| 1 | target-arm queue for 3.0: | 1 | A last small test of bug fixes before rc1. |
|---|---|---|---|
| 2 | |||
| 3 | Thomas' fixes for instrospection issues with a handful of | ||
| 4 | devices (including one microblaze one that I include in this | ||
| 5 | pullreq for convenience's sake), plus my bugfix for a | ||
| 6 | corner case of small MPU region support. | ||
| 7 | 2 | ||
| 8 | thanks | 3 | thanks |
| 9 | -- PMM | 4 | -- PMM |
| 10 | 5 | ||
| 11 | The following changes since commit 55b1f14cefcb19ce6d5e28c4c83404230888aa7e: | 6 | The following changes since commit ed8ad9728a9c0eec34db9dff61dfa2f1dd625637: |
| 12 | 7 | ||
| 13 | Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-3.0-pull-request' into staging (2018-07-23 14:03:14 +0100) | 8 | Merge tag 'pull-tpm-2023-07-14-1' of https://github.com/stefanberger/qemu-tpm into staging (2023-07-15 14:54:04 +0100) |
| 14 | 9 | ||
| 15 | are available in the Git repository at: | 10 | are available in the Git repository at: |
| 16 | 11 | ||
| 17 | git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180723 | 12 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230717 |
| 18 | 13 | ||
| 19 | for you to fetch changes up to 1ddc9b98c3cb89fe23a55ba924000fd645253e87: | 14 | for you to fetch changes up to c2c1c4a35c7c2b1a4140b0942b9797c857e476a4: |
| 20 | 15 | ||
| 21 | hw/intc/exynos4210_gic: Turn instance_init into realize function (2018-07-23 15:21:27 +0100) | 16 | hw/nvram: Avoid unnecessary Xilinx eFuse backstore write (2023-07-17 11:05:52 +0100) |
| 22 | 17 | ||
| 23 | ---------------------------------------------------------------- | 18 | ---------------------------------------------------------------- |
| 24 | target-arm queue: | 19 | target-arm queue: |
| 25 | * spitz, exynos: fix bugs when introspecting some devices | 20 | * hw/arm/sbsa-ref: set 'slots' property of xhci |
| 26 | * hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc' | 21 | * linux-user: Remove pointless NULL check in clock_adjtime handling |
| 27 | * target/arm: Correctly handle overlapping small MPU regions | 22 | * ptw: Fix S1_ptw_translate() debug path |
| 28 | * hw/sd/bcm2835_sdhost: Fix PIO mode writes | 23 | * ptw: Account for FEAT_RME when applying {N}SW, SA bits |
| 24 | * accel/tcg: Zero-pad PC in TCG CPU exec trace lines | ||
| 25 | * hw/nvram: Avoid unnecessary Xilinx eFuse backstore write | ||
| 29 | 26 | ||
| 30 | ---------------------------------------------------------------- | 27 | ---------------------------------------------------------------- |
| 31 | Guenter Roeck (1): | 28 | Peter Maydell (5): |
| 32 | hw/sd/bcm2835_sdhost: Fix PIO mode writes | 29 | linux-user: Remove pointless NULL check in clock_adjtime handling |
| 30 | target/arm/ptw.c: Add comments to S1Translate struct fields | ||
| 31 | target/arm: Fix S1_ptw_translate() debug path | ||
| 32 | target/arm/ptw.c: Account for FEAT_RME when applying {N}SW, SA bits | ||
| 33 | accel/tcg: Zero-pad PC in TCG CPU exec trace lines | ||
| 33 | 34 | ||
| 34 | Peter Maydell (1): | 35 | Tong Ho (1): |
| 35 | target/arm: Correctly handle overlapping small MPU regions | 36 | hw/nvram: Avoid unnecessary Xilinx eFuse backstore write |
| 36 | 37 | ||
| 37 | Thomas Huth (3): | 38 | Yuquan Wang (1): |
| 38 | hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc' | 39 | hw/arm/sbsa-ref: set 'slots' property of xhci |
| 39 | hw/arm/spitz: Move problematic nand_init() code to realize function | ||
| 40 | hw/intc/exynos4210_gic: Turn instance_init into realize function | ||
| 41 | 40 | ||
| 42 | hw/arm/spitz.c | 15 ++++++++++---- | 41 | accel/tcg/cpu-exec.c | 4 +-- |
| 43 | hw/intc/exynos4210_gic.c | 6 +++--- | 42 | accel/tcg/translate-all.c | 2 +- |
| 44 | hw/microblaze/xlnx-zynqmp-pmu.c | 10 ++++----- | 43 | hw/arm/sbsa-ref.c | 1 + |
| 45 | hw/sd/bcm2835_sdhost.c | 20 ++++++++++++++---- | 44 | hw/nvram/xlnx-efuse.c | 11 ++++-- |
| 46 | target/arm/helper.c | 46 +++++++++++++++++++++++++++++++++++++++++ | 45 | linux-user/syscall.c | 12 +++---- |
| 47 | 5 files changed, 80 insertions(+), 17 deletions(-) | 46 | target/arm/ptw.c | 90 +++++++++++++++++++++++++++++++++++++++++------ |
| 48 | 47 | 6 files changed, 98 insertions(+), 22 deletions(-) | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | From: Yuquan Wang <wangyuquan1236@phytium.com.cn> | ||
| 1 | 2 | ||
| 3 | This extends the slots of xhci to 64, since the default xhci_sysbus | ||
| 4 | just supports one slot. | ||
| 5 | |||
| 6 | Signed-off-by: Wang Yuquan <wangyuquan1236@phytium.com.cn> | ||
| 7 | Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn> | ||
| 8 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 9 | Reviewed-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> | ||
| 10 | Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> | ||
