target-arm queue for softfreeze: This has all the big stuff I want to get in for softfreeze; there may be one or two smaller patches I pick up later in the week. thanks -- PMM The following changes since commit 0984a157c1c053394adbf64ed7de97f1aebe6a2d: Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging (2019-03-05 09:33:20 +0000) are available in the Git repository at: https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190305 for you to fetch changes up to 566528f823d1a2e9eb2d7b2ed839547cb31bfc34: hw/arm/stellaris: Implement watchdog timer (2019-03-05 15:55:09 +0000) ---------------------------------------------------------------- target-arm queue: * Fix PC test for LDM (exception return) * Implement ARMv8.0-SB * Implement ARMv8.0-PredInv * Implement ARMv8.4-CondM * Implement ARMv8.5-CondM * Implement ARMv8.5-FRINT * hw/arm/stellaris: Implement watchdog timer * virt: support more than 255GB of RAM ---------------------------------------------------------------- Eric Auger (9): hw/arm/virt: Rename highmem IO regions hw/arm/virt: Split the memory map description hw/boards: Add a MachineState parameter to kvm_type callback kvm: add kvm_arm_get_max_vm_ipa_size vl: Set machine ram_size, maxram_size and ram_slots earlier hw/arm/virt: Dynamic memory map depending on RAM requirements hw/arm/virt: Implement kvm_type function for 4.0 machine hw/arm/virt: Check the VCPU PA range in TCG mode hw/arm/virt: Bump the 255GB initial RAM limit Michel Heily (1): hw/arm/stellaris: Implement watchdog timer Richard Henderson (11): target/arm: Fix PC test for LDM (exception return) target/arm: Split out arm_sctlr target/arm: Implement ARMv8.0-SB target/arm: Implement ARMv8.0-PredInv target/arm: Split helper_msr_i_pstate into 3 target/arm: Add set/clear_pstate_bits, share gen_ss_advance target/arm: Rearrange disas_data_proc_reg target/arm: Implement ARMv8.4-CondM target/arm: Implement ARMv8.5-CondM target/arm: Restructure handle_fp_1src_{single, double} target/arm: Implement ARMv8.5-FRINT Shameer Kolothum (1): hw/arm/boot: introduce fdt_add_memory_node helper include/hw/arm/virt.h | 16 +- include/hw/boards.h | 5 +- include/hw/watchdog/cmsdk-apb-watchdog.h | 8 + target/arm/cpu.h | 64 ++++- target/arm/helper-a64.h | 3 + target/arm/helper.h | 8 +- target/arm/internals.h | 15 + target/arm/kvm_arm.h | 13 + target/arm/translate.h | 34 +++ accel/kvm/kvm-all.c | 2 +- hw/arm/boot.c | 54 ++-- hw/arm/stellaris.c | 22 +- hw/arm/virt-acpi-build.c | 10 +- hw/arm/virt.c | 196 ++++++++++--- hw/ppc/mac_newworld.c | 3 +- hw/ppc/mac_oldworld.c | 2 +- hw/ppc/spapr.c | 2 +- hw/watchdog/cmsdk-apb-watchdog.c | 74 ++++- linux-user/elfload.c | 2 + target/arm/cpu.c | 2 + target/arm/cpu64.c | 6 + target/arm/helper-a64.c | 30 ++ target/arm/helper.c | 63 +++- target/arm/kvm.c | 10 + target/arm/op_helper.c | 47 --- target/arm/translate-a64.c | 478 +++++++++++++++++++++++-------- target/arm/translate.c | 35 ++- target/arm/vfp_helper.c | 96 +++++++ vl.c | 6 +- 29 files changed, 1032 insertions(+), 274 deletions(-) From: Richard Henderson <richard.henderson@linaro.org> Found by inspection: Rn is the base register against which the load began; I is the register within the mask being processed. The exception return should of course be processed from the loaded PC. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190301202921.21209-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/translate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/translate.c b/target/arm/translate.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn) } else if (i == rn) { loaded_var = tmp; loaded_base = 1; - } else if (rn == 15 && exc_return) { + } else if (i == 15 && exc_return) { store_pc_exc_ret(s, tmp); } else { store_reg_from_load(s, i, tmp); -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> Minimize the number of places that will need updating when the virtual host extensions are added. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190301200501.16533-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 26 ++++++++++++++++---------- target/arm/helper.c | 8 ++------ 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline bool arm_sctlr_b(CPUARMState *env) (env->cp15.sctlr_el[1] & SCTLR_B) != 0; } +static inline uint64_t arm_sctlr(CPUARMState *env, int el) +{ + if (el == 0) { + /* FIXME: ARMv8.1-VHE S2 translation regime. */ + return env->cp15.sctlr_el[1]; + } else { + return env->cp15.sctlr_el[el]; + } +} + + /* Return true if the processor is in big-endian mode. */ static inline bool arm_cpu_data_is_big_endian(CPUARMState *env) { - int cur_el; - /* In 32bit endianness is determined by looking at CPSR's E bit */ if (!is_a64(env)) { return @@ -XXX,XX +XXX,XX @@ static inline bool arm_cpu_data_is_big_endian(CPUARMState *env) arm_sctlr_b(env) || #endif ((env->uncached_cpsr & CPSR_E) ? 1 : 0); + } else { + int cur_el = arm_current_el(env); + uint64_t sctlr = arm_sctlr(env, cur_el); + + return (sctlr & (cur_el ? SCTLR_EE : SCTLR_E0E)) != 0; } - - cur_el = arm_current_el(env); - - if (cur_el == 0) { - return (env->cp15.sctlr_el[1] & SCTLR_E0E) != 0; - } - - return (env->cp15.sctlr_el[cur_el] & SCTLR_EE) != 0; } #include "exec/cpu-all.h" diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc, flags = FIELD_DP32(flags, TBFLAG_A64, ZCR_LEN, zcr_len); } - if (current_el == 0) { - /* FIXME: ARMv8.1-VHE S2 translation regime. */ - sctlr = env->cp15.sctlr_el[1]; - } else { - sctlr = env->cp15.sctlr_el[current_el]; - } + sctlr = arm_sctlr(env, current_el); + if (cpu_isar_feature(aa64_pauth, cpu)) { /* * In order to save space in flags, we record only whether -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190301200501.16533-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 10 ++++++++++ linux-user/elfload.c | 1 + target/arm/cpu.c | 1 + target/arm/cpu64.c | 2 ++ target/arm/translate-a64.c | 14 ++++++++++++++ target/arm/translate.c | 22 ++++++++++++++++++++++ 6 files changed, 50 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa32_fhm(const ARMISARegisters *id) return FIELD_EX32(id->id_isar6, ID_ISAR6, FHM) != 0; } +static inline bool isar_feature_aa32_sb(const ARMISARegisters *id) +{ + return FIELD_EX32(id->id_isar6, ID_ISAR6, SB) != 0; +} + static inline bool isar_feature_aa32_fp16_arith(const ARMISARegisters *id) { /* @@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_pauth(const ARMISARegisters *id) FIELD_DP64(0, ID_AA64ISAR1, GPI, 0xf))) != 0; } +static inline bool isar_feature_aa64_sb(const ARMISARegisters *id) +{ + return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, SB) != 0; +} + static inline bool isar_feature_aa64_fp16(const ARMISARegisters *id) { /* We always set the AdvSIMD and FP fields identically wrt FP16. */ diff --git a/linux-user/elfload.c b/linux-user/elfload.c index XXXXXXX..XXXXXXX 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -XXX,XX +XXX,XX @@ static uint32_t get_elf_hwcap(void) GET_FEATURE_ID(aa64_pauth, ARM_HWCAP_A64_PACA | ARM_HWCAP_A64_PACG); GET_FEATURE_ID(aa64_fhm, ARM_HWCAP_A64_ASIMDFHM); GET_FEATURE_ID(aa64_jscvt, ARM_HWCAP_A64_JSCVT); + GET_FEATURE_ID(aa64_sb, ARM_HWCAP_A64_SB); #undef GET_FEATURE_ID diff --git a/target/arm/cpu.c b/target/arm/cpu.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -XXX,XX +XXX,XX @@ static void arm_max_initfn(Object *obj) t = FIELD_DP32(t, ID_ISAR6, JSCVT, 1); t = FIELD_DP32(t, ID_ISAR6, DP, 1); t = FIELD_DP32(t, ID_ISAR6, FHM, 1); + t = FIELD_DP32(t, ID_ISAR6, SB, 1); cpu->isar.id_isar6 = t; t = cpu->id_mmfr4; diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) t = FIELD_DP64(t, ID_AA64ISAR1, API, 0); t = FIELD_DP64(t, ID_AA64ISAR1, GPA, 1); t = FIELD_DP64(t, ID_AA64ISAR1, GPI, 0); + t = FIELD_DP64(t, ID_AA64ISAR1, SB, 1); cpu->isar.id_aa64isar1 = t; t = cpu->isar.id_aa64pfr0; @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) u = FIELD_DP32(u, ID_ISAR6, JSCVT, 1); u = FIELD_DP32(u, ID_ISAR6, DP, 1); u = FIELD_DP32(u, ID_ISAR6, FHM, 1); + u = FIELD_DP32(u, ID_ISAR6, SB, 1); cpu->isar.id_isar6 = u; /* diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void handle_sync(DisasContext *s, uint32_t insn, reset_btype(s); gen_goto_tb(s, 0, s->pc); return; + + case 7: /* SB */ + if (crm != 0 || !dc_isar_feature(aa64_sb, s)) { + goto do_unallocated; + } + /* + * TODO: There is no speculation barrier opcode for TCG; + * MB and end the TB instead. + */ + tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC); + gen_goto_tb(s, 0, s->pc); + return; + default: + do_unallocated: unallocated_encoding(s); return; } diff --git a/target/arm/translate.c b/target/arm/translate.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn) */ gen_goto_tb(s, 0, s->pc & ~1); return; + case 7: /* sb */ + if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) { + goto illegal_op; + } + /* + * TODO: There is no speculation barrier opcode + * for TCG; MB and end the TB instead. + */ + tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC); + gen_goto_tb(s, 0, s->pc & ~1); + return; default: goto illegal_op; } @@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) */ gen_goto_tb(s, 0, s->pc & ~1); break; + case 7: /* sb */ + if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) { + goto illegal_op; + } + /* + * TODO: There is no speculation barrier opcode + * for TCG; MB and end the TB instead. + */ + tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC); + gen_goto_tb(s, 0, s->pc & ~1); + break; default: goto illegal_op; } -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190301200501.16533-4-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 13 ++++++++++- target/arm/cpu.c | 1 + target/arm/cpu64.c | 2 ++ target/arm/helper.c | 55 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 70 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ void pmu_init(ARMCPU *cpu); #define SCTLR_R (1U << 9) /* up to v6; RAZ in v7 */ #define SCTLR_UMA (1U << 9) /* v8 onward, AArch64 only */ #define SCTLR_F (1U << 10) /* up to v6 */ -#define SCTLR_SW (1U << 10) /* v7, RES0 in v8 */ +#define SCTLR_SW (1U << 10) /* v7 */ +#define SCTLR_EnRCTX (1U << 10) /* in v8.0-PredInv */ #define SCTLR_Z (1U << 11) /* in v7, RES1 in v8 */ #define SCTLR_EOS (1U << 11) /* v8.5-ExS */ #define SCTLR_I (1U << 12) @@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa32_sb(const ARMISARegisters *id) return FIELD_EX32(id->id_isar6, ID_ISAR6, SB) != 0; } +static inline bool isar_feature_aa32_predinv(const ARMISARegisters *id) +{ + return FIELD_EX32(id->id_isar6, ID_ISAR6, SPECRES) != 0; +} + static inline bool isar_feature_aa32_fp16_arith(const ARMISARegisters *id) { /* @@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_sb(const ARMISARegisters *id) return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, SB) != 0; } +static inline bool isar_feature_aa64_predinv(const ARMISARegisters *id) +{ + return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, SPECRES) != 0; +} + static inline bool isar_feature_aa64_fp16(const ARMISARegisters *id) { /* We always set the AdvSIMD and FP fields identically wrt FP16. */ diff --git a/target/arm/cpu.c b/target/arm/cpu.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -XXX,XX +XXX,XX @@ static void arm_max_initfn(Object *obj) t = FIELD_DP32(t, ID_ISAR6, DP, 1); t = FIELD_DP32(t, ID_ISAR6, FHM, 1); t = FIELD_DP32(t, ID_ISAR6, SB, 1); + t = FIELD_DP32(t, ID_ISAR6, SPECRES, 1); cpu->isar.id_isar6 = t; t = cpu->id_mmfr4; diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) t = FIELD_DP64(t, ID_AA64ISAR1, GPA, 1); t = FIELD_DP64(t, ID_AA64ISAR1, GPI, 0); t = FIELD_DP64(t, ID_AA64ISAR1, SB, 1); + t = FIELD_DP64(t, ID_AA64ISAR1, SPECRES, 1); cpu->isar.id_aa64isar1 = t; t = cpu->isar.id_aa64pfr0; @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) u = FIELD_DP32(u, ID_ISAR6, DP, 1); u = FIELD_DP32(u, ID_ISAR6, FHM, 1); u = FIELD_DP32(u, ID_ISAR6, SB, 1); + u = FIELD_DP32(u, ID_ISAR6, SPECRES, 1); cpu->isar.id_isar6 = u; /* diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pauth_reginfo[] = { }; #endif +static CPAccessResult access_predinv(CPUARMState *env, const ARMCPRegInfo *ri, + bool isread) +{ + int el = arm_current_el(env); + + if (el == 0) { + uint64_t sctlr = arm_sctlr(env, el); + if (!(sctlr & SCTLR_EnRCTX)) { + return CP_ACCESS_TRAP; + } + } else if (el == 1) { + uint64_t hcr = arm_hcr_el2_eff(env); + if (hcr & HCR_NV) { + return CP_ACCESS_TRAP_EL2; + } + } + return CP_ACCESS_OK; +} + +static const ARMCPRegInfo predinv_reginfo[] = { + { .name = "CFP_RCTX", .state = ARM_CP_STATE_AA64, + .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 3, .opc2 = 4, + .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv }, + { .name = "DVP_RCTX", .state = ARM_CP_STATE_AA64, + .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 3, .opc2 = 5, + .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv }, + { .name = "CPP_RCTX", .state = ARM_CP_STATE_AA64, + .opc0 = 1, .opc1 = 3, .crn = 7, .crm = 3, .opc2 = 7, + .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv }, + /* + * Note the AArch32 opcodes have a different OPC1. + */ + { .name = "CFPRCTX", .state = ARM_CP_STATE_AA32, + .cp = 15, .opc1 = 0, .crn = 7, .crm = 3, .opc2 = 4, + .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv }, + { .name = "DVPRCTX", .state = ARM_CP_STATE_AA32, + .cp = 15, .opc1 = 0, .crn = 7, .crm = 3, .opc2 = 5, + .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv }, + { .name = "CPPRCTX", .state = ARM_CP_STATE_AA32, + .cp = 15, .opc1 = 0, .crn = 7, .crm = 3, .opc2 = 7, + .type = ARM_CP_NOP, .access = PL0_W, .accessfn = access_predinv }, + REGINFO_SENTINEL +}; + void register_cp_regs_for_features(ARMCPU *cpu) { /* Register all the coprocessor registers based on feature bits */ @@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu) define_arm_cp_regs(cpu, pauth_reginfo); } #endif + + /* + * While all v8.0 cpus support aarch64, QEMU does have configurations + * that do not set ID_AA64ISAR1, e.g. user-only qemu-arm -cpu max, + * which will set ID_ISAR6. + */ + if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64) + ? cpu_isar_feature(aa64_predinv, cpu) + : cpu_isar_feature(aa32_predinv, cpu)) { + define_arm_cp_regs(cpu, predinv_reginfo); + } } void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu) -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> The EL0+UMA check is unique to DAIF. While SPSel had avoided the check by nature of already checking EL >= 1, the other post v8.0 extensions to MSR (imm) allow EL0 and do not require UMA. Avoid the unconditional write to pc and use raise_exception_ra to unwind. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190301200501.16533-5-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/helper-a64.h | 3 +++ target/arm/helper.h | 1 - target/arm/internals.h | 15 ++++++++++++++ target/arm/helper-a64.c | 30 +++++++++++++++++++++++++++ target/arm/op_helper.c | 42 -------------------------------------- target/arm/translate-a64.c | 41 ++++++++++++++++++++++--------------- 6 files changed, 73 insertions(+), 59 deletions(-) diff --git a/target/arm/helper-a64.h b/target/arm/helper-a64.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper-a64.h +++ b/target/arm/helper-a64.h @@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_2(udiv64, TCG_CALL_NO_RWG_SE, i64, i64, i64) DEF_HELPER_FLAGS_2(sdiv64, TCG_CALL_NO_RWG_SE, s64, s64, s64) DEF_HELPER_FLAGS_1(rbit64, TCG_CALL_NO_RWG_SE, i64, i64) +DEF_HELPER_2(msr_i_spsel, void, env, i32) +DEF_HELPER_2(msr_i_daifset, void, env, i32) +DEF_HELPER_2(msr_i_daifclear, void, env, i32) DEF_HELPER_3(vfp_cmph_a64, i64, f16, f16, ptr) DEF_HELPER_3(vfp_cmpeh_a64, i64, f16, f16, ptr) DEF_HELPER_3(vfp_cmps_a64, i64, f32, f32, ptr) diff --git a/target/arm/helper.h b/target/arm/helper.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(get_cp_reg, i32, env, ptr) DEF_HELPER_3(set_cp_reg64, void, env, ptr, i64) DEF_HELPER_2(get_cp_reg64, i64, env, ptr) -DEF_HELPER_3(msr_i_pstate, void, env, i32, i32) DEF_HELPER_1(clear_pstate_ss, void, env) DEF_HELPER_2(get_r13_banked, i32, env, i32) diff --git a/target/arm/internals.h b/target/arm/internals.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters_both(CPUARMState *env, uint64_t va, ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va, ARMMMUIdx mmu_idx, bool data); +static inline int exception_target_el(CPUARMState *env) +{ + int target_el = MAX(1, arm_current_el(env)); + + /* + * No such thing as secure EL1 if EL3 is aarch32, + * so update the target EL to EL3 in this case. + */ + if (arm_is_secure(env) && !arm_el_is_aa64(env, 3) && target_el == 1) { + target_el = 3; + } + + return target_el; +} + #endif diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper-a64.c +++ b/target/arm/helper-a64.c @@ -XXX,XX +XXX,XX @@ uint64_t HELPER(rbit64)(uint64_t x) return revbit64(x); } +void HELPER(msr_i_spsel)(CPUARMState *env, uint32_t imm) +{ + update_spsel(env, imm); +} + +static void daif_check(CPUARMState *env, uint32_t op, + uint32_t imm, uintptr_t ra) +{ + /* DAIF update to PSTATE. This is OK from EL0 only if UMA is set. */ + if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UMA)) { + raise_exception_ra(env, EXCP_UDEF, + syn_aa64_sysregtrap(0, extract32(op, 0, 3), + extract32(op, 3, 3), 4, + imm, 0x1f, 0), + exception_target_el(env), ra); + } +} + +void HELPER(msr_i_daifset)(CPUARMState *env, uint32_t imm) +{ + daif_check(env, 0x1e, imm, GETPC()); + env->daif |= (imm << 6) & PSTATE_DAIF; +} + +void HELPER(msr_i_daifclear)(CPUARMState *env, uint32_t imm) +{ + daif_check(env, 0x1f, imm, GETPC()); + env->daif &= ~((imm << 6) & PSTATE_DAIF); +} + /* Convert a softfloat float_relation_ (as returned by * the float*_compare functions) to the correct ARM * NZCV flag state. diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -XXX,XX +XXX,XX @@ void raise_exception_ra(CPUARMState *env, uint32_t excp, uint32_t syndrome, cpu_loop_exit_restore(cs, ra); } -static int exception_target_el(CPUARMState *env) -{ - int target_el = MAX(1, arm_current_el(env)); - - /* No such thing as secure EL1 if EL3 is aarch32, so update the target EL - * to EL3 in this case. - */ - if (arm_is_secure(env) && !arm_el_is_aa64(env, 3) && target_el == 1) { - target_el = 3; - } - - return target_el; -} - uint32_t HELPER(neon_tbl)(uint32_t ireg, uint32_t def, void *vn, uint32_t maxindex) { @@ -XXX,XX +XXX,XX @@ uint64_t HELPER(get_cp_reg64)(CPUARMState *env, void *rip) return res; } -void HELPER(msr_i_pstate)(CPUARMState *env, uint32_t op, uint32_t imm) -{ - /* MSR_i to update PSTATE. This is OK from EL0 only if UMA is set. - * Note that SPSel is never OK from EL0; we rely on handle_msr_i() - * to catch that case at translate time. - */ - if (arm_current_el(env) == 0 && !(env->cp15.sctlr_el[1] & SCTLR_UMA)) { - uint32_t syndrome = syn_aa64_sysregtrap(0, extract32(op, 0, 3), - extract32(op, 3, 3), 4, - imm, 0x1f, 0); - raise_exception(env, EXCP_UDEF, syndrome, exception_target_el(env)); - } - - switch (op) { - case 0x05: /* SPSel */ - update_spsel(env, imm); - break; - case 0x1e: /* DAIFSet */ - env->daif |= (imm << 6) & PSTATE_DAIF; - break; - case 0x1f: /* DAIFClear */ - env->daif &= ~((imm << 6) & PSTATE_DAIF); - break; - default: - g_assert_not_reached(); - } -} - void HELPER(clear_pstate_ss)(CPUARMState *env) { env->pstate &= ~PSTATE_SS; diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void handle_sync(DisasContext *s, uint32_t insn, static void handle_msr_i(DisasContext *s, uint32_t insn, unsigned int op1, unsigned int op2, unsigned int crm) { + TCGv_i32 t1; int op = op1 << 3 | op2; + + /* End the TB by default, chaining is ok. */ + s->base.is_jmp = DISAS_TOO_MANY; + switch (op) { case 0x05: /* SPSel */ if (s->current_el == 0) { - unallocated_encoding(s); - return; + goto do_unallocated; } - /* fall through */ - case 0x1e: /* DAIFSet */ - case 0x1f: /* DAIFClear */ - { - TCGv_i32 tcg_imm = tcg_const_i32(crm); - TCGv_i32 tcg_op = tcg_const_i32(op); - gen_a64_set_pc_im(s->pc - 4); - gen_helper_msr_i_pstate(cpu_env, tcg_op, tcg_imm); - tcg_temp_free_i32(tcg_imm); - tcg_temp_free_i32(tcg_op); - /* For DAIFClear, exit the cpu loop to re-evaluate pending IRQs. */ - gen_a64_set_pc_im(s->pc); - s->base.is_jmp = (op == 0x1f ? DISAS_EXIT : DISAS_JUMP); + t1 = tcg_const_i32(crm & PSTATE_SP); + gen_helper_msr_i_spsel(cpu_env, t1); + tcg_temp_free_i32(t1); break; - } + + case 0x1e: /* DAIFSet */ + t1 = tcg_const_i32(crm); + gen_helper_msr_i_daifset(cpu_env, t1); + tcg_temp_free_i32(t1); + break; + + case 0x1f: /* DAIFClear */ + t1 = tcg_const_i32(crm); + gen_helper_msr_i_daifclear(cpu_env, t1); + tcg_temp_free_i32(t1); + /* For DAIFClear, exit the cpu loop to re-evaluate pending IRQs. */ + s->base.is_jmp = DISAS_UPDATE; + break; + default: + do_unallocated: unallocated_encoding(s); return; } -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> We do not need an out-of-line helper for manipulating bits in pstate. While changing things, share the implementation of gen_ss_advance. