system-aarch64: qemu_fdt_setprop: Couldn't set ...: FDT_ERR_NOSPACE
7
8
Hence increase the limit to 1 MiB, like on PPC.
9
10
For reference, the largest arm64 DTB created from the Linux sources is
11
ca. 75 KiB large (100 KiB when built with symbols/fixup support).
12
13
Cc: qemu-stable@nongnu.org
14
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
15
Message-id: 1523541337-23919-1-git-send-email-geert+renesas@glider.be
16
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
---
19
device_tree.c | 2 +-
20
1 file changed, 1 insertion(+), 1 deletion(-)
21
22
diff --git a/device_tree.c b/device_tree.c
23
index XXXXXXX..XXXXXXX 100644
24
--- a/device_tree.c
25
+++ b/device_tree.c
26
@@ -XXX,XX +XXX,XX @@
27
28
#include <libfdt.h>
29
30
-#define FDT_MAX_SIZE 0x10000
31
+#define FDT_MAX_SIZE 0x100000
32
33
void *create_device_tree(int *sizep)
34
{
35
--
36
2.17.0
37
38
diff view generated by jsdifflib
[Qemu-devel] [PULL 02/19] arm: always start from first_cpu when registering loader cpu reset callback
Deleted patch
1
From: Igor Mammedov <imammedo@redhat.com>
2
1
3
if arm_load_kernel() were passed non first_cpu, QEMU would end up
4
with partially set do_cpu_reset() callback leaving some CPUs without it.
5
6
Make sure that do_cpu_reset() is registered for all CPUs by enumerating
7
CPUs from first_cpu.
8
9
(In practice every board that we have was passing us the first CPU
10
as the boot CPU, either directly or indirectly, so this wasn't
11
causing incorrect behaviour.)
12
13
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
14
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
15
[PMM: added a note that this isn't a behaviour change]
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
---
18
hw/arm/boot.c | 2 +-
19
1 file changed, 1 insertion(+), 1 deletion(-)
20
21
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
22
index XXXXXXX..XXXXXXX 100644
23
--- a/hw/arm/boot.c
24
+++ b/hw/arm/boot.c
25
@@ -XXX,XX +XXX,XX @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
26
* actually loading a kernel, the handler is also responsible for
27
* arranging that we start it correctly.
28
*/
29
- for (cs = CPU(cpu); cs; cs = CPU_NEXT(cs)) {
30
+ for (cs = first_cpu; cs; cs = CPU_NEXT(cs)) {
31
qemu_register_reset(do_cpu_reset, ARM_CPU(cs));
32
}
33
}
34
--
35
2.17.0
36
37
diff view generated by jsdifflib
[Qemu-devel] [PULL 03/19] target/arm: Remove stale TODO comment
Deleted patch
1
Remove a stale TODO comment -- we have now made the arm_ldl_ptw()
2
and arm_ldq_ptw() functions propagate physical memory read errors
3
out to their callers.
4
1
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Message-id: 20180419142151.9862-1-peter.maydell@linaro.org
8
---
9
target/arm/helper.c | 8 +-------
10
1 file changed, 1 insertion(+), 7 deletions(-)
11
12
diff --git a/target/arm/helper.c b/target/arm/helper.c
13
index XXXXXXX..XXXXXXX 100644
14
--- a/target/arm/helper.c
15
+++ b/target/arm/helper.c
16
@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
17
return addr;
18
}
19
20
-/* All loads done in the course of a page table walk go through here.
21
- * TODO: rather than ignoring errors from physical memory reads (which
22
- * are external aborts in ARM terminology) we should propagate this
23
- * error out so that we can turn it into a Data Abort if this walk
24
- * was being done for a CPU load/store or an address translation instruction
25
- * (but not if it was for a debug access).
26
- */
27
+/* All loads done in the course of a page table walk go through here. */
28
static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure,
29
ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
30
{
31
--
32
2.17.0
33
34
diff view generated by jsdifflib
[Qemu-devel] [PULL 04/19] target/arm: Use v7m_stack_read() for reading the frame signature
Deleted patch
1
In commit 95695effe8caa552b8f2 we changed the v7M/v8M stack
2
pop code to use a new v7m_stack_read() function that checks
3
whether the read should fail due to an MPU or bus abort.
4
We missed one call though, the one which reads the signature
5
word for the callee-saved register part of the frame.
6
1
7
Correct the omission.
8
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Message-id: 20180419142106.9694-1-peter.maydell@linaro.org
13
---
14
target/arm/helper.c | 9 +++++----
15
1 file changed, 5 insertions(+), 4 deletions(-)
16
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/helper.c
20
+++ b/target/arm/helper.c
21
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_stack(ARMCPU *cpu)
22
static void do_v7m_exception_exit(ARMCPU *cpu)
23
{
24
CPUARMState *env = &cpu->env;
25
- CPUState *cs = CPU(cpu);
26
uint32_t excret;
27
uint32_t xpsr;
28
bool ufault = false;
29
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
30
((excret & R_V7M_EXCRET_ES_MASK) == 0 ||
31
(excret & R_V7M_EXCRET_DCRS_MASK) == 0)) {
32
uint32_t expected_sig = 0xfefa125b;
33
- uint32_t actual_sig = ldl_phys(cs->as, frameptr);
34
+ uint32_t actual_sig;
35
36
- if (expected_sig != actual_sig) {
37
+ pop_ok = v7m_stack_read(cpu, &actual_sig, frameptr, mmu_idx);
38
+
39
+ if (pop_ok && expected_sig != actual_sig) {
40
/* Take a SecureFault on the current stack */
41
env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK;
42
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
43
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
44
return;
45
}
46
47
- pop_ok =
48
+ pop_ok = pop_ok &&
49
v7m_stack_read(cpu, &env->regs[4], frameptr + 0x8, mmu_idx) &&
50
v7m_stack_read(cpu, &env->regs[4], frameptr + 0x8, mmu_idx) &&
51
v7m_stack_read(cpu, &env->regs[5], frameptr + 0xc, mmu_idx) &&
52
--
53
2.17.0
54
55
diff view generated by jsdifflib
[Qemu-devel] [PULL 18/19] timer/aspeed: fix vmstate version id
[PULL 1/4] target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
1
From: Cédric Le Goater <clg@kaod.org>
1
From: Jean-Hugues Deschênes <Jean-Hugues.Deschenes@ossiaco.com>
2
2
3
commit 1d3e65aa7ac5 ("hw/timer: Add value matching support to
3
According to the PushStack() pseudocode in the armv7m RM,
4
aspeed_timer") increased the vmstate version of aspeed.timer because
4
bit 4 of the LR should be set to NOT(CONTROL.PFCA) when
5
the state had changed, but it also bumped the version of the
5
an FPU is present. Current implementation is doing it for
6
VMSTATE_STRUCT_ARRAY under the aspeed.timerctrl which did not need to.
6
armv8, but not for armv7. This patch makes the existing
7
logic applicable to both code paths.
7
8
8
Change back this version to fix migration.