| 11 | Message-id: 20230710063750.473510-2-wangyuquan1236@phytium.com.cn | ||
| 12 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 13 | --- | ||
| 14 | hw/arm/sbsa-ref.c | 1 + | ||
| 15 | 1 file changed, 1 insertion(+) | ||
| 16 | |||
| 17 | diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c | ||
| 18 | index XXXXXXX..XXXXXXX 100644 | ||
| 19 | --- a/hw/arm/sbsa-ref.c | ||
| 20 | +++ b/hw/arm/sbsa-ref.c | ||
| 21 | @@ -XXX,XX +XXX,XX @@ static void create_xhci(const SBSAMachineState *sms) | ||
| 22 | hwaddr base = sbsa_ref_memmap[SBSA_XHCI].base; | ||
| 23 | int irq = sbsa_ref_irqmap[SBSA_XHCI]; | ||
| 24 | DeviceState *dev = qdev_new(TYPE_XHCI_SYSBUS); | ||
| 25 | + qdev_prop_set_uint32(dev, "slots", XHCI_MAXSLOTS); | ||
| 26 | |||
| 27 | sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); | ||
| 28 | sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); | ||
| 29 | -- | ||
| 30 | 2.34.1 | diff view generated by jsdifflib |
| 1 | To correctly handle small (less than TARGET_PAGE_SIZE) MPU regions, | 1 | In the code for TARGET_NR_clock_adjtime, we set the pointer phtx to |
|---|---|---|---|
| 2 | we must correctly handle the case where the address being looked | 2 | the address of the local variable htx. This means it can never be |
| 3 | up hits in an MPU region that is not small but the address is | 3 | NULL, but later in the code we check it for NULL anyway. Coverity |
| 4 | in the same page as a small region. For instance if MPU region | 4 | complains about this (CID 1507683) because the NULL check comes after |
| 5 | 1 covers an entire page from 0x2000 to 0x2400 and MPU region | 5 | a call to clock_adjtime() that assumes it is non-NULL. |
| 6 | 2 is small and covers only 0x2200 to 0x2280, then for an access | ||
| 7 | to 0x2000 we must not return a result covering the full page | ||
| 8 | even though we hit the page-sized region 1. Otherwise we will | ||
| 9 | then cache that result in the TLB and accesses that should | ||
| 10 | hit region 2 will incorrectly find the region 1 information. | ||
| 11 | 6 | ||
| 12 | Check for the case where we miss an MPU region but it is still | 7 | Since phtx is always &htx, and is used only in three places, it's not |
| 13 | within the same page, and in that case narrow the size we will | 8 | really necessary. Remove it, bringing the code structure in to line |
| 14 | pass to tlb_set_page_with_attrs() for whatever the final | 9 | with that for TARGET_NR_clock_adjtime64, which already uses a simple |
| 15 | outcome is of the MPU lookup. | 10 | '&htx' when it wants a pointer to 'htx'. |
| 16 | 11 | ||
| 17 | Reported-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com> | ||
| 18 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 12 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
| 13 | Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> | ||
| 19 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | 14 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
| 20 | Message-id: 20180716133302.25989-1-peter.maydell@linaro.org | 15 | Message-id: 20230623144410.1837261-1-peter.maydell@linaro.org |
| 21 | --- | 16 | --- |
| 22 | target/arm/helper.c | 46 +++++++++++++++++++++++++++++++++++++++++++++ | 17 | linux-user/syscall.c | 12 +++++------- |
| 23 | 1 file changed, 46 insertions(+) | 18 | 1 file changed, 5 insertions(+), 7 deletions(-) |
| 24 | 19 | ||
| 25 | diff --git a/target/arm/helper.c b/target/arm/helper.c | 20 | diff --git a/linux-user/syscall.c b/linux-user/syscall.c |
| 26 | index XXXXXXX..XXXXXXX 100644 | 21 | index XXXXXXX..XXXXXXX 100644 |
| 27 | --- a/target/arm/helper.c | 22 | --- a/linux-user/syscall.c |
| 28 | +++ b/target/arm/helper.c | 23 | +++ b/linux-user/syscall.c |
| 29 | @@ -XXX,XX +XXX,XX @@ | 24 | @@ -XXX,XX +XXX,XX @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, |
| 30 | #include "exec/semihost.h" | 25 | #if defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME) |
| 31 | #include "sysemu/kvm.h" | 26 | case TARGET_NR_clock_adjtime: |
| 32 | #include "fpu/softfloat.h" | 27 | { |
| 33 | +#include "qemu/range.h" | 28 | - struct timex htx, *phtx = &htx; |
| 34 | 29 | + struct timex htx; | |
| 35 | #define ARM_CPU_FREQ 1000000000 /* FIXME: 1 GHz, should be configurable */ | 30 | |
| 36 | 31 | - if (target_to_host_timex(phtx, arg2) != 0) { | |
| 37 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address, | 32 | + if (target_to_host_timex(&htx, arg2) != 0) { |
| 33 | return -TARGET_EFAULT; | ||
| 38 | } | 34 | } |
| 39 | 35 | - ret = get_errno(clock_adjtime(arg1, phtx)); | |
| 40 | if (address < base || address > base + rmask) { | 36 | - if (!is_error(ret) && phtx) { |
| 41 | + /* | 37 | - if (host_to_target_timex(arg2, phtx) != 0) { |
