1
v2: dropped a couple of cadence_gem changes to ID regs that
1
target-arm queue: this time around is all small fixes
2
caused new clang sanitizer warnings.
2
and changes.
3
3
4
thanks
4
-- PMM
5
-- PMM
5
6
6
The following changes since commit dddb37495b844270088e68e3bf30b764d48d863f:
7
The following changes since commit fec105c2abda8567ec15230429c41429b5ee307c:
7
8
8
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20181015.0' into staging (2018-10-15 18:44:04 +0100)
9
Merge remote-tracking branch 'remotes/kraxel/tags/audio-20190828-pull-request' into staging (2019-09-03 14:03:15 +0100)
9
10
10
are available in the Git repository at:
11
are available in the Git repository at:
11
12
12
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181016-1
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190903
13
14
14
for you to fetch changes up to 2ef297af07196c29446556537861f8e7dfeeae7b:
15
for you to fetch changes up to 5e5584c89f36b302c666bc6db535fd3f7ff35ad2:
15
16
16
coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls (2018-10-16 17:14:55 +0100)
17
target/arm: Don't abort on M-profile exception return in linux-user mode (2019-09-03 16:20:35 +0100)
17
18
18
----------------------------------------------------------------
19
----------------------------------------------------------------
19
target-arm queue:
20
target-arm queue:
20
* hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
21
* Revert and correctly fix refactoring of unallocated_encoding()
21
* target/arm: Fix aarch64_sve_change_el wrt EL0
22
* Take exceptions on ATS instructions when needed
22
* target/arm: Define fields of ISAR registers
23
* aspeed/timer: Provide back-pressure information for short periods
23
* target/arm: Align cortex-r5 id_isar0
24
* memory: Remove unused memory_region_iommu_replay_all()
24
* target/arm: Fix cortex-a7 id_isar0
25
* hw/arm/smmuv3: Log a guest error when decoding an invalid STE
25
* net/cadence_gem: Fix various bugs, add support for new
26
* hw/arm/smmuv3: Remove spurious error messages on IOVA invalidations
26
features that will be used by the Xilinx Versal board
27
* target/arm: Fix SMMLS argument order
27
* target-arm: powerctl: Enable HVC when starting CPUs to EL2
28
* hw/arm: Use ARM_CPU_TYPE_NAME() macro when appropriate
28
* target/arm: Add the Cortex-A72
29
* hw/arm: Correct reference counting for creation of various objects
29
* target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
30
* includes: remove stale [smp|max]_cpus externs
30
* target/arm: Mask PMOVSR writes based on supported counters
31
* tcg/README: fix typo
31
* target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
32
* atomic_template: fix indentation in GEN_ATOMIC_HELPER
32
* coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
33
* include/exec/cpu-defs.h: fix typo
34
* target/arm: Free TCG temps in trans_VMOV_64_sp()
35
* target/arm: Don't abort on M-profile exception return in linux-user mode
33
36
34
----------------------------------------------------------------
37
----------------------------------------------------------------
35
Aaron Lindsay (2):
38
Alex Bennée (2):
36
target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
39
includes: remove stale [smp|max]_cpus externs
37
target/arm: Mask PMOVSR writes based on supported counters
40
include/exec/cpu-defs.h: fix typo
38
41
39
Edgar E. Iglesias (8):
42
Andrew Jeffery (1):
40
net: cadence_gem: Disable TSU feature bit
43
aspeed/timer: Provide back-pressure information for short periods
41
net: cadence_gem: Use uint32_t for 32bit descriptor words
42
net: cadence_gem: Add macro with max number of descriptor words
43
net: cadence_gem: Add support for extended descriptors
44
net: cadence_gem: Add support for selecting the DMA MemoryRegion
45
net: cadence_gem: Implement support for 64bit descriptor addresses
46
target-arm: powerctl: Enable HVC when starting CPUs to EL2
47
target/arm: Add the Cortex-A72
48
44
49
Jerome Forissier (1):
45
Emilio G. Cota (2):
50
hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
46
tcg/README: fix typo s/afterwise/afterwards/
47
atomic_template: fix indentation in GEN_ATOMIC_HELPER
51
48
52
Peter Maydell (2):
49
Eric Auger (3):
53
target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
50
memory: Remove unused memory_region_iommu_replay_all()
54
coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
51
hw/arm/smmuv3: Log a guest error when decoding an invalid STE
52
hw/arm/smmuv3: Remove spurious error messages on IOVA invalidations
55
53
56
Richard Henderson (4):
54
Peter Maydell (4):
57
target/arm: Fix aarch64_sve_change_el wrt EL0
55
target/arm: Allow ARMCPRegInfo read/write functions to throw exceptions
58
target/arm: Define fields of ISAR registers
56
target/arm: Take exceptions on ATS instructions when needed
59
target/arm: Align cortex-r5 id_isar0
57
target/arm: Free TCG temps in trans_VMOV_64_sp()
60
target/arm: Fix cortex-a7 id_isar0
58
target/arm: Don't abort on M-profile exception return in linux-user mode
61
59
62
include/hw/net/cadence_gem.h | 7 +-
60
Philippe Mathieu-Daudé (6):
63
target/arm/cpu.h | 95 ++++++++++++++-
61
hw/arm: Use ARM_CPU_TYPE_NAME() macro when appropriate
64
hw/arm/virt.c | 4 +
62
hw/arm: Use object_initialize_child for correct reference counting
65
hw/net/cadence_gem.c | 185 ++++++++++++++++++++---------
63
hw/arm: Use sysbus_init_child_obj for correct reference counting
66
target/arm/arm-powerctl.c | 10 ++
64
hw/arm/fsl-imx: Add the cpu as child of the SoC object
67
target/arm/cpu.c | 7 +-
65
hw/dma/xilinx_axi: Use object_initialize_child for correct ref. counting
68
target/arm/cpu64.c | 66 +++++++++-
66
hw/net/xilinx_axi: Use object_initialize_child for correct ref. counting
69
target/arm/helper.c | 27 +++--
70
target/arm/op_helper.c | 6 +-
71
scripts/coccinelle/inplace-byteswaps.cocci | 65 ++++++++++
72
10 files changed, 402 insertions(+), 70 deletions(-)
73
create mode 100644 scripts/coccinelle/inplace-byteswaps.cocci
74
67
68
Richard Henderson (3):
69
Revert "target/arm: Use unallocated_encoding for aarch32"
70
target/arm: Factor out unallocated_encoding for aarch32
71
target/arm: Fix SMMLS argument order
72
73
accel/tcg/atomic_template.h | 2 +-
74
hw/arm/smmuv3-internal.h | 1 +
75
include/exec/cpu-defs.h | 2 +-
76
include/exec/memory.h | 10 ----
77
include/sysemu/sysemu.h | 2 -
78
target/arm/cpu.h | 6 ++-
79
target/arm/translate-a64.h | 2 +
80
target/arm/translate.h | 2 -
81
hw/arm/allwinner-a10.c | 3 +-
82
hw/arm/cubieboard.c | 3 +-
83
hw/arm/digic.c | 3 +-
84
hw/arm/exynos4_boards.c | 4 +-
85
hw/arm/fsl-imx25.c | 4 +-
86
hw/arm/fsl-imx31.c | 4 +-
87
hw/arm/fsl-imx6.c | 3 +-
88
hw/arm/fsl-imx6ul.c | 2 +-
89
hw/arm/mcimx7d-sabre.c | 9 ++--
90
hw/arm/mps2-tz.c | 15 +++---
91
hw/arm/musca.c | 9 ++--
92
hw/arm/smmuv3.c | 18 ++++---
93
hw/arm/xlnx-zynqmp.c | 8 +--
94
hw/dma/xilinx_axidma.c | 16 +++---
95
hw/net/xilinx_axienet.c | 17 +++----
96
hw/timer/aspeed_timer.c | 17 ++++++-
97
memory.c | 9 ----
98
target/arm/helper.c | 107 +++++++++++++++++++++++++++++++++++------
99
target/arm/translate-a64.c | 13 +++++
100
target/arm/translate-vfp.inc.c | 2 +
101
target/arm/translate.c | 50 +++++++++++++++++--
102
tcg/README | 2 +-
103
30 files changed, 244 insertions(+), 101 deletions(-)
104
diff view generated by jsdifflib
New patch
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
This reverts commit 3cb36637157088892e9e33ddb1034bffd1251d3b.
4
5
Despite the fact that the text for the call to gen_exception_insn
6
is identical for aarch64 and aarch32, the implementation inside
7
gen_exception_insn is totally different.
8
9
This fixes exceptions raised from aarch64.