9
Signed-off-by: Jean-Hugues Deschenes <jean-hugues.deschenes@ossiaco.com>
9
10
Signed-off-by: Cédric Le Goater <clg@kaod.org>
11
Message-id: 20180423101433.17759-1-clg@kaod.org
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
12
---
15
hw/timer/aspeed_timer.c | 2 +-
13
target/arm/m_helper.c | 7 +++----
16
1 file changed, 1 insertion(+), 1 deletion(-)
14
1 file changed, 3 insertions(+), 4 deletions(-)
17
15
18
diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
16
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
19
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
20
--- a/hw/timer/aspeed_timer.c
18
--- a/target/arm/m_helper.c
21
+++ b/hw/timer/aspeed_timer.c
19
+++ b/target/arm/m_helper.c
22
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_aspeed_timer_state = {
20
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
23
VMSTATE_UINT32(ctrl, AspeedTimerCtrlState),
21
if (env->v7m.secure) {
24
VMSTATE_UINT32(ctrl2, AspeedTimerCtrlState),
22
lr |= R_V7M_EXCRET_S_MASK;
25
VMSTATE_STRUCT_ARRAY(timers, AspeedTimerCtrlState,
23
}
26
- ASPEED_TIMER_NR_TIMERS, 2, vmstate_aspeed_timer,
24
- if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
27
+ ASPEED_TIMER_NR_TIMERS, 1, vmstate_aspeed_timer,
25
- lr |= R_V7M_EXCRET_FTYPE_MASK;
28
AspeedTimer),
26
- }
29
VMSTATE_END_OF_LIST()
27
} else {
28
lr = R_V7M_EXCRET_RES1_MASK |
29
R_V7M_EXCRET_S_MASK |
30
R_V7M_EXCRET_DCRS_MASK |
31
- R_V7M_EXCRET_FTYPE_MASK |
32
R_V7M_EXCRET_ES_MASK;
33
if (env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK) {
34
lr |= R_V7M_EXCRET_SPSEL_MASK;
35
}
36
}
37
+ if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
38
+ lr |= R_V7M_EXCRET_FTYPE_MASK;
39
+ }
40
if (!arm_v7m_is_handler_mode(env)) {
41
lr |= R_V7M_EXCRET_MODE_MASK;
30
}
42
}
31
--
43
--
32
2.17.0
44
2.20.1
33
45
34
46
diff view generated by jsdifflib
[Qemu-devel] [PULL 19/19] xilinx_spips: Correct SNOOP_NONE state when flushing the txfifo
[PULL 2/4] hw/arm: versal: Add the CRP as unimplemented
1
From: Sai Pavan Boddu <sai.pavan.boddu@xilinx.com>
1
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
2
2
3
SNOOP_NONE state handle is moved above in the if ladder, as it's same
3
Add the CRP as unimplemented thus avoiding bus errors when
4
as SNOOP_STRIPPING during data cycles.
4
guests access these registers.
5
5
6
Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
6
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
7
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
7
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
8
Message-id: 1524119244-1240-1-git-send-email-saipava@xilinx.com
8
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
9
Message-id: 20191115154734.26449-2-edgar.iglesias@gmail.com
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
---
11
hw/ssi/xilinx_spips.c | 3 ++-
12
include/hw/arm/xlnx-versal.h | 3 +++
12
1 file changed, 2 insertions(+), 1 deletion(-)
13
hw/arm/xlnx-versal.c | 2 ++
14
2 files changed, 5 insertions(+)
13
15
14
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
16
diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h
15
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/ssi/xilinx_spips.c
18
--- a/include/hw/arm/xlnx-versal.h
17
+++ b/hw/ssi/xilinx_spips.c
19
+++ b/include/hw/arm/xlnx-versal.h
18
@@ -XXX,XX +XXX,XX @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
20
@@ -XXX,XX +XXX,XX @@ typedef struct Versal {
19
if (fifo8_is_empty(&s->tx_fifo)) {
21
#define MM_IOU_SCNTRS_SIZE 0x10000
20
xilinx_spips_update_ixr(s);
22
#define MM_FPD_CRF 0xfd1a0000U
21
return;
23
#define MM_FPD_CRF_SIZE 0x140000
22
- } else if (s->snoop_state == SNOOP_STRIPING) {
24
+
23
+ } else if (s->snoop_state == SNOOP_STRIPING ||
25
+#define MM_PMC_CRP 0xf1260000U
24
+ s->snoop_state == SNOOP_NONE) {
26
+#define MM_PMC_CRP_SIZE 0x10000
25
for (i = 0; i < num_effective_busses(s); ++i) {
27
#endif
26
tx_rx[i] = fifo8_pop(&s->tx_fifo);
28
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
27
}
29
index XXXXXXX..XXXXXXX 100644
30
--- a/hw/arm/xlnx-versal.c
31
+++ b/hw/arm/xlnx-versal.c
32
@@ -XXX,XX +XXX,XX @@ static void versal_unimp(Versal *s)
33
MM_CRL, MM_CRL_SIZE);
34
versal_unimp_area(s, "crf", &s->mr_ps,
35
MM_FPD_CRF, MM_FPD_CRF_SIZE);
36
+ versal_unimp_area(s, "crp", &s->mr_ps,
37
+ MM_PMC_CRP, MM_PMC_CRP_SIZE);
38
versal_unimp_area(s, "iou-scntr", &s->mr_ps,
39
MM_IOU_SCNTR, MM_IOU_SCNTR_SIZE);
40
versal_unimp_area(s, "iou-scntr-seucre", &s->mr_ps,
28
--
41
--
29
2.17.0
42
2.20.1
30
43
31
44
diff view generated by jsdifflib
[Qemu-devel] [PULL 05/19] target/arm: Check PMCNTEN for whether PMCCNTR is enabled
[PULL 3/4] target/arm: Fix ISR_EL1 tracking when executing at EL2
1
From: Aaron Lindsay <alindsay@codeaurora.org>
1
From: Marc Zyngier <maz@kernel.org>
2
2
3
Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
3
The ARMv8 ARM states when executing at EL2, EL3 or Secure EL1,
4
ISR_EL1 shows the pending status of the physical IRQ, FIQ, or
5
SError interrupts.
6
7
Unfortunately, QEMU's implementation only considers the HCR_EL2
8
bits, and ignores the current exception level. This means a hypervisor
9
trying to look at its own interrupt state actually sees the guest
10
state, which is unexpected and breaks KVM as of Linux 5.3.
11
12
Instead, check for the running EL and return the physical bits
13
if not running in a virtualized context.
14
15
Fixes: 636540e9c40b
16
Cc: qemu-stable@nongnu.org
17
Reported-by: Quentin Perret <qperret@google.com>
18
Signed-off-by: Marc Zyngier <maz@kernel.org>
19
Message-id: 20191122135833.28953-1-maz@kernel.org
4
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
20
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
5
Message-id: 1523997485-1905-2-git-send-email-alindsay@codeaurora.org
21
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
23
---
8
target/arm/helper.c | 2 +-
24
target/arm/helper.c | 7 +++++--
9
1 file changed, 1 insertion(+), 1 deletion(-)
25
1 file changed, 5 insertions(+), 2 deletions(-)
10
26
11
diff --git a/target/arm/helper.c b/target/arm/helper.c
27
diff --git a/target/arm/helper.c b/target/arm/helper.c
12
index XXXXXXX..XXXXXXX 100644
28
index XXXXXXX..XXXXXXX 100644
13
--- a/target/arm/helper.c
29
--- a/target/arm/helper.c
14
+++ b/target/arm/helper.c
30
+++ b/target/arm/helper.c
15
@@ -XXX,XX +XXX,XX @@ static inline bool arm_ccnt_enabled(CPUARMState *env)
31
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
16
{
32
CPUState *cs = env_cpu(env);
17
/* This does not support checking PMCCFILTR_EL0 register */
33
uint64_t hcr_el2 = arm_hcr_el2_eff(env);
18
34
uint64_t ret = 0;
19
- if (!(env->cp15.c9_pmcr & PMCRE)) {
35
+ bool allow_virt = (arm_current_el(env) == 1 &&
20
+ if (!(env->cp15.c9_pmcr & PMCRE) || !(env->cp15.c9_pmcnten & (1 << 31))) {
36
+ (!arm_is_secure_below_el3(env) ||
21
return false;
37
+ (env->cp15.scr_el3 & SCR_EEL2)));
38
39
- if (hcr_el2 & HCR_IMO) {
40
+ if (allow_virt && (hcr_el2 & HCR_IMO)) {
41
if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) {
42
ret |= CPSR_I;
43
}
44
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
45
}
22
}
46
}
23
47
48
- if (hcr_el2 & HCR_FMO) {
49
+ if (allow_virt && (hcr_el2 & HCR_FMO)) {
50
if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) {
51
ret |= CPSR_F;
52
}
24
--
53
--
25
2.17.0
54
2.20.1
26
55
27
56
diff view generated by jsdifflib
[Qemu-devel] [PULL 06/19] target/arm: Treat PMCCNTR as alias of PMCCNTR_EL0
Deleted patch
1
From: Aaron Lindsay <alindsay@codeaurora.org>
2
1
3
They share the same underlying state
4
5
Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Message-id: 1523997485-1905-3-git-send-email-alindsay@codeaurora.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
target/arm/helper.c | 2 +-
11
1 file changed, 1 insertion(+), 1 deletion(-)
12
13
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.c
16
+++ b/target/arm/helper.c
17
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
18
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmselr),
19
.writefn = pmselr_write, .raw_writefn = raw_write, },
20
{ .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0,
21
- .access = PL0_RW, .resetvalue = 0, .type = ARM_CP_IO,
22
+ .access = PL0_RW, .resetvalue = 0, .type = ARM_CP_ALIAS | ARM_CP_IO,
23
.readfn = pmccntr_read, .writefn = pmccntr_write32,
24
.accessfn = pmreg_access_ccntr },
25
{ .name = "PMCCNTR_EL0", .state = ARM_CP_STATE_AA64,
26
--
27
2.17.0
28
29
diff view generated by jsdifflib
[Qemu-devel] [PULL 07/19] target/arm: Mask PMU register writes based on PMCR_EL0.N
[PULL 4/4] target/arm: Honor HCR_EL2.TID3 trapping requirements
1
From: Aaron Lindsay <alindsay@codeaurora.org>
1
From: Marc Zyngier <maz@kernel.org>
2
2
3
This is in preparation for enabling counters other than PMCCNTR
3
HCR_EL2.TID3 mandates that access from EL1 to a long list of id
4
4
registers traps to EL2, and QEMU has so far ignored this requirement.