| 42 | + * Address not in this region. We must check whether the | 38 | - return -TARGET_EFAULT; |
| 43 | + * region covers addresses in the same page as our address. | 39 | - } |
| 44 | + * In that case we must not report a size that covers the | 40 | + ret = get_errno(clock_adjtime(arg1, &htx)); |
| 45 | + * whole page for a subsequent hit against a different MPU | 41 | + if (!is_error(ret) && host_to_target_timex(arg2, &htx)) { |
| 46 | + * region or the background region, because it would result in | 42 | + return -TARGET_EFAULT; |
| 47 | + * incorrect TLB hits for subsequent accesses to addresses that | ||
| 48 | + * are in this MPU region. | ||
| 49 | + */ | ||
| 50 | + if (ranges_overlap(base, rmask, | ||
| 51 | + address & TARGET_PAGE_MASK, | ||
| 52 | + TARGET_PAGE_SIZE)) { | ||
| 53 | + *page_size = 1; | ||
| 54 | + } | ||
| 55 | continue; | ||
| 56 | } | ||
| 57 | |||
| 58 | @@ -XXX,XX +XXX,XX @@ static void v8m_security_lookup(CPUARMState *env, uint32_t address, | ||
| 59 | sattrs->srvalid = true; | ||
| 60 | sattrs->sregion = r; | ||
| 61 | } | ||
| 62 | + } else { | ||
| 63 | + /* | ||
| 64 | + * Address not in this region. We must check whether the | ||
| 65 | + * region covers addresses in the same page as our address. | ||
| 66 | + * In that case we must not report a size that covers the | ||
| 67 | + * whole page for a subsequent hit against a different MPU | ||
| 68 | + * region or the background region, because it would result | ||
| 69 | + * in incorrect TLB hits for subsequent accesses to | ||
| 70 | + * addresses that are in this MPU region. | ||
| 71 | + */ | ||
| 72 | + if (limit >= base && | ||
| 73 | + ranges_overlap(base, limit - base + 1, | ||
| 74 | + addr_page_base, | ||
| 75 | + TARGET_PAGE_SIZE)) { | ||
| 76 | + sattrs->subpage = true; | ||
| 77 | + } | ||
| 78 | } | ||
| 79 | } | 43 | } |
| 80 | } | 44 | } |
| 81 | @@ -XXX,XX +XXX,XX @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address, | 45 | return ret; |
| 82 | } | ||
| 83 | |||
| 84 | if (address < base || address > limit) { | ||
| 85 | + /* | ||
| 86 | + * Address not in this region. We must check whether the | ||
| 87 | + * region covers addresses in the same page as our address. | ||
| 88 | + * In that case we must not report a size that covers the | ||
| 89 | + * whole page for a subsequent hit against a different MPU | ||
| 90 | + * region or the background region, because it would result in | ||
| 91 | + * incorrect TLB hits for subsequent accesses to addresses that | ||
| 92 | + * are in this MPU region. | ||
| 93 | + */ | ||
| 94 | + if (limit >= base && | ||
| 95 | + ranges_overlap(base, limit - base + 1, | ||
| 96 | + addr_page_base, | ||
| 97 | + TARGET_PAGE_SIZE)) { | ||
| 98 | + *is_subpage = true; | ||
| 99 | + } | ||
| 100 | continue; | ||
| 101 | } | ||
| 102 | |||
| 103 | -- | 46 | -- |
| 104 | 2.17.1 | 47 | 2.34.1 |
| 105 | 48 | ||
| 106 | 49 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | Add comments to the in_* fields in the S1Translate struct | ||
| 2 | that explain what they're doing. | ||
| 1 | 3 | ||
| 4 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 5 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 6 | Message-id: 20230710152130.3928330-2-peter.maydell@linaro.org | ||
| 7 | --- | ||
| 8 | target/arm/ptw.c | 40 ++++++++++++++++++++++++++++++++++++++++ | ||
| 9 | 1 file changed, 40 insertions(+) | ||
| 10 | |||
| 11 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c | ||
| 12 | index XXXXXXX..XXXXXXX 100644 | ||
| 13 | --- a/target/arm/ptw.c | ||
| 14 | +++ b/target/arm/ptw.c | ||
| 15 | @@ -XXX,XX +XXX,XX @@ | ||
| 16 | #endif | ||
| 17 | |||
| 18 | typedef struct S1Translate { | ||
| 19 | + /* | ||
| 20 | + * in_mmu_idx : specifies which TTBR, TCR, etc to use for the walk. | ||
| 21 | + * Together with in_space, specifies the architectural translation regime. | ||
| 22 | + */ | ||
| 23 | ARMMMUIdx in_mmu_idx; | ||
| 24 | + /* | ||
| 25 | + * in_ptw_idx: specifies which mmuidx to use for the actual | ||
| 26 | + * page table descriptor load operations. This will be one of the | ||
| 27 | + * ARMMMUIdx_Stage2* or one of the ARMMMUIdx_Phys_* indexes. | ||
| 28 | + * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit, | ||
| 29 | + * this field is updated accordingly. | ||
| 30 | + */ | ||
| 31 | ARMMMUIdx in_ptw_idx; | ||
| 32 | + /* | ||
| 33 | + * in_space: the security space for this walk. This plus | ||
| 34 | + * the in_mmu_idx specify the architectural translation regime. | ||
| 35 | + * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit, | ||
| 36 | + * this field is updated accordingly. | ||
| 37 | + * | ||
| 38 | + * Note that the security space for the in_ptw_idx may be different | ||