10
11
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
12
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
13
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
14
Message-id: 20190826151536.6771-2-richard.henderson@linaro.org
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
---
17
target/arm/translate-a64.h | 2 ++
18
target/arm/translate.h | 2 --
19
target/arm/translate-a64.c | 7 +++++++
20
target/arm/translate-vfp.inc.c | 3 ++-
21
target/arm/translate.c | 22 ++++++++++------------
22
5 files changed, 21 insertions(+), 15 deletions(-)
23
24
diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h
25
index XXXXXXX..XXXXXXX 100644
26
--- a/target/arm/translate-a64.h
27
+++ b/target/arm/translate-a64.h
28
@@ -XXX,XX +XXX,XX @@
29
#ifndef TARGET_ARM_TRANSLATE_A64_H
30
#define TARGET_ARM_TRANSLATE_A64_H
31
32
+void unallocated_encoding(DisasContext *s);
33
+
34
#define unsupported_encoding(s, insn) \
35
do { \
36
qemu_log_mask(LOG_UNIMP, \
37
diff --git a/target/arm/translate.h b/target/arm/translate.h
38
index XXXXXXX..XXXXXXX 100644
39
--- a/target/arm/translate.h
40
+++ b/target/arm/translate.h
41
@@ -XXX,XX +XXX,XX @@ typedef struct DisasCompare {
42
bool value_global;
43
} DisasCompare;
44
45
-void unallocated_encoding(DisasContext *s);
46
-
47
/* Share the TCG temporaries common between 32 and 64 bit modes. */
48
extern TCGv_i32 cpu_NF, cpu_ZF, cpu_CF, cpu_VF;
49
extern TCGv_i64 cpu_exclusive_addr;
50
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
51
index XXXXXXX..XXXXXXX 100644
52
--- a/target/arm/translate-a64.c
53
+++ b/target/arm/translate-a64.c
54
@@ -XXX,XX +XXX,XX @@ static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
55
}
56
}
57
58
+void unallocated_encoding(DisasContext *s)
59
+{
60
+ /* Unallocated and reserved encodings are uncategorized */
61
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
62
+ default_exception_el(s));
63
+}
64
+
65
static void init_tmp_a64_array(DisasContext *s)
66
{
67
#ifdef CONFIG_DEBUG_TCG
68
diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
69
index XXXXXXX..XXXXXXX 100644
70
--- a/target/arm/translate-vfp.inc.c
71
+++ b/target/arm/translate-vfp.inc.c
72
@@ -XXX,XX +XXX,XX @@ static bool full_vfp_access_check(DisasContext *s, bool ignore_vfp_enabled)
73
74
if (!s->vfp_enabled && !ignore_vfp_enabled) {
75
assert(!arm_dc_feature(s, ARM_FEATURE_M));
76
- unallocated_encoding(s);
77
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
78
+ default_exception_el(s));
79
return false;
80
}
81
82
diff --git a/target/arm/translate.c b/target/arm/translate.c
83
index XXXXXXX..XXXXXXX 100644
84
--- a/target/arm/translate.c
85
+++ b/target/arm/translate.c
86
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
87
s->base.is_jmp = DISAS_NORETURN;
88
}
89
90
-void unallocated_encoding(DisasContext *s)
91
-{
92
- /* Unallocated and reserved encodings are uncategorized */
93
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
94
- default_exception_el(s));
95
-}
96
-
97
/* Force a TB lookup after an instruction that changes the CPU state. */
98
static inline void gen_lookup_tb(DisasContext *s)
99
{
100
@@ -XXX,XX +XXX,XX @@ static inline void gen_hlt(DisasContext *s, int imm)
101
return;
102
}
103
104
- unallocated_encoding(s);
105
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
106
+ default_exception_el(s));
107
}
108
109
static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
110
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
111
}
112
113
if (undef) {
114
- unallocated_encoding(s);
115
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
116
+ default_exception_el(s));
117
return;
118
}
119
120
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
121
break;
122
default:
123
illegal_op:
124
- unallocated_encoding(s);
125
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
126
+ default_exception_el(s));
127
break;
128
}
129
}
130
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
131
}
132
return;
133
illegal_op:
134
- unallocated_encoding(s);
135
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
136
+ default_exception_el(s));
137
}
138
139
static void disas_thumb_insn(DisasContext *s, uint32_t insn)
140
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
141
return;
142
illegal_op:
143
undef:
144
- unallocated_encoding(s);
145
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
146
+ default_exception_el(s));
147
}
148
149
static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
150
--
151
2.20.1
152
153
diff view generated by jsdifflib
New patch
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Make this a static function private to translate.c.
4
Thus we can use the same idiom between aarch64 and aarch32
5
without actually sharing function implementations.
6
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
9
Message-id: 20190826151536.6771-3-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
target/arm/translate-vfp.inc.c | 3 +--
13
target/arm/translate.c | 22 ++++++++++++----------
14
2 files changed, 13 insertions(+), 12 deletions(-)
15
16
diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/translate-vfp.inc.c
19
+++ b/target/arm/translate-vfp.inc.c
20
@@ -XXX,XX +XXX,XX @@ static bool full_vfp_access_check(DisasContext *s, bool ignore_vfp_enabled)
21
22
if (!s->vfp_enabled && !ignore_vfp_enabled) {
23
assert(!arm_dc_feature(s, ARM_FEATURE_M));
24
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
25
- default_exception_el(s));
26
+ unallocated_encoding(s);
27
return false;
28
}
29
30
diff --git a/target/arm/translate.c b/target/arm/translate.c
31
index XXXXXXX..XXXXXXX 100644
32
--- a/target/arm/translate.c
33
+++ b/target/arm/translate.c
34
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
35
s->base.is_jmp = DISAS_NORETURN;
36
}
37
38
+static void unallocated_encoding(DisasContext *s)
39
+{
40
+ /* Unallocated and reserved encodings are uncategorized */
41
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
42
+ default_exception_el(s));
43
+}
44
+
45
/* Force a TB lookup after an instruction that changes the CPU state. */
46
static inline void gen_lookup_tb(DisasContext *s)
47
{
48
@@ -XXX,XX +XXX,XX @@ static inline void gen_hlt(DisasContext *s, int imm)
49
return;
50
}
51
52
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
53
- default_exception_el(s));
54
+ unallocated_encoding(s);
55
}
56
57
static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
58
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
59
}
60
61
if (undef) {
62
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
63
- default_exception_el(s));
64
+ unallocated_encoding(s);
65
return;
66
}
67
68
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
69
break;
70
default:
71
illegal_op:
72
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
73
- default_exception_el(s));
74
+ unallocated_encoding(s);
75
break;
76
}
77
}
78
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
79
}
80
return;
81
illegal_op:
82
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
83
- default_exception_el(s));
84
+ unallocated_encoding(s);
85
}
86
87
static void disas_thumb_insn(DisasContext *s, uint32_t insn)
88
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
89
return;
90
illegal_op:
91
undef:
92
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
93
- default_exception_el(s));
94
+ unallocated_encoding(s);
95
}
96
97
static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
98
--
99
2.20.1
100
101
diff view generated by jsdifflib
New patch
1
Currently the only part of an ARMCPRegInfo which is allowed to cause
2
a CPU exception is the access function, which returns a value indicating
3
that some flavour of UNDEF should be generated.
1
4
5
For the ATS system instructions, we would like to conditionally
6
generate exceptions as part of the writefn, because some faults
7
during the page table walk (like external aborts) should cause
8
an exception to be raised rather than returning a value.
9
10
There are several ways we could do this:
11
* plumb the GETPC() value from the top level set_cp_reg/get_cp_reg
12
helper functions through into the readfn and writefn hooks
13
* add extra readfn_with_ra/writefn_with_ra hooks that take the GETPC()
14
value
15
* require the ATS instructions to provide a dummy accessfn,
16
which serves no purpose except to cause the code generation
17
to emit TCG ops to sync the CPU state
18
* add an ARM_CP_ flag to mark the ARMCPRegInfo as possibly
19
throwing an exception in its read/write hooks, and make the
20
codegen sync the CPU state before calling the hooks if the
21
flag is set
22
23
This patch opts for the last of these, as it is fairly simple
24
to implement and doesn't require invasive changes like updating
25
the readfn/writefn hook function prototype signature.
26
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
28
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
29
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
30
Message-id: 20190816125802.25877-2-peter.maydell@linaro.org
31
---
32
target/arm/cpu.h | 6 +++++-
33
target/arm/translate-a64.c | 6 ++++++
34
target/arm/translate.c | 7 +++++++
35
3 files changed, 18 insertions(+), 1 deletion(-)
36
37
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
38
index XXXXXXX..XXXXXXX 100644
39
--- a/target/arm/cpu.h
40
+++ b/target/arm/cpu.h
41
@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
42
* IO indicates that this register does I/O and therefore its accesses
43
* need to be surrounded by gen_io_start()/gen_io_end(). In particular,
44
* registers which implement clocks or timers require this.
45
+ * RAISES_EXC is for when the read or write hook might raise an exception;
46
+ * the generated code will synchronize the CPU state before calling the hook
47
+ * so that it is safe for the hook to call raise_exception().
48
*/
49
#define ARM_CP_SPECIAL 0x0001
50
#define ARM_CP_CONST 0x0002
51
@@ -XXX,XX +XXX,XX @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
52
#define ARM_CP_FPU 0x1000
53
#define ARM_CP_SVE 0x2000
54
#define ARM_CP_NO_GDB 0x4000
55
+#define ARM_CP_RAISES_EXC 0x8000
56
/* Used only as a terminator for ARMCPRegInfo lists */
57
#define ARM_CP_SENTINEL 0xffff
58
/* Mask of only the flag bits in a type field */
59
-#define ARM_CP_FLAG_MASK 0x70ff
60
+#define ARM_CP_FLAG_MASK 0xf0ff
61
62
/* Valid values for ARMCPRegInfo state field, indicating which of
63
* the AArch32 and AArch64 execution states this register is visible in.
64
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
65
index XXXXXXX..XXXXXXX 100644
66
--- a/target/arm/translate-a64.c
67
+++ b/target/arm/translate-a64.c
68
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
69
tcg_temp_free_ptr(tmpptr);
70
tcg_temp_free_i32(tcg_syn);
71
tcg_temp_free_i32(tcg_isread);
72
+ } else if (ri->type & ARM_CP_RAISES_EXC) {
73
+ /*
74
+ * The readfn or writefn might raise an exception;
75
+ * synchronize the CPU state in case it does.
