[Qemu-devel] [PULL 00/17] target-arm queue
[PULL 00/12] target-arm queue
1
v2: dropped a couple of cadence_gem changes to ID regs that
1
Hi; here's a relatively small target-arm queue, pretty much all
2
caused new clang sanitizer warnings.
2
bug fixes. (There are a few non-arm patches that I've thrown in
3
there too for my convenience :-))
3
4
5
thanks
4
-- PMM
6
-- PMM
5
7
6
The following changes since commit dddb37495b844270088e68e3bf30b764d48d863f:
8
The following changes since commit 278238505d28d292927bff7683f39fb4fbca7fd1:
7
9
8
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20181015.0' into staging (2018-10-15 18:44:04 +0100)
10
Merge tag 'pull-tcg-20230511-2' of https://gitlab.com/rth7680/qemu into staging (2023-05-11 11:44:23 +0100)
9
11
10
are available in the Git repository at:
12
are available in the Git repository at:
11
13
12
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181016-1
14
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230512
13
15
14
for you to fetch changes up to 2ef297af07196c29446556537861f8e7dfeeae7b:
16
for you to fetch changes up to 478dccbb99db0bf8f00537dd0b4d0de88d5cb537:
15
17
16
coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls (2018-10-16 17:14:55 +0100)
18
target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check (2023-05-12 16:01:25 +0100)
17
19
18
----------------------------------------------------------------
20
----------------------------------------------------------------
19
target-arm queue:
21
target-arm queue:
20
* hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
22
* More refactoring of files into tcg/
21
* target/arm: Fix aarch64_sve_change_el wrt EL0
23
* Don't allow stage 2 page table walks to downgrade to NS
22
* target/arm: Define fields of ISAR registers
24
* Fix handling of SW and NSW bits for stage 2 walks
23
* target/arm: Align cortex-r5 id_isar0
25
* MAINTAINERS: Update Akihiko Odaki's email address
24
* target/arm: Fix cortex-a7 id_isar0
26
* ui: Fix pixel colour channel order for PNG screenshots
25
* net/cadence_gem: Fix various bugs, add support for new
27
* docs: Remove unused weirdly-named cross-reference targets
26
features that will be used by the Xilinx Versal board
28
* hw/mips/malta: Fix minor dead code issue
27
* target-arm: powerctl: Enable HVC when starting CPUs to EL2
29
* Fixes for the "allow CONFIG_TCG=n" changes
28
* target/arm: Add the Cortex-A72
30
* tests/qtest: Don't run cdrom boot tests if no accelerator is present
29
* target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
31
* target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check
30
* target/arm: Mask PMOVSR writes based on supported counters
31
* target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
32
* coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
33
32
34
----------------------------------------------------------------
33
----------------------------------------------------------------
35
Aaron Lindsay (2):
34
Akihiko Odaki (1):
36
target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
35
MAINTAINERS: Update Akihiko Odaki's email address
37
target/arm: Mask PMOVSR writes based on supported counters
38
36
39
Edgar E. Iglesias (8):
37
Fabiano Rosas (3):
40
net: cadence_gem: Disable TSU feature bit
38
target/arm: Select SEMIHOSTING when using TCG
41
net: cadence_gem: Use uint32_t for 32bit descriptor words
39
target/arm: Select CONFIG_ARM_V7M when TCG is enabled
42
net: cadence_gem: Add macro with max number of descriptor words
40
tests/qtest: Don't run cdrom boot tests if no accelerator is present
43
net: cadence_gem: Add support for extended descriptors
44
net: cadence_gem: Add support for selecting the DMA MemoryRegion
45
net: cadence_gem: Implement support for 64bit descriptor addresses
46
target-arm: powerctl: Enable HVC when starting CPUs to EL2
47
target/arm: Add the Cortex-A72
48
41
49
Jerome Forissier (1):
42
Peter Maydell (6):
50
hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
43
target/arm: Don't allow stage 2 page table walks to downgrade to NS
44
target/arm: Fix handling of SW and NSW bits for stage 2 walks
45
ui: Fix pixel colour channel order for PNG screenshots
46
docs: Remove unused weirdly-named cross-reference targets
47
hw/mips/malta: Fix minor dead code issue
48
target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check
51
49
52
Peter Maydell (2):
50
Richard Henderson (2):
53
target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
51
target/arm: Move translate-a32.h, arm_ldst.h, sve_ldst_internal.h to tcg/
54
coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
52
target/arm: Move helper-{a64,mve,sme,sve}.h to tcg/
55
53
56
Richard Henderson (4):
54
MAINTAINERS | 4 +-
57
target/arm: Fix aarch64_sve_change_el wrt EL0
55
docs/system/devices/igb.rst | 2 +-
58
target/arm: Define fields of ISAR registers
56
docs/system/devices/ivshmem.rst | 2 -
59
target/arm: Align cortex-r5 id_isar0
57
docs/system/devices/net.rst | 2 +-
60
target/arm: Fix cortex-a7 id_isar0
58
docs/system/devices/usb.rst | 2 -
61
59
docs/system/keys.rst | 2 +-
62
include/hw/net/cadence_gem.h | 7 +-
60
docs/system/linuxboot.rst | 2 +-
63
target/arm/cpu.h | 95 ++++++++++++++-
61
docs/system/target-i386.rst | 4 --
64
hw/arm/virt.c | 4 +
62
target/arm/helper.h | 8 +--
65
hw/net/cadence_gem.c | 185 ++++++++++++++++++++---------
63