| 39 | + * from that for the in_mmu_idx. We do not need to explicitly track | ||
| 40 | + * the in_ptw_idx security space because: | ||
| 41 | + * - if the in_ptw_idx is an ARMMMUIdx_Phys_* then the mmuidx | ||
| 42 | + * itself specifies the security space | ||
| 43 | + * - if the in_ptw_idx is an ARMMMUIdx_Stage2* then the security | ||
| 44 | + * space used for ptw reads is the same as that of the security | ||
| 45 | + * space of the stage 1 translation for all cases except where | ||
| 46 | + * stage 1 is Secure; in that case the only possibilities for | ||
| 47 | + * the ptw read are Secure and NonSecure, and the in_ptw_idx | ||
| 48 | + * value being Stage2 vs Stage2_S distinguishes those. | ||
| 49 | + */ | ||
| 50 | ARMSecuritySpace in_space; | ||
| 51 | + /* | ||
| 52 | + * in_secure: whether the translation regime is a Secure one. | ||
| 53 | + * This is always equal to arm_space_is_secure(in_space). | ||
| 54 | + * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit, | ||
| 55 | + * this field is updated accordingly. | ||
| 56 | + */ | ||
| 57 | bool in_secure; | ||
| 58 | + /* | ||
| 59 | + * in_debug: is this a QEMU debug access (gdbstub, etc)? Debug | ||
| 60 | + * accesses will not update the guest page table access flags | ||
| 61 | + * and will not change the state of the softmmu TLBs. | ||
| 62 | + */ | ||
| 63 | bool in_debug; | ||
| 64 | /* | ||
| 65 | * If this is stage 2 of a stage 1+2 page table walk, then this must | ||
| 66 | -- | ||
| 67 | 2.34.1 | diff view generated by jsdifflib |
| 1 | From: Thomas Huth <thuth@redhat.com> | 1 | In commit fe4a5472ccd6 we rearranged the logic in S1_ptw_translate() |
|---|---|---|---|
| 2 | so that the debug-access "call get_phys_addr_*" codepath is used both | ||
| 3 | when S1 is doing ptw reads from stage 2 and when it is doing ptw | ||
| 4 | reads from physical memory. However, we didn't update the | ||
| 5 | calculation of s2ptw->in_space and s2ptw->in_secure to account for | ||
| 6 | the "ptw reads from physical memory" case. This meant that debug | ||
| 7 | accesses when in Secure state broke. | ||
| 2 | 8 | ||
| 3 | The instance_init function of the "exynos4210.gic" device creates a | 9 | Create a new function S2_security_space() which returns the |
| 4 | new "arm_gic" device and immediately realizes it with qdev_init_nofail(). | 10 | correct security space to use for the ptw load, and use it to |
| 5 | This will leave a lot of object in the QOM tree during introspection of | 11 | determine the correct .in_secure and .in_space fields for the |
| 6 | the "exynos4210.gic" device, e.g. reproducible by starting QEMU like this: | 12 | stage 2 lookup for the ptw load. |
| 7 | 13 | ||
| 8 | qemu-system-aarch64 -M none -nodefaults -nographic -monitor stdio | 14 | Reported-by: Jean-Philippe Brucker <jean-philippe@linaro.org> |
| 9 | 15 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | |
| 10 | And then by running "info qom-tree" at the HMP monitor, followed by | 16 | Tested-by: Jean-Philippe Brucker <jean-philippe@linaro.org> |
| 11 | "device_add exynos4210.gic,help" and finally checking "info qom-tree" | 17 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
| 12 | again. | 18 | Message-id: 20230710152130.3928330-3-peter.maydell@linaro.org |
| 13 | 19 | Fixes: fe4a5472ccd6 ("target/arm: Use get_phys_addr_with_struct in S1_ptw_translate") | |
| 14 | Also note that qdev_init_nofail() can exit QEMU in case of errors - and | ||
| 15 | this must never happen during an instance_init function, otherwise QEMU | ||
| 16 | could terminate unexpectedly during introspection of a device. | ||
| 17 | |||
| 18 | Since most of the code that follows the qdev_init_nofail() depends on | ||
| 19 | the realized "gicbusdev", the easiest solution to the problem is to | ||
| 20 | turn the whole instance_init function into a realize function instead. | ||
| 21 | |||
| 22 | Signed-off-by: Thomas Huth <thuth@redhat.com> | ||
| 23 | Message-id: 1532337784-334-1-git-send-email-thuth@redhat.com | ||
| 24 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 25 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 20 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
| 26 | --- | 21 | --- |
| 27 | hw/intc/exynos4210_gic.c | 6 +++--- | 22 | target/arm/ptw.c | 37 ++++++++++++++++++++++++++++++++----- |
| 28 | 1 file changed, 3 insertions(+), 3 deletions(-) | 23 | 1 file changed, 32 insertions(+), 5 deletions(-) |
| 29 | 24 | ||
| 30 | diff --git a/hw/intc/exynos4210_gic.c b/hw/intc/exynos4210_gic.c | 25 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c |
| 31 | index XXXXXXX..XXXXXXX 100644 | 26 | index XXXXXXX..XXXXXXX 100644 |
| 32 | --- a/hw/intc/exynos4210_gic.c | 27 | --- a/target/arm/ptw.c |
| 33 | +++ b/hw/intc/exynos4210_gic.c | 28 | +++ b/target/arm/ptw.c |
