[Qemu-devel] [PULL 0/8] target-arm queue
[PULL 0/3] target-arm queue
1
target-arm queue: a smallish set of patches for rc1 tomorrow.
1
Only thing for Arm for rc1 is RTH's fix for the KVM SVE probe code.
2
I've included the tcg patches because RTH has no others that
3
would merit a pullreq.
4
2
5
I haven't included Thomas Huth's 17-patch set to deal with
6
the introspection crashes, to give that a little more time
7
on-list for review.
8
9
thanks
10
-- PMM
3
-- PMM
11
4
12
The following changes since commit 102ad0a80f5110483efd06877c29c4236be267f9:
5
The following changes since commit 4e06b3fc1b5e1ec03f22190eabe56891dc9c2236:
13
6
14
Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2018-07-16' into staging (2018-07-16 15:34:38 +0100)
7
Merge tag 'pull-hex-20220731' of https://github.com/quic/qemu into staging (2022-07-31 21:38:54 -0700)
15
8
16
are available in the Git repository at:
9
are available in the Git repository at:
17
10
18
git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180716
11
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220801
19
12
20
for you to fetch changes up to 3474c98a2a2afcefa7c665f02ad2bed2a43ab0f7:
13
for you to fetch changes up to 5265d24c981dfdda8d29b44f7e84a514da75eedc:
21
14
22
accel/tcg: Assert that tlb fill gave us a valid TLB entry (2018-07-16 17:26:01 +0100)
15
target/arm: Move sve probe inside kvm >= 4.15 branch (2022-08-01 16:21:18 +0100)
23
16
24
----------------------------------------------------------------
17
----------------------------------------------------------------
25
target-arm queue:
18
target-arm queue:
26
* accel/tcg: Use correct test when looking in victim TLB for code
19
* Fix KVM SVE ID register probe code
27
* bcm2835_aux: Swap RX and TX interrupt assignments
28
* hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
29
* hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
30
* hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
31
* aspeed: Implement write-1-{set, clear} for AST2500 strapping
32
* target/arm: Fix LD1W and LDFF1W (scalar plus vector)
33
20
34
----------------------------------------------------------------
21
----------------------------------------------------------------
35
Andrew Jeffery (1):
22
Richard Henderson (3):
36
aspeed: Implement write-1-{set, clear} for AST2500 strapping
23
target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features
24
target/arm: Set KVM_ARM_VCPU_SVE while probing the host
25
target/arm: Move sve probe inside kvm >= 4.15 branch
37
26
38
Guenter Roeck (1):
27
target/arm/kvm64.c | 45 ++++++++++++++++++++++-----------------------
39
bcm2835_aux: Swap RX and TX interrupt assignments
28
1 file changed, 22 insertions(+), 23 deletions(-)
40
41
Peter Maydell (4):
42
hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
43
hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
44
accel/tcg: Use correct test when looking in victim TLB for code
45
accel/tcg: Assert that tlb fill gave us a valid TLB entry
46
47
Richard Henderson (1):
48
target/arm: Fix LD1W and LDFF1W (scalar plus vector)
49
50
Thomas Huth (1):
51
hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
52
53
include/hw/misc/aspeed_scu.h | 2 ++
54
accel/tcg/cputlb.c | 6 +++---
55
hw/arm/bcm2836.c | 2 ++
56
hw/char/bcm2835_aux.c | 4 ++--
57
hw/intc/arm_gic.c | 22 +++++++++++++++++++---
58
hw/misc/aspeed_scu.c | 19 +++++++++++++++++--
59
target/arm/sve_helper.c | 4 ++--
60
7 files changed, 47 insertions(+), 12 deletions(-)
61
diff view generated by jsdifflib
[Qemu-devel] [PULL 7/8] accel/tcg: Use correct test when looking in victim TLB for code
[PULL 1/3] target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features
1
In get_page_addr_code(), we were incorrectly looking in the victim
1
From: Richard Henderson <richard.henderson@linaro.org>
2
TLB for an entry which matched the target address for reads, not
3
for code accesses. This meant that we could hit on a victim TLB
4
entry that indicated that the address was readable but not
5
executable, and incorrectly bypass the call to tlb_fill() which
6
should generate the guest MMU exception. Fix this bug.
7
2
3
Indication for support for SVE will not depend on whether we
4
perform the query on the main kvm_state or the temp vcpu.
