target-arm queue: Eric's SMMUv3 patchset, and an array

of minor bugfixes and improvements from various others.

The following changes since commit c8b7e627b4269a3bc3ae41d9f420547a47e6d9b9:

Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2018-05-04' into staging (2018-05-04 14:42:46 +0100)

git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180504

for you to fetch changes up to 5680740c92993e9b3f3e011f2a2c394070e33f56:

hw/arm/virt: Introduce the iommu option (2018-05-04 18:05:52 +0100)

* Emulate the SMMUv3 (IOMMU); one will be created in the 'virt' board

if the commandline includes "-machine iommu=smmuv3"

* target/arm: Implement v8M VLLDM and VLSTM

* hw/arm: Don't fail qtest due to missing SD card in -nodefaults mode

* Some fixes to silence Coverity false-positives

* arm: boot: set boot_info starting from first_cpu

(fixes a technical bug not visible in practice)

* hw/net/smc91c111: Convert away from old_mmio

* hw/usb/tusb6010: Convert away from old_mmio

* hw/char/cmsdk-apb-uart.c: Accept more input after character read

* target/arm: Make MPUIR write-ignored on OMAP, StrongARM

* hw/arm/virt: Add linux,pci-domain property

Eric Auger (11):

hw/arm/smmu-common: smmu base device and datatypes

hw/arm/smmu-common: IOMMU memory region and address space setup

hw/arm/smmu-common: VMSAv8-64 page table walk

hw/arm/smmuv3: Wired IRQ and GERROR helpers

hw/arm/smmuv3: Queue helpers

hw/arm/smmuv3: Implement MMIO write operations

hw/arm/smmuv3: Event queue recording helper

hw/arm/smmuv3: Implement translate callback

hw/arm/smmuv3: Abort on vfio or vhost case

target/arm/kvm: Translate the MSI doorbell in kvm_arch_fixup_msi_route

hw/arm/virt: Introduce the iommu option

Igor Mammedov (1):

arm: boot: set boot_info starting from first_cpu

Jan Kiszka (1):

hw/arm/virt: Add linux,pci-domain property

Mathew Maidment (1):

target/arm: Correct MPUIR privilege level in register_cp_regs_for_features() conditional case

Patrick Oppenlander (1):

hw/char/cmsdk-apb-uart.c: Accept more input after character read

Peter Maydell (3):

hw/usb/tusb6010: Convert away from old_mmio

hw/net/smc91c111: Convert away from old_mmio

target/arm: Implement v8M VLLDM and VLSTM

From: Eric Auger <eric.auger@redhat.com>

At the moment, the SMMUv3 does not support notification on

TLB invalidation. So let's log an error as soon as such notifier

gets enabled.

Signed-off-by: Eric Auger <eric.auger@redhat.com>

hw/arm/smmuv3.c | 11 +++++++++++

1 file changed, 11 insertions(+)

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c

--- a/hw/arm/smmuv3.c

+++ b/hw/arm/smmuv3.c

@@ -XXX,XX +XXX,XX @@ static void smmuv3_class_init(ObjectClass *klass, void *data)

dc->realize = smmu_realize;

+static void smmuv3_notify_flag_changed(IOMMUMemoryRegion *iommu,

+ IOMMUNotifierFlag old,

+ IOMMUNotifierFlag new)

+ if (old == IOMMU_NOTIFIER_NONE) {

+ warn_report("SMMUV3 does not support vhost/vfio integration yet: "

+ "devices of those types will not function properly");

+ }

static void smmuv3_iommu_memory_region_class_init(ObjectClass *klass,

void *data)

IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass);

imrc->translate = smmuv3_translate;

+ imrc->notify_flag_changed = smmuv3_notify_flag_changed;

static const TypeInfo smmuv3_type_info = {

2.17.0

From: Eric Auger <eric.auger@redhat.com>

This patch implements the page table walk for VMSAv8-64.

