[Qemu-devel] [PULL 0/8] target-arm queue
[Qemu-devel] [PULL 00/25] target-arm queue
1
target-arm queue: a smallish set of patches for rc1 tomorrow.
1
Some more outstanding target-arm patches; nothing terribly
2
I've included the tcg patches because RTH has no others that
2
exciting. Mostly they're mine; I'm trying to reduce the
3
would merit a pullreq.
3
number of patches I still have in flight, so I've picked
4
4
out some of the reviewed patches from a couple of sets I've
5
I haven't included Thomas Huth's 17-patch set to deal with
5
sent out and will resend v2 versions of those sets with the
6
the introspection crashes, to give that a little more time
6
remaining patches with fixes for issues noted in review once
7
on-list for review.
7
this is in master.
8
8
9
thanks
9
thanks
10
-- PMM
10
-- PMM
11
11
12
The following changes since commit 102ad0a80f5110483efd06877c29c4236be267f9:
13
12
14
Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2018-07-16' into staging (2018-07-16 15:34:38 +0100)
13
The following changes since commit adaec191bfb31e12d40af8ab1b869f5b40d61ee9:
14
15
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging (2018-08-20 09:48:03 +0100)
15
16
16
are available in the Git repository at:
17
are available in the Git repository at:
17
18
18
git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180716
19
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180820
19
20
20
for you to fetch changes up to 3474c98a2a2afcefa7c665f02ad2bed2a43ab0f7:
21
for you to fetch changes up to b85fad1588e812566f897f747e38da345a7016d6:
21
22
22
accel/tcg: Assert that tlb fill gave us a valid TLB entry (2018-07-16 17:26:01 +0100)
23
hw/dma/pl080: Remove hw_error() if DMA is enabled (2018-08-20 11:24:33 +0100)
23
24
24
----------------------------------------------------------------
25
----------------------------------------------------------------
25
target-arm queue:
26
target-arm queue:
26
* accel/tcg: Use correct test when looking in victim TLB for code
27
* Fix crash on conditional instruction in an IT block
27
* bcm2835_aux: Swap RX and TX interrupt assignments
28
* docs/generic-loader: mention U-Boot and Intel HEX executable formats
28
* hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
29
* hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset
29
* hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
30
* imx_serial: Generate interrupt on receive data ready if enabled
30
* hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
31
* Fix various minor bugs in AArch32 Hyp related coprocessor registers
31
* aspeed: Implement write-1-{set, clear} for AST2500 strapping
32
* Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
32
* target/arm: Fix LD1W and LDFF1W (scalar plus vector)
33
* Implement AArch32 ERET instruction
34
* hw/arm/virt: Add virt-3.1 machine type
35
* sdhci: add i.MX SD Stable Clock bit
36
* Remove now-obsolete MMIO request_ptr APIs
37
* hw/timer/m48t59: Move away from old_mmio accessors
38
* hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module
39
* nvic: Expose NMI line
40
* hw/dma/pl080: cleanups and new features required for use in MPS boards
33
41
34
----------------------------------------------------------------
42
----------------------------------------------------------------
35
Andrew Jeffery (1):
43
Andrew Jones (1):
36
aspeed: Implement write-1-{set, clear} for AST2500 strapping
44
hw/arm/virt: Add virt-3.1 machine type
37
45
38
Guenter Roeck (1):
46
Hans-Erik Floryd (2):
39
bcm2835_aux: Swap RX and TX interrupt assignments
47
imx_serial: Generate interrupt on receive data ready if enabled
48
sdhci: add i.MX SD Stable Clock bit
40
49
41
Peter Maydell (4):
50
Jia He (1):
42
hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
51
hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset
43
hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
44
accel/tcg: Use correct test when looking in victim TLB for code
45
accel/tcg: Assert that tlb fill gave us a valid TLB entry
46
52
47
Richard Henderson (1):
53
Peter Maydell (19):
48
target/arm: Fix LD1W and LDFF1W (scalar plus vector)
54
target/arm: Correct typo in HAMAIR1 regdef name
55
target/arm: Add missing .cp = 15 to HMAIR1 and HAMAIR1 regdefs
56
target/arm: Implement AArch32 HVBAR
57
target/arm: Implement AArch32 Hyp FARs
58
target/arm: Implement ESR_EL2/HSR for AArch32 and no-EL2
59
target/arm: Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
60
target/arm: Implement AArch32 ERET instruction
61
hw/ssi/xilinx_spips: Remove unneeded MMIO request_ptr code
62
memory: Remove MMIO request_ptr APIs
63
hw/misc: Remove mmio_interface device
64
hw/timer/m48t59: Move away from old_mmio accessors
65
hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module
66
nvic: Expose NMI line
67
hw/dma/pl080: Allow use as embedded-struct device
68
hw/dma/pl080: Support all three interrupt lines
69
hw/dma/pl080: Don't use CPU address space for DMA accesses
70
hw/dma/pl080: Provide device reset function
71
hw/dma/pl080: Correct bug in register address decode logic
72
hw/dma/pl080: Remove hw_error() if DMA is enabled
49
73
50
Thomas Huth (1):
74
Roman Kapl (1):
51
hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
75
target/arm: Fix crash on conditional instruction in an IT block
52
76
53
include/hw/misc/aspeed_scu.h | 2 ++
77
Stefan Hajnoczi (1):
54
accel/tcg/cputlb.c | 6 +++---
78
docs/generic-loader: mention U-Boot and Intel HEX executable formats
55
hw/arm/bcm2836.c | 2 ++
56
hw/char/bcm2835_aux.c | 4 ++--
57
hw/intc/arm_gic.c | 22 +++++++++++++++++++---
58
hw/misc/aspeed_scu.c | 19 +++++++++++++++++--
59
target/arm/sve_helper.c | 4 ++--
60
7 files changed, 47 insertions(+), 12 deletions(-)
61
79
80
docs/generic-loader.txt | 20 +-
81
Makefile.objs | 1 +
82
hw/misc/Makefile.objs | 1 -
83
hw/watchdog/Makefile.objs | 1 +
84
hw/sd/sdhci-internal.h | 2 +
85
include/exec/memory.h | 35 ----
86
include/hw/char/imx_serial.h | 1 +
87
include/hw/dma/pl080.h | 71 +++++++
88
include/hw/misc/mmio_interface.h | 49 -----
89
include/hw/watchdog/cmsdk-apb-watchdog.h | 59 ++++++
90
hw/arm/armv7m.c | 1 +
91
hw/arm/realview.c | 8 +-
92
hw/arm/versatilepb.c | 9 +-
93
hw/arm/virt.c | 23 ++-
94
hw/char/imx_serial.c | 3 +-
95
hw/dma/pl080.c | 113 ++++++-----
96
hw/intc/arm_gicv3_its_kvm.c | 2 +-
97
hw/intc/armv7m_nvic.c | 19 ++
98
hw/misc/mmio_interface.c | 135 -------------
99
hw/sd/sdhci.c | 8 +
100
hw/ssi/xilinx_spips.c | 46 -----
101
hw/timer/m48t59.c | 59 ++----
102
hw/watchdog/cmsdk-apb-watchdog.c | 326 +++++++++++++++++++++++++++++++
103
memory.c | 110 -----------
104
target/arm/helper.c | 36 +++-
105
target/arm/op_helper.c | 22 +--
106
target/arm/translate.c | 76 +++++--
107
MAINTAINERS | 3 +
108
default-configs/arm-softmmu.mak | 1 +
109
hw/intc/trace-events | 1 +
110
hw/watchdog/trace-events | 6 +
111
31 files changed, 717 insertions(+), 530 deletions(-)
112
create mode 100644 include/hw/dma/pl080.h
113
delete mode 100644 include/hw/misc/mmio_interface.h
114
create mode 100644 include/hw/watchdog/cmsdk-apb-watchdog.h
115
delete mode 100644 hw/misc/mmio_interface.c
116
create mode 100644 hw/watchdog/cmsdk-apb-watchdog.c
117
create mode 100644 hw/watchdog/trace-events
118
diff view generated by jsdifflib
[Qemu-devel] [PULL 5/8] hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
[Qemu-devel] [PULL 01/25] target/arm: Fix crash on conditional instruction in an IT block
1
From: Thomas Huth <thuth@redhat.com>
1
From: Roman Kapl <rka@sysgo.com>
2
2
3
These devices are currently causing some problems when a user is trying
3
If an instruction is conditional (like CBZ) and it is executed
4
to hot-plug or introspect them during runtime. Since these devices can
4
conditionally (using the ITx instruction), a jump to an undefined
5
not be instantiated by the user at all (they need to be wired up in code
5
label is generated, and QEMU crashes.
6
instead), we should mark them with user_creatable = false anyway, then we
7
avoid at least the crashes with the hot-plugging. The introspection problem
8
will be handled by a separate patch.
9
6
10
Signed-off-by: Thomas Huth <thuth@redhat.com>
7
CBZ in IT block is an UNPREDICTABLE behavior, but we should not
11
Message-id: 1531415537-26037-1-git-send-email-thuth@redhat.com
8
crash. Honouring the condition code is allowed by the spec in this
9
case (constrained unpredictable, ARMv8, section K1.1.7), and matches
10
what we do for other "UNPREDICTABLE inside an IT block" instructions.
11
12
Fix the 'skip on condition' code to create a new label only if it
13
does not already exist. Previously multiple labels were created, but
14
only the last one of them was set.
15
16
Signed-off-by: Roman Kapl <rka@sysgo.com>
17
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
18
Message-id: 20180816120533.6587-1-rka@sysgo.com
19
[PMM: fixed ^ 1 being applied to wrong argument, fixed typo]
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
20
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Markus Armbruster <armbru@redhat.com>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
21
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
---
22
---
16
hw/arm/bcm2836.c | 2 ++
23
target/arm/translate.c | 35 +++++++++++++++++++++--------------
17
1 file changed, 2 insertions(+)
24
1 file changed, 21 insertions(+), 14 deletions(-)
18
25
19
diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
26
diff --git a/target/arm/translate.c b/target/arm/translate.c
20
index XXXXXXX..XXXXXXX 100644
27
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/arm/bcm2836.c
28
--- a/target/arm/translate.c
22
+++ b/hw/arm/bcm2836.c
29
+++ b/target/arm/translate.c
23
@@ -XXX,XX +XXX,XX @@ static void bcm283x_class_init(ObjectClass *oc, void *data)
30
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
24
bc->info = data;
31
s->base.is_jmp = DISAS_UPDATE;
25
dc->realize = bcm2836_realize;
26
dc->props = bcm2836_props;
27
+ /* Reason: Must be wired up in code (see raspi_init() function) */
28
+ dc->user_creatable = false;
29
}
32
}
30
33
31
static const TypeInfo bcm283x_type_info = {
34
+/* Generate a label used for skipping this instruction */
35
+static void arm_gen_condlabel(DisasContext *s)
36
+{
37
+ if (!s->condjmp) {
38
+ s->condlabel = gen_new_label();
39
+ s->condjmp = 1;
40
+ }
41
+}
42
+
43
+/* Skip this instruction if the ARM condition is false */
44
+static void arm_skip_unless(DisasContext *s, uint32_t cond)
45
+{
46
+ arm_gen_condlabel(s);
47
+ arm_gen_test_cc(cond ^ 1, s->condlabel);
48
+}
49
+
50
static void disas_arm_insn(DisasContext *s, unsigned int insn)
51
{
52
unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
53
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
54
if (cond != 0xe) {
55
/* if not always execute, we generate a conditional jump to
56
next instruction */
57
- s->condlabel = gen_new_label();
58
- arm_gen_test_cc(cond ^ 1, s->condlabel);
59
- s->condjmp = 1;
60
+ arm_skip_unless(s, cond);
61
}
62
if ((insn & 0x0f900000) == 0x03000000) {
63
if ((insn & (1 << 21)) == 0) {
64
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
65
/* Conditional branch. */
66
op = (insn >> 22) & 0xf;
67
/* Generate a conditional jump to next instruction. */
68
- s->condlabel = gen_new_label();
69
- arm_gen_test_cc(op ^ 1, s->condlabel);
70
- s->condjmp = 1;
71
+ arm_skip_unless(s, op);
72
73
/* offset[11:1] = insn[10:0] */
74
offset = (insn & 0x7ff) << 1;
75
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
76
case 1: case 3: case 9: case 11: /* czb */
77
rm = insn & 7;
78
tmp = load_reg(s, rm);
79
- s->condlabel = gen_new_label();
80
- s->condjmp = 1;
81
+ arm_gen_condlabel(s);
82
if (insn & (1 << 11))
83
tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
84
else
85
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
86
break;
87
}
88
/* generate a conditional jump to next instruction */
89
- s->condlabel = gen_new_label();
90
- arm_gen_test_cc(cond ^ 1, s->condlabel);
91
- s->condjmp = 1;
92
+ arm_skip_unless(s, cond);
93
94
/* jump to the offset */
95
val = (uint32_t)s->pc + 2;
96
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
97
uint32_t cond = dc->condexec_cond;
98
99
if (cond != 0x0e) { /* Skip conditional when condition is AL. */
100
- dc->condlabel = gen_new_label();
101
- arm_gen_test_cc(cond ^ 1, dc->condlabel);
102
- dc->condjmp = 1;
103
+ arm_skip_unless(dc, cond);
104
}
105
}
106
32
--
107
--
33
2.17.1
108
2.18.0
34
109
35
110
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 02/25] docs/generic-loader: mention U-Boot and Intel HEX executable formats
1
From: Stefan Hajnoczi <stefanha@redhat.com>
1
2
3
The generic loader device supports the U-Boot and Intel HEX executable
4
formats in addition to the document raw and ELF formats. Reword the
5
documentation to include these formats and explain how various options
6
depend on the executable format.
7
8
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
10
Message-id: 20180816145554.9814-1-stefanha@redhat.com
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
14
docs/generic-loader.txt | 20 ++++++++++----------
15
1 file changed, 10 insertions(+), 10 deletions(-)
16
17
diff --git a/docs/generic-loader.txt b/docs/generic-loader.txt
18
index XXXXXXX..XXXXXXX 100644
19
--- a/docs/generic-loader.txt
20
+++ b/docs/generic-loader.txt
21
@@ -XXX,XX +XXX,XX @@ An example of setting CPU 0's PC to 0x8000 is:
22
23
Loading Files
24
-------------
25
-The loader device also allows files to be loaded into memory. It can load raw
26
-files and ELF executable files. Raw files are loaded verbatim. ELF executable
27
-files are loaded by an ELF loader. The syntax is shown below:
28
+The loader device also allows files to be loaded into memory. It can load ELF,
29
+U-Boot, and Intel HEX executable formats as well as raw images. The syntax is
30
+shown below:
31
32
-device loader,file=<file>[,addr=<addr>][,cpu-num=<cpu-num>][,force-raw=<raw>]
33
34
<file> - A file to be loaded into memory
35
- <addr> - The addr in memory that the file should be loaded. This is
36
- ignored if you are using an ELF (unless force-raw is true).
37
- This is required if you aren't loading an ELF.
38
+ <addr> - The memory address where the file should be loaded. This is
39
+ required for raw images and ignored for non-raw files.
40
<cpu-num> - This specifies the CPU that should be used. This is an
41
optional argument and will cause the CPU's PC to be set to
42
- where the image is stored or in the case of an ELF file to
43
- the value in the header. This option should only be used
44
- for the boot image.
45
+ the memory address where the raw file is loaded or the entry
46
+ point specified in the executable format header. This option
47
+ should only be used for the boot image.
48
This will also cause the image to be written to the specified
49
CPU's address space. If not specified, the default is CPU 0.
50
<force-raw> - Setting force-raw=on forces the file to be treated as a raw
51
- image. This can be used to load ELF files as if they were raw.
52
+ image. This can be used to load supported executable formats
53
+ as if they were raw.