target/arm/internals.h | 12 +++-
66
target/arm/arm-powerctl.c | 10 ++
64
target/arm/{ => tcg}/arm_ldst.h | 0
67
target/arm/cpu.c | 7 +-
65
target/arm/{ => tcg}/helper-a64.h | 0
68
target/arm/cpu64.c | 66 +++++++++-
66
target/arm/{ => tcg}/helper-mve.h | 0
69
target/arm/helper.c | 27 +++--
67
target/arm/{ => tcg}/helper-sme.h | 0
70
target/arm/op_helper.c | 6 +-
68
target/arm/{ => tcg}/helper-sve.h | 0
71
scripts/coccinelle/inplace-byteswaps.cocci | 65 ++++++++++
69
target/arm/{ => tcg}/sve_ldst_internal.h | 0
72
10 files changed, 402 insertions(+), 70 deletions(-)
70
target/arm/{ => tcg}/translate-a32.h | 0
73
create mode 100644 scripts/coccinelle/inplace-byteswaps.cocci
71
hw/mips/malta.c | 5 +-
74
72
target/arm/gdbstub64.c | 2 +-
73
target/arm/helper.c | 15 ++++-
74
target/arm/ptw.c | 95 +++++++++++++++++++-------------
75
target/arm/tcg/pauth_helper.c | 6 +-
76
tests/qtest/cdrom-test.c | 10 ++++
77
ui/console.c | 4 +-
78
target/arm/Kconfig | 9 +--
79
25 files changed, 109 insertions(+), 77 deletions(-)
80
rename target/arm/{ => tcg}/arm_ldst.h (100%)
81
rename target/arm/{ => tcg}/helper-a64.h (100%)
82
rename target/arm/{ => tcg}/helper-mve.h (100%)
83
rename target/arm/{ => tcg}/helper-sme.h (100%)
84
rename target/arm/{ => tcg}/helper-sve.h (100%)
85
rename target/arm/{ => tcg}/sve_ldst_internal.h (100%)
86
rename target/arm/{ => tcg}/translate-a32.h (100%)
diff view generated by jsdifflib
New patch
[PULL 01/12] target/arm: Move translate-a32.h, arm_ldst.h, sve_ldst_internal.h to tcg/
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
These files got missed when populating tcg/.
4
Because they are included with "", no change to the users required.
5
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Fabiano Rosas <farosas@suse.de>
8
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9
Message-id: 20230504110412.1892411-2-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
target/arm/{ => tcg}/arm_ldst.h | 0
13
target/arm/{ => tcg}/sve_ldst_internal.h | 0
14
target/arm/{ => tcg}/translate-a32.h | 0
15
3 files changed, 0 insertions(+), 0 deletions(-)
16
rename target/arm/{ => tcg}/arm_ldst.h (100%)
17
rename target/arm/{ => tcg}/sve_ldst_internal.h (100%)
18
rename target/arm/{ => tcg}/translate-a32.h (100%)
19
20
diff --git a/target/arm/arm_ldst.h b/target/arm/tcg/arm_ldst.h
21
similarity index 100%
22
rename from target/arm/arm_ldst.h
23
rename to target/arm/tcg/arm_ldst.h
24
diff --git a/target/arm/sve_ldst_internal.h b/target/arm/tcg/sve_ldst_internal.h
25
similarity index 100%
26
rename from target/arm/sve_ldst_internal.h
27
rename to target/arm/tcg/sve_ldst_internal.h
28
diff --git a/target/arm/translate-a32.h b/target/arm/tcg/translate-a32.h
29
similarity index 100%
30
rename from target/arm/translate-a32.h
31
rename to target/arm/tcg/translate-a32.h
32
--
33
2.34.1
34
35
diff view generated by jsdifflib
New patch
[PULL 02/12] target/arm: Move helper-{a64,mve,sme,sve}.h to tcg/
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
While we cannot move the main "helper.h" out of target/arm/,
4
due to usage by generic code, we can move the sub-includes.
5
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Fabiano Rosas <farosas@suse.de>
8
Message-id: 20230504110412.1892411-3-richard.henderson@linaro.org
9
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
target/arm/helper.h | 8 ++++----
13
target/arm/{ => tcg}/helper-a64.h | 0
14
target/arm/{ => tcg}/helper-mve.h | 0
15
target/arm/{ => tcg}/helper-sme.h | 0
16
target/arm/{ => tcg}/helper-sve.h | 0
17
5 files changed, 4 insertions(+), 4 deletions(-)
18
rename target/arm/{ => tcg}/helper-a64.h (100%)
19
rename target/arm/{ => tcg}/helper-mve.h (100%)
20
rename target/arm/{ => tcg}/helper-sme.h (100%)
21
rename target/arm/{ => tcg}/helper-sve.h (100%)
22
23
diff --git a/target/arm/helper.h b/target/arm/helper.h
24
index XXXXXXX..XXXXXXX 100644
25
--- a/target/arm/helper.h
26
+++ b/target/arm/helper.h
27
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_5(gvec_uclamp_d, TCG_CALL_NO_RWG,
28
void, ptr, ptr, ptr, ptr, i32)
29
30
#ifdef TARGET_AARCH64
31
-#include "helper-a64.h"
32
-#include "helper-sve.h"
33
-#include "helper-sme.h"
34
+#include "tcg/helper-a64.h"
35
+#include "tcg/helper-sve.h"
36
+#include "tcg/helper-sme.h"
37
#endif
38
39
-#include "helper-mve.h"
40
+#include "tcg/helper-mve.h"
41
diff --git a/target/arm/helper-a64.h b/target/arm/tcg/helper-a64.h
42
similarity index 100%
43
rename from target/arm/helper-a64.h
44
rename to target/arm/tcg/helper-a64.h
45
diff --git a/target/arm/helper-mve.h b/target/arm/tcg/helper-mve.h
46
similarity index 100%
47
rename from target/arm/helper-mve.h
48
rename to target/arm/tcg/helper-mve.h
49
diff --git a/target/arm/helper-sme.h b/target/arm/tcg/helper-sme.h
50
similarity index 100%
51
rename from target/arm/helper-sme.h
52
rename to target/arm/tcg/helper-sme.h
53
diff --git a/target/arm/helper-sve.h b/target/arm/tcg/helper-sve.h
54
similarity index 100%
55
rename from target/arm/helper-sve.h
56
rename to target/arm/tcg/helper-sve.h
57
--
58
2.34.1
59
60
diff view generated by jsdifflib
New patch
[PULL 03/12] target/arm: Don't allow stage 2 page table walks to downgrade to NS
1
Bit 63 in a Table descriptor is only the NSTable bit for stage 1
2
translations; in stage 2 it is RES0. We were incorrectly looking at
3
it all the time.