76
+ */
77
+ gen_a64_set_pc_im(s->pc_curr);
78
}
79
80
/* Handle special cases first */
81
diff --git a/target/arm/translate.c b/target/arm/translate.c
82
index XXXXXXX..XXXXXXX 100644
83
--- a/target/arm/translate.c
84
+++ b/target/arm/translate.c
85
@@ -XXX,XX +XXX,XX @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn)
86
tcg_temp_free_ptr(tmpptr);
87
tcg_temp_free_i32(tcg_syn);
88
tcg_temp_free_i32(tcg_isread);
89
+ } else if (ri->type & ARM_CP_RAISES_EXC) {
90
+ /*
91
+ * The readfn or writefn might raise an exception;
92
+ * synchronize the CPU state in case it does.
93
+ */
94
+ gen_set_condexec(s);
95
+ gen_set_pc_im(s, s->pc_curr);
96
}
97
98
/* Handle special cases first */
99
--
100
2.20.1
101
102
diff view generated by jsdifflib
New patch
1
The translation table walk for an ATS instruction can result in
2
various faults. In general these are just reported back via the
3
PAR_EL1 fault status fields, but in some cases the architecture
4
requires that the fault is turned into an exception:
5
* synchronous stage 2 faults of any kind during AT S1E0* and
6
AT S1E1* instructions executed from NS EL1 fault to EL2 or EL3
7
* synchronous external aborts are taken as Data Abort exceptions
1
8
9
(This is documented in the v8A Arm ARM DDI0487A.e D5.2.11 and
10
G5.13.4.)
11
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
14
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
15
Message-id: 20190816125802.25877-3-peter.maydell@linaro.org
16
---
17
target/arm/helper.c | 107 +++++++++++++++++++++++++++++++++++++-------
18
1 file changed, 92 insertions(+), 15 deletions(-)
19
20
diff --git a/target/arm/helper.c b/target/arm/helper.c
21
index XXXXXXX..XXXXXXX 100644
22
--- a/target/arm/helper.c
23
+++ b/target/arm/helper.c
24
@@ -XXX,XX +XXX,XX @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
25
ret = get_phys_addr(env, value, access_type, mmu_idx, &phys_addr, &attrs,
26
&prot, &page_size, &fi, &cacheattrs);
27
28
+ if (ret) {
29
+ /*
30
+ * Some kinds of translation fault must cause exceptions rather
31
+ * than being reported in the PAR.
32
+ */
33
+ int current_el = arm_current_el(env);
34
+ int target_el;
35
+ uint32_t syn, fsr, fsc;
36
+ bool take_exc = false;
37
+
38
+ if (fi.s1ptw && current_el == 1 && !arm_is_secure(env)
39
+ && (mmu_idx == ARMMMUIdx_S1NSE1 || mmu_idx == ARMMMUIdx_S1NSE0)) {
40
+ /*
41
+ * Synchronous stage 2 fault on an access made as part of the
42
+ * translation table walk for AT S1E0* or AT S1E1* insn
43
+ * executed from NS EL1. If this is a synchronous external abort
44
+ * and SCR_EL3.EA == 1, then we take a synchronous external abort
45
+ * to EL3. Otherwise the fault is taken as an exception to EL2,
46
+ * and HPFAR_EL2 holds the faulting IPA.
47
+ */
48
+ if (fi.type == ARMFault_SyncExternalOnWalk &&
49
+ (env->cp15.scr_el3 & SCR_EA)) {
50
+ target_el = 3;
51
+ } else {
52
+ env->cp15.hpfar_el2 = extract64(fi.s2addr, 12, 47) << 4;
53
+ target_el = 2;
54
+ }
55
+ take_exc = true;
56
+ } else if (fi.type == ARMFault_SyncExternalOnWalk) {
57
+ /*
58
+ * Synchronous external aborts during a translation table walk
59
+ * are taken as Data Abort exceptions.
60
+ */
61
+ if (fi.stage2) {
62
+ if (current_el == 3) {
63
+ target_el = 3;
64
+ } else {
65
+ target_el = 2;
66
+ }
67
+ } else {
68
+ target_el = exception_target_el(env);
69
+ }
70
+ take_exc = true;
71
+ }
72
+
73
+ if (take_exc) {
74
+ /* Construct FSR and FSC using same logic as arm_deliver_fault() */
75
+ if (target_el == 2 || arm_el_is_aa64(env, target_el) ||
76
+ arm_s1_regime_using_lpae_format(env, mmu_idx)) {
77
+ fsr = arm_fi_to_lfsc(&fi);
78
+ fsc = extract32(fsr, 0, 6);
79
+ } else {
80
+ fsr = arm_fi_to_sfsc(&fi);
81
+ fsc = 0x3f;
82
+ }
83
+ /*
84
+ * Report exception with ESR indicating a fault due to a
85
+ * translation table walk for a cache maintenance instruction.
86
+ */
87
+ syn = syn_data_abort_no_iss(current_el == target_el,
88
+ fi.ea, 1, fi.s1ptw, 1, fsc);
89
+ env->exception.vaddress = value;
90
+ env->exception.fsr = fsr;
91
+ raise_exception(env, EXCP_DATA_ABORT, syn, target_el);
92
+ }
93
+ }
94
+
95
if (is_a64(env)) {
96
format64 = true;
97
} else if (arm_feature(env, ARM_FEATURE_LPAE)) {
98
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vapa_cp_reginfo[] = {
99
/* This underdecoding is safe because the reginfo is NO_RAW. */
100
{ .name = "ATS", .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = CP_ANY,
101
.access = PL1_W, .accessfn = ats_access,
102
- .writefn = ats_write, .type = ARM_CP_NO_RAW },
103
+ .writefn = ats_write, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC },
104
#endif
105
REGINFO_SENTINEL
106
};
107
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
108
/* 64 bit address translation operations */
109
{ .name = "AT_S1E1R", .state = ARM_CP_STATE_AA64,
110
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 0,
111
- .access = PL1_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
112
+ .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
113
+ .writefn = ats_write64 },
114
{ .name = "AT_S1E1W", .state = ARM_CP_STATE_AA64,
115
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 1,
116
- .access = PL1_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
117
+ .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
118
+ .writefn = ats_write64 },
119
{ .name = "AT_S1E0R", .state = ARM_CP_STATE_AA64,
120
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 2,
121
- .access = PL1_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
122
+ .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
123
+ .writefn = ats_write64 },
124
{ .name = "AT_S1E0W", .state = ARM_CP_STATE_AA64,
125
.opc0 = 1, .opc1 = 0, .crn = 7, .crm = 8, .opc2 = 3,
126
- .access = PL1_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
127
+ .access = PL1_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
128
+ .writefn = ats_write64 },
129
{ .name = "AT_S12E1R", .state = ARM_CP_STATE_AA64,
130
.opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 4,
131
- .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
132
+ .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
133
+ .writefn = ats_write64 },
134
{ .name = "AT_S12E1W", .state = ARM_CP_STATE_AA64,
135
.opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 5,
136
- .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
137
+ .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
138
+ .writefn = ats_write64 },
139
{ .name = "AT_S12E0R", .state = ARM_CP_STATE_AA64,
140
.opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 6,
141
- .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
142
+ .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
143
+ .writefn = ats_write64 },
144
{ .name = "AT_S12E0W", .state = ARM_CP_STATE_AA64,
145
.opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 7,
146
- .access = PL2_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
147
+ .access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
148
+ .writefn = ats_write64 },
149
/* AT S1E2* are elsewhere as they UNDEF from EL3 if EL2 is not present */
150
{ .name = "AT_S1E3R", .state = ARM_CP_STATE_AA64,
151
.opc0 = 1, .opc1 = 6, .crn = 7, .crm = 8, .opc2 = 0,
152
- .access = PL3_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
153
+ .access = PL3_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
154
+ .writefn = ats_write64 },
155
{ .name = "AT_S1E3W", .state = ARM_CP_STATE_AA64,
156
.opc0 = 1, .opc1 = 6, .crn = 7, .crm = 8, .opc2 = 1,
157
- .access = PL3_W, .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
158
+ .access = PL3_W, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC,
159
+ .writefn = ats_write64 },
160
{ .name = "PAR_EL1", .state = ARM_CP_STATE_AA64,
161
.type = ARM_CP_ALIAS,
162
.opc0 = 3, .opc1 = 0, .crn = 7, .crm = 4, .opc2 = 0,
163
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
164
{ .name = "AT_S1E2R", .state = ARM_CP_STATE_AA64,
165
.opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 0,
166
.access = PL2_W, .accessfn = at_s1e2_access,
167
- .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
168
+ .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, .writefn = ats_write64 },
169
{ .name = "AT_S1E2W", .state = ARM_CP_STATE_AA64,
170
.opc0 = 1, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 1,
171
.access = PL2_W, .accessfn = at_s1e2_access,
172
- .type = ARM_CP_NO_RAW, .writefn = ats_write64 },
173
+ .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC, .writefn = ats_write64 },
174
/* The AArch32 ATS1H* operations are CONSTRAINED UNPREDICTABLE
175
* if EL2 is not implemented; we choose to UNDEF. Behaviour at EL3
176
* with SCR.NS == 0 outside Monitor mode is UNPREDICTABLE; we choose
177
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
178
*/
179
{ .name = "ATS1HR", .cp = 15, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 0,
180
.access = PL2_W,
181
- .writefn = ats1h_write, .type = ARM_CP_NO_RAW },
182
+ .writefn = ats1h_write, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC },
183
{ .name = "ATS1HW", .cp = 15, .opc1 = 4, .crn = 7, .crm = 8, .opc2 = 1,
184
.access = PL2_W,
185
- .writefn = ats1h_write, .type = ARM_CP_NO_RAW },
186
+ .writefn = ats1h_write, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC },
187
{ .name = "CNTHCTL_EL2", .state = ARM_CP_STATE_BOTH,
188
.opc0 = 3, .opc1 = 4, .crn = 14, .crm = 1, .opc2 = 0,
189
/* ARMv7 requires bit 0 and 1 to reset to 1. ARMv8 defines the
190
--
191
2.20.1
192
193
diff view generated by jsdifflib
New patch
1
From: Andrew Jeffery <andrew@aj.id.au>
1
2
3
First up: This is not the way the hardware behaves.
