1
First pullreq for arm of the 4.1 series, since I'm back from
1
My OS Lock/DoubleLock patches, plus a small selection of other
2
holiday now. This is mostly my M-profile FPU series and Philippe's
2
bug fixes and minor things.
3
devices.h cleanup. I have a pile of other patchsets to work through
4
in my to-review folder, but 42 patches is definitely quite
5
big enough to send now...
6
3
7
thanks
4
thanks
8
-- PMM
5
-- PMM
9
6
10
The following changes since commit 413a99a92c13ec408dcf2adaa87918dc81e890c8:
7
The following changes since commit 8e9398e3b1a860b8c29c670c1b6c36afe8d87849:
11
8
12
Add Nios II semihosting support. (2019-04-29 16:09:51 +0100)
9
Merge tag 'pull-ppc-20220706' of https://gitlab.com/danielhb/qemu into staging (2022-07-07 06:21:05 +0530)
13
10
14
are available in the Git repository at:
11
are available in the Git repository at:
15
12
16
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190429
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220707
17
14
18
for you to fetch changes up to 437cc27ddfded3bbab6afd5ac1761e0e195edba7:
15
for you to fetch changes up to c2360eaa0262a816faf8032b7762d0c73df2cc62:
19
16
20
hw/devices: Move SMSC 91C111 declaration into a new header (2019-04-29 17:57:21 +0100)
17
target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem (2022-07-07 11:41:04 +0100)
21
18
22
----------------------------------------------------------------
19
----------------------------------------------------------------
23
target-arm queue:
20
target-arm queue:
24
* remove "bag of random stuff" hw/devices.h header
21
* hw/arm/virt: dt: add rng-seed property
25
* implement FPU for Cortex-M and enable it for Cortex-M4 and -M33
22
* Fix MTE check in sve_ldnfff1_r
26
* hw/dma: Compile the bcm2835_dma device as common object
23
* Record tagged bit for user-only in sve_probe_page
27
* configure: Remove --source-path option
24
* Correctly implement OS Lock and OS DoubleLock
28
* hw/ssi/xilinx_spips: Avoid variable length array
25
* Implement DBGDEVID, DBGDEVID1, DBGDEVID2 registers
29
* hw/arm/smmuv3: Remove SMMUNotifierNode
26
* Fix qemu-system-arm handling of LPAE block descriptors for highmem
30
27
31
----------------------------------------------------------------
28
----------------------------------------------------------------
32
Eric Auger (1):
29
Jason A. Donenfeld (1):
33
hw/arm/smmuv3: Remove SMMUNotifierNode
30
hw/arm/virt: dt: add rng-seed property
34
31
35
Peter Maydell (28):
32
Peter Maydell (6):
36
hw/ssi/xilinx_spips: Avoid variable length array
33
target/arm: Fix code style issues in debug helper functions
37
configure: Remove --source-path option
34
target/arm: Move define_debug_regs() to debug_helper.c
38
target/arm: Make sure M-profile FPSCR RES0 bits are not settable
35
target/arm: Suppress debug exceptions when OS Lock set
39
hw/intc/armv7m_nvic: Allow reading of M-profile MVFR* registers
36
target/arm: Implement AArch32 DBGDEVID, DBGDEVID1, DBGDEVID2
40
target/arm: Implement dummy versions of M-profile FP-related registers
37
target/arm: Correctly implement Feat_DoubleLock
41
target/arm: Disable most VFP sysregs for M-profile
38
target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem
42
target/arm: Honour M-profile FP enable bits
43
target/arm: Decode FP instructions for M profile
44
target/arm: Clear CONTROL_S.SFPA in SG insn if FPU present
45
target/arm: Handle SFPA and FPCA bits in reads and writes of CONTROL