54
55
All values are parsed using the standard QemuOps parsing. This allows the user
56
to specify any values in any format supported. By default the values
57
--
58
2.18.0
59
60
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 03/25] hw/intc/arm_gicv3_its: downgrade error_report to warn_report in kvm_arm_its_reset
1
From: Jia He <hejianet@gmail.com>
1
2
3
In scripts/arch-run.bash of kvm-unit-tests, it will check the qemu
4
output log with:
5
if [ -z "$(echo "$errors" | grep -vi warning)" ]; then
6
7
Thus without the warning prefix, all of the test fail.
8
9
Since it is not unrecoverable error in kvm_arm_its_reset for
10
current implementation, downgrading the report from error to
11
warn makes sense.
12
13
Signed-off-by: Jia He <jia.he@hxt-semitech.com>
14
Message-id: 1531969910-32843-1-git-send-email-jia.he@hxt-semitech.com
15
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
---
18
hw/intc/arm_gicv3_its_kvm.c | 2 +-
19
1 file changed, 1 insertion(+), 1 deletion(-)
20
21
diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c
22
index XXXXXXX..XXXXXXX 100644
23
--- a/hw/intc/arm_gicv3_its_kvm.c
24
+++ b/hw/intc/arm_gicv3_its_kvm.c
25
@@ -XXX,XX +XXX,XX @@ static void kvm_arm_its_reset(DeviceState *dev)
26
return;
27
}
28
29
- error_report("ITS KVM: full reset is not supported by the host kernel");
30
+ warn_report("ITS KVM: full reset is not supported by the host kernel");
31
32
if (!kvm_device_check_attr(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_ITS_REGS,
33
GITS_CTLR)) {
34
--
35
2.18.0
36
37
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 04/25] imx_serial: Generate interrupt on receive data ready if enabled
1
From: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com>
1
2
3
Generate an interrupt if USR2_RDR and UCR4_DREN are both set.
4
5
Signed-off-by: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com>
6
Message-id: 1534341354-11956-1-git-send-email-hans-erik.floryd@rt-labs.com
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
include/hw/char/imx_serial.h | 1 +
11
hw/char/imx_serial.c | 3 ++-
12
2 files changed, 3 insertions(+), 1 deletion(-)
13
14
diff --git a/include/hw/char/imx_serial.h b/include/hw/char/imx_serial.h
15
index XXXXXXX..XXXXXXX 100644
16
--- a/include/hw/char/imx_serial.h
17
+++ b/include/hw/char/imx_serial.h
18
@@ -XXX,XX +XXX,XX @@
19
#define UCR2_RXEN (1<<1) /* Receiver enable */
20
#define UCR2_SRST (1<<0) /* Reset complete */
21
22
+#define UCR4_DREN BIT(0) /* Receive Data Ready interrupt enable */
23
#define UCR4_TCEN BIT(3) /* TX complete interrupt enable */
24
25
#define UTS1_TXEMPTY (1<<6)
26
diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c
27
index XXXXXXX..XXXXXXX 100644
28
--- a/hw/char/imx_serial.c
29
+++ b/hw/char/imx_serial.c
30
@@ -XXX,XX +XXX,XX @@ static void imx_update(IMXSerialState *s)
31
mask = (s->ucr1 & UCR1_TXMPTYEN) ? USR2_TXFE : 0;
32
/*
33
* TCEN and TXDC are both bit 3
34
+ * RDR and DREN are both bit 0
35
*/
36
- mask |= s->ucr4 & UCR4_TCEN;
37
+ mask |= s->ucr4 & (UCR4_TCEN | UCR4_DREN);
38
39
usr2 = s->usr2 & mask;
40
41
--
42
2.18.0
43
44
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 05/25] target/arm: Correct typo in HAMAIR1 regdef name
1
We implement the HAMAIR1 register as RAZ/WI; we had a typo in the
2
regdef, though, and were incorrectly naming it HMAIR1 (which is
3
a different register which we also implement as RAZ/WI).
1
4
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
7
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
8
Message-id: 20180814124254.5229-2-peter.maydell@linaro.org
9
---
10
target/arm/helper.c | 4 ++--
11
1 file changed, 2 insertions(+), 2 deletions(-)
12
13
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.c
16
+++ b/target/arm/helper.c
17
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
18
.opc0 = 3, .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 0,
19
.access = PL2_RW, .type = ARM_CP_CONST,
20
.resetvalue = 0 },
21
- { .name = "HMAIR1", .state = ARM_CP_STATE_AA32,
22
+ { .name = "HAMAIR1", .state = ARM_CP_STATE_AA32,
23
.opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
24
.access = PL2_RW, .type = ARM_CP_CONST,
25
.resetvalue = 0 },
26
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
27
.access = PL2_RW, .type = ARM_CP_CONST,
28
.resetvalue = 0 },
29
/* HAMAIR1 is mapped to AMAIR_EL2[63:32] */
30
- { .name = "HMAIR1", .state = ARM_CP_STATE_AA32,
31
+ { .name = "HAMAIR1", .state = ARM_CP_STATE_AA32,
32
.opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
33
.access = PL2_RW, .type = ARM_CP_CONST,
34
.resetvalue = 0 },
35
--
36
2.18.0
37
38
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 06/25] target/arm: Add missing .cp = 15 to HMAIR1 and HAMAIR1 regdefs
1
ARMCPRegInfo structs will default to .cp = 15 if they
2
are ARM_CP_STATE_BOTH, but not if they are ARM_CP_STATE_AA32
3
(because a coprocessor number of 0 is valid for AArch32).
4
We forgot to explicitly set .cp = 15 for the HMAIR1 and
5
HAMAIR1 regdefs, which meant they would UNDEF when the guest
6
tried to access them under cp15.
1
7
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
10
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
11
Message-id: 20180814124254.5229-3-peter.maydell@linaro.org
12
---
13
target/arm/helper.c | 8 ++++----
14
1 file changed, 4 insertions(+), 4 deletions(-)
15
16
diff --git a/target/arm/helper.c b/target/arm/helper.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/helper.c
19
+++ b/target/arm/helper.c
20
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
21
.access = PL2_RW, .type = ARM_CP_CONST,
22
.resetvalue = 0 },
23
{ .name = "HMAIR1", .state = ARM_CP_STATE_AA32,
24
- .opc1 = 4, .crn = 10, .crm = 2, .opc2 = 1,
25
+ .cp = 15, .opc1 = 4, .crn = 10, .crm = 2, .opc2 = 1,
26
.access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
27
{ .name = "AMAIR_EL2", .state = ARM_CP_STATE_BOTH,
28
.opc0 = 3, .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 0,
29
.access = PL2_RW, .type = ARM_CP_CONST,
30
.resetvalue = 0 },
31
{ .name = "HAMAIR1", .state = ARM_CP_STATE_AA32,
32
- .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
33
+ .cp = 15, .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
34
.access = PL2_RW, .type = ARM_CP_CONST,
35
.resetvalue = 0 },
36
{ .name = "AFSR0_EL2", .state = ARM_CP_STATE_BOTH,
37
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
38
.access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.mair_el[2]),
39
.resetvalue = 0 },
40
{ .name = "HMAIR1", .state = ARM_CP_STATE_AA32,
41
- .opc1 = 4, .crn = 10, .crm = 2, .opc2 = 1,
42
+ .cp = 15, .opc1 = 4, .crn = 10, .crm = 2, .opc2 = 1,
43
.access = PL2_RW, .type = ARM_CP_ALIAS,
44
.fieldoffset = offsetofhigh32(CPUARMState, cp15.mair_el[2]) },
45
{ .name = "AMAIR_EL2", .state = ARM_CP_STATE_BOTH,
46
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
47
.resetvalue = 0 },
48
/* HAMAIR1 is mapped to AMAIR_EL2[63:32] */
49
{ .name = "HAMAIR1", .state = ARM_CP_STATE_AA32,
50
- .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
51
+ .cp = 15, .opc1 = 4, .crn = 10, .crm = 3, .opc2 = 1,
52
.access = PL2_RW, .type = ARM_CP_CONST,
53
.resetvalue = 0 },
54
{ .name = "AFSR0_EL2", .state = ARM_CP_STATE_BOTH,
55
--
56
2.18.0
57
58
diff view generated by jsdifflib
[Qemu-devel] [PULL 8/8] accel/tcg: Assert that tlb fill gave us a valid TLB entry
[Qemu-devel] [PULL 07/25] target/arm: Implement AArch32 HVBAR
1
In commit 4b1a3e1e34ad97 we added a check for whether the TLB entry
1
Implement the AArch32 HVBAR register; we can do this just by
2
we had following a tlb_fill had the INVALID bit set. This could
2
making the existing VBAR_EL2 regdefs be STATE_BOTH.
3
happen in some circumstances because a stale or wrong TLB entry was
4
pulled out of the victim cache. However, after commit
5
68fea038553039e (which prevents stale entries being in the victim
6
cache) and the previous commit (which ensures we don't incorrectly
7
hit in the victim cache)) this should never be possible.
8
9
Drop the check on TLB_INVALID_MASK from the "is this a TLB_RECHECK?"
10
condition, and instead assert that the tlb fill procedure has given
11
us a valid TLB entry (or longjumped out with a guest exception).
12
3
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
15
Message-id: 20180713141636.18665-3-peter.maydell@linaro.org
6
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
7
Message-id: 20180814124254.5229-5-peter.maydell@linaro.org
16
---
8
---
17
accel/tcg/cputlb.c | 4 ++--
9
target/arm/helper.c | 4 ++--
18
1 file changed, 2 insertions(+), 2 deletions(-)
10
1 file changed, 2 insertions(+), 2 deletions(-)
19
11
20
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
12
diff --git a/target/arm/helper.c b/target/arm/helper.c
21
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
22
--- a/accel/tcg/cputlb.c
14
--- a/target/arm/helper.c
23
+++ b/accel/tcg/cputlb.c
15
+++ b/target/arm/helper.c
24
@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
16
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
25
if (!VICTIM_TLB_HIT(addr_code, addr)) {
17
26
tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
18
/* Used to describe the behaviour of EL2 regs when EL2 does not exist. */
27
}
19
static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
28
+ assert(tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr));
20
- { .name = "VBAR_EL2", .state = ARM_CP_STATE_AA64,
29
}
21
+ { .name = "VBAR_EL2", .state = ARM_CP_STATE_BOTH,
30
22
.opc0 = 3, .opc1 = 4, .crn = 12, .crm = 0, .opc2 = 0,
31
- if (unlikely((env->tlb_table[mmu_idx][index].addr_code &
23
.access = PL2_RW,
32
- (TLB_RECHECK | TLB_INVALID_MASK)) == TLB_RECHECK)) {
24
.readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore },
33
+ if (unlikely(env->tlb_table[mmu_idx][index].addr_code & TLB_RECHECK)) {
25
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
34
/*
26
.opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 0,
35
* This is a TLB_RECHECK access, where the MMU protection
27
.access = PL2_RW,
36
* covers a smaller range than a target page, and we must
28
.fieldoffset = offsetof(CPUARMState, banked_spsr[BANK_HYP]) },
29
- { .name = "VBAR_EL2", .state = ARM_CP_STATE_AA64,
30
+ { .name = "VBAR_EL2", .state = ARM_CP_STATE_BOTH,
31
.opc0 = 3, .opc1 = 4, .crn = 12, .crm = 0, .opc2 = 0,
32
.access = PL2_RW, .writefn = vbar_write,
33
.fieldoffset = offsetof(CPUARMState, cp15.vbar_el[2]),
37
--
34
--
38
2.17.1
35
2.18.0
39
36
40
37
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 08/25] target/arm: Implement AArch32 Hyp FARs
1
The AArch32 virtualization extensions support these fault address
2
registers:
3
* HDFAR: aliased with AArch64 FAR_EL2[31:0] and AArch32 DFAR(S)
4
* HIFAR: aliased with AArch64 FAR_EL2[63:32] and AArch32 IFAR(S)
1
5
6
Implement the accessors for these. This fixes in passing a bug
7
where we weren't implementing the "RES0 from EL3 if EL2 not
8
implemented" behaviour for AArch64 FAR_EL2.
9
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
12
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
13
Message-id: 20180814124254.5229-7-peter.maydell@linaro.org
14
---
15
target/arm/helper.c | 14 +++++++++++++-
16
1 file changed, 13 insertions(+), 1 deletion(-)
17
18
diff --git a/target/arm/helper.c b/target/arm/helper.c
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/helper.c
21
+++ b/target/arm/helper.c
22
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
23
{ .name = "HSTR_EL2", .state = ARM_CP_STATE_BOTH,
24
.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 3,
25
.access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
26
+ { .name = "FAR_EL2", .state = ARM_CP_STATE_BOTH,
27
+ .opc0 = 3, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 0,
28
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
29
+ { .name = "HIFAR", .state = ARM_CP_STATE_AA32,
30
+ .type = ARM_CP_CONST,
31
+ .cp = 15, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 2,
32
+ .access = PL2_RW, .resetvalue = 0 },
33
REGINFO_SENTINEL
34
};
35
36
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
37
{ .name = "ESR_EL2", .state = ARM_CP_STATE_AA64,
38
.opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0,
39
.access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.esr_el[2]) },
40
- { .name = "FAR_EL2", .state = ARM_CP_STATE_AA64,
41
+ { .name = "FAR_EL2", .state = ARM_CP_STATE_BOTH,
42
.opc0 = 3, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 0,
43
.access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.far_el[2]) },
44
+ { .name = "HIFAR", .state = ARM_CP_STATE_AA32,
45
+ .type = ARM_CP_ALIAS,
46
+ .cp = 15, .opc1 = 4, .crn = 6, .crm = 0, .opc2 = 2,
47
+ .access = PL2_RW,
48
+ .fieldoffset = offsetofhigh32(CPUARMState, cp15.far_el[2]) },
49
{ .name = "SPSR_EL2", .state = ARM_CP_STATE_AA64,
50
.type = ARM_CP_ALIAS,
51
.opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 0,
52
--
53
2.18.0
54
55
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 09/25] target/arm: Implement ESR_EL2/HSR for AArch32 and no-EL2
1
The AArch32 HSR is the equivalent of AArch64 ESR_EL2;
2
we can implement it by marking our existing ESR_EL2 regdef
3
as STATE_BOTH. It also needs to be "RES0 from EL3 if
4
EL2 not implemented", so add the missing stanza to
5
el3_no_el2_cp_reginfo.
1
6
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
9
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
10
Message-id: 20180814124254.5229-8-peter.maydell@linaro.org
11
---
12
target/arm/helper.c | 6 +++++-
13
1 file changed, 5 insertions(+), 1 deletion(-)
14
15
diff --git a/target/arm/helper.c b/target/arm/helper.c
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/helper.c
18
+++ b/target/arm/helper.c
19
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
20
.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
21
.access = PL2_RW,
22
.readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore },
23
+ { .name = "ESR_EL2", .state = ARM_CP_STATE_BOTH,
24
+ .opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0,
25
+ .access = PL2_RW,
26
+ .type = ARM_CP_CONST, .resetvalue = 0 },
27
{ .name = "CPTR_EL2", .state = ARM_CP_STATE_BOTH,
28
.opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 2,
29
.access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
30
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
31
.opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 1,
32
.access = PL2_RW,
33
.fieldoffset = offsetof(CPUARMState, elr_el[2]) },
34
- { .name = "ESR_EL2", .state = ARM_CP_STATE_AA64,
35
+ { .name = "ESR_EL2", .state = ARM_CP_STATE_BOTH,
36
.opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0,
37
.access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.esr_el[2]) },
38
{ .name = "FAR_EL2", .state = ARM_CP_STATE_BOTH,
39
--
40
2.18.0
41
42
diff view generated by jsdifflib
[Qemu-devel] [PULL 7/8] accel/tcg: Use correct test when looking in victim TLB for code
[Qemu-devel] [PULL 10/25] target/arm: Permit accesses to ELR_Hyp from Hyp mode via MSR/MRS (banked)
1
In get_page_addr_code(), we were incorrectly looking in the victim
1
The MSR (banked) and MRS (banked) instructions allow accesses to ELR_Hyp
2
TLB for an entry which matched the target address for reads, not
2
from either Monitor or Hyp mode. Our translate time check
3
for code accesses. This meant that we could hit on a victim TLB
3
was overly strict and only permitted access from Monitor mode.
