| 1 | v2: dropped a couple of cadence_gem changes to ID regs that | 1 | The following changes since commit efcd0ec14b0fe9ee0ee70277763b2d538d19238d: |
|---|---|---|---|
| 2 | caused new clang sanitizer warnings. | ||
| 3 | 2 | ||
| 4 | -- PMM | 3 | Merge tag 'misc-fixes-20230330' of https://github.com/philmd/qemu into staging (2023-03-30 14:22:29 +0100) |
| 5 | |||
| 6 | The following changes since commit dddb37495b844270088e68e3bf30b764d48d863f: | ||
| 7 | |||
| 8 | Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20181015.0' into staging (2018-10-15 18:44:04 +0100) | ||
| 9 | 4 | ||
| 10 | are available in the Git repository at: | 5 | are available in the Git repository at: |
| 11 | 6 | ||
| 12 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181016-1 | 7 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230403 |
| 13 | 8 | ||
| 14 | for you to fetch changes up to 2ef297af07196c29446556537861f8e7dfeeae7b: | 9 | for you to fetch changes up to a0eaa126af3c5a43937a22c58cfb9bb36e4a5001: |
| 15 | 10 | ||
| 16 | coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls (2018-10-16 17:14:55 +0100) | 11 | hw/ssi: Fix Linux driver init issue with xilinx_spi (2023-04-03 16:12:30 +0100) |
| 17 | 12 | ||
| 18 | ---------------------------------------------------------------- | 13 | ---------------------------------------------------------------- |
| 19 | target-arm queue: | 14 | * target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask() |
| 20 | * hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART | 15 | * hw/arm: do not free machine->fdt in arm_load_dtb() |
| 21 | * target/arm: Fix aarch64_sve_change_el wrt EL0 | 16 | * target/arm: Fix generated code for cpreg reads when HSTR is active |
| 22 | * target/arm: Define fields of ISAR registers | 17 | * hw/ssi: Fix Linux driver init issue with xilinx_spi |
| 23 | * target/arm: Align cortex-r5 id_isar0 | ||
| 24 | * target/arm: Fix cortex-a7 id_isar0 | ||
| 25 | * net/cadence_gem: Fix various bugs, add support for new | ||
| 26 | features that will be used by the Xilinx Versal board | ||
| 27 | * target-arm: powerctl: Enable HVC when starting CPUs to EL2 | ||
| 28 | * target/arm: Add the Cortex-A72 | ||
| 29 | * target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO | ||
| 30 | * target/arm: Mask PMOVSR writes based on supported counters | ||
| 31 | * target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write | ||
| 32 | * coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls | ||
| 33 | 18 | ||
| 34 | ---------------------------------------------------------------- | 19 | ---------------------------------------------------------------- |
| 35 | Aaron Lindsay (2): | 20 | Chris Rauer (1): |
| 36 | target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO | 21 | hw/ssi: Fix Linux driver init issue with xilinx_spi |
| 37 | target/arm: Mask PMOVSR writes based on supported counters | ||
| 38 | 22 | ||
| 39 | Edgar E. Iglesias (8): | 23 | Markus Armbruster (1): |
| 40 | net: cadence_gem: Disable TSU feature bit | 24 | hw/arm: do not free machine->fdt in arm_load_dtb() |
| 41 | net: cadence_gem: Use uint32_t for 32bit descriptor words | ||
| 42 | net: cadence_gem: Add macro with max number of descriptor words | ||
| 43 | net: cadence_gem: Add support for extended descriptors | ||
| 44 | net: cadence_gem: Add support for selecting the DMA MemoryRegion | ||