4
5
However, it helps resolve real-world problems with short periods being
6
used under Linux. Commit 4451d3f59f2a ("clocksource/drivers/fttmr010:
7
Fix set_next_event handler") in Linux fixed the timer driver to
8
correctly schedule the next event for the Aspeed controller, and in
9
combination with 5daa8212c08e ("ARM: dts: aspeed: Describe random number
10
device") Linux will now set a timer with a period as low as 1us.
11
12
Configuring a qemu timer with such a short period results in spending
13
time handling the interrupt in the model rather than executing guest
14
code, leading to noticeable "sticky" behaviour in the guest.
15
16
The behaviour of Linux is correct with respect to the hardware, so we
17
need to improve our handling under emulation. The approach chosen is to
18
provide back-pressure information by calculating an acceptable minimum
19
number of ticks to be set on the model. Under Linux an additional read
20
is added in the timer configuration path to detect back-pressure, which
21
will never occur on hardware. However if back-pressure is observed, the
22
driver alerts the clock event subsystem, which then performs its own
23
next event dilation via a config option - d1748302f70b ("clockevents:
24
Make minimum delay adjustments configurable")
25
26
A minimum period of 5us was experimentally determined on a Lenovo
27
T480s, which I've increased to 20us for "safety".
28
29
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
30
Reviewed-by: Joel Stanley <joel@jms.id.au>
31
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
32
Tested-by: Joel Stanley <joel@jms.id.au>
33
Signed-off-by: Cédric Le Goater <clg@kaod.org>
34
Message-id: 20190704055150.4899-1-clg@kaod.org
35
[clg: - changed the computation of min_ticks to be done each time the
36
timer value is reloaded. It removes the ordering issue of the
37
timer and scu reset handlers but is slightly slower ]
38
- introduced TIMER_MIN_NS
39
- introduced calculate_min_ticks() ]
40
Signed-off-by: Cédric Le Goater <clg@kaod.org>
41
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
42
---
43
hw/timer/aspeed_timer.c | 17 ++++++++++++++++-
44
1 file changed, 16 insertions(+), 1 deletion(-)
45
46
diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c
47
index XXXXXXX..XXXXXXX 100644
48
--- a/hw/timer/aspeed_timer.c
49
+++ b/hw/timer/aspeed_timer.c
50
@@ -XXX,XX +XXX,XX @@ enum timer_ctrl_op {
51
op_pulse_enable
52
};
53
54
+/*
55
+ * Minimum value of the reload register to filter out short period
56
+ * timers which have a noticeable impact in emulation. 5us should be
57
+ * enough, use 20us for "safety".
58
+ */
59
+#define TIMER_MIN_NS (20 * SCALE_US)
60
+
61
/**
62
* Avoid mutual references between AspeedTimerCtrlState and AspeedTimer
63
* structs, as it's a waste of memory. The ptimer BH callback needs to know
64
@@ -XXX,XX +XXX,XX @@ static inline uint32_t calculate_ticks(struct AspeedTimer *t, uint64_t now_ns)
65
return t->reload - MIN(t->reload, ticks);
66
}
67
68
+static uint32_t calculate_min_ticks(AspeedTimer *t, uint32_t value)
69
+{
70
+ uint32_t rate = calculate_rate(t);
71
+ uint32_t min_ticks = muldiv64(TIMER_MIN_NS, rate, NANOSECONDS_PER_SECOND);
72
+
73
+ return value < min_ticks ? min_ticks : value;
74
+}
75
+
76
static inline uint64_t calculate_time(struct AspeedTimer *t, uint32_t ticks)
77
{
78
uint64_t delta_ns;
79
@@ -XXX,XX +XXX,XX @@ static void aspeed_timer_set_value(AspeedTimerCtrlState *s, int timer, int reg,
80
switch (reg) {
81
case TIMER_REG_RELOAD:
82
old_reload = t->reload;
83
- t->reload = value;
84
+ t->reload = calculate_min_ticks(t, value);
85
86
/* If the reload value was not previously set, or zero, and
87
* the current value is valid, try to start the timer if it is
88
--
89
2.20.1
90
91
diff view generated by jsdifflib
New patch
1
From: Eric Auger <eric.auger@redhat.com>
1
2
3
memory_region_iommu_replay_all is not used. Remove it.
4
5
Signed-off-by: Eric Auger <eric.auger@redhat.com>
6
Reported-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Reviewed-by: Peter Xu <peterx@redhat.com>
9
Message-id: 20190822172350.12008-2-eric.auger@redhat.com
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
include/exec/memory.h | 10 ----------
13
memory.c | 9 ---------
14
2 files changed, 19 deletions(-)
15
16
diff --git a/include/exec/memory.h b/include/exec/memory.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/include/exec/memory.h
19
+++ b/include/exec/memory.h
20
@@ -XXX,XX +XXX,XX @@ void memory_region_register_iommu_notifier(MemoryRegion *mr,
21
*/
22
void memory_region_iommu_replay(IOMMUMemoryRegion *iommu_mr, IOMMUNotifier *n);
23
24
-/**
25
- * memory_region_iommu_replay_all: replay existing IOMMU translations
26
- * to all the notifiers registered.
27
- *
28
- * Note: this is not related to record-and-replay functionality.
29
- *
30
- * @iommu_mr: the memory region to observe
31
- */
32
-void memory_region_iommu_replay_all(IOMMUMemoryRegion *iommu_mr);
33
-
34
/**
35
* memory_region_unregister_iommu_notifier: unregister a notifier for
36
* changes to IOMMU translation entries.
37
diff --git a/memory.c b/memory.c
38
index XXXXXXX..XXXXXXX 100644
39
--- a/memory.c
40
+++ b/memory.c
41
@@ -XXX,XX +XXX,XX @@ void memory_region_iommu_replay(IOMMUMemoryRegion *iommu_mr, IOMMUNotifier *n)
42
}
43
}
44
45
-void memory_region_iommu_replay_all(IOMMUMemoryRegion *iommu_mr)
46
-{
47
- IOMMUNotifier *notifier;
48
-
49
- IOMMU_NOTIFIER_FOREACH(notifier, iommu_mr) {
50
- memory_region_iommu_replay(iommu_mr, notifier);
51
- }
52
-}
53
-
54
void memory_region_unregister_iommu_notifier(MemoryRegion *mr,
55
IOMMUNotifier *n)
56
{
57
--
58
2.20.1
59
60
diff view generated by jsdifflib
New patch
1
From: Eric Auger <eric.auger@redhat.com>
1
2
3
Log a guest error when encountering an invalid STE.
4
5
Signed-off-by: Eric Auger <eric.auger@redhat.com>
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Message-id: 20190822172350.12008-5-eric.auger@redhat.com
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
hw/arm/smmuv3.c | 1 +
11
1 file changed, 1 insertion(+)
12
13
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/hw/arm/smmuv3.c
16
+++ b/hw/arm/smmuv3.c
17
@@ -XXX,XX +XXX,XX @@ static int decode_ste(SMMUv3State *s, SMMUTransCfg *cfg,
18
uint32_t config;
19
20
if (!STE_VALID(ste)) {
21
+ qemu_log_mask(LOG_GUEST_ERROR, "invalid STE\n");
22
goto bad_ste;
23
}
24
25
--
26
2.20.1
27
28
diff view generated by jsdifflib
New patch
1
From: Eric Auger <eric.auger@redhat.com>
1
2
3
An IOVA/ASID invalidation is notified to all IOMMU Memory Regions
4
through smmuv3_inv_notifiers_iova/smmuv3_notify_iova.
5
6
When the notification occurs it is possible that some of the
7
PCIe devices associated to the notified regions do not have a
8
valid stream table entry. In that case we output a LOG_GUEST_ERROR
9
message, for example:
10
11
invalid sid=<SID> (L1STD span=0)
12
"smmuv3_notify_iova error decoding the configuration for iommu mr=<MR>
13
14
This is unfortunate as the user gets the impression that there
15
are some translation decoding errors whereas there are not.
16
17
This patch adds a new field in SMMUEventInfo that tells whether
18
the detection of an invalid STE must lead to an error report.
19
invalid_ste_allowed is set before doing the invalidations and
20
kept unset on actual translation.
21
22
The other configuration decoding error messages are kept since if the
23
STE is valid then the rest of the config must be correct.