5
Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
5
6
This breaks (among other things) KVM guests that have PtrAuth enabled,
7
while the hypervisor doesn't want to expose the feature to its guest.
8
To achieve this, KVM traps the ID registers (ID_AA64ISAR1_EL1 in this
9
case), and masks out the unsupported feature.
10
11
QEMU not honoring the trap request means that the guest observes
12
that the feature is present in the HW, starts using it, and dies
13
a horrible death when KVM injects an UNDEF, because the feature
14
*really* isn't supported.
15
16
Do the right thing by trapping to EL2 if HCR_EL2.TID3 is set.
17
18
Note that this change does not include trapping of the MVFR
19
registers from AArch32 (they are accessed via the VMRS
20
instruction and need to be handled in a different way).
21
22
Reported-by: Will Deacon <will@kernel.org>
23
Signed-off-by: Marc Zyngier <maz@kernel.org>
24
Tested-by: Will Deacon <will@kernel.org>
25
Message-id: 20191123115618.29230-1-maz@kernel.org
26
[PMM: added missing accessfn line for ID_AA4PFR2_EL1_RESERVED;
27
changed names of access functions to include _tid3]
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
28
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Message-id: 1523997485-1905-5-git-send-email-alindsay@codeaurora.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
29
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
30
---
10
target/arm/helper.c | 31 ++++++++++++++++++++++---------
31
target/arm/helper.c | 76 +++++++++++++++++++++++++++++++++++++++++++++
11
1 file changed, 22 insertions(+), 9 deletions(-)
32
1 file changed, 76 insertions(+)
12
33
13
diff --git a/target/arm/helper.c b/target/arm/helper.c
34
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
index XXXXXXX..XXXXXXX 100644
35
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.c
36
--- a/target/arm/helper.c
16
+++ b/target/arm/helper.c
37
+++ b/target/arm/helper.c
17
@@ -XXX,XX +XXX,XX @@ typedef struct V8M_SAttributes {
38
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo predinv_reginfo[] = {
18
static void v8m_security_lookup(CPUARMState *env, uint32_t address,
19
MMUAccessType access_type, ARMMMUIdx mmu_idx,
20
V8M_SAttributes *sattrs);
21
-
22
-/* Definitions for the PMCCNTR and PMCR registers */
23
-#define PMCRD 0x8
24
-#define PMCRC 0x4
25
-#define PMCRE 0x1
26
#endif
27
28
static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
29
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
30
REGINFO_SENTINEL
39
REGINFO_SENTINEL
31
};
40
};
32
41
33
+/* Definitions for the PMU registers */
42
+static CPAccessResult access_aa64_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
34
+#define PMCRN_MASK 0xf800
43
+ bool isread)
35
+#define PMCRN_SHIFT 11
44
+{
36
+#define PMCRD 0x8
45
+ if ((arm_current_el(env) < 2) && (arm_hcr_el2_eff(env) & HCR_TID3)) {
37
+#define PMCRC 0x4
46
+ return CP_ACCESS_TRAP_EL2;
38
+#define PMCRE 0x1
47
+ }
39
+
48
+
40
+static inline uint32_t pmu_num_counters(CPUARMState *env)
49
+ return CP_ACCESS_OK;
41
+{
42
+ return (env->cp15.c9_pmcr & PMCRN_MASK) >> PMCRN_SHIFT;
43
+}
50
+}
44
+
51
+
45
+/* Bits allowed to be set/cleared for PMCNTEN* and PMINTEN* */
52
+static CPAccessResult access_aa32_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
46
+static inline uint64_t pmu_counter_mask(CPUARMState *env)
53
+ bool isread)
47
+{
54
+{
48
+ return (1 << 31) | ((1 << pmu_num_counters(env)) - 1);
55
+ if (arm_feature(env, ARM_FEATURE_V8)) {
56
+ return access_aa64_tid3(env, ri, isread);
57
+ }
58
+
59
+ return CP_ACCESS_OK;
49
+}
60
+}
50
+
61
+
51
static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri,
62
void register_cp_regs_for_features(ARMCPU *cpu)
52
bool isread)
53
{
63
{
54
@@ -XXX,XX +XXX,XX @@ static void pmccfiltr_write(CPUARMState *env, const ARMCPRegInfo *ri,
64
/* Register all the coprocessor registers based on feature bits */
55
static void pmcntenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
65
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
56
uint64_t value)
66
{ .name = "ID_PFR0", .state = ARM_CP_STATE_BOTH,
57
{
67
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 0,
58
- value &= (1 << 31);
68
.access = PL1_R, .type = ARM_CP_CONST,
59
+ value &= pmu_counter_mask(env);
69
+ .accessfn = access_aa32_tid3,
60
env->cp15.c9_pmcnten |= value;
70
.resetvalue = cpu->id_pfr0 },
61
}
71
/* ID_PFR1 is not a plain ARM_CP_CONST because we don't know
62
72
* the value of the GIC field until after we define these regs.