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190301200501.16533-6-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/helper.h | 2 -- target/arm/translate.h | 34 ++++++++++++++++++++++++++++++++++ target/arm/op_helper.c | 5 ----- target/arm/translate-a64.c | 11 ----------- target/arm/translate.c | 11 ----------- 5 files changed, 34 insertions(+), 29 deletions(-) diff --git a/target/arm/helper.h b/target/arm/helper.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(get_cp_reg, i32, env, ptr) DEF_HELPER_3(set_cp_reg64, void, env, ptr, i64) DEF_HELPER_2(get_cp_reg64, i64, env, ptr) -DEF_HELPER_1(clear_pstate_ss, void, env) - DEF_HELPER_2(get_r13_banked, i32, env, i32) DEF_HELPER_3(set_r13_banked, void, env, i32, i32) diff --git a/target/arm/translate.h b/target/arm/translate.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate.h +++ b/target/arm/translate.h @@ -XXX,XX +XXX,XX @@ static inline TCGv_i32 get_ahp_flag(void) return ret; } +/* Set bits within PSTATE. */ +static inline void set_pstate_bits(uint32_t bits) +{ + TCGv_i32 p = tcg_temp_new_i32(); + + tcg_debug_assert(!(bits & CACHED_PSTATE_BITS)); + + tcg_gen_ld_i32(p, cpu_env, offsetof(CPUARMState, pstate)); + tcg_gen_ori_i32(p, p, bits); + tcg_gen_st_i32(p, cpu_env, offsetof(CPUARMState, pstate)); + tcg_temp_free_i32(p); +} + +/* Clear bits within PSTATE. */ +static inline void clear_pstate_bits(uint32_t bits) +{ + TCGv_i32 p = tcg_temp_new_i32(); + + tcg_debug_assert(!(bits & CACHED_PSTATE_BITS)); + + tcg_gen_ld_i32(p, cpu_env, offsetof(CPUARMState, pstate)); + tcg_gen_andi_i32(p, p, ~bits); + tcg_gen_st_i32(p, cpu_env, offsetof(CPUARMState, pstate)); + tcg_temp_free_i32(p); +} + +/* If the singlestep state is Active-not-pending, advance to Active-pending. */ +static inline void gen_ss_advance(DisasContext *s) +{ + if (s->ss_active) { + s->pstate_ss = 0; + clear_pstate_bits(PSTATE_SS); + } +} /* Vector operations shared between ARM and AArch64. */ extern const GVecGen3 bsl_op; diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -XXX,XX +XXX,XX @@ uint64_t HELPER(get_cp_reg64)(CPUARMState *env, void *rip) return res; } -void HELPER(clear_pstate_ss)(CPUARMState *env) -{ - env->pstate &= ~PSTATE_SS; -} - void HELPER(pre_hvc)(CPUARMState *env) { ARMCPU *cpu = arm_env_get_cpu(env); diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, int offset, s->base.is_jmp = DISAS_NORETURN; } -static void gen_ss_advance(DisasContext *s) -{ - /* If the singlestep state is Active-not-pending, advance to - * Active-pending. - */ - if (s->ss_active) { - s->pstate_ss = 0; - gen_helper_clear_pstate_ss(cpu_env); - } -} - static void gen_step_complete_exception(DisasContext *s) { /* We just completed step of an insn. Move from Active-not-pending diff --git a/target/arm/translate.c b/target/arm/translate.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -XXX,XX +XXX,XX @@ static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el) tcg_temp_free_i32(tcg_excp); } -static void gen_ss_advance(DisasContext *s) -{ - /* If the singlestep state is Active-not-pending, advance to - * Active-pending. - */ - if (s->ss_active) { - s->pstate_ss = 0; - gen_helper_clear_pstate_ss(cpu_env); - } -} - static void gen_step_complete_exception(DisasContext *s) { /* We just completed step of an insn. Move from Active-not-pending -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> This decoding more closely matches the ARMv8.4 Table C4-6, Encoding table for Data Processing - Register Group. In particular, op2 == 0 is now more than just Add/sub (with carry). Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190301200501.16533-7-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/translate-a64.c | 98 ++++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 41 deletions(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void disas_data_proc_3src(DisasContext *s, uint32_t insn) } /* Add/subtract (with carry) - * 31 30 29 28 27 26 25 24 23 22 21 20 16 15 10 9 5 4 0 - * +--+--+--+------------------------+------+---------+------+-----+ - * |sf|op| S| 1 1 0 1 0 0 0 0 | rm | opcode2 | Rn | Rd | - * +--+--+--+------------------------+------+---------+------+-----+ - * [000000] + * 31 30 29 28 27 26 25 24 23 22 21 20 16 15 10 9 5 4 0 + * +--+--+--+------------------------+------+-------------+------+-----+ + * |sf|op| S| 1 1 0 1 0 0 0 0 | rm | 0 0 0 0 0 0 | Rn | Rd | + * +--+--+--+------------------------+------+-------------+------+-----+ */ static void disas_adc_sbc(DisasContext *s, uint32_t insn) @@ -XXX,XX +XXX,XX @@ static void disas_adc_sbc(DisasContext *s, uint32_t insn) unsigned int sf, op, setflags, rm, rn, rd; TCGv_i64 tcg_y, tcg_rn, tcg_rd; - if (extract32(insn, 10, 6) != 0) { - unallocated_encoding(s); - return; - } - sf = extract32(insn, 31, 1); op = extract32(insn, 30, 1); setflags = extract32(insn, 29, 1); @@ -XXX,XX +XXX,XX @@ static void disas_data_proc_2src(DisasContext *s, uint32_t insn) } } -/* Data processing - register */ +/* + * Data processing - register + * 31 30 29 28 25 21 20 16 10 0 + * +--+---+--+---+-------+-----+-------+-------+---------+ + * | |op0| |op1| 1 0 1 | op2 | | op3 | | + * +--+---+--+---+-------+-----+-------+-------+---------+ + */ static void disas_data_proc_reg(DisasContext *s, uint32_t insn) { - switch (extract32(insn, 24, 5)) { - case 0x0a: /* Logical (shifted register) */ - disas_logic_reg(s, insn); - break; - case 0x0b: /* Add/subtract */ - if (insn & (1 << 21)) { /* (extended register) */ - disas_add_sub_ext_reg(s, insn); + int op0 = extract32(insn, 30, 1); + int op1 = extract32(insn, 28, 1); + int op2 = extract32(insn, 21, 4); + int op3 = extract32(insn, 10, 6); + + if (!op1) { + if (op2 & 8) { + if (op2 & 1) { + /* Add/sub (extended register) */ + disas_add_sub_ext_reg(s, insn); + } else { + /* Add/sub (shifted register) */ + disas_add_sub_reg(s, insn); + } } else { - disas_add_sub_reg(s, insn); + /* Logical (shifted register) */ + disas_logic_reg(s, insn); } - break; - case 0x1b: /* Data-processing (3 source) */ - disas_data_proc_3src(s, insn); - break; - case 0x1a: - switch (extract32(insn, 21, 3)) { - case 0x0: /* Add/subtract (with carry) */ + return; + } + + switch (op2) { + case 0x0: + switch (op3) { + case 0x00: /* Add/subtract (with carry) */ disas_adc_sbc(s, insn); break; - case 0x2: /* Conditional compare */ - disas_cc(s, insn); /* both imm and reg forms */ - break; - case 0x4: /* Conditional select */ - disas_cond_select(s, insn); - break; - case 0x6: /* Data-processing */ - if (insn & (1 << 30)) { /* (1 source) */ - disas_data_proc_1src(s, insn); - } else { /* (2 source) */ - disas_data_proc_2src(s, insn); - } - break; + default: - unallocated_encoding(s); - break; + goto do_unallocated; } break; + + case 0x2: /* Conditional compare */ + disas_cc(s, insn); /* both imm and reg forms */ + break; + + case 0x4: /* Conditional select */ + disas_cond_select(s, insn); + break; + + case 0x6: /* Data-processing */ + if (op0) { /* (1 source) */ + disas_data_proc_1src(s, insn); + } else { /* (2 source) */ + disas_data_proc_2src(s, insn); + } + break; + case 0x8 ... 0xf: /* (3 source) */ + disas_data_proc_3src(s, insn); + break; + default: + do_unallocated: unallocated_encoding(s); break; } -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190301200501.16533-8-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: fixed up block comment style] Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 5 ++ linux-user/elfload.c | 1 + target/arm/cpu64.c | 1 + target/arm/translate-a64.c | 99 +++++++++++++++++++++++++++++++++++++- 4 files changed, 105 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_fhm(const ARMISARegisters *id) return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, FHM) != 0; } +static inline bool isar_feature_aa64_condm_4(const ARMISARegisters *id) +{ + return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TS) != 0; +} + static inline bool isar_feature_aa64_jscvt(const ARMISARegisters *id) { return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, JSCVT) != 0; diff --git a/linux-user/elfload.c b/linux-user/elfload.c index XXXXXXX..XXXXXXX 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -XXX,XX +XXX,XX @@ static uint32_t get_elf_hwcap(void) GET_FEATURE_ID(aa64_fhm, ARM_HWCAP_A64_ASIMDFHM); GET_FEATURE_ID(aa64_jscvt, ARM_HWCAP_A64_JSCVT); GET_FEATURE_ID(aa64_sb, ARM_HWCAP_A64_SB); + GET_FEATURE_ID(aa64_condm_4, ARM_HWCAP_A64_FLAGM); #undef GET_FEATURE_ID diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) t = FIELD_DP64(t, ID_AA64ISAR0, SM4, 1); t = FIELD_DP64(t, ID_AA64ISAR0, DP, 1); t = FIELD_DP64(t, ID_AA64ISAR0, FHM, 1); + t = FIELD_DP64(t, ID_AA64ISAR0, TS, 1); cpu->isar.id_aa64isar0 = t; t = cpu->isar.id_aa64isar1; diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void handle_msr_i(DisasContext *s, uint32_t insn, s->base.is_jmp = DISAS_TOO_MANY; switch (op) { + case 0x00: /* CFINV */ + if (crm != 0 || !dc_isar_feature(aa64_condm_4, s)) { + goto do_unallocated; + } + tcg_gen_xori_i32(cpu_CF, cpu_CF, 1); + s->base.is_jmp = DISAS_NEXT; + break; + case 0x05: /* SPSel */ if (s->current_el == 0) { goto do_unallocated; @@ -XXX,XX +XXX,XX @@ static void gen_get_nzcv(TCGv_i64 tcg_rt) } static void gen_set_nzcv(TCGv_i64 tcg_rt) - { TCGv_i32 nzcv = tcg_temp_new_i32(); @@ -XXX,XX +XXX,XX @@ static void disas_adc_sbc(DisasContext *s, uint32_t insn) } } +/* + * Rotate right into flags + * 31 30 29 21 15 10 5 4 0 + * +--+--+--+-----------------+--------+-----------+------+--+------+ + * |sf|op| S| 1 1 0 1 0 0 0 0 | imm6 | 0 0 0 0 1 | Rn |o2| mask | + * +--+--+--+-----------------+--------+-----------+------+--+------+ + */ +static void disas_rotate_right_into_flags(DisasContext *s, uint32_t insn) +{ + int mask = extract32(insn, 0, 4); + int o2 = extract32(insn, 4, 1); + int rn = extract32(insn, 5, 5); + int imm6 = extract32(insn, 15, 6); + int sf_op_s = extract32(insn, 29, 3); + TCGv_i64 tcg_rn; + TCGv_i32 nzcv; + + if (sf_op_s != 5 || o2 != 0 || !dc_isar_feature(aa64_condm_4, s)) { + unallocated_encoding(s); + return; + } + + tcg_rn = read_cpu_reg(s, rn, 1); + tcg_gen_rotri_i64(tcg_rn, tcg_rn, imm6); + + nzcv = tcg_temp_new_i32(); + tcg_gen_extrl_i64_i32(nzcv, tcg_rn); + + if (mask & 8) { /* N */ + tcg_gen_shli_i32(cpu_NF, nzcv, 31 - 3); + } + if (mask & 4) { /* Z */ + tcg_gen_not_i32(cpu_ZF, nzcv); + tcg_gen_andi_i32(cpu_ZF, cpu_ZF, 4); + } + if (mask & 2) { /* C */ + tcg_gen_extract_i32(cpu_CF, nzcv, 1, 1); + } + if (mask & 1) { /* V */ + tcg_gen_shli_i32(cpu_VF, nzcv, 31 - 0); + } + + tcg_temp_free_i32(nzcv); +} + +/* + * Evaluate into flags + * 31 30 29 21 15 14 10 5 4 0 + * +--+--+--+-----------------+---------+----+---------+------+--+------+ + * |sf|op| S| 1 1 0 1 0 0 0 0 | opcode2 | sz | 0 0 1 0 | Rn |o3| mask | + * +--+--+--+-----------------+---------+----+---------+------+--+------+ + */ +static void disas_evaluate_into_flags(DisasContext *s, uint32_t insn) +{ + int o3_mask = extract32(insn, 0, 5); + int rn = extract32(insn, 5, 5); + int o2 = extract32(insn, 15, 6); + int sz = extract32(insn, 14, 1); + int sf_op_s = extract32(insn, 29, 3); + TCGv_i32 tmp; + int shift; + + if (sf_op_s != 1 || o2 != 0 || o3_mask != 0xd || + !dc_isar_feature(aa64_condm_4, s)) { + unallocated_encoding(s); + return; + } + shift = sz ? 16 : 24; /* SETF16 or SETF8 */ + + tmp = tcg_temp_new_i32(); + tcg_gen_extrl_i64_i32(tmp, cpu_reg(s, rn)); + tcg_gen_shli_i32(cpu_NF, tmp, shift); + tcg_gen_shli_i32(cpu_VF, tmp, shift - 1); + tcg_gen_mov_i32(cpu_ZF, cpu_NF); + tcg_gen_xor_i32(cpu_VF, cpu_VF, cpu_NF); + tcg_temp_free_i32(tmp); +} + /* Conditional compare (immediate / register) * 31 30 29 28 27 26 25 24 23 22 21 20 16 15 12 11 10 9 5 4 3 0 * +--+--+--+------------------------+--------+------+----+--+------+--+-----+ @@ -XXX,XX +XXX,XX @@ static void disas_data_proc_reg(DisasContext *s, uint32_t insn) disas_adc_sbc(s, insn); break; + case 0x01: /* Rotate right into flags */ + case 0x21: + disas_rotate_right_into_flags(s, insn); + break; + + case 0x02: /* Evaluate into flags */ + case 0x12: + case 0x22: + case 0x32: + disas_evaluate_into_flags(s, insn); + break; + default: goto do_unallocated; } -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190301200501.16533-9-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 5 ++++ target/arm/cpu64.c | 2 +- target/arm/translate-a64.c | 58 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 64 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_condm_4(const ARMISARegisters *id) return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TS) != 0; } +static inline bool isar_feature_aa64_condm_5(const ARMISARegisters *id) +{ + return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TS) >= 2; +} + static inline bool isar_feature_aa64_jscvt(const ARMISARegisters *id) { return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, JSCVT) != 0; diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) t = FIELD_DP64(t, ID_AA64ISAR0, SM4, 1); t = FIELD_DP64(t, ID_AA64ISAR0, DP, 1); t = FIELD_DP64(t, ID_AA64ISAR0, FHM, 1); - t = FIELD_DP64(t, ID_AA64ISAR0, TS, 1); + t = FIELD_DP64(t, ID_AA64ISAR0, TS, 2); /* v8.5-CondM */ cpu->isar.id_aa64isar0 = t; t = cpu->isar.id_aa64isar1; diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void handle_sync(DisasContext *s, uint32_t insn, } } +static void gen_xaflag(void) +{ + TCGv_i32 z = tcg_temp_new_i32(); + + tcg_gen_setcondi_i32(TCG_COND_EQ, z, cpu_ZF, 0); + + /* + * (!C & !Z) << 31 + * (!(C | Z)) << 31 + * ~((C | Z) << 31) + * ~-(C | Z) + * (C | Z) - 1 + */ + tcg_gen_or_i32(cpu_NF, cpu_CF, z); + tcg_gen_subi_i32(cpu_NF, cpu_NF, 1); + + /* !(Z & C) */ + tcg_gen_and_i32(cpu_ZF, z, cpu_CF); + tcg_gen_xori_i32(cpu_ZF, cpu_ZF, 1); + + /* (!C & Z) << 31 -> -(Z & ~C) */ + tcg_gen_andc_i32(cpu_VF, z, cpu_CF); + tcg_gen_neg_i32(cpu_VF, cpu_VF); + + /* C | Z */ + tcg_gen_or_i32(cpu_CF, cpu_CF, z); + + tcg_temp_free_i32(z); +} + +static void gen_axflag(void) +{ + tcg_gen_sari_i32(cpu_VF, cpu_VF, 31); /* V ? -1 : 0 */ + tcg_gen_andc_i32(cpu_CF, cpu_CF, cpu_VF); /* C & !V */ + + /* !(Z | V) -> !(!ZF | V) -> ZF & !V -> ZF & ~VF */ + tcg_gen_andc_i32(cpu_ZF, cpu_ZF, cpu_VF); + + tcg_gen_movi_i32(cpu_NF, 0); + tcg_gen_movi_i32(cpu_VF, 0); +} + /* MSR (immediate) - move immediate to processor state field */ static void handle_msr_i(DisasContext *s, uint32_t insn, unsigned int op1, unsigned int op2, unsigned int crm) @@ -XXX,XX +XXX,XX @@ static void handle_msr_i(DisasContext *s, uint32_t insn, s->base.is_jmp = DISAS_NEXT; break; + case 0x01: /* XAFlag */ + if (crm != 0 || !dc_isar_feature(aa64_condm_5, s)) { + goto do_unallocated; + } + gen_xaflag(); + s->base.is_jmp = DISAS_NEXT; + break; + + case 0x02: /* AXFlag */ + if (crm != 0 || !dc_isar_feature(aa64_condm_5, s)) { + goto do_unallocated; + } + gen_axflag(); + s->base.is_jmp = DISAS_NEXT; + break; + case 0x05: /* SPSel */ if (s->current_el == 0) { goto do_unallocated; -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> This will allow sharing code that adjusts rmode beyond the existing users. Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190301200501.16533-10-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/translate-a64.c | 90 +++++++++++++++++++++----------------- 1 file changed, 49 insertions(+), 41 deletions(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_half(DisasContext *s, int opcode, int rd, int rn) /* Floating-point data-processing (1 source) - single precision */ static void handle_fp_1src_single(DisasContext *s, int opcode, int rd, int rn) { + void (*gen_fpst)(TCGv_i32, TCGv_i32, TCGv_ptr); + TCGv_i32 tcg_op, tcg_res; TCGv_ptr fpst; - TCGv_i32 tcg_op; - TCGv_i32 tcg_res; + int rmode = -1; - fpst = get_fpstatus_ptr(false); tcg_op = read_fp_sreg(s, rn); tcg_res = tcg_temp_new_i32(); switch (opcode) { case 0x0: /* FMOV */ tcg_gen_mov_i32(tcg_res, tcg_op); - break; + goto done; case 0x1: /* FABS */ gen_helper_vfp_abss(tcg_res, tcg_op); - break; + goto done; case 0x2: /* FNEG */ gen_helper_vfp_negs(tcg_res, tcg_op); - break; + goto done; case 0x3: /* FSQRT */ gen_helper_vfp_sqrts(tcg_res, tcg_op, cpu_env); - break; + goto done; case 0x8: /* FRINTN */ case 0x9: /* FRINTP */ case 0xa: /* FRINTM */ case 0xb: /* FRINTZ */ case 0xc: /* FRINTA */ - { - TCGv_i32 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(opcode & 7)); - - gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst); - gen_helper_rints(tcg_res, tcg_op, fpst); - - gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst); - tcg_temp_free_i32(tcg_rmode); + rmode = arm_rmode_to_sf(opcode & 7); + gen_fpst = gen_helper_rints; break; - } case 0xe: /* FRINTX */ - gen_helper_rints_exact(tcg_res, tcg_op, fpst); + gen_fpst = gen_helper_rints_exact; break; case 0xf: /* FRINTI */ - gen_helper_rints(tcg_res, tcg_op, fpst); + gen_fpst = gen_helper_rints; break; default: - abort(); + g_assert_not_reached(); } - write_fp_sreg(s, rd, tcg_res); - + fpst = get_fpstatus_ptr(false); + if (rmode >= 0) { + TCGv_i32 tcg_rmode = tcg_const_i32(rmode); + gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst); + gen_fpst(tcg_res, tcg_op, fpst); + gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst); + tcg_temp_free_i32(tcg_rmode); + } else { + gen_fpst(tcg_res, tcg_op, fpst); + } tcg_temp_free_ptr(fpst); + + done: + write_fp_sreg(s, rd, tcg_res); tcg_temp_free_i32(tcg_op); tcg_temp_free_i32(tcg_res); } @@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_single(DisasContext *s, int opcode, int rd, int rn) /* Floating-point data-processing (1 source) - double precision */ static void handle_fp_1src_double(DisasContext *s, int opcode, int rd, int rn) { + void (*gen_fpst)(TCGv_i64, TCGv_i64, TCGv_ptr); + TCGv_i64 tcg_op, tcg_res; TCGv_ptr fpst; - TCGv_i64 tcg_op; - TCGv_i64 tcg_res; + int rmode = -1; switch (opcode) { case 0x0: /* FMOV */ @@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_double(DisasContext *s, int opcode, int rd, int rn) return; } - fpst = get_fpstatus_ptr(false); tcg_op = read_fp_dreg(s, rn); tcg_res = tcg_temp_new_i64(); switch (opcode) { case 0x1: /* FABS */ gen_helper_vfp_absd(tcg_res, tcg_op); - break; + goto done; case 0x2: /* FNEG */ gen_helper_vfp_negd(tcg_res, tcg_op); - break; + goto done; case 0x3: /* FSQRT */ gen_helper_vfp_sqrtd(tcg_res, tcg_op, cpu_env); - break; + goto done; case 0x8: /* FRINTN */ case 0x9: /* FRINTP */ case 0xa: /* FRINTM */ case 0xb: /* FRINTZ */ case 0xc: /* FRINTA */ - { - TCGv_i32 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(opcode & 7)); - - gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst); - gen_helper_rintd(tcg_res, tcg_op, fpst); - - gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst); - tcg_temp_free_i32(tcg_rmode); + rmode = arm_rmode_to_sf(opcode & 7); + gen_fpst = gen_helper_rintd; break; - } case 0xe: /* FRINTX */ - gen_helper_rintd_exact(tcg_res, tcg_op, fpst); + gen_fpst = gen_helper_rintd_exact; break; case 0xf: /* FRINTI */ - gen_helper_rintd(tcg_res, tcg_op, fpst); + gen_fpst = gen_helper_rintd; break; default: - abort(); + g_assert_not_reached(); } - write_fp_dreg(s, rd, tcg_res); - + fpst = get_fpstatus_ptr(false); + if (rmode >= 0) { + TCGv_i32 tcg_rmode = tcg_const_i32(rmode); + gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst); + gen_fpst(tcg_res, tcg_op, fpst); + gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst); + tcg_temp_free_i32(tcg_rmode); + } else { + gen_fpst(tcg_res, tcg_op, fpst); + } tcg_temp_free_ptr(fpst); + + done: + write_fp_dreg(s, rd, tcg_res); tcg_temp_free_i64(tcg_op); tcg_temp_free_i64(tcg_res); } -- 2.20.1 From: Richard Henderson <richard.henderson@linaro.org> Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190301200501.16533-11-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu.h | 5 ++ target/arm/helper.h | 5 ++ target/arm/cpu64.c | 1 + target/arm/translate-a64.c | 71 ++++++++++++++++++++++++++-- target/arm/vfp_helper.c | 96 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 173 insertions(+), 5 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_predinv(const ARMISARegisters *id) return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, SPECRES) != 0; } +static inline bool isar_feature_aa64_frint(const ARMISARegisters *id) +{ + return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, FRINTTS) != 0; +} + static inline bool isar_feature_aa64_fp16(const ARMISARegisters *id) { /* We always set the AdvSIMD and FP fields identically wrt FP16. */ diff --git a/target/arm/helper.h b/target/arm/helper.