5
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20220726045828.53697-2-richard.henderson@linaro.org
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20180713141636.18665-2-peter.maydell@linaro.org
11
---
10
---
12
accel/tcg/cputlb.c | 2 +-
11
target/arm/kvm64.c | 2 +-
13
1 file changed, 1 insertion(+), 1 deletion(-)
12
1 file changed, 1 insertion(+), 1 deletion(-)
14
13
15
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
14
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
16
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
17
--- a/accel/tcg/cputlb.c
16
--- a/target/arm/kvm64.c
18
+++ b/accel/tcg/cputlb.c
17
+++ b/target/arm/kvm64.c
19
@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
18
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
20
index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
21
mmu_idx = cpu_mmu_index(env, true);
22
if (unlikely(!tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr))) {
23
- if (!VICTIM_TLB_HIT(addr_read, addr)) {
24
+ if (!VICTIM_TLB_HIT(addr_code, addr)) {
25
tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
26
}
19
}
27
}
20
}
21
22
- sve_supported = ioctl(fdarray[0], KVM_CHECK_EXTENSION, KVM_CAP_ARM_SVE) > 0;
23
+ sve_supported = kvm_arm_sve_supported();
24
25
/* Add feature bits that can't appear until after VCPU init. */
26
if (sve_supported) {
28
--
27
--
29
2.17.1
28
2.25.1
30
31
diff view generated by jsdifflib
[Qemu-devel] [PULL 8/8] accel/tcg: Assert that tlb fill gave us a valid TLB entry
[PULL 2/3] target/arm: Set KVM_ARM_VCPU_SVE while probing the host
1
In commit 4b1a3e1e34ad97 we added a check for whether the TLB entry
1
From: Richard Henderson <richard.henderson@linaro.org>
2
we had following a tlb_fill had the INVALID bit set. This could
3
happen in some circumstances because a stale or wrong TLB entry was
4
pulled out of the victim cache. However, after commit
5
68fea038553039e (which prevents stale entries being in the victim
6
cache) and the previous commit (which ensures we don't incorrectly
7
hit in the victim cache)) this should never be possible.
8
2
9
Drop the check on TLB_INVALID_MASK from the "is this a TLB_RECHECK?"
3
Because we weren't setting this flag, our probe of ID_AA64ZFR0
10
condition, and instead assert that the tlb fill procedure has given
4
was always returning zero. This also obviates the adjustment
11
us a valid TLB entry (or longjumped out with a guest exception).
5
of ID_AA64PFR0, which had sanitized the SVE field.
12
6
7
The effects of the bug are not visible, because the only thing that
8
ID_AA64ZFR0 is used for within qemu at present is tcg translation.
9
The other tests for SVE within KVM are via ID_AA64PFR0.SVE.
10
11
Reported-by: Zenghui Yu <yuzenghui@huawei.com>
12
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
13
Message-id: 20220726045828.53697-3-richard.henderson@linaro.org
14
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
15
Message-id: 20180713141636.18665-3-peter.maydell@linaro.org
16
---
16
---
17
accel/tcg/cputlb.c | 4 ++--
17
target/arm/kvm64.c | 27 +++++++++++++--------------
18
1 file changed, 2 insertions(+), 2 deletions(-)
18
1 file changed, 13 insertions(+), 14 deletions(-)
19
19
20
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
20
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
21
index XXXXXXX..XXXXXXX 100644
21
index XXXXXXX..XXXXXXX 100644
22
--- a/accel/tcg/cputlb.c
22
--- a/target/arm/kvm64.c
23
+++ b/accel/tcg/cputlb.c
23
+++ b/target/arm/kvm64.c
24
@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
24
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
25
if (!VICTIM_TLB_HIT(addr_code, addr)) {
25
bool sve_supported;
26
tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
26
bool pmu_supported = false;
27
uint64_t features = 0;
28
- uint64_t t;
29
int err;
30
31
/* Old kernels may not know about the PREFERRED_TARGET ioctl: however
32
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
33
struct kvm_vcpu_init init = { .target = -1, };
34
35
/*
36
- * Ask for Pointer Authentication if supported. We can't play the
37
- * SVE trick of synthesising the ID reg as KVM won't tell us
38
- * whether we have the architected or IMPDEF version of PAuth, so
39
- * we have to use the actual ID regs.