Signed-off-by: Eric Auger <eric.auger@redhat.com>

Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>

Message-id: 1524665762-31355-4-git-send-email-eric.auger@redhat.com

hw/arm/smmu-internal.h | 99 ++++++++++++++++

include/hw/arm/smmu-common.h | 14 +++

hw/arm/smmu-common.c | 222 +++++++++++++++++++++++++++++++++++

hw/arm/trace-events | 9 +-

4 files changed, 343 insertions(+), 1 deletion(-)

create mode 100644 hw/arm/smmu-internal.h

diff --git a/hw/arm/smmu-internal.h b/hw/arm/smmu-internal.h

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/hw/arm/smmu-internal.h

@@ -XXX,XX +XXX,XX @@

+ * ARM SMMU support - Internal API

+ *

+ * Copyright (c) 2017 Red Hat, Inc.

+ * Copyright (C) 2014-2016 Broadcom Corporation

+ * Written by Prem Mallappa, Eric Auger

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License version 2 as

+ * published by the Free Software Foundation.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+ * General Public License for more details.

+ *

+ * You should have received a copy of the GNU General Public License along

+ * with this program; if not, see <http://www.gnu.org/licenses/>.

+

+#ifndef HW_ARM_SMMU_INTERNAL_H

+#define HW_ARM_SMMU_INTERNAL_H

+

+#define TBI0(tbi) ((tbi) & 0x1)

+#define TBI1(tbi) ((tbi) & 0x2 >> 1)

+

+/* PTE Manipulation */

+

+#define ARM_LPAE_PTE_TYPE_SHIFT 0

+#define ARM_LPAE_PTE_TYPE_MASK 0x3

+

+#define ARM_LPAE_PTE_TYPE_BLOCK 1

+#define ARM_LPAE_PTE_TYPE_TABLE 3

+

+#define ARM_LPAE_L3_PTE_TYPE_RESERVED 1

+#define ARM_LPAE_L3_PTE_TYPE_PAGE 3

+

+#define ARM_LPAE_PTE_VALID (1 << 0)

+

+#define PTE_ADDRESS(pte, shift) \

+ (extract64(pte, shift, 47 - shift + 1) << shift)

+

+#define is_invalid_pte(pte) (!(pte & ARM_LPAE_PTE_VALID))

+

+#define is_reserved_pte(pte, level) \

+ ((level == 3) && \

+ ((pte & ARM_LPAE_PTE_TYPE_MASK) == ARM_LPAE_L3_PTE_TYPE_RESERVED))

+

+#define is_block_pte(pte, level) \

+ ((level < 3) && \

+ ((pte & ARM_LPAE_PTE_TYPE_MASK) == ARM_LPAE_PTE_TYPE_BLOCK))

+

+#define is_table_pte(pte, level) \

+ ((level < 3) && \

+ ((pte & ARM_LPAE_PTE_TYPE_MASK) == ARM_LPAE_PTE_TYPE_TABLE))

+

+#define is_page_pte(pte, level) \

+ ((level == 3) && \

+ ((pte & ARM_LPAE_PTE_TYPE_MASK) == ARM_LPAE_L3_PTE_TYPE_PAGE))

+

+/* access permissions */

+

+#define PTE_AP(pte) \

+ (extract64(pte, 6, 2))

+

+#define PTE_APTABLE(pte) \

+ (extract64(pte, 61, 2))

+

+/*

+ * TODO: At the moment all transactions are considered as privileged (EL1)

+ * as IOMMU translation callback does not pass user/priv attributes.