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_5(gvec_fmlal_idx_a32, TCG_CALL_NO_RWG, DEF_HELPER_FLAGS_5(gvec_fmlal_idx_a64, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32) +DEF_HELPER_FLAGS_2(frint32_s, TCG_CALL_NO_RWG, f32, f32, ptr) +DEF_HELPER_FLAGS_2(frint64_s, TCG_CALL_NO_RWG, f32, f32, ptr) +DEF_HELPER_FLAGS_2(frint32_d, TCG_CALL_NO_RWG, f64, f64, ptr) +DEF_HELPER_FLAGS_2(frint64_d, TCG_CALL_NO_RWG, f64, f64, ptr) + #ifdef TARGET_AARCH64 #include "helper-a64.h" #include "helper-sve.h" diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj) t = FIELD_DP64(t, ID_AA64ISAR1, GPI, 0); t = FIELD_DP64(t, ID_AA64ISAR1, SB, 1); t = FIELD_DP64(t, ID_AA64ISAR1, SPECRES, 1); + t = FIELD_DP64(t, ID_AA64ISAR1, FRINTTS, 1); cpu->isar.id_aa64isar1 = t; t = cpu->isar.id_aa64pfr0; diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_single(DisasContext *s, int opcode, int rd, int rn) case 0xf: /* FRINTI */ gen_fpst = gen_helper_rints; break; + case 0x10: /* FRINT32Z */ + rmode = float_round_to_zero; + gen_fpst = gen_helper_frint32_s; + break; + case 0x11: /* FRINT32X */ + gen_fpst = gen_helper_frint32_s; + break; + case 0x12: /* FRINT64Z */ + rmode = float_round_to_zero; + gen_fpst = gen_helper_frint64_s; + break; + case 0x13: /* FRINT64X */ + gen_fpst = gen_helper_frint64_s; + break; default: g_assert_not_reached(); } @@ -XXX,XX +XXX,XX @@ static void handle_fp_1src_double(DisasContext *s, int opcode, int rd, int rn) case 0xf: /* FRINTI */ gen_fpst = gen_helper_rintd; break; + case 0x10: /* FRINT32Z */ + rmode = float_round_to_zero; + gen_fpst = gen_helper_frint32_d; + break; + case 0x11: /* FRINT32X */ + gen_fpst = gen_helper_frint32_d; + break; + case 0x12: /* FRINT64Z */ + rmode = float_round_to_zero; + gen_fpst = gen_helper_frint64_d; + break; + case 0x13: /* FRINT64X */ + gen_fpst = gen_helper_frint64_d; + break; default: g_assert_not_reached(); } @@ -XXX,XX +XXX,XX @@ static void disas_fp_1src(DisasContext *s, uint32_t insn) handle_fp_fcvt(s, opcode, rd, rn, dtype, type); break; } + + case 0x10 ... 0x13: /* FRINT{32,64}{X,Z} */ + if (type > 1 || !dc_isar_feature(aa64_frint, s)) { + unallocated_encoding(s); + return; + } + /* fall through */ case 0x0 ... 0x3: case 0x8 ... 0xc: case 0xe ... 0xf: @@ -XXX,XX +XXX,XX @@ static void disas_fp_1src(DisasContext *s, uint32_t insn) if (!fp_access_check(s)) { return; } - handle_fp_1src_single(s, opcode, rd, rn); break; case 1: if (!fp_access_check(s)) { return; } - handle_fp_1src_double(s, opcode, rd, rn); break; case 3: @@ -XXX,XX +XXX,XX @@ static void disas_fp_1src(DisasContext *s, uint32_t insn) if (!fp_access_check(s)) { return; } - handle_fp_1src_half(s, opcode, rd, rn); break; default: unallocated_encoding(s); } break; + default: unallocated_encoding(s); break; @@ -XXX,XX +XXX,XX @@ static void handle_2misc_64(DisasContext *s, int opcode, bool u, case 0x59: /* FRINTX */ gen_helper_rintd_exact(tcg_rd, tcg_rn, tcg_fpstatus); break; + case 0x1e: /* FRINT32Z */ + case 0x5e: /* FRINT32X */ + gen_helper_frint32_d(tcg_rd, tcg_rn, tcg_fpstatus); + break; + case 0x1f: /* FRINT64Z */ + case 0x5f: /* FRINT64X */ + gen_helper_frint64_d(tcg_rd, tcg_rn, tcg_fpstatus); + break; default: g_assert_not_reached(); } @@ -XXX,XX +XXX,XX @@ static void disas_simd_two_reg_misc(DisasContext *s, uint32_t insn) } break; case 0xc ... 0xf: - case 0x16 ... 0x1d: - case 0x1f: + case 0x16 ... 0x1f: { /* Floating point: U, size[1] and opcode indicate operation; * size[0] indicates single or double precision. @@ -XXX,XX +XXX,XX @@ static void disas_simd_two_reg_misc(DisasContext *s, uint32_t insn) } need_fpstatus = true; break; + case 0x1e: /* FRINT32Z */ + case 0x1f: /* FRINT64Z */ + need_rmode = true; + rmode = FPROUNDING_ZERO; + /* fall through */ + case 0x5e: /* FRINT32X */ + case 0x5f: /* FRINT64X */ + need_fpstatus = true; + if ((size == 3 && !is_q) || !dc_isar_feature(aa64_frint, s)) { + unallocated_encoding(s); + return; + } + break; default: unallocated_encoding(s); return; @@ -XXX,XX +XXX,XX @@ static void disas_simd_two_reg_misc(DisasContext *s, uint32_t insn) case 0x7c: /* URSQRTE */ gen_helper_rsqrte_u32(tcg_res, tcg_op, tcg_fpstatus); break; + case 0x1e: /* FRINT32Z */ + case 0x5e: /* FRINT32X */ + gen_helper_frint32_s(tcg_res, tcg_op, tcg_fpstatus); + break; + case 0x1f: /* FRINT64Z */ + case 0x5f: /* FRINT64X */ + gen_helper_frint64_s(tcg_res, tcg_op, tcg_fpstatus); + break; default: g_assert_not_reached(); } diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/vfp_helper.c +++ b/target/arm/vfp_helper.c @@ -XXX,XX +XXX,XX @@ uint32_t HELPER(vjcvt)(float64 value, CPUARMState *env) return result; } + +/* Round a float32 to an integer that fits in int32_t or int64_t. */ +static float32 frint_s(float32 f, float_status *fpst, int intsize) +{ + int old_flags = get_float_exception_flags(fpst); + uint32_t exp = extract32(f, 23, 8); + + if (unlikely(exp == 0xff)) { + /* NaN or Inf. */ + goto overflow; + } + + /* Round and re-extract the exponent. */ + f = float32_round_to_int(f, fpst); + exp = extract32(f, 23, 8); + + /* Validate the range of the result. */ + if (exp < 126 + intsize) { + /* abs(F) <= INT{N}_MAX */ + return f; + } + if (exp == 126 + intsize) { + uint32_t sign = extract32(f, 31, 1); + uint32_t frac = extract32(f, 0, 23); + if (sign && frac == 0) { + /* F == INT{N}_MIN */ + return f; + } + } + + overflow: + /* + * Raise Invalid and return INT{N}_MIN as a float. Revert any + * inexact exception float32_round_to_int may have raised. + */ + set_float_exception_flags(old_flags | float_flag_invalid, fpst); + return (0x100u + 126u + intsize) << 23; +} + +float32 HELPER(frint32_s)(float32 f, void *fpst) +{ + return frint_s(f, fpst, 32); +} + +float32 HELPER(frint64_s)(float32 f, void *fpst) +{ + return frint_s(f, fpst, 64); +} + +/* Round a float64 to an integer that fits in int32_t or int64_t. */ +static float64 frint_d(float64 f, float_status *fpst, int intsize) +{ + int old_flags = get_float_exception_flags(fpst); + uint32_t exp = extract64(f, 52, 11); + + if (unlikely(exp == 0x7ff)) { + /* NaN or Inf. */ + goto overflow; + } + + /* Round and re-extract the exponent. */ + f = float64_round_to_int(f, fpst); + exp = extract64(f, 52, 11); + + /* Validate the range of the result. */ + if (exp < 1022 + intsize) { + /* abs(F) <= INT{N}_MAX */ + return f; + } + if (exp == 1022 + intsize) { + uint64_t sign = extract64(f, 63, 1); + uint64_t frac = extract64(f, 0, 52); + if (sign && frac == 0) { + /* F == INT{N}_MIN */ + return f; + } + } + + overflow: + /* + * Raise Invalid and return INT{N}_MIN as a float. Revert any + * inexact exception float64_round_to_int may have raised. + */ + set_float_exception_flags(old_flags | float_flag_invalid, fpst); + return (uint64_t)(0x800 + 1022 + intsize) << 52; +} + +float64 HELPER(frint32_d)(float64 f, void *fpst) +{ + return frint_d(f, fpst, 32); +} + +float64 HELPER(frint64_d)(float64 f, void *fpst) +{ + return frint_d(f, fpst, 64); +} -- 2.20.1 From: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> We introduce an helper to create a memory node. Signed-off-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20190304101339.25970-2-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/boot.c | 54 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 34 insertions(+), 20 deletions(-) diff --git a/hw/arm/boot.c b/hw/arm/boot.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -XXX,XX +XXX,XX @@ static void set_kernel_args_old(const struct arm_boot_info *info, } } +static int fdt_add_memory_node(void *fdt, uint32_t acells, hwaddr mem_base, + uint32_t scells, hwaddr mem_len, + int numa_node_id) +{ + char *nodename; + int ret; + + nodename = g_strdup_printf("/memory@%" PRIx64, mem_base); + qemu_fdt_add_subnode(fdt, nodename); + qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory"); + ret = qemu_fdt_setprop_sized_cells(fdt, nodename, "reg", acells, mem_base, + scells, mem_len); + if (ret < 0) { + goto out; + } + + /* only set the NUMA ID if it is specified */ + if (numa_node_id >= 0) { + ret = qemu_fdt_setprop_cell(fdt, nodename, + "numa-node-id", numa_node_id); + } +out: + g_free(nodename); + return ret; +} + static void fdt_add_psci_node(void *fdt) { uint32_t cpu_suspend_fn; @@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo, void *fdt = NULL; int size, rc, n = 0; uint32_t acells, scells; - char *nodename; unsigned int i; hwaddr mem_base, mem_len; char **node_path; @@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo, mem_base = binfo->loader_start; for (i = 0; i < nb_numa_nodes; i++) { mem_len = numa_info[i].node_mem; - nodename = g_strdup_printf("/memory@%" PRIx64, mem_base); - qemu_fdt_add_subnode(fdt, nodename); - qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory"); - rc = qemu_fdt_setprop_sized_cells(fdt, nodename, "reg", - acells, mem_base, - scells, mem_len); + rc = fdt_add_memory_node(fdt, acells, mem_base, + scells, mem_len, i); if (rc < 0) { - fprintf(stderr, "couldn't set %s/reg for node %d\n", nodename, - i); + fprintf(stderr, "couldn't add /memory@%"PRIx64" node\n", + mem_base); goto fail; } - qemu_fdt_setprop_cell(fdt, nodename, "numa-node-id", i); mem_base += mem_len; - g_free(nodename); } } else { - nodename = g_strdup_printf("/memory@%" PRIx64, binfo->loader_start); - qemu_fdt_add_subnode(fdt, nodename); - qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory"); - - rc = qemu_fdt_setprop_sized_cells(fdt, nodename, "reg", - acells, binfo->loader_start, - scells, binfo->ram_size); + rc = fdt_add_memory_node(fdt, acells, binfo->loader_start, + scells, binfo->ram_size, -1); if (rc < 0) { - fprintf(stderr, "couldn't set %s reg\n", nodename); + fprintf(stderr, "couldn't add /memory@%"PRIx64" node\n", + binfo->loader_start); goto fail; } - g_free(nodename); } rc = fdt_path_offset(fdt, "/chosen"); -- 2.20.1 From: Eric Auger <eric.auger@redhat.com> In preparation for a split of the memory map into a static part and a dynamic part floating after the RAM, let's rename the regions located after the RAM Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-id: 20190304101339.25970-3-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/arm/virt.h | 8 ++++---- hw/arm/virt-acpi-build.c | 10 ++++++---- hw/arm/virt.c | 33 ++++++++++++++++++--------------- 3 files changed, 28 insertions(+), 23 deletions(-) diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/virt.h +++ b/include/hw/arm/virt.h @@ -XXX,XX +XXX,XX @@ enum { VIRT_GIC_VCPU, VIRT_GIC_ITS, VIRT_GIC_REDIST, - VIRT_GIC_REDIST2, + VIRT_HIGH_GIC_REDIST2, VIRT_SMMU, VIRT_UART, VIRT_MMIO, @@ -XXX,XX +XXX,XX @@ enum { VIRT_PCIE_MMIO, VIRT_PCIE_PIO, VIRT_PCIE_ECAM, - VIRT_PCIE_ECAM_HIGH, + VIRT_HIGH_PCIE_ECAM, VIRT_PLATFORM_BUS, - VIRT_PCIE_MMIO_HIGH, + VIRT_HIGH_PCIE_MMIO, VIRT_GPIO, VIRT_SECURE_UART, VIRT_SECURE_MEM, @@ -XXX,XX +XXX,XX @@ typedef struct { int psci_conduit; } VirtMachineState; -#define VIRT_ECAM_ID(high) (high ? VIRT_PCIE_ECAM_HIGH : VIRT_PCIE_ECAM) +#define VIRT_ECAM_ID(high) (high ? VIRT_HIGH_PCIE_ECAM : VIRT_PCIE_ECAM) #define TYPE_VIRT_MACHINE MACHINE_TYPE_NAME("virt") #define VIRT_MACHINE(obj) \ diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt-acpi-build.c +++ b/hw/arm/virt-acpi-build.c @@ -XXX,XX +XXX,XX @@ static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry *memmap, size_pio)); if (use_highmem) { - hwaddr base_mmio_high = memmap[VIRT_PCIE_MMIO_HIGH].base; - hwaddr size_mmio_high = memmap[VIRT_PCIE_MMIO_HIGH].size; + hwaddr base_mmio_high = memmap[VIRT_HIGH_PCIE_MMIO].base; + hwaddr size_mmio_high = memmap[VIRT_HIGH_PCIE_MMIO].size; aml_append(rbuf, aml_qword_memory(AML_POS_DECODE, AML_MIN_FIXED, AML_MAX_FIXED, @@ -XXX,XX +XXX,XX @@ build_madt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms) gicr = acpi_data_push(table_data, sizeof(*gicr)); gicr->type = ACPI_APIC_GENERIC_REDISTRIBUTOR; gicr->length = sizeof(*gicr); - gicr->base_address = cpu_to_le64(memmap[VIRT_GIC_REDIST2].base); - gicr->range_length = cpu_to_le32(memmap[VIRT_GIC_REDIST2].size); + gicr->base_address = + cpu_to_le64(memmap[VIRT_HIGH_GIC_REDIST2].base); + gicr->range_length = + cpu_to_le32(memmap[VIRT_HIGH_GIC_REDIST2].size); } if (its_class_name() && !vmc->no_its) { diff --git a/hw/arm/virt.c b/hw/arm/virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -XXX,XX +XXX,XX @@ static const MemMapEntry a15memmap[] = { [VIRT_PCIE_ECAM] = { 0x3f000000, 0x01000000 }, [VIRT_MEM] = { 0x40000000, RAMLIMIT_BYTES }, /* Additional 64 MB redist region (can contain up to 512 redistributors) */ - [VIRT_GIC_REDIST2] = { 0x4000000000ULL, 0x4000000 }, - [VIRT_PCIE_ECAM_HIGH] = { 0x4010000000ULL, 0x10000000 }, + [VIRT_HIGH_GIC_REDIST2] = { 0x4000000000ULL, 0x4000000 }, + [VIRT_HIGH_PCIE_ECAM] = { 0x4010000000ULL, 0x10000000 }, /* Second PCIe window, 512GB wide at the 512GB boundary */ - [VIRT_PCIE_MMIO_HIGH] = { 0x8000000000ULL, 0x8000000000ULL }, + [VIRT_HIGH_PCIE_MMIO] = { 0x8000000000ULL, 0x8000000000ULL }, }; static const int a15irqmap[] = { @@ -XXX,XX +XXX,XX @@ static void fdt_add_gic_node(VirtMachineState *vms) 2, vms->memmap[VIRT_GIC_REDIST].size); } else { qemu_fdt_setprop_sized_cells(vms->fdt, nodename, "reg", - 2, vms->memmap[VIRT_GIC_DIST].base, - 2, vms->memmap[VIRT_GIC_DIST].size, - 2, vms->memmap[VIRT_GIC_REDIST].base, - 2, vms->memmap[VIRT_GIC_REDIST].size, - 2, vms->memmap[VIRT_GIC_REDIST2].base, - 2, vms->memmap[VIRT_GIC_REDIST2].size); + 2, vms->memmap[VIRT_GIC_DIST].base, + 2, vms->memmap[VIRT_GIC_DIST].size, + 2, vms->memmap[VIRT_GIC_REDIST].base, + 2, vms->memmap[VIRT_GIC_REDIST].size, + 2, vms->memmap[VIRT_HIGH_GIC_REDIST2].base, + 2, vms->memmap[VIRT_HIGH_GIC_REDIST2].size); } if (vms->virt) { @@ -XXX,XX +XXX,XX @@ static void create_gic(VirtMachineState *vms, qemu_irq *pic) if (nb_redist_regions == 2) { uint32_t redist1_capacity = - vms->memmap[VIRT_GIC_REDIST2].size / GICV3_REDIST_SIZE; + vms->memmap[VIRT_HIGH_GIC_REDIST2].size / GICV3_REDIST_SIZE; qdev_prop_set_uint32(gicdev, "redist-region-count[1]", MIN(smp_cpus - redist0_count, redist1_capacity)); @@ -XXX,XX +XXX,XX @@ static void create_gic(VirtMachineState *vms, qemu_irq *pic) if (type == 3) { sysbus_mmio_map(gicbusdev, 1, vms->memmap[VIRT_GIC_REDIST].base); if (nb_redist_regions == 2) { - sysbus_mmio_map(gicbusdev, 2, vms->memmap[VIRT_GIC_REDIST2].base); + sysbus_mmio_map(gicbusdev, 2, + vms->memmap[VIRT_HIGH_GIC_REDIST2].base); } } else { sysbus_mmio_map(gicbusdev, 1, vms->memmap[VIRT_GIC_CPU].base); @@ -XXX,XX +XXX,XX @@ static void create_pcie(VirtMachineState *vms, qemu_irq *pic) { hwaddr base_mmio = vms->memmap[VIRT_PCIE_MMIO].base; hwaddr size_mmio = vms->memmap[VIRT_PCIE_MMIO].size; - hwaddr base_mmio_high = vms->memmap[VIRT_PCIE_MMIO_HIGH].base; - hwaddr size_mmio_high = vms->memmap[VIRT_PCIE_MMIO_HIGH].size; + hwaddr base_mmio_high = vms->memmap[VIRT_HIGH_PCIE_MMIO].base; + hwaddr size_mmio_high = vms->memmap[VIRT_HIGH_PCIE_MMIO].size; hwaddr base_pio = vms->memmap[VIRT_PCIE_PIO].base; hwaddr size_pio = vms->memmap[VIRT_PCIE_PIO].size; hwaddr base_ecam, size_ecam; @@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine) * many redistributors we can fit into the memory map. */ if (vms->gic_version == 3) { - virt_max_cpus = vms->memmap[VIRT_GIC_REDIST].size / GICV3_REDIST_SIZE; - virt_max_cpus += vms->memmap[VIRT_GIC_REDIST2].size / GICV3_REDIST_SIZE; + virt_max_cpus = + vms->memmap[VIRT_GIC_REDIST].size / GICV3_REDIST_SIZE; + virt_max_cpus += + vms->memmap[VIRT_HIGH_GIC_REDIST2].size / GICV3_REDIST_SIZE; } else { virt_max_cpus = GIC_NCPU; } -- 2.20.1 From: Eric Auger <eric.auger@redhat.com> In the prospect to introduce an extended memory map supporting more RAM, let's split the memory map array into two parts: - the former a15memmap, renamed base_memmap, contains regions below and including the RAM. MemMapEntries initialized in this array have a static size and base address. - extended_memmap, only initialized with entries located after the RAM. MemMapEntries initialized in this array only get their size initialized. Their base address is dynamically computed depending on the the top of the RAM, with same alignment as their size. Eventually base_memmap entries are copied into the extended_memmap array. Using two separate arrays however clarifies which entries are statically allocated and those which are dynamically allocated. This new split will allow to grow the RAM size without changing the description of the high IO entries. We introduce a new virt_set_memmap() helper function which "freezes" the memory map. We call it in machvirt_init as memory attributes of the machine are not yet set when virt_instance_init() gets called. The memory map is unchanged (the top of the initial RAM still is 256GiB). Then come the high IO regions with same layout as before. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-id: 20190304101339.25970-4-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/arm/virt.h | 13 +++++++---- hw/arm/virt.c | 50 +++++++++++++++++++++++++++++++++++++------ 2 files changed, 53 insertions(+), 10 deletions(-) diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/virt.h +++ b/include/hw/arm/virt.h @@ -XXX,XX +XXX,XX @@ enum { VIRT_GIC_VCPU, VIRT_GIC_ITS, VIRT_GIC_REDIST, - VIRT_HIGH_GIC_REDIST2, VIRT_SMMU, VIRT_UART, VIRT_MMIO, @@ -XXX,XX +XXX,XX @@ enum { VIRT_PCIE_MMIO, VIRT_PCIE_PIO, VIRT_PCIE_ECAM, - VIRT_HIGH_PCIE_ECAM, VIRT_PLATFORM_BUS, - VIRT_HIGH_PCIE_MMIO, VIRT_GPIO, VIRT_SECURE_UART, VIRT_SECURE_MEM, + VIRT_LOWMEMMAP_LAST, +}; + +/* indices of IO regions located after the RAM */ +enum { + VIRT_HIGH_GIC_REDIST2 = VIRT_LOWMEMMAP_LAST, + VIRT_HIGH_PCIE_ECAM, + VIRT_HIGH_PCIE_MMIO, }; typedef enum VirtIOMMUType { @@ -XXX,XX +XXX,XX @@ typedef struct { int32_t gic_version; VirtIOMMUType iommu; struct arm_boot_info bootinfo; - const MemMapEntry *memmap; + MemMapEntry *memmap; const int *irqmap; int smp_cpus; void *fdt; diff --git a/hw/arm/virt.c b/hw/arm/virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -XXX,XX +XXX,XX @@ */ #include "qemu/osdep.h" +#include "qemu/units.h" #include "qapi/error.h" #include "hw/sysbus.h" #include "hw/arm/arm.h" @@ -XXX,XX +XXX,XX @@ * Note that devices should generally be placed at multiples of 0x10000, * to accommodate guests using 64K pages. */ -static const MemMapEntry a15memmap[] = { +static const MemMapEntry base_memmap[] = { /* Space up to 0x8000000 is reserved for a boot ROM */ [VIRT_FLASH] = { 0, 0x08000000 }, [VIRT_CPUPERIPHS] = { 0x08000000, 0x00020000 }, @@ -XXX,XX +XXX,XX @@ static const MemMapEntry a15memmap[] = { [VIRT_PCIE_PIO] = { 0x3eff0000, 0x00010000 }, [VIRT_PCIE_ECAM] = { 0x3f000000, 0x01000000 }, [VIRT_MEM] = { 0x40000000, RAMLIMIT_BYTES }, +}; + +/* + * Highmem IO Regions: This memory map is floating, located after the RAM. + * Each MemMapEntry base (GPA) will be dynamically computed, depending on the + * top of the RAM, so that its base get the same alignment as the size, + * ie. a 512GiB entry will be aligned on a 512GiB boundary. If there is + * less than 256GiB of RAM, the floating area starts at the 256GiB mark. + * Note the extended_memmap is sized so that it eventually also includes the + * base_memmap entries (VIRT_HIGH_GIC_REDIST2 index is greater than the last + * index of base_memmap). + */ +static MemMapEntry extended_memmap[] = { /* Additional 64 MB redist region (can contain up to 512 redistributors) */ - [VIRT_HIGH_GIC_REDIST2] = { 0x4000000000ULL, 0x4000000 }, - [VIRT_HIGH_PCIE_ECAM] = { 0x4010000000ULL, 0x10000000 }, - /* Second PCIe window, 512GB wide at the 512GB boundary */ - [VIRT_HIGH_PCIE_MMIO] = { 0x8000000000ULL, 0x8000000000ULL }, + [VIRT_HIGH_GIC_REDIST2] = { 0x0, 64 * MiB }, + [VIRT_HIGH_PCIE_ECAM] = { 0x0, 256 * MiB }, + /* Second PCIe window */ + [VIRT_HIGH_PCIE_MMIO] = { 0x0, 512 * GiB }, }; static const int a15irqmap[] = { @@ -XXX,XX +XXX,XX @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx) return arm_cpu_mp_affinity(idx, clustersz); } +static void virt_set_memmap(VirtMachineState *vms) +{ + hwaddr base; + int i; + + vms->memmap = extended_memmap; + + for (i = 0; i < ARRAY_SIZE(base_memmap); i++) { + vms->memmap[i] = base_memmap[i]; + } + + base = 256 * GiB; /* Top of the legacy initial RAM region */ + + for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) { + hwaddr size = extended_memmap[i].size; + + base = ROUND_UP(base, size); + vms->memmap[i].base = base; + vms->memmap[i].size = size; + base += size; + } +} + static void machvirt_init(MachineState *machine) { VirtMachineState *vms = VIRT_MACHINE(machine); @@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine) bool firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0); bool aarch64 = true; + virt_set_memmap(vms); + /* We can probe only here because during property set * KVM is not available yet */ @@ -XXX,XX +XXX,XX @@ static void virt_instance_init(Object *obj) "Valid values are none and smmuv3", NULL); - vms->memmap = a15memmap; vms->irqmap = a15irqmap; } -- 2.20.1 From: Eric Auger <eric.auger@redhat.com> On ARM, the kvm_type will be resolved by querying the KVMState. Let's add the MachineState handle to the callback so that we can retrieve the KVMState handle. in kvm_init, when the callback is called, the kvm_state variable is not yet set. Signed-off-by: Eric Auger <eric.auger@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-id: 20190304101339.25970-5-eric.auger@redhat.com [ppc parts] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/boards.h | 5 ++++- accel/kvm/kvm-all.c | 2 +- hw/ppc/mac_newworld.c | 3 +-- hw/ppc/mac_oldworld.c | 2 +- hw/ppc/spapr.c | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/include/hw/boards.h b/include/hw/boards.