1
4
5
This causes problems if:
6
* the stage 2 table descriptor was incorrectly setting the RES0 bit
7
* we are doing a stage 2 translation in Secure address space for
8
a NonSecure stage 1 regime -- in this case we would incorrectly
9
do an immediate downgrade to NonSecure
10
11
A bug elsewhere in the code currently prevents us from getting
12
to the second situation, but when we fix that it will be possible.
13
14
Cc: qemu-stable@nongnu.org
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
18
Message-id: 20230504135425.2748672-2-peter.maydell@linaro.org
19
---
20
target/arm/ptw.c | 5 +++--
21
1 file changed, 3 insertions(+), 2 deletions(-)
22
23
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
24
index XXXXXXX..XXXXXXX 100644
25
--- a/target/arm/ptw.c
26
+++ b/target/arm/ptw.c
27
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
28
descaddrmask &= ~indexmask_grainsize;
29
30
/*
31
- * Secure accesses start with the page table in secure memory and
32
+ * Secure stage 1 accesses start with the page table in secure memory and
33
* can be downgraded to non-secure at any step. Non-secure accesses
34
* remain non-secure. We implement this by just ORing in the NSTable/NS
35
* bits at each step.
36
+ * Stage 2 never gets this kind of downgrade.
37
*/
38
tableattrs = is_secure ? 0 : (1 << 4);
39
40
next_level:
41
descaddr |= (address >> (stride * (4 - level))) & indexmask;
42
descaddr &= ~7ULL;
43
- nstable = extract32(tableattrs, 4, 1);
44
+ nstable = !regime_is_stage2(mmu_idx) && extract32(tableattrs, 4, 1);
45
if (nstable) {
46
/*
47
* Stage2_S -> Stage2 or Phys_S -> Phys_NS
48
--
49
2.34.1
50
51
diff view generated by jsdifflib
New patch
[PULL 04/12] target/arm: Fix handling of SW and NSW bits for stage 2 walks
1
We currently don't correctly handle the VSTCR_EL2.SW and VTCR_EL2.NSW
2
configuration bits. These allow configuration of whether the stage 2
3
page table walks for Secure IPA and NonSecure IPA should do their
4
descriptor reads from Secure or NonSecure physical addresses. (This
5
is separate from how the translation table base address and other
6
parameters are set: an NS IPA always uses VTTBR_EL2 and VTCR_EL2
7
for its base address and walk parameters, regardless of the NSW bit,
8
and similarly for Secure.)
1
9
10
Provide a new function ptw_idx_for_stage_2() which returns the
11
MMU index to use for descriptor reads, and use it to set up
12
the .in_ptw_idx wherever we call get_phys_addr_lpae().
13
14
For a stage 2 walk, wherever we call get_phys_addr_lpae():
15
* .in_ptw_idx should be ptw_idx_for_stage_2() of the .in_mmu_idx
16
* .in_secure should be true if .in_mmu_idx is Stage2_S
17
18
This allows us to correct S1_ptw_translate() so that it consistently
19
always sets its (out_secure, out_phys) to the result it gets from the
20
S2 walk (either by calling get_phys_addr_lpae() or by TLB lookup).
21
This makes better conceptual sense because the S2 walk should return
22
us an (address space, address) tuple, not an address that we then
23
randomly assign to S or NS.
24
25
Our previous handling of SW and NSW was broken, so guest code
26
trying to use these bits to put the s2 page tables in the "other"
27
address space wouldn't work correctly.
28
29
Cc: qemu-stable@nongnu.org
30
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1600
31
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
32
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
33
Message-id: 20230504135425.2748672-3-peter.maydell@linaro.org
34
---
35
target/arm/ptw.c | 76 ++++++++++++++++++++++++++++++++----------------
36
1 file changed, 51 insertions(+), 25 deletions(-)
37
38
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
39
index XXXXXXX..XXXXXXX 100644
40
--- a/target/arm/ptw.c
41
+++ b/target/arm/ptw.c
42
@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env)
43
return stage_1_mmu_idx(arm_mmu_idx(env));
44
}
45
46
+/*
47
+ * Return where we should do ptw loads from for a stage 2 walk.
48
+ * This depends on whether the address we are looking up is a
49
+ * Secure IPA or a NonSecure IPA, which we know from whether this is
50
+ * Stage2 or Stage2_S.
51
+ * If this is the Secure EL1&0 regime we need to check the NSW and SW bits.
52
+ */
53
+static ARMMMUIdx ptw_idx_for_stage_2(CPUARMState *env, ARMMMUIdx stage2idx)
54
+{
55
+ bool s2walk_secure;
56
+
57
+ /*
58
+ * We're OK to check the current state of the CPU here because
59
+ * (1) we always invalidate all TLBs when the SCR_EL3.NS bit changes
60
+ * (2) there's no way to do a lookup that cares about Stage 2 for a
61
+ * different security state to the current one for AArch64, and AArch32
62
+ * never has a secure EL2. (AArch32 ATS12NSO[UP][RW] allow EL3 to do
63
+ * an NS stage 1+2 lookup while the NS bit is 0.)