+ */

+#define is_permission_fault(ap, perm) \

+ (((perm) & IOMMU_WO) && ((ap) & 0x2))

+

+#define PTE_AP_TO_PERM(ap) \

+ (IOMMU_ACCESS_FLAG(true, !((ap) & 0x2)))

+

+/* Level Indexing */

+

+static inline int level_shift(int level, int granule_sz)

+ return granule_sz + (3 - level) * (granule_sz - 3);

+static inline uint64_t level_page_mask(int level, int granule_sz)

+{

+ return ~(MAKE_64BIT_MASK(0, level_shift(level, granule_sz)));

+}

+

+static inline

+uint64_t iova_level_offset(uint64_t iova, int inputsize,

+ int level, int gsz)

+{

+ return ((iova & MAKE_64BIT_MASK(0, inputsize)) >> level_shift(level, gsz)) &

+ MAKE_64BIT_MASK(0, gsz - 3);

+}

+

+#endif

diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h

--- a/include/hw/arm/smmu-common.h

+++ b/include/hw/arm/smmu-common.h

@@ -XXX,XX +XXX,XX @@ static inline uint16_t smmu_get_sid(SMMUDevice *sdev)

return PCI_BUILD_BDF(pci_bus_num(sdev->bus), sdev->devfn);

}

+

+/**

+ * smmu_ptw - Perform the page table walk for a given iova / access flags

+ * pair, according to @cfg translation config

+ */

+int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,

+ IOMMUTLBEntry *tlbe, SMMUPTWEventInfo *info);

+

+/**

+ * select_tt - compute which translation table shall be used according to

+ * the input iova and translation config and return the TT specific info

+ */

+SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova);

+

#endif /* HW_ARM_SMMU_COMMON */

diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/smmu-common.c

+++ b/hw/arm/smmu-common.c

@@ -XXX,XX +XXX,XX @@

#include "qemu/error-report.h"

#include "hw/arm/smmu-common.h"

+#include "smmu-internal.h"

+

+/* VMSAv8-64 Translation */

+

+/**

+ * get_pte - Get the content of a page table entry located at

+ * @base_addr[@index]

+ */

+static int get_pte(dma_addr_t baseaddr, uint32_t index, uint64_t *pte,

+ SMMUPTWEventInfo *info)

+{

+ int ret;

+ dma_addr_t addr = baseaddr + index * sizeof(*pte);

+

+ /* TODO: guarantee 64-bit single-copy atomicity */

+ ret = dma_memory_read(&address_space_memory, addr,

+ (uint8_t *)pte, sizeof(*pte));

+

+ if (ret != MEMTX_OK) {

+ info->type = SMMU_PTW_ERR_WALK_EABT;

+ info->addr = addr;

+ return -EINVAL;

+ }

+ trace_smmu_get_pte(baseaddr, index, addr, *pte);

+ return 0;

+}

+

+/* VMSAv8-64 Translation Table Format Descriptor Decoding */

+

+/**

+ * get_page_pte_address - returns the L3 descriptor output address,

+ * ie. the page frame

+ * ARM ARM spec: Figure D4-17 VMSAv8-64 level 3 descriptor format

+ */

+static inline hwaddr get_page_pte_address(uint64_t pte, int granule_sz)

+{

+ return PTE_ADDRESS(pte, granule_sz);

+}

+

+/**

+ * get_table_pte_address - return table descriptor output address,

+ * ie. address of next level table

+ * ARM ARM Figure D4-16 VMSAv8-64 level0, level1, and level 2 descriptor formats

+ */

+static inline hwaddr get_table_pte_address(uint64_t pte, int granule_sz)

+{

+ return PTE_ADDRESS(pte, granule_sz);

+}

+

+/**

+ * get_block_pte_address - return block descriptor output address and block size

+ * ARM ARM Figure D4-16 VMSAv8-64 level0, level1, and level 2 descriptor formats

+ */

+static inline hwaddr get_block_pte_address(uint64_t pte, int level,

+ int granule_sz, uint64_t *bsz)

+{

+ int n = (granule_sz - 3) * (4 - level) + 3;

+

+ *bsz = 1 << n;

+ return PTE_ADDRESS(pte, n);

+}

+

+SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova)

+{

+ bool tbi = extract64(iova, 55, 1) ? TBI1(cfg->tbi) : TBI0(cfg->tbi);

+ uint8_t tbi_byte = tbi * 8;