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -XXX,XX +XXX,XX @@ typedef struct { * should instead use "unimplemented-device" for all memory ranges where * the guest will attempt to probe for a device that QEMU doesn't * implement and a stub device is required. + * @kvm_type: + * Return the type of KVM corresponding to the kvm-type string option or + * computed based on other criteria such as the host kernel capabilities. */ struct MachineClass { /*< private >*/ @@ -XXX,XX +XXX,XX @@ struct MachineClass { void (*init)(MachineState *state); void (*reset)(void); void (*hot_add_cpu)(const int64_t id, Error **errp); - int (*kvm_type)(const char *arg); + int (*kvm_type)(MachineState *machine, const char *arg); BlockInterfaceType block_default_type; int units_per_default_bus; diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index XXXXXXX..XXXXXXX 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -XXX,XX +XXX,XX @@ static int kvm_init(MachineState *ms) kvm_type = qemu_opt_get(qemu_get_machine_opts(), "kvm-type"); if (mc->kvm_type) { - type = mc->kvm_type(kvm_type); + type = mc->kvm_type(ms, kvm_type); } else if (kvm_type) { ret = -EINVAL; fprintf(stderr, "Invalid argument kvm-type=%s\n", kvm_type); diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c index XXXXXXX..XXXXXXX 100644 --- a/hw/ppc/mac_newworld.c +++ b/hw/ppc/mac_newworld.c @@ -XXX,XX +XXX,XX @@ static char *core99_fw_dev_path(FWPathProvider *p, BusState *bus, return NULL; } - -static int core99_kvm_type(const char *arg) +static int core99_kvm_type(MachineState *machine, const char *arg) { /* Always force PR KVM */ return 2; diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c index XXXXXXX..XXXXXXX 100644 --- a/hw/ppc/mac_oldworld.c +++ b/hw/ppc/mac_oldworld.c @@ -XXX,XX +XXX,XX @@ static char *heathrow_fw_dev_path(FWPathProvider *p, BusState *bus, return NULL; } -static int heathrow_kvm_type(const char *arg) +static int heathrow_kvm_type(MachineState *machine, const char *arg) { /* Always force PR KVM */ return 2; diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index XXXXXXX..XXXXXXX 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -XXX,XX +XXX,XX @@ static void spapr_machine_init(MachineState *machine) } } -static int spapr_kvm_type(const char *vm_type) +static int spapr_kvm_type(MachineState *machine, const char *vm_type) { if (!vm_type) { return 0; -- 2.20.1 From: Eric Auger <eric.auger@redhat.com> Add the kvm_arm_get_max_vm_ipa_size() helper that returns the number of bits in the IPA address space supported by KVM. This capability needs to be known to create the VM with a specific IPA max size (kvm_type passed along KVM_CREATE_VM ioctl. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-id: 20190304101339.25970-6-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/kvm_arm.h | 13 +++++++++++++ target/arm/kvm.c | 10 ++++++++++ 2 files changed, 23 insertions(+) diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/kvm_arm.h +++ b/target/arm/kvm_arm.h @@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf); */ void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu); +/** + * kvm_arm_get_max_vm_ipa_size - Returns the number of bits in the + * IPA address space supported by KVM + * + * @ms: Machine state handle + */ +int kvm_arm_get_max_vm_ipa_size(MachineState *ms); + /** * kvm_arm_sync_mpstate_to_kvm * @cpu: ARMCPU @@ -XXX,XX +XXX,XX @@ static inline void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu) cpu->host_cpu_probe_failed = true; } +static inline int kvm_arm_get_max_vm_ipa_size(MachineState *ms) +{ + return -ENOENT; +} + static inline int kvm_arm_vgic_probe(void) { return 0; diff --git a/target/arm/kvm.c b/target/arm/kvm.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -XXX,XX +XXX,XX @@ #include "qemu/error-report.h" #include "sysemu/sysemu.h" #include "sysemu/kvm.h" +#include "sysemu/kvm_int.h" #include "kvm_arm.h" #include "cpu.h" #include "trace.h" @@ -XXX,XX +XXX,XX @@ void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu) env->features = arm_host_cpu_features.features; } +int kvm_arm_get_max_vm_ipa_size(MachineState *ms) +{ + KVMState *s = KVM_STATE(ms->accelerator); + int ret; + + ret = kvm_check_extension(s, KVM_CAP_ARM_VM_IPA_SIZE); + return ret > 0 ? ret : 40; +} + int kvm_arch_init(MachineState *ms, KVMState *s) { /* For ARM interrupt delivery is always asynchronous, -- 2.20.1 From: Eric Auger <eric.auger@redhat.com> The machine RAM attributes will need to be analyzed during the configure_accelerator() process. especially kvm_type() arm64 machine callback will use them to know how many IPA/GPA bits are needed to model the whole RAM range. So let's assign those machine state fields before calling configure_accelerator. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-id: 20190304101339.25970-7-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- vl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vl.c b/vl.c index XXXXXXX..XXXXXXX 100644 --- a/vl.c +++ b/vl.c @@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv, char **envp) machine_opts = qemu_get_machine_opts(); qemu_opt_foreach(machine_opts, machine_set_property, current_machine, &error_fatal); + current_machine->ram_size = ram_size; + current_machine->maxram_size = maxram_size; + current_machine->ram_slots = ram_slots; configure_accelerator(current_machine, argv[0]); @@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv, char **envp) replay_checkpoint(CHECKPOINT_INIT); qdev_machine_init(); - current_machine->ram_size = ram_size; - current_machine->maxram_size = maxram_size; - current_machine->ram_slots = ram_slots; current_machine->boot_order = boot_order; /* parse features once if machine provides default cpu_type */ -- 2.20.1 From: Eric Auger <eric.auger@redhat.com> Up to now the memory map has been static and the high IO region base has always been 256GiB. This patch modifies the virt_set_memmap() function, which freezes the memory map, so that the high IO range base becomes floating, located after the initial RAM and the device memory. The function computes - the base of the device memory, - the size of the device memory, - the high IO region base - the highest GPA used in the memory map. Entries of the high IO region are assigned a base address. The device memory is initialized. The highest GPA used in the memory map will be used at VM creation to choose the requested IPA size. Setting all the existing highmem IO regions beyond the RAM allows to have a single contiguous RAM region (initial RAM and possible hotpluggable device memory). That way we do not need to do invasive changes in the EDK2 FW to support a dynamic RAM base. Still the user cannot request an initial RAM size greater than 255GB. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-id: 20190304101339.25970-8-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/arm/virt.h | 1 + hw/arm/virt.c | 52 ++++++++++++++++++++++++++++++++++++++----- 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/arm/virt.h +++ b/include/hw/arm/virt.h @@ -XXX,XX +XXX,XX @@ typedef struct { uint32_t msi_phandle; uint32_t iommu_phandle; int psci_conduit; + hwaddr highest_gpa; } VirtMachineState; #define VIRT_ECAM_ID(high) (high ? VIRT_HIGH_PCIE_ECAM : VIRT_PCIE_ECAM) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -XXX,XX +XXX,XX @@ #include "qapi/visitor.h" #include "standard-headers/linux/input.h" #include "hw/arm/smmuv3.h" +#include "hw/acpi/acpi.h" #define DEFINE_VIRT_MACHINE_LATEST(major, minor, latest) \ static void virt_##major##_##minor##_class_init(ObjectClass *oc, \ @@ -XXX,XX +XXX,XX @@ * of a terabyte of RAM will be doing it on a host with more than a * terabyte of physical address space.) */ -#define RAMLIMIT_GB 255 -#define RAMLIMIT_BYTES (RAMLIMIT_GB * 1024ULL * 1024 * 1024) +#define LEGACY_RAMLIMIT_GB 255 +#define LEGACY_RAMLIMIT_BYTES (LEGACY_RAMLIMIT_GB * GiB) /* Addresses and sizes of our components. * 0..128MB is space for a flash device so we can run bootrom code such as UEFI. @@ -XXX,XX +XXX,XX @@ static const MemMapEntry base_memmap[] = { [VIRT_PCIE_MMIO] = { 0x10000000, 0x2eff0000 }, [VIRT_PCIE_PIO] = { 0x3eff0000, 0x00010000 }, [VIRT_PCIE_ECAM] = { 0x3f000000, 0x01000000 }, - [VIRT_MEM] = { 0x40000000, RAMLIMIT_BYTES }, + /* Actual RAM size depends on initial RAM and device memory settings */ + [VIRT_MEM] = { GiB, LEGACY_RAMLIMIT_BYTES }, }; /* @@ -XXX,XX +XXX,XX @@ static uint64_t virt_cpu_mp_affinity(VirtMachineState *vms, int idx) static void virt_set_memmap(VirtMachineState *vms) { - hwaddr base; + MachineState *ms = MACHINE(vms); + hwaddr base, device_memory_base, device_memory_size; int i; vms->memmap = extended_memmap; @@ -XXX,XX +XXX,XX @@ static void virt_set_memmap(VirtMachineState *vms) vms->memmap[i] = base_memmap[i]; } - base = 256 * GiB; /* Top of the legacy initial RAM region */ + if (ms->ram_slots > ACPI_MAX_RAM_SLOTS) { + error_report("unsupported number of memory slots: %"PRIu64, + ms->ram_slots); + exit(EXIT_FAILURE); + } + + /* + * We compute the base of the high IO region depending on the + * amount of initial and device memory. The device memory start/size + * is aligned on 1GiB. We never put the high IO region below 256GiB + * so that if maxram_size is < 255GiB we keep the legacy memory map. + * The device region size assumes 1GiB page max alignment per slot. + */ + device_memory_base = + ROUND_UP(vms->memmap[VIRT_MEM].base + ms->ram_size, GiB); + device_memory_size = ms->maxram_size - ms->ram_size + ms->ram_slots * GiB; + + /* Base address of the high IO region */ + base = device_memory_base + ROUND_UP(device_memory_size, GiB); + if (base < device_memory_base) { + error_report("maxmem/slots too huge"); + exit(EXIT_FAILURE); + } + if (base < vms->memmap[VIRT_MEM].base + LEGACY_RAMLIMIT_BYTES) { + base = vms->memmap[VIRT_MEM].base + LEGACY_RAMLIMIT_BYTES; + } for (i = VIRT_LOWMEMMAP_LAST; i < ARRAY_SIZE(extended_memmap); i++) { hwaddr size = extended_memmap[i].size; @@ -XXX,XX +XXX,XX @@ static void virt_set_memmap(VirtMachineState *vms) vms->memmap[i].size = size; base += size; } + vms->highest_gpa = base - 1; + if (device_memory_size > 0) { + ms->device_memory = g_malloc0(sizeof(*ms->device_memory)); + ms->device_memory->base = device_memory_base; + memory_region_init(&ms->device_memory->mr, OBJECT(vms), + "device-memory", device_memory_size); + } } static void machvirt_init(MachineState *machine) @@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine) vms->smp_cpus = smp_cpus; if (machine->ram_size > vms->memmap[VIRT_MEM].size) { - error_report("mach-virt: cannot model more than %dGB RAM", RAMLIMIT_GB); + error_report("mach-virt: cannot model more than %dGB RAM", + LEGACY_RAMLIMIT_GB); exit(1); } @@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine) memory_region_allocate_system_memory(ram, NULL, "mach-virt.ram", machine->ram_size); memory_region_add_subregion(sysmem, vms->memmap[VIRT_MEM].base, ram); + if (machine->device_memory) { + memory_region_add_subregion(sysmem, machine->device_memory->base, + &machine->device_memory->mr); + } create_flash(vms, sysmem, secure_sysmem ? secure_sysmem : sysmem); -- 2.20.1 From: Eric Auger <eric.auger@redhat.com> This patch implements the machine class kvm_type() callback. It returns the number of bits requested to implement the whole GPA range including the RAM and IO regions located beyond. The returned value is passed though the KVM_CREATE_VM ioctl and this allows KVM to set the stage2 tables dynamically. To compute the highest GPA used in the memory map, kvm_type() must freeze the memory map by calling virt_set_memmap(). Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-id: 20190304101339.25970-9-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/virt.c | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine) bool firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0); bool aarch64 = true; - virt_set_memmap(vms); + /* + * In accelerated mode, the memory map is computed earlier in kvm_type() + * to create a VM with the right number of IPA bits. + */ + if (!vms->memmap) { + virt_set_memmap(vms); + } /* We can probe only here because during property set * KVM is not available yet @@ -XXX,XX +XXX,XX @@ static HotplugHandler *virt_machine_get_hotplug_handler(MachineState *machine, return NULL; } +/* + * for arm64 kvm_type [7-0] encodes the requested number of bits + * in the IPA address space + */ +static int virt_kvm_type(MachineState *ms, const char *type_str) +{ + VirtMachineState *vms = VIRT_MACHINE(ms); + int max_vm_pa_size = kvm_arm_get_max_vm_ipa_size(ms); + int requested_pa_size; + + /* we freeze the memory map to compute the highest gpa */ + virt_set_memmap(vms); + + requested_pa_size = 64 - clz64(vms->highest_gpa); + + if (requested_pa_size > max_vm_pa_size) { + error_report("-m and ,maxmem option values " + "require an IPA range (%d bits) larger than " + "the one supported by the host (%d bits)", + requested_pa_size, max_vm_pa_size); + exit(1); + } + /* + * By default we return 0 which corresponds to an implicit legacy + * 40b IPA setting. Otherwise we return the actual requested PA + * logsize + */ + return requested_pa_size > 40 ? requested_pa_size : 0; +} + static void virt_machine_class_init(ObjectClass *oc, void *data) { MachineClass *mc = MACHINE_CLASS(oc); @@ -XXX,XX +XXX,XX @@ static void virt_machine_class_init(ObjectClass *oc, void *data) mc->cpu_index_to_instance_props = virt_cpu_index_to_props; mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"); mc->get_default_cpu_node_id = virt_get_default_cpu_node_id; + mc->kvm_type = virt_kvm_type; assert(!mc->get_hotplug_handler); mc->get_hotplug_handler = virt_machine_get_hotplug_handler; hc->plug = virt_machine_device_plug_cb; -- 2.20.1 From: Eric Auger <eric.auger@redhat.com> We are about to allow the memory map to grow beyond 1TB and potentially overshoot the VCPU AA64MMFR0.PARANGE. In aarch64 mode and when highmem is set, let's check the VCPU PA range is sufficient to address the highest GPA of the memory map. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-id: 20190304101339.25970-10-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/virt.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -XXX,XX +XXX,XX @@ #include "standard-headers/linux/input.h" #include "hw/arm/smmuv3.h" #include "hw/acpi/acpi.h" +#include "target/arm/internals.h" #define DEFINE_VIRT_MACHINE_LATEST(major, minor, latest) \ static void virt_##major##_##minor##_class_init(ObjectClass *oc, \ @@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine) fdt_add_timer_nodes(vms); fdt_add_cpu_nodes(vms); + if (!kvm_enabled()) { + ARMCPU *cpu = ARM_CPU(first_cpu); + bool aarch64 = object_property_get_bool(OBJECT(cpu), "aarch64", NULL); + + if (aarch64 && vms->highmem) { + int requested_pa_size, pamax = arm_pamax(cpu); + + requested_pa_size = 64 - clz64(vms->highest_gpa); + if (pamax < requested_pa_size) { + error_report("VCPU supports less PA bits (%d) than requested " + "by the memory map (%d)", pamax, requested_pa_size); + exit(1); + } + } + } + memory_region_allocate_system_memory(ram, NULL, "mach-virt.ram", machine->ram_size); memory_region_add_subregion(sysmem, vms->memmap[VIRT_MEM].base, ram); -- 2.20.1 From: Eric Auger <eric.auger@redhat.com> Now we have the extended memory map (high IO regions beyond the scalable RAM) and dynamic IPA range support at KVM/ARM level we can bump the legacy 255GB initial RAM limit. The actual maximum RAM size now depends on the physical CPU and host kernel, in accelerated mode. In TCG mode, it depends on the VCPU AA64MMFR0.PARANGE. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-id: 20190304101339.25970-11-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/virt.c | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -XXX,XX +XXX,XX @@ #define PLATFORM_BUS_NUM_IRQS 64 -/* RAM limit in GB. Since VIRT_MEM starts at the 1GB mark, this means - * RAM can go up to the 256GB mark, leaving 256GB of the physical - * address space unallocated and free for future use between 256G and 512G. - * If we need to provide more RAM to VMs in the future then we need to: - * * allocate a second bank of RAM starting at 2TB and working up - * * fix the DT and ACPI table generation code in QEMU to correctly - * report two split lumps of RAM to the guest - * * fix KVM in the host kernel to allow guests with >40 bit address spaces - * (We don't want to fill all the way up to 512GB with RAM because - * we might want it for non-RAM purposes later. Conversely it seems - * reasonable to assume that anybody configuring a VM with a quarter - * of a terabyte of RAM will be doing it on a host with more than a - * terabyte of physical address space.) - */ +/* Legacy RAM limit in GB (< version 4.0) */ #define LEGACY_RAMLIMIT_GB 255 #define LEGACY_RAMLIMIT_BYTES (LEGACY_RAMLIMIT_GB * GiB) @@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine) vms->smp_cpus = smp_cpus; - if (machine->ram_size > vms->memmap[VIRT_MEM].size) { - error_report("mach-virt: cannot model more than %dGB RAM", - LEGACY_RAMLIMIT_GB); - exit(1); - } - if (vms->virt && kvm_enabled()) { error_report("mach-virt: KVM does not support providing " "Virtualization extensions to the guest CPU"); -- 2.20.1 From: Michel Heily <michelheily@gmail.com> Implement the watchdog timer for the stellaris boards. This device is a close variant of the CMSDK APB watchdog device, so we can model it by subclassing that device and tweaking the behaviour of some of its registers. Signed-off-by: Michel Heily <michelheily@gmail.com> Reviewed-by: Peter Maydell <petser.maydell@linaro.org> [PMM: rewrote commit message, fixed a few checkpatch nits, added comment giving the URL of the spec for the Stellaris variant of the watchdog device] Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/watchdog/cmsdk-apb-watchdog.h | 8 +++ hw/arm/stellaris.c | 22 ++++++- hw/watchdog/cmsdk-apb-watchdog.c | 74 +++++++++++++++++++++++- 3 files changed, 100 insertions(+), 4 deletions(-) diff --git a/include/hw/watchdog/cmsdk-apb-watchdog.h b/include/hw/watchdog/cmsdk-apb-watchdog.