40
+ * Ask for SVE if supported, so that we can query ID_AA64ZFR0,
41
+ * which is otherwise RAZ.
42
+ */
43
+ sve_supported = kvm_arm_sve_supported();
44
+ if (sve_supported) {
45
+ init.features[0] |= 1 << KVM_ARM_VCPU_SVE;
46
+ }
47
+
48
+ /*
49
+ * Ask for Pointer Authentication if supported, so that we get
50
+ * the unsanitized field values for AA64ISAR1_EL1.
51
*/
52
if (kvm_arm_pauth_supported()) {
53
init.features[0] |= (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS |
54
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
27
}
55
}
28
+ assert(tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr));
29
}
56
}
30
57
31
- if (unlikely((env->tlb_table[mmu_idx][index].addr_code &
58
- sve_supported = kvm_arm_sve_supported();
32
- (TLB_RECHECK | TLB_INVALID_MASK)) == TLB_RECHECK)) {
59
-
33
+ if (unlikely(env->tlb_table[mmu_idx][index].addr_code & TLB_RECHECK)) {
60
- /* Add feature bits that can't appear until after VCPU init. */
61
if (sve_supported) {
62
- t = ahcf->isar.id_aa64pfr0;
63
- t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1);
64
- ahcf->isar.id_aa64pfr0 = t;
65
-
34
/*
66
/*
35
* This is a TLB_RECHECK access, where the MMU protection
67
* There is a range of kernels between kernel commit 73433762fcae
36
* covers a smaller range than a target page, and we must
68
* and f81cb2c3ad41 which have a bug where the kernel doesn't expose
69
* SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
70
- * SVE support, so we only read it here, rather than together with all
71
- * the other ID registers earlier.
72
+ * SVE support, which resulted in an error rather than RAZ.
73
+ * So only read the register if we set KVM_ARM_VCPU_SVE above.
74
*/
75
err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
76
ARM64_SYS_REG(3, 0, 0, 4, 4));
37
--
77
--
38
2.17.1
78
2.25.1
39
40
diff view generated by jsdifflib
[Qemu-devel] [PULL 1/8] target/arm: Fix LD1W and LDFF1W (scalar plus vector)
[PULL 3/3] target/arm: Move sve probe inside kvm >= 4.15 branch
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
'I' was being double-incremented; correctly within the inner loop
3
The test for the IF block indicates no ID registers are exposed, much
4
and incorrectly within the outer loop.
4
less host support for SVE. Move the SVE probe into the ELSE block.
5
5
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
7
Message-id: 20220726045828.53697-4-richard.henderson@linaro.org
8
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Tested-by: Alex Bennée <alex.bennee@linaro.org>
10
Message-id: 20180711103957.3040-1-richard.henderson@linaro.org
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
10
---
13
target/arm/sve_helper.c | 4 ++--
11
target/arm/kvm64.c | 22 +++++++++++-----------
14
1 file changed, 2 insertions(+), 2 deletions(-)
12
1 file changed, 11 insertions(+), 11 deletions(-)
15
13
16
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
14
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
17
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/sve_helper.c
16
--- a/target/arm/kvm64.c
19
+++ b/target/arm/sve_helper.c
17
+++ b/target/arm/kvm64.c
20
@@ -XXX,XX +XXX,XX @@ void HELPER(NAME)(CPUARMState *env, void *vd, void *vg, void *vm, \
18
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
21
intptr_t i, oprsz = simd_oprsz(desc); \
19
err |= read_sys_reg64(fdarray[2], &ahcf->isar.reset_pmcr_el0,
22
unsigned scale = simd_data(desc); \
20
ARM64_SYS_REG(3, 3, 9, 12, 0));
23
uintptr_t ra = GETPC(); \
21
}
24
- for (i = 0; i < oprsz; i++) { \
22
- }
25
+ for (i = 0; i < oprsz; ) { \
23
26
uint16_t pg = *(uint16_t *)(vg + H1_2(i >> 3)); \
24
- if (sve_supported) {
27
do { \
25
- /*
28
TYPEM m = 0; \
26
- * There is a range of kernels between kernel commit 73433762fcae
29
@@ -XXX,XX +XXX,XX @@ void HELPER(NAME)(CPUARMState *env, void *vd, void *vg, void *vm, \
27
- * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
30
uintptr_t ra = GETPC(); \
28
- * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
31
bool first = true; \
29
- * SVE support, which resulted in an error rather than RAZ.