| 45 | net: cadence_gem: Implement support for 64bit descriptor addresses | ||
| 46 | target-arm: powerctl: Enable HVC when starting CPUs to EL2 | ||
| 47 | target/arm: Add the Cortex-A72 | ||
| 48 | 25 | ||
| 49 | Jerome Forissier (1): | 26 | Peter Maydell (1): |
| 50 | hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART | 27 | target/arm: Fix generated code for cpreg reads when HSTR is active |
| 51 | 28 | ||
| 52 | Peter Maydell (2): | 29 | Philippe Mathieu-Daudé (1): |
| 53 | target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write | 30 | target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask() |
| 54 | coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls | ||
| 55 | 31 | ||
| 56 | Richard Henderson (4): | 32 | target/arm/internals.h | 15 ++++++++++----- |
| 57 | target/arm: Fix aarch64_sve_change_el wrt EL0 | 33 | hw/arm/boot.c | 5 ++++- |
| 58 | target/arm: Define fields of ISAR registers | 34 | hw/ssi/xilinx_spi.c | 1 + |
| 59 | target/arm: Align cortex-r5 id_isar0 | 35 | target/arm/gdbstub64.c | 7 +++++-- |
| 60 | target/arm: Fix cortex-a7 id_isar0 | 36 | target/arm/tcg/pauth_helper.c | 18 +----------------- |
| 37 | target/arm/tcg/translate.c | 6 ++++++ | ||
| 38 | 6 files changed, 27 insertions(+), 25 deletions(-) | ||
| 61 | 39 | ||
| 62 | include/hw/net/cadence_gem.h | 7 +- | ||
| 63 | target/arm/cpu.h | 95 ++++++++++++++- | ||
| 64 | hw/arm/virt.c | 4 + | ||
| 65 | hw/net/cadence_gem.c | 185 ++++++++++++++++++++--------- | ||
| 66 | target/arm/arm-powerctl.c | 10 ++ | ||
| 67 | target/arm/cpu.c | 7 +- | ||
| 68 | target/arm/cpu64.c | 66 +++++++++- | ||
| 69 | target/arm/helper.c | 27 +++-- | ||
| 70 | target/arm/op_helper.c | 6 +- | ||
| 71 | scripts/coccinelle/inplace-byteswaps.cocci | 65 ++++++++++ | ||
| 72 | 10 files changed, 402 insertions(+), 70 deletions(-) | ||
| 73 | create mode 100644 scripts/coccinelle/inplace-byteswaps.cocci | ||
| 74 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | From: Philippe Mathieu-Daudé <philmd@linaro.org> | ||
| 1 | 2 | ||
| 3 | aarch64_gdb_get_pauth_reg() -- although disabled since commit | ||
| 4 | 5787d17a42 ("target/arm: Don't advertise aarch64-pauth.xml to | ||
| 5 | gdb") is still compiled in. It calls pauth_ptr_mask() which is | ||
| 6 | located in target/arm/tcg/pauth_helper.c, a TCG specific helper. | ||
| 7 | |||
| 8 | To avoid a linking error when TCG is not enabled: | ||
| 9 | |||
| 10 | Undefined symbols for architecture arm64: | ||
| 11 | "_pauth_ptr_mask", referenced from: | ||
| 12 | _aarch64_gdb_get_pauth_reg in target_arm_gdbstub64.c.o | ||
| 13 | ld: symbol(s) not found for architecture arm64 | ||
| 14 | clang: error: linker command failed with exit code 1 (use -v to see invocation) | ||
| 15 | |||
| 16 | - Inline pauth_ptr_mask() in aarch64_gdb_get_pauth_reg() | ||
| 17 | (this is the single user), | ||
| 18 | - Rename pauth_ptr_mask_internal() as pauth_ptr_mask() and | ||
| 19 | inline it in "internals.h", | ||
| 20 | |||
| 21 | Fixes: e995d5cce4 ("target/arm: Implement gdbstub pauth extension") | ||
| 22 | Suggested-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 23 | Reviewed-by: Fabiano Rosas <farosas@suse.de> | ||
| 24 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 25 | Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> | ||
| 26 | Message-id: 20230328212516.29592-1-philmd@linaro.org | ||
| 27 | [PMM: reinstated doc comment] | ||