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/watchdog/cmsdk-apb-watchdog.h +++ b/include/hw/watchdog/cmsdk-apb-watchdog.h @@ -XXX,XX +XXX,XX @@ #define CMSDK_APB_WATCHDOG(obj) OBJECT_CHECK(CMSDKAPBWatchdog, (obj), \ TYPE_CMSDK_APB_WATCHDOG) +/* + * This shares the same struct (and cast macro) as the base + * cmsdk-apb-watchdog device. + */ +#define TYPE_LUMINARY_WATCHDOG "luminary-watchdog" + typedef struct CMSDKAPBWatchdog { /*< private >*/ SysBusDevice parent_obj; @@ -XXX,XX +XXX,XX @@ typedef struct CMSDKAPBWatchdog { MemoryRegion iomem; qemu_irq wdogint; uint32_t wdogclk_frq; + bool is_luminary; struct ptimer_state *timer; uint32_t control; @@ -XXX,XX +XXX,XX @@ typedef struct CMSDKAPBWatchdog { uint32_t itcr; uint32_t itop; uint32_t resetstatus; + const uint32_t *id; } CMSDKAPBWatchdog; #endif diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/stellaris.c +++ b/hw/arm/stellaris.c @@ -XXX,XX +XXX,XX @@ #include "sysemu/sysemu.h" #include "hw/arm/armv7m.h" #include "hw/char/pl011.h" +#include "hw/watchdog/cmsdk-apb-watchdog.h" #include "hw/misc/unimp.h" #include "cpu.h" @@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board) * Stellaris LM3S6965 Microcontroller Data Sheet (rev I) * http://www.ti.com/lit/ds/symlink/lm3s6965.pdf * - * 40000000 wdtimer (unimplemented) + * 40000000 wdtimer * 40002000 i2c (unimplemented) * 40004000 GPIO * 40005000 GPIO @@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board) stellaris_sys_init(0x400fe000, qdev_get_gpio_in(nvic, 28), board, nd_table[0].macaddr.a); + + if (board->dc1 & (1 << 3)) { /* watchdog present */ + dev = qdev_create(NULL, TYPE_LUMINARY_WATCHDOG); + + /* system_clock_scale is valid now */ + uint32_t mainclk = NANOSECONDS_PER_SECOND / system_clock_scale; + qdev_prop_set_uint32(dev, "wdogclk-frq", mainclk); + + qdev_init_nofail(dev); + sysbus_mmio_map(SYS_BUS_DEVICE(dev), + 0, + 0x40000000u); + sysbus_connect_irq(SYS_BUS_DEVICE(dev), + 0, + qdev_get_gpio_in(nvic, 18)); + } + + for (i = 0; i < 7; i++) { if (board->dc4 & (1 << i)) { gpio_dev[i] = sysbus_create_simple("pl061_luminary", gpio_addr[i], @@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board) /* Add dummy regions for the devices we don't implement yet, * so guest accesses don't cause unlogged crashes. */ - create_unimplemented_device("wdtimer", 0x40000000, 0x1000); create_unimplemented_device("i2c-0", 0x40002000, 0x1000); create_unimplemented_device("i2c-2", 0x40021000, 0x1000); create_unimplemented_device("PWM", 0x40028000, 0x1000); diff --git a/hw/watchdog/cmsdk-apb-watchdog.c b/hw/watchdog/cmsdk-apb-watchdog.c index XXXXXXX..XXXXXXX 100644 --- a/hw/watchdog/cmsdk-apb-watchdog.c +++ b/hw/watchdog/cmsdk-apb-watchdog.c @@ -XXX,XX +XXX,XX @@ * System Design Kit (CMSDK) and documented in the Cortex-M System * Design Kit Technical Reference Manual (ARM DDI0479C): * https://developer.arm.com/products/system-design/system-design-kits/cortex-m-system-design-kit + * + * We also support the variant of this device found in the TI + * Stellaris/Luminary boards and documented in: + * http://www.ti.com/lit/ds/symlink/lm3s6965.pdf */ #include "qemu/osdep.h" @@ -XXX,XX +XXX,XX @@ REG32(WDOGINTCLR, 0xc) REG32(WDOGRIS, 0x10) FIELD(WDOGRIS, INT, 0, 1) REG32(WDOGMIS, 0x14) +REG32(WDOGTEST, 0x418) /* only in Stellaris/Luminary version of the device */ REG32(WDOGLOCK, 0xc00) #define WDOG_UNLOCK_VALUE 0x1ACCE551 REG32(WDOGITCR, 0xf00) @@ -XXX,XX +XXX,XX @@ REG32(CID2, 0xff8) REG32(CID3, 0xffc) /* PID/CID values */ -static const int watchdog_id[] = { +static const uint32_t cmsdk_apb_watchdog_id[] = { 0x04, 0x00, 0x00, 0x00, /* PID4..PID7 */ 0x24, 0xb8, 0x1b, 0x00, /* PID0..PID3 */ 0x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */ }; +static const uint32_t luminary_watchdog_id[] = { + 0x00, 0x00, 0x00, 0x00, /* PID4..PID7 */ + 0x05, 0x18, 0x18, 0x01, /* PID0..PID3 */ + 0x0d, 0xf0, 0x05, 0xb1, /* CID0..CID3 */ +}; + static bool cmsdk_apb_watchdog_intstatus(CMSDKAPBWatchdog *s) { /* Return masked interrupt status */ @@ -XXX,XX +XXX,XX @@ static void cmsdk_apb_watchdog_update(CMSDKAPBWatchdog *s) bool wdogres; if (s->itcr) { + /* + * Not checking that !s->is_luminary since s->itcr can't be written + * when s->is_luminary in the first place. + */ wdogint = s->itop & R_WDOGITOP_WDOGINT_MASK; wdogres = s->itop & R_WDOGITOP_WDOGRES_MASK; } else { @@ -XXX,XX +XXX,XX @@ static uint64_t cmsdk_apb_watchdog_read(void *opaque, hwaddr offset, r = s->lock; break; case A_WDOGITCR: + if (s->is_luminary) { + goto bad_offset; + } r = s->itcr; break; case A_PID4 ... A_CID3: - r = watchdog_id[(offset - A_PID4) / 4]; + r = s->id[(offset - A_PID4) / 4]; break; case A_WDOGINTCLR: case A_WDOGITOP: + if (s->is_luminary) { + goto bad_offset; + } qemu_log_mask(LOG_GUEST_ERROR, "CMSDK APB watchdog read: read of WO offset %x\n", (int)offset); r = 0; break; + case A_WDOGTEST: + if (!s->is_luminary) { + goto bad_offset; + } + qemu_log_mask(LOG_UNIMP, + "Luminary watchdog read: stall not implemented\n"); + r = 0; + break; default: +bad_offset: qemu_log_mask(LOG_GUEST_ERROR, "CMSDK APB watchdog read: bad offset %x\n", (int)offset); r = 0; @@ -XXX,XX +XXX,XX @@ static void cmsdk_apb_watchdog_write(void *opaque, hwaddr offset, ptimer_run(s->timer, 0); break; case A_WDOGCONTROL: + if (s->is_luminary && 0 != (R_WDOGCONTROL_INTEN_MASK & s->control)) { + /* + * The Luminary version of this device ignores writes to + * this register after the guest has enabled interrupts + * (so they can only be disabled again via reset). + */ + break; + } s->control = value & R_WDOGCONTROL_VALID_MASK; cmsdk_apb_watchdog_update(s); break; @@ -XXX,XX +XXX,XX @@ static void cmsdk_apb_watchdog_write(void *opaque, hwaddr offset, s->lock = (value != WDOG_UNLOCK_VALUE); break; case A_WDOGITCR: + if (s->is_luminary) { + goto bad_offset; + } s->itcr = value & R_WDOGITCR_VALID_MASK; cmsdk_apb_watchdog_update(s); break; case A_WDOGITOP: + if (s->is_luminary) { + goto bad_offset; + } s->itop = value & R_WDOGITOP_VALID_MASK; cmsdk_apb_watchdog_update(s); break; @@ -XXX,XX +XXX,XX @@ static void cmsdk_apb_watchdog_write(void *opaque, hwaddr offset, "CMSDK APB watchdog write: write to RO offset 0x%x\n", (int)offset); break; + case A_WDOGTEST: + if (!s->is_luminary) { + goto bad_offset; + } + qemu_log_mask(LOG_UNIMP, + "Luminary watchdog write: stall not implemented\n"); + break; default: +bad_offset: qemu_log_mask(LOG_GUEST_ERROR, "CMSDK APB watchdog write: bad offset 0x%x\n", (int)offset); @@ -XXX,XX +XXX,XX @@ static void cmsdk_apb_watchdog_init(Object *obj) s, "cmsdk-apb-watchdog", 0x1000); sysbus_init_mmio(sbd, &s->iomem); sysbus_init_irq(sbd, &s->wdogint); + + s->is_luminary = false; + s->id = cmsdk_apb_watchdog_id; } static void cmsdk_apb_watchdog_realize(DeviceState *dev, Error **errp) @@ -XXX,XX +XXX,XX @@ static const TypeInfo cmsdk_apb_watchdog_info = { .class_init = cmsdk_apb_watchdog_class_init, }; +static void luminary_watchdog_init(Object *obj) +{ + CMSDKAPBWatchdog *s = CMSDK_APB_WATCHDOG(obj); + + s->is_luminary = true; + s->id = luminary_watchdog_id; +} + +static const TypeInfo luminary_watchdog_info = { + .name = TYPE_LUMINARY_WATCHDOG, + .parent = TYPE_CMSDK_APB_WATCHDOG, + .instance_init = luminary_watchdog_init +}; + static void cmsdk_apb_watchdog_register_types(void) { type_register_static(&cmsdk_apb_watchdog_info); + type_register_static(&luminary_watchdog_info); } type_init(cmsdk_apb_watchdog_register_types); -- 2.20.1 Hi; here's the first target-arm pullreq for the 7.0 cycle. thanks -- PMM The following changes since commit 76b56fdfc9fa43ec6e5986aee33f108c6c6a511e: Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging (2021-12-14 12:46:18 -0800) are available in the Git repository at: https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20211215 for you to fetch changes up to aed176558806674d030a8305d989d4e6a5073359: tests/acpi: add expected blob for VIOT test on virt machine (2021-12-15 10:35:26 +0000) ---------------------------------------------------------------- target-arm queue: * ITS: error reporting cleanup * aspeed: improve documentation * Fix STM32F2XX USART data register readout * allow emulated GICv3 to be disabled in non-TCG builds * fix exception priority for singlestep, misaligned PC, bp, etc * Correct calculation of tlb range invalidate length * npcm7xx_emc: fix missing queue_flush * virt: Add VIOT ACPI table for virtio-iommu * target/i386: Use assert() to sanity-check b1 in SSE decode * Don't include qemu-common unnecessarily ---------------------------------------------------------------- Alex Bennée (1): hw/intc: clean-up error reporting for failed ITS cmd Jean-Philippe Brucker (8): hw/arm/virt-acpi-build: Add VIOT table for virtio-iommu hw/arm/virt: Remove device tree restriction for virtio-iommu hw/arm/virt: Reject instantiation of multiple IOMMUs hw/arm/virt: Use object_property_set instead of qdev_prop_set tests/acpi: allow updates of VIOT expected data files tests/acpi: add test case for VIOT tests/acpi: add expected blobs for VIOT test on q35 machine tests/acpi: add expected blob for VIOT test on virt machine Joel Stanley (4): docs: aspeed: Add new boards docs: aspeed: Update OpenBMC image URL docs: aspeed: Give an example of booting a kernel docs: aspeed: ADC is now modelled Olivier Hériveaux (1): Fix STM32F2XX USART data register readout Patrick Venture (1): hw/net: npcm7xx_emc fix missing queue_flush Peter Maydell (6): target/i386: Use assert() to sanity-check b1 in SSE decode include/hw/i386: Don't include qemu-common.h in .h files target/hexagon/cpu.h: don't include qemu-common.h target/rx/cpu.h: Don't include qemu-common.h hw/arm: Don't include qemu-common.h unnecessarily target/arm: Correct calculation of tlb range invalidate length Philippe Mathieu-Daudé (2): hw/intc/arm_gicv3: Extract gicv3_set_gicv3state from arm_gicv3_cpuif.c hw/intc/arm_gicv3: Introduce CONFIG_ARM_GIC_TCG Kconfig selector Richard Henderson (10): target/arm: Hoist pc_next to a local variable in aarch64_tr_translate_insn target/arm: Hoist pc_next to a local variable in arm_tr_translate_insn target/arm: Hoist pc_next to a local variable in thumb_tr_translate_insn target/arm: Split arm_pre_translate_insn target/arm: Advance pc for arch single-step exception target/arm: Split compute_fsr_fsc out of arm_deliver_fault target/arm: Take an exception if PC is misaligned target/arm: Assert thumb pc is aligned target/arm: Suppress bp for exceptions with more priority tests/tcg: Add arm and aarch64 pc alignment tests docs/system/arm/aspeed.rst | 26 ++++++++++++---- include/hw/i386/microvm.h | 1 - include/hw/i386/x86.h | 1 - target/arm/helper.h | 1 + target/arm/syndrome.h | 5 +++ target/hexagon/cpu.h | 1 - target/rx/cpu.h | 1 - hw/arm/boot.c | 1 - hw/arm/digic_boards.c | 1 - hw/arm/highbank.c | 1 - hw/arm/npcm7xx_boards.c | 1 - hw/arm/sbsa-ref.c | 1 - hw/arm/stm32f405_soc.c | 1 - hw/arm/vexpress.c | 1 - hw/arm/virt-acpi-build.c | 7 +++++ hw/arm/virt.c | 21 ++++++------- hw/char/stm32f2xx_usart.c | 3 +- hw/intc/arm_gicv3.c | 2 +- hw/intc/arm_gicv3_cpuif.c | 10 +----- hw/intc/arm_gicv3_cpuif_common.c | 22 +++++++++++++ hw/intc/arm_gicv3_its.c | 39 +++++++++++++++-------- hw/net/npcm7xx_emc.c | 18 +++++------ hw/virtio/virtio-iommu-pci.c | 12 ++------ linux-user/aarch64/cpu_loop.c | 46 ++++++++++++++++------------ linux-user/hexagon/cpu_loop.c | 1 + target/arm/debug_helper.c | 23 ++++++++++++++ target/arm/gdbstub.c | 9 ++++-- target/arm/helper.c | 6 ++-- target/arm/machine.c | 10 ++++++ target/arm/tlb_helper.c | 63 ++++++++++++++++++++++++++++---------- target/arm/translate-a64.c | 23 ++++++++++++-- target/arm/translate.c | 58 ++++++++++++++++++++++++++--------- target/i386/tcg/translate.c | 12 ++------ tests/qtest/bios-tables-test.c | 38 +++++++++++++++++++++++ tests/tcg/aarch64/pcalign-a64.c | 37 ++++++++++++++++++++++ tests/tcg/arm/pcalign-a32.c | 46 ++++++++++++++++++++++++++++ hw/arm/Kconfig | 1 + hw/intc/Kconfig | 5 +++ hw/intc/meson.build | 11 ++++--- tests/data/acpi/q35/DSDT.viot | Bin 0 -> 9398 bytes tests/data/acpi/q35/VIOT.viot | Bin 0 -> 112 bytes tests/data/acpi/virt/VIOT | Bin 0 -> 88 bytes tests/tcg/aarch64/Makefile.target | 4 +-- tests/tcg/arm/Makefile.target | 4 +++ 44 files changed, 429 insertions(+), 145 deletions(-) create mode 100644 hw/intc/arm_gicv3_cpuif_common.c create mode 100644 tests/tcg/aarch64/pcalign-a64.c create mode 100644 tests/tcg/arm/pcalign-a32.c create mode 100644 tests/data/acpi/q35/DSDT.viot create mode 100644 tests/data/acpi/q35/VIOT.viot create mode 100644 tests/data/acpi/virt/VIOT From: Alex Bennée <alex.bennee@linaro.org> While trying to debug a GIC ITS failure I saw some guest errors that had poor formatting as well as leaving me confused as to what failed. As most of the checks aren't possible without a valid dte split that check apart and then check the other conditions in steps. This avoids us relying on undefined data. I still get a failure with the current kvm-unit-tests but at least I know (partially) why now: Exception return from AArch64 EL1 to AArch64 EL1 PC 0x40080588 PASS: gicv3: its-trigger: inv/invall: dev2/eventid=20 now triggers an LPI ITS: MAPD devid=2 size = 0x8 itt=0x40430000 valid=0 INT dev_id=2 event_id=20 process_its_cmd: invalid command attributes: invalid dte: 0 for 2 (MEM_TX: 0) PASS: gicv3: its-trigger: mapd valid=false: no LPI after device unmap SUMMARY: 6 tests, 1 unexpected failures Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20211112170454.3158925-1-alex.bennee@linaro.org Cc: Shashi Mallela <shashi.mallela@linaro.org> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/intc/arm_gicv3_its.c | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/hw/intc/arm_gicv3_its.c b/hw/intc/arm_gicv3_its.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/arm_gicv3_its.c +++ b/hw/intc/arm_gicv3_its.c @@ -XXX,XX +XXX,XX @@ static bool process_its_cmd(GICv3ITSState *s, uint64_t value, uint32_t offset, if (res != MEMTX_OK) { return result; } + } else { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: " + "invalid dte: %"PRIx64" for %d (MEM_TX: %d)\n", + __func__, dte, devid, res); + return result; } - if ((devid > s->dt.maxids.max_devids) || !dte_valid || !ite_valid || - !cte_valid || (eventid > max_eventid)) { + + /* + * In this implementation, in case of guest errors we ignore the + * command and move onto the next command in the queue. + */ + if (devid > s->dt.maxids.max_devids) { qemu_log_mask(LOG_GUEST_ERROR, - "%s: invalid command attributes " - "devid %d or eventid %d or invalid dte %d or" - "invalid cte %d or invalid ite %d\n", - __func__, devid, eventid, dte_valid, cte_valid, - ite_valid); - /* - * in this implementation, in case of error - * we ignore this command and move onto the next - * command in the queue - */ + "%s: invalid command attributes: devid %d>%d", + __func__, devid, s->dt.maxids.max_devids); + + } else if (!dte_valid || !ite_valid || !cte_valid) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: " + "dte: %s, ite: %s, cte: %s\n", + __func__, + dte_valid ? "valid" : "invalid", + ite_valid ? "valid" : "invalid", + cte_valid ? "valid" : "invalid"); + } else if (eventid > max_eventid) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid command attributes: eventid %d > %d\n", + __func__, eventid, max_eventid); } else { /* * Current implementation only supports rdbase == procnum -- 2.25.1 From: Joel Stanley <joel@jms.id.au> Add X11, FP5280G2, G220A, Rainier and Fuji. Mention that Swift will be removed in v7.0. Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Cédric Le Goater <clg@kaod.org> Message-id: 20211117065752.330632-2-joel@jms.id.au Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- docs/system/arm/aspeed.rst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/system/arm/aspeed.rst b/docs/system/arm/aspeed.rst index XXXXXXX..XXXXXXX 100644 --- a/docs/system/arm/aspeed.rst +++ b/docs/system/arm/aspeed.rst @@ -XXX,XX +XXX,XX @@ AST2400 SoC based machines : - ``palmetto-bmc`` OpenPOWER Palmetto POWER8 BMC - ``quanta-q71l-bmc`` OpenBMC Quanta BMC +- ``supermicrox11-bmc`` Supermicro X11 BMC AST2500 SoC based machines : @@ -XXX,XX +XXX,XX @@ AST2500 SoC based machines : - ``romulus-bmc`` OpenPOWER Romulus POWER9 BMC - ``witherspoon-bmc`` OpenPOWER Witherspoon POWER9 BMC - ``sonorapass-bmc`` OCP SonoraPass BMC -- ``swift-bmc`` OpenPOWER Swift BMC POWER9 +- ``swift-bmc`` OpenPOWER Swift BMC POWER9 (to be removed in v7.0) +- ``fp5280g2-bmc`` Inspur FP5280G2 BMC +- ``g220a-bmc`` Bytedance G220A BMC AST2600 SoC based machines : - ``ast2600-evb`` Aspeed AST2600 Evaluation board (Cortex-A7) - ``tacoma-bmc`` OpenPOWER Witherspoon POWER9 AST2600 BMC +- ``rainier-bmc`` IBM Rainier POWER10 BMC +- ``fuji-bmc`` Facebook Fuji BMC Supported devices ----------------- -- 2.25.1 From: Joel Stanley <joel@jms.id.au> This is the latest URL for the OpenBMC CI. The old URL still works, but redirects. Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Joel Stanley <joel@jms.id.au> Message-id: 20211117065752.330632-3-joel@jms.id.au Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- docs/system/arm/aspeed.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/system/arm/aspeed.rst b/docs/system/arm/aspeed.rst index XXXXXXX..XXXXXXX 100644 --- a/docs/system/arm/aspeed.rst +++ b/docs/system/arm/aspeed.rst @@ -XXX,XX +XXX,XX @@ The Aspeed machines can be started using the ``-kernel`` option to load a Linux kernel or from a firmware. Images can be downloaded from the OpenBMC jenkins : - https://jenkins.openbmc.org/job/ci-openbmc/lastSuccessfulBuild/distro=ubuntu,label=docker-builder + https://jenkins.openbmc.org/job/ci-openbmc/lastSuccessfulBuild/ or directly from the OpenBMC GitHub release repository : -- 2.25.1 From: Joel Stanley <joel@jms.id.au> A common use case for the ASPEED machine is to boot a Linux kernel. Provide a full example command line. Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Joel Stanley <joel@jms.id.au> Message-id: 20211117065752.330632-4-joel@jms.id.au Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- docs/system/arm/aspeed.rst | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/docs/system/arm/aspeed.rst b/docs/system/arm/aspeed.rst index XXXXXXX..XXXXXXX 100644 --- a/docs/system/arm/aspeed.rst +++ b/docs/system/arm/aspeed.rst @@ -XXX,XX +XXX,XX @@ Missing devices Boot options ------------ -The Aspeed machines can be started using the ``-kernel`` option to -load a Linux kernel or from a firmware. Images can be downloaded from -the OpenBMC jenkins : +The Aspeed machines can be started using the ``-kernel`` and ``-dtb`` options +to load a Linux kernel or from a firmware. Images can be downloaded from the +OpenBMC jenkins : https://jenkins.openbmc.org/job/ci-openbmc/lastSuccessfulBuild/ @@ -XXX,XX +XXX,XX @@ or directly from the OpenBMC GitHub release repository : https://github.com/openbmc/openbmc/releases +To boot a kernel directly from a Linux build tree: + +.. code-block:: bash + + $ qemu-system-arm -M ast2600-evb -nographic \ + -kernel arch/arm/boot/zImage \ + -dtb arch/arm/boot/dts/aspeed-ast2600-evb.dtb \ + -initrd rootfs.cpio + The image should be attached as an MTD drive. Run : .. code-block:: bash -- 2.25.1 From: Joel Stanley <joel@jms.id.au> Move it to the supported list. Signed-off-by: Joel Stanley <joel@jms.id.au> Message-id: 20211117065752.330632-5-joel@jms.id.au Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- docs/system/arm/aspeed.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/system/arm/aspeed.rst b/docs/system/arm/aspeed.rst index XXXXXXX..XXXXXXX 100644 --- a/docs/system/arm/aspeed.rst +++ b/docs/system/arm/aspeed.rst @@ -XXX,XX +XXX,XX @@ Supported devices * Front LEDs (PCA9552 on I2C bus) * LPC Peripheral Controller (a subset of subdevices are supported) * Hash/Crypto Engine (HACE) - Hash support only. TODO: HMAC and RSA + * ADC Missing devices --------------- * Coprocessor support - * ADC (out of tree implementation) * PWM and Fan Controller * Slave GPIO Controller * Super I/O Controller -- 2.25.1 From: Olivier Hériveaux <olivier.heriveaux@ledger.fr> Fix issue where the data register may be overwritten by next character reception before being read and returned. Signed-off-by: Olivier Hériveaux <olivier.heriveaux@ledger.fr> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20211128120723.4053-1-olivier.heriveaux@ledger.fr Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/char/stm32f2xx_usart.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/char/stm32f2xx_usart.c b/hw/char/stm32f2xx_usart.c index XXXXXXX..XXXXXXX 100644 --- a/hw/char/stm32f2xx_usart.c +++ b/hw/char/stm32f2xx_usart.c @@ -XXX,XX +XXX,XX @@ static uint64_t stm32f2xx_usart_read(void *opaque, hwaddr addr, return retvalue; case USART_DR: DB_PRINT("Value: 0x%" PRIx32 ", %c\n", s->usart_dr, (char) s->usart_dr); + retvalue = s->usart_dr & 0x3FF; s->usart_sr &= ~USART_SR_RXNE; qemu_chr_fe_accept_input(&s->chr); qemu_set_irq(s->irq, 0); - return s->usart_dr & 0x3FF; + return retvalue; case USART_BRR: return s->usart_brr; case USART_CR1: -- 2.25.1 From: Philippe Mathieu-Daudé <philmd@redhat.com> gicv3_set_gicv3state() is used by arm_gicv3_common.c in arm_gicv3_common_realize(). Since we want to restrict arm_gicv3_cpuif.c to TCG, extract gicv3_set_gicv3state() to a new file. Add this file to the meson 'specific' source set, since it needs access to "cpu.h". Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20211115223619.2599282-2-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/intc/arm_gicv3_cpuif.c | 10 +--------- hw/intc/arm_gicv3_cpuif_common.c | 22 ++++++++++++++++++++++ hw/intc/meson.build | 1 + 3 files changed, 24 insertions(+), 9 deletions(-) create mode 100644 hw/intc/arm_gicv3_cpuif_common.c diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/arm_gicv3_cpuif.c +++ b/hw/intc/arm_gicv3_cpuif.c @@ -XXX,XX +XXX,XX @@ /* - * ARM Generic Interrupt Controller v3 + * ARM Generic Interrupt Controller v3 (emulation) * * Copyright (c) 2016 Linaro Limited * Written by Peter Maydell @@ -XXX,XX +XXX,XX @@ #include "hw/irq.h" #include "cpu.h" -void gicv3_set_gicv3state(CPUState *cpu, GICv3CPUState *s) -{ - ARMCPU *arm_cpu = ARM_CPU(cpu); - CPUARMState *env = &arm_cpu->env; - - env->gicv3state = (void *)s; -}; - static GICv3CPUState *icc_cs_from_env(CPUARMState *env) { return env->gicv3state; diff --git a/hw/intc/arm_gicv3_cpuif_common.c b/hw/intc/arm_gicv3_cpuif_common.c new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/hw/intc/arm_gicv3_cpuif_common.c @@ -XXX,XX +XXX,XX @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * ARM Generic Interrupt Controller v3 + * + * Copyright (c) 2016 Linaro Limited + * Written by Peter Maydell + * + * This code is licensed under the GPL, version 2 or (at your option) + * any later version. + */ + +#include "qemu/osdep.h" +#include "gicv3_internal.h" +#include "cpu.h" + +void gicv3_set_gicv3state(CPUState *cpu, GICv3CPUState *s) +{ + ARMCPU *arm_cpu = ARM_CPU(cpu); + CPUARMState *env = &arm_cpu->env; + + env->gicv3state = (void *)s; +}; diff --git a/hw/intc/meson.build b/hw/intc/meson.build index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/meson.build +++ b/hw/intc/meson.build @@ -XXX,XX +XXX,XX @@ softmmu_ss.add(when: 'CONFIG_XLNX_ZYNQMP_PMU', if_true: files('xlnx-pmu-iomod-in specific_ss.add(when: 'CONFIG_ALLWINNER_A10_PIC', if_true: files('allwinner-a10-pic.c')) specific_ss.add(when: 'CONFIG_APIC', if_true: files('apic.c', 'apic_common.c')) +specific_ss.add(when: 'CONFIG_ARM_GIC', if_true: files('arm_gicv3_cpuif_common.c')) specific_ss.add(when: 'CONFIG_ARM_GIC', if_true: files('arm_gicv3_cpuif.c')) specific_ss.add(when: 'CONFIG_ARM_GIC_KVM', if_true: files('arm_gic_kvm.c')) specific_ss.add(when: ['CONFIG_ARM_GIC_KVM', 'TARGET_AARCH64'], if_true: files('arm_gicv3_kvm.c', 'arm_gicv3_its_kvm.c')) -- 2.25.1 From: Philippe Mathieu-Daudé <philmd@redhat.com> The TYPE_ARM_GICV3 device is an emulated one. When using KVM, it is recommended to use the TYPE_KVM_ARM_GICV3 device (which uses in-kernel support). When using --with-devices-FOO, it is possible to build a binary with a specific set of devices. When this binary is restricted to KVM accelerator, the TYPE_ARM_GICV3 device is irrelevant, and it is desirable to remove it from the binary. Therefore introduce the CONFIG_ARM_GIC_TCG Kconfig selector which select the files required to have the TYPE_ARM_GICV3 device, but also allowing to de-select this device. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20211115223619.2599282-3-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/intc/arm_gicv3.c | 2 +- hw/intc/Kconfig | 5 +++++ hw/intc/meson.build | 10 ++++++---- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/hw/intc/arm_gicv3.c b/hw/intc/arm_gicv3.c index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/arm_gicv3.c +++ b/hw/intc/arm_gicv3.c @@ -XXX,XX +XXX,XX @@ /* - * ARM Generic Interrupt Controller v3 + * ARM Generic Interrupt Controller v3 (emulation) * * Copyright (c) 2015 Huawei. * Copyright (c) 2016 Linaro Limited diff --git a/hw/intc/Kconfig b/hw/intc/Kconfig index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/Kconfig +++ b/hw/intc/Kconfig @@ -XXX,XX +XXX,XX @@ config APIC select MSI_NONBROKEN select I8259 +config ARM_GIC_TCG + bool + default y + depends on ARM_GIC && TCG + config ARM_GIC_KVM bool default y diff --git a/hw/intc/meson.build b/hw/intc/meson.build index XXXXXXX..XXXXXXX 100644 --- a/hw/intc/meson.build +++ b/hw/intc/meson.build @@ -XXX,XX +XXX,XX @@ softmmu_ss.add(when: 'CONFIG_ARM_GIC', if_true: files( 'arm_gic.c', 'arm_gic_common.c', 'arm_gicv2m.c', - 'arm_gicv3.c', 'arm_gicv3_common.c', - 'arm_gicv3_dist.c', 'arm_gicv3_its_common.c', - 'arm_gicv3_redist.c', +)) +softmmu_ss.add(when: 'CONFIG_ARM_GIC_TCG', if_true: files( + 'arm_gicv3.c', + 'arm_gicv3_dist.c', 'arm_gicv3_its.c', + 'arm_gicv3_redist.c', )) softmmu_ss.add(when: 'CONFIG_ETRAXFS', if_true: files('etraxfs_pic.c')) softmmu_ss.add(when: 'CONFIG_HEATHROW_PIC', if_true: files('heathrow_pic.c')) @@ -XXX,XX +XXX,XX @@ softmmu_ss.add(when: 'CONFIG_XLNX_ZYNQMP_PMU', if_true: files('xlnx-pmu-iomod-in specific_ss.add(when: 'CONFIG_ALLWINNER_A10_PIC', if_true: files('allwinner-a10-pic.c')) specific_ss.add(when: 'CONFIG_APIC', if_true: files('apic.c', 'apic_common.c')) specific_ss.add(when: 'CONFIG_ARM_GIC', if_true: files('arm_gicv3_cpuif_common.c')) -specific_ss.add(when: 'CONFIG_ARM_GIC', if_true: files('arm_gicv3_cpuif.c')) +specific_ss.add(when: 'CONFIG_ARM_GIC_TCG', if_true: files('arm_gicv3_cpuif.c')) specific_ss.add(when: 'CONFIG_ARM_GIC_KVM', if_true: files('arm_gic_kvm.c')) specific_ss.add(when: ['CONFIG_ARM_GIC_KVM', 'TARGET_AARCH64'], if_true: files('arm_gicv3_kvm.c', 'arm_gicv3_its_kvm.c')) specific_ss.add(when: 'CONFIG_ARM_V7M', if_true: files('armv7m_nvic.c')) -- 2.25.1 From: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/translate-a64.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) { DisasContext *s = container_of(dcbase, DisasContext, base); CPUARMState *env = cpu->env_ptr; + uint64_t pc = s->base.pc_next; uint32_t insn; if (s->ss_active && !s->pstate_ss) { @@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) return; } - s->pc_curr = s->base.pc_next; - insn = arm_ldl_code(env, &s->base, s->base.pc_next, s->sctlr_b); + s->pc_curr = pc; + insn = arm_ldl_code(env, &s->base, pc, s->sctlr_b); s->insn = insn; - s->base.pc_next += 4; + s->base.pc_next = pc + 4; s->fp_access_checked = false; s->sve_access_checked = false; -- 2.25.1 From: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/translate.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/target/arm/translate.c b/target/arm/translate.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -XXX,XX +XXX,XX @@ static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) { DisasContext *dc = container_of(dcbase, DisasContext, base); CPUARMState *env = cpu->env_ptr; + uint32_t pc = dc->base.pc_next; unsigned int insn; if (arm_pre_translate_insn(dc)) { - dc->base.pc_next += 4; + dc->base.pc_next = pc + 4; return; } - dc->pc_curr = dc->base.pc_next; - insn = arm_ldl_code(env, &dc->base, dc->base.pc_next, dc->sctlr_b); + dc->pc_curr = pc; + insn = arm_ldl_code(env, &dc->base, pc, dc->sctlr_b); dc->insn = insn; - dc->base.pc_next += 4; + dc->base.pc_next = pc + 4; disas_arm_insn(dc, insn); arm_post_translate_insn(dc); -- 2.25.1 From: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/translate.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/target/arm/translate.c b/target/arm/translate.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) { DisasContext *dc = container_of(dcbase, DisasContext, base); CPUARMState *env = cpu->env_ptr; + uint32_t pc = dc->base.pc_next; uint32_t insn; bool is_16bit; if (arm_pre_translate_insn(dc)) { - dc->base.pc_next += 2; + dc->base.pc_next = pc + 2; return; } - dc->pc_curr = dc->base.pc_next; - insn = arm_lduw_code(env, &dc->base, dc->base.pc_next, dc->sctlr_b); + dc->pc_curr = pc; + insn = arm_lduw_code(env, &dc->base, pc, dc->sctlr_b); is_16bit = thumb_insn_is_16bit(dc, dc->base.pc_next, insn); - dc->base.pc_next += 2; + pc += 2; if (!is_16bit) { - uint32_t insn2 = arm_lduw_code(env, &dc->base, dc->base.pc_next, - dc->sctlr_b); - + uint32_t insn2 = arm_lduw_code(env, &dc->base, pc, dc->sctlr_b); insn = insn << 16 | insn2; - dc->base.pc_next += 2; + pc += 2; } + dc->base.pc_next = pc; dc->insn = insn; if (dc->pstate_il) { -- 2.25.1 From: Richard Henderson <richard.henderson@linaro.org> Create arm_check_ss_active and arm_check_kernelpage. Reverse the order of the tests. While it doesn't matter in practice, because only user-only has a kernel page and user-only never sets ss_active, ss_active has priority over execution exceptions and it is best to keep them in the proper order. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/translate.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/target/arm/translate.c b/target/arm/translate.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -XXX,XX +XXX,XX @@ static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu) dc->insn_start = tcg_last_op(); } -static bool arm_pre_translate_insn(DisasContext *dc) +static bool arm_check_kernelpage(DisasContext *dc) { #ifdef CONFIG_USER_ONLY /* Intercept jump to the magic kernel page. */ @@ -XXX,XX +XXX,XX @@ static bool arm_pre_translate_insn(DisasContext *dc) return true; } #endif + return false; +} +static bool arm_check_ss_active(DisasContext *dc) +{ if (dc->ss_active && !dc->pstate_ss) { /* Singlestep state is Active-pending. * If we're in this state at the start of a TB then either @@ -XXX,XX +XXX,XX @@ static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) uint32_t pc = dc->base.pc_next; unsigned int insn; - if (arm_pre_translate_insn(dc)) { + if (arm_check_ss_active(dc) || arm_check_kernelpage(dc)) { dc->base.pc_next = pc + 4; return; } @@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) uint32_t insn; bool is_16bit; - if (arm_pre_translate_insn(dc)) { + if (arm_check_ss_active(dc) || arm_check_kernelpage(dc)) { dc->base.pc_next = pc + 2; return; } -- 2.25.1 From: Richard Henderson <richard.henderson@linaro.org> The size of the code covered by a TranslationBlock cannot be 0; this is checked via assert in tb_gen_code. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/translate-a64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) assert(s->base.num_insns == 1); gen_swstep_exception(s, 0, 0); s->base.is_jmp = DISAS_NORETURN; + s->base.pc_next = pc + 4; return; } -- 2.25.1 From: Richard Henderson <richard.henderson@linaro.org> We will reuse this section of arm_deliver_fault for raising pc alignment faults. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/tlb_helper.c | 45 +++++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/tlb_helper.c +++ b/target/arm/tlb_helper.c @@ -XXX,XX +XXX,XX @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn, return syn; } -static void QEMU_NORETURN arm_deliver_fault(ARMCPU *cpu, vaddr addr, - MMUAccessType access_type, - int mmu_idx, ARMMMUFaultInfo *fi) +static uint32_t compute_fsr_fsc(CPUARMState *env, ARMMMUFaultInfo *fi, + int target_el, int mmu_idx, uint32_t *ret_fsc) { - CPUARMState *env = &cpu->env; - int target_el; - bool same_el; - uint32_t syn, exc, fsr, fsc; ARMMMUIdx arm_mmu_idx = core_to_arm_mmu_idx(env, mmu_idx); - - target_el = exception_target_el(env); - if (fi->stage2) { - target_el = 2; - env->cp15.hpfar_el2 = extract64(fi->s2addr, 12, 47) << 4; - if (arm_is_secure_below_el3(env) && fi->s1ns) { - env->cp15.hpfar_el2 |= HPFAR_NS; - } - } - same_el = (arm_current_el(env) == target_el); + uint32_t fsr, fsc; if (target_el == 2 || arm_el_is_aa64(env, target_el) || arm_s1_regime_using_lpae_format(env, arm_mmu_idx)) { @@ -XXX,XX +XXX,XX @@ static void QEMU_NORETURN arm_deliver_fault(ARMCPU *cpu, vaddr addr, fsc = 0x3f; } + *ret_fsc = fsc; + return fsr; +} + +static void QEMU_NORETURN arm_deliver_fault(ARMCPU *cpu, vaddr addr, + MMUAccessType access_type, + int mmu_idx, ARMMMUFaultInfo *fi) +{ + CPUARMState *env = &cpu->env; + int target_el; + bool same_el; + uint32_t syn, exc, fsr, fsc; + + target_el = exception_target_el(env); + if (fi->stage2) { + target_el = 2; + env->cp15.hpfar_el2 = extract64(fi->s2addr, 12, 47) << 4; + if (arm_is_secure_below_el3(env) && fi->s1ns) { + env->cp15.hpfar_el2 |= HPFAR_NS; + } + } + same_el = (arm_current_el(env) == target_el); + + fsr = compute_fsr_fsc(env, fi, target_el, mmu_idx, &fsc); + if (access_type == MMU_INST_FETCH) { syn = syn_insn_abort(same_el, fi->ea, fi->s1ptw, fsc); exc = EXCP_PREFETCH_ABORT; -- 2.25.1 From: Richard Henderson <richard.henderson@linaro.org> For A64, any input to an indirect branch can cause this. For A32, many indirect branch paths force the branch to be aligned, but BXWritePC does not. This includes the BX instruction but also other interworking changes to PC. Prior to v8, this case is UNDEFINED. With v8, this is CONSTRAINED UNPREDICTABLE and may either raise an exception or force align the PC. We choose to raise an exception because we have the infrastructure, it makes the generated code for gen_bx simpler, and it has the possibility of catching more guest bugs. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/helper.h | 1 + target/arm/syndrome.h | 5 ++++ linux-user/aarch64/cpu_loop.c | 46 ++++++++++++++++++++--------------- target/arm/tlb_helper.c | 18 ++++++++++++++ target/arm/translate-a64.c | 15 ++++++++++++ target/arm/translate.c | 22 ++++++++++++++++- 6 files changed, 87 insertions(+), 20 deletions(-) diff --git a/target/arm/helper.h b/target/arm/helper.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_3(sel_flags, TCG_CALL_NO_RWG_SE, DEF_HELPER_2(exception_internal, void, env, i32) DEF_HELPER_4(exception_with_syndrome, void, env, i32, i32, i32) DEF_HELPER_2(exception_bkpt_insn, void, env, i32) +DEF_HELPER_2(exception_pc_alignment, noreturn, env, tl) DEF_HELPER_1(setend, void, env) DEF_HELPER_2(wfi, void, env, i32) DEF_HELPER_1(wfe, void, env) diff --git a/target/arm/syndrome.h b/target/arm/syndrome.h index XXXXXXX..XXXXXXX 100644 --- a/target/arm/syndrome.h +++ b/target/arm/syndrome.h @@ -XXX,XX +XXX,XX @@ static inline uint32_t syn_illegalstate(void) return (EC_ILLEGALSTATE << ARM_EL_EC_SHIFT) | ARM_EL_IL; } +static inline uint32_t syn_pcalignment(void) +{ + return (EC_PCALIGNMENT << ARM_EL_EC_SHIFT) | ARM_EL_IL; +} + #endif /* TARGET_ARM_SYNDROME_H */ diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c index XXXXXXX..XXXXXXX 100644 --- a/linux-user/aarch64/cpu_loop.c +++ b/linux-user/aarch64/cpu_loop.c @@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env) break; case EXCP_PREFETCH_ABORT: case EXCP_DATA_ABORT: - /* We should only arrive here with EC in {DATAABORT, INSNABORT}. */ ec = syn_get_ec(env->exception.syndrome); - assert(ec == EC_DATAABORT || ec == EC_INSNABORT); - - /* Both EC have the same format for FSC, or close enough. */ - fsc = extract32(env->exception.syndrome, 0, 6); - switch (fsc) { - case 0x04 ... 0x07: /* Translation fault, level {0-3} */ - si_signo = TARGET_SIGSEGV; - si_code = TARGET_SEGV_MAPERR; + switch (ec) { + case EC_DATAABORT: + case EC_INSNABORT: + /* Both EC have the same format for FSC, or close enough. */ + fsc = extract32(env->exception.syndrome, 0, 6); + switch (fsc) { + case 0x04 ... 0x07: /* Translation fault, level {0-3} */ + si_signo = TARGET_SIGSEGV; + si_code = TARGET_SEGV_MAPERR; + break; + case 0x09 ... 0x0b: /* Access flag fault, level {1-3} */ + case 0x0d ... 0x0f: /* Permission fault, level {1-3} */ + si_signo = TARGET_SIGSEGV; + si_code = TARGET_SEGV_ACCERR; + break; + case 0x11: /* Synchronous Tag Check Fault */ + si_signo = TARGET_SIGSEGV; + si_code = TARGET_SEGV_MTESERR; + break; + case 0x21: /* Alignment fault */ + si_signo = TARGET_SIGBUS; + si_code = TARGET_BUS_ADRALN; + break; + default: + g_assert_not_reached(); + } break; - case 0x09 ... 0x0b: /* Access flag fault, level {1-3} */ - case 0x0d ... 0x0f: /* Permission fault, level {1-3} */ - si_signo = TARGET_SIGSEGV; - si_code = TARGET_SEGV_ACCERR; - break; - case 0x11: /* Synchronous Tag Check Fault */ - si_signo = TARGET_SIGSEGV; - si_code = TARGET_SEGV_MTESERR; - break; - case 0x21: /* Alignment fault */ + case EC_PCALIGNMENT: si_signo = TARGET_SIGBUS; si_code = TARGET_BUS_ADRALN; break; diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/tlb_helper.c +++ b/target/arm/tlb_helper.c @@ -XXX,XX +XXX,XX @@ #include "cpu.h" #include "internals.h" #include "exec/exec-all.h" +#include "exec/helper-proto.h" static inline uint32_t merge_syn_data_abort(uint32_t template_syn, unsigned int target_el, @@ -XXX,XX +XXX,XX @@ void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr, arm_deliver_fault(cpu, vaddr, access_type, mmu_idx, &fi); } +void helper_exception_pc_alignment(CPUARMState *env, target_ulong pc) +{ + ARMMMUFaultInfo fi = { .type = ARMFault_Alignment }; + int target_el = exception_target_el(env); + int mmu_idx = cpu_mmu_index(env, true); + uint32_t fsc; + + env->exception.vaddress = pc; + + /* + * Note that the fsc is not applicable to this exception, + * since any syndrome is pcalignment not insn_abort. + */ + env->exception.fsr = compute_fsr_fsc(env, &fi, target_el, mmu_idx, &fsc); + raise_exception(env, EXCP_PREFETCH_ABORT, syn_pcalignment(), target_el); +} + #if !defined(CONFIG_USER_ONLY) /* diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) uint64_t pc = s->base.pc_next; uint32_t insn; + /* Singlestep exceptions have the highest priority. */ if (s->ss_active && !s->pstate_ss) { /* Singlestep state is Active-pending. * If we're in this state at the start of a TB then either @@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) return; } + if (pc & 3) { + /* + * PC alignment fault. This has priority over the instruction abort + * that we would receive from a translation fault via arm_ldl_code. + * This should only be possible after an indirect branch, at the + * start of the TB. + */ + assert(s->base.num_insns == 1); + gen_helper_exception_pc_alignment(cpu_env, tcg_constant_tl(pc)); + s->base.is_jmp = DISAS_NORETURN; + s->base.pc_next = QEMU_ALIGN_UP(pc, 4); + return; + } + s->pc_curr = pc; insn = arm_ldl_code(env, &s->base, pc, s->sctlr_b); s->insn = insn; diff --git a/target/arm/translate.c b/target/arm/translate.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -XXX,XX +XXX,XX @@ static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) uint32_t pc = dc->base.pc_next; unsigned int insn; - if (arm_check_ss_active(dc) || arm_check_kernelpage(dc)) { + /* Singlestep exceptions have the highest priority. */ + if (arm_check_ss_active(dc)) { + dc->base.pc_next = pc + 4; + return; + } + + if (pc & 3) { + /* + * PC alignment fault. This has priority over the instruction abort + * that we would receive from a translation fault via arm_ldl_code + * (or the execution of the kernelpage entrypoint). This should only + * be possible after an indirect branch, at the start of the TB. + */ + assert(dc->base.num_insns == 1); + gen_helper_exception_pc_alignment(cpu_env, tcg_constant_tl(pc)); + dc->base.is_jmp = DISAS_NORETURN; + dc->base.pc_next = QEMU_ALIGN_UP(pc, 4); + return; + } + + if (arm_check_kernelpage(dc)) { dc->base.pc_next = pc + 4; return; } -- 2.25.1 From: Richard Henderson <richard.henderson@linaro.org> Misaligned thumb PC is architecturally impossible. Assert is better than proceeding, in case we've missed something somewhere. Expand a comment about aligning the pc in gdbstub. Fail an incoming migrate if a thumb pc is misaligned. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/gdbstub.c | 9 +++++++-- target/arm/machine.c | 10 ++++++++++ target/arm/translate.c | 3 +++ 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/gdbstub.c +++ b/target/arm/gdbstub.c @@ -XXX,XX +XXX,XX @@ int arm_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n) tmp = ldl_p(mem_buf); - /* Mask out low bit of PC to workaround gdb bugs. This will probably - cause problems if we ever implement the Jazelle DBX extensions. */ + /* + * Mask out low bits of PC to workaround gdb bugs. + * This avoids an assert in thumb_tr_translate_insn, because it is + * architecturally impossible to misalign the pc. + * This will probably cause problems if we ever implement the + * Jazelle DBX extensions. + */ if (n == 15) { tmp &= ~1; } diff --git a/target/arm/machine.c b/target/arm/machine.