4
entry that indicated that the address was readable but not
4
5
executable, and incorrectly bypass the call to tlb_fill() which
5
The runtime check we do in msr_mrs_banked_exc_checks() had the
6
should generate the guest MMU exception. Fix this bug.
6
correct code in it, but never got there because of the earlier
7
"currmode == tgtmode" check. Special case ELR_Hyp.
7
8
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
10
Message-id: 20180713141636.18665-2-peter.maydell@linaro.org
11
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
12
Message-id: 20180814124254.5229-9-peter.maydell@linaro.org
11
---
13
---
12
accel/tcg/cputlb.c | 2 +-
14
target/arm/op_helper.c | 22 +++++++++++-----------
13
1 file changed, 1 insertion(+), 1 deletion(-)
15
target/arm/translate.c | 10 +++++++---
16
2 files changed, 18 insertions(+), 14 deletions(-)
14
17
15
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
18
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
16
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
17
--- a/accel/tcg/cputlb.c
20
--- a/target/arm/op_helper.c
18
+++ b/accel/tcg/cputlb.c
21
+++ b/target/arm/op_helper.c
19
@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
22
@@ -XXX,XX +XXX,XX @@ static void msr_mrs_banked_exc_checks(CPUARMState *env, uint32_t tgtmode,
20
index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
23
*/
21
mmu_idx = cpu_mmu_index(env, true);
24
int curmode = env->uncached_cpsr & CPSR_M;
22
if (unlikely(!tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr))) {
25
23
- if (!VICTIM_TLB_HIT(addr_read, addr)) {
26
+ if (regno == 17) {
24
+ if (!VICTIM_TLB_HIT(addr_code, addr)) {
27
+ /* ELR_Hyp: a special case because access from tgtmode is OK */
25
tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
28
+ if (curmode != ARM_CPU_MODE_HYP && curmode != ARM_CPU_MODE_MON) {
29
+ goto undef;
30
+ }
31
+ return;
32
+ }
33
+
34
if (curmode == tgtmode) {
35
goto undef;
36
}
37
@@ -XXX,XX +XXX,XX @@ static void msr_mrs_banked_exc_checks(CPUARMState *env, uint32_t tgtmode,
38
}
39
40
if (tgtmode == ARM_CPU_MODE_HYP) {
41
- switch (regno) {
42
- case 17: /* ELR_Hyp */
43
- if (curmode != ARM_CPU_MODE_HYP && curmode != ARM_CPU_MODE_MON) {
44
- goto undef;
45
- }
46
- break;
47
- default:
48
- if (curmode != ARM_CPU_MODE_MON) {
49
- goto undef;
50
- }
51
- break;
52
+ /* SPSR_Hyp, r13_hyp: accessible from Monitor mode only */
53
+ if (curmode != ARM_CPU_MODE_MON) {
54
+ goto undef;
26
}
55
}
27
}
56
}
57
58
diff --git a/target/arm/translate.c b/target/arm/translate.c
59
index XXXXXXX..XXXXXXX 100644
60
--- a/target/arm/translate.c
61
+++ b/target/arm/translate.c
62
@@ -XXX,XX +XXX,XX @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
63
}
64
break;
65
case ARM_CPU_MODE_HYP:
66
- /* Note that we can forbid accesses from EL2 here because they
67
- * must be from Hyp mode itself
68
+ /*
69
+ * SPSR_hyp and r13_hyp can only be accessed from Monitor mode
70
+ * (and so we can forbid accesses from EL2 or below). elr_hyp
71
+ * can be accessed also from Hyp mode, so forbid accesses from
72
+ * EL0 or EL1.
73
*/
74
- if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 3) {
75
+ if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 ||
76
+ (s->current_el < 3 && *regno != 17)) {
77
goto undef;
78
}
79
break;
28
--
80
--
29
2.17.1
81
2.18.0
30
82
31
83
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 11/25] target/arm: Implement AArch32 ERET instruction
1
ARMv7VE introduced the ERET instruction, which is necessary to
2
return from an exception taken to Hyp mode. Implement this.
3
In A32 encoding it is a completely new encoding; in T32 it
4
is an adjustment of the behaviour of the existing
5
"SUBS PC, LR, #<imm8>" instruction.
1
6
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
9
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
10
Message-id: 20180814124254.5229-10-peter.maydell@linaro.org
11
---
12
target/arm/translate.c | 31 +++++++++++++++++++++++++++++--
13
1 file changed, 29 insertions(+), 2 deletions(-)
14
15
diff --git a/target/arm/translate.c b/target/arm/translate.c
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/translate.c
18
+++ b/target/arm/translate.c
19
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
20
tcg_temp_free_i32(tmp2);
21
store_reg(s, rd, tmp);
22
break;
23
+ case 0x6: /* ERET */
24
+ if (op1 != 3) {
25
+ goto illegal_op;
26
+ }
27
+ if (!arm_dc_feature(s, ARM_FEATURE_V7VE)) {
28
+ goto illegal_op;
29
+ }
30
+ if ((insn & 0x000fff0f) != 0x0000000e) {
31
+ /* UNPREDICTABLE; we choose to UNDEF */
32
+ goto illegal_op;
33
+ }
34
+
35
+ if (s->current_el == 2) {
36
+ tmp = load_cpu_field(elr_el[2]);
37
+ } else {
38
+ tmp = load_reg(s, 14);
39
+ }
40
+ gen_exception_return(s, tmp);
41
+ break;
42
case 7:
43
{
44
int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12) << 4);
45
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
46
if (rn != 14 || rd != 15) {
47
goto illegal_op;
48
}
49
- tmp = load_reg(s, rn);
50
- tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
51
+ if (s->current_el == 2) {
52
+ /* ERET from Hyp uses ELR_Hyp, not LR */
53
+ if (insn & 0xff) {
54
+ goto illegal_op;
55
+ }
56
+ tmp = load_cpu_field(elr_el[2]);
57
+ } else {
58
+ tmp = load_reg(s, rn);
59
+ tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
60
+ }
61
gen_exception_return(s, tmp);
62
break;
63
case 6: /* MRS */
64
--
65
2.18.0
66
67
diff view generated by jsdifflib
[Qemu-devel] [PULL 6/8] bcm2835_aux: Swap RX and TX interrupt assignments
[Qemu-devel] [PULL 12/25] hw/arm/virt: Add virt-3.1 machine type
1
From: Guenter Roeck <linux@roeck-us.net>
1
From: Andrew Jones <drjones@redhat.com>
2
2
3
RX and TX interrupt bits were reversed, resulting in an endless sequence
3
Signed-off-by: Andrew Jones <drjones@redhat.com>
4
of serial interupts in the emulated system and the following repeated
4
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
5
error message when booting Linux.
6
7
serial8250: too much work for irq61
8
9
This results in a boot failure most of the time.
10
11
Qemu command line used to reproduce the problem:
12
13
    qemu-system-aarch64 -M raspi3 -m 1024 \
14
    -kernel arch/arm64/boot/Image \
15
    --append "rdinit=/sbin/init console=ttyS1,115200"
16
    -initrd rootfs.cpio \
17
    -dtb arch/arm64/boot/dts/broadcom/bcm2837-rpi-3-b.dtb \
18
    -nographic -monitor null -serial null -serial stdio
19
20
This is with arm64:defconfig. The root file system was generated using
21
buildroot.
22
23
NB that this error likely arises from an erratum in the
24
BCM2835 datasheet where the TX and RX bits were swapped
25
in the AU_MU_IER_REG description (but correct for IIR):
26
https://elinux.org/BCM2835_datasheet_errata#p12
27
28
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
29
Message-id: 1529355846-25102-1-git-send-email-linux@roeck-us.net
30
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
31
[PMM: added NB about datasheet]
32
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
33
---
7
---
34
hw/char/bcm2835_aux.c | 4 ++--
8
hw/arm/virt.c | 23 +++++++++++++++++------
35
1 file changed, 2 insertions(+), 2 deletions(-)
9
1 file changed, 17 insertions(+), 6 deletions(-)
36
10
37
diff --git a/hw/char/bcm2835_aux.c b/hw/char/bcm2835_aux.c
11
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
38
index XXXXXXX..XXXXXXX 100644
12
index XXXXXXX..XXXXXXX 100644
39
--- a/hw/char/bcm2835_aux.c
13
--- a/hw/arm/virt.c
40
+++ b/hw/char/bcm2835_aux.c
14
+++ b/hw/arm/virt.c
41
@@ -XXX,XX +XXX,XX @@
15
@@ -XXX,XX +XXX,XX @@ static void machvirt_machine_init(void)
42
#define AUX_MU_BAUD_REG 0x68
16
}
43
17
type_init(machvirt_machine_init);
44
/* bits in IER/IIR registers */
18
45
-#define TX_INT 0x1
19
-#define VIRT_COMPAT_2_12 \
46
-#define RX_INT 0x2
20
- HW_COMPAT_2_12
47
+#define RX_INT 0x1
21
-
48
+#define TX_INT 0x2
22
-static void virt_3_0_instance_init(Object *obj)
49
23
+static void virt_3_1_instance_init(Object *obj)
50
static void bcm2835_aux_update(BCM2835AuxState *s)
24
{
25
VirtMachineState *vms = VIRT_MACHINE(obj);
26
VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms);
27
@@ -XXX,XX +XXX,XX @@ static void virt_3_0_instance_init(Object *obj)
28
vms->irqmap = a15irqmap;
29
}
30
31
-static void virt_machine_3_0_options(MachineClass *mc)
32
+static void virt_machine_3_1_options(MachineClass *mc)
33
{
34
}
35
-DEFINE_VIRT_MACHINE_AS_LATEST(3, 0)
36
+DEFINE_VIRT_MACHINE_AS_LATEST(3, 1)
37
+
38
+static void virt_3_0_instance_init(Object *obj)
39
+{
40
+ virt_3_1_instance_init(obj);
41
+}
42
+
43
+static void virt_machine_3_0_options(MachineClass *mc)
44
+{
45
+ virt_machine_3_1_options(mc);
46
+}
47
+DEFINE_VIRT_MACHINE(3, 0)
48
+
49
+#define VIRT_COMPAT_2_12 \
50
+ HW_COMPAT_2_12
51
52
static void virt_2_12_instance_init(Object *obj)
51
{
53
{
52
--
54
--
53
2.17.1
55
2.18.0
54
56
55
57
diff view generated by jsdifflib
[Qemu-devel] [PULL 2/8] aspeed: Implement write-1-{set, clear} for AST2500 strapping
[Qemu-devel] [PULL 13/25] sdhci: add i.MX SD Stable Clock bit
1
From: Andrew Jeffery <andrew@aj.id.au>
1
From: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com>
2
2
3
The AST2500 SoC family changes the runtime behaviour of the hardware
3
Add the ESDHC PRSSTAT_SDSTB bit, using the value of SDHC_CLOCK_INT_STABLE.
4
strapping register (SCU70) to write-1-set/write-1-clear, with
4
Freescale recommends checking this bit when changing clock frequency.
5
write-1-clear implemented on the "read-only" SoC revision register
6
(SCU7C). For the the AST2400, the hardware strapping is
7
runtime-configured with read-modify-write semantics.
8
5
9
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
6
Signed-off-by: Hans-Erik Floryd <hans-erik.floryd@rt-labs.com>
10
Reviewed-by: Joel Stanley <joel@jms.id.au>
7
Message-id: 1534507843-4251-1-git-send-email-hans-erik.floryd@rt-labs.com
11
Message-id: 20180709143524.17480-1-andrew@aj.id.au
8
[PMM: fixed indentation]
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
11
---
14
include/hw/misc/aspeed_scu.h | 2 ++
12
hw/sd/sdhci-internal.h | 2 ++
15
hw/misc/aspeed_scu.c | 19 +++++++++++++++++--
13
hw/sd/sdhci.c | 8 ++++++++
16
2 files changed, 19 insertions(+), 2 deletions(-)
14
2 files changed, 10 insertions(+)
17
15
18
diff --git a/include/hw/misc/aspeed_scu.h b/include/hw/misc/aspeed_scu.h
16
diff --git a/hw/sd/sdhci-internal.h b/hw/sd/sdhci-internal.h
19
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
20
--- a/include/hw/misc/aspeed_scu.h
18
--- a/hw/sd/sdhci-internal.h
21
+++ b/include/hw/misc/aspeed_scu.h
19
+++ b/hw/sd/sdhci-internal.h
22
@@ -XXX,XX +XXX,XX @@ typedef struct AspeedSCUState {
20
@@ -XXX,XX +XXX,XX @@ extern const VMStateDescription sdhci_vmstate;
23
#define AST2500_A0_SILICON_REV 0x04000303U
21
#define ESDHC_CTRL_4BITBUS (0x1 << 1)
24
#define AST2500_A1_SILICON_REV 0x04010303U
22
#define ESDHC_CTRL_8BITBUS (0x2 << 1)
25
23
26
+#define ASPEED_IS_AST2500(si_rev) ((((si_rev) >> 24) & 0xff) == 0x04)
24
+#define ESDHC_PRNSTS_SDSTB (1 << 3)
27
+
25
+
28
extern bool is_supported_silicon_rev(uint32_t silicon_rev);
26
#endif
29
27
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
30
#define ASPEED_SCU_PROT_KEY 0x1688A8A8
31
diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
32
index XXXXXXX..XXXXXXX 100644
28
index XXXXXXX..XXXXXXX 100644
33
--- a/hw/misc/aspeed_scu.c
29
--- a/hw/sd/sdhci.c
34
+++ b/hw/misc/aspeed_scu.c
30
+++ b/hw/sd/sdhci.c
35
@@ -XXX,XX +XXX,XX @@ static void aspeed_scu_write(void *opaque, hwaddr offset, uint64_t data,
31
@@ -XXX,XX +XXX,XX @@ static uint64_t usdhc_read(void *opaque, hwaddr offset, unsigned size)
36
s->regs[reg] = data;
32
37
aspeed_scu_set_apb_freq(s);
38
break;
33
break;
39
-
34
40
+ case HW_STRAP1:
35
+ case SDHC_PRNSTS:
41
+ if (ASPEED_IS_AST2500(s->regs[SILICON_REV])) {
36
+ /* Add SDSTB (SD Clock Stable) bit to PRNSTS */
42
+ s->regs[HW_STRAP1] |= data;
37
+ ret = sdhci_read(opaque, offset, size) & ~ESDHC_PRNSTS_SDSTB;
43
+ return;
38
+ if (s->clkcon & SDHC_CLOCK_INT_STABLE) {
39
+ ret |= ESDHC_PRNSTS_SDSTB;
44
+ }
40
+ }
45
+ /* Jump to assignment below */
46
+ break;
41
+ break;
47
+ case SILICON_REV:
42
+
48
+ if (ASPEED_IS_AST2500(s->regs[SILICON_REV])) {
43
case ESDHC_DLL_CTRL:
49
+ s->regs[HW_STRAP1] &= ~data;
44
case ESDHC_TUNE_CTRL_STATUS:
50
+ } else {
45
case ESDHC_UNDOCUMENTED_REG27:
51
+ qemu_log_mask(LOG_GUEST_ERROR,
52
+ "%s: Write to read-only offset 0x%" HWADDR_PRIx "\n",
53
+ __func__, offset);
54
+ }
55
+ /* Avoid assignment below, we've handled everything */
56
+ return;
57
case FREQ_CNTR_EVAL:
58
case VGA_SCRATCH1 ... VGA_SCRATCH8:
59
case RNG_DATA:
60
- case SILICON_REV:
61
case FREE_CNTR4:
62
case FREE_CNTR4_EXT:
63
qemu_log_mask(LOG_GUEST_ERROR,
64
--
46
--
65
2.17.1
47
2.18.0
66
48
67
49
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 14/25] hw/ssi/xilinx_spips: Remove unneeded MMIO request_ptr code
1
We now support direct execution from MMIO regions in the
2
core memory subsystem. This means that we don't need to
3
have device-specific support for it, and we can remove
4
the request_ptr handling from the Xilinx SPIPS device.