| 34 | @@ -XXX,XX +XXX,XX @@ static void exynos4210_gic_set_irq(void *opaque, int irq, int level) | 29 | @@ -XXX,XX +XXX,XX @@ static bool S2_attrs_are_device(uint64_t hcr, uint8_t attrs) |
| 35 | qemu_set_irq(qdev_get_gpio_in(s->gic, irq), level); | 30 | } |
| 36 | } | 31 | } |
| 37 | 32 | ||
| 38 | -static void exynos4210_gic_init(Object *obj) | 33 | +static ARMSecuritySpace S2_security_space(ARMSecuritySpace s1_space, |
| 39 | +static void exynos4210_gic_realize(DeviceState *dev, Error **errp) | 34 | + ARMMMUIdx s2_mmu_idx) |
| 35 | +{ | ||
| 36 | + /* | ||
| 37 | + * Return the security space to use for stage 2 when doing | ||
| 38 | + * the S1 page table descriptor load. | ||
| 39 | + */ | ||
| 40 | + if (regime_is_stage2(s2_mmu_idx)) { | ||
| 41 | + /* | ||
| 42 | + * The security space for ptw reads is almost always the same | ||
| 43 | + * as that of the security space of the stage 1 translation. | ||
| 44 | + * The only exception is when stage 1 is Secure; in that case | ||
| 45 | + * the ptw read might be to the Secure or the NonSecure space | ||
| 46 | + * (but never Realm or Root), and the s2_mmu_idx tells us which. | ||
| 47 | + * Root translations are always single-stage. | ||
| 48 | + */ | ||
| 49 | + if (s1_space == ARMSS_Secure) { | ||
| 50 | + return arm_secure_to_space(s2_mmu_idx == ARMMMUIdx_Stage2_S); | ||
| 51 | + } else { | ||
| 52 | + assert(s2_mmu_idx != ARMMMUIdx_Stage2_S); | ||
| 53 | + assert(s1_space != ARMSS_Root); | ||
| 54 | + return s1_space; | ||
| 55 | + } | ||
| 56 | + } else { | ||
| 57 | + /* ptw loads are from phys: the mmu idx itself says which space */ | ||
| 58 | + return arm_phys_to_space(s2_mmu_idx); | ||
| 59 | + } | ||
| 60 | +} | ||
| 61 | + | ||
| 62 | /* Translate a S1 pagetable walk through S2 if needed. */ | ||
| 63 | static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw, | ||
| 64 | hwaddr addr, ARMMMUFaultInfo *fi) | ||
| 40 | { | 65 | { |
| 41 | - DeviceState *dev = DEVICE(obj); | 66 | - ARMSecuritySpace space = ptw->in_space; |
| 42 | + Object *obj = OBJECT(dev); | 67 | bool is_secure = ptw->in_secure; |
| 43 | Exynos4210GicState *s = EXYNOS4210_GIC(obj); | 68 | ARMMMUIdx mmu_idx = ptw->in_mmu_idx; |
| 44 | SysBusDevice *sbd = SYS_BUS_DEVICE(obj); | 69 | ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx; |
| 45 | const char cpu_prefix[] = "exynos4210-gic-alias_cpu"; | 70 | @@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw, |
| 46 | @@ -XXX,XX +XXX,XX @@ static void exynos4210_gic_class_init(ObjectClass *klass, void *data) | 71 | * From gdbstub, do not use softmmu so that we don't modify the |
| 47 | DeviceClass *dc = DEVICE_CLASS(klass); | 72 | * state of the cpu at all, including softmmu tlb contents. |
| 48 | 73 | */ | |
| 49 | dc->props = exynos4210_gic_properties; | 74 | + ARMSecuritySpace s2_space = S2_security_space(ptw->in_space, s2_mmu_idx); |
| 50 | + dc->realize = exynos4210_gic_realize; | 75 | S1Translate s2ptw = { |
| 51 | } | 76 | .in_mmu_idx = s2_mmu_idx, |
| 52 | 77 | .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx), | |
| 53 | static const TypeInfo exynos4210_gic_info = { | 78 | - .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S, |
| 54 | .name = TYPE_EXYNOS4210_GIC, | 79 | - .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure |
| 55 | .parent = TYPE_SYS_BUS_DEVICE, | 80 | - : space == ARMSS_Realm ? ARMSS_Realm |
| 56 | .instance_size = sizeof(Exynos4210GicState), | 81 | - : ARMSS_NonSecure), |
| 57 | - .instance_init = exynos4210_gic_init, | 82 | + .in_secure = arm_space_is_secure(s2_space), |
| 58 | .class_init = exynos4210_gic_class_init, | 83 | + .in_space = s2_space, |
| 59 | }; | 84 | .in_debug = true, |
| 60 | 85 | }; | |
| 86 | GetPhysAddrResult s2 = { }; | ||
| 61 | -- | 87 | -- |
| 62 | 2.17.1 | 88 | 2.34.1 |
| 63 | |||
| 64 | diff view generated by jsdifflib |
| 1 | From: Thomas Huth <thuth@redhat.com> | 1 | In get_phys_addr_twostage() the code that applies the effects of |
|---|---|---|---|
| 2 | VSTCR.{SA,SW} and VTCR.{NSA,NSW} only updates result->f.attrs.secure. | ||
| 3 | Now we also have f.attrs.space for FEAT_RME, we need to keep the two | ||
| 4 | in sync. | ||
| 2 | 5 | ||
| 3 | nand_init() does not only create the NAND device, it also realizes | 6 | These bits only have an effect for Secure space translations, not |
| 4 | the device with qdev_init_nofail() already. So we must not call | 7 | for Root, so use the input in_space field to determine whether to |
| 5 | nand_init() from an instance_init function like sl_nand_init(), | 8 | apply them rather than the input is_secure. This doesn't actually |
| 6 | otherwise we get superfluous NAND devices in the QOM tree after | 9 | make a difference because Root translations are never two-stage, |