64
+ */
65
+ if (!arm_is_secure_below_el3(env) || !arm_el_is_aa64(env, 3)) {
66
+ return ARMMMUIdx_Phys_NS;
67
+ }
68
+ if (stage2idx == ARMMMUIdx_Stage2_S) {
69
+ s2walk_secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
70
+ } else {
71
+ s2walk_secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
72
+ }
73
+ return s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
74
+
75
+}
76
+
77
static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx)
78
{
79
return (regime_sctlr(env, mmu_idx) & SCTLR_EE) != 0;
80
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
81
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
82
ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
83
uint8_t pte_attrs;
84
- bool pte_secure;
85
86
ptw->out_virt = addr;
87
88
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
89
if (regime_is_stage2(s2_mmu_idx)) {
90
S1Translate s2ptw = {
91
.in_mmu_idx = s2_mmu_idx,
92
- .in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS,
93
- .in_secure = is_secure,
94
+ .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
95
+ .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
96
.in_debug = true,
97
};
98
GetPhysAddrResult s2 = { };
99
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
100
}
101
ptw->out_phys = s2.f.phys_addr;
102
pte_attrs = s2.cacheattrs.attrs;
103
- pte_secure = s2.f.attrs.secure;
104
+ ptw->out_secure = s2.f.attrs.secure;
105
} else {
106
/* Regime is physical. */
107
ptw->out_phys = addr;
108
pte_attrs = 0;
109
- pte_secure = is_secure;
110
+ ptw->out_secure = s2_mmu_idx == ARMMMUIdx_Phys_S;
111
}
112
ptw->out_host = NULL;
113
ptw->out_rw = false;
114
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
115
ptw->out_phys = full->phys_addr | (addr & ~TARGET_PAGE_MASK);
116
ptw->out_rw = full->prot & PAGE_WRITE;
117
pte_attrs = full->pte_attrs;
118
- pte_secure = full->attrs.secure;
119
+ ptw->out_secure = full->attrs.secure;
120
#else
121
g_assert_not_reached();
122
#endif
123
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
124
}
125
}
126
127
- /* Check if page table walk is to secure or non-secure PA space. */
128
- ptw->out_secure = (is_secure
129
- && !(pte_secure
130
- ? env->cp15.vstcr_el2 & VSTCR_SW
131
- : env->cp15.vtcr_el2 & VTCR_NSW));
132
ptw->out_be = regime_translation_big_endian(env, mmu_idx);
133
return true;
134
135
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
136
hwaddr ipa;
137
int s1_prot, s1_lgpgsz;
138
bool is_secure = ptw->in_secure;
139
- bool ret, ipa_secure, s2walk_secure;
140
+ bool ret, ipa_secure;
141
ARMCacheAttrs cacheattrs1;
142
bool is_el0;
143
uint64_t hcr;
144
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
145
146
ipa = result->f.phys_addr;
147
ipa_secure = result->f.attrs.secure;
148
- if (is_secure) {
149
- /* Select TCR based on the NS bit from the S1 walk. */
150
- s2walk_secure = !(ipa_secure
151
- ? env->cp15.vstcr_el2 & VSTCR_SW
152
- : env->cp15.vtcr_el2 & VTCR_NSW);
153
- } else {
154
- assert(!ipa_secure);
155
- s2walk_secure = false;
156
- }
157
158
is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
159
- ptw->in_mmu_idx = s2walk_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
160
- ptw->in_ptw_idx = s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
161
- ptw->in_secure = s2walk_secure;
162
+ ptw->in_mmu_idx = ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
163
+ ptw->in_secure = ipa_secure;
164
+ ptw->in_ptw_idx = ptw_idx_for_stage_2(env, ptw->in_mmu_idx);
165
166
/*
167
* S1 is done, now do S2 translation.
168
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
169
ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
170
break;
171
172
+ case ARMMMUIdx_Stage2:
173
+ case ARMMMUIdx_Stage2_S:
174
+ /*
175
+ * Second stage lookup uses physical for ptw; whether this is S or
176
+ * NS may depend on the SW/NSW bits if this is a stage 2 lookup for
177
+ * the Secure EL2&0 regime.
178
+ */
179
+ ptw->in_ptw_idx = ptw_idx_for_stage_2(env, mmu_idx);
180
+ break;
181
+
182
case ARMMMUIdx_E10_0:
183
s1_mmu_idx = ARMMMUIdx_Stage1_E0;
184
goto do_twostage;
185
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
186
/* fall through */
187
188
default:
189
- /* Single stage and second stage uses physical for ptw. */
190
+ /* Single stage uses physical for ptw. */
191
ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
192
break;
193
}
194
--
195
2.34.1
diff view generated by jsdifflib
New patch
[PULL 05/12] MAINTAINERS: Update Akihiko Odaki's email address
1
From: Akihiko Odaki <akihiko.odaki@gmail.com>
1
2
3
I am now employed by Daynix. Although my role as a reviewer of
4
macOS-related change is not very relevant to the employment, I decided
5
to use the company email address to avoid confusions from different
6
addresses.