24
25
Signed-off-by: Eric Auger <eric.auger@redhat.com>
26
Message-id: 20190822172350.12008-6-eric.auger@redhat.com
27
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
28
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
29
---
30
hw/arm/smmuv3-internal.h | 1 +
31
hw/arm/smmuv3.c | 19 +++++++++++--------
32
2 files changed, 12 insertions(+), 8 deletions(-)
33
34
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
35
index XXXXXXX..XXXXXXX 100644
36
--- a/hw/arm/smmuv3-internal.h
37
+++ b/hw/arm/smmuv3-internal.h
38
@@ -XXX,XX +XXX,XX @@ typedef struct SMMUEventInfo {
39
uint32_t sid;
40
bool recorded;
41
bool record_trans_faults;
42
+ bool inval_ste_allowed;
43
union {
44
struct {
45
uint32_t ssid;
46
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
47
index XXXXXXX..XXXXXXX 100644
48
--- a/hw/arm/smmuv3.c
49
+++ b/hw/arm/smmuv3.c
50
@@ -XXX,XX +XXX,XX @@ static int decode_ste(SMMUv3State *s, SMMUTransCfg *cfg,
51
uint32_t config;
52
53
if (!STE_VALID(ste)) {
54
- qemu_log_mask(LOG_GUEST_ERROR, "invalid STE\n");
55
+ if (!event->inval_ste_allowed) {
56
+ qemu_log_mask(LOG_GUEST_ERROR, "invalid STE\n");
57
+ }
58
goto bad_ste;
59
}
60
61
@@ -XXX,XX +XXX,XX @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
62
63
if (!span) {
64
/* l2ptr is not valid */
65
- qemu_log_mask(LOG_GUEST_ERROR,
66
- "invalid sid=%d (L1STD span=0)\n", sid);
67
+ if (!event->inval_ste_allowed) {
68
+ qemu_log_mask(LOG_GUEST_ERROR,
69
+ "invalid sid=%d (L1STD span=0)\n", sid);
70
+ }
71
event->type = SMMU_EVT_C_BAD_STREAMID;
72
return -EINVAL;
73
}
74
@@ -XXX,XX +XXX,XX @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,
75
SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu);
76
SMMUv3State *s = sdev->smmu;
77
uint32_t sid = smmu_get_sid(sdev);
78
- SMMUEventInfo event = {.type = SMMU_EVT_NONE, .sid = sid};
79
+ SMMUEventInfo event = {.type = SMMU_EVT_NONE,
80
+ .sid = sid,
81
+ .inval_ste_allowed = false};
82
SMMUPTWEventInfo ptw_info = {};
83
SMMUTranslationStatus status;
84
SMMUState *bs = ARM_SMMU(s);
85
@@ -XXX,XX +XXX,XX @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr,
86
dma_addr_t iova)
87
{
88
SMMUDevice *sdev = container_of(mr, SMMUDevice, iommu);
89
- SMMUEventInfo event = {};
90
+ SMMUEventInfo event = {.inval_ste_allowed = true};
91
SMMUTransTableInfo *tt;
92
SMMUTransCfg *cfg;
93
IOMMUTLBEntry entry;
94
95
cfg = smmuv3_get_config(sdev, &event);
96
if (!cfg) {
97
- qemu_log_mask(LOG_GUEST_ERROR,
98
- "%s error decoding the configuration for iommu mr=%s\n",
99
- __func__, mr->parent_obj.name);
100
return;
101
}
102
103
--
104
2.20.1
105
106
diff view generated by jsdifflib
New patch
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
The previous simplification got the order of operands to the
4
subtraction wrong. Since the 64-bit product is the subtrahend,
5
we must use a 64-bit subtract to properly compute the borrow
6
from the low-part of the product.
7
8
Fixes: 5f8cd06ebcf5 ("target/arm: Simplify SMMLA, SMMLAR, SMMLS, SMMLSR")
9
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
10
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
12
Message-id: 20190829013258.16102-1-richard.henderson@linaro.org
13
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
---
16
target/arm/translate.c | 20 ++++++++++++++++++--
17
1 file changed, 18 insertions(+), 2 deletions(-)
18
19
diff --git a/target/arm/translate.c b/target/arm/translate.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/target/arm/translate.c
22
+++ b/target/arm/translate.c
23
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
24
if (rd != 15) {
25
tmp3 = load_reg(s, rd);
26
if (insn & (1 << 6)) {
27
- tcg_gen_sub_i32(tmp, tmp, tmp3);
28
+ /*
29
+ * For SMMLS, we need a 64-bit subtract.
30
+ * Borrow caused by a non-zero multiplicand
31
+ * lowpart, and the correct result lowpart
32
+ * for rounding.
33
+ */
34
+ TCGv_i32 zero = tcg_const_i32(0);
35
+ tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3,
36
+ tmp2, tmp);
37
+ tcg_temp_free_i32(zero);
38
} else {
39
tcg_gen_add_i32(tmp, tmp, tmp3);
40
}
41
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
42
if (insn & (1 << 20)) {
43
tcg_gen_add_i32(tmp, tmp, tmp3);
44
} else {
45
- tcg_gen_sub_i32(tmp, tmp, tmp3);
46
+ /*
47
+ * For SMMLS, we need a 64-bit subtract.
48
+ * Borrow caused by a non-zero multiplicand lowpart,
49
+ * and the correct result lowpart for rounding.
50
+ */
51
+ TCGv_i32 zero = tcg_const_i32(0);
52
+ tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3, tmp2, tmp);
53
+ tcg_temp_free_i32(zero);
54
}
55
tcg_temp_free_i32(tmp3);
56
}
57
--
58
2.20.1
59
60
diff view generated by jsdifflib
New patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
2
3
Commit ba1ba5cca introduce the ARM_CPU_TYPE_NAME() macro.
4
Unify the code base by use it in all places.
5
6
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
7
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20190823143249.8096-2-philmd@redhat.com
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
hw/arm/allwinner-a10.c | 3 ++-
13
hw/arm/cubieboard.c | 3 ++-
14
hw/arm/digic.c | 3 ++-
15
hw/arm/fsl-imx25.c | 2 +-
16
hw/arm/fsl-imx31.c | 2 +-
17
hw/arm/fsl-imx6.c | 3 ++-
18
hw/arm/fsl-imx6ul.c | 2 +-
19
hw/arm/xlnx-zynqmp.c | 8 ++++----
20
8 files changed, 15 insertions(+), 11 deletions(-)
21
22
diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
23
index XXXXXXX..XXXXXXX 100644
24
--- a/hw/arm/allwinner-a10.c
25
+++ b/hw/arm/allwinner-a10.c
26
@@ -XXX,XX +XXX,XX @@ static void aw_a10_init(Object *obj)
27
AwA10State *s = AW_A10(obj);
28
29
object_initialize_child(obj, "cpu", &s->cpu, sizeof(s->cpu),
30
- "cortex-a8-" TYPE_ARM_CPU, &error_abort, NULL);
31
+ ARM_CPU_TYPE_NAME("cortex-a8"),
32
+ &error_abort, NULL);
33
34
sysbus_init_child_obj(obj, "intc", &s->intc, sizeof(s->intc),
35
TYPE_AW_A10_PIC);
36
diff --git a/hw/arm/cubieboard.c b/hw/arm/cubieboard.c
37
index XXXXXXX..XXXXXXX 100644
38
--- a/hw/arm/cubieboard.c
39
+++ b/hw/arm/cubieboard.c
40
@@ -XXX,XX +XXX,XX @@ static void cubieboard_init(MachineState *machine)
41
42
static void cubieboard_machine_init(MachineClass *mc)
43
{
44
- mc->desc = "cubietech cubieboard";
45
+ mc->desc = "cubietech cubieboard (Cortex-A9)";
46
+ mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a9");
47
mc->init = cubieboard_init;
48
mc->block_default_type = IF_IDE;
49
mc->units_per_default_bus = 1;
50
diff --git a/hw/arm/digic.c b/hw/arm/digic.c
51
index XXXXXXX..XXXXXXX 100644
52
--- a/hw/arm/digic.c
53
+++ b/hw/arm/digic.c
54
@@ -XXX,XX +XXX,XX @@ static void digic_init(Object *obj)
55
int i;
56
57
object_initialize_child(obj, "cpu", &s->cpu, sizeof(s->cpu),
58
- "arm946-" TYPE_ARM_CPU, &error_abort, NULL);
59
+ ARM_CPU_TYPE_NAME("arm946"),
60
+ &error_abort, NULL);
61
62
for (i = 0; i < DIGIC4_NB_TIMERS; i++) {
63
#define DIGIC_TIMER_NAME_MLEN 11
64
diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
65
index XXXXXXX..XXXXXXX 100644
66
--- a/hw/arm/fsl-imx25.c
67
+++ b/hw/arm/fsl-imx25.c
68
@@ -XXX,XX +XXX,XX @@ static void fsl_imx25_init(Object *obj)
69
FslIMX25State *s = FSL_IMX25(obj);
70
int i;
71
72
- object_initialize(&s->cpu, sizeof(s->cpu), "arm926-" TYPE_ARM_CPU);
73
+ object_initialize(&s->cpu, sizeof(s->cpu), ARM_CPU_TYPE_NAME("arm926"));
74
75
sysbus_init_child_obj(obj, "avic", &s->avic, sizeof(s->avic),
76
TYPE_IMX_AVIC);
77
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
78
index XXXXXXX..XXXXXXX 100644
79