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/machine.c +++ b/target/arm/machine.c @@ -XXX,XX +XXX,XX @@ static int cpu_post_load(void *opaque, int version_id) return -1; } } + + /* + * Misaligned thumb pc is architecturally impossible. + * We have an assert in thumb_tr_translate_insn to verify this. + * Fail an incoming migrate to avoid this assert. + */ + if (!is_a64(env) && env->thumb && (env->regs[15] & 1)) { + return -1; + } + if (!kvm_enabled()) { pmu_op_finish(&cpu->env); } diff --git a/target/arm/translate.c b/target/arm/translate.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) uint32_t insn; bool is_16bit; + /* Misaligned thumb PC is architecturally impossible. */ + assert((dc->base.pc_next & 1) == 0); + if (arm_check_ss_active(dc) || arm_check_kernelpage(dc)) { dc->base.pc_next = pc + 2; return; -- 2.25.1 From: Richard Henderson <richard.henderson@linaro.org> Both single-step and pc alignment faults have priority over breakpoint exceptions. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/debug_helper.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/debug_helper.c +++ b/target/arm/debug_helper.c @@ -XXX,XX +XXX,XX @@ bool arm_debug_check_breakpoint(CPUState *cs) { ARMCPU *cpu = ARM_CPU(cs); CPUARMState *env = &cpu->env; + target_ulong pc; int n; /* @@ -XXX,XX +XXX,XX @@ bool arm_debug_check_breakpoint(CPUState *cs) return false; } + /* + * Single-step exceptions have priority over breakpoint exceptions. + * If single-step state is active-pending, suppress the bp. + */ + if (arm_singlestep_active(env) && !(env->pstate & PSTATE_SS)) { + return false; + } + + /* + * PC alignment faults have priority over breakpoint exceptions. + */ + pc = is_a64(env) ? env->pc : env->regs[15]; + if ((is_a64(env) || !env->thumb) && (pc & 3) != 0) { + return false; + } + + /* + * Instruction aborts have priority over breakpoint exceptions. + * TODO: We would need to look up the page for PC and verify that + * it is present and executable. + */ + for (n = 0; n < ARRAY_SIZE(env->cpu_breakpoint); n++) { if (bp_wp_matches(cpu, n, false)) { return true; -- 2.25.1 From: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- tests/tcg/aarch64/pcalign-a64.c | 37 +++++++++++++++++++++++++ tests/tcg/arm/pcalign-a32.c | 46 +++++++++++++++++++++++++++++++ tests/tcg/aarch64/Makefile.target | 4 +-- tests/tcg/arm/Makefile.target | 4 +++ 4 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 tests/tcg/aarch64/pcalign-a64.c create mode 100644 tests/tcg/arm/pcalign-a32.c diff --git a/tests/tcg/aarch64/pcalign-a64.c b/tests/tcg/aarch64/pcalign-a64.c new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/tests/tcg/aarch64/pcalign-a64.c @@ -XXX,XX +XXX,XX @@ +/* Test PC misalignment exception */ + +#include <assert.h> +#include <signal.h> +#include <stdlib.h> +#include <stdio.h> + +static void *expected; + +static void sigbus(int sig, siginfo_t *info, void *vuc) +{ + assert(info->si_code == BUS_ADRALN); + assert(info->si_addr == expected); + exit(EXIT_SUCCESS); +} + +int main() +{ + void *tmp; + + struct sigaction sa = { + .sa_sigaction = sigbus, + .sa_flags = SA_SIGINFO + }; + + if (sigaction(SIGBUS, &sa, NULL) < 0) { + perror("sigaction"); + return EXIT_FAILURE; + } + + asm volatile("adr %0, 1f + 1\n\t" + "str %0, %1\n\t" + "br %0\n" + "1:" + : "=&r"(tmp), "=m"(expected)); + abort(); +} diff --git a/tests/tcg/arm/pcalign-a32.c b/tests/tcg/arm/pcalign-a32.c new file mode 100644 index XXXXXXX..XXXXXXX --- /dev/null +++ b/tests/tcg/arm/pcalign-a32.c @@ -XXX,XX +XXX,XX @@ +/* Test PC misalignment exception */ + +#ifdef __thumb__ +#error "This test must be compiled for ARM" +#endif + +#include <assert.h> +#include <signal.h> +#include <stdlib.h> +#include <stdio.h> + +static void *expected; + +static void sigbus(int sig, siginfo_t *info, void *vuc) +{ + assert(info->si_code == BUS_ADRALN); + assert(info->si_addr == expected); + exit(EXIT_SUCCESS); +} + +int main() +{ + void *tmp; + + struct sigaction sa = { + .sa_sigaction = sigbus, + .sa_flags = SA_SIGINFO + }; + + if (sigaction(SIGBUS, &sa, NULL) < 0) { + perror("sigaction"); + return EXIT_FAILURE; + } + + asm volatile("adr %0, 1f + 2\n\t" + "str %0, %1\n\t" + "bx %0\n" + "1:" + : "=&r"(tmp), "=m"(expected)); + + /* + * From v8, it is CONSTRAINED UNPREDICTABLE whether BXWritePC aligns + * the address or not. If so, we can legitimately fall through. + */ + return EXIT_SUCCESS; +} diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target index XXXXXXX..XXXXXXX 100644 --- a/tests/tcg/aarch64/Makefile.target +++ b/tests/tcg/aarch64/Makefile.target @@ -XXX,XX +XXX,XX @@ VPATH += $(ARM_SRC) AARCH64_SRC=$(SRC_PATH)/tests/tcg/aarch64 VPATH += $(AARCH64_SRC) -# Float-convert Tests -AARCH64_TESTS=fcvt +# Base architecture tests +AARCH64_TESTS=fcvt pcalign-a64 fcvt: LDFLAGS+=-lm diff --git a/tests/tcg/arm/Makefile.target b/tests/tcg/arm/Makefile.target index XXXXXXX..XXXXXXX 100644 --- a/tests/tcg/arm/Makefile.target +++ b/tests/tcg/arm/Makefile.target @@ -XXX,XX +XXX,XX @@ run-fcvt: fcvt $(call run-test,fcvt,$(QEMU) $<,"$< on $(TARGET_NAME)") $(call diff-out,fcvt,$(ARM_SRC)/fcvt.ref) +# PC alignment test +ARM_TESTS += pcalign-a32 +pcalign-a32: CFLAGS+=-marm + ifeq ($(CONFIG_ARM_COMPATIBLE_SEMIHOSTING),y) # Semihosting smoke test for linux-user -- 2.25.1 In the SSE decode function gen_sse(), we combine a byte 'b' and a value 'b1' which can be [0..3], and switch on them: b |= (b1 << 8); switch (b) { ... default: unknown_op: gen_unknown_opcode(env, s); return; } In three cases inside this switch, we were then also checking for "if (b1 >= 2) { goto unknown_op; }". However, this can never happen, because the 'case' values in each place are 0x0nn or 0x1nn and the switch will have directed the b1 == (2, 3) cases to the default already. This check was added in commit c045af25a52e9 in 2010; the added code was unnecessary then as well, and was apparently intended only to ensure that we never accidentally ended up indexing off the end of an sse_op_table with only 2 entries as a result of future bugs in the decode logic. Change the checks to assert() instead, and make sure they're always immediately before the array access they are protecting. Fixes: Coverity CID 1460207 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> --- target/i386/tcg/translate.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index XXXXXXX..XXXXXXX 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -XXX,XX +XXX,XX @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, case 0x171: /* shift xmm, im */ case 0x172: case 0x173: - if (b1 >= 2) { - goto unknown_op; - } val = x86_ldub_code(env, s); if (is_xmm) { tcg_gen_movi_tl(s->T0, val); @@ -XXX,XX +XXX,XX @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, offsetof(CPUX86State, mmx_t0.MMX_L(1))); op1_offset = offsetof(CPUX86State,mmx_t0); } + assert(b1 < 2); sse_fn_epp = sse_op_table2[((b - 1) & 3) * 8 + (((modrm >> 3)) & 7)][b1]; if (!sse_fn_epp) { @@ -XXX,XX +XXX,XX @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, rm = modrm & 7; reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; - if (b1 >= 2) { - goto unknown_op; - } + assert(b1 < 2); sse_fn_epp = sse_op_table6[b].op[b1]; if (!sse_fn_epp) { goto unknown_op; @@ -XXX,XX +XXX,XX @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, rm = modrm & 7; reg = ((modrm >> 3) & 7) | REX_R(s); mod = (modrm >> 6) & 3; - if (b1 >= 2) { - goto unknown_op; - } + assert(b1 < 2); sse_fn_eppi = sse_op_table7[b].op[b1]; if (!sse_fn_eppi) { goto unknown_op; -- 2.25.1 The qemu-common.h header is not supposed to be included from any other header files, only from .c files (as documented in a comment at the start of it). include/hw/i386/x86.h and include/hw/i386/microvm.h break this rule. In fact, the include is not required at all, so we can just drop it from both files. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20211129200510.1233037-2-peter.maydell@linaro.org --- include/hw/i386/microvm.h | 1 - include/hw/i386/x86.h | 1 - 2 files changed, 2 deletions(-) diff --git a/include/hw/i386/microvm.h b/include/hw/i386/microvm.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/i386/microvm.h +++ b/include/hw/i386/microvm.h @@ -XXX,XX +XXX,XX @@ #ifndef HW_I386_MICROVM_H #define HW_I386_MICROVM_H -#include "qemu-common.h" #include "exec/hwaddr.h" #include "qemu/notify.h" diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h index XXXXXXX..XXXXXXX 100644 --- a/include/hw/i386/x86.h +++ b/include/hw/i386/x86.h @@ -XXX,XX +XXX,XX @@ #ifndef HW_I386_X86_H #define HW_I386_X86_H -#include "qemu-common.h" #include "exec/hwaddr.h" #include "qemu/notify.h" -- 2.25.1 The qemu-common.h header is not supposed to be included from any other header files, only from .c files (as documented in a comment at the start of it). Move the include to linux-user/hexagon/cpu_loop.c, which needs it for the declaration of cpu_exec_step_atomic(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Taylor Simpson <tsimpson@quicinc.com> Message-id: 20211129200510.1233037-3-peter.maydell@linaro.org --- target/hexagon/cpu.h | 1 - linux-user/hexagon/cpu_loop.c | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/target/hexagon/cpu.h b/target/hexagon/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/hexagon/cpu.h +++ b/target/hexagon/cpu.h @@ -XXX,XX +XXX,XX @@ typedef struct CPUHexagonState CPUHexagonState; #include "fpu/softfloat-types.h" -#include "qemu-common.h" #include "exec/cpu-defs.h" #include "hex_regs.h" #include "mmvec/mmvec.h" diff --git a/linux-user/hexagon/cpu_loop.c b/linux-user/hexagon/cpu_loop.c index XXXXXXX..XXXXXXX 100644 --- a/linux-user/hexagon/cpu_loop.c +++ b/linux-user/hexagon/cpu_loop.c @@ -XXX,XX +XXX,XX @@ */ #include "qemu/osdep.h" +#include "qemu-common.h" #include "qemu.h" #include "user-internals.h" #include "cpu_loop-common.h" -- 2.25.1 The qemu-common.h header is not supposed to be included from any other header files, only from .c files (as documented in a comment at the start of it). Nothing actually relies on target/rx/cpu.h including it, so we can just drop the include. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Taylor Simpson <tsimpson@quicinc.com> Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp> Message-id: 20211129200510.1233037-4-peter.maydell@linaro.org --- target/rx/cpu.h | 1 - 1 file changed, 1 deletion(-) diff --git a/target/rx/cpu.h b/target/rx/cpu.h index XXXXXXX..XXXXXXX 100644 --- a/target/rx/cpu.h +++ b/target/rx/cpu.h @@ -XXX,XX +XXX,XX @@ #define RX_CPU_H #include "qemu/bitops.h" -#include "qemu-common.h" #include "hw/registerfields.h" #include "cpu-qom.h" -- 2.25.1 A lot of C files in hw/arm include qemu-common.h when they don't need anything from it. Drop the include lines. omap1.c, pxa2xx.c and strongarm.c retain the include because they use it for the prototype of qemu_get_timedate(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Taylor Simpson <tsimpson@quicinc.com> Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp> Message-id: 20211129200510.1233037-5-peter.maydell@linaro.org --- hw/arm/boot.c | 1 - hw/arm/digic_boards.c | 1 - hw/arm/highbank.c | 1 - hw/arm/npcm7xx_boards.c | 1 - hw/arm/sbsa-ref.c | 1 - hw/arm/stm32f405_soc.c | 1 - hw/arm/vexpress.c | 1 - hw/arm/virt.c | 1 - 8 files changed, 8 deletions(-) diff --git a/hw/arm/boot.c b/hw/arm/boot.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -XXX,XX +XXX,XX @@ */ #include "qemu/osdep.h" -#include "qemu-common.h" #include "qemu/datadir.h" #include "qemu/error-report.h" #include "qapi/error.h" diff --git a/hw/arm/digic_boards.c b/hw/arm/digic_boards.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/digic_boards.c +++ b/hw/arm/digic_boards.c @@ -XXX,XX +XXX,XX @@ #include "qemu/osdep.h" #include "qapi/error.h" -#include "qemu-common.h" #include "qemu/datadir.h" #include "hw/boards.h" #include "qemu/error-report.h" diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/highbank.c +++ b/hw/arm/highbank.c @@ -XXX,XX +XXX,XX @@ */ #include "qemu/osdep.h" -#include "qemu-common.h" #include "qemu/datadir.h" #include "qapi/error.h" #include "hw/sysbus.h" diff --git a/hw/arm/npcm7xx_boards.c b/hw/arm/npcm7xx_boards.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/npcm7xx_boards.c +++ b/hw/arm/npcm7xx_boards.c @@ -XXX,XX +XXX,XX @@ #include "hw/qdev-core.h" #include "hw/qdev-properties.h" #include "qapi/error.h" -#include "qemu-common.h" #include "qemu/datadir.h" #include "qemu/units.h" #include "sysemu/blockdev.h" diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/sbsa-ref.c +++ b/hw/arm/sbsa-ref.c @@ -XXX,XX +XXX,XX @@ */ #include "qemu/osdep.h" -#include "qemu-common.h" #include "qemu/datadir.h" #include "qapi/error.h" #include "qemu/error-report.h" diff --git a/hw/arm/stm32f405_soc.c b/hw/arm/stm32f405_soc.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/stm32f405_soc.c +++ b/hw/arm/stm32f405_soc.c @@ -XXX,XX +XXX,XX @@ #include "qemu/osdep.h" #include "qapi/error.h" -#include "qemu-common.h" #include "exec/address-spaces.h" #include "sysemu/sysemu.h" #include "hw/arm/stm32f405_soc.h" diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/vexpress.c +++ b/hw/arm/vexpress.c @@ -XXX,XX +XXX,XX @@ #include "qemu/osdep.h" #include "qapi/error.h" -#include "qemu-common.h" #include "qemu/datadir.h" #include "cpu.h" #include "hw/sysbus.h" diff --git a/hw/arm/virt.c b/hw/arm/virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -XXX,XX +XXX,XX @@ */ #include "qemu/osdep.h" -#include "qemu-common.h" #include "qemu/datadir.h" #include "qemu/units.h" #include "qemu/option.h" -- 2.25.1 The calculation of the length of TLB range invalidate operations in tlbi_aa64_range_get_length() is incorrect in two ways: * the NUM field is 5 bits, but we read only 4 bits * we miscalculate the page_shift value, because of an off-by-one error: TG 0b00 is invalid TG 0b01 is 4K granule size == 4096 == 2^12 TG 0b10 is 16K granule size == 16384 == 2^14 TG 0b11 is 64K granule size == 65536 == 2^16 so page_shift should be (TG - 1) * 2 + 12 Thanks to the bug report submitter Cha HyunSoo for identifying both these errors. Fixes: 84940ed82552d3c ("target/arm: Add support for FEAT_TLBIRANGE") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/734 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20211130173257.1274194-1-peter.maydell@linaro.org --- target/arm/helper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index XXXXXXX..XXXXXXX 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -XXX,XX +XXX,XX @@ static uint64_t tlbi_aa64_range_get_length(CPUARMState *env, uint64_t exponent; uint64_t length; - num = extract64(value, 39, 4); + num = extract64(value, 39, 5); scale = extract64(value, 44, 2); page_size_granule = extract64(value, 46, 2); - page_shift = page_size_granule * 2 + 12; - if (page_size_granule == 0) { qemu_log_mask(LOG_GUEST_ERROR, "Invalid page size granule %d\n", page_size_granule); return 0; } + page_shift = (page_size_granule - 1) * 2 + 12; + exponent = (5 * scale) + 1; length = (num + 1) << (exponent + page_shift); -- 2.25.1 From: Patrick Venture <venture@google.com> The rx_active boolean change to true should always trigger a try_read call that flushes the queue. Signed-off-by: Patrick Venture <venture@google.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20211203221002.1719306-1-venture@google.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/net/npcm7xx_emc.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/hw/net/npcm7xx_emc.c b/hw/net/npcm7xx_emc.c index XXXXXXX..XXXXXXX 100644 --- a/hw/net/npcm7xx_emc.c +++ b/hw/net/npcm7xx_emc.c @@ -XXX,XX +XXX,XX @@ static void emc_halt_rx(NPCM7xxEMCState *emc, uint32_t mista_flag) emc_set_mista(emc, mista_flag); } +static void emc_enable_rx_and_flush(NPCM7xxEMCState *emc) +{ + emc->rx_active = true; + qemu_flush_queued_packets(qemu_get_queue(emc->nic)); +} + static void emc_set_next_tx_descriptor(NPCM7xxEMCState *emc, const NPCM7xxEMCTxDesc *tx_desc, uint32_t desc_addr) @@ -XXX,XX +XXX,XX @@ static ssize_t emc_receive(NetClientState *nc, const uint8_t *buf, size_t len1) return len; } -static void emc_try_receive_next_packet(NPCM7xxEMCState *emc) -{ - if (emc_can_receive(qemu_get_queue(emc->nic))) { - qemu_flush_queued_packets(qemu_get_queue(emc->nic)); - } -} - static uint64_t npcm7xx_emc_read(void *opaque, hwaddr offset, unsigned size) { NPCM7xxEMCState *emc = opaque; @@ -XXX,XX +XXX,XX @@ static void npcm7xx_emc_write(void *opaque, hwaddr offset, emc->regs[REG_MGSTA] |= REG_MGSTA_RXHA; } if (value & REG_MCMDR_RXON) { - emc->rx_active = true; + emc_enable_rx_and_flush(emc); } else { emc_halt_rx(emc, 0); } @@ -XXX,XX +XXX,XX @@ static void npcm7xx_emc_write(void *opaque, hwaddr offset, break; case REG_RSDR: if (emc->regs[REG_MCMDR] & REG_MCMDR_RXON) { - emc->rx_active = true; - emc_try_receive_next_packet(emc); + emc_enable_rx_and_flush(emc); } break; case REG_MIIDA: -- 2.25.1 From: Jean-Philippe Brucker <jean-philippe@linaro.org> When a virtio-iommu is instantiated, describe it using the ACPI VIOT table. Acked-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-2-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/virt-acpi-build.c | 7 +++++++ hw/arm/Kconfig | 1 + 2 files changed, 8 insertions(+) diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt-acpi-build.c +++ b/hw/arm/virt-acpi-build.c @@ -XXX,XX +XXX,XX @@ #include "kvm_arm.h" #include "migration/vmstate.h" #include "hw/acpi/ghes.h" +#include "hw/acpi/viot.h" #define ARM_SPI_BASE 32 @@ -XXX,XX +XXX,XX @@ void virt_acpi_build(VirtMachineState *vms, AcpiBuildTables *tables) } #endif + if (vms->iommu == VIRT_IOMMU_VIRTIO) { + acpi_add_table(table_offsets, tables_blob); + build_viot(ms, tables_blob, tables->linker, vms->virtio_iommu_bdf, + vms->oem_id, vms->oem_table_id); + } + /* XSDT is pointed to by RSDP */ xsdt = tables_blob->len; build_xsdt(tables_blob, tables->linker, table_offsets, vms->oem_id, diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/Kconfig +++ b/hw/arm/Kconfig @@ -XXX,XX +XXX,XX @@ config ARM_VIRT select DIMM select ACPI_HW_REDUCED select ACPI_APEI + select ACPI_VIOT config CHEETAH bool -- 2.25.1 From: Jean-Philippe Brucker <jean-philippe@linaro.org> virtio-iommu is now supported with ACPI VIOT as well as device tree. Remove the restriction that prevents from instantiating a virtio-iommu device under ACPI. Acked-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-3-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/virt.c | 10 ++-------- hw/virtio/virtio-iommu-pci.c | 12 ++---------- 2 files changed, 4 insertions(+), 18 deletions(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -XXX,XX +XXX,XX @@ static HotplugHandler *virt_machine_get_hotplug_handler(MachineState *machine, MachineClass *mc = MACHINE_GET_CLASS(machine); if (device_is_dynamic_sysbus(mc, dev) || - (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM))) { + object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM) || + object_dynamic_cast(OBJECT(dev), TYPE_VIRTIO_IOMMU_PCI)) { return HOTPLUG_HANDLER(machine); } - if (object_dynamic_cast(OBJECT(dev), TYPE_VIRTIO_IOMMU_PCI)) { - VirtMachineState *vms = VIRT_MACHINE(machine); - - if (!vms->bootinfo.firmware_loaded || !virt_is_acpi_enabled(vms)) { - return HOTPLUG_HANDLER(machine); - } - } return NULL; } diff --git a/hw/virtio/virtio-iommu-pci.c b/hw/virtio/virtio-iommu-pci.c index XXXXXXX..XXXXXXX 100644 --- a/hw/virtio/virtio-iommu-pci.c +++ b/hw/virtio/virtio-iommu-pci.c @@ -XXX,XX +XXX,XX @@ static void virtio_iommu_pci_realize(VirtIOPCIProxy *vpci_dev, Error **errp) VirtIOIOMMU *s = VIRTIO_IOMMU(vdev); if (!qdev_get_machine_hotplug_handler(DEVICE(vpci_dev))) { - MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine()); - - error_setg(errp, - "%s machine fails to create iommu-map device tree bindings", - mc->name); - error_append_hint(errp, - "Check your machine implements a hotplug handler " - "for the virtio-iommu-pci device\n"); - error_append_hint(errp, "Check the guest is booted without FW or with " - "-no-acpi\n"); + error_setg(errp, "Check your machine implements a hotplug handler " + "for the virtio-iommu-pci device"); return; } for (int i = 0; i < s->nb_reserved_regions; i++) { -- 2.25.1 From: Jean-Philippe Brucker <jean-philippe@linaro.org> We do not support instantiating multiple IOMMUs. Before adding a virtio-iommu, check that no other IOMMU is present. This will detect both "iommu=smmuv3" machine parameter and another virtio-iommu instance. Fixes: 70e89132c9 ("hw/arm/virt: Add the virtio-iommu device tree mappings") Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-4-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/virt.