32
mmap_lock(); \
30
- * So only read the register if we set KVM_ARM_VCPU_SVE above.
33
- for (i = 0; i < oprsz; i++) { \
31
- */
34
+ for (i = 0; i < oprsz; ) { \
32
- err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
35
uint16_t pg = *(uint16_t *)(vg + H1_2(i >> 3)); \
33
- ARM64_SYS_REG(3, 0, 0, 4, 4));
36
do { \
34
+ if (sve_supported) {
37
TYPEM m = 0; \
35
+ /*
36
+ * There is a range of kernels between kernel commit 73433762fcae
37
+ * and f81cb2c3ad41 which have a bug where the kernel doesn't
38
+ * expose SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has
39
+ * enabled SVE support, which resulted in an error rather than RAZ.
40
+ * So only read the register if we set KVM_ARM_VCPU_SVE above.
41
+ */
42
+ err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
43
+ ARM64_SYS_REG(3, 0, 0, 4, 4));
44
+ }
45
}
46
47
kvm_arm_destroy_scratch_host_vcpu(fdarray);
38
--
48
--
39
2.17.1
49
2.25.1
40
41
diff view generated by jsdifflib
[Qemu-devel] [PULL 2/8] aspeed: Implement write-1-{set, clear} for AST2500 strapping
Deleted patch
1
From: Andrew Jeffery <andrew@aj.id.au>
2
1
3
The AST2500 SoC family changes the runtime behaviour of the hardware
4
strapping register (SCU70) to write-1-set/write-1-clear, with
5
write-1-clear implemented on the "read-only" SoC revision register
6
(SCU7C). For the the AST2400, the hardware strapping is
7
runtime-configured with read-modify-write semantics.
8
9
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
10
Reviewed-by: Joel Stanley <joel@jms.id.au>
11
Message-id: 20180709143524.17480-1-andrew@aj.id.au
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
14
include/hw/misc/aspeed_scu.h | 2 ++
15
hw/misc/aspeed_scu.c | 19 +++++++++++++++++--
16
2 files changed, 19 insertions(+), 2 deletions(-)
17
18
diff --git a/include/hw/misc/aspeed_scu.h b/include/hw/misc/aspeed_scu.h
19
index XXXXXXX..XXXXXXX 100644
20
--- a/include/hw/misc/aspeed_scu.h
21
+++ b/include/hw/misc/aspeed_scu.h
22
@@ -XXX,XX +XXX,XX @@ typedef struct AspeedSCUState {
23
#define AST2500_A0_SILICON_REV 0x04000303U
24
#define AST2500_A1_SILICON_REV 0x04010303U
25
26
+#define ASPEED_IS_AST2500(si_rev) ((((si_rev) >> 24) & 0xff) == 0x04)
27
+
28
extern bool is_supported_silicon_rev(uint32_t silicon_rev);
29
30
#define ASPEED_SCU_PROT_KEY 0x1688A8A8
31
diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
32
index XXXXXXX..XXXXXXX 100644
33
--- a/hw/misc/aspeed_scu.c
34
+++ b/hw/misc/aspeed_scu.c
35
@@ -XXX,XX +XXX,XX @@ static void aspeed_scu_write(void *opaque, hwaddr offset, uint64_t data,
36
s->regs[reg] = data;
37
aspeed_scu_set_apb_freq(s);
38
break;
39
-
40
+ case HW_STRAP1:
41
+ if (ASPEED_IS_AST2500(s->regs[SILICON_REV])) {
42
+ s->regs[HW_STRAP1] |= data;
43
+ return;
44
+ }
45
+ /* Jump to assignment below */
46
+ break;
47
+ case SILICON_REV:
48
+ if (ASPEED_IS_AST2500(s->regs[SILICON_REV])) {
49
+ s->regs[HW_STRAP1] &= ~data;
50
+ } else {
51
+ qemu_log_mask(LOG_GUEST_ERROR,
52
+ "%s: Write to read-only offset 0x%" HWADDR_PRIx "\n",
53
+ __func__, offset);
54
+ }
55
+ /* Avoid assignment below, we've handled everything */
56
+ return;
57
case FREQ_CNTR_EVAL:
58
case VGA_SCRATCH1 ... VGA_SCRATCH8:
59
case RNG_DATA:
60
- case SILICON_REV:
61
case FREE_CNTR4:
62
case FREE_CNTR4_EXT:
63
qemu_log_mask(LOG_GUEST_ERROR,
64
--
65
2.17.1
66
67
diff view generated by jsdifflib
[Qemu-devel] [PULL 3/8] hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq()
Deleted patch
1
In gic_deactivate_irq() the interrupt number comes from the guest
2
(on a write to the GICC_DIR register), so we need to sanity check
3
that it isn't out of range before we use it as an array index.