--- a/hw/arm/fsl-imx31.c
80
+++ b/hw/arm/fsl-imx31.c
81
@@ -XXX,XX +XXX,XX @@ static void fsl_imx31_init(Object *obj)
82
FslIMX31State *s = FSL_IMX31(obj);
83
int i;
84
85
- object_initialize(&s->cpu, sizeof(s->cpu), "arm1136-" TYPE_ARM_CPU);
86
+ object_initialize(&s->cpu, sizeof(s->cpu), ARM_CPU_TYPE_NAME("arm1136"));
87
88
sysbus_init_child_obj(obj, "avic", &s->avic, sizeof(s->avic),
89
TYPE_IMX_AVIC);
90
diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c
91
index XXXXXXX..XXXXXXX 100644
92
--- a/hw/arm/fsl-imx6.c
93
+++ b/hw/arm/fsl-imx6.c
94
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6_init(Object *obj)
95
for (i = 0; i < MIN(ms->smp.cpus, FSL_IMX6_NUM_CPUS); i++) {
96
snprintf(name, NAME_SIZE, "cpu%d", i);
97
object_initialize_child(obj, name, &s->cpu[i], sizeof(s->cpu[i]),
98
- "cortex-a9-" TYPE_ARM_CPU, &error_abort, NULL);
99
+ ARM_CPU_TYPE_NAME("cortex-a9"),
100
+ &error_abort, NULL);
101
}
102
103
sysbus_init_child_obj(obj, "a9mpcore", &s->a9mpcore, sizeof(s->a9mpcore),
104
diff --git a/hw/arm/fsl-imx6ul.c b/hw/arm/fsl-imx6ul.c
105
index XXXXXXX..XXXXXXX 100644
106
--- a/hw/arm/fsl-imx6ul.c
107
+++ b/hw/arm/fsl-imx6ul.c
108
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_init(Object *obj)
109
int i;
110
111
object_initialize_child(obj, "cpu0", &s->cpu, sizeof(s->cpu),
112
- "cortex-a7-" TYPE_ARM_CPU, &error_abort, NULL);
113
+ ARM_CPU_TYPE_NAME("cortex-a7"), &error_abort, NULL);
114
115
/*
116
* A7MPCORE
117
diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
118
index XXXXXXX..XXXXXXX 100644
119
--- a/hw/arm/xlnx-zynqmp.c
120
+++ b/hw/arm/xlnx-zynqmp.c
121
@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_create_rpu(MachineState *ms, XlnxZynqMPState *s,
122
123
object_initialize_child(OBJECT(&s->rpu_cluster), "rpu-cpu[*]",
124
&s->rpu_cpu[i], sizeof(s->rpu_cpu[i]),
125
- "cortex-r5f-" TYPE_ARM_CPU, &error_abort,
126
- NULL);
127
+ ARM_CPU_TYPE_NAME("cortex-r5f"),
128
+ &error_abort, NULL);
129
130
name = object_get_canonical_path_component(OBJECT(&s->rpu_cpu[i]));
131
if (strcmp(name, boot_cpu)) {
132
@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_init(Object *obj)
133
for (i = 0; i < num_apus; i++) {
134
object_initialize_child(OBJECT(&s->apu_cluster), "apu-cpu[*]",
135
&s->apu_cpu[i], sizeof(s->apu_cpu[i]),
136
- "cortex-a53-" TYPE_ARM_CPU, &error_abort,
137
- NULL);
138
+ ARM_CPU_TYPE_NAME("cortex-a53"),
139
+ &error_abort, NULL);
140
}
141
142
sysbus_init_child_obj(obj, "gic", &s->gic, sizeof(s->gic),
143
--
144
2.20.1
145
146
diff view generated by jsdifflib
New patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
2
3
As explained in commit aff39be0ed97:
4
5
Both functions, object_initialize() and object_property_add_child()
6
increase the reference counter of the new object, so one of the
7
references has to be dropped afterwards to get the reference
8
counting right. Otherwise the child object will not be properly
9
cleaned up when the parent gets destroyed.
10
Thus let's use now object_initialize_child() instead to get the
11
reference counting here right.
12
13
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
15
Reviewed-by: Thomas Huth <thuth@redhat.com>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Message-id: 20190823143249.8096-3-philmd@redhat.com
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
---
20
hw/arm/mcimx7d-sabre.c | 9 ++++-----
21
hw/arm/mps2-tz.c | 15 +++++++--------
22
hw/arm/musca.c | 9 +++++----
23
3 files changed, 16 insertions(+), 17 deletions(-)
24
25
diff --git a/hw/arm/mcimx7d-sabre.c b/hw/arm/mcimx7d-sabre.c
26
index XXXXXXX..XXXXXXX 100644
27
--- a/hw/arm/mcimx7d-sabre.c
28
+++ b/hw/arm/mcimx7d-sabre.c
29
@@ -XXX,XX +XXX,XX @@ static void mcimx7d_sabre_init(MachineState *machine)
30
{
31
static struct arm_boot_info boot_info;
32
MCIMX7Sabre *s = g_new0(MCIMX7Sabre, 1);
33
- Object *soc;
34
int i;
35
36
if (machine->ram_size > FSL_IMX7_MMDC_SIZE) {
37
@@ -XXX,XX +XXX,XX @@ static void mcimx7d_sabre_init(MachineState *machine)
38
.nb_cpus = machine->smp.cpus,
39
};
40
41
- object_initialize(&s->soc, sizeof(s->soc), TYPE_FSL_IMX7);
42
- soc = OBJECT(&s->soc);
43
- object_property_add_child(OBJECT(machine), "soc", soc, &error_fatal);
44
- object_property_set_bool(soc, true, "realized", &error_fatal);
45
+ object_initialize_child(OBJECT(machine), "soc",
46
+ &s->soc, sizeof(s->soc),
47
+ TYPE_FSL_IMX7, &error_fatal, NULL);
48
+ object_property_set_bool(OBJECT(&s->soc), true, "realized", &error_fatal);
49
50
memory_region_allocate_system_memory(&s->ram, NULL, "mcimx7d-sabre.ram",
51
machine->ram_size);
52
diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
53
index XXXXXXX..XXXXXXX 100644
54
--- a/hw/arm/mps2-tz.c
55
+++ b/hw/arm/mps2-tz.c
56
@@ -XXX,XX +XXX,XX @@ static void mps2tz_common_init(MachineState *machine)
57
/* The sec_resp_cfg output from the IoTKit must be split into multiple
58
* lines, one for each of the PPCs we create here, plus one per MSC.
59
*/
60
- object_initialize(&mms->sec_resp_splitter, sizeof(mms->sec_resp_splitter),
61
- TYPE_SPLIT_IRQ);
62
- object_property_add_child(OBJECT(machine), "sec-resp-splitter",
63
- OBJECT(&mms->sec_resp_splitter), &error_abort);
64
+ object_initialize_child(OBJECT(machine), "sec-resp-splitter",
65
+ &mms->sec_resp_splitter,
66
+ sizeof(mms->sec_resp_splitter),
67
+ TYPE_SPLIT_IRQ, &error_abort, NULL);
68
object_property_set_int(OBJECT(&mms->sec_resp_splitter),
69
ARRAY_SIZE(mms->ppc) + ARRAY_SIZE(mms->msc),
70
"num-lines", &error_fatal);
71
@@ -XXX,XX +XXX,XX @@ static void mps2tz_common_init(MachineState *machine)
72
* Tx, Rx and "combined" IRQs are sent to the NVIC separately.
73
* Create the OR gate for this.
74
*/
75
- object_initialize(&mms->uart_irq_orgate, sizeof(mms->uart_irq_orgate),
76
- TYPE_OR_IRQ);
77
- object_property_add_child(OBJECT(mms), "uart-irq-orgate",
78
- OBJECT(&mms->uart_irq_orgate), &error_abort);
79
+ object_initialize_child(OBJECT(mms), "uart-irq-orgate",
80
+ &mms->uart_irq_orgate, sizeof(mms->uart_irq_orgate),
81
+ TYPE_OR_IRQ, &error_abort, NULL);
82
object_property_set_int(OBJECT(&mms->uart_irq_orgate), 10, "num-lines",
83
&error_fatal);
84
object_property_set_bool(OBJECT(&mms->uart_irq_orgate), true,
85
diff --git a/hw/arm/musca.c b/hw/arm/musca.c
86
index XXXXXXX..XXXXXXX 100644
87
--- a/hw/arm/musca.c
88
+++ b/hw/arm/musca.c
89
@@ -XXX,XX +XXX,XX @@ static void musca_init(MachineState *machine)
90
* The sec_resp_cfg output from the SSE-200 must be split into multiple
91
* lines, one for each of the PPCs we create here.
92
*/
93
- object_initialize(&mms->sec_resp_splitter, sizeof(mms->sec_resp_splitter),
94
- TYPE_SPLIT_IRQ);
95
- object_property_add_child(OBJECT(machine), "sec-resp-splitter",
96
- OBJECT(&mms->sec_resp_splitter), &error_fatal);
97
+ object_initialize_child(OBJECT(machine), "sec-resp-splitter",
98
+ &mms->sec_resp_splitter,
99
+ sizeof(mms->sec_resp_splitter),
100
+ TYPE_SPLIT_IRQ, &error_fatal, NULL);
101
+
102
object_property_set_int(OBJECT(&mms->sec_resp_splitter),
103
ARRAY_SIZE(mms->ppc), "num-lines", &error_fatal);
104
object_property_set_bool(OBJECT(&mms->sec_resp_splitter), true,
105
--
106
2.20.1
107
108
diff view generated by jsdifflib
New patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
2
3
Both object_initialize() and qdev_set_parent_bus() increase the
4
reference counter of the new object, so one of the references has
5
to be dropped afterwards to get the reference counting right.