63
static void pmcntenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
73
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
64
uint64_t value)
74
{ .name = "ID_PFR1", .state = ARM_CP_STATE_BOTH,
65
{
75
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 1,
66
- value &= (1 << 31);
76
.access = PL1_R, .type = ARM_CP_NO_RAW,
67
+ value &= pmu_counter_mask(env);
77
+ .accessfn = access_aa32_tid3,
68
env->cp15.c9_pmcnten &= ~value;
78
.readfn = id_pfr1_read,
69
}
79
.writefn = arm_cp_write_ignore },
70
80
{ .name = "ID_DFR0", .state = ARM_CP_STATE_BOTH,
71
@@ -XXX,XX +XXX,XX @@ static void pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
81
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 2,
72
uint64_t value)
82
.access = PL1_R, .type = ARM_CP_CONST,
73
{
83
+ .accessfn = access_aa32_tid3,
74
/* We have no event counters so only the C bit can be changed */
84
.resetvalue = cpu->id_dfr0 },
75
- value &= (1 << 31);
85
{ .name = "ID_AFR0", .state = ARM_CP_STATE_BOTH,
76
+ value &= pmu_counter_mask(env);
86
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 3,
77
env->cp15.c9_pminten |= value;
87
.access = PL1_R, .type = ARM_CP_CONST,
78
}
88
+ .accessfn = access_aa32_tid3,
79
89
.resetvalue = cpu->id_afr0 },
80
static void pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
90
{ .name = "ID_MMFR0", .state = ARM_CP_STATE_BOTH,
81
uint64_t value)
91
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 4,
82
{
92
.access = PL1_R, .type = ARM_CP_CONST,
83
- value &= (1 << 31);
93
+ .accessfn = access_aa32_tid3,
84
+ value &= pmu_counter_mask(env);
94
.resetvalue = cpu->id_mmfr0 },
85
env->cp15.c9_pminten &= ~value;
95
{ .name = "ID_MMFR1", .state = ARM_CP_STATE_BOTH,
86
}
96
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 5,
87
97
.access = PL1_R, .type = ARM_CP_CONST,
98
+ .accessfn = access_aa32_tid3,
99
.resetvalue = cpu->id_mmfr1 },
100
{ .name = "ID_MMFR2", .state = ARM_CP_STATE_BOTH,
101
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 6,
102
.access = PL1_R, .type = ARM_CP_CONST,
103
+ .accessfn = access_aa32_tid3,
104
.resetvalue = cpu->id_mmfr2 },
105
{ .name = "ID_MMFR3", .state = ARM_CP_STATE_BOTH,
106
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 7,
107
.access = PL1_R, .type = ARM_CP_CONST,
108
+ .accessfn = access_aa32_tid3,
109
.resetvalue = cpu->id_mmfr3 },
110
{ .name = "ID_ISAR0", .state = ARM_CP_STATE_BOTH,
111
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
112
.access = PL1_R, .type = ARM_CP_CONST,
113
+ .accessfn = access_aa32_tid3,
114
.resetvalue = cpu->isar.id_isar0 },
115
{ .name = "ID_ISAR1", .state = ARM_CP_STATE_BOTH,
116
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 1,
117
.access = PL1_R, .type = ARM_CP_CONST,
118
+ .accessfn = access_aa32_tid3,
119
.resetvalue = cpu->isar.id_isar1 },
120
{ .name = "ID_ISAR2", .state = ARM_CP_STATE_BOTH,
121
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
122
.access = PL1_R, .type = ARM_CP_CONST,
123
+ .accessfn = access_aa32_tid3,
124
.resetvalue = cpu->isar.id_isar2 },
125
{ .name = "ID_ISAR3", .state = ARM_CP_STATE_BOTH,
126
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 3,
127
.access = PL1_R, .type = ARM_CP_CONST,
128
+ .accessfn = access_aa32_tid3,
129
.resetvalue = cpu->isar.id_isar3 },
130
{ .name = "ID_ISAR4", .state = ARM_CP_STATE_BOTH,
131
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 4,
132
.access = PL1_R, .type = ARM_CP_CONST,
133
+ .accessfn = access_aa32_tid3,
134
.resetvalue = cpu->isar.id_isar4 },
135
{ .name = "ID_ISAR5", .state = ARM_CP_STATE_BOTH,
136
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 5,
137
.access = PL1_R, .type = ARM_CP_CONST,
138
+ .accessfn = access_aa32_tid3,
139
.resetvalue = cpu->isar.id_isar5 },
140
{ .name = "ID_MMFR4", .state = ARM_CP_STATE_BOTH,
141
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 6,
142
.access = PL1_R, .type = ARM_CP_CONST,
143
+ .accessfn = access_aa32_tid3,
144
.resetvalue = cpu->id_mmfr4 },
145
{ .name = "ID_ISAR6", .state = ARM_CP_STATE_BOTH,
146
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 7,
147
.access = PL1_R, .type = ARM_CP_CONST,
148
+ .accessfn = access_aa32_tid3,
149
.resetvalue = cpu->isar.id_isar6 },
150
REGINFO_SENTINEL
151
};
152
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
153
{ .name = "ID_AA64PFR0_EL1", .state = ARM_CP_STATE_AA64,
154
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 0,
155
.access = PL1_R, .type = ARM_CP_NO_RAW,
156
+ .accessfn = access_aa64_tid3,
157
.readfn = id_aa64pfr0_read,
158
.writefn = arm_cp_write_ignore },
159
{ .name = "ID_AA64PFR1_EL1", .state = ARM_CP_STATE_AA64,
160
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 1,
161
.access = PL1_R, .type = ARM_CP_CONST,
162
+ .accessfn = access_aa64_tid3,
163
.resetvalue = cpu->isar.id_aa64pfr1},
164
{ .name = "ID_AA64PFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
165
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 2,
166
.access = PL1_R, .type = ARM_CP_CONST,
167
+ .accessfn = access_aa64_tid3,
168
.resetvalue = 0 },
169
{ .name = "ID_AA64PFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
170
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 3,
171
.access = PL1_R, .type = ARM_CP_CONST,
172
+ .accessfn = access_aa64_tid3,
173
.resetvalue = 0 },
174
{ .name = "ID_AA64ZFR0_EL1", .state = ARM_CP_STATE_AA64,
175
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 4,
176
.access = PL1_R, .type = ARM_CP_CONST,
177
+ .accessfn = access_aa64_tid3,
178
/* At present, only SVEver == 0 is defined anyway. */
179
.resetvalue = 0 },
180
{ .name = "ID_AA64PFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
181
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 5,
182
.access = PL1_R, .type = ARM_CP_CONST,
183
+ .accessfn = access_aa64_tid3,
184
.resetvalue = 0 },
185
{ .name = "ID_AA64PFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
186
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 6,
187
.access = PL1_R, .type = ARM_CP_CONST,
188
+ .accessfn = access_aa64_tid3,
189
.resetvalue = 0 },
190
{ .name = "ID_AA64PFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
191
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 7,
192
.access = PL1_R, .type = ARM_CP_CONST,
193
+ .accessfn = access_aa64_tid3,
194
.resetvalue = 0 },
195
{ .name = "ID_AA64DFR0_EL1", .state = ARM_CP_STATE_AA64,
196
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 0,
197
.access = PL1_R, .type = ARM_CP_CONST,
198
+ .accessfn = access_aa64_tid3,
199
.resetvalue = cpu->id_aa64dfr0 },
200
{ .name = "ID_AA64DFR1_EL1", .state = ARM_CP_STATE_AA64,
201
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 1,
202
.access = PL1_R, .type = ARM_CP_CONST,
203
+ .accessfn = access_aa64_tid3,
204
.resetvalue = cpu->id_aa64dfr1 },
205
{ .name = "ID_AA64DFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
206
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 2,
207
.access = PL1_R, .type = ARM_CP_CONST,
208
+ .accessfn = access_aa64_tid3,
209
.resetvalue = 0 },
210
{ .name = "ID_AA64DFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
211
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 3,
212
.access = PL1_R, .type = ARM_CP_CONST,
213
+ .accessfn = access_aa64_tid3,
214
.resetvalue = 0 },
215
{ .name = "ID_AA64AFR0_EL1", .state = ARM_CP_STATE_AA64,
216
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 4,
217
.access = PL1_R, .type = ARM_CP_CONST,
218
+ .accessfn = access_aa64_tid3,
219
.resetvalue = cpu->id_aa64afr0 },
220
{ .name = "ID_AA64AFR1_EL1", .state = ARM_CP_STATE_AA64,
221
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 5,
222
.access = PL1_R, .type = ARM_CP_CONST,
223
+ .accessfn = access_aa64_tid3,
224
.resetvalue = cpu->id_aa64afr1 },
225
{ .name = "ID_AA64AFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
226
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 6,
227
.access = PL1_R, .type = ARM_CP_CONST,
228
+ .accessfn = access_aa64_tid3,
229
.resetvalue = 0 },
230
{ .name = "ID_AA64AFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
231
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 7,
232
.access = PL1_R, .type = ARM_CP_CONST,
233
+ .accessfn = access_aa64_tid3,
234
.resetvalue = 0 },
235
{ .name = "ID_AA64ISAR0_EL1", .state = ARM_CP_STATE_AA64,
236
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 0,
237
.access = PL1_R, .type = ARM_CP_CONST,
238
+ .accessfn = access_aa64_tid3,
239
.resetvalue = cpu->isar.id_aa64isar0 },
240
{ .name = "ID_AA64ISAR1_EL1", .state = ARM_CP_STATE_AA64,
241
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 1,
242
.access = PL1_R, .type = ARM_CP_CONST,
243
+ .accessfn = access_aa64_tid3,
244
.resetvalue = cpu->isar.id_aa64isar1 },
245
{ .name = "ID_AA64ISAR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
246
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