4
Handle this in a similar manner to the check we do in
5
gic_complete_irq() for the GICC_EOI register.
6
1
7
The array overrun is not disastrous because the calling code
8
uses (value & 0x3ff) to extract the interrupt field, so the
9
only out-of-range values possible are 1020..1023, which allow
10
overrunning only from irq_state[] into the following
11
irq_target[] array which the guest can already manipulate.
12
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
15
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
16
Message-id: 20180712154152.32183-2-peter.maydell@linaro.org
17
---
18
hw/intc/arm_gic.c | 16 +++++++++++++++-
19
1 file changed, 15 insertions(+), 1 deletion(-)
20
21
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
22
index XXXXXXX..XXXXXXX 100644
23
--- a/hw/intc/arm_gic.c
24
+++ b/hw/intc/arm_gic.c
25
@@ -XXX,XX +XXX,XX @@ static bool gic_eoi_split(GICState *s, int cpu, MemTxAttrs attrs)
26
static void gic_deactivate_irq(GICState *s, int cpu, int irq, MemTxAttrs attrs)
27
{
28
int cm = 1 << cpu;
29
- int group = gic_has_groups(s) && GIC_TEST_GROUP(irq, cm);
30
+ int group;
31
+
32
+ if (irq >= s->num_irq) {
33
+ /*
34
+ * This handles two cases:
35
+ * 1. If software writes the ID of a spurious interrupt [ie 1023]
36
+ * to the GICC_DIR, the GIC ignores that write.
37
+ * 2. If software writes the number of a non-existent interrupt
38
+ * this must be a subcase of "value written is not an active interrupt"
39
+ * and so this is UNPREDICTABLE. We choose to ignore it.
40
+ */
41
+ return;
42
+ }
43
+
44
+ group = gic_has_groups(s) && GIC_TEST_GROUP(irq, cm);
45
46
if (!gic_eoi_split(s, cpu, attrs)) {
47
/* This is UNPREDICTABLE; we choose to ignore it */
48
--
49
2.17.1
50
51
diff view generated by jsdifflib
[Qemu-devel] [PULL 4/8] hw/intc/arm_gic: Fix handling of GICD_ITARGETSR
Deleted patch
1
The GICD_ITARGETSR implementation still has some 11MPCore behaviour
2
that we were incorrectly using in our GICv1 and GICv2 implementations
3
for the case where the interrupt number is less than GIC_INTERNAL.
4
The desired behaviour here is:
5
* for 11MPCore: RAZ/WI for irqs 0..28; read a number matching the
6
CPU doing the read for irqs 29..31
7
* for GICv1 and v2: RAZ/WI if uniprocessor; otherwise read a
8
number matching the CPU doing the read for all irqs < 32
9
1
10
Stop squashing GICD_ITARGETSR to 0 for IRQs 0..28 unless this
11
is an 11MPCore GIC.