7
8
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
9
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
10
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
11
Message-id: 20230506072333.32510-1-akihiko.odaki@daynix.com
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
14
MAINTAINERS | 4 ++--
15
1 file changed, 2 insertions(+), 2 deletions(-)
16
17
diff --git a/MAINTAINERS b/MAINTAINERS
18
index XXXXXXX..XXXXXXX 100644
19
--- a/MAINTAINERS
20
+++ b/MAINTAINERS
21
@@ -XXX,XX +XXX,XX @@ Core Audio framework backend
22
M: Gerd Hoffmann <kraxel@redhat.com>
23
M: Philippe Mathieu-Daudé <philmd@linaro.org>
24
R: Christian Schoenebeck <qemu_oss@crudebyte.com>
25
-R: Akihiko Odaki <akihiko.odaki@gmail.com>
26
+R: Akihiko Odaki <akihiko.odaki@daynix.com>
27
S: Odd Fixes
28
F: audio/coreaudio.c
29
30
@@ -XXX,XX +XXX,XX @@ F: docs/devel/ui.rst
31
Cocoa graphics
32
M: Peter Maydell <peter.maydell@linaro.org>
33
M: Philippe Mathieu-Daudé <philmd@linaro.org>
34
-R: Akihiko Odaki <akihiko.odaki@gmail.com>
35
+R: Akihiko Odaki <akihiko.odaki@daynix.com>
36
S: Odd Fixes
37
F: ui/cocoa.m
38
39
--
40
2.34.1
41
42
diff view generated by jsdifflib
New patch
[PULL 06/12] ui: Fix pixel colour channel order for PNG screenshots
1
When we take a PNG screenshot the ordering of the colour channels in
2
the data is not correct, resulting in the image having weird
3
colouring compared to the actual display. (Specifically, on a
4
little-endian host the blue and red channels are swapped; on
5
big-endian everything is wrong.)
1
6
7
This happens because the pixman idea of the pixel data and the libpng
8
idea differ. PIXMAN_a8r8g8b8 defines that pixels are 32-bit values,
9
with A in bits 24-31, R in bits 16-23, G in bits 8-15 and B in bits
10
0-7. This means that on little-endian systems the bytes in memory
11
are
12
B G R A
13
and on big-endian systems they are
14
A R G B
15
16
libpng, on the other hand, thinks of pixels as being a series of
17
values for each channel, so its format PNG_COLOR_TYPE_RGB_ALPHA
18
always wants bytes in the order
19
R G B A
20
21
This isn't the same as the pixman order for either big or little
22
endian hosts.
23
24
The alpha channel is also unnecessary bulk in the output PNG file,
25
because there is no alpha information in a screenshot.
26
27
To handle the endianness issue, we already define in ui/qemu-pixman.h
28
various PIXMAN_BE_* and PIXMAN_LE_* values that give consistent
29
byte-order pixel channel formats. So we can use PIXMAN_BE_r8g8b8 and
30
PNG_COLOR_TYPE_RGB, which both have an in-memory byte order of
31
R G B
32
and 3 bytes per pixel.
33
34
(PPM format screenshots get this right; they already use the
35
PIXMAN_BE_r8g8b8 format.)
36
37
Cc: qemu-stable@nongnu.org
38
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1622
39
Fixes: 9a0a119a382867 ("Added parameter to take screenshot with screendump as PNG")
40
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
41
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
42
Message-id: 20230502135548.2451309-1-peter.maydell@linaro.org
43
---
44
ui/console.c | 4 ++--
45
1 file changed, 2 insertions(+), 2 deletions(-)
46
47
diff --git a/ui/console.c b/ui/console.c
48
index XXXXXXX..XXXXXXX 100644
49
--- a/ui/console.c
50
+++ b/ui/console.c
51
@@ -XXX,XX +XXX,XX @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
52
png_struct *png_ptr;
53
png_info *info_ptr;
54
g_autoptr(pixman_image_t) linebuf =
55
- qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width);
56
+ qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, width);
57
uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf);
58
FILE *f = fdopen(fd, "wb");
59
int y;
60
@@ -XXX,XX +XXX,XX @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
61
png_init_io(png_ptr, f);
62
63
png_set_IHDR(png_ptr, info_ptr, width, height, 8,
64
- PNG_COLOR_TYPE_RGB_ALPHA, PNG_INTERLACE_NONE,
65
+ PNG_COLOR_TYPE_RGB, PNG_INTERLACE_NONE,
66
PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE);
67
68
png_write_info(png_ptr, info_ptr);
69
--
70
2.34.1
71
72
diff view generated by jsdifflib
New patch
[PULL 07/12] docs: Remove unused weirdly-named cross-reference targets
1
In the doc sources, we have a few cross-reference targets with odd
2
names "pcsys_005fxyz". These are the legacy of the semi-automated
3
conversion of the old info docs to rST (the '005f' is because ASCII
4
0x5f is '_' and the old info link names had underscores in them).
1
5
6
Remove the targets which nothing links to, and rename the two targets
7
which are used to something a bit more descriptive.
8
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Message-id: 20230421163642.1151904-1-peter.maydell@linaro.org
11
Reviewed-by: Markus Armbruster <armbru@redhat.com>
12
---
13
docs/system/devices/igb.rst | 2 +-
14
docs/system/devices/ivshmem.rst | 2 --
15
docs/system/devices/net.rst | 2 +-
16
docs/system/devices/usb.rst | 2 --
17
docs/system/keys.rst | 2 +-
18
docs/system/linuxboot.rst | 2 +-
19
docs/system/target-i386.rst | 4 ----
20
7 files changed, 4 insertions(+), 12 deletions(-)
21
22
diff --git a/docs/system/devices/igb.rst b/docs/system/devices/igb.rst
23
index XXXXXXX..XXXXXXX 100644
24
--- a/docs/system/devices/igb.rst
25
+++ b/docs/system/devices/igb.rst
26
@@ -XXX,XX +XXX,XX @@ Using igb
27
=========
28
29
Using igb should be nothing different from using another network device. See
30
-:ref:`pcsys_005fnetwork` in general.
31
+:ref:`Network_emulation` in general.
32
33
However, you may also need to perform additional steps to activate SR-IOV
34
feature on your guest. For Linux, refer to [4]_.