247
.access = PL1_R, .type = ARM_CP_CONST,
248
+ .accessfn = access_aa64_tid3,
249
.resetvalue = 0 },
250
{ .name = "ID_AA64ISAR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
251
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 3,
252
.access = PL1_R, .type = ARM_CP_CONST,
253
+ .accessfn = access_aa64_tid3,
254
.resetvalue = 0 },
255
{ .name = "ID_AA64ISAR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
256
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 4,
257
.access = PL1_R, .type = ARM_CP_CONST,
258
+ .accessfn = access_aa64_tid3,
259
.resetvalue = 0 },
260
{ .name = "ID_AA64ISAR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
261
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 5,
262
.access = PL1_R, .type = ARM_CP_CONST,
263
+ .accessfn = access_aa64_tid3,
264
.resetvalue = 0 },
265
{ .name = "ID_AA64ISAR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
266
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 6,
267
.access = PL1_R, .type = ARM_CP_CONST,
268
+ .accessfn = access_aa64_tid3,
269
.resetvalue = 0 },
270
{ .name = "ID_AA64ISAR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
271
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 7,
272
.access = PL1_R, .type = ARM_CP_CONST,
273
+ .accessfn = access_aa64_tid3,
274
.resetvalue = 0 },
275
{ .name = "ID_AA64MMFR0_EL1", .state = ARM_CP_STATE_AA64,
276
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
277
.access = PL1_R, .type = ARM_CP_CONST,
278
+ .accessfn = access_aa64_tid3,
279
.resetvalue = cpu->isar.id_aa64mmfr0 },
280
{ .name = "ID_AA64MMFR1_EL1", .state = ARM_CP_STATE_AA64,
281
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 1,
282
.access = PL1_R, .type = ARM_CP_CONST,
283
+ .accessfn = access_aa64_tid3,
284
.resetvalue = cpu->isar.id_aa64mmfr1 },
285
{ .name = "ID_AA64MMFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
286
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 2,
287
.access = PL1_R, .type = ARM_CP_CONST,
288
+ .accessfn = access_aa64_tid3,
289
.resetvalue = 0 },
290
{ .name = "ID_AA64MMFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
291
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 3,
292
.access = PL1_R, .type = ARM_CP_CONST,
293
+ .accessfn = access_aa64_tid3,
294
.resetvalue = 0 },
295
{ .name = "ID_AA64MMFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
296
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 4,
297
.access = PL1_R, .type = ARM_CP_CONST,
298
+ .accessfn = access_aa64_tid3,
299
.resetvalue = 0 },
300
{ .name = "ID_AA64MMFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
301
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 5,
302
.access = PL1_R, .type = ARM_CP_CONST,
303
+ .accessfn = access_aa64_tid3,
304
.resetvalue = 0 },
305
{ .name = "ID_AA64MMFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
306
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 6,
307
.access = PL1_R, .type = ARM_CP_CONST,
308
+ .accessfn = access_aa64_tid3,
309
.resetvalue = 0 },
310
{ .name = "ID_AA64MMFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
311
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 7,
312
.access = PL1_R, .type = ARM_CP_CONST,
313
+ .accessfn = access_aa64_tid3,
314
.resetvalue = 0 },
315
{ .name = "MVFR0_EL1", .state = ARM_CP_STATE_AA64,
316
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 0,
317
.access = PL1_R, .type = ARM_CP_CONST,
318
+ .accessfn = access_aa64_tid3,
319
.resetvalue = cpu->isar.mvfr0 },
320
{ .name = "MVFR1_EL1", .state = ARM_CP_STATE_AA64,
321
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 1,
322
.access = PL1_R, .type = ARM_CP_CONST,
323
+ .accessfn = access_aa64_tid3,
324
.resetvalue = cpu->isar.mvfr1 },
325
{ .name = "MVFR2_EL1", .state = ARM_CP_STATE_AA64,
326
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2,
327
.access = PL1_R, .type = ARM_CP_CONST,
328
+ .accessfn = access_aa64_tid3,
329
.resetvalue = cpu->isar.mvfr2 },
330
{ .name = "MVFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
331
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 3,
332
.access = PL1_R, .type = ARM_CP_CONST,
333
+ .accessfn = access_aa64_tid3,
334
.resetvalue = 0 },
335
{ .name = "MVFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
336
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 4,
337
.access = PL1_R, .type = ARM_CP_CONST,
338
+ .accessfn = access_aa64_tid3,
339
.resetvalue = 0 },
340
{ .name = "MVFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
341
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 5,
342
.access = PL1_R, .type = ARM_CP_CONST,
343
+ .accessfn = access_aa64_tid3,
344
.resetvalue = 0 },
345
{ .name = "MVFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
346
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 6,
347
.access = PL1_R, .type = ARM_CP_CONST,
348
+ .accessfn = access_aa64_tid3,
349
.resetvalue = 0 },
350
{ .name = "MVFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
351
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 7,
352
.access = PL1_R, .type = ARM_CP_CONST,
353
+ .accessfn = access_aa64_tid3,
354
.resetvalue = 0 },
355
{ .name = "PMCEID0", .state = ARM_CP_STATE_AA32,
356
.cp = 15, .opc1 = 0, .crn = 9, .crm = 12, .opc2 = 6,
88
--
357
--
89
2.17.0
358
2.20.1
90
359
91
360
diff view generated by jsdifflib
[Qemu-devel] [PULL 08/19] target/arm: Fetch GICv3 state directly from CPUARMState
Deleted patch
1
From: Aaron Lindsay <alindsay@codeaurora.org>
2
1
3
This eliminates the need for fetching it from el_change_hook_opaque, and
4
allows for supporting multiple el_change_hooks without having to hack
5
something together to find the registered opaque belonging to GICv3.
6
7
Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Message-id: 1523997485-1905-6-git-send-email-alindsay@codeaurora.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
target/arm/cpu.h | 10 ----------
13
hw/intc/arm_gicv3_cpuif.c | 10 ++--------
14
2 files changed, 2 insertions(+), 18 deletions(-)
15
16
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/cpu.h
19
+++ b/target/arm/cpu.h
20
@@ -XXX,XX +XXX,XX @@ static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs)
21
void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHook *hook,
22
void *opaque);
23
24
-/**
25
- * arm_get_el_change_hook_opaque:
26
- * Return the opaque data that will be used by the el_change_hook
27
- * for this CPU.
28
- */
29
-static inline void *arm_get_el_change_hook_opaque(ARMCPU *cpu)
30
-{
31
- return cpu->el_change_hook_opaque;
32
-}
33
-
34
/**
35
* aa32_vfp_dreg:
36
* Return a pointer to the Dn register within env in 32-bit mode.
37
diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
38
index XXXXXXX..XXXXXXX 100644
39
--- a/hw/intc/arm_gicv3_cpuif.c
40
+++ b/hw/intc/arm_gicv3_cpuif.c
41
@@ -XXX,XX +XXX,XX @@ void gicv3_set_gicv3state(CPUState *cpu, GICv3CPUState *s)
42
43
static GICv3CPUState *icc_cs_from_env(CPUARMState *env)
44
{
45
- /* Given the CPU, find the right GICv3CPUState struct.
46
- * Since we registered the CPU interface with the EL change hook as
47
- * the opaque pointer, we can just directly get from the CPU to it.
48
- */
49
- return arm_get_el_change_hook_opaque(arm_env_get_cpu(env));
50
+ return env->gicv3state;
51
}
52
53
static bool gicv3_use_ns_bank(CPUARMState *env)
54
@@ -XXX,XX +XXX,XX @@ void gicv3_init_cpuif(GICv3State *s)
55
* it might be with code translated by CPU 0 but run by CPU 1, in
56
* which case we'd get the wrong value.
57
* So instead we define the regs with no ri->opaque info, and
58
- * get back to the GICv3CPUState from the ARMCPU by reading back
59
- * the opaque pointer from the el_change_hook, which we're going
60
- * to need to register anyway.
61
+ * get back to the GICv3CPUState from the CPUARMState.
62
*/
63
define_arm_cp_regs(cpu, gicv3_cpuif_reginfo);
64
if (arm_feature(&cpu->env, ARM_FEATURE_EL2)
65
--
66
2.17.0
67
68
diff view generated by jsdifflib
[Qemu-devel] [PULL 09/19] target/arm: Support multiple EL change hooks
Deleted patch
1
From: Aaron Lindsay <alindsay@codeaurora.org>
2
1
3
Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
4
Message-id: 1523997485-1905-7-git-send-email-alindsay@codeaurora.org
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
target/arm/cpu.h | 20 ++++++++++----------
9
target/arm/internals.h | 7 ++++---
10
target/arm/cpu.c | 21 ++++++++++++++++-----
11
3 files changed, 30 insertions(+), 18 deletions(-)
12
13
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/cpu.h
16
+++ b/target/arm/cpu.h
17
@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
18
} CPUARMState;
19
20
/**
21
- * ARMELChangeHook:
22
+ * ARMELChangeHookFn:
23
* type of a function which can be registered via arm_register_el_change_hook()
24
* to get callbacks when the CPU changes its exception level or mode.