46
target/arm/helper: don't return early for STKOF faults during stacking
47
target/arm: Handle floating point registers in exception entry
48
target/arm: Implement v7m_update_fpccr()
49
target/arm: Clear CONTROL.SFPA in BXNS and BLXNS
50
target/arm: Clean excReturn bits when tail chaining
51
target/arm: Allow for floating point in callee stack integrity check
52
target/arm: Handle floating point registers in exception return
53
target/arm: Move NS TBFLAG from bit 19 to bit 6
54
target/arm: Overlap VECSTRIDE and XSCALE_CPAR TB flags
55
target/arm: Set FPCCR.S when executing M-profile floating point insns
56
target/arm: Activate M-profile floating point context when FPCCR.ASPEN is set
57
target/arm: New helper function arm_v7m_mmu_idx_all()
58
target/arm: New function armv7m_nvic_set_pending_lazyfp()
59
target/arm: Add lazy-FP-stacking support to v7m_stack_write()
60
target/arm: Implement M-profile lazy FP state preservation
61
target/arm: Implement VLSTM for v7M CPUs with an FPU
62
target/arm: Implement VLLDM for v7M CPUs with an FPU
63
target/arm: Enable FPU for Cortex-M4 and Cortex-M33
64
39
65
Philippe Mathieu-Daudé (13):
40
Richard Henderson (2):
66
hw/dma: Compile the bcm2835_dma device as common object
41
target/arm: Fix MTE check in sve_ldnfff1_r
67
hw/arm/aspeed: Use TYPE_TMP105/TYPE_PCA9552 instead of hardcoded string
42
target/arm: Record tagged bit for user-only in sve_probe_page
68
hw/arm/nseries: Use TYPE_TMP105 instead of hardcoded string
69
hw/display/tc6393xb: Remove unused functions
70
hw/devices: Move TC6393XB declarations into a new header
71
hw/devices: Move Blizzard declarations into a new header
72
hw/devices: Move CBus declarations into a new header
73
hw/devices: Move Gamepad declarations into a new header
74
hw/devices: Move TI touchscreen declarations into a new header
75
hw/devices: Move LAN9118 declarations into a new header
76
hw/net/ne2000-isa: Add guards to the header
77
hw/net/lan9118: Export TYPE_LAN9118 and use it instead of hardcoded string
78
hw/devices: Move SMSC 91C111 declaration into a new header
79
43
80
configure | 10 +-
44
docs/about/deprecated.rst | 8 +
81
hw/dma/Makefile.objs | 2 +-
45
docs/system/arm/virt.rst | 17 +-
82
include/hw/arm/omap.h | 6 +-
46
include/hw/arm/virt.h | 2 +-
83
include/hw/arm/smmu-common.h | 8 +-
47
target/arm/cpregs.h | 3 +
84
include/hw/devices.h | 62 ---
48
target/arm/cpu.h | 27 +++
85
include/hw/display/blizzard.h | 22 ++
49
target/arm/internals.h | 9 +
86
include/hw/display/tc6393xb.h | 24 ++
50
hw/arm/virt.c | 44 ++--
87
include/hw/input/gamepad.h | 19 +
51
target/arm/cpu64.c | 6 +
88
include/hw/input/tsc2xxx.h | 36 ++
52
target/arm/cpu_tcg.c | 6 +
89
include/hw/misc/cbus.h | 32 ++
53
target/arm/debug_helper.c | 580 ++++++++++++++++++++++++++++++++++++++++++++++
90
include/hw/net/lan9118.h | 21 +
54
target/arm/helper.c | 513 +---------------------------------------
91
include/hw/net/ne2000-isa.h | 6 +
55
target/arm/ptw.c | 2 +-
92
include/hw/net/smc91c111.h | 19 +
56
target/arm/sve_helper.c | 5 +-
93
include/qemu/typedefs.h | 1 -
57
13 files changed, 684 insertions(+), 538 deletions(-)
94
target/arm/cpu.h | 95 ++++-
95
target/arm/helper.h | 5 +
96
target/arm/translate.h | 3 +
97
hw/arm/aspeed.c | 13 +-
98
hw/arm/exynos4_boards.c | 3 +-
99
hw/arm/gumstix.c | 2 +-
100
hw/arm/integratorcp.c | 2 +-
101
hw/arm/kzm.c | 2 +-
102
hw/arm/mainstone.c | 2 +-