+

+ if (cfg->tt[0].tsz &&

+ !extract64(iova, 64 - cfg->tt[0].tsz, cfg->tt[0].tsz - tbi_byte)) {

+ /* there is a ttbr0 region and we are in it (high bits all zero) */

+ return &cfg->tt[0];

+ } else if (cfg->tt[1].tsz &&

+ !extract64(iova, 64 - cfg->tt[1].tsz, cfg->tt[1].tsz - tbi_byte)) {

+ /* there is a ttbr1 region and we are in it (high bits all one) */

+ return &cfg->tt[1];

+ } else if (!cfg->tt[0].tsz) {

+ /* ttbr0 region is "everything not in the ttbr1 region" */

+ return &cfg->tt[0];

+ } else if (!cfg->tt[1].tsz) {

+ /* ttbr1 region is "everything not in the ttbr0 region" */

+ return &cfg->tt[1];

+ }

+ /* in the gap between the two regions, this is a Translation fault */

+ return NULL;

+}

+

+/**

+ * smmu_ptw_64 - VMSAv8-64 Walk of the page tables for a given IOVA

+ * @cfg: translation config

+ * @iova: iova to translate

+ * @perm: access type

+ * @tlbe: IOMMUTLBEntry (out)

+ * @info: handle to an error info

+ *

+ * Return 0 on success, < 0 on error. In case of error, @info is filled

+ * and tlbe->perm is set to IOMMU_NONE.

+ * Upon success, @tlbe is filled with translated_addr and entry

+ * permission rights.

+ */

+static int smmu_ptw_64(SMMUTransCfg *cfg,

+ dma_addr_t iova, IOMMUAccessFlags perm,

+ IOMMUTLBEntry *tlbe, SMMUPTWEventInfo *info)

+{

+ dma_addr_t baseaddr, indexmask;

+ int stage = cfg->stage;

+ SMMUTransTableInfo *tt = select_tt(cfg, iova);

+ uint8_t level, granule_sz, inputsize, stride;

+

+ if (!tt || tt->disabled) {

+ info->type = SMMU_PTW_ERR_TRANSLATION;

+ goto error;

+ }

+

+ granule_sz = tt->granule_sz;

+ stride = granule_sz - 3;

+ inputsize = 64 - tt->tsz;

+ level = 4 - (inputsize - 4) / stride;

+ indexmask = (1ULL << (inputsize - (stride * (4 - level)))) - 1;

+ baseaddr = extract64(tt->ttb, 0, 48);

+ baseaddr &= ~indexmask;

+

+ tlbe->iova = iova;

+ tlbe->addr_mask = (1 << granule_sz) - 1;

+

+ while (level <= 3) {

+ uint64_t subpage_size = 1ULL << level_shift(level, granule_sz);

+ uint64_t mask = subpage_size - 1;

+ uint32_t offset = iova_level_offset(iova, inputsize, level, granule_sz);

+ uint64_t pte;

+ dma_addr_t pte_addr = baseaddr + offset * sizeof(pte);

+ uint8_t ap;

+

+ if (get_pte(baseaddr, offset, &pte, info)) {

+ goto error;

+ }

+ trace_smmu_ptw_level(level, iova, subpage_size,

+ baseaddr, offset, pte);

+

+ if (is_invalid_pte(pte) || is_reserved_pte(pte, level)) {

+ trace_smmu_ptw_invalid_pte(stage, level, baseaddr,

+ pte_addr, offset, pte);

+ info->type = SMMU_PTW_ERR_TRANSLATION;

+ goto error;

+ }

+

+ if (is_page_pte(pte, level)) {

+ uint64_t gpa = get_page_pte_address(pte, granule_sz);

+

+ ap = PTE_AP(pte);

+ if (is_permission_fault(ap, perm)) {

+ info->type = SMMU_PTW_ERR_PERMISSION;

+ goto error;

+ }

+

+ tlbe->translated_addr = gpa + (iova & mask);

+ tlbe->perm = PTE_AP_TO_PERM(ap);