| 28 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 29 | --- | ||
| 30 | target/arm/internals.h | 15 ++++++++++----- | ||
| 31 | target/arm/gdbstub64.c | 7 +++++-- | ||
| 32 | target/arm/tcg/pauth_helper.c | 18 +----------------- | ||
| 33 | 3 files changed, 16 insertions(+), 24 deletions(-) | ||
| 34 | |||
| 35 | diff --git a/target/arm/internals.h b/target/arm/internals.h | ||
| 36 | index XXXXXXX..XXXXXXX 100644 | ||
| 37 | --- a/target/arm/internals.h | ||
| 38 | +++ b/target/arm/internals.h | ||
| 39 | @@ -XXX,XX +XXX,XX @@ bool arm_generate_debug_exceptions(CPUARMState *env); | ||
| 40 | |||
| 41 | /** | ||
| 42 | * pauth_ptr_mask: | ||
| 43 | - * @env: cpu context | ||
| 44 | - * @ptr: selects between TTBR0 and TTBR1 | ||
| 45 | - * @data: selects between TBI and TBID | ||
| 46 | + * @param: parameters defining the MMU setup | ||
| 47 | * | ||
| 48 | - * Return a mask of the bits of @ptr that contain the authentication code. | ||
| 49 | + * Return a mask of the address bits that contain the authentication code, | ||
| 50 | + * given the MMU config defined by @param. | ||
| 51 | */ | ||
| 52 | -uint64_t pauth_ptr_mask(CPUARMState *env, uint64_t ptr, bool data); | ||
| 53 | +static inline uint64_t pauth_ptr_mask(ARMVAParameters param) | ||
| 54 | +{ | ||
| 55 | + int bot_pac_bit = 64 - param.tsz; | ||
| 56 | + int top_pac_bit = 64 - 8 * param.tbi; | ||
| 57 | + | ||
| 58 | + return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit); | ||
| 59 | +} | ||
| 60 | |||
| 61 | /* Add the cpreg definitions for debug related system registers */ | ||
| 62 | void define_debug_regs(ARMCPU *cpu); | ||
| 63 | diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c | ||
| 64 | index XXXXXXX..XXXXXXX 100644 | ||
| 65 | --- a/target/arm/gdbstub64.c | ||
| 66 | +++ b/target/arm/gdbstub64.c | ||
| 67 | @@ -XXX,XX +XXX,XX @@ int aarch64_gdb_get_pauth_reg(CPUARMState *env, GByteArray *buf, int reg) | ||
| 68 | { | ||
| 69 | bool is_data = !(reg & 1); | ||
| 70 | bool is_high = reg & 2; | ||
| 71 | - uint64_t mask = pauth_ptr_mask(env, -is_high, is_data); | ||
| 72 | - return gdb_get_reg64(buf, mask); | ||
| 73 | + ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env); | ||
| 74 | + ARMVAParameters param; | ||
| 75 | + | ||
| 76 | + param = aa64_va_parameters(env, -is_high, mmu_idx, is_data); | ||
| 77 | + return gdb_get_reg64(buf, pauth_ptr_mask(param)); | ||
| 78 | } | ||
| 79 | default: | ||
| 80 | return 0; | ||
| 81 | diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c | ||
| 82 | index XXXXXXX..XXXXXXX 100644 | ||
| 83 | --- a/target/arm/tcg/pauth_helper.c | ||
| 84 | +++ b/target/arm/tcg/pauth_helper.c | ||
| 85 | @@ -XXX,XX +XXX,XX @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier, | ||
| 86 | return pac | ext | ptr; | ||
| 87 | } | ||
| 88 | |||
| 89 | -static uint64_t pauth_ptr_mask_internal(ARMVAParameters param) | ||
| 90 | -{ | ||
| 91 | - int bot_pac_bit = 64 - param.tsz; | ||
| 92 | - int top_pac_bit = 64 - 8 * param.tbi; | ||
| 93 | - | ||
| 94 | - return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit); | ||
| 95 | -} | ||
| 96 | - | ||
| 97 | static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param) | ||
| 98 | { | ||
| 99 | - uint64_t mask = pauth_ptr_mask_internal(param); | ||
| 100 | + uint64_t mask = pauth_ptr_mask(param); | ||
| 101 | |||