5
(It was broken anyway due to race conditions, and disabled
6
by default.)
1
7
8
This device is the only in-tree user of this API.
9
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
12
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
13
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
14
Message-id: 20180817114619.22354-2-peter.maydell@linaro.org
15
---
16
hw/ssi/xilinx_spips.c | 46 -------------------------------------------
17
1 file changed, 46 deletions(-)
18
19
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/ssi/xilinx_spips.c
22
+++ b/hw/ssi/xilinx_spips.c
23
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps spips_ops = {
24
25
static void xilinx_qspips_invalidate_mmio_ptr(XilinxQSPIPS *q)
26
{
27
- XilinxSPIPS *s = &q->parent_obj;
28
-
29
- if ((q->mmio_execution_enabled) && (q->lqspi_cached_addr != ~0ULL)) {
30
- /* Invalidate the current mapped mmio */
31
- memory_region_invalidate_mmio_ptr(&s->mmlqspi, q->lqspi_cached_addr,
32
- LQSPI_CACHE_SIZE);
33
- }
34
-
35
q->lqspi_cached_addr = ~0ULL;
36
}
37
38
@@ -XXX,XX +XXX,XX @@ static void lqspi_load_cache(void *opaque, hwaddr addr)
39
}
40
}
41
42
-static void *lqspi_request_mmio_ptr(void *opaque, hwaddr addr, unsigned *size,
43
- unsigned *offset)
44
-{
45
- XilinxQSPIPS *q = opaque;
46
- hwaddr offset_within_the_region;
47
-
48
- if (!q->mmio_execution_enabled) {
49
- return NULL;
50
- }
51
-
52
- offset_within_the_region = addr & ~(LQSPI_CACHE_SIZE - 1);
53
- lqspi_load_cache(opaque, offset_within_the_region);
54
- *size = LQSPI_CACHE_SIZE;
55
- *offset = offset_within_the_region;
56
- return q->lqspi_buf;
57
-}
58
-
59
static uint64_t
60
lqspi_read(void *opaque, hwaddr addr, unsigned int size)
61
{
62
@@ -XXX,XX +XXX,XX @@ lqspi_read(void *opaque, hwaddr addr, unsigned int size)
63
64
static const MemoryRegionOps lqspi_ops = {
65
.read = lqspi_read,
66
- .request_ptr = lqspi_request_mmio_ptr,
67
.endianness = DEVICE_NATIVE_ENDIAN,
68
.valid = {
69
.min_access_size = 1,
70
@@ -XXX,XX +XXX,XX @@ static void xilinx_qspips_realize(DeviceState *dev, Error **errp)
71
sysbus_init_mmio(sbd, &s->mmlqspi);
72
73
q->lqspi_cached_addr = ~0ULL;
74
-
75
- /* mmio_execution breaks migration better aborting than having strange
76
- * bugs.
77
- */
78
- if (q->mmio_execution_enabled) {
79
- error_setg(&q->migration_blocker,
80
- "enabling mmio_execution breaks migration");
81
- migrate_add_blocker(q->migration_blocker, &error_fatal);
82
- }
83
}
84
85
static void xlnx_zynqmp_qspips_realize(DeviceState *dev, Error **errp)
86
@@ -XXX,XX +XXX,XX @@ static Property xilinx_zynqmp_qspips_properties[] = {
87
DEFINE_PROP_END_OF_LIST(),
88
};
89
90
-static Property xilinx_qspips_properties[] = {
91
- /* We had to turn this off for 2.10 as it is not compatible with migration.
92
- * It can be enabled but will prevent the device to be migrated.
93
- * This will go aways when a fix will be released.
94
- */
95
- DEFINE_PROP_BOOL("x-mmio-exec", XilinxQSPIPS, mmio_execution_enabled,
96
- false),
97
- DEFINE_PROP_END_OF_LIST(),
98
-};
99
-
100
static Property xilinx_spips_properties[] = {
101
DEFINE_PROP_UINT8("num-busses", XilinxSPIPS, num_busses, 1),
102
DEFINE_PROP_UINT8("num-ss-bits", XilinxSPIPS, num_cs, 4),
103
@@ -XXX,XX +XXX,XX @@ static void xilinx_qspips_class_init(ObjectClass *klass, void * data)
104
XilinxSPIPSClass *xsc = XILINX_SPIPS_CLASS(klass);
105
106
dc->realize = xilinx_qspips_realize;
107
- dc->props = xilinx_qspips_properties;
108
xsc->reg_ops = &qspips_ops;
109
xsc->rx_fifo_size = RXFF_A_Q;
110
xsc->tx_fifo_size = TXFF_A_Q;
111
--
112
2.18.0
113
114
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 15/25] memory: Remove MMIO request_ptr APIs
1
Remove the obsolete MMIO request_ptr APIs; they have no
2
users now.
1
3
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
6
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
7
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
8
Message-id: 20180817114619.22354-3-peter.maydell@linaro.org
9
---
10
include/exec/memory.h | 35 --------------
11
memory.c | 110 ------------------------------------------
12
2 files changed, 145 deletions(-)
13
14
diff --git a/include/exec/memory.h b/include/exec/memory.h
15
index XXXXXXX..XXXXXXX 100644
16
--- a/include/exec/memory.h
17
+++ b/include/exec/memory.h
18
@@ -XXX,XX +XXX,XX @@ struct MemoryRegionOps {
19
uint64_t data,
20
unsigned size,
21
MemTxAttrs attrs);
22
- /* Instruction execution pre-callback:
23
- * @addr is the address of the access relative to the @mr.
24
- * @size is the size of the area returned by the callback.
25
- * @offset is the location of the pointer inside @mr.
26
- *
27
- * Returns a pointer to a location which contains guest code.
28
- */
29
- void *(*request_ptr)(void *opaque, hwaddr addr, unsigned *size,
30
- unsigned *offset);
31
32
enum device_endian endianness;
33
/* Guest-visible constraints: */
34
@@ -XXX,XX +XXX,XX @@ void memory_global_dirty_log_stop(void);
35
void mtree_info(fprintf_function mon_printf, void *f, bool flatview,
36
bool dispatch_tree, bool owner);
37
38
-/**
39
- * memory_region_request_mmio_ptr: request a pointer to an mmio
40
- * MemoryRegion. If it is possible map a RAM MemoryRegion with this pointer.
41
- * When the device wants to invalidate the pointer it will call
42
- * memory_region_invalidate_mmio_ptr.
43
- *
44
- * @mr: #MemoryRegion to check
45
- * @addr: address within that region
46
- *
47
- * Returns true on success, false otherwise.
48
- */
49
-bool memory_region_request_mmio_ptr(MemoryRegion *mr, hwaddr addr);
50
-
51
-/**
52
- * memory_region_invalidate_mmio_ptr: invalidate the pointer to an mmio
53
- * previously requested.
54
- * In the end that means that if something wants to execute from this area it
55
- * will need to request the pointer again.
56
- *
57
- * @mr: #MemoryRegion associated to the pointer.
58
- * @offset: offset within the memory region
59
- * @size: size of that area.
60
- */
61
-void memory_region_invalidate_mmio_ptr(MemoryRegion *mr, hwaddr offset,
62
- unsigned size);
63
-
64
/**
65
* memory_region_dispatch_read: perform a read directly to the specified
66
* MemoryRegion.
67
diff --git a/memory.c b/memory.c
68
index XXXXXXX..XXXXXXX 100644
69
--- a/memory.c
70
+++ b/memory.c
71
@@ -XXX,XX +XXX,XX @@
72
#include "exec/ram_addr.h"
73
#include "sysemu/kvm.h"
74
#include "sysemu/sysemu.h"
75
-#include "hw/misc/mmio_interface.h"
76
#include "hw/qdev-properties.h"
77
#include "migration/vmstate.h"
78
79
@@ -XXX,XX +XXX,XX @@ void memory_listener_unregister(MemoryListener *listener)
80
listener->address_space = NULL;
81
}
82
83
-bool memory_region_request_mmio_ptr(MemoryRegion *mr, hwaddr addr)
84
-{
85
- void *host;
86
- unsigned size = 0;
87
- unsigned offset = 0;
88
- Object *new_interface;
89
-
90
- if (!mr || !mr->ops->request_ptr) {
91
- return false;
92
- }
93
-
94
- /*
95
- * Avoid an update if the request_ptr call
96
- * memory_region_invalidate_mmio_ptr which seems to be likely when we use
97
- * a cache.
98
- */
99
- memory_region_transaction_begin();
100
-
101
- host = mr->ops->request_ptr(mr->opaque, addr - mr->addr, &size, &offset);
102
-
103
- if (!host || !size) {
104
- memory_region_transaction_commit();
105
- return false;
106
- }
107
-
108
- new_interface = object_new("mmio_interface");
109
- qdev_prop_set_uint64(DEVICE(new_interface), "start", offset);
110
- qdev_prop_set_uint64(DEVICE(new_interface), "end", offset + size - 1);
111
- qdev_prop_set_bit(DEVICE(new_interface), "ro", true);
112
- qdev_prop_set_ptr(DEVICE(new_interface), "host_ptr", host);
113
- qdev_prop_set_ptr(DEVICE(new_interface), "subregion", mr);
114
- object_property_set_bool(OBJECT(new_interface), true, "realized", NULL);
115
-
116
- memory_region_transaction_commit();
117
- return true;
118
-}
119
-
120
-typedef struct MMIOPtrInvalidate {
121
- MemoryRegion *mr;
122
- hwaddr offset;
123
- unsigned size;
124
- int busy;
125
- int allocated;
126
-} MMIOPtrInvalidate;
127
-
128
-#define MAX_MMIO_INVALIDATE 10
129
-static MMIOPtrInvalidate mmio_ptr_invalidate_list[MAX_MMIO_INVALIDATE];
130
-
131
-static void memory_region_do_invalidate_mmio_ptr(CPUState *cpu,
132
- run_on_cpu_data data)
133
-{
134
- MMIOPtrInvalidate *invalidate_data = (MMIOPtrInvalidate *)data.host_ptr;
135
- MemoryRegion *mr = invalidate_data->mr;
136
- hwaddr offset = invalidate_data->offset;
137
- unsigned size = invalidate_data->size;
138
- MemoryRegionSection section = memory_region_find(mr, offset, size);
139
-
140
- qemu_mutex_lock_iothread();
141
-
142
- /* Reset dirty so this doesn't happen later. */
143
- cpu_physical_memory_test_and_clear_dirty(offset, size, 1);
144
-
145
- if (section.mr != mr) {
146
- /* memory_region_find add a ref on section.mr */
147
- memory_region_unref(section.mr);
148
- if (MMIO_INTERFACE(section.mr->owner)) {
149
- /* We found the interface just drop it. */
150
- object_property_set_bool(section.mr->owner, false, "realized",
151
- NULL);
152
- object_unref(section.mr->owner);
153
- object_unparent(section.mr->owner);
154
- }
155
- }
156
-
157
- qemu_mutex_unlock_iothread();
158
-
159
- if (invalidate_data->allocated) {
160
- g_free(invalidate_data);
161
- } else {
162
- invalidate_data->busy = 0;
163
- }
164
-}
165
-
166
-void memory_region_invalidate_mmio_ptr(MemoryRegion *mr, hwaddr offset,
167
- unsigned size)
168
-{
169
- size_t i;
170
- MMIOPtrInvalidate *invalidate_data = NULL;
171
-
172
- for (i = 0; i < MAX_MMIO_INVALIDATE; i++) {
173
- if (atomic_cmpxchg(&(mmio_ptr_invalidate_list[i].busy), 0, 1) == 0) {
174
- invalidate_data = &mmio_ptr_invalidate_list[i];
175
- break;
176
- }
177
- }
178
-
179
- if (!invalidate_data) {
180
- invalidate_data = g_malloc0(sizeof(MMIOPtrInvalidate));
181
- invalidate_data->allocated = 1;
182
- }
183
-
184
- invalidate_data->mr = mr;
185
- invalidate_data->offset = offset;
186
- invalidate_data->size = size;
187
-
188
- async_safe_run_on_cpu(first_cpu, memory_region_do_invalidate_mmio_ptr,
189
- RUN_ON_CPU_HOST_PTR(invalidate_data));
190
-}
191
-
192
void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name)
193
{
194
memory_region_ref(root);
195
--
196
2.18.0
197
198
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 16/25] hw/misc: Remove mmio_interface device
1
1
The mmio_interface device was a purely internal artifact
2
of the implementation of the memory subsystem's request_ptr
3
APIs. Now that we have removed those APIs, we can remove
4
the mmio_interface device too.
5
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
8
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
9
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
10
Message-id: 20180817114619.22354-4-peter.maydell@linaro.org
11
---
12
hw/misc/Makefile.objs | 1 -
13
include/hw/misc/mmio_interface.h | 49 -----------
14
hw/misc/mmio_interface.c | 135 -------------------------------
15
3 files changed, 185 deletions(-)
16
delete mode 100644 include/hw/misc/mmio_interface.h
17
delete mode 100644 hw/misc/mmio_interface.c
18
19
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
20
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/misc/Makefile.objs
22
+++ b/hw/misc/Makefile.objs
23
@@ -XXX,XX +XXX,XX @@ obj-$(CONFIG_PVPANIC) += pvpanic.o
24
obj-$(CONFIG_HYPERV_TESTDEV) += hyperv_testdev.o
25
obj-$(CONFIG_AUX) += auxbus.o
26
obj-$(CONFIG_ASPEED_SOC) += aspeed_scu.o aspeed_sdmc.o
27
-obj-y += mmio_interface.o
28
obj-$(CONFIG_MSF2) += msf2-sysreg.o
29
diff --git a/include/hw/misc/mmio_interface.h b/include/hw/misc/mmio_interface.h
30
deleted file mode 100644
31
index XXXXXXX..XXXXXXX
32
--- a/include/hw/misc/mmio_interface.h
33
+++ /dev/null
34
@@ -XXX,XX +XXX,XX @@
35
-/*
36
- * mmio_interface.h
37
- *
38
- * Copyright (C) 2017 : GreenSocs
39
- * http://www.greensocs.com/ , email: info@greensocs.com
40
- *
41
- * Developed by :
42
- * Frederic Konrad <fred.konrad@greensocs.com>
43
- *
44
- * This program is free software; you can redistribute it and/or modify
45
- * it under the terms of the GNU General Public License as published by
46
- * the Free Software Foundation, either version 2 of the License, or
47
- * (at your option)any later version.
48
- *
49
- * This program is distributed in the hope that it will be useful,
50
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
51
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
52
- * GNU General Public License for more details.
53
- *
54
- * You should have received a copy of the GNU General Public License along
55
- * with this program; if not, see <http://www.gnu.org/licenses/>.
56
- *
57
- */
58
-
59
-#ifndef MMIO_INTERFACE_H
60
-#define MMIO_INTERFACE_H
61
-
62
-#include "exec/memory.h"
63
-
64
-#define TYPE_MMIO_INTERFACE "mmio_interface"
65
-#define MMIO_INTERFACE(obj) OBJECT_CHECK(MMIOInterface, (obj), \
66
- TYPE_MMIO_INTERFACE)
67
-
68
-typedef struct MMIOInterface {
69
- DeviceState parent_obj;
70
-
71
- MemoryRegion *subregion;
72
- MemoryRegion ram_mem;
73
- uint64_t start;
74
- uint64_t end;
75
- bool ro;
76
- uint64_t id;
77
- void *host_ptr;
78
-} MMIOInterface;
79
-
80
-void mmio_interface_map(MMIOInterface *s);
81
-void mmio_interface_unmap(MMIOInterface *s);
82
-
83
-#endif /* MMIO_INTERFACE_H */
84
diff --git a/hw/misc/mmio_interface.c b/hw/misc/mmio_interface.c
85
deleted file mode 100644
86
index XXXXXXX..XXXXXXX
87
--- a/hw/misc/mmio_interface.c
88
+++ /dev/null
89
@@ -XXX,XX +XXX,XX @@
90
-/*
91
- * mmio_interface.c
92
- *
93
- * Copyright (C) 2017 : GreenSocs
94
- * http://www.greensocs.com/ , email: info@greensocs.com
95
- *
96
- * Developed by :
97
- * Frederic Konrad <fred.konrad@greensocs.com>
98
- *
99
- * This program is free software; you can redistribute it and/or modify
100
- * it under the terms of the GNU General Public License as published by
101
- * the Free Software Foundation, either version 2 of the License, or
102
- * (at your option)any later version.