35
diff --git a/docs/system/devices/ivshmem.rst b/docs/system/devices/ivshmem.rst
36
index XXXXXXX..XXXXXXX 100644
37
--- a/docs/system/devices/ivshmem.rst
38
+++ b/docs/system/devices/ivshmem.rst
39
@@ -XXX,XX +XXX,XX @@
40
-.. _pcsys_005fivshmem:
41
-
42
Inter-VM Shared Memory device
43
-----------------------------
44
45
diff --git a/docs/system/devices/net.rst b/docs/system/devices/net.rst
46
index XXXXXXX..XXXXXXX 100644
47
--- a/docs/system/devices/net.rst
48
+++ b/docs/system/devices/net.rst
49
@@ -XXX,XX +XXX,XX @@
50
-.. _pcsys_005fnetwork:
51
+.. _Network_Emulation:
52
53
Network emulation
54
-----------------
55
diff --git a/docs/system/devices/usb.rst b/docs/system/devices/usb.rst
56
index XXXXXXX..XXXXXXX 100644
57
--- a/docs/system/devices/usb.rst
58
+++ b/docs/system/devices/usb.rst
59
@@ -XXX,XX +XXX,XX @@
60
-.. _pcsys_005fusb:
61
-
62
USB emulation
63
-------------
64
65
diff --git a/docs/system/keys.rst b/docs/system/keys.rst
66
index XXXXXXX..XXXXXXX 100644
67
--- a/docs/system/keys.rst
68
+++ b/docs/system/keys.rst
69
@@ -XXX,XX +XXX,XX @@
70
-.. _pcsys_005fkeys:
71
+.. _GUI_keys:
72
73
Keys in the graphical frontends
74
-------------------------------
75
diff --git a/docs/system/linuxboot.rst b/docs/system/linuxboot.rst
76
index XXXXXXX..XXXXXXX 100644
77
--- a/docs/system/linuxboot.rst
78
+++ b/docs/system/linuxboot.rst
79
@@ -XXX,XX +XXX,XX @@ virtual serial port and the QEMU monitor to the console with the
80
-append "root=/dev/hda console=ttyS0" -nographic
81
82
Use Ctrl-a c to switch between the serial console and the monitor (see
83
-:ref:`pcsys_005fkeys`).
84
+:ref:`GUI_keys`).
85
diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst
86
index XXXXXXX..XXXXXXX 100644
87
--- a/docs/system/target-i386.rst
88
+++ b/docs/system/target-i386.rst
89
@@ -XXX,XX +XXX,XX @@
90
x86 System emulator
91
-------------------
92
93
-.. _pcsys_005fdevices:
94
-
95
Board-specific documentation
96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
97
98
@@ -XXX,XX +XXX,XX @@ Architectural features
99
i386/sgx
100
i386/amd-memory-encryption
101
102
-.. _pcsys_005freq:
103
-
104
OS requirements
105
~~~~~~~~~~~~~~~
106
107
--
108
2.34.1
diff view generated by jsdifflib
New patch
[PULL 08/12] hw/mips/malta: Fix minor dead code issue
1
Coverity points out (in CID 1508390) that write_bootloader has
2
some dead code, where we assign to 'p' and then in the following
3
line assign to it again. This happened as a result of the
4
refactoring in commit cd5066f8618b.
1
5
6
Fix the dead code by removing the 'void *v' variable entirely and
7
instead adding a cast when calling bl_setup_gt64120_jump_kernel(), as
8
we do at its other callsite in write_bootloader_nanomips().
9
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
12
---
13
hw/mips/malta.c | 5 +----
14
1 file changed, 1 insertion(+), 4 deletions(-)
15
16
diff --git a/hw/mips/malta.c b/hw/mips/malta.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/hw/mips/malta.c
19
+++ b/hw/mips/malta.c
20
@@ -XXX,XX +XXX,XX @@ static void write_bootloader(uint8_t *base, uint64_t run_addr,
21
uint64_t kernel_entry)
22
{
23
uint32_t *p;
24
- void *v;
25
26
/* Small bootloader */
27
p = (uint32_t *)base;
28
@@ -XXX,XX +XXX,XX @@ static void write_bootloader(uint8_t *base, uint64_t run_addr,
29
*
30
*/
31
32
- v = p;
33
- bl_setup_gt64120_jump_kernel(&v, run_addr, kernel_entry);
34
- p = v;
35
+ bl_setup_gt64120_jump_kernel((void **)&p, run_addr, kernel_entry);
36
37
/* YAMON subroutines */
38
p = (uint32_t *) (base + 0x800);
39
--
40
2.34.1
41
42
diff view generated by jsdifflib
New patch
[PULL 09/12] target/arm: Select SEMIHOSTING when using TCG
1
From: Fabiano Rosas <farosas@suse.de>
1
2
3
Semihosting has been made a 'default y' entry in Kconfig, which does
4
not work because when building --without-default-devices, the
5
semihosting code would not be available.
6
7
Make semihosting unconditional when TCG is present.
8
9
Fixes: 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a KVM-only build")
10
Signed-off-by: Fabiano Rosas <farosas@suse.de>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Message-id: 20230508181611.2621-2-farosas@suse.de
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
15
target/arm/Kconfig | 8 +-------
16
1 file changed, 1 insertion(+), 7 deletions(-)
17
18
diff --git a/target/arm/Kconfig b/target/arm/Kconfig
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/Kconfig
21
+++ b/target/arm/Kconfig
22
@@ -XXX,XX +XXX,XX @@
23
config ARM
24
bool
25
+ select ARM_COMPATIBLE_SEMIHOSTING if TCG
26
27
config AARCH64
28
bool
29
select ARM
30
-
31
-# This config exists just so we can make SEMIHOSTING default when TCG
32
-# is selected without also changing it for other architectures.
33
-config ARM_SEMIHOSTING
34
- bool
35
- default y if TCG && ARM
36
- select ARM_COMPATIBLE_SEMIHOSTING
37
--
38
2.34.1
diff view generated by jsdifflib
New patch
[PULL 10/12] target/arm: Select CONFIG_ARM_V7M when TCG is enabled
1
From: Fabiano Rosas <farosas@suse.de>
1
2
3
We cannot allow this config to be disabled at the moment as not all of
4
the relevant code is protected by it.