+ trace_smmu_ptw_page_pte(stage, level, iova,

+ baseaddr, pte_addr, pte, gpa);

+ return 0;

+ }

+ if (is_block_pte(pte, level)) {

+ uint64_t block_size;

+ hwaddr gpa = get_block_pte_address(pte, level, granule_sz,

+ &block_size);

+

+ ap = PTE_AP(pte);

+ if (is_permission_fault(ap, perm)) {

+ info->type = SMMU_PTW_ERR_PERMISSION;

+ goto error;

+ }

+

+ trace_smmu_ptw_block_pte(stage, level, baseaddr,

+ pte_addr, pte, iova, gpa,

+ block_size >> 20);

+

+ tlbe->translated_addr = gpa + (iova & mask);

+ tlbe->perm = PTE_AP_TO_PERM(ap);

+ return 0;

+ }

+

+ /* table pte */

+ ap = PTE_APTABLE(pte);

+

+ if (is_permission_fault(ap, perm)) {

+ info->type = SMMU_PTW_ERR_PERMISSION;

+ goto error;

+ }

+ baseaddr = get_table_pte_address(pte, granule_sz);

+ level++;

+ }

+

+ info->type = SMMU_PTW_ERR_TRANSLATION;

+

+error:

+ tlbe->perm = IOMMU_NONE;

+ return -EINVAL;

+}

+

+/**

+ * smmu_ptw - Walk the page tables for an IOVA, according to @cfg

+ *

+ * @cfg: translation configuration

+ * @iova: iova to translate

+ * @perm: tentative access type

+ * @tlbe: returned entry

+ * @info: ptw event handle

+ *

+ * return 0 on success

+ */

+inline int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,

+ IOMMUTLBEntry *tlbe, SMMUPTWEventInfo *info)

+{

+ if (!cfg->aa64) {

+ /*

+ * This code path is not entered as we check this while decoding

+ * the configuration data in the derived SMMU model.

+ */

+ g_assert_not_reached();

+ }

+

+ return smmu_ptw_64(cfg, iova, perm, tlbe, info);

+}

/**

* The bus number is used for lookup when SID based invalidation occurs.

diff --git a/hw/arm/trace-events b/hw/arm/trace-events

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/trace-events

+++ b/hw/arm/trace-events

@@ -XXX,XX +XXX,XX @@

virt_acpi_setup(void) "No fw cfg or ACPI disabled. Bailing out."

# hw/arm/smmu-common.c

-smmu_add_mr(const char *name) "%s"

\ No newline at end of file

+smmu_add_mr(const char *name) "%s"

+smmu_page_walk(int stage, uint64_t baseaddr, int first_level, uint64_t start, uint64_t end) "stage=%d, baseaddr=0x%"PRIx64", first level=%d, start=0x%"PRIx64", end=0x%"PRIx64

+smmu_lookup_table(int level, uint64_t baseaddr, int granule_sz, uint64_t start, uint64_t end, int flags, uint64_t subpage_size) "level=%d baseaddr=0x%"PRIx64" granule=%d, start=0x%"PRIx64" end=0x%"PRIx64" flags=%d subpage_size=0x%"PRIx64

+smmu_ptw_level(int level, uint64_t iova, size_t subpage_size, uint64_t baseaddr, uint32_t offset, uint64_t pte) "level=%d iova=0x%"PRIx64" subpage_sz=0x%lx baseaddr=0x%"PRIx64" offset=%d => pte=0x%"PRIx64

+smmu_ptw_invalid_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr, uint32_t offset, uint64_t pte) "stage=%d level=%d base@=0x%"PRIx64" pte@=0x%"PRIx64" offset=%d pte=0x%"PRIx64

+smmu_ptw_page_pte(int stage, int level, uint64_t iova, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t address) "stage=%d level=%d iova=0x%"PRIx64" base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" page address = 0x%"PRIx64

+smmu_ptw_block_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t iova, uint64_t gpa, int bsize_mb) "stage=%d level=%d base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" iova=0x%"PRIx64" block address = 0x%"PRIx64" block size = %d MiB"

+smmu_get_pte(uint64_t baseaddr, int index, uint64_t pteaddr, uint64_t pte) "baseaddr=0x%"PRIx64" index=0x%x, pteaddr=0x%"PRIx64", pte=0x%"PRIx64

2.17.0

From: Eric Auger <eric.auger@redhat.com>

Now we have relevant helpers for queue and irq

management, let's implement MMIO write operations.