103
- *
104
- * This program is distributed in the hope that it will be useful,
105
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
106
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
107
- * GNU General Public License for more details.
108
- *
109
- * You should have received a copy of the GNU General Public License along
110
- * with this program; if not, see <http://www.gnu.org/licenses/>.
111
- *
112
- */
113
-
114
-#include "qemu/osdep.h"
115
-#include "qemu/log.h"
116
-#include "trace.h"
117
-#include "hw/qdev-properties.h"
118
-#include "hw/misc/mmio_interface.h"
119
-#include "qapi/error.h"
120
-
121
-#ifndef DEBUG_MMIO_INTERFACE
122
-#define DEBUG_MMIO_INTERFACE 0
123
-#endif
124
-
125
-static uint64_t mmio_interface_counter;
126
-
127
-#define DPRINTF(fmt, ...) do { \
128
- if (DEBUG_MMIO_INTERFACE) { \
129
- qemu_log("mmio_interface: 0x%" PRIX64 ": " fmt, s->id, ## __VA_ARGS__);\
130
- } \
131
-} while (0)
132
-
133
-static void mmio_interface_init(Object *obj)
134
-{
135
- MMIOInterface *s = MMIO_INTERFACE(obj);
136
-
137
- if (DEBUG_MMIO_INTERFACE) {
138
- s->id = mmio_interface_counter++;
139
- }
140
-
141
- DPRINTF("interface created\n");
142
- s->host_ptr = 0;
143
- s->subregion = 0;
144
-}
145
-
146
-static void mmio_interface_realize(DeviceState *dev, Error **errp)
147
-{
148
- MMIOInterface *s = MMIO_INTERFACE(dev);
149
-
150
- DPRINTF("realize from 0x%" PRIX64 " to 0x%" PRIX64 " map host pointer"
151
- " %p\n", s->start, s->end, s->host_ptr);
152
-
153
- if (!s->host_ptr) {
154
- error_setg(errp, "host_ptr property must be set");
155
- return;
156
- }
157
-
158
- if (!s->subregion) {
159
- error_setg(errp, "subregion property must be set");
160
- return;
161
- }
162
-
163
- memory_region_init_ram_ptr(&s->ram_mem, OBJECT(s), "ram",
164
- s->end - s->start + 1, s->host_ptr);
165
- memory_region_set_readonly(&s->ram_mem, s->ro);
166
- memory_region_add_subregion(s->subregion, s->start, &s->ram_mem);
167
-}
168
-
169
-static void mmio_interface_unrealize(DeviceState *dev, Error **errp)
170
-{
171
- MMIOInterface *s = MMIO_INTERFACE(dev);
172
-
173
- DPRINTF("unrealize from 0x%" PRIX64 " to 0x%" PRIX64 " map host pointer"
174
- " %p\n", s->start, s->end, s->host_ptr);
175
- memory_region_del_subregion(s->subregion, &s->ram_mem);
176
-}
177
-
178
-static void mmio_interface_finalize(Object *obj)
179
-{
180
- MMIOInterface *s = MMIO_INTERFACE(obj);
181
-
182
- DPRINTF("finalize from 0x%" PRIX64 " to 0x%" PRIX64 " map host pointer"
183
- " %p\n", s->start, s->end, s->host_ptr);
184
- object_unparent(OBJECT(&s->ram_mem));
185
-}
186
-
187
-static Property mmio_interface_properties[] = {
188
- DEFINE_PROP_UINT64("start", MMIOInterface, start, 0),
189
- DEFINE_PROP_UINT64("end", MMIOInterface, end, 0),
190
- DEFINE_PROP_PTR("host_ptr", MMIOInterface, host_ptr),
191
- DEFINE_PROP_BOOL("ro", MMIOInterface, ro, false),
192
- DEFINE_PROP_MEMORY_REGION("subregion", MMIOInterface, subregion),
193
- DEFINE_PROP_END_OF_LIST(),
194
-};
195
-
196
-static void mmio_interface_class_init(ObjectClass *oc, void *data)
197
-{
198
- DeviceClass *dc = DEVICE_CLASS(oc);
199
-
200
- dc->realize = mmio_interface_realize;
201
- dc->unrealize = mmio_interface_unrealize;
202
- dc->props = mmio_interface_properties;
203
- /* Reason: pointer property "host_ptr", and this device
204
- * is an implementation detail of the memory subsystem,
205
- * not intended to be created directly by the user.
206
- */
207
- dc->user_creatable = false;
208
-}
209
-
210
-static const TypeInfo mmio_interface_info = {
211
- .name = TYPE_MMIO_INTERFACE,
212
- .parent = TYPE_DEVICE,
213
- .instance_size = sizeof(MMIOInterface),
214
- .instance_init = mmio_interface_init,
215
- .instance_finalize = mmio_interface_finalize,
216
- .class_init = mmio_interface_class_init,
217
-};
218
-
219
-static void mmio_interface_register_types(void)
220
-{
221
- type_register_static(&mmio_interface_info);
222
-}
223
-
224
-type_init(mmio_interface_register_types)
225
--
226
2.18.0
227
228
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 17/25] hw/timer/m48t59: Move away from old_mmio accessors
1
Move the m48t59 device away from using old_mmio MemoryRegionOps
2
accessors.
1
3
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
6
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
7
Message-id: 20180802180602.22047-1-peter.maydell@linaro.org
8
---
9
hw/timer/m48t59.c | 59 +++++++++--------------------------------------
10
1 file changed, 11 insertions(+), 48 deletions(-)
11
12
diff --git a/hw/timer/m48t59.c b/hw/timer/m48t59.c
13
index XXXXXXX..XXXXXXX 100644
14
--- a/hw/timer/m48t59.c
15
+++ b/hw/timer/m48t59.c
16
@@ -XXX,XX +XXX,XX @@ static uint64_t NVRAM_readb(void *opaque, hwaddr addr, unsigned size)
17
return retval;
18
}
19
20
-static void nvram_writeb (void *opaque, hwaddr addr, uint32_t value)
21
-{
22
- M48t59State *NVRAM = opaque;
23
-
24
- m48t59_write(NVRAM, addr, value & 0xff);
25
-}
26
-
27
-static void nvram_writew (void *opaque, hwaddr addr, uint32_t value)
28
-{
29
- M48t59State *NVRAM = opaque;
30
-
31
- m48t59_write(NVRAM, addr, (value >> 8) & 0xff);
32
- m48t59_write(NVRAM, addr + 1, value & 0xff);
33
-}
34
-
35
-static void nvram_writel (void *opaque, hwaddr addr, uint32_t value)
36
-{
37
- M48t59State *NVRAM = opaque;
38
-
39
- m48t59_write(NVRAM, addr, (value >> 24) & 0xff);
40
- m48t59_write(NVRAM, addr + 1, (value >> 16) & 0xff);
41
- m48t59_write(NVRAM, addr + 2, (value >> 8) & 0xff);
42
- m48t59_write(NVRAM, addr + 3, value & 0xff);
43
-}
44
-
45
-static uint32_t nvram_readb (void *opaque, hwaddr addr)
46
+static uint64_t nvram_read(void *opaque, hwaddr addr, unsigned size)
47
{
48
M48t59State *NVRAM = opaque;
49
50
return m48t59_read(NVRAM, addr);
51
}
52
53
-static uint32_t nvram_readw (void *opaque, hwaddr addr)
54
+static void nvram_write(void *opaque, hwaddr addr, uint64_t value,
55
+ unsigned size)
56
{
57
M48t59State *NVRAM = opaque;
58
- uint32_t retval;
59
60
- retval = m48t59_read(NVRAM, addr) << 8;
61
- retval |= m48t59_read(NVRAM, addr + 1);
62
- return retval;
63
-}
64
-
65
-static uint32_t nvram_readl (void *opaque, hwaddr addr)
66
-{
67
- M48t59State *NVRAM = opaque;
68
- uint32_t retval;
69
-
70
- retval = m48t59_read(NVRAM, addr) << 24;
71
- retval |= m48t59_read(NVRAM, addr + 1) << 16;
72
- retval |= m48t59_read(NVRAM, addr + 2) << 8;
73
- retval |= m48t59_read(NVRAM, addr + 3);
74
- return retval;
75
+ return m48t59_write(NVRAM, addr, value);
76
}
77
78
static const MemoryRegionOps nvram_ops = {
79
- .old_mmio = {
80
- .read = { nvram_readb, nvram_readw, nvram_readl, },
81
- .write = { nvram_writeb, nvram_writew, nvram_writel, },
82
- },
83
- .endianness = DEVICE_NATIVE_ENDIAN,
84
+ .read = nvram_read,
85
+ .write = nvram_write,
86
+ .impl.min_access_size = 1,
87
+ .impl.max_access_size = 1,
88
+ .valid.min_access_size = 1,
89
+ .valid.max_access_size = 4,
90
+ .endianness = DEVICE_BIG_ENDIAN,
91
};
92
93
static const VMStateDescription vmstate_m48t59 = {
94
--
95
2.18.0
96
97
diff view generated by jsdifflib
[Qemu-devel] [PULL 1/8] target/arm: Fix LD1W and LDFF1W (scalar plus vector)
[Qemu-devel] [PULL 18/25] hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module
1
From: Richard Henderson <richard.henderson@linaro.org>
1
The Arm Cortex-M System Design Kit includes a simple watchdog module
2
based on a 32-bit down-counter. Implement this.
2
3
3
'I' was being double-incremented; correctly within the inner loop
4
and incorrectly within the outer loop.
5
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
8
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
9
Tested-by: Alex Bennée <alex.bennee@linaro.org>
10
Message-id: 20180711103957.3040-1-richard.henderson@linaro.org
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
5
---
13
target/arm/sve_helper.c | 4 ++--
6
Makefile.objs | 1 +
14
1 file changed, 2 insertions(+), 2 deletions(-)
7
hw/watchdog/Makefile.objs | 1 +
8
include/hw/watchdog/cmsdk-apb-watchdog.h | 59 ++++
9
hw/watchdog/cmsdk-apb-watchdog.c | 326 +++++++++++++++++++++++
10
MAINTAINERS | 2 +
11
default-configs/arm-softmmu.mak | 1 +
12
hw/watchdog/trace-events | 6 +
13
7 files changed, 396 insertions(+)
14
create mode 100644 include/hw/watchdog/cmsdk-apb-watchdog.h
15
create mode 100644 hw/watchdog/cmsdk-apb-watchdog.c
16
create mode 100644 hw/watchdog/trace-events
15
17
16
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
18
diff --git a/Makefile.objs b/Makefile.objs
17
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/sve_helper.c
20
--- a/Makefile.objs
19
+++ b/target/arm/sve_helper.c
21
+++ b/Makefile.objs
20
@@ -XXX,XX +XXX,XX @@ void HELPER(NAME)(CPUARMState *env, void *vd, void *vg, void *vm, \
22
@@ -XXX,XX +XXX,XX @@ trace-events-subdirs += hw/tpm
21
intptr_t i, oprsz = simd_oprsz(desc); \
23
trace-events-subdirs += hw/usb
22
unsigned scale = simd_data(desc); \
24
trace-events-subdirs += hw/vfio
23
uintptr_t ra = GETPC(); \
25
trace-events-subdirs += hw/virtio
24
- for (i = 0; i < oprsz; i++) { \
26
+trace-events-subdirs += hw/watchdog
25
+ for (i = 0; i < oprsz; ) { \
27
trace-events-subdirs += hw/xen
26
uint16_t pg = *(uint16_t *)(vg + H1_2(i >> 3)); \
28
trace-events-subdirs += io
27
do { \
29
trace-events-subdirs += linux-user
28
TYPEM m = 0; \
30
diff --git a/hw/watchdog/Makefile.objs b/hw/watchdog/Makefile.objs
29
@@ -XXX,XX +XXX,XX @@ void HELPER(NAME)(CPUARMState *env, void *vd, void *vg, void *vm, \
31
index XXXXXXX..XXXXXXX 100644
30
uintptr_t ra = GETPC(); \
32
--- a/hw/watchdog/Makefile.objs
31
bool first = true; \
33
+++ b/hw/watchdog/Makefile.objs
32
mmap_lock(); \
34
@@ -XXX,XX +XXX,XX @@
33
- for (i = 0; i < oprsz; i++) { \
35
common-obj-y += watchdog.o
34
+ for (i = 0; i < oprsz; ) { \
36
+common-obj-$(CONFIG_CMSDK_APB_WATCHDOG) += cmsdk-apb-watchdog.o
35
uint16_t pg = *(uint16_t *)(vg + H1_2(i >> 3)); \
37
common-obj-$(CONFIG_WDT_IB6300ESB) += wdt_i6300esb.o
36
do { \
38
common-obj-$(CONFIG_WDT_IB700) += wdt_ib700.o
37
TYPEM m = 0; \
39
common-obj-$(CONFIG_WDT_DIAG288) += wdt_diag288.o
40
diff --git a/include/hw/watchdog/cmsdk-apb-watchdog.h b/include/hw/watchdog/cmsdk-apb-watchdog.h
41
new file mode 100644
42
index XXXXXXX..XXXXXXX
43
--- /dev/null
44
+++ b/include/hw/watchdog/cmsdk-apb-watchdog.h
45
@@ -XXX,XX +XXX,XX @@
46
+/*
47
+ * ARM CMSDK APB watchdog emulation
48
+ *
49
+ * Copyright (c) 2018 Linaro Limited
50
+ * Written by Peter Maydell
51
+ *
52
+ * This program is free software; you can redistribute it and/or modify
53
+ * it under the terms of the GNU General Public License version 2 or
54
+ * (at your option) any later version.
55
+ */
56
+
57
+/*
58
+ * This is a model of the "APB watchdog" which is part of the Cortex-M
59
+ * System Design Kit (CMSDK) and documented in the Cortex-M System
60
+ * Design Kit Technical Reference Manual (ARM DDI0479C):
61
+ * https://developer.arm.com/products/system-design/system-design-kits/cortex-m-system-design-kit
62
+ *
63
+ * QEMU interface:
64
+ * + QOM property "wdogclk-frq": frequency at which the watchdog is clocked
65
+ * + sysbus MMIO region 0: the register bank
66
+ * + sysbus IRQ 0: watchdog interrupt
67
+ *
68
+ * In real hardware the watchdog's reset output is just a GPIO line
69
+ * which can then be masked by the board or treated as a simple interrupt.
70
+ * (For instance the IoTKit does this with the non-secure watchdog, so that
71
+ * secure code can control whether non-secure code can perform a system
72
+ * reset via its watchdog.) In QEMU, we just wire up the watchdog reset
73
+ * to watchdog_perform_action(), at least for the moment.