25
*/
26
-typedef void ARMELChangeHook(ARMCPU *cpu, void *opaque);
27
-
28
+typedef void ARMELChangeHookFn(ARMCPU *cpu, void *opaque);
29
+typedef struct ARMELChangeHook ARMELChangeHook;
30
+struct ARMELChangeHook {
31
+ ARMELChangeHookFn *hook;
32
+ void *opaque;
33
+ QLIST_ENTRY(ARMELChangeHook) node;
34
+};
35
36
/* These values map onto the return values for
37
* QEMU_PSCI_0_2_FN_AFFINITY_INFO */
38
@@ -XXX,XX +XXX,XX @@ struct ARMCPU {
39
*/
40
bool cfgend;
41
42
- ARMELChangeHook *el_change_hook;
43
- void *el_change_hook_opaque;
44
+ QLIST_HEAD(, ARMELChangeHook) el_change_hooks;
45
46
int32_t node_id; /* NUMA node this CPU belongs to */
47
48
@@ -XXX,XX +XXX,XX @@ static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs)
49
* CPU changes exception level or mode. The hook function will be
50
* passed a pointer to the ARMCPU and the opaque data pointer passed
51
* to this function when the hook was registered.
52
- *
53
- * Note that we currently only support registering a single hook function,
54
- * and will assert if this function is called twice.
55
- * This facility is intended for the use of the GICv3 emulation.
56
*/
57
-void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHook *hook,
58
+void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
59
void *opaque);
60
61
/**
62
diff --git a/target/arm/internals.h b/target/arm/internals.h
63
index XXXXXXX..XXXXXXX 100644
64
--- a/target/arm/internals.h
65
+++ b/target/arm/internals.h
66
@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
67
int mmu_idx, MemTxAttrs attrs,
68
MemTxResult response, uintptr_t retaddr);
69
70
-/* Call the EL change hook if one has been registered */
71
+/* Call any registered EL change hooks */
72
static inline void arm_call_el_change_hook(ARMCPU *cpu)
73
{
74
- if (cpu->el_change_hook) {
75
- cpu->el_change_hook(cpu, cpu->el_change_hook_opaque);
76
+ ARMELChangeHook *hook, *next;
77
+ QLIST_FOREACH_SAFE(hook, &cpu->el_change_hooks, node, next) {
78
+ hook->hook(cpu, hook->opaque);
79
}
80
}
81
82
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
83
index XXXXXXX..XXXXXXX 100644
84
--- a/target/arm/cpu.c
85
+++ b/target/arm/cpu.c
86
@@ -XXX,XX +XXX,XX @@ static bool arm_cpu_has_work(CPUState *cs)
87
| CPU_INTERRUPT_EXITTB);
88
}
89
90
-void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHook *hook,
91
+void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
92
void *opaque)
93
{
94
- /* We currently only support registering a single hook function */
95
- assert(!cpu->el_change_hook);
96
- cpu->el_change_hook = hook;
97
- cpu->el_change_hook_opaque = opaque;
98
+ ARMELChangeHook *entry = g_new0(ARMELChangeHook, 1);
99
+
100
+ entry->hook = hook;
101
+ entry->opaque = opaque;
102
+
103
+ QLIST_INSERT_HEAD(&cpu->el_change_hooks, entry, node);
104
}
105
106
static void cp_reg_reset(gpointer key, gpointer value, gpointer opaque)
107
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_initfn(Object *obj)
108
cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal,
109
g_free, g_free);
110
111
+ QLIST_INIT(&cpu->el_change_hooks);
112
+
113
#ifndef CONFIG_USER_ONLY
114
/* Our inbound IRQ and FIQ lines */
115
if (kvm_enabled()) {
116
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_post_init(Object *obj)
117
static void arm_cpu_finalizefn(Object *obj)
118
{
119
ARMCPU *cpu = ARM_CPU(obj);
120
+ ARMELChangeHook *hook, *next;
121
+
122
g_hash_table_destroy(cpu->cp_regs);
123
+
124
+ QLIST_FOREACH_SAFE(hook, &cpu->el_change_hooks, node, next) {
125
+ QLIST_REMOVE(hook, node);
126
+ g_free(hook);
127
+ }
128
}
129
130
static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
131
--
132
2.17.0
133
134
diff view generated by jsdifflib
[Qemu-devel] [PULL 10/19] target/arm: Add pre-EL change hooks
Deleted patch
1
From: Aaron Lindsay <alindsay@codeaurora.org>
2
1
3
Because the design of the PMU requires that the counter values be
4
converted between their delta and guest-visible forms for mode
5
filtering, an additional hook which occurs before the EL is changed is
6
necessary.
7
8
Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
9
Message-id: 1523997485-1905-8-git-send-email-alindsay@codeaurora.org
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
target/arm/cpu.h | 22 +++++++++++++++++++---
14
target/arm/internals.h | 7 +++++++
15
target/arm/cpu.c | 16 ++++++++++++++++
16
target/arm/helper.c | 14 ++++++++------
17
target/arm/op_helper.c | 8 ++++++++
18
5 files changed, 58 insertions(+), 9 deletions(-)
19
20
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
21
index XXXXXXX..XXXXXXX 100644
22
--- a/target/arm/cpu.h
23
+++ b/target/arm/cpu.h
24
@@ -XXX,XX +XXX,XX @@ struct ARMCPU {
25
*/
26
bool cfgend;
27
28
+ QLIST_HEAD(, ARMELChangeHook) pre_el_change_hooks;
29
QLIST_HEAD(, ARMELChangeHook) el_change_hooks;
30
31
int32_t node_id; /* NUMA node this CPU belongs to */
32
@@ -XXX,XX +XXX,XX @@ static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs)
33
#endif
34
35
/**
36
- * arm_register_el_change_hook:
37
- * Register a hook function which will be called back whenever this
38
+ * arm_register_pre_el_change_hook:
39
+ * Register a hook function which will be called immediately before this
40
* CPU changes exception level or mode. The hook function will be
41
* passed a pointer to the ARMCPU and the opaque data pointer passed
42
* to this function when the hook was registered.
43
+ *
44
+ * Note that if a pre-change hook is called, any registered post-change hooks
45
+ * are guaranteed to subsequently be called.
46
*/
47
-void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
48
+void arm_register_pre_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
49
void *opaque);
50
+/**
51
+ * arm_register_el_change_hook:
52
+ * Register a hook function which will be called immediately after this
53
+ * CPU changes exception level or mode. The hook function will be
54
+ * passed a pointer to the ARMCPU and the opaque data pointer passed
55
+ * to this function when the hook was registered.
56
+ *
57
+ * Note that any registered hooks registered here are guaranteed to be called
58
+ * if pre-change hooks have been.