| 7 | introspecting the 'sl-nand' device. So move the nand_init() to the | 10 | but it's a little clearer. |
| 8 | realize function of 'sl-nand' instead. | ||
| 9 | 11 | ||
| 10 | Signed-off-by: Thomas Huth <thuth@redhat.com> | ||
| 11 | Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> | ||
| 12 | Message-id: 1532006134-7701-1-git-send-email-thuth@redhat.com | ||
| 13 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 14 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 12 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
| 13 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 14 | Message-id: 20230710152130.3928330-4-peter.maydell@linaro.org | ||
| 15 | --- | 15 | --- |
| 16 | hw/arm/spitz.c | 15 +++++++++++---- | 16 | target/arm/ptw.c | 13 ++++++++----- |
| 17 | 1 file changed, 11 insertions(+), 4 deletions(-) | 17 | 1 file changed, 8 insertions(+), 5 deletions(-) |
| 18 | 18 | ||
| 19 | diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c | 19 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c |
| 20 | index XXXXXXX..XXXXXXX 100644 | 20 | index XXXXXXX..XXXXXXX 100644 |
| 21 | --- a/hw/arm/spitz.c | 21 | --- a/target/arm/ptw.c |
| 22 | +++ b/hw/arm/spitz.c | 22 | +++ b/target/arm/ptw.c |
| 23 | @@ -XXX,XX +XXX,XX @@ static void sl_nand_init(Object *obj) | 23 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, |
| 24 | { | 24 | hwaddr ipa; |
| 25 | SLNANDState *s = SL_NAND(obj); | 25 | int s1_prot, s1_lgpgsz; |
| 26 | SysBusDevice *dev = SYS_BUS_DEVICE(obj); | 26 | bool is_secure = ptw->in_secure; |
| 27 | - DriveInfo *nand; | 27 | + ARMSecuritySpace in_space = ptw->in_space; |
| 28 | 28 | bool ret, ipa_secure; | |
| 29 | s->ctl = 0; | 29 | ARMCacheAttrs cacheattrs1; |
| 30 | + | 30 | ARMSecuritySpace ipa_space; |
| 31 | + memory_region_init_io(&s->iomem, obj, &sl_ops, s, "sl", 0x40); | 31 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, |
| 32 | + sysbus_init_mmio(dev, &s->iomem); | 32 | * Check if IPA translates to secure or non-secure PA space. |
| 33 | +} | 33 | * Note that VSTCR overrides VTCR and {N}SW overrides {N}SA. |
| 34 | + | 34 | */ |
| 35 | +static void sl_nand_realize(DeviceState *dev, Error **errp) | 35 | - result->f.attrs.secure = |
| 36 | +{ | 36 | - (is_secure |
| 37 | + SLNANDState *s = SL_NAND(dev); | 37 | - && !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)) |
| 38 | + DriveInfo *nand; | 38 | - && (ipa_secure |
| 39 | + | 39 | - || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW)))); |
| 40 | /* FIXME use a qdev drive property instead of drive_get() */ | 40 | + if (in_space == ARMSS_Secure) { |
| 41 | nand = drive_get(IF_MTD, 0, 0); | 41 | + result->f.attrs.secure = |
| 42 | s->nand = nand_init(nand ? blk_by_legacy_dinfo(nand) : NULL, | 42 | + !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)) |
| 43 | s->manf_id, s->chip_id); | 43 | + && (ipa_secure |
| 44 | - | 44 | + || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))); |
| 45 | - memory_region_init_io(&s->iomem, obj, &sl_ops, s, "sl", 0x40); | 45 | + result->f.attrs.space = arm_secure_to_space(result->f.attrs.secure); |
| 46 | - sysbus_init_mmio(dev, &s->iomem); | 46 | + } |
| 47 | } | 47 | |
| 48 | 48 | return false; | |
| 49 | /* Spitz Keyboard */ | ||
| 50 | @@ -XXX,XX +XXX,XX @@ static void sl_nand_class_init(ObjectClass *klass, void *data) | ||
| 51 | |||
| 52 | dc->vmsd = &vmstate_sl_nand_info; | ||
| 53 | dc->props = sl_nand_properties; | ||
| 54 | + dc->realize = sl_nand_realize; | ||
| 55 | /* Reason: init() method uses drive_get() */ | ||
| 56 | dc->user_creatable = false; | ||
| 57 | } | 49 | } |
| 58 | -- | 50 | -- |
| 59 | 2.17.1 | 51 | 2.34.1 |
| 60 | |||
| 61 | diff view generated by jsdifflib |
| 1 | From: Guenter Roeck <linux@roeck-us.net> | 1 | In commit f0a08b0913befbd we changed the type of the PC from |
|---|---|---|---|
| 2 | target_ulong to vaddr. In doing so we inadvertently dropped the | ||
| 3 | zero-padding on the PC in trace lines (the second item inside the [] | ||
| 4 | in these lines). They used to look like this on AArch64, for | ||
| 5 | instance: | ||
| 2 | 6 | ||
| 3 | Writes in PIO mode have two requirements: | 7 | Trace 0: 0x7f2260000100 [00000000/0000000040000000/00000061/ff200000] |
| 4 | 8 | ||
| 5 | - A data interrupt must be generated after a write command has been | 9 | and now they look like this: |
| 6 | issued to indicate that the chip is ready to receive data. | 10 | Trace 0: 0x7f4f50000100 [00000000/40000000/00000061/ff200000] |
| 7 | - A block interrupt must be generated after each block to indicate | ||
| 8 | that the chip is ready to receive the next data block. | ||
| 9 | 11 | ||