| 102 | /* Note that bit 55 is used whether or not the regime has 2 ranges. */ | ||
| 103 | if (extract64(ptr, 55, 1)) { | ||
| 104 | @@ -XXX,XX +XXX,XX @@ static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param) | ||
| 105 | } | ||
| 106 | } | ||
| 107 | |||
| 108 | -uint64_t pauth_ptr_mask(CPUARMState *env, uint64_t ptr, bool data) | ||
| 109 | -{ | ||
| 110 | - ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env); | ||
| 111 | - ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data); | ||
| 112 | - | ||
| 113 | - return pauth_ptr_mask_internal(param); | ||
| 114 | -} | ||
| 115 | - | ||
| 116 | static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier, | ||
| 117 | ARMPACKey *key, bool data, int keynumber) | ||
| 118 | { | ||
| 119 | -- | ||
| 120 | 2.34.1 | ||
| 121 | |||
| 122 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | From: Markus Armbruster <armbru@redhat.com> | ||
| 1 | 2 | ||
| 3 | At this moment, arm_load_dtb() can free machine->fdt when | ||
| 4 | binfo->dtb_filename is NULL. If there's no 'dtb_filename', 'fdt' will be | ||
| 5 | retrieved by binfo->get_dtb(). If get_dtb() returns machine->fdt, as is | ||
| 6 | the case of machvirt_dtb() from hw/arm/virt.c, fdt now has a pointer to | ||
| 7 | machine->fdt. And, in that case, the existing g_free(fdt) at the end of | ||
| 8 | arm_load_dtb() will make machine->fdt point to an invalid memory region. | ||
| 9 | |||
| 10 | Since monitor command 'dumpdtb' was introduced a couple of releases | ||
| 11 | ago, running it with any ARM machine that uses arm_load_dtb() will | ||
| 12 | crash QEMU. | ||
| 13 | |||
| 14 | Let's enable all arm_load_dtb() callers to use dumpdtb properly. Instead | ||
| 15 | of freeing 'fdt', assign it back to ms->fdt. | ||
| 16 | |||
| 17 | Cc: Peter Maydell <peter.maydell@linaro.org> | ||
| 18 | Cc: qemu-arm@nongnu.org | ||
| 19 | Fixes: bf353ad55590f ("qmp/hmp, device_tree.c: introduce dumpdtb") | ||
| 20 | Reported-by: Markus Armbruster <armbru@redhat.com> | ||
| 21 | Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> | ||
| 22 | Signed-off-by: Markus Armbruster <armbru@redhat.com> | ||
| 23 | Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> | ||
| 24 | Message-id: 20230328165935.1512846-1-armbru@redhat.com | ||
| 25 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 26 | --- | ||
| 27 | hw/arm/boot.c | 5 ++++- | ||
| 28 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
| 29 | |||
| 30 | diff --git a/hw/arm/boot.c b/hw/arm/boot.c | ||
| 31 | index XXXXXXX..XXXXXXX 100644 | ||
| 32 | --- a/hw/arm/boot.c | ||
| 33 | +++ b/hw/arm/boot.c | ||
| 34 | @@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo, | ||
| 35 | qemu_register_reset_nosnapshotload(qemu_fdt_randomize_seeds, | ||
| 36 | rom_ptr_for_as(as, addr, size)); | ||
| 37 | |||
| 38 | - g_free(fdt); | ||
| 39 | + if (fdt != ms->fdt) { | ||
| 40 | + g_free(ms->fdt); | ||
| 41 | + ms->fdt = fdt; | ||
| 42 | + } | ||
| 43 | |||
| 44 | return size; | ||
| 45 | |||
| 46 | -- | ||
| 47 | 2.34.1 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | In commit 049edada we added some code to handle HSTR_EL2 traps, which | ||
| 2 | we did as an inline "conditionally branch over a | ||
| 3 | gen_exception_insn()". Unfortunately this fails to take account of | ||
| 4 | the fact that gen_exception_insn() will set s->base.is_jmp to | ||
| 5 | DISAS_NORETURN. That means that at the end of the TB we won't | ||