12
13
Reported-by: Jan Kiszka <jan.kiszka@web.de>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
16
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
17
Message-id: 20180712154152.32183-3-peter.maydell@linaro.org
18
---
19
hw/intc/arm_gic.c | 6 ++++--
20
1 file changed, 4 insertions(+), 2 deletions(-)
21
22
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
23
index XXXXXXX..XXXXXXX 100644
24
--- a/hw/intc/arm_gic.c
25
+++ b/hw/intc/arm_gic.c
26
@@ -XXX,XX +XXX,XX @@ static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs)
27
if (irq >= s->num_irq) {
28
goto bad_reg;
29
}
30
- if (irq >= 29 && irq <= 31) {
31
+ if (irq < 29 && s->revision == REV_11MPCORE) {
32
+ res = 0;
33
+ } else if (irq < GIC_INTERNAL) {
34
res = cm;
35
} else {
36
res = GIC_TARGET(irq);
37
@@ -XXX,XX +XXX,XX @@ static void gic_dist_writeb(void *opaque, hwaddr offset,
38
if (irq >= s->num_irq) {
39
goto bad_reg;
40
}
41
- if (irq < 29) {
42
+ if (irq < 29 && s->revision == REV_11MPCORE) {
43
value = 0;
44
} else if (irq < GIC_INTERNAL) {
45
value = ALL_CPU_MASK;
46
--
47
2.17.1
48
49
diff view generated by jsdifflib
[Qemu-devel] [PULL 5/8] hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false
Deleted patch
1
From: Thomas Huth <thuth@redhat.com>
2
1
3
These devices are currently causing some problems when a user is trying
4
to hot-plug or introspect them during runtime. Since these devices can
5
not be instantiated by the user at all (they need to be wired up in code
6
instead), we should mark them with user_creatable = false anyway, then we
7
avoid at least the crashes with the hot-plugging. The introspection problem
8
will be handled by a separate patch.
9
10
Signed-off-by: Thomas Huth <thuth@redhat.com>
11
Message-id: 1531415537-26037-1-git-send-email-thuth@redhat.com
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Markus Armbruster <armbru@redhat.com>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
---
16
hw/arm/bcm2836.c | 2 ++
17
1 file changed, 2 insertions(+)
18
19
diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/arm/bcm2836.c
22
+++ b/hw/arm/bcm2836.c
23
@@ -XXX,XX +XXX,XX @@ static void bcm283x_class_init(ObjectClass *oc, void *data)
24
bc->info = data;
25
dc->realize = bcm2836_realize;
26
dc->props = bcm2836_props;
27
+ /* Reason: Must be wired up in code (see raspi_init() function) */
28
+ dc->user_creatable = false;
29
}
30
31
static const TypeInfo bcm283x_type_info = {
32
--
33
2.17.1
34
35
diff view generated by jsdifflib
[Qemu-devel] [PULL 6/8] bcm2835_aux: Swap RX and TX interrupt assignments
Deleted patch
1
From: Guenter Roeck <linux@roeck-us.net>
2
1
3
RX and TX interrupt bits were reversed, resulting in an endless sequence
4
of serial interupts in the emulated system and the following repeated
5
error message when booting Linux.
6
7
serial8250: too much work for irq61
8
9
This results in a boot failure most of the time.
10
11
Qemu command line used to reproduce the problem:
12
13
    qemu-system-aarch64 -M raspi3 -m 1024 \
14
    -kernel arch/arm64/boot/Image \
15
    --append "rdinit=/sbin/init console=ttyS1,115200"
16
    -initrd rootfs.cpio \
17
    -dtb arch/arm64/boot/dts/broadcom/bcm2837-rpi-3-b.dtb \
18
    -nographic -monitor null -serial null -serial stdio
19
20
This is with arm64:defconfig. The root file system was generated using
21
buildroot.
22
23
NB that this error likely arises from an erratum in the
24
BCM2835 datasheet where the TX and RX bits were swapped
25
in the AU_MU_IER_REG description (but correct for IIR):
26
https://elinux.org/BCM2835_datasheet_errata#p12
27
28
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
29
Message-id: 1529355846-25102-1-git-send-email-linux@roeck-us.net
30
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
31
[PMM: added NB about datasheet]
32
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
33
---
34
hw/char/bcm2835_aux.c | 4 ++--
35
1 file changed, 2 insertions(+), 2 deletions(-)
36
37
diff --git a/hw/char/bcm2835_aux.c b/hw/char/bcm2835_aux.c
38
index XXXXXXX..XXXXXXX 100644
39
--- a/hw/char/bcm2835_aux.c
40
+++ b/hw/char/bcm2835_aux.c
41
@@ -XXX,XX +XXX,XX @@
42
#define AUX_MU_BAUD_REG 0x68
43
44
/* bits in IER/IIR registers */
45
-#define TX_INT 0x1
46
-#define RX_INT 0x2
47
+#define RX_INT 0x1
48
+#define TX_INT 0x2
49
50
static void bcm2835_aux_update(BCM2835AuxState *s)
51
{
52
--
53
2.17.1
54
55
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.