6
In machine model code this refcount leak is not particularly
7
problematic because (unlike devices) machines will never be
8
created on demand via QMP, and they are never destroyed.
9
But in any case let's use the new sysbus_init_child_obj() instead
10
to get the reference counting here right.
11
12
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
14
Message-id: 20190823143249.8096-4-philmd@redhat.com
15
[PMM: rewrote commit message]
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
---
18
hw/arm/exynos4_boards.c | 4 ++--
19
1 file changed, 2 insertions(+), 2 deletions(-)
20
21
diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
22
index XXXXXXX..XXXXXXX 100644
23
--- a/hw/arm/exynos4_boards.c
24
+++ b/hw/arm/exynos4_boards.c
25
@@ -XXX,XX +XXX,XX @@ exynos4_boards_init_common(MachineState *machine,
26
exynos4_boards_init_ram(s, get_system_memory(),
27
exynos4_board_ram_size[board_type]);
28
29
- object_initialize(&s->soc, sizeof(s->soc), TYPE_EXYNOS4210_SOC);
30
- qdev_set_parent_bus(DEVICE(&s->soc), sysbus_get_default());
31
+ sysbus_init_child_obj(OBJECT(machine), "soc",
32
+ &s->soc, sizeof(s->soc), TYPE_EXYNOS4210_SOC);
33
object_property_set_bool(OBJECT(&s->soc), true, "realized",
34
&error_fatal);
35
36
--
37
2.20.1
38
39
diff view generated by jsdifflib
New patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
2
3
Child properties form the composition tree. All objects need to be
4
a child of another object. Objects can only be a child of one object.
5
6
Respect this with the i.MX SoC, to get a cleaner composition tree.
7
8
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20190823143249.8096-5-philmd@redhat.com
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
hw/arm/fsl-imx25.c | 4 +++-
14
hw/arm/fsl-imx31.c | 4 +++-
15
2 files changed, 6 insertions(+), 2 deletions(-)
16
17
diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
18
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/arm/fsl-imx25.c
20
+++ b/hw/arm/fsl-imx25.c
21
@@ -XXX,XX +XXX,XX @@ static void fsl_imx25_init(Object *obj)
22
FslIMX25State *s = FSL_IMX25(obj);
23
int i;
24
25
- object_initialize(&s->cpu, sizeof(s->cpu), ARM_CPU_TYPE_NAME("arm926"));
26
+ object_initialize_child(obj, "cpu", &s->cpu, sizeof(s->cpu),
27
+ ARM_CPU_TYPE_NAME("arm926"),
28
+ &error_abort, NULL);
29
30
sysbus_init_child_obj(obj, "avic", &s->avic, sizeof(s->avic),
31
TYPE_IMX_AVIC);
32
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
33
index XXXXXXX..XXXXXXX 100644
34
--- a/hw/arm/fsl-imx31.c
35
+++ b/hw/arm/fsl-imx31.c
36
@@ -XXX,XX +XXX,XX @@ static void fsl_imx31_init(Object *obj)
37
FslIMX31State *s = FSL_IMX31(obj);
38
int i;
39
40
- object_initialize(&s->cpu, sizeof(s->cpu), ARM_CPU_TYPE_NAME("arm1136"));
41
+ object_initialize_child(obj, "cpu", &s->cpu, sizeof(s->cpu),
42
+ ARM_CPU_TYPE_NAME("arm1136"),
43
+ &error_abort, NULL);
44
45
sysbus_init_child_obj(obj, "avic", &s->avic, sizeof(s->avic),
46
TYPE_IMX_AVIC);
47
--
48
2.20.1
49
50
diff view generated by jsdifflib
New patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
2
3
As explained in commit aff39be0ed97:
4
5
Both functions, object_initialize() and object_property_add_child()
6
increase the reference counter of the new object, so one of the
7
references has to be dropped afterwards to get the reference
8
counting right. Otherwise the child object will not be properly
9
cleaned up when the parent gets destroyed.
10
Thus let's use now object_initialize_child() instead to get the
11
reference counting here right.
12
13
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
14
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
15
Reviewed-by: Thomas Huth <thuth@redhat.com>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Message-id: 20190823143249.8096-6-philmd@redhat.com
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
---
20
hw/dma/xilinx_axidma.c | 16 ++++++++--------
21
1 file changed, 8 insertions(+), 8 deletions(-)
22
23
diff --git a/hw/dma/xilinx_axidma.c b/hw/dma/xilinx_axidma.c
24
index XXXXXXX..XXXXXXX 100644
25
--- a/hw/dma/xilinx_axidma.c
26
+++ b/hw/dma/xilinx_axidma.c
27
@@ -XXX,XX +XXX,XX @@ static void xilinx_axidma_init(Object *obj)
28
XilinxAXIDMA *s = XILINX_AXI_DMA(obj);
29
SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
30
31
- object_initialize(&s->rx_data_dev, sizeof(s->rx_data_dev),
32
- TYPE_XILINX_AXI_DMA_DATA_STREAM);
33
- object_initialize(&s->rx_control_dev, sizeof(s->rx_control_dev),
34
- TYPE_XILINX_AXI_DMA_CONTROL_STREAM);
35
- object_property_add_child(OBJECT(s), "axistream-connected-target",
36
- (Object *)&s->rx_data_dev, &error_abort);
37
- object_property_add_child(OBJECT(s), "axistream-control-connected-target",
38
- (Object *)&s->rx_control_dev, &error_abort);
39
+ object_initialize_child(OBJECT(s), "axistream-connected-target",
40
+ &s->rx_data_dev, sizeof(s->rx_data_dev),
41
+ TYPE_XILINX_AXI_DMA_DATA_STREAM, &error_abort,
42
+ NULL);
43
+ object_initialize_child(OBJECT(s), "axistream-control-connected-target",
44
+ &s->rx_control_dev, sizeof(s->rx_control_dev),
45
+ TYPE_XILINX_AXI_DMA_CONTROL_STREAM, &error_abort,
46
+ NULL);
47
48
sysbus_init_irq(sbd, &s->streams[0].irq);
49
sysbus_init_irq(sbd, &s->streams[1].irq);
50
--
51
2.20.1
52
53
diff view generated by jsdifflib
New patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
2
3
As explained in commit aff39be0ed97:
4
5
Both functions, object_initialize() and object_property_add_child()
6
increase the reference counter of the new object, so one of the
7
references has to be dropped afterwards to get the reference
8
counting right. Otherwise the child object will not be properly
9
cleaned up when the parent gets destroyed.
10
Thus let's use now object_initialize_child() instead to get the
11
reference counting here right.
12
13
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
14
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
15
Reviewed-by: Thomas Huth <thuth@redhat.com>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Message-id: 20190823143249.8096-7-philmd@redhat.com
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
---
20
hw/net/xilinx_axienet.c | 17 ++++++++---------
21
1 file changed, 8 insertions(+), 9 deletions(-)
22
23
diff --git a/hw/net/xilinx_axienet.c b/hw/net/xilinx_axienet.c
24
index XXXXXXX..XXXXXXX 100644
25
--- a/hw/net/xilinx_axienet.c
26
+++ b/hw/net/xilinx_axienet.c
27
@@ -XXX,XX +XXX,XX @@ static void xilinx_enet_init(Object *obj)
28
XilinxAXIEnet *s = XILINX_AXI_ENET(obj);
29
SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
30
31
- object_initialize(&s->rx_data_dev, sizeof(s->rx_data_dev),
32
- TYPE_XILINX_AXI_ENET_DATA_STREAM);
33
- object_initialize(&s->rx_control_dev, sizeof(s->rx_control_dev),
34
- TYPE_XILINX_AXI_ENET_CONTROL_STREAM);
35
- object_property_add_child(OBJECT(s), "axistream-connected-target",
36
- (Object *)&s->rx_data_dev, &error_abort);
37
- object_property_add_child(OBJECT(s), "axistream-control-connected-target",
38
- (Object *)&s->rx_control_dev, &error_abort);
39
-
40
+ object_initialize_child(OBJECT(s), "axistream-connected-target",
41
+ &s->rx_data_dev, sizeof(s->rx_data_dev),
42
+ TYPE_XILINX_AXI_ENET_DATA_STREAM, &error_abort,
43
+ NULL);
44
+ object_initialize_child(OBJECT(s), "axistream-control-connected-target",
45
+ &s->rx_control_dev, sizeof(s->rx_control_dev),
46
+ TYPE_XILINX_AXI_ENET_CONTROL_STREAM, &error_abort,
47
+ NULL);
48
sysbus_init_irq(sbd, &s->irq);
49
50
memory_region_init_io(&s->iomem, OBJECT(s), &enet_ops, s, "enet", 0x40000);
51
--
52
2.20.1
53
54
diff view generated by jsdifflib
New patch
1
From: Alex Bennée <alex.bennee@linaro.org>
1
2
3
Commit a5e0b3311 removed these in favour of querying machine
4
properties. Remove the extern declarations as well.