74
+ */
75
+
76
+#ifndef CMSDK_APB_WATCHDOG_H
77
+#define CMSDK_APB_WATCHDOG_H
78
+
79
+#include "hw/sysbus.h"
80
+#include "hw/ptimer.h"
81
+
82
+#define TYPE_CMSDK_APB_WATCHDOG "cmsdk-apb-watchdog"
83
+#define CMSDK_APB_WATCHDOG(obj) OBJECT_CHECK(CMSDKAPBWatchdog, (obj), \
84
+ TYPE_CMSDK_APB_WATCHDOG)
85
+
86
+typedef struct CMSDKAPBWatchdog {
87
+ /*< private >*/
88
+ SysBusDevice parent_obj;
89
+
90
+ /*< public >*/
91
+ MemoryRegion iomem;
92
+ qemu_irq wdogint;
93
+ uint32_t wdogclk_frq;
94
+ struct ptimer_state *timer;
95
+
96
+ uint32_t control;
97
+ uint32_t intstatus;
98
+ uint32_t lock;
99
+ uint32_t itcr;
100
+ uint32_t itop;
101
+ uint32_t resetstatus;
102
+} CMSDKAPBWatchdog;
103
+
104
+#endif
105
diff --git a/hw/watchdog/cmsdk-apb-watchdog.c b/hw/watchdog/cmsdk-apb-watchdog.c
106
new file mode 100644
107
index XXXXXXX..XXXXXXX
108
--- /dev/null
109
+++ b/hw/watchdog/cmsdk-apb-watchdog.c
110
@@ -XXX,XX +XXX,XX @@
111
+/*
112
+ * ARM CMSDK APB watchdog emulation
113
+ *
114
+ * Copyright (c) 2018 Linaro Limited
115
+ * Written by Peter Maydell
116
+ *
117
+ * This program is free software; you can redistribute it and/or modify
118
+ * it under the terms of the GNU General Public License version 2 or
119
+ * (at your option) any later version.
120
+ */
121
+
122
+/*
123
+ * This is a model of the "APB watchdog" which is part of the Cortex-M
124
+ * System Design Kit (CMSDK) and documented in the Cortex-M System
125
+ * Design Kit Technical Reference Manual (ARM DDI0479C):
126
+ * https://developer.arm.com/products/system-design/system-design-kits/cortex-m-system-design-kit
127
+ */
128
+
129
+#include "qemu/osdep.h"
130
+#include "qemu/log.h"
131
+#include "trace.h"
132
+#include "qapi/error.h"
133
+#include "qemu/main-loop.h"
134
+#include "sysemu/watchdog.h"
135
+#include "hw/sysbus.h"
136
+#include "hw/registerfields.h"
137
+#include "hw/watchdog/cmsdk-apb-watchdog.h"
138
+
139
+REG32(WDOGLOAD, 0x0)
140
+REG32(WDOGVALUE, 0x4)
141
+REG32(WDOGCONTROL, 0x8)
142
+ FIELD(WDOGCONTROL, INTEN, 0, 1)
143
+ FIELD(WDOGCONTROL, RESEN, 1, 1)
144
+#define R_WDOGCONTROL_VALID_MASK (R_WDOGCONTROL_INTEN_MASK | \
145
+ R_WDOGCONTROL_RESEN_MASK)
146
+REG32(WDOGINTCLR, 0xc)
147
+REG32(WDOGRIS, 0x10)
148
+ FIELD(WDOGRIS, INT, 0, 1)
149
+REG32(WDOGMIS, 0x14)
150
+REG32(WDOGLOCK, 0xc00)
151
+#define WDOG_UNLOCK_VALUE 0x1ACCE551
152
+REG32(WDOGITCR, 0xf00)
153
+ FIELD(WDOGITCR, ENABLE, 0, 1)
154
+#define R_WDOGITCR_VALID_MASK R_WDOGITCR_ENABLE_MASK
155
+REG32(WDOGITOP, 0xf04)
156
+ FIELD(WDOGITOP, WDOGRES, 0, 1)
157
+ FIELD(WDOGITOP, WDOGINT, 1, 1)
158
+#define R_WDOGITOP_VALID_MASK (R_WDOGITOP_WDOGRES_MASK | \
159
+ R_WDOGITOP_WDOGINT_MASK)
160
+REG32(PID4, 0xfd0)
161
+REG32(PID5, 0xfd4)
162
+REG32(PID6, 0xfd8)
163
+REG32(PID7, 0xfdc)
164
+REG32(PID0, 0xfe0)
165
+REG32(PID1, 0xfe4)
166
+REG32(PID2, 0xfe8)
167
+REG32(PID3, 0xfec)
168
+REG32(CID0, 0xff0)
169
+REG32(CID1, 0xff4)
170
+REG32(CID2, 0xff8)
171
+REG32(CID3, 0xffc)
172
+
173
+/* PID/CID values */
174
+static const int watchdog_id[] = {
175
+ 0x04, 0x00, 0x00, 0x00, /* PID4..PID7 */
176
+ 0x24, 0xb8, 0x1b, 0x00, /* PID0..PID3 */
177
+ 0x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */
178
+};
179
+
180
+static bool cmsdk_apb_watchdog_intstatus(CMSDKAPBWatchdog *s)
181
+{
182
+ /* Return masked interrupt status */
183
+ return s->intstatus && (s->control & R_WDOGCONTROL_INTEN_MASK);
184
+}
185
+
186
+static bool cmsdk_apb_watchdog_resetstatus(CMSDKAPBWatchdog *s)
187
+{
188
+ /* Return masked reset status */
189
+ return s->resetstatus && (s->control & R_WDOGCONTROL_RESEN_MASK);
190
+}
191
+
192
+static void cmsdk_apb_watchdog_update(CMSDKAPBWatchdog *s)
193
+{
194
+ bool wdogint;
195
+ bool wdogres;
196
+
197
+ if (s->itcr) {
198
+ wdogint = s->itop & R_WDOGITOP_WDOGINT_MASK;
199
+ wdogres = s->itop & R_WDOGITOP_WDOGRES_MASK;
200
+ } else {
201
+ wdogint = cmsdk_apb_watchdog_intstatus(s);
202
+ wdogres = cmsdk_apb_watchdog_resetstatus(s);
203
+ }
204
+
205
+ qemu_set_irq(s->wdogint, wdogint);
206
+ if (wdogres) {
207
+ watchdog_perform_action();
208
+ }
209
+}
210
+
211
+static uint64_t cmsdk_apb_watchdog_read(void *opaque, hwaddr offset,
212
+ unsigned size)
213
+{
214
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(opaque);
215
+ uint64_t r;
216
+
217
+ switch (offset) {
218
+ case A_WDOGLOAD:
219
+ r = ptimer_get_limit(s->timer);
220
+ break;
221
+ case A_WDOGVALUE:
222
+ r = ptimer_get_count(s->timer);
223
+ break;
224
+ case A_WDOGCONTROL:
225
+ r = s->control;
226
+ break;
227
+ case A_WDOGRIS:
228
+ r = s->intstatus;
229
+ break;
230
+ case A_WDOGMIS:
231
+ r = cmsdk_apb_watchdog_intstatus(s);
232
+ break;
233
+ case A_WDOGLOCK:
234
+ r = s->lock;
235
+ break;
236
+ case A_WDOGITCR:
237
+ r = s->itcr;
238
+ break;
239
+ case A_PID4 ... A_CID3:
240
+ r = watchdog_id[(offset - A_PID4) / 4];
241
+ break;
242
+ case A_WDOGINTCLR:
243
+ case A_WDOGITOP:
244
+ qemu_log_mask(LOG_GUEST_ERROR,
245
+ "CMSDK APB watchdog read: read of WO offset %x\n",
246
+ (int)offset);
247
+ r = 0;
248
+ break;
249
+ default:
250
+ qemu_log_mask(LOG_GUEST_ERROR,
251
+ "CMSDK APB watchdog read: bad offset %x\n", (int)offset);
252
+ r = 0;
253
+ break;
254
+ }
255
+ trace_cmsdk_apb_watchdog_read(offset, r, size);
256
+ return r;
257
+}
258
+
259
+static void cmsdk_apb_watchdog_write(void *opaque, hwaddr offset,
260
+ uint64_t value, unsigned size)
261
+{
262
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(opaque);
263
+
264
+ trace_cmsdk_apb_watchdog_write(offset, value, size);
265
+
266
+ if (s->lock && offset != A_WDOGLOCK) {
267
+ /* Write access is disabled via WDOGLOCK */
268
+ qemu_log_mask(LOG_GUEST_ERROR,
269
+ "CMSDK APB watchdog write: write to locked watchdog\n");
270
+ return;
271
+ }
272
+
273
+ switch (offset) {
274
+ case A_WDOGLOAD:
275
+ /*
276
+ * Reset the load value and the current count, and make sure
277
+ * we're counting.
278
+ */
279
+ ptimer_set_limit(s->timer, value, 1);
280
+ ptimer_run(s->timer, 0);
281
+ break;
282
+ case A_WDOGCONTROL:
283
+ s->control = value & R_WDOGCONTROL_VALID_MASK;
284
+ cmsdk_apb_watchdog_update(s);
285
+ break;
286
+ case A_WDOGINTCLR:
287
+ s->intstatus = 0;
288
+ ptimer_set_count(s->timer, ptimer_get_limit(s->timer));
289
+ cmsdk_apb_watchdog_update(s);
290
+ break;
291
+ case A_WDOGLOCK:
292
+ s->lock = (value != WDOG_UNLOCK_VALUE);
293
+ break;
294
+ case A_WDOGITCR:
295
+ s->itcr = value & R_WDOGITCR_VALID_MASK;
296
+ cmsdk_apb_watchdog_update(s);
297
+ break;
298
+ case A_WDOGITOP:
299
+ s->itop = value & R_WDOGITOP_VALID_MASK;
300
+ cmsdk_apb_watchdog_update(s);
301
+ break;
302
+ case A_WDOGVALUE:
303
+ case A_WDOGRIS:
304
+ case A_WDOGMIS:
305
+ case A_PID4 ... A_CID3:
306
+ qemu_log_mask(LOG_GUEST_ERROR,
307
+ "CMSDK APB watchdog write: write to RO offset 0x%x\n",
308
+ (int)offset);
309
+ break;
310
+ default:
311
+ qemu_log_mask(LOG_GUEST_ERROR,
312
+ "CMSDK APB watchdog write: bad offset 0x%x\n",
313
+ (int)offset);
314
+ break;
315
+ }
316
+}
317
+
318
+static const MemoryRegionOps cmsdk_apb_watchdog_ops = {
319
+ .read = cmsdk_apb_watchdog_read,
320
+ .write = cmsdk_apb_watchdog_write,
321
+ .endianness = DEVICE_LITTLE_ENDIAN,
322
+ /* byte/halfword accesses are just zero-padded on reads and writes */
323
+ .impl.min_access_size = 4,
324
+ .impl.max_access_size = 4,
325
+ .valid.min_access_size = 1,
326
+ .valid.max_access_size = 4,
327
+};
328
+
329
+static void cmsdk_apb_watchdog_tick(void *opaque)
330
+{
331
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(opaque);
332
+
333
+ if (!s->intstatus) {
334
+ /* Count expired for the first time: raise interrupt */
335
+ s->intstatus = R_WDOGRIS_INT_MASK;
336
+ } else {
337
+ /* Count expired for the second time: raise reset and stop clock */
338
+ s->resetstatus = 1;
339
+ ptimer_stop(s->timer);
340
+ }
341
+ cmsdk_apb_watchdog_update(s);
342
+}
343
+
344
+static void cmsdk_apb_watchdog_reset(DeviceState *dev)
345
+{
346
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(dev);
347
+
348
+ trace_cmsdk_apb_watchdog_reset();
349
+ s->control = 0;
350
+ s->intstatus = 0;
351
+ s->lock = 0;
352
+ s->itcr = 0;
353
+ s->itop = 0;
354
+ s->resetstatus = 0;
355
+ /* Set the limit and the count */
356
+ ptimer_set_limit(s->timer, 0xffffffff, 1);
357
+ ptimer_run(s->timer, 0);
358
+}
359
+
360
+static void cmsdk_apb_watchdog_init(Object *obj)
361
+{
362
+ SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
363
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(obj);
364
+
365
+ memory_region_init_io(&s->iomem, obj, &cmsdk_apb_watchdog_ops,
366
+ s, "cmsdk-apb-watchdog", 0x1000);
367
+ sysbus_init_mmio(sbd, &s->iomem);
368
+ sysbus_init_irq(sbd, &s->wdogint);
369
+}
370
+
371
+static void cmsdk_apb_watchdog_realize(DeviceState *dev, Error **errp)
372
+{
373
+ CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(dev);
374
+ QEMUBH *bh;
375
+
376
+ if (s->wdogclk_frq == 0) {
377
+ error_setg(errp,
378
+ "CMSDK APB watchdog: wdogclk-frq property must be set");
379
+ return;
380
+ }
381
+
382
+ bh = qemu_bh_new(cmsdk_apb_watchdog_tick, s);
383
+ s->timer = ptimer_init(bh,
384
+ PTIMER_POLICY_WRAP_AFTER_ONE_PERIOD |
385
+ PTIMER_POLICY_TRIGGER_ONLY_ON_DECREMENT |
386
+ PTIMER_POLICY_NO_IMMEDIATE_RELOAD |
387
+ PTIMER_POLICY_NO_COUNTER_ROUND_DOWN);
388
+
389
+ ptimer_set_freq(s->timer, s->wdogclk_frq);
390
+}
391
+
392
+static const VMStateDescription cmsdk_apb_watchdog_vmstate = {
393
+ .name = "cmsdk-apb-watchdog",
394
+ .version_id = 1,
395
+ .minimum_version_id = 1,
396
+ .fields = (VMStateField[]) {
397
+ VMSTATE_PTIMER(timer, CMSDKAPBWatchdog),
398
+ VMSTATE_UINT32(control, CMSDKAPBWatchdog),
399
+ VMSTATE_UINT32(intstatus, CMSDKAPBWatchdog),
400
+ VMSTATE_UINT32(lock, CMSDKAPBWatchdog),
401
+ VMSTATE_UINT32(itcr, CMSDKAPBWatchdog),
402
+ VMSTATE_UINT32(itop, CMSDKAPBWatchdog),
403
+ VMSTATE_UINT32(resetstatus, CMSDKAPBWatchdog),
404
+ VMSTATE_END_OF_LIST()
405
+ }
406
+};
407
+
408
+static Property cmsdk_apb_watchdog_properties[] = {
409
+ DEFINE_PROP_UINT32("wdogclk-frq", CMSDKAPBWatchdog, wdogclk_frq, 0),
410
+ DEFINE_PROP_END_OF_LIST(),
411
+};
412
+
413
+static void cmsdk_apb_watchdog_class_init(ObjectClass *klass, void *data)
414
+{
415
+ DeviceClass *dc = DEVICE_CLASS(klass);
416
+
417
+ dc->realize = cmsdk_apb_watchdog_realize;
418
+ dc->vmsd = &cmsdk_apb_watchdog_vmstate;
419
+ dc->reset = cmsdk_apb_watchdog_reset;
420
+ dc->props = cmsdk_apb_watchdog_properties;
421
+}
422
+
423
+static const TypeInfo cmsdk_apb_watchdog_info = {
424
+ .name = TYPE_CMSDK_APB_WATCHDOG,
425
+ .parent = TYPE_SYS_BUS_DEVICE,
426
+ .instance_size = sizeof(CMSDKAPBWatchdog),
427
+ .instance_init = cmsdk_apb_watchdog_init,
428
+ .class_init = cmsdk_apb_watchdog_class_init,
429
+};
430
+
431
+static void cmsdk_apb_watchdog_register_types(void)
432
+{
433
+ type_register_static(&cmsdk_apb_watchdog_info);
434
+}
435
+
436
+type_init(cmsdk_apb_watchdog_register_types);
437
diff --git a/MAINTAINERS b/MAINTAINERS
438
index XXXXXXX..XXXXXXX 100644
439
--- a/MAINTAINERS
440
+++ b/MAINTAINERS
441
@@ -XXX,XX +XXX,XX @@ F: hw/timer/cmsdk-apb-timer.c
442
F: include/hw/timer/cmsdk-apb-timer.h
443
F: hw/char/cmsdk-apb-uart.c
444
F: include/hw/char/cmsdk-apb-uart.h
445
+F: hw/watchdog/cmsdk-apb-watchdog.c
446
+F: include/hw/watchdog/cmsdk-apb-watchdog.h
447
F: hw/misc/tz-ppc.c
448
F: include/hw/misc/tz-ppc.h
449
F: hw/misc/tz-mpc.c
450
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
451
index XXXXXXX..XXXXXXX 100644
452
--- a/default-configs/arm-softmmu.mak
453
+++ b/default-configs/arm-softmmu.mak
454
@@ -XXX,XX +XXX,XX @@ CONFIG_STM32F205_SOC=y
455
456
CONFIG_CMSDK_APB_TIMER=y
457
CONFIG_CMSDK_APB_UART=y
458
+CONFIG_CMSDK_APB_WATCHDOG=y
459
460
CONFIG_MPS2_FPGAIO=y
461
CONFIG_MPS2_SCC=y
462
diff --git a/hw/watchdog/trace-events b/hw/watchdog/trace-events
463
new file mode 100644
464
index XXXXXXX..XXXXXXX
465
--- /dev/null
466
+++ b/hw/watchdog/trace-events
467
@@ -XXX,XX +XXX,XX @@
468
+# See docs/devel/tracing.txt for syntax documentation.