Signed-off-by: Eric Auger <eric.auger@redhat.com>

Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>

hw/arm/smmuv3-internal.h | 8 +-

hw/arm/smmuv3.c | 170 +++++++++++++++++++++++++++++++++++++--

hw/arm/trace-events | 6 ++

3 files changed, 174 insertions(+), 10 deletions(-)

diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h

--- a/hw/arm/smmuv3-internal.h

+++ b/hw/arm/smmuv3-internal.h

@@ -XXX,XX +XXX,XX @@ REG32(CR0, 0x20)

FIELD(CR0, EVENTQEN, 2, 1)

FIELD(CR0, CMDQEN, 3, 1)

+#define SMMU_CR0_RESERVED 0xFFFFFC20

+

REG32(CR0ACK, 0x24)

REG32(CR1, 0x28)

REG32(CR2, 0x2c)

@@ -XXX,XX +XXX,XX @@ static inline bool smmuv3_gerror_irq_enabled(SMMUv3State *s)

return FIELD_EX32(s->irq_ctrl, IRQ_CTRL, GERROR_IRQEN);

}

-/* public until callers get introduced */

-void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq, uint32_t gerror_mask);

-void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t gerrorn);

-

/* Queue Handling */

#define Q_BASE(q) ((q)->base & SMMU_BASE_ADDR_MASK)

@@ -XXX,XX +XXX,XX @@ enum { /* Command completion notification */

addr; \

})

-int smmuv3_cmdq_consume(SMMUv3State *s);

+#define SMMU_FEATURE_2LVL_STE (1 << 0)

#endif

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/smmuv3.c

+++ b/hw/arm/smmuv3.c

@@ -XXX,XX +XXX,XX @@

* @irq: irq type

* @gerror_mask: mask of gerrors to toggle (relevant if @irq is GERROR)

*/

-void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq, uint32_t gerror_mask)

+static void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq,

+ uint32_t gerror_mask)

{

bool pulse = false;

@@ -XXX,XX +XXX,XX @@ void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq, uint32_t gerror_mask)

-void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t new_gerrorn)

+static void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t new_gerrorn)

uint32_t pending = s->gerror ^ s->gerrorn;

uint32_t toggled = s->gerrorn ^ new_gerrorn;

@@ -XXX,XX +XXX,XX @@ static void smmuv3_init_regs(SMMUv3State *s)

s->sid_split = 0;

-int smmuv3_cmdq_consume(SMMUv3State *s)

+static int smmuv3_cmdq_consume(SMMUv3State *s)

SMMUCmdError cmd_error = SMMU_CERROR_NONE;

SMMUQueue *q = &s->cmdq;

@@ -XXX,XX +XXX,XX @@ int smmuv3_cmdq_consume(SMMUv3State *s)

return 0;

2.17.0

Path analysis shows that size == 3 && !is_q has been eliminated.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

Message-id: 20180501180455.11214-3-richard.henderson@linaro.org

target/arm/translate-a64.c | 6 +++++-

1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static void disas_simd_two_reg_misc(DisasContext *s, uint32_t insn)

/* All 64-bit element operations can be shared with scalar 2misc */

int pass;

- for (pass = 0; pass < (is_q ? 2 : 1); pass++) {

+ /* Coverity claims (size == 3 && !is_q) has been eliminated

+ * from all paths leading to here.