59
+ */
60
+void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook, void
61
+ *opaque);
62
63
/**
64
* aa32_vfp_dreg:
65
diff --git a/target/arm/internals.h b/target/arm/internals.h
66
index XXXXXXX..XXXXXXX 100644
67
--- a/target/arm/internals.h
68
+++ b/target/arm/internals.h
69
@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
70
MemTxResult response, uintptr_t retaddr);
71
72
/* Call any registered EL change hooks */
73
+static inline void arm_call_pre_el_change_hook(ARMCPU *cpu)
74
+{
75
+ ARMELChangeHook *hook, *next;
76
+ QLIST_FOREACH_SAFE(hook, &cpu->pre_el_change_hooks, node, next) {
77
+ hook->hook(cpu, hook->opaque);
78
+ }
79
+}
80
static inline void arm_call_el_change_hook(ARMCPU *cpu)
81
{
82
ARMELChangeHook *hook, *next;
83
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
84
index XXXXXXX..XXXXXXX 100644
85
--- a/target/arm/cpu.c
86
+++ b/target/arm/cpu.c
87
@@ -XXX,XX +XXX,XX @@ static bool arm_cpu_has_work(CPUState *cs)
88
| CPU_INTERRUPT_EXITTB);
89
}
90
91
+void arm_register_pre_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
92
+ void *opaque)
93
+{
94
+ ARMELChangeHook *entry = g_new0(ARMELChangeHook, 1);
95
+
96
+ entry->hook = hook;
97
+ entry->opaque = opaque;
98
+
99
+ QLIST_INSERT_HEAD(&cpu->pre_el_change_hooks, entry, node);
100
+}
101
+
102
void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
103
void *opaque)
104
{
105
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_initfn(Object *obj)
106
cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal,
107
g_free, g_free);
108
109
+ QLIST_INIT(&cpu->pre_el_change_hooks);
110
QLIST_INIT(&cpu->el_change_hooks);
111
112
#ifndef CONFIG_USER_ONLY
113
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_finalizefn(Object *obj)
114
115
g_hash_table_destroy(cpu->cp_regs);
116
117
+ QLIST_FOREACH_SAFE(hook, &cpu->pre_el_change_hooks, node, next) {
118
+ QLIST_REMOVE(hook, node);
119
+ g_free(hook);
120
+ }
121
QLIST_FOREACH_SAFE(hook, &cpu->el_change_hooks, node, next) {
122
QLIST_REMOVE(hook, node);
123
g_free(hook);
124
diff --git a/target/arm/helper.c b/target/arm/helper.c
125
index XXXXXXX..XXXXXXX 100644
126
--- a/target/arm/helper.c
127
+++ b/target/arm/helper.c
128
@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_interrupt(CPUState *cs)
129
return;
130
}
131
132
+ /* Hooks may change global state so BQL should be held, also the
133
+ * BQL needs to be held for any modification of
134
+ * cs->interrupt_request.
135
+ */
136
+ g_assert(qemu_mutex_iothread_locked());
137
+
138
+ arm_call_pre_el_change_hook(cpu);
139
+
140
assert(!excp_is_internal(cs->exception_index));
141
if (arm_el_is_aa64(env, new_el)) {
142
arm_cpu_do_interrupt_aarch64(cs);
143
@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_interrupt(CPUState *cs)
144
arm_cpu_do_interrupt_aarch32(cs);
145
}
146
147
- /* Hooks may change global state so BQL should be held, also the
148
- * BQL needs to be held for any modification of
149
- * cs->interrupt_request.
150
- */
151
- g_assert(qemu_mutex_iothread_locked());
152
-
153
arm_call_el_change_hook(cpu);
154
155
if (!kvm_enabled()) {
156
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
157
index XXXXXXX..XXXXXXX 100644
158
--- a/target/arm/op_helper.c
159
+++ b/target/arm/op_helper.c
160
@@ -XXX,XX +XXX,XX @@ void HELPER(cpsr_write)(CPUARMState *env, uint32_t val, uint32_t mask)
161
/* Write the CPSR for a 32-bit exception return */
162
void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val)
163
{
164
+ qemu_mutex_lock_iothread();
165
+ arm_call_pre_el_change_hook(arm_env_get_cpu(env));
166
+ qemu_mutex_unlock_iothread();
167
+
168
cpsr_write(env, val, CPSR_ERET_MASK, CPSRWriteExceptionReturn);
169
170
/* Generated code has already stored the new PC value, but
171
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_return)(CPUARMState *env)
172
goto illegal_return;
173
}
174
175
+ qemu_mutex_lock_iothread();
176
+ arm_call_pre_el_change_hook(arm_env_get_cpu(env));
177
+ qemu_mutex_unlock_iothread();
178
+
179
if (!return_to_aa64) {
180
env->aarch64 = 0;
181
/* We do a raw CPSR write because aarch64_sync_64_to_32()
182
--
183
2.17.0
184
185
diff view generated by jsdifflib
[Qemu-devel] [PULL 11/19] target/arm: Allow EL change hooks to do IO
Deleted patch
1
From: Aaron Lindsay <alindsay@codeaurora.org>
2
1
3
During code generation, surround CPSR writes and exception returns which
4
call the EL change hooks with gen_io_start/end. The immediate need is
5
for the PMU to access the clock and icount during EL change to support
6
mode filtering.
7
8
Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
9
Message-id: 1523997485-1905-9-git-send-email-alindsay@codeaurora.org
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
target/arm/translate-a64.c | 6 ++++++
14
target/arm/translate.c | 12 ++++++++++++
15
2 files changed, 18 insertions(+)
16
17
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/translate-a64.c
20
+++ b/target/arm/translate-a64.c
21
@@ -XXX,XX +XXX,XX @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
22
unallocated_encoding(s);
23
return;
24
}
25
+ if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
26
+ gen_io_start();
27
+ }
28
gen_helper_exception_return(cpu_env);
29
+ if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
30
+ gen_io_end();
31
+ }
32
/* Must exit loop to check un-masked IRQs */
33
s->base.is_jmp = DISAS_EXIT;
34
return;
35
diff --git a/target/arm/translate.c b/target/arm/translate.c
36
index XXXXXXX..XXXXXXX 100644
37
--- a/target/arm/translate.c
38
+++ b/target/arm/translate.c
39
@@ -XXX,XX +XXX,XX @@ static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr)
40
* appropriately depending on the new Thumb bit, so it must
41
* be called after storing the new PC.
42
*/
43
+ if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
44
+ gen_io_start();
45
+ }
46
gen_helper_cpsr_write_eret(cpu_env, cpsr);
47
+ if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
48
+ gen_io_end();
49
+ }
50
tcg_temp_free_i32(cpsr);
51
/* Must exit loop to check un-masked IRQs */
52
s->base.is_jmp = DISAS_EXIT;
53
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
54
if (exc_return) {
55
/* Restore CPSR from SPSR. */
56
tmp = load_cpu_field(spsr);
57
+ if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
58
+ gen_io_start();
59
+ }
60
gen_helper_cpsr_write_eret(cpu_env, tmp);
61
+ if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
62
+ gen_io_end();
63
+ }
64
tcg_temp_free_i32(tmp);
65
/* Must exit loop to check un-masked IRQs */
66
s->base.is_jmp = DISAS_EXIT;
67
--
68
2.17.0
69
70
diff view generated by jsdifflib
[Qemu-devel] [PULL 12/19] target/arm: Fix bitmask for PMCCFILTR writes
Deleted patch
1
From: Aaron Lindsay <alindsay@codeaurora.org>
2
1
3
It was shifted to the left one bit too few.
4
5
Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Message-id: 1523997485-1905-10-git-send-email-alindsay@codeaurora.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
target/arm/helper.c | 2 +-
11
1 file changed, 1 insertion(+), 1 deletion(-)
12
13
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.c
16
+++ b/target/arm/helper.c
17
@@ -XXX,XX +XXX,XX @@ static void pmccfiltr_write(CPUARMState *env, const ARMCPRegInfo *ri,
18
uint64_t value)
19
{
20
pmccntr_sync(env);
21
- env->cp15.pmccfiltr_el0 = value & 0x7E000000;
22
+ env->cp15.pmccfiltr_el0 = value & 0xfc000000;
23
pmccntr_sync(env);
24
}
25
26
--
27
2.17.0
28
29
diff view generated by jsdifflib
[Qemu-devel] [PULL 13/19] target/arm: Make PMOVSCLR and PMUSERENR 64 bits wide
Deleted patch
1
From: Aaron Lindsay <alindsay@codeaurora.org>
2
1
3
This is a bug fix to ensure 64-bit reads of these registers don't read
4
adjacent data.