469
+
470
+# hw/char/cmsdk_apb_watchdog.c
471
+cmsdk_apb_watchdog_read(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB watchdog read: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
472
+cmsdk_apb_watchdog_write(uint64_t offset, uint64_t data, unsigned size) "CMSDK APB watchdog write: offset 0x%" PRIx64 " data 0x%" PRIx64 " size %u"
473
+cmsdk_apb_watchdog_reset(void) "CMSDK APB watchdog: reset"
38
--
474
--
39
2.17.1
475
2.18.0
40
476
41
477
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 19/25] nvic: Expose NMI line
1
On real v7M hardware, the NMI line is an externally visible signal
2
that an SoC or board can toggle to assert an NMI. Expose it in
3
our QEMU NVIC and armv7m container objects so that a board model
4
can wire it up if it needs to.
1
5
6
In particular, the MPS2 watchdog is wired to NMI.
7
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
---
11
hw/arm/armv7m.c | 1 +
12
hw/intc/armv7m_nvic.c | 19 +++++++++++++++++++
13
hw/intc/trace-events | 1 +
14
3 files changed, 21 insertions(+)
15
16
diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/hw/arm/armv7m.c
19
+++ b/hw/arm/armv7m.c
20
@@ -XXX,XX +XXX,XX @@ static void armv7m_realize(DeviceState *dev, Error **errp)
21
*/
22
qdev_pass_gpios(DEVICE(&s->nvic), dev, NULL);
23
qdev_pass_gpios(DEVICE(&s->nvic), dev, "SYSRESETREQ");
24
+ qdev_pass_gpios(DEVICE(&s->nvic), dev, "NMI");
25
26
/* Wire the NVIC up to the CPU */
27
sbd = SYS_BUS_DEVICE(&s->nvic);
28
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
29
index XXXXXXX..XXXXXXX 100644
30
--- a/hw/intc/armv7m_nvic.c
31
+++ b/hw/intc/armv7m_nvic.c
32
@@ -XXX,XX +XXX,XX @@ static void set_irq_level(void *opaque, int n, int level)
33
}
34
}
35
36
+/* callback when external NMI line is changed */
37
+static void nvic_nmi_trigger(void *opaque, int n, int level)
38
+{
39
+ NVICState *s = opaque;
40
+
41
+ trace_nvic_set_nmi_level(level);
42
+
43
+ /*
44
+ * The architecture doesn't specify whether NMI should share
45
+ * the normal-interrupt behaviour of being resampled on
46
+ * exception handler return. We choose not to, so just
47
+ * set NMI pending here and don't track the current level.
48
+ */
49
+ if (level) {
50
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI, false);
51
+ }
52
+}
53
+
54
static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
55
{
56
ARMCPU *cpu = s->cpu;
57
@@ -XXX,XX +XXX,XX @@ static void armv7m_nvic_instance_init(Object *obj)
58
qdev_init_gpio_out_named(dev, &nvic->sysresetreq, "SYSRESETREQ", 1);
59
qdev_init_gpio_in_named(dev, nvic_systick_trigger, "systick-trigger",
60
M_REG_NUM_BANKS);
61
+ qdev_init_gpio_in_named(dev, nvic_nmi_trigger, "NMI", 1);
62
}
63
64
static void armv7m_nvic_class_init(ObjectClass *klass, void *data)
65
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
66
index XXXXXXX..XXXXXXX 100644
67
--- a/hw/intc/trace-events
68
+++ b/hw/intc/trace-events
69
@@ -XXX,XX +XXX,XX @@ nvic_acknowledge_irq(int irq, int prio) "NVIC acknowledge IRQ: %d now active (pr
70
nvic_get_pending_irq_info(int irq, bool secure) "NVIC next IRQ %d: targets_secure: %d"
71
nvic_complete_irq(int irq, bool secure) "NVIC complete IRQ %d (secure %d)"
72
nvic_set_irq_level(int irq, int level) "NVIC external irq %d level set to %d"
73
+nvic_set_nmi_level(int level) "NVIC external NMI level set to %d"
74
nvic_sysreg_read(uint64_t addr, uint32_t value, unsigned size) "NVIC sysreg read addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u"
75
nvic_sysreg_write(uint64_t addr, uint32_t value, unsigned size) "NVIC sysreg write addr 0x%" PRIx64 " data 0x%" PRIx32 " size %u"
76
77
--
78
2.18.0
79
80
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 20/25] hw/dma/pl080: Allow use as embedded-struct device
1
Create a new include file for the pl081's device struct,
2
type macros, etc, so that it can be instantiated using
3
the "embedded struct" coding style.
1
4
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
---
8
include/hw/dma/pl080.h | 62 ++++++++++++++++++++++++++++++++++++++++++
9
hw/dma/pl080.c | 34 ++---------------------
10
MAINTAINERS | 1 +
11
3 files changed, 65 insertions(+), 32 deletions(-)
12
create mode 100644 include/hw/dma/pl080.h
13
14
diff --git a/include/hw/dma/pl080.h b/include/hw/dma/pl080.h
15
new file mode 100644
16
index XXXXXXX..XXXXXXX
17
--- /dev/null
18
+++ b/include/hw/dma/pl080.h
19
@@ -XXX,XX +XXX,XX @@
20
+/*
21
+ * ARM PrimeCell PL080/PL081 DMA controller
22
+ *
23
+ * Copyright (c) 2006 CodeSourcery.
24
+ * Copyright (c) 2018 Linaro Limited
25
+ * Written by Paul Brook, Peter Maydell
26
+ *
27
+ * This program is free software; you can redistribute it and/or modify
28
+ * it under the terms of the GNU General Public License version 2 or
29
+ * (at your option) any later version.
30
+ */
31
+
32
+/* This is a model of the Arm PrimeCell PL080/PL081 DMA controller:
33
+ * The PL080 TRM is:
34
+ * http://infocenter.arm.com/help/topic/com.arm.doc.ddi0196g/DDI0196.pdf
35
+ * and the PL081 TRM is:
36
+ * http://infocenter.arm.com/help/topic/com.arm.doc.ddi0218e/DDI0218.pdf
37
+ *
38
+ * QEMU interface:
39
+ * + sysbus IRQ: DMACINTR combined interrupt line
40
+ * + sysbus MMIO region 0: MemoryRegion for the device's registers
41
+ */
42
+
43
+#ifndef HW_DMA_PL080_H
44
+#define HW_DMA_PL080_H
45
+
46
+#include "hw/sysbus.h"
47
+
48
+#define PL080_MAX_CHANNELS 8
49
+
50
+typedef struct {
51
+ uint32_t src;
52
+ uint32_t dest;
53
+ uint32_t lli;
54
+ uint32_t ctrl;
55
+ uint32_t conf;
56
+} pl080_channel;
57
+
58
+#define TYPE_PL080 "pl080"
59
+#define TYPE_PL081 "pl081"
60
+#define PL080(obj) OBJECT_CHECK(PL080State, (obj), TYPE_PL080)
61
+
62
+typedef struct PL080State {
63
+ SysBusDevice parent_obj;
64
+
65
+ MemoryRegion iomem;
66
+ uint8_t tc_int;
67
+ uint8_t tc_mask;
68
+ uint8_t err_int;
69
+ uint8_t err_mask;
70
+ uint32_t conf;
71
+ uint32_t sync;
72
+ uint32_t req_single;
73
+ uint32_t req_burst;
74
+ pl080_channel chan[PL080_MAX_CHANNELS];
75
+ int nchannels;
76
+ /* Flag to avoid recursive DMA invocations. */
77
+ int running;
78
+ qemu_irq irq;
79
+} PL080State;
80
+
81
+#endif
82
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
83
index XXXXXXX..XXXXXXX 100644
84
--- a/hw/dma/pl080.c
85
+++ b/hw/dma/pl080.c
86
@@ -XXX,XX +XXX,XX @@
87
#include "hw/sysbus.h"
88
#include "exec/address-spaces.h"
89
#include "qemu/log.h"
90
+#include "hw/dma/pl080.h"
91
92
-#define PL080_MAX_CHANNELS 8
93
#define PL080_CONF_E 0x1
94
#define PL080_CONF_M1 0x2
95
#define PL080_CONF_M2 0x4
96
@@ -XXX,XX +XXX,XX @@
97
#define PL080_CCTRL_D 0x02000000
98
#define PL080_CCTRL_S 0x01000000
99
100
-typedef struct {
101
- uint32_t src;
102
- uint32_t dest;
103
- uint32_t lli;
104
- uint32_t ctrl;
105
- uint32_t conf;
106
-} pl080_channel;
107
-
108
-#define TYPE_PL080 "pl080"
109
-#define PL080(obj) OBJECT_CHECK(PL080State, (obj), TYPE_PL080)
110
-
111
-typedef struct PL080State {
112
- SysBusDevice parent_obj;
113
-
114
- MemoryRegion iomem;
115
- uint8_t tc_int;
116
- uint8_t tc_mask;
117
- uint8_t err_int;
118
- uint8_t err_mask;
119
- uint32_t conf;
120
- uint32_t sync;
121
- uint32_t req_single;
122
- uint32_t req_burst;
123
- pl080_channel chan[PL080_MAX_CHANNELS];
124
- int nchannels;
125
- /* Flag to avoid recursive DMA invocations. */
126
- int running;
127
- qemu_irq irq;
128
-} PL080State;
129
-
130
static const VMStateDescription vmstate_pl080_channel = {
131
.name = "pl080_channel",
132
.version_id = 1,
133
@@ -XXX,XX +XXX,XX @@ static const TypeInfo pl080_info = {
134
};
135
136
static const TypeInfo pl081_info = {
137
- .name = "pl081",
138
+ .name = TYPE_PL081,
139
.parent = TYPE_PL080,
140
.instance_init = pl081_init,
141
};
142
diff --git a/MAINTAINERS b/MAINTAINERS
143
index XXXXXXX..XXXXXXX 100644
144
--- a/MAINTAINERS
145
+++ b/MAINTAINERS
146
@@ -XXX,XX +XXX,XX @@ F: hw/char/pl011.c
147
F: include/hw/char/pl011.h
148
F: hw/display/pl110*
149
F: hw/dma/pl080.c
150
+F: include/hw/dma/pl080.h
151
F: hw/dma/pl330.c
152
F: hw/gpio/pl061.c
153
F: hw/input/pl050.c
154
--
155
2.18.0
156
157
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 21/25] hw/dma/pl080: Support all three interrupt lines
1
The PL080 and PL081 have three outgoing interrupt lines:
2
* DMACINTERR signals DMA errors
3
* DMACINTTC is the DMA count interrupt
4
* DMACINTR is a combined interrupt, the logical OR of the other two
1
5
6
We currently only implement DMACINTR, because that's all the
7
realview and versatile boards needed, but the instances of the
8
PL081 in the MPS2 firmware images use all three interrupt lines.
9
Implement the missing DMACINTERR and DMACINTTC.
10
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
13
---
14
include/hw/dma/pl080.h | 6 +++++-
15
hw/dma/pl080.c | 13 ++++++++-----
16
2 files changed, 13 insertions(+), 6 deletions(-)
17
18
diff --git a/include/hw/dma/pl080.h b/include/hw/dma/pl080.h
19
index XXXXXXX..XXXXXXX 100644
20
--- a/include/hw/dma/pl080.h
21
+++ b/include/hw/dma/pl080.h
22
@@ -XXX,XX +XXX,XX @@
23
* http://infocenter.arm.com/help/topic/com.arm.doc.ddi0218e/DDI0218.pdf
24
*
25
* QEMU interface:
26
- * + sysbus IRQ: DMACINTR combined interrupt line
27
+ * + sysbus IRQ 0: DMACINTR combined interrupt line
28
+ * + sysbus IRQ 1: DMACINTERR error interrupt request
29
+ * + sysbus IRQ 2: DMACINTTC count interrupt request
30
* + sysbus MMIO region 0: MemoryRegion for the device's registers
31
*/
32
33
@@ -XXX,XX +XXX,XX @@ typedef struct PL080State {
34
/* Flag to avoid recursive DMA invocations. */
35
int running;
36
qemu_irq irq;
37
+ qemu_irq interr;
38
+ qemu_irq inttc;
39
} PL080State;
40
41
#endif
42
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
43
index XXXXXXX..XXXXXXX 100644
44
--- a/hw/dma/pl080.c
45
+++ b/hw/dma/pl080.c
46
@@ -XXX,XX +XXX,XX @@ static const unsigned char pl081_id[] =
47
48
static void pl080_update(PL080State *s)
49
{
50
- if ((s->tc_int & s->tc_mask)
51
- || (s->err_int & s->err_mask))
52
- qemu_irq_raise(s->irq);
53
- else
54
- qemu_irq_lower(s->irq);
55
+ bool tclevel = (s->tc_int & s->tc_mask);
56
+ bool errlevel = (s->err_int & s->err_mask);
57
+
58
+ qemu_set_irq(s->interr, errlevel);
59
+ qemu_set_irq(s->inttc, tclevel);
60
+ qemu_set_irq(s->irq, errlevel || tclevel);
61
}
62
63
static void pl080_run(PL080State *s)
64
@@ -XXX,XX +XXX,XX @@ static void pl080_init(Object *obj)
65
memory_region_init_io(&s->iomem, OBJECT(s), &pl080_ops, s, "pl080", 0x1000);
66
sysbus_init_mmio(sbd, &s->iomem);
67
sysbus_init_irq(sbd, &s->irq);
68
+ sysbus_init_irq(sbd, &s->interr);
69
+ sysbus_init_irq(sbd, &s->inttc);
70
s->nchannels = 8;
71
}
72
73
--
74
2.18.0
75
76
diff view generated by jsdifflib
[Qemu-devel] [PULL 3/8] hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
[Qemu-devel] [PULL 22/25] hw/dma/pl080: Don't use CPU address space for DMA accesses
1
In gic_deactivate_irq() the interrupt number comes from the guest
1
Currently our PL080/PL081 model uses a combination of the CPU's
2
(on a write to the GICC_DIR register), so we need to sanity check
2
address space (via cpu_physical_memory_{read,write}()) and the
3
that it isn't out of range before we use it as an array index.
3
system address space for performing DMA accesses.
4
Handle this in a similar manner to the check we do in
5
gic_complete_irq() for the GICC_EOI register.
6
4
7
The array overrun is not disastrous because the calling code
5
For the PL081s in the MPS FPGA images, their DMA accesses
8
uses (value & 0x3ff) to extract the interrupt field, so the
6
must go via Master Security Controllers. Switch the
9
only out-of-range values possible are 1020..1023, which allow
7
PL080/PL081 model to take a MemoryRegion property which
10
overrunning only from irq_state[] into the following
8
defines its downstream for making DMA accesses.
11
irq_target[] array which the guest can already manipulate.
9
10
Since the PL08x are only used in two board models, we
11
make provision of the 'downstream' link mandatory and convert
12
both users at once, rather than having it be optional with
13
a default to the system address space.