5
6
Commit 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a
7
KVM-only build") moved the CONFIGs of several boards to Kconfig, so it
8
is now possible that nothing selects ARM_V7M (e.g. when doing a
9
--without-default-devices build).
10
11
Return the CONFIG_ARM_V7M entry to a state where it is always selected
12
whenever TCG is available.
13
14
Fixes: 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a KVM-only build")
15
Signed-off-by: Fabiano Rosas <farosas@suse.de>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Message-id: 20230508181611.2621-3-farosas@suse.de
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
---
20
target/arm/Kconfig | 1 +
21
1 file changed, 1 insertion(+)
22
23
diff --git a/target/arm/Kconfig b/target/arm/Kconfig
24
index XXXXXXX..XXXXXXX 100644
25
--- a/target/arm/Kconfig
26
+++ b/target/arm/Kconfig
27
@@ -XXX,XX +XXX,XX @@
28
config ARM
29
bool
30
select ARM_COMPATIBLE_SEMIHOSTING if TCG
31
+ select ARM_V7M if TCG
32
33
config AARCH64
34
bool
35
--
36
2.34.1
diff view generated by jsdifflib
New patch
[PULL 11/12] tests/qtest: Don't run cdrom boot tests if no accelerator is present
1
From: Fabiano Rosas <farosas@suse.de>
1
2
3
On a build configured with: --disable-tcg --enable-xen it is possible
4
to produce a QEMU binary with no TCG nor KVM support. Skip the cdrom
5
boot tests if that's the case.
6
7
Fixes: 0c1ae3ff9d ("tests/qtest: Fix tests when no KVM or TCG are present")
8
Signed-off-by: Fabiano Rosas <farosas@suse.de>
9
Reviewed-by: Thomas Huth <thuth@redhat.com>
10
Message-id: 20230508181611.2621-4-farosas@suse.de
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
tests/qtest/cdrom-test.c | 10 ++++++++++
14
1 file changed, 10 insertions(+)
15
16
diff --git a/tests/qtest/cdrom-test.c b/tests/qtest/cdrom-test.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/tests/qtest/cdrom-test.c
19
+++ b/tests/qtest/cdrom-test.c
20
@@ -XXX,XX +XXX,XX @@ static void test_cdboot(gconstpointer data)
21
22
static void add_x86_tests(void)
23
{
24
+ if (!qtest_has_accel("tcg") && !qtest_has_accel("kvm")) {
25
+ g_test_skip("No KVM or TCG accelerator available, skipping boot tests");
26
+ return;
27
+ }
28
+
29
qtest_add_data_func("cdrom/boot/default", "-cdrom ", test_cdboot);
30
qtest_add_data_func("cdrom/boot/virtio-scsi",
31
"-device virtio-scsi -device scsi-cd,drive=cdr "
32
@@ -XXX,XX +XXX,XX @@ static void add_x86_tests(void)
33
34
static void add_s390x_tests(void)
35
{
36
+ if (!qtest_has_accel("tcg") && !qtest_has_accel("kvm")) {
37
+ g_test_skip("No KVM or TCG accelerator available, skipping boot tests");
38
+ return;
39
+ }
40
+
41
qtest_add_data_func("cdrom/boot/default", "-cdrom ", test_cdboot);
42
qtest_add_data_func("cdrom/boot/virtio-scsi",
43
"-device virtio-scsi -device scsi-cd,drive=cdr "
44
--
45
2.34.1
diff view generated by jsdifflib
New patch
[PULL 12/12] target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check
1
In check_s2_mmu_setup() we have a check that is attempting to
2
implement the part of AArch64.S2MinTxSZ that is specific to when EL1
3
is AArch32:
1
4
5
if !s1aarch64 then
6
// EL1 is AArch32
7
min_txsz = Min(min_txsz, 24);
8
9
Unfortunately we got this wrong in two ways:
10
11
(1) The minimum txsz corresponds to a maximum inputsize, but we got
12
the sense of the comparison wrong and were faulting for all
13
inputsizes less than 40 bits
14
15
(2) We try to implement this as an extra check that happens after
16
we've done the same txsz checks we would do for an AArch64 EL1, but
17
in fact the pseudocode is *loosening* the requirements, so that txsz
18
values that would fault for an AArch64 EL1 do not fault for AArch32
19
EL1, because it does Min(old_min, 24), not Max(old_min, 24).
20
21
You can see this also in the text of the Arm ARM in table D8-8, which
22
shows that where the implemented PA size is less than 40 bits an
23
AArch32 EL1 is still OK with a configured stage2 T0SZ for a 40 bit
24
IPA, whereas if EL1 is AArch64 then the T0SZ must be big enough to
25
constrain the IPA to the implemented PA size.
26
27
Because of part (2), we can't do this as a separate check, but
28
have to integrate it into aa64_va_parameters(). Add a new argument
29
to that function to indicate that EL1 is 32-bit. All the existing
30
callsites except the one in get_phys_addr_lpae() can pass 'false',
31
because they are either doing a lookup for a stage 1 regime or
32
else they don't care about the tsz/tsz_oob fields.