| 10 | Rearrange the code to make this happen. Tested on raspi3 (in PIO mode) | 12 | and if the PC happens to be somewhere low like 0x5000 |
| 11 | and raspi2 (in DMA mode). | 13 | then the field is shown as /5000/. |
| 12 | 14 | ||
| 13 | Signed-off-by: Guenter Roeck <linux@roeck-us.net> | 15 | This is because TARGET_FMT_lx is a "%08x" or "%016x" specifier, |
| 14 | Message-id: 1531779837-20557-1-git-send-email-linux@roeck-us.net | 16 | depending on TARGET_LONG_SIZE, whereas VADDR_PRIx is just PRIx64 |
| 15 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | 17 | with no width specifier. |
| 18 | |||
| 19 | Restore the zero-padding by adding an 016 width specifier to | ||
| 20 | this tracing and a couple of others that were similarly recently | ||
| 21 | changed to use VADDR_PRIx without a width specifier. | ||
| 22 | |||
| 23 | We can't unfortunately restore the "32-bit guests are padded to | ||
| 24 | 8 hex digits and 64-bit guests to 16 hex digits" behaviour so | ||
| 25 | easily. | ||
| 26 | |||
| 27 | Fixes: f0a08b0913befbd ("accel/tcg/cpu-exec.c: Widen pc to vaddr") | ||
| 16 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 28 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
| 29 | Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> | ||
| 30 | Reviewed-by: Anton Johansson <anjo@rev.ng> | ||
| 31 | Message-id: 20230711165434.4123674-1-peter.maydell@linaro.org | ||
| 17 | --- | 32 | --- |
| 18 | hw/sd/bcm2835_sdhost.c | 20 ++++++++++++++++---- | 33 | accel/tcg/cpu-exec.c | 4 ++-- |
| 19 | 1 file changed, 16 insertions(+), 4 deletions(-) | 34 | accel/tcg/translate-all.c | 2 +- |
| 35 | 2 files changed, 3 insertions(+), 3 deletions(-) | ||
| 20 | 36 | ||
| 21 | diff --git a/hw/sd/bcm2835_sdhost.c b/hw/sd/bcm2835_sdhost.c | 37 | diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c |
| 22 | index XXXXXXX..XXXXXXX 100644 | 38 | index XXXXXXX..XXXXXXX 100644 |
| 23 | --- a/hw/sd/bcm2835_sdhost.c | 39 | --- a/accel/tcg/cpu-exec.c |
| 24 | +++ b/hw/sd/bcm2835_sdhost.c | 40 | +++ b/accel/tcg/cpu-exec.c |
| 25 | @@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_fifo_run(BCM2835SDHostState *s) | 41 | @@ -XXX,XX +XXX,XX @@ static void log_cpu_exec(vaddr pc, CPUState *cpu, |
| 26 | uint32_t value = 0; | 42 | if (qemu_log_in_addr_range(pc)) { |
| 27 | int n; | 43 | qemu_log_mask(CPU_LOG_EXEC, |
| 28 | int is_read; | 44 | "Trace %d: %p [%08" PRIx64 |
| 29 | + int is_write; | 45 | - "/%" VADDR_PRIx "/%08x/%08x] %s\n", |
| 30 | 46 | + "/%016" VADDR_PRIx "/%08x/%08x] %s\n", | |
| 31 | is_read = (s->cmd & SDCMD_READ_CMD) != 0; | 47 | cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc, |
| 32 | - if (s->datacnt != 0 && (!is_read || sdbus_data_ready(&s->sdbus))) { | 48 | tb->flags, tb->cflags, lookup_symbol(pc)); |
| 33 | + is_write = (s->cmd & SDCMD_WRITE_CMD) != 0; | 49 | |
| 34 | + if (s->datacnt != 0 && (is_write || sdbus_data_ready(&s->sdbus))) { | 50 | @@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit) |
| 35 | if (is_read) { | 51 | if (qemu_loglevel_mask(CPU_LOG_EXEC)) { |
| 36 | n = 0; | 52 | vaddr pc = log_pc(cpu, last_tb); |
| 37 | while (s->datacnt && s->fifo_len < BCM2835_SDHOST_FIFO_LEN) { | 53 | if (qemu_log_in_addr_range(pc)) { |
| 38 | @@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_fifo_run(BCM2835SDHostState *s) | 54 | - qemu_log("Stopped execution of TB chain before %p [%" |
| 39 | if (n != 0) { | 55 | + qemu_log("Stopped execution of TB chain before %p [%016" |
| 40 | bcm2835_sdhost_fifo_push(s, value); | 56 | VADDR_PRIx "] %s\n", |
| 41 | s->status |= SDHSTS_DATA_FLAG; | 57 | last_tb->tc.ptr, pc, lookup_symbol(pc)); |
| 42 | + if (s->config & SDHCFG_DATA_IRPT_EN) { | ||
| 43 | + s->status |= SDHSTS_SDIO_IRPT; | ||
| 44 | + } | ||
| 45 | } | 58 | } |
| 46 | - } else { /* write */ | 59 | diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c |
| 47 | + } else if (is_write) { /* write */ | 60 | index XXXXXXX..XXXXXXX 100644 |
| 48 | n = 0; | 61 | --- a/accel/tcg/translate-all.c |
| 49 | while (s->datacnt > 0 && (s->fifo_len > 0 || n > 0)) { | 62 | +++ b/accel/tcg/translate-all.c |
| 50 | if (n == 0) { | 63 | @@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr) |
| 51 | @@ -XXX,XX +XXX,XX @@ static void bcm2835_sdhost_fifo_run(BCM2835SDHostState *s) | 64 | if (qemu_loglevel_mask(CPU_LOG_EXEC)) { |
| 52 | s->edm &= ~SDEDM_FSM_MASK; | 65 | vaddr pc = log_pc(cpu, tb); |
| 53 | s->edm |= SDEDM_FSM_DATAMODE; | 66 | if (qemu_log_in_addr_range(pc)) { |
| 54 | trace_bcm2835_sdhost_edm_change("datacnt 0", s->edm); | 67 | - qemu_log("cpu_io_recompile: rewound execution of TB to %" |
| 55 | - | 68 | + qemu_log("cpu_io_recompile: rewound execution of TB to %016" |
| 56 | - if ((s->cmd & SDCMD_WRITE_CMD) && | 69 | VADDR_PRIx "\n", pc); |
| 57 | + } | ||
| 58 | + if (is_write) { | ||