+ */

+ tcg_debug_assert(is_q);

+ for (pass = 0; pass < 2; pass++) {

TCGv_i64 tcg_op = tcg_temp_new_i64();

TCGv_i64 tcg_res = tcg_temp_new_i64();

2.17.0

From: Prem Mallappa <prem.mallappa@broadcom.com>

This patch implements a skeleton for the smmuv3 device.

Datatypes and register definitions are introduced. The MMIO

region, the interrupts and the queue are initialized.

Only the MMIO read operation is implemented here.

Signed-off-by: Prem Mallappa <prem.mallappa@broadcom.com>

Signed-off-by: Eric Auger <eric.auger@redhat.com>

hw/arm/Makefile.objs | 2 +-

hw/arm/smmuv3-internal.h | 142 +++++++++++++++

include/hw/arm/smmuv3.h | 87 ++++++++++

hw/arm/smmuv3.c | 366 +++++++++++++++++++++++++++++++++++++++

hw/arm/trace-events | 3 +

5 files changed, 599 insertions(+), 1 deletion(-)

create mode 100644 hw/arm/smmuv3-internal.h

create mode 100644 include/hw/arm/smmuv3.h

create mode 100644 hw/arm/smmuv3.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs

--- a/hw/arm/Makefile.objs

+++ b/hw/arm/Makefile.objs

@@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_MPS2) += mps2-tz.o

obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o

obj-$(CONFIG_IOTKIT) += iotkit.o

obj-$(CONFIG_FSL_IMX7) += fsl-imx7.o mcimx7d-sabre.o

-obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o

+obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o smmuv3.o

diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/hw/arm/smmuv3-internal.h

@@ -XXX,XX +XXX,XX @@

+/*

+ * ARM SMMUv3 support - Internal API

+ *

+ * Copyright (C) 2014-2016 Broadcom Corporation

+ * Copyright (c) 2017 Red Hat, Inc.

+ * Written by Prem Mallappa, Eric Auger

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License version 2 as

+ * published by the Free Software Foundation.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+ * GNU General Public License for more details.

+ *

+ * You should have received a copy of the GNU General Public License along

+ * with this program; if not, see <http://www.gnu.org/licenses/>.

+ */

+

+#ifndef HW_ARM_SMMU_V3_INTERNAL_H

+#define HW_ARM_SMMU_V3_INTERNAL_H

+

+#include "hw/arm/smmu-common.h"

+

+/* MMIO Registers */

+

+REG32(IDR0, 0x0)

+ FIELD(IDR0, S1P, 1 , 1)

+ FIELD(IDR0, TTF, 2 , 2)

+ FIELD(IDR0, COHACC, 4 , 1)

+ FIELD(IDR0, ASID16, 12, 1)

+ FIELD(IDR0, TTENDIAN, 21, 2)

+ FIELD(IDR0, STALL_MODEL, 24, 2)

+ FIELD(IDR0, TERM_MODEL, 26, 1)

+ FIELD(IDR0, STLEVEL, 27, 2)

+

+REG32(IDR1, 0x4)

+ FIELD(IDR1, SIDSIZE, 0 , 6)

+ FIELD(IDR1, EVENTQS, 16, 5)

+ FIELD(IDR1, CMDQS, 21, 5)

+

+#define SMMU_IDR1_SIDSIZE 16

+#define SMMU_CMDQS 19

+#define SMMU_EVENTQS 19

+

+REG32(IDR2, 0x8)

+REG32(IDR3, 0xc)

+REG32(IDR4, 0x10)

+REG32(IDR5, 0x14)

+ FIELD(IDR5, OAS, 0, 3);

+ FIELD(IDR5, GRAN4K, 4, 1);

+ FIELD(IDR5, GRAN16K, 5, 1);

+ FIELD(IDR5, GRAN64K, 6, 1);

+

+#define SMMU_IDR5_OAS 4

+

+REG32(IIDR, 0x1c)

+REG32(CR0, 0x20)

+ FIELD(CR0, SMMU_ENABLE, 0, 1)