| 6 | generate the necessary code to handle the "branched over the trap and | ||
| 7 | continued normal execution" codepath. The result is that the TCG | ||
| 8 | main loop thinks that we stopped execution of the TB due to a | ||
| 9 | situation that only happens when icount is enabled, and hits an | ||
| 10 | assertion. Explicitly set is_jmp back to DISAS_NEXT so we generate | ||
| 11 | the correct code for when execution continues past this insn. | ||
| 1 | 12 | ||
| 13 | Note that this only happens for cpreg reads; writes will call | ||
| 14 | gen_lookup_tb() which generates a valid end-of-TB. | ||
| 15 | |||
| 16 | Fixes: 049edada ("target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1") | ||
| 17 | Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1551 | ||
| 18 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 19 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 20 | Message-id: 20230330101900.2320380-1-peter.maydell@linaro.org | ||
| 21 | --- | ||
| 22 | target/arm/tcg/translate.c | 6 ++++++ | ||
| 23 | 1 file changed, 6 insertions(+) | ||
| 24 | |||
| 25 | diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c | ||
| 26 | index XXXXXXX..XXXXXXX 100644 | ||
| 27 | --- a/target/arm/tcg/translate.c | ||
| 28 | +++ b/target/arm/tcg/translate.c | ||
| 29 | @@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64, | ||
| 30 | tcg_gen_brcondi_i32(TCG_COND_EQ, t, 0, over.label); | ||
| 31 | |||
| 32 | gen_exception_insn(s, 0, EXCP_UDEF, syndrome); | ||
| 33 | + /* | ||
| 34 | + * gen_exception_insn() will set is_jmp to DISAS_NORETURN, | ||
| 35 | + * but since we're conditionally branching over it, we want | ||
| 36 | + * to assume continue-to-next-instruction. | ||
| 37 | + */ | ||
| 38 | + s->base.is_jmp = DISAS_NEXT; | ||
| 39 | set_disas_label(s, over); | ||
| 40 | } | ||
| 41 | } | ||
| 42 | -- | ||
| 43 | 2.34.1 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | From: Chris Rauer <crauer@google.com> | ||
| 1 | 2 | ||
| 3 | The problem is that the Linux driver expects the master transaction inhibit | ||
| 4 | bit(R_SPICR_MTI) to be set during driver initialization so that it can | ||
| 5 | detect the fifo size but QEMU defaults it to zero out of reset. The | ||
| 6 | datasheet indicates this bit is active on reset. | ||
| 7 | |||
| 8 | See page 25, SPI Control Register section: | ||
| 9 | https://www.xilinx.com/content/dam/xilinx/support/documents/ip_documentation/axi_quad_spi/v3_2/pg153-axi-quad-spi.pdf | ||
| 10 | |||
| 11 | Signed-off-by: Chris Rauer <crauer@google.com> | ||
| 12 | Message-id: 20230323182811.2641044-1-crauer@google.com | ||
| 13 | Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com> | ||
| 14 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 15 | --- | ||
| 16 | hw/ssi/xilinx_spi.c | 1 + | ||
| 17 | 1 file changed, 1 insertion(+) | ||
| 18 | |||
| 19 | diff --git a/hw/ssi/xilinx_spi.c b/hw/ssi/xilinx_spi.c | ||
| 20 | index XXXXXXX..XXXXXXX 100644 | ||
| 21 | --- a/hw/ssi/xilinx_spi.c | ||
| 22 | +++ b/hw/ssi/xilinx_spi.c | ||
| 23 | @@ -XXX,XX +XXX,XX @@ static void xlx_spi_do_reset(XilinxSPI *s) | ||
| 24 | txfifo_reset(s); | ||
| 25 | |||
| 26 | s->regs[R_SPISSR] = ~0; | ||
| 27 | + s->regs[R_SPICR] = R_SPICR_MTI; | ||
| 28 | xlx_spi_update_irq(s); | ||
| 29 | xlx_spi_update_cs(s); | ||
| 30 | } | ||
| 31 | -- | ||
| 32 | 2.34.1 | diff view generated by jsdifflib |