| 59 | + /* set block interrupt at end of each block transfer */ | ||
| 60 | + if (s->hbct && s->datacnt % s->hbct == 0 && | ||
| 61 | (s->config & SDHCFG_BLOCK_IRPT_EN)) { | ||
| 62 | s->status |= SDHSTS_BLOCK_IRPT; | ||
| 63 | } | ||
| 64 | + /* set data interrupt after each transfer */ | ||
| 65 | + s->status |= SDHSTS_DATA_FLAG; | ||
| 66 | + if (s->config & SDHCFG_DATA_IRPT_EN) { | ||
| 67 | + s->status |= SDHSTS_SDIO_IRPT; | ||
| 68 | + } | ||
| 69 | } | 70 | } |
| 70 | } | 71 | } |
| 71 | |||
| 72 | -- | 72 | -- |
| 73 | 2.17.1 | 73 | 2.34.1 |
| 74 | 74 | ||
| 75 | 75 | diff view generated by jsdifflib |
| 1 | From: Thomas Huth <thuth@redhat.com> | 1 | From: Tong Ho <tong.ho@amd.com> |
|---|---|---|---|
| 2 | 2 | ||
| 3 | Valgrind complains: | 3 | Add a check in the bit-set operation to write the backstore |
| 4 | only if the affected bit is 0 before. | ||
| 4 | 5 | ||
| 5 | echo "{'execute':'qmp_capabilities'} {'execute':'device-list-properties'," \ | 6 | With this in place, there will be no need for callers to |
| 6 | "'arguments':{'typename':'xlnx,zynqmp-pmu-soc'}}" \ | 7 | do the checking in order to avoid unnecessary writes. |
| 7 | "{'execute': 'human-monitor-command', " \ | ||
| 8 | "'arguments': {'command-line': 'info qtree'}}" | \ | ||
| 9 | valgrind -q microblazeel-softmmu/qemu-system-microblazeel -M none,accel=qtest -qmp stdio | ||
| 10 | [...] | ||
| 11 | ==13605== Invalid read of size 8 | ||
| 12 | ==13605== at 0x2AC69A: qdev_print (qdev-monitor.c:686) | ||
| 13 | ==13605== by 0x2AC69A: qbus_print (qdev-monitor.c:719) | ||
| 14 | ==13605== by 0x2591E8: handle_hmp_command (monitor.c:3446) | ||
| 15 | 8 | ||
| 16 | Use the new object_initialize_child() and sysbus_init_child_obj() to | 9 | Signed-off-by: Tong Ho <tong.ho@amd.com> |
| 17 | fix the issue. | 10 | Reviewed-by: Alistair Francis <alistair.francis@wdc.com> |
| 18 | 11 | Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com> | |
| 19 | Signed-off-by: Thomas Huth <thuth@redhat.com> | 12 | Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> |
| 20 | Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> | ||
| 21 | Message-id: 1531839343-13828-1-git-send-email-thuth@redhat.com | ||
| 22 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 13 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
| 23 | --- | 14 | --- |
| 24 | hw/microblaze/xlnx-zynqmp-pmu.c | 10 ++++------ | 15 | hw/nvram/xlnx-efuse.c | 11 +++++++++-- |
| 25 | 1 file changed, 4 insertions(+), 6 deletions(-) | 16 | 1 file changed, 9 insertions(+), 2 deletions(-) |
| 26 | 17 | ||
| 27 | diff --git a/hw/microblaze/xlnx-zynqmp-pmu.c b/hw/microblaze/xlnx-zynqmp-pmu.c | 18 | diff --git a/hw/nvram/xlnx-efuse.c b/hw/nvram/xlnx-efuse.c |
| 28 | index XXXXXXX..XXXXXXX 100644 | 19 | index XXXXXXX..XXXXXXX 100644 |
| 29 | --- a/hw/microblaze/xlnx-zynqmp-pmu.c | 20 | --- a/hw/nvram/xlnx-efuse.c |
| 30 | +++ b/hw/microblaze/xlnx-zynqmp-pmu.c | 21 | +++ b/hw/nvram/xlnx-efuse.c |
| 31 | @@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_pmu_soc_init(Object *obj) | 22 | @@ -XXX,XX +XXX,XX @@ static bool efuse_ro_bits_find(XlnxEFuse *s, uint32_t k) |
| 23 | |||
| 24 | bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit) | ||
| 32 | { | 25 | { |
| 33 | XlnxZynqMPPMUSoCState *s = XLNX_ZYNQMP_PMU_SOC(obj); | 26 | + uint32_t set, *row; |
| 34 | 27 | + | |
| 35 | - object_initialize(&s->cpu, sizeof(s->cpu), | 28 | if (efuse_ro_bits_find(s, bit)) { |
| 36 | - TYPE_MICROBLAZE_CPU); | 29 | g_autofree char *path = object_get_canonical_path(OBJECT(s)); |
| 37 | - object_property_add_child(obj, "pmu-cpu", OBJECT(&s->cpu), | 30 | |
| 38 | - &error_abort); | 31 | @@ -XXX,XX +XXX,XX @@ bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit) |
| 39 | + object_initialize_child(obj, "pmu-cpu", &s->cpu, sizeof(s->cpu), | 32 | return false; |
| 40 | + TYPE_MICROBLAZE_CPU, &error_abort, NULL); | 33 | } |
| 41 | 34 | ||
| 42 | - object_initialize(&s->intc, sizeof(s->intc), TYPE_XLNX_PMU_IO_INTC); | 35 | - s->fuse32[bit / 32] |= 1 << (bit % 32); |
| 43 | - qdev_set_parent_bus(DEVICE(&s->intc), sysbus_get_default()); | 36 | - efuse_bdrv_sync(s, bit); |
| 44 | + sysbus_init_child_obj(obj, "intc", &s->intc, sizeof(s->intc), | 37 | + /* Avoid back-end write unless there is a real update */ |
| 45 | + TYPE_XLNX_PMU_IO_INTC); | 38 | + row = &s->fuse32[bit / 32]; |
| 39 | + set = 1 << (bit % 32); | ||
| 40 | + if (!(set & *row)) { | ||
| 41 | + *row |= set; | ||
| 42 | + efuse_bdrv_sync(s, bit); | ||
| 43 | + } | ||
| 44 | return true; | ||
| 46 | } | 45 | } |
| 47 | 46 | ||
| 48 | static void xlnx_zynqmp_pmu_soc_realize(DeviceState *dev, Error **errp) | ||
| 49 | -- | 47 | -- |
| 50 | 2.17.1 | 48 | 2.34.1 |
| 51 | 49 | ||
| 52 | 50 | diff view generated by jsdifflib |