12
14
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
16
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
15
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
16
Message-id: 20180712154152.32183-2-peter.maydell@linaro.org
17
---
17
---
18
hw/intc/arm_gic.c | 16 +++++++++++++++-
18
include/hw/dma/pl080.h | 5 +++++
19
1 file changed, 15 insertions(+), 1 deletion(-)
19
hw/arm/realview.c | 8 +++++++-
20
hw/arm/versatilepb.c | 9 ++++++++-
21
hw/dma/pl080.c | 35 +++++++++++++++++++++++++++++------
22
4 files changed, 49 insertions(+), 8 deletions(-)
20
23
21
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
24
diff --git a/include/hw/dma/pl080.h b/include/hw/dma/pl080.h
22
index XXXXXXX..XXXXXXX 100644
25
index XXXXXXX..XXXXXXX 100644
23
--- a/hw/intc/arm_gic.c
26
--- a/include/hw/dma/pl080.h
24
+++ b/hw/intc/arm_gic.c
27
+++ b/include/hw/dma/pl080.h
25
@@ -XXX,XX +XXX,XX @@ static bool gic_eoi_split(GICState *s, int cpu, MemTxAttrs attrs)
28
@@ -XXX,XX +XXX,XX @@
26
static void gic_deactivate_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs)
29
* + sysbus IRQ 1: DMACINTERR error interrupt request
27
{
30
* + sysbus IRQ 2: DMACINTTC count interrupt request
28
int cm = 1 << cpu;
31
* + sysbus MMIO region 0: MemoryRegion for the device's registers
29
- int group = gic_has_groups(s) && GIC_TEST_GROUP(irq, cm);
32
+ * + QOM property "downstream": MemoryRegion defining where DMA
30
+ int group;
33
+ * bus master transactions are made
34
*/
35
36
#ifndef HW_DMA_PL080_H
37
@@ -XXX,XX +XXX,XX @@ typedef struct PL080State {
38
qemu_irq irq;
39
qemu_irq interr;
40
qemu_irq inttc;
31
+
41
+
32
+ if (irq >= s->num_irq) {
42
+ MemoryRegion *downstream;
33
+ /*
43
+ AddressSpace downstream_as;
34
+ * This handles two cases:
44
} PL080State;
35
+ * 1. If software writes the ID of a spurious interrupt [ie 1023]
45
36
+ * to the GICC_DIR, the GIC ignores that write.
46
#endif
37
+ * 2. If software writes the number of a non-existent interrupt
47
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
38
+ * this must be a subcase of "value written is not an active interrupt"
48
index XXXXXXX..XXXXXXX 100644
39
+ * and so this is UNPREDICTABLE. We choose to ignore it.
49
--- a/hw/arm/realview.c
40
+ */
50
+++ b/hw/arm/realview.c
51
@@ -XXX,XX +XXX,XX @@ static void realview_init(MachineState *machine,
52
pl011_create(0x1000c000, pic[15], serial_hd(3));
53
54
/* DMA controller is optional, apparently. */
55
- sysbus_create_simple("pl081", 0x10030000, pic[24]);
56
+ dev = qdev_create(NULL, "pl081");
57
+ object_property_set_link(OBJECT(dev), OBJECT(sysmem), "downstream",
58
+ &error_fatal);
59
+ qdev_init_nofail(dev);
60
+ busdev = SYS_BUS_DEVICE(dev);
61
+ sysbus_mmio_map(busdev, 0, 0x10030000);
62
+ sysbus_connect_irq(busdev, 0, pic[24]);
63
64
sysbus_create_simple("sp804", 0x10011000, pic[4]);
65
sysbus_create_simple("sp804", 0x10012000, pic[5]);
66
diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
67
index XXXXXXX..XXXXXXX 100644
68
--- a/hw/arm/versatilepb.c
69
+++ b/hw/arm/versatilepb.c
70
@@ -XXX,XX +XXX,XX @@ static void versatile_init(MachineState *machine, int board_id)
71
pl011_create(0x101f3000, pic[14], serial_hd(2));
72
pl011_create(0x10009000, sic[6], serial_hd(3));
73
74
- sysbus_create_simple("pl080", 0x10130000, pic[17]);
75
+ dev = qdev_create(NULL, "pl080");
76
+ object_property_set_link(OBJECT(dev), OBJECT(sysmem), "downstream",
77
+ &error_fatal);
78
+ qdev_init_nofail(dev);
79
+ busdev = SYS_BUS_DEVICE(dev);
80
+ sysbus_mmio_map(busdev, 0, 0x10130000);
81
+ sysbus_connect_irq(busdev, 0, pic[17]);
82
+
83
sysbus_create_simple("sp804", 0x101e2000, pic[4]);
84
sysbus_create_simple("sp804", 0x101e3000, pic[5]);
85
86
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
87
index XXXXXXX..XXXXXXX 100644
88
--- a/hw/dma/pl080.c
89
+++ b/hw/dma/pl080.c
90
@@ -XXX,XX +XXX,XX @@
91
#include "exec/address-spaces.h"
92
#include "qemu/log.h"
93
#include "hw/dma/pl080.h"
94
+#include "qapi/error.h"
95
96
#define PL080_CONF_E 0x1
97
#define PL080_CONF_M1 0x2
98
@@ -XXX,XX +XXX,XX @@ again:
99
swidth = 1 << ((ch->ctrl >> 18) & 7);
100
dwidth = 1 << ((ch->ctrl >> 21) & 7);
101
for (n = 0; n < dwidth; n+= swidth) {
102
- cpu_physical_memory_read(ch->src, buff + n, swidth);
103
+ address_space_read(&s->downstream_as, ch->src,
104
+ MEMTXATTRS_UNSPECIFIED, buff + n, swidth);
105
if (ch->ctrl & PL080_CCTRL_SI)
106
ch->src += swidth;
107
}
108
xsize = (dwidth < swidth) ? swidth : dwidth;
109
/* ??? This may pad the value incorrectly for dwidth < 32. */
110
for (n = 0; n < xsize; n += dwidth) {
111
- cpu_physical_memory_write(ch->dest + n, buff + n, dwidth);
112
+ address_space_write(&s->downstream_as, ch->dest + n,
113
+ MEMTXATTRS_UNSPECIFIED, buff + n, dwidth);
114
if (ch->ctrl & PL080_CCTRL_DI)
115
ch->dest += swidth;
116
}
117
@@ -XXX,XX +XXX,XX @@ again:
118
if (size == 0) {
119
/* Transfer complete. */
120
if (ch->lli) {
121
- ch->src = address_space_ldl_le(&address_space_memory,
122
+ ch->src = address_space_ldl_le(&s->downstream_as,
123
ch->lli,
124
MEMTXATTRS_UNSPECIFIED,
125
NULL);
126
- ch->dest = address_space_ldl_le(&address_space_memory,
127
+ ch->dest = address_space_ldl_le(&s->downstream_as,
128
ch->lli + 4,
129
MEMTXATTRS_UNSPECIFIED,
130
NULL);
131
- ch->ctrl = address_space_ldl_le(&address_space_memory,
132
+ ch->ctrl = address_space_ldl_le(&s->downstream_as,
133
ch->lli + 12,
134
MEMTXATTRS_UNSPECIFIED,
135
NULL);
136
- ch->lli = address_space_ldl_le(&address_space_memory,
137
+ ch->lli = address_space_ldl_le(&s->downstream_as,
138
ch->lli + 8,
139
MEMTXATTRS_UNSPECIFIED,
140
NULL);
141
@@ -XXX,XX +XXX,XX @@ static void pl080_init(Object *obj)
142
s->nchannels = 8;
143
}
144
145
+static void pl080_realize(DeviceState *dev, Error **errp)
146
+{
147
+ PL080State *s = PL080(dev);
148
+
149
+ if (!s->downstream) {
150
+ error_setg(errp, "PL080 'downstream' link not set");
41
+ return;
151
+ return;
42
+ }
152
+ }
43
+
153
+
44
+ group = gic_has_groups(s) && GIC_TEST_GROUP(irq, cm);
154
+ address_space_init(&s->downstream_as, s->downstream, "pl080-downstream");
45
155
+}
46
if (!gic_eoi_split(s, cpu, attrs)) {
156
+
47
/* This is UNPREDICTABLE; we choose to ignore it */
157
static void pl081_init(Object *obj)
158
{
159
PL080State *s = PL080(obj);
160
@@ -XXX,XX +XXX,XX @@ static void pl081_init(Object *obj)
161
s->nchannels = 2;
162
}
163
164
+static Property pl080_properties[] = {
165
+ DEFINE_PROP_LINK("downstream", PL080State, downstream,
166
+ TYPE_MEMORY_REGION, MemoryRegion *),
167
+ DEFINE_PROP_END_OF_LIST(),
168
+};
169
+
170
static void pl080_class_init(ObjectClass *oc, void *data)
171
{
172
DeviceClass *dc = DEVICE_CLASS(oc);
173
174
dc->vmsd = &vmstate_pl080;
175
+ dc->realize = pl080_realize;
176
+ dc->props = pl080_properties;
177
}
178
179
static const TypeInfo pl080_info = {
48
--
180
--
49
2.17.1
181
2.18.0
50
182
51
183
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 23/25] hw/dma/pl080: Provide device reset function
1
The PL080/PL081 model is missing a reset function; implement it.
1
2
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
5
---
6
hw/dma/pl080.c | 25 +++++++++++++++++++++++++
7
1 file changed, 25 insertions(+)
8
9
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
10
index XXXXXXX..XXXXXXX 100644
11
--- a/hw/dma/pl080.c
12
+++ b/hw/dma/pl080.c
13
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps pl080_ops = {
14
.endianness = DEVICE_NATIVE_ENDIAN,
15
};
16
17
+static void pl080_reset(DeviceState *dev)
18
+{
19
+ PL080State *s = PL080(dev);
20
+ int i;
21
+
22
+ s->tc_int = 0;
23
+ s->tc_mask = 0;
24
+ s->err_int = 0;
25
+ s->err_mask = 0;
26
+ s->conf = 0;
27
+ s->sync = 0;
28
+ s->req_single = 0;
29
+ s->req_burst = 0;
30
+ s->running = 0;
31
+
32
+ for (i = 0; i < s->nchannels; i++) {
33
+ s->chan[i].src = 0;
34
+ s->chan[i].dest = 0;
35
+ s->chan[i].lli = 0;
36
+ s->chan[i].ctrl = 0;
37
+ s->chan[i].conf = 0;
38
+ }
39
+}
40
+
41
static void pl080_init(Object *obj)
42
{
43
SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
44
@@ -XXX,XX +XXX,XX @@ static void pl080_class_init(ObjectClass *oc, void *data)
45
dc->vmsd = &vmstate_pl080;
46
dc->realize = pl080_realize;
47
dc->props = pl080_properties;
48
+ dc->reset = pl080_reset;
49
}
50
51
static const TypeInfo pl080_info = {
52
--
53
2.18.0
54
55
diff view generated by jsdifflib
New patch
[Qemu-devel] [PULL 24/25] hw/dma/pl080: Correct bug in register address decode logic
1
A bug in the handling of the register address decode logic
2
for the PL08x meant that we were incorrectly treating
3
accesses to the DMA channel registers (DMACCxSrcAddr,
4
DMACCxDestaddr, DMACCxLLI, DMACCxControl, DMACCxConfiguration)
5
as bad offsets. Fix this long-standing bug.
1
6
7
Fixes: https://bugs.launchpad.net/qemu/+bug/1637974
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
---
11
hw/dma/pl080.c | 5 +++--
12
1 file changed, 3 insertions(+), 2 deletions(-)
13
14
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/dma/pl080.c
17
+++ b/hw/dma/pl080.c
18
@@ -XXX,XX +XXX,XX @@ static uint64_t pl080_read(void *opaque, hwaddr offset,
19
i = (offset & 0xe0) >> 5;
20
if (i >= s->nchannels)
21
goto bad_offset;
22
- switch (offset >> 2) {
23
+ switch ((offset >> 2) & 7) {
24
case 0: /* SrcAddr */
25
return s->chan[i].src;
26
case 1: /* DestAddr */
27
@@ -XXX,XX +XXX,XX @@ static void pl080_write(void *opaque, hwaddr offset,
28
i = (offset & 0xe0) >> 5;
29
if (i >= s->nchannels)
30
goto bad_offset;
31
- switch (offset >> 2) {
32
+ switch ((offset >> 2) & 7) {
33
case 0: /* SrcAddr */
34
s->chan[i].src = value;
35
break;
36
@@ -XXX,XX +XXX,XX @@ static void pl080_write(void *opaque, hwaddr offset,
37
pl080_run(s);
38
break;
39
}
40
+ return;
41
}
42
switch (offset >> 2) {
43
case 2: /* IntTCClear */
44
--
45
2.18.0
46
47
diff view generated by jsdifflib
[Qemu-devel] [PULL 4/8] hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
[Qemu-devel] [PULL 25/25] hw/dma/pl080: Remove hw_error() if DMA is enabled
1
The GICD_ITARGETSR implementation still has some 11MPCore behaviour
1
The PL08x model currently will unconditionally call hw_error()
2
that we were incorrectly using in our GICv1 and GICv2 implementations
2
if the DMA engine is enabled by the guest. This has been
3
for the case where the interrupt number is less than GIC_INTERNAL.
3
present since the PL080 model was edded in 2006, and is
4
The desired behaviour here is:
4
presumably either unintentional debug code left enabled,
5
* for 11MPCore: RAZ/WI for irqs 0..28; read a number matching the
5
or a guard against untested DMA engine code being used.
6
CPU doing the read for irqs 29..31
7
* for GICv1 and v2: RAZ/WI if uniprocessor; otherwise read a
8
number matching the CPU doing the read for all irqs < 32
9
6
10
Stop squashing GICD_ITARGETSR to 0 for IRQs 0..28 unless this
7
Remove the hw_error(), since we now have a guest which
11
is an 11MPCore GIC.
8
will actually try to use the DMA engine (the self-test
9
binary for the AN505 MPS2 FPGA image).
12
10
13
Reported-by: Jan Kiszka <jan.kiszka@web.de>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
16
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
17
Message-id: 20180712154152.32183-3-peter.maydell@linaro.org
18
---
13
---
19
hw/intc/arm_gic.c | 6 ++++--
14
hw/dma/pl080.c | 1 -
20
1 file changed, 4 insertions(+), 2 deletions(-)
15
1 file changed, 1 deletion(-)
21
16
22
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
17
diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
23
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
24
--- a/hw/intc/arm_gic.c
19
--- a/hw/dma/pl080.c
25
+++ b/hw/intc/arm_gic.c
20
+++ b/hw/dma/pl080.c
26
@@ -XXX,XX +XXX,XX @@ static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
21
@@ -XXX,XX +XXX,XX @@ static void pl080_run(PL080State *s)
27
if (irq >= s->num_irq) {
22
if ((s->conf & PL080_CONF_E) == 0)
28
goto bad_reg;
23
return;
29
}
24
30
- if (irq >= 29 && irq <= 31) {
25
-hw_error("DMA active\n");
31
+ if (irq < 29 && s->revision == REV_11MPCORE) {
26
/* If we are already in the middle of a DMA operation then indicate that
32
+ res = 0;
27
there may be new DMA requests and return immediately. */
33
+ } else if (irq < GIC_INTERNAL) {
28
if (s->running) {
34
res = cm;
35
} else {
36
res = GIC_TARGET(irq);
37
@@ -XXX,XX +XXX,XX @@ static void gic_dist_writeb(void *opaque, hwaddr offset,
38
if (irq >= s->num_irq) {
39
goto bad_reg;
40
}
41
- if (irq < 29) {
42
+ if (irq < 29 && s->revision == REV_11MPCORE) {
43
value = 0;
44
} else if (irq < GIC_INTERNAL) {
45
value = ALL_CPU_MASK;
46
--
29
--
47
2.17.1
30
2.18.0
48
31
49
32
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.