5
6
Signed-off-by: Aaron Lindsay <alindsay@codeaurora.org>
7
Message-id: 1523997485-1905-13-git-send-email-alindsay@codeaurora.org
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/cpu.h | 4 ++--
12
target/arm/helper.c | 5 +++--
13
2 files changed, 5 insertions(+), 4 deletions(-)
14
15
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/cpu.h
18
+++ b/target/arm/cpu.h
19
@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
20
uint32_t c9_data;
21
uint64_t c9_pmcr; /* performance monitor control register */
22
uint64_t c9_pmcnten; /* perf monitor counter enables */
23
- uint32_t c9_pmovsr; /* perf monitor overflow status */
24
- uint32_t c9_pmuserenr; /* perf monitor user enable */
25
+ uint64_t c9_pmovsr; /* perf monitor overflow status */
26
+ uint64_t c9_pmuserenr; /* perf monitor user enable */
27
uint64_t c9_pmselr; /* perf monitor counter selection register */
28
uint64_t c9_pminten; /* perf monitor interrupt enables */
29
union { /* Memory attribute redirection */
30
diff --git a/target/arm/helper.c b/target/arm/helper.c
31
index XXXXXXX..XXXXXXX 100644
32
--- a/target/arm/helper.c
33
+++ b/target/arm/helper.c
34
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
35
.fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten),
36
.writefn = pmcntenclr_write },
37
{ .name = "PMOVSR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 3,
38
- .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr),
39
+ .access = PL0_RW,
40
+ .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmovsr),
41
.accessfn = pmreg_access,
42
.writefn = pmovsr_write,
43
.raw_writefn = raw_write },
44
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
45
.accessfn = pmreg_access_xevcntr },
46
{ .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0,
47
.access = PL0_R | PL1_RW, .accessfn = access_tpm,
48
- .fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr),
49
+ .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmuserenr),
50
.resetvalue = 0,
51
.writefn = pmuserenr_write, .raw_writefn = raw_write },
52
{ .name = "PMUSERENR_EL0", .state = ARM_CP_STATE_AA64,
53
--
54
2.17.0
55
56
diff view generated by jsdifflib
[Qemu-devel] [PULL 14/19] hw/arm/raspi: Don't bother setting default_cpu_type
Deleted patch
1
In commit 210f47840dd62, we changed the bcm2836 SoC object to
2
always create a CPU of the correct type for that SoC model. This
3
makes the default_cpu_type settings in the MachineClass structs
4
for the raspi2 and raspi3 boards redundant. We didn't change
5
those at the time because it would have meant a temporary
6
regression in a corner case of error handling if the user
7
requested a non-existing CPU type. The -cpu parse handling
8
changes in 2278b93941d42c3 mean that it no longer implicitly
9
depends on default_cpu_type for this to work, so we can now
10
delete the redundant default_cpu_type fields.
11
1
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
14
Message-id: 20180420155547.9497-1-peter.maydell@linaro.org
15
---
16
hw/arm/raspi.c | 2 --
17
1 file changed, 2 deletions(-)
18
19
diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/arm/raspi.c
22
+++ b/hw/arm/raspi.c
23
@@ -XXX,XX +XXX,XX @@ static void raspi2_machine_init(MachineClass *mc)
24
mc->no_parallel = 1;
25
mc->no_floppy = 1;
26
mc->no_cdrom = 1;
27
- mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a7");
28
mc->max_cpus = BCM283X_NCPUS;
29
mc->min_cpus = BCM283X_NCPUS;
30
mc->default_cpus = BCM283X_NCPUS;
31
@@ -XXX,XX +XXX,XX @@ static void raspi3_machine_init(MachineClass *mc)
32
mc->no_parallel = 1;
33
mc->no_floppy = 1;
34
mc->no_cdrom = 1;
35
- mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");
36
mc->max_cpus = BCM283X_NCPUS;
37
mc->min_cpus = BCM283X_NCPUS;
38
mc->default_cpus = BCM283X_NCPUS;
39
--
40
2.17.0
41
42
diff view generated by jsdifflib
[Qemu-devel] [PULL 15/19] hw/arm/highbank: don't make sysram 'nomigrate'
Deleted patch
1
Currently we use memory_region_init_ram_nomigrate() to create
2
the "highbank.sysram" memory region, and we don't manually
3
register it with vmstate_register_ram(). This currently
4
means that its contents are migrated but as a ram block
5
whose name is the empty string; in future it may mean they
6
are not migrated at all. Use memory_region_init_ram() instead.
7
1
8
Note that this is a cross-version migration compatibility
9
break for the "highbank" and "midway" machines.
10
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Message-id: 20180420124835.7268-2-peter.maydell@linaro.org
13
---
14
hw/arm/highbank.c | 2 +-
15
1 file changed, 1 insertion(+), 1 deletion(-)
16
17
diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
18
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/arm/highbank.c
20
+++ b/hw/arm/highbank.c
21
@@ -XXX,XX +XXX,XX @@ static void calxeda_init(MachineState *machine, enum cxmachines machine_id)
22
memory_region_add_subregion(sysmem, 0, dram);
23
24
sysram = g_new(MemoryRegion, 1);
25
- memory_region_init_ram_nomigrate(sysram, NULL, "highbank.sysram", 0x8000,
26
+ memory_region_init_ram(sysram, NULL, "highbank.sysram", 0x8000,
27
&error_fatal);
28
memory_region_add_subregion(sysmem, 0xfff88000, sysram);
29
if (bios_name != NULL) {
30
--
31
2.17.0
32
33
diff view generated by jsdifflib
[Qemu-devel] [PULL 16/19] hw/arm/aspeed: don't make 'boot_rom' region 'nomigrate'
Deleted patch
1
Currently we use memory_region_init_ram_nomigrate() to create
2
the "aspeed.boot_rom" memory region, and we don't manually
3
register it with vmstate_register_ram(). This currently
4
means that its contents are migrated but as a ram block
5
whose name is the empty string; in future it may mean they
6
are not migrated at all. Use memory_region_init_ram() instead.
7
1
8
Note that would be a cross-version migration compatibility break
9
for the "palmetto-bmc", "ast2500-evb" and "romulus-bmc" machines,
10
but migration is currently broken for them.
11
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Cédric Le Goater <clg@kaod.org>
14
Tested-by: Cédric Le Goater <clg@kaod.org>
15
Message-id: 20180420124835.7268-3-peter.maydell@linaro.org
16
---
17
hw/arm/aspeed.c | 2 +-
18
1 file changed, 1 insertion(+), 1 deletion(-)
19
20
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
21
index XXXXXXX..XXXXXXX 100644
22
--- a/hw/arm/aspeed.c
23
+++ b/hw/arm/aspeed.c
24
@@ -XXX,XX +XXX,XX @@ static void aspeed_board_init(MachineState *machine,
25
* SoC and 128MB for the AST2500 SoC, which is twice as big as
26
* needed by the flash modules of the Aspeed machines.
27
*/
28
- memory_region_init_rom_nomigrate(boot_rom, OBJECT(bmc), "aspeed.boot_rom",
29
+ memory_region_init_rom(boot_rom, OBJECT(bmc), "aspeed.boot_rom",
30
fl->size, &error_abort);
31
memory_region_add_subregion(get_system_memory(), FIRMWARE_ADDR,
32
boot_rom);
33
--
34
2.17.0
35
36
diff view generated by jsdifflib
[Qemu-devel] [PULL 17/19] hw/arm/aspeed_soc: don't use vmstate_register_ram_global for SRAM
Deleted patch
1
Currently we use vmstate_register_ram_global() for the SRAM;
2
this is not a good idea for devices, because it means that
3
you can only ever create one instance of the device, as
4
the second instance would get a RAM block name clash.
5
Instead, use memory_region_init_ram(), which automatically
6
registers the RAM block with a local-to-the-device name.
7
1
8
Note that this would be a cross-version migration compatibility break
9
for the "palmetto-bmc", "ast2500-evb" and "romulus-bmc" machines,
10
but migration is currently broken for them.
11
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Cédric Le Goater <clg@kaod.org>
14
Tested-by: Cédric Le Goater <clg@kaod.org>
15
Message-id: 20180420124835.7268-4-peter.maydell@linaro.org
16
---
17
hw/arm/aspeed_soc.c | 3 +--
18
1 file changed, 1 insertion(+), 2 deletions(-)
19
20
diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
21
index XXXXXXX..XXXXXXX 100644
22
--- a/hw/arm/aspeed_soc.c
23
+++ b/hw/arm/aspeed_soc.c
24
@@ -XXX,XX +XXX,XX @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp)
25
}
26
27
/* SRAM */
28
- memory_region_init_ram_nomigrate(&s->sram, OBJECT(dev), "aspeed.sram",
29
+ memory_region_init_ram(&s->sram, OBJECT(dev), "aspeed.sram",
30
sc->info->sram_size, &err);
31
if (err) {
32
error_propagate(errp, err);
33
return;
34
}
35
- vmstate_register_ram_global(&s->sram);
36
memory_region_add_subregion(get_system_memory(), ASPEED_SOC_SRAM_BASE,
37
&s->sram);
38
39
--
40
2.17.0
41
42
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.