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -XXX,XX +XXX,XX @@ static void virt_machine_device_pre_plug_cb(HotplugHandler *hotplug_dev, hwaddr db_start = 0, db_end = 0; char *resv_prop_str; + if (vms->iommu != VIRT_IOMMU_NONE) { + error_setg(errp, "virt machine does not support multiple IOMMUs"); + return; + } + switch (vms->msi_controller) { case VIRT_MSI_CTRL_NONE: return; -- 2.25.1 From: Jean-Philippe Brucker <jean-philippe@linaro.org> To propagate errors to the caller of the pre_plug callback, use the object_poperty_set*() functions directly instead of the qdev_prop_set*() helpers. Suggested-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-5-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/arm/virt.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index XXXXXXX..XXXXXXX 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -XXX,XX +XXX,XX @@ static void virt_machine_device_pre_plug_cb(HotplugHandler *hotplug_dev, db_start, db_end, VIRTIO_IOMMU_RESV_MEM_T_MSI); - qdev_prop_set_uint32(dev, "len-reserved-regions", 1); - qdev_prop_set_string(dev, "reserved-regions[0]", resv_prop_str); + object_property_set_uint(OBJECT(dev), "len-reserved-regions", 1, errp); + object_property_set_str(OBJECT(dev), "reserved-regions[0]", + resv_prop_str, errp); g_free(resv_prop_str); } } -- 2.25.1 From: Jean-Philippe Brucker <jean-philippe@linaro.org> Create empty data files and allow updates for the upcoming VIOT tests. Acked-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-6-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- tests/qtest/bios-tables-test-allowed-diff.h | 3 +++ tests/data/acpi/q35/DSDT.viot | 0 tests/data/acpi/q35/VIOT.viot | 0 tests/data/acpi/virt/VIOT | 0 4 files changed, 3 insertions(+) create mode 100644 tests/data/acpi/q35/DSDT.viot create mode 100644 tests/data/acpi/q35/VIOT.viot create mode 100644 tests/data/acpi/virt/VIOT diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index XXXXXXX..XXXXXXX 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1 +1,4 @@ /* List of comma-separated changed AML files to ignore */ +"tests/data/acpi/virt/VIOT", +"tests/data/acpi/q35/DSDT.viot", +"tests/data/acpi/q35/VIOT.viot", diff --git a/tests/data/acpi/q35/DSDT.viot b/tests/data/acpi/q35/DSDT.viot new file mode 100644 index XXXXXXX..XXXXXXX diff --git a/tests/data/acpi/q35/VIOT.viot b/tests/data/acpi/q35/VIOT.viot new file mode 100644 index XXXXXXX..XXXXXXX diff --git a/tests/data/acpi/virt/VIOT b/tests/data/acpi/virt/VIOT new file mode 100644 index XXXXXXX..XXXXXXX -- 2.25.1 From: Jean-Philippe Brucker <jean-philippe@linaro.org> Add two test cases for VIOT, one on the q35 machine and the other on virt. To test complex topologies the q35 test has two PCIe buses that bypass the IOMMU (and are therefore not described by VIOT), and two buses that are translated by virtio-iommu. Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-7-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- tests/qtest/bios-tables-test.c | 38 ++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c index XXXXXXX..XXXXXXX 100644 --- a/tests/qtest/bios-tables-test.c +++ b/tests/qtest/bios-tables-test.c @@ -XXX,XX +XXX,XX @@ static void test_acpi_virt_tcg(void) free_test_data(&data); } +static void test_acpi_q35_viot(void) +{ + test_data data = { + .machine = MACHINE_Q35, + .variant = ".viot", + }; + + /* + * To keep things interesting, two buses bypass the IOMMU. + * VIOT should only describes the other two buses. + */ + test_acpi_one("-machine default_bus_bypass_iommu=on " + "-device virtio-iommu-pci " + "-device pxb-pcie,bus_nr=0x10,id=pcie.100,bus=pcie.0 " + "-device pxb-pcie,bus_nr=0x20,id=pcie.200,bus=pcie.0,bypass_iommu=on " + "-device pxb-pcie,bus_nr=0x30,id=pcie.300,bus=pcie.0", + &data); + free_test_data(&data); +} + +static void test_acpi_virt_viot(void) +{ + test_data data = { + .machine = "virt", + .uefi_fl1 = "pc-bios/edk2-aarch64-code.fd", + .uefi_fl2 = "pc-bios/edk2-arm-vars.fd", + .cd = "tests/data/uefi-boot-images/bios-tables-test.aarch64.iso.qcow2", + .ram_start = 0x40000000ULL, + .scan_len = 128ULL * 1024 * 1024, + }; + + test_acpi_one("-cpu cortex-a57 " + "-device virtio-iommu-pci", &data); + free_test_data(&data); +} + static void test_oem_fields(test_data *data) { int i; @@ -XXX,XX +XXX,XX @@ int main(int argc, char *argv[]) qtest_add_func("acpi/q35/kvm/xapic", test_acpi_q35_kvm_xapic); qtest_add_func("acpi/q35/kvm/dmar", test_acpi_q35_kvm_dmar); } + qtest_add_func("acpi/q35/viot", test_acpi_q35_viot); } else if (strcmp(arch, "aarch64") == 0) { if (has_tcg) { qtest_add_func("acpi/virt", test_acpi_virt_tcg); @@ -XXX,XX +XXX,XX @@ int main(int argc, char *argv[]) qtest_add_func("acpi/virt/memhp", test_acpi_virt_tcg_memhp); qtest_add_func("acpi/virt/pxb", test_acpi_virt_tcg_pxb); qtest_add_func("acpi/virt/oem-fields", test_acpi_oem_fields_virt); + qtest_add_func("acpi/virt/viot", test_acpi_virt_viot); } } ret = g_test_run(); -- 2.25.1 From: Jean-Philippe Brucker <jean-philippe@linaro.org> Add expected blobs of the VIOT and DSDT table for the VIOT test on the q35 machine. Since the test instantiates a virtio device and two PCIe expander bridges, DSDT.viot has more blocks than the base DSDT. The VIOT table generated for the q35 test is: [000h 0000 4] Signature : "VIOT" [Virtual I/O Translation Table] [004h 0004 4] Table Length : 00000070 [008h 0008 1] Revision : 00 [009h 0009 1] Checksum : 3D [00Ah 0010 6] Oem ID : "BOCHS " [010h 0016 8] Oem Table ID : "BXPC " [018h 0024 4] Oem Revision : 00000001 [01Ch 0028 4] Asl Compiler ID : "BXPC" [020h 0032 4] Asl Compiler Revision : 00000001 [024h 0036 2] Node count : 0003 [026h 0038 2] Node offset : 0030 [028h 0040 8] Reserved : 0000000000000000 [030h 0048 1] Type : 03 [VirtIO-PCI IOMMU] [031h 0049 1] Reserved : 00 [032h 0050 2] Length : 0010 [034h 0052 2] PCI Segment : 0000 [036h 0054 2] PCI BDF number : 0010 [038h 0056 8] Reserved : 0000000000000000 [040h 0064 1] Type : 01 [PCI Range] [041h 0065 1] Reserved : 00 [042h 0066 2] Length : 0018 [044h 0068 4] Endpoint start : 00003000 [048h 0072 2] PCI Segment start : 0000 [04Ah 0074 2] PCI Segment end : 0000 [04Ch 0076 2] PCI BDF start : 3000 [04Eh 0078 2] PCI BDF end : 30FF [050h 0080 2] Output node : 0030 [052h 0082 6] Reserved : 000000000000 [058h 0088 1] Type : 01 [PCI Range] [059h 0089 1] Reserved : 00 [05Ah 0090 2] Length : 0018 [05Ch 0092 4] Endpoint start : 00001000 [060h 0096 2] PCI Segment start : 0000 [062h 0098 2] PCI Segment end : 0000 [064h 0100 2] PCI BDF start : 1000 [066h 0102 2] PCI BDF end : 10FF [068h 0104 2] Output node : 0030 [06Ah 0106 6] Reserved : 000000000000 And the DSDT diff is: @@ -XXX,XX +XXX,XX @@ * * Disassembling to symbolic ASL+ operators * - * Disassembly of tests/data/acpi/q35/DSDT, Fri Dec 10 15:03:08 2021 + * Disassembly of /tmp/aml-H9Y5D1, Fri Dec 10 15:02:27 2021 * * Original Table Header: * Signature "DSDT" - * Length 0x00002061 (8289) + * Length 0x000024B6 (9398) * Revision 0x01 **** 32-bit table (V1), no 64-bit math support - * Checksum 0xFA + * Checksum 0xA7 * OEM ID "BOCHS " * OEM Table ID "BXPC " * OEM Revision 0x00000001 (1) @@ -XXX,XX +XXX,XX @@ } } + Scope (\_SB) + { + Device (PC30) + { + Name (_UID, 0x30) // _UID: Unique ID + Name (_BBN, 0x30) // _BBN: BIOS Bus Number + Name (_HID, EisaId ("PNP0A08") /* PCI Express Bus */) // _HID: Hardware ID + Name (_CID, EisaId ("PNP0A03") /* PCI Bus */) // _CID: Compatible ID + Method (_OSC, 4, NotSerialized) // _OSC: Operating System Capabilities + { + CreateDWordField (Arg3, Zero, CDW1) + If ((Arg0 == ToUUID ("33db4d5b-1ff7-401c-9657-7441c03dd766") /* PCI Host Bridge Device */)) + { + CreateDWordField (Arg3, 0x04, CDW2) + CreateDWordField (Arg3, 0x08, CDW3) + Local0 = CDW3 /* \_SB_.PC30._OSC.CDW3 */ + Local0 &= 0x1F + If ((Arg1 != One)) + { + CDW1 |= 0x08 + } + + If ((CDW3 != Local0)) + { + CDW1 |= 0x10 + } + + CDW3 = Local0 + } + Else + { + CDW1 |= 0x04 + } + + Return (Arg3) + } + + Method (_PRT, 0, NotSerialized) // _PRT: PCI Routing Table + { + Local0 = Package (0x80){} + Local1 = Zero + While ((Local1 < 0x80)) + { + Local2 = (Local1 >> 0x02) + Local3 = ((Local1 + Local2) & 0x03) + If ((Local3 == Zero)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKD, + Zero + } + } + + If ((Local3 == One)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKA, + Zero + } + } + + If ((Local3 == 0x02)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKB, + Zero + } + } + + If ((Local3 == 0x03)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKC, + Zero + } + } + + Local4 [Zero] = ((Local2 << 0x10) | 0xFFFF) + Local4 [One] = (Local1 & 0x03) + Local0 [Local1] = Local4 + Local1++ + } + + Return (Local0) + } + + Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings + { + WordBusNumber (ResourceProducer, MinFixed, MaxFixed, PosDecode, + 0x0000, // Granularity + 0x0030, // Range Minimum + 0x0030, // Range Maximum + 0x0000, // Translation Offset + 0x0001, // Length + ,, ) + }) + } + } + + Scope (\_SB) + { + Device (PC20) + { + Name (_UID, 0x20) // _UID: Unique ID + Name (_BBN, 0x20) // _BBN: BIOS Bus Number + Name (_HID, EisaId ("PNP0A08") /* PCI Express Bus */) // _HID: Hardware ID + Name (_CID, EisaId ("PNP0A03") /* PCI Bus */) // _CID: Compatible ID + Method (_OSC, 4, NotSerialized) // _OSC: Operating System Capabilities + { + CreateDWordField (Arg3, Zero, CDW1) + If ((Arg0 == ToUUID ("33db4d5b-1ff7-401c-9657-7441c03dd766") /* PCI Host Bridge Device */)) + { + CreateDWordField (Arg3, 0x04, CDW2) + CreateDWordField (Arg3, 0x08, CDW3) + Local0 = CDW3 /* \_SB_.PC20._OSC.CDW3 */ + Local0 &= 0x1F + If ((Arg1 != One)) + { + CDW1 |= 0x08 + } + + If ((CDW3 != Local0)) + { + CDW1 |= 0x10 + } + + CDW3 = Local0 + } + Else + { + CDW1 |= 0x04 + } + + Return (Arg3) + } + + Method (_PRT, 0, NotSerialized) // _PRT: PCI Routing Table + { + Local0 = Package (0x80){} + Local1 = Zero + While ((Local1 < 0x80)) + { + Local2 = (Local1 >> 0x02) + Local3 = ((Local1 + Local2) & 0x03) + If ((Local3 == Zero)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKD, + Zero + } + } + + If ((Local3 == One)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKA, + Zero + } + } + + If ((Local3 == 0x02)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKB, + Zero + } + } + + If ((Local3 == 0x03)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKC, + Zero + } + } + + Local4 [Zero] = ((Local2 << 0x10) | 0xFFFF) + Local4 [One] = (Local1 & 0x03) + Local0 [Local1] = Local4 + Local1++ + } + + Return (Local0) + } + + Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings + { + WordBusNumber (ResourceProducer, MinFixed, MaxFixed, PosDecode, + 0x0000, // Granularity + 0x0020, // Range Minimum + 0x0020, // Range Maximum + 0x0000, // Translation Offset + 0x0001, // Length + ,, ) + }) + } + } + + Scope (\_SB) + { + Device (PC10) + { + Name (_UID, 0x10) // _UID: Unique ID + Name (_BBN, 0x10) // _BBN: BIOS Bus Number + Name (_HID, EisaId ("PNP0A08") /* PCI Express Bus */) // _HID: Hardware ID + Name (_CID, EisaId ("PNP0A03") /* PCI Bus */) // _CID: Compatible ID + Method (_OSC, 4, NotSerialized) // _OSC: Operating System Capabilities + { + CreateDWordField (Arg3, Zero, CDW1) + If ((Arg0 == ToUUID ("33db4d5b-1ff7-401c-9657-7441c03dd766") /* PCI Host Bridge Device */)) + { + CreateDWordField (Arg3, 0x04, CDW2) + CreateDWordField (Arg3, 0x08, CDW3) + Local0 = CDW3 /* \_SB_.PC10._OSC.CDW3 */ + Local0 &= 0x1F + If ((Arg1 != One)) + { + CDW1 |= 0x08 + } + + If ((CDW3 != Local0)) + { + CDW1 |= 0x10 + } + + CDW3 = Local0 + } + Else + { + CDW1 |= 0x04 + } + + Return (Arg3) + } + + Method (_PRT, 0, NotSerialized) // _PRT: PCI Routing Table + { + Local0 = Package (0x80){} + Local1 = Zero + While ((Local1 < 0x80)) + { + Local2 = (Local1 >> 0x02) + Local3 = ((Local1 + Local2) & 0x03) + If ((Local3 == Zero)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKD, + Zero + } + } + + If ((Local3 == One)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKA, + Zero + } + } + + If ((Local3 == 0x02)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKB, + Zero + } + } + + If ((Local3 == 0x03)) + { + Local4 = Package (0x04) + { + Zero, + Zero, + LNKC, + Zero + } + } + + Local4 [Zero] = ((Local2 << 0x10) | 0xFFFF) + Local4 [One] = (Local1 & 0x03) + Local0 [Local1] = Local4 + Local1++ + } + + Return (Local0) + } + + Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings + { + WordBusNumber (ResourceProducer, MinFixed, MaxFixed, PosDecode, + 0x0000, // Granularity + 0x0010, // Range Minimum + 0x0010, // Range Maximum + 0x0000, // Translation Offset + 0x0001, // Length + ,, ) + }) + } + } + Scope (\_SB.PCI0) { Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings @@ -XXX,XX +XXX,XX @@ WordBusNumber (ResourceProducer, MinFixed, MaxFixed, PosDecode, 0x0000, // Granularity 0x0000, // Range Minimum - 0x00FF, // Range Maximum + 0x000F, // Range Maximum 0x0000, // Translation Offset - 0x0100, // Length + 0x0010, // Length ,, ) IO (Decode16, 0x0CF8, // Range Minimum @@ -XXX,XX +XXX,XX @@ } } + Device (S10) + { + Name (_ADR, 0x00020000) // _ADR: Address + } + + Device (S18) + { + Name (_ADR, 0x00030000) // _ADR: Address + } + + Device (S20) + { + Name (_ADR, 0x00040000) // _ADR: Address + } + + Device (S28) + { + Name (_ADR, 0x00050000) // _ADR: Address + } + Method (PCNT, 0, NotSerialized) { } Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-8-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- tests/qtest/bios-tables-test-allowed-diff.h | 2 -- tests/data/acpi/q35/DSDT.viot | Bin 0 -> 9398 bytes tests/data/acpi/q35/VIOT.viot | Bin 0 -> 112 bytes 3 files changed, 2 deletions(-) diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index XXXXXXX..XXXXXXX 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -XXX,XX +XXX,XX @@ /* List of comma-separated changed AML files to ignore */ "tests/data/acpi/virt/VIOT", -"tests/data/acpi/q35/DSDT.viot", -"tests/data/acpi/q35/VIOT.viot", diff --git a/tests/data/acpi/q35/DSDT.viot b/tests/data/acpi/q35/DSDT.viot index XXXXXXX..XXXXXXX 100644 GIT binary patch literal 9398 zcmeHNO>7&-8J*>iv|O&FB}G~Oi$yp||57BBoWHhc5OS9yDTx$CQgH$r;8Idr*-4Q_ z5(9Az1F`}niVsB-)<KW7p`g9Br(A2Gm-gmc1N78GFS!;)e2V(MnH_0{q<{#yMgn&C zn|*J-d9yqFhO_H6z19~`FlPL*u<DkZ*}|)JH;X@mF-FI<cPg<fti9tEN*yB^i5czN zNq&q?!OZ;BE3B7{KWzJ-`Tn~f`9?Qj8~2^N8{Oc8J%57{==w%rS#;nOCp*nTr@iZ1 zb+?i;JLQUJ=O0?8*>S~D)a>NF1~WVB6^~_B#yhJ`H+JU@=6aXs`?Yv)J2h=N?drcS zeLZ*n<<Bm^n}6`jfBx#u8&(W}1?)}iF9o#mZ~E2+zwdn7yK3AbIzKnxpZ>JRPm3~# z&ICS{+_OayRW-l=Mtk=~uaS3o8z<_udd|(wqg`&JnVPfCe>BUOO`Su3e>pff_^UW% z&JE^NO`)=Amg~iqRB1pPscP?(>#ZuY8GHCmlEvD$9g3%4Db~Dfz2SATnddvrR-Oe^ z;s;dJec!hnzi)ri^I6YN9vtkm{^TdUF8h7gX8-<Qe4p)GQ=)AtYx2VcwdLVAEXEjG z^Mj|UHPqkj-LsWuzQem1>F3atdZn=zv3$#RmZzSHN+6-yyU#8cJb=YDilX&sl}vNm znkgAR^O<3kj4if>{ly5fwRfMWuC5=lrlvKPX~i#654Cp}R_d*JS$9laZ$ra6)<ns8 zFZy28G%xP(nit&F>LDi%G<tIc=TY=gl$jSD&Uv!Yat~XR46h%rI$!}a%!|xG7u8Zn zeY8_|n=K>xz_v_W8VX$W-Fg-qFWcT}7MCyz{%%{ia7hZ>Law-k6NOr}VI&_48U=2l zwqDKFE8eTwwozDdms#e?x?5a|v>&JF;2_v0L~z5n%BYU^52<*cWuD4|GYUm@1+?)) zte^45>Rz)t*<T5V#={r>@t@{%?^i#W{i=HAZ*Dc9y59Va-+#P!jrGs;u38a{fLr`N zvT@rUu>DljxJ?^&Z?-?vyJn3C>3D=qux{Y*bs5|5n)Qmi$TD^Zdn4GU$ocJS2Hh-< z`xPI^^+v0nUVdjMos8k`WGl7hA`{03ju%<lrgAHSpd^DRf-*}_#Ly0mB!LSfVgWcQ z&T$@~G9)JI=hz5m0vkrel+Xy{Oh7pkAu-V!j*W7rY(bO}Q$nMH2`FbGB&N)QaV4<4 zo)~9JXiP9=;}NPl<C@MmXG&;XFlFNrsyfFsonxFSp<}vEgsRSQP3O3#b6nSnP}ON_ zI!#Tdsp~|j>ckUB>FI=~GokB5sOq#dotCE4(sd$KbtW~PNlj-`*NIToiD#j5J#9^= zt?NXn>YUJYPG~wObe#xQos*i*NloXZt`niEb4t@WrRki~bs|)CI+{*L)9L6s5vn>< zn$DD_Go|Z9sOn5>I@6lYw5}7Os&iV?Ij!lO)^#FOb!If38BJ$K*NIToIiu;E(R9w} zIuWWmPiZ<&X*y5oIuWWmF_XaEC!a&Jn$B5WCqh-{X-(&8P3LJ{Cqh-{8P3dyPr@^t zSqL9?X9Uwd3W@23*s~h*tj0X6GZCuHa~kuU#yqDp5vt7d8uPryJg+kms?5hU=3^T3 zF`bD}WnSP+=`t5MQ$FJ_2&Q~+BP6E0f^%BVIW6a$o)e+SX~IDBih-7z6{O~7YTy`& zLjy&Cv?7QikV#>n0>>@MV8oK`Gmun34-FKdlm-J8SZSaNlnhir4-FI{S|bfqV8e)V zss<{chX#reE#g=hsKAC%sF6d-Km}BWs!kZFsFpKfpbC@>6rprQGEjt4Ck#|zITHq| zK*>M_l;<P^MJRQ`Kn0dFVW0|>3{*fllMEE0)CmI>Sk8ojDo`>|0p(0GP=xY&!axO< zGhv_#lnhirIg<<&q0|Wj6<E%MfhtfkPyyvkGEjt4Ck#|zITHq|K*>M_lrzad5lWpf zP=V!47^ngz0~JutBm+e#b;3XemNQ|X3X}{~Ksl2P6rt1!0~J`#gn=qhGEf2KOfpb} zQYQ>lU^x>8szAv=1(Y+%KoLrvFi?TzOc<yFB?A>u&LjgxD0RX>1(q{mpbC@>R6seC z3>2Z%2?G^a&V+#~P%=;f<xDbAgi<FARA4z12C6{GKn0XD$v_cGoiI>=<xCi;0wn_# zP|hR+MJRQ`Kn0dFVW0|>3{*fllMEE0)CmI>Sk8ojDo`>|0p(0GP=rz^3{+q_69%e4 z$v_2^Gs!>^N}VuJf#pmXr~)Me6;RG314Srx!axxz28u{EP=u<1B2)}iVZuNaCK;&0 zBm-5LFi?dF167!0pbC==RAItE6($T+VUmF=Ofpb~2?JG_Fi?d_2C6X0Kouqo6p_5T zFi=FeV!SiSKoR0H$dH(_Z(*Q_WZ%L-5y`$K14StNmJAdjmWs}HV4<vU_xO+1efmLq zZ;W>N_U)fP6Qy6Nw5mbt9Y(#emWSi66=>tq#xoh#Ue=0qyhxi8ZOUe5y0V7VfPUhp zwX=;ymc+i5%sg9Ja~lZ&8oAV@mHc>&CHP9v4R(jhtT?un;O4e9#pno)Xkh7OWgK&a zyj=3Iv0OuoK_;5rOr5f(Kb~ZXDBO+V`OWYo#_C08imwChQxnjdd?wZLDou8aj;$SD zGDYiA3<$Tu<JnHL(KPOChi#zrR32t83}naR$+ym4P_h?z_5#|cW-nw$XD_sOtE62l zrD3@*)NVyiklt0&yF9%+klsBey&I<Y2E<!f(E8TuJte)z(|ZHyy<^gQVfx}=`q&B5 z7nSryp1wGczIaUfVwiq$Fn#<4=@*ssi#+|}K>EdF(l3VTOM~ghPLRH&q%ZOGrGfON zW73zx^yR_y<0nX8R??Sw`tm^f@-gYlNFSp|*<gA{q?Zp5Oe-+l#rmyYmKozi9y=P> zVReJU*h=ZuVXiS$ohTbw-O#v9>(yZbGE|)?8(H1ZIKvV!jWa0>vy!3eMA^vdhQ>`s zuMSg{q3T50$m)j1!HixV<}X9liL#N^4c*tL^y)CF8LCc{jjV3yKAqL8!%SzWI#H%q z=bSrQ&)%JCRttF5g4Zf`6l?y@>PzD7MA^D>wBlcH6r1ucwJ<p0O%rZ?JzIY3-QdmZ zzs|n>`a5r3e|z)wcUaqS>nqFQ-8x}eCF4u`OWUxqst-@1rSmUs%WmKP5e0dcb?e2N z;Z|x*!);VwF|Yuhqs^khqOM!@u*jY!WYldISF(V6`BoNd&6Qfk3>X#SuD^7J>p_D= zBPa51y^_n#=cpOt#Zf$ya$Ae9Mfz56n|<i!a=ELS@)%a{^NIH3SDuN<R~sah1km#P zU@?*f%<rG=4W1wgfi;C?_n|W@%lm$&8YfvNOJodIg&IcIpIJQRHr<+ej11GQ6)&eF z2Lam*jIH}#y0>KnY%4JQfOYS$*uU%f#@$U6`N8I3N-lV?5ErFCdv~xDmu2(wexld4 z4v^;aVAT2k6GJ^m*FD(Wqc(Qg^)6a<?}h$zLoj}4;PP!+(O{@!a1y-hoAhF_7!z+6 zslpAmNtYbjHrw-~#SPVk_FUf>-Obg6yV`8o$8_`PyJe_;bY5_EMBfBfWU!Q=*9HsG z%_Cda{@_Krr!oHVhv9+y+T5qR8zZ2aZ>5r!$*|f$^U%yBUYfR&B!+EYy_PwL!BeUi zJH^}r3r9Q+B)X@Z)fk=P13w&7x#wBtXTZ)g>WITPg5r&pQc!nmyrmk#S(>>b9xnNr zx_b#v9Xv-Y><Wb%?S^0Xe&<)bbKl_=Z|3C$tf|F<bYzE*mfHB;uC)`q-?buaBe?l? zcLTpK*k<49Z32`K?|nSBMFqxTK^_IE-li2fEGdK~(ZdoKBl6ab4a;Hler#`xvEXJG zb?<E%EZExfX>jcOVhS*0rS~RS1dA#xhkv@Nct@#q?LyeKS<$uFec!bw>{@uu$gZ6a zyVen1i{1BKd%~`D7|m$;U0a<I*3I7%^N%N%lGYdU_GS!gaR8T$NA@GzFi~z`l7hdl zarZy6590|88pi(1zq;V(>38zM0sT&<zX;R5$1w3;`_JMG`;&I&0Y23DMx1%@(w(R9 z4M$j;D5J+Gy%fijRQsctzFKf&cv|BAz#YLq3CZJWDdtL4u1u1|mkdcUp7|sxJC+?Y z_@@s`v3j}Q7*z>6X~cwUxUL8G1KT)_XTp!KAbs;vCp{K3&~_X@+ew=-D}v`2MbFV0 zQsVsL=rXi-pI*G|iiz;VTCutgUs)hDzV1+4?8KcoP3xROf<M%qC6lgVdpFt4<-|uM z=#rl_b1#YjSIl6Toj2z_hOZcKupkdE(LozC(fN=FY(x|sk)ym|;Rq2E1xJWD%Z!ol Gu>S+TT-130 literal 0 HcmV?d00001 diff --git a/tests/data/acpi/q35/VIOT.viot b/tests/data/acpi/q35/VIOT.viot index XXXXXXX..XXXXXXX 100644 GIT binary patch literal 112 zcmWIZ^baXu00LVle`k+i1*eDrX9XZ&1PX!JAex!M0Hgv8m>C3sGzdcgBZCA3T-xBj Q0Zb)W9Hva*zW_`e0M!8s0RR91 literal 0 HcmV?d00001 -- 2.25.1 From: Jean-Philippe Brucker <jean-philippe@linaro.org> The VIOT blob contains the following: [000h 0000 4] Signature : "VIOT" [Virtual I/O Translation Table] [004h 0004 4] Table Length : 00000058 [008h 0008 1] Revision : 00 [009h 0009 1] Checksum : 66 [00Ah 0010 6] Oem ID : "BOCHS " [010h 0016 8] Oem Table ID : "BXPC " [018h 0024 4] Oem Revision : 00000001 [01Ch 0028 4] Asl Compiler ID : "BXPC" [020h 0032 4] Asl Compiler Revision : 00000001 [024h 0036 2] Node count : 0002 [026h 0038 2] Node offset : 0030 [028h 0040 8] Reserved : 0000000000000000 [030h 0048 1] Type : 03 [VirtIO-PCI IOMMU] [031h 0049 1] Reserved : 00 [032h 0050 2] Length : 0010 [034h 0052 2] PCI Segment : 0000 [036h 0054 2] PCI BDF number : 0008 [038h 0056 8] Reserved : 0000000000000000 [040h 0064 1] Type : 01 [PCI Range] [041h 0065 1] Reserved : 00 [042h 0066 2] Length : 0018 [044h 0068 4] Endpoint start : 00000000 [048h 0072 2] PCI Segment start : 0000 [04Ah 0074 2] PCI Segment end : 0000 [04Ch 0076 2] PCI BDF start : 0000 [04Eh 0078 2] PCI BDF end : 00FF [050h 0080 2] Output node : 0030 [052h 0082 6] Reserved : 000000000000 Acked-by: Ani Sinha <ani@anisinha.ca> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-id: 20211210170415.583179-9-jean-philippe@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- tests/qtest/bios-tables-test-allowed-diff.h | 1 - tests/data/acpi/virt/VIOT | Bin 0 -> 88 bytes 2 files changed, 1 deletion(-) diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index XXXXXXX..XXXXXXX 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1,2 +1 @@ /* List of comma-separated changed AML files to ignore */ -"tests/data/acpi/virt/VIOT", diff --git a/tests/data/acpi/virt/VIOT b/tests/data/acpi/virt/VIOT index XXXXXXX..XXXXXXX 100644 GIT binary patch literal 88 zcmWIZ^bd((0D?3pe`k+i1*eDrX9XZ&1PX!JAexE60Hgv8m>C3sGzXN&z`)2L0cSHX I{D-Rq0Q5fy0RR91 literal 0 HcmV?d00001 -- 2.25.1