+ FIELD(CR0, EVENTQEN, 2, 1)

+ FIELD(CR0, CMDQEN, 3, 1)

+

+REG32(CR0ACK, 0x24)

+REG32(CR1, 0x28)

+REG32(CR2, 0x2c)

+REG32(STATUSR, 0x40)

+REG32(IRQ_CTRL, 0x50)

+ FIELD(IRQ_CTRL, GERROR_IRQEN, 0, 1)

+ FIELD(IRQ_CTRL, PRI_IRQEN, 1, 1)

+ FIELD(IRQ_CTRL, EVENTQ_IRQEN, 2, 1)

+

+REG32(IRQ_CTRL_ACK, 0x54)

+REG32(GERROR, 0x60)

+ FIELD(GERROR, CMDQ_ERR, 0, 1)

+ FIELD(GERROR, EVENTQ_ABT_ERR, 2, 1)

+ FIELD(GERROR, PRIQ_ABT_ERR, 3, 1)

+ FIELD(GERROR, MSI_CMDQ_ABT_ERR, 4, 1)

+ FIELD(GERROR, MSI_EVENTQ_ABT_ERR, 5, 1)

+ FIELD(GERROR, MSI_PRIQ_ABT_ERR, 6, 1)

+ FIELD(GERROR, MSI_GERROR_ABT_ERR, 7, 1)

+ FIELD(GERROR, MSI_SFM_ERR, 8, 1)

+

+REG32(GERRORN, 0x64)

+

+#define A_GERROR_IRQ_CFG0 0x68 /* 64b */

+REG32(GERROR_IRQ_CFG1, 0x70)

+REG32(GERROR_IRQ_CFG2, 0x74)

+

+#define A_STRTAB_BASE 0x80 /* 64b */

+

+#define SMMU_BASE_ADDR_MASK 0xffffffffffe0

+

+REG32(STRTAB_BASE_CFG, 0x88)

+ FIELD(STRTAB_BASE_CFG, FMT, 16, 2)

+ FIELD(STRTAB_BASE_CFG, SPLIT, 6 , 5)

+ FIELD(STRTAB_BASE_CFG, LOG2SIZE, 0 , 6)

+

+#define A_CMDQ_BASE 0x90 /* 64b */

+REG32(CMDQ_PROD, 0x98)

+REG32(CMDQ_CONS, 0x9c)

+ FIELD(CMDQ_CONS, ERR, 24, 7)

+

+#define A_EVENTQ_BASE 0xa0 /* 64b */

+REG32(EVENTQ_PROD, 0xa8)

+REG32(EVENTQ_CONS, 0xac)

+

+#define A_EVENTQ_IRQ_CFG0 0xb0 /* 64b */

+REG32(EVENTQ_IRQ_CFG1, 0xb8)

+REG32(EVENTQ_IRQ_CFG2, 0xbc)

+

+#define A_IDREGS 0xfd0

+

+static inline int smmu_enabled(SMMUv3State *s)

+ return FIELD_EX32(s->cr[0], CR0, SMMU_ENABLE);

+}

+

+/* Command Queue Entry */

+typedef struct Cmd {

+ uint32_t word[4];

+} Cmd;

+

+/* Event Queue Entry */

+typedef struct Evt {

+ uint32_t word[8];

+} Evt;

+

+static inline uint32_t smmuv3_idreg(int regoffset)

+{

+ /*

+ * Return the value of the Primecell/Corelink ID registers at the

+ * specified offset from the first ID register.

+ * These value indicate an ARM implementation of MMU600 p1

+ */

+ static const uint8_t smmuv3_ids[] = {

+ 0x04, 0, 0, 0, 0x84, 0xB4, 0xF0, 0x10, 0x0D, 0xF0, 0x05, 0xB1

+ };

+ return smmuv3_ids[regoffset / 4];

+}

+

+#endif

diff --git a/include/hw/arm/smmuv3.h b/include/hw/arm/smmuv3.h

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/include/hw/arm/smmuv3.h