33
34
Cc: qemu-stable@nongnu.org
35
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1627
36
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
37
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
38
Message-id: 20230509092059.3176487-1-peter.maydell@linaro.org
39
---
40
target/arm/internals.h | 12 +++++++++++-
41
target/arm/gdbstub64.c | 2 +-
42
target/arm/helper.c | 15 +++++++++++++--
43
target/arm/ptw.c | 14 ++------------
44
target/arm/tcg/pauth_helper.c | 6 +++---
45
5 files changed, 30 insertions(+), 19 deletions(-)
46
47
diff --git a/target/arm/internals.h b/target/arm/internals.h
48
index XXXXXXX..XXXXXXX 100644
49
--- a/target/arm/internals.h
50
+++ b/target/arm/internals.h
51
@@ -XXX,XX +XXX,XX @@ typedef struct ARMVAParameters {
52
ARMGranuleSize gran : 2;
53
} ARMVAParameters;
54
55
+/**
56
+ * aa64_va_parameters: Return parameters for an AArch64 virtual address
57
+ * @env: CPU
58
+ * @va: virtual address to look up
59
+ * @mmu_idx: determines translation regime to use
60
+ * @data: true if this is a data access
61
+ * @el1_is_aa32: true if we are asking about stage 2 when EL1 is AArch32
62
+ * (ignored if @mmu_idx is for a stage 1 regime; only affects tsz/tsz_oob)
63
+ */
64
ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
65
- ARMMMUIdx mmu_idx, bool data);
66
+ ARMMMUIdx mmu_idx, bool data,
67
+ bool el1_is_aa32);
68
69
int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx);
70
int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx);
71
diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c
72
index XXXXXXX..XXXXXXX 100644
73
--- a/target/arm/gdbstub64.c
74
+++ b/target/arm/gdbstub64.c
75
@@ -XXX,XX +XXX,XX @@ int aarch64_gdb_get_pauth_reg(CPUARMState *env, GByteArray *buf, int reg)
76
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
77
ARMVAParameters param;
78
79
- param = aa64_va_parameters(env, -is_high, mmu_idx, is_data);
80
+ param = aa64_va_parameters(env, -is_high, mmu_idx, is_data, false);
81
return gdb_get_reg64(buf, pauth_ptr_mask(param));
82
}
83
default:
84
diff --git a/target/arm/helper.c b/target/arm/helper.c
85
index XXXXXXX..XXXXXXX 100644
86
--- a/target/arm/helper.c
87
+++ b/target/arm/helper.c
88
@@ -XXX,XX +XXX,XX @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx,
89
unsigned int page_size_granule, page_shift, num, scale, exponent;
90
/* Extract one bit to represent the va selector in use. */
91
uint64_t select = sextract64(value, 36, 1);
92
- ARMVAParameters param = aa64_va_parameters(env, select, mmuidx, true);
93
+ ARMVAParameters param = aa64_va_parameters(env, select, mmuidx, true, false);
94
TLBIRange ret = { };
95
ARMGranuleSize gran;
96
97
@@ -XXX,XX +XXX,XX @@ static ARMGranuleSize sanitize_gran_size(ARMCPU *cpu, ARMGranuleSize gran,
98
}
99
100
ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
101
- ARMMMUIdx mmu_idx, bool data)
102
+ ARMMMUIdx mmu_idx, bool data,
103
+ bool el1_is_aa32)
104
{
105
uint64_t tcr = regime_tcr(env, mmu_idx);
106
bool epd, hpd, tsz_oob, ds, ha, hd;
107
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
108
}
109
}
110
111
+ if (stage2 && el1_is_aa32) {
112
+ /*
113
+ * For AArch32 EL1 the min txsz (and thus max IPA size) requirements
114
+ * are loosened: a configured IPA of 40 bits is permitted even if
115
+ * the implemented PA is less than that (and so a 40 bit IPA would
116
+ * fault for an AArch64 EL1). See R_DTLMN.
117
+ */
118
+ min_tsz = MIN(min_tsz, 24);
119
+ }
120
+
121
if (tsz > max_tsz) {
122
tsz = max_tsz;
123
tsz_oob = true;
124
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
125
index XXXXXXX..XXXXXXX 100644
126
--- a/target/arm/ptw.c
127
+++ b/target/arm/ptw.c
128
@@ -XXX,XX +XXX,XX @@ static int check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, uint64_t tcr,
129
130
sl0 = extract32(tcr, 6, 2);
131
if (is_aa64) {
132
- /*
133
- * AArch64.S2InvalidTxSZ: While we checked tsz_oob near the top of
134
- * get_phys_addr_lpae, that used aa64_va_parameters which apply
135
- * to aarch64. If Stage1 is aarch32, the min_txsz is larger.
136
- * See AArch64.S2MinTxSZ, where min_tsz is 24, translated to
137
- * inputsize is 64 - 24 = 40.
138
- */
139
- if (iasize < 40 && !arm_el_is_aa64(&cpu->env, 1)) {
140
- goto fail;
141
- }
142
-
143
/*
144
* AArch64.S2InvalidSL: Interpretation of SL depends on the page size,
145
* so interleave AArch64.S2StartLevel.
146
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
147
int ps;
148
149
param = aa64_va_parameters(env, address, mmu_idx,
150
- access_type != MMU_INST_FETCH);
151
+ access_type != MMU_INST_FETCH,
152
+ !arm_el_is_aa64(env, 1));
153
level = 0;
154
155
/*
156
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
157
index XXXXXXX..XXXXXXX 100644
158
--- a/target/arm/tcg/pauth_helper.c
159
+++ b/target/arm/tcg/pauth_helper.c
160
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
161
ARMPACKey *key, bool data)
162
{
163
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
164
- ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
165
+ ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
166
uint64_t pac, ext_ptr, ext, test;
167
int bot_bit, top_bit;
168
169
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
170
ARMPACKey *key, bool data, int keynumber)
171
{
172
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
173
- ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
174
+ ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
175
int bot_bit, top_bit;
176
uint64_t pac, orig_ptr, test;
177
178
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
179
static uint64_t pauth_strip(CPUARMState *env, uint64_t ptr, bool data)
180
{
181
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
182
- ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
183
+ ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
184
185
return pauth_original_ptr(ptr, param);
186
}
187
--
188
2.34.1
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.