5
6
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20190828165307.18321-6-alex.bennee@linaro.org
10
Cc: Like Xu <like.xu@linux.intel.com>
11
Message-Id: <20190711130546.18578-1-alex.bennee@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
14
include/sysemu/sysemu.h | 2 --
15
1 file changed, 2 deletions(-)
16
17
diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
18
index XXXXXXX..XXXXXXX 100644
19
--- a/include/sysemu/sysemu.h
20
+++ b/include/sysemu/sysemu.h
21
@@ -XXX,XX +XXX,XX @@ extern const char *keyboard_layout;
22
extern int win2k_install_hack;
23
extern int alt_grab;
24
extern int ctrl_grab;
25
-extern int smp_cpus;
26
-extern unsigned int max_cpus;
27
extern int cursor_hide;
28
extern int graphic_rotate;
29
extern int no_quit;
30
--
31
2.20.1
32
33
diff view generated by jsdifflib
New patch
1
From: "Emilio G. Cota" <cota@braap.org>
1
2
3
Afterwise is "wise after the fact", as in "hindsight".
4
Here we meant "afterwards" (as in "subsequently"). Fix it.
5
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
7
Signed-off-by: Emilio G. Cota <cota@braap.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
10
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
11
Message-id: 20190828165307.18321-7-alex.bennee@linaro.org
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
14
tcg/README | 2 +-
15
1 file changed, 1 insertion(+), 1 deletion(-)
16
17
diff --git a/tcg/README b/tcg/README
18
index XXXXXXX..XXXXXXX 100644
19
--- a/tcg/README
20
+++ b/tcg/README
21
@@ -XXX,XX +XXX,XX @@ This can be overridden using the following function modifiers:
22
canonical locations before calling the helper.
23
- TCG_CALL_NO_WRITE_GLOBALS means that the helper does not modify any globals.
24
They will only be saved to their canonical location before calling helpers,
25
- but they won't be reloaded afterwise.
26
+ but they won't be reloaded afterwards.
27
- TCG_CALL_NO_SIDE_EFFECTS means that the call to the function is removed if
28
the return value is not used.
29
30
--
31
2.20.1
32
33
diff view generated by jsdifflib
New patch
1
From: "Emilio G. Cota" <cota@braap.org>
1
2
3
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
4
Signed-off-by: Emilio G. Cota <cota@braap.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Message-id: 20190828165307.18321-8-alex.bennee@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
accel/tcg/atomic_template.h | 2 +-
12
1 file changed, 1 insertion(+), 1 deletion(-)
13
14
diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
15
index XXXXXXX..XXXXXXX 100644
16
--- a/accel/tcg/atomic_template.h
17
+++ b/accel/tcg/atomic_template.h
18
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr,
19
20
#define GEN_ATOMIC_HELPER(X) \
21
ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr, \
22
- ABI_TYPE val EXTRA_ARGS) \
23
+ ABI_TYPE val EXTRA_ARGS) \
24
{ \
25
ATOMIC_MMU_DECLS; \
26
DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP; \
27
--
28
2.20.1
29
30
diff view generated by jsdifflib
New patch
1
From: Alex Bennée <alex.bennee@linaro.org>
1
2
3
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
4
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Message-id: 20190828165307.18321-10-alex.bennee@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
include/exec/cpu-defs.h | 2 +-
11
1 file changed, 1 insertion(+), 1 deletion(-)
12
13
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
14
index XXXXXXX..XXXXXXX 100644
15
--- a/include/exec/cpu-defs.h
16
+++ b/include/exec/cpu-defs.h
17
@@ -XXX,XX +XXX,XX @@ typedef struct CPUTLB { } CPUTLB;
18
#endif /* !CONFIG_USER_ONLY && CONFIG_TCG */
19
20
/*
21
- * This structure must be placed in ArchCPU immedately
22
+ * This structure must be placed in ArchCPU immediately
23
* before CPUArchState, as a field named "neg".
24
*/
25
typedef struct CPUNegativeOffsetState {
26
--
27
2.20.1
28
29
diff view generated by jsdifflib
New patch
1
The function neon_store_reg32() doesn't free the TCG temp that it
2
is passed, so the caller must do that. We got this right in most
3
places but forgot to free the TCG temps in trans_VMOV_64_sp().
1
4
5
Cc: qemu-stable@nongnu.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
9
Message-id: 20190827121931.26836-1-peter.maydell@linaro.org
10
---
11
target/arm/translate-vfp.inc.c | 2 ++
12
1 file changed, 2 insertions(+)
13
14
diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/translate-vfp.inc.c
17
+++ b/target/arm/translate-vfp.inc.c
18
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_64_sp(DisasContext *s, arg_VMOV_64_sp *a)
19
/* gpreg to fpreg */
20
tmp = load_reg(s, a->rt);
21
neon_store_reg32(tmp, a->vm);
22
+ tcg_temp_free_i32(tmp);
23
tmp = load_reg(s, a->rt2);
24
neon_store_reg32(tmp, a->vm + 1);
25
+ tcg_temp_free_i32(tmp);
26
}
27
28
return true;
29
--
30
2.20.1
31
32
diff view generated by jsdifflib
New patch
1
An attempt to do an exception-return (branch to one of the magic
2
addresses) in linux-user mode for M-profile should behave like
3
a normal branch, because linux-user mode is always going to be
4
in 'handler' mode. This used to work, but we broke it when we added
5
support for the M-profile security extension in commit d02a8698d7ae2bfed.
1
6
7
In that commit we allowed even handler-mode calls to magic return
8
values to be checked for and dealt with by causing an
9
EXCP_EXCEPTION_EXIT exception to be taken, because this is
10
needed for the FNC_RETURN return-from-non-secure-function-call
11
handling. For system mode we added a check in do_v7m_exception_exit()
12
to make any spurious calls from Handler mode behave correctly, but
13
forgot that linux-user mode would also be affected.
14
15
How an attempted return-from-non-secure-function-call in linux-user
16
mode should be handled is not clear -- on real hardware it would
17
result in return to secure code (not to the Linux kernel) which
18
could then handle the error in any way it chose. For QEMU we take
19
the simple approach of treating this erroneous return the same way
20
it would be handled on a CPU without the security extensions --
21
treat it as a normal branch.
22
23
The upshot of all this is that for linux-user mode we should never
24
do any of the bx_excret magic, so the code change is simple.
25
26
This ought to be a weird corner case that only affects broken guest
27
code (because Linux user processes should never be attempting to do
28
exception returns or NS function returns), except that the code that
29
assigns addresses in RAM for the process and stack in our linux-user
30
code does not attempt to avoid this magic address range, so
31
legitimate code attempting to return to a trampoline routine on the
32
stack can fall into this case. This change fixes those programs,
33
but we should also look at restricting the range of memory we
34
use for M-profile linux-user guests to the area that would be
35
real RAM in hardware.
36
37
Cc: qemu-stable@nongnu.org
38
Reported-by: Christophe Lyon <christophe.lyon@linaro.org>
39
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
40
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
41
Message-id: 20190822131534.16602-1-peter.maydell@linaro.org
42
Fixes: https://bugs.launchpad.net/qemu/+bug/1840922
43
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
44
---
45
target/arm/translate.c | 21 ++++++++++++++++++++-
46
1 file changed, 20 insertions(+), 1 deletion(-)
47
48
diff --git a/target/arm/translate.c b/target/arm/translate.c
49
index XXXXXXX..XXXXXXX 100644
50
--- a/target/arm/translate.c
51
+++ b/target/arm/translate.c
52
@@ -XXX,XX +XXX,XX @@ static inline void gen_bx(DisasContext *s, TCGv_i32 var)
53
store_cpu_field(var, thumb);
54
}
55
56
-/* Set PC and Thumb state from var. var is marked as dead.
57
+/*
58
+ * Set PC and Thumb state from var. var is marked as dead.
59
* For M-profile CPUs, include logic to detect exception-return
60
* branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC,
61
* and BX reg, and no others, and happens only for code in Handler mode.
62
+ * The Security Extension also requires us to check for the FNC_RETURN
63
+ * which signals a function return from non-secure state; this can happen
64
+ * in both Handler and Thread mode.
65
+ * To avoid having to do multiple comparisons in inline generated code,
66
+ * we make the check we do here loose, so it will match for EXC_RETURN
67
+ * in Thread mode. For system emulation do_v7m_exception_exit() checks
68
+ * for these spurious cases and returns without doing anything (giving
69
+ * the same behaviour as for a branch to a non-magic address).
70
+ *
71
+ * In linux-user mode it is unclear what the right behaviour for an
72
+ * attempted FNC_RETURN should be, because in real hardware this will go
73
+ * directly to Secure code (ie not the Linux kernel) which will then treat
74
+ * the error in any way it chooses. For QEMU we opt to make the FNC_RETURN
75
+ * attempt behave the way it would on a CPU without the security extension,
76
+ * which is to say "like a normal branch". That means we can simply treat
77
+ * all branches as normal with no magic address behaviour.
78
*/
79
static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
80
{
81
@@ -XXX,XX +XXX,XX @@ static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
82
* s->base.is_jmp that we need to do the rest of the work later.
83
*/
84
gen_bx(s, var);
85
+#ifndef CONFIG_USER_ONLY
86
if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) ||
87
(s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) {
88
s->base.is_jmp = DISAS_BX_EXCRET;
89
}
90
+#endif
91
}
92
93
static inline void gen_bx_excret_final_code(DisasContext *s)
94
--
95
2.20.1
96
97
diff view generated by jsdifflib