103
hw/arm/mps2-tz.c | 3 +-
104
hw/arm/mps2.c | 2 +-
105
hw/arm/nseries.c | 7 +-
106
hw/arm/palm.c | 2 +-
107
hw/arm/realview.c | 3 +-
108
hw/arm/smmu-common.c | 6 +-
109
hw/arm/smmuv3.c | 28 +-
110
hw/arm/stellaris.c | 2 +-
111
hw/arm/tosa.c | 2 +-
112
hw/arm/versatilepb.c | 2 +-
113
hw/arm/vexpress.c | 2 +-
114
hw/display/blizzard.c | 2 +-
115
hw/display/tc6393xb.c | 18 +-
116
hw/input/stellaris_input.c | 2 +-
117
hw/input/tsc2005.c | 2 +-
118
hw/input/tsc210x.c | 4 +-
119
hw/intc/armv7m_nvic.c | 261 +++++++++++++
120
hw/misc/cbus.c | 2 +-
121
hw/net/lan9118.c | 3 +-
122
hw/net/smc91c111.c | 2 +-
123
hw/ssi/xilinx_spips.c | 6 +-
124
target/arm/cpu.c | 20 +
125
target/arm/helper.c | 873 +++++++++++++++++++++++++++++++++++++++---
126
target/arm/machine.c | 16 +
127
target/arm/translate.c | 150 +++++++-
128
target/arm/vfp_helper.c | 8 +
129
MAINTAINERS | 7 +
130
50 files changed, 1595 insertions(+), 235 deletions(-)
131
delete mode 100644 include/hw/devices.h
132
create mode 100644 include/hw/display/blizzard.h
133
create mode 100644 include/hw/display/tc6393xb.h
134
create mode 100644 include/hw/input/gamepad.h
135
create mode 100644 include/hw/input/tsc2xxx.h
136
create mode 100644 include/hw/misc/cbus.h
137
create mode 100644 include/hw/net/lan9118.h
138
create mode 100644 include/hw/net/smc91c111.h
139
diff view generated by jsdifflib
1
From: Eric Auger <eric.auger@redhat.com>
1
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2
2
3
The SMMUNotifierNode struct is not necessary and brings extra
3
In 60592cfed2 ("hw/arm/virt: dt: add kaslr-seed property"), the
4
complexity so let's remove it. We now directly track the SMMUDevices
4
kaslr-seed property was added, but the equally as important rng-seed
5
which have registered IOMMU MR notifiers.
5
property was forgotten about, which has identical semantics for a
6
similar purpose. This commit implements it in exactly the same way as
7
kaslr-seed. It then changes the name of the disabling option to reflect
8
that this has more to do with randomness vs determinism, rather than
9
something particular about kaslr.
6
10
7
This is inspired from the same transformation on intel-iommu
11
Cc: Peter Maydell <peter.maydell@linaro.org>
8
done in commit b4a4ba0d68f50f218ee3957b6638dbee32a5eeef
12
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
9
("intel-iommu: remove IntelIOMMUNotifierNode")
13
[PMM: added deprecated.rst section for the deprecation]
10
14
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Eric Auger <eric.auger@redhat.com>
12
Reviewed-by: Peter Xu <peterx@redhat.com>
13
Message-id: 20190409160219.19026-1-eric.auger@redhat.com
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
---
16
---
16
include/hw/arm/smmu-common.h | 8 ++------
17
docs/about/deprecated.rst | 8 +++++++
17
hw/arm/smmu-common.c | 6 +++---
18
docs/system/arm/virt.rst | 17 +++++++++------
18
hw/arm/smmuv3.c | 28 +++++++---------------------
19
include/hw/arm/virt.h | 2 +-
19
3 files changed, 12 insertions(+), 30 deletions(-)
20
hw/arm/virt.c | 44 ++++++++++++++++++++++++---------------
21
4 files changed, 47 insertions(+), 24 deletions(-)
20
22
21
diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
23
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
22
index XXXXXXX..XXXXXXX 100644
24
index XXXXXXX..XXXXXXX 100644
23
--- a/include/hw/arm/smmu-common.h
25
--- a/docs/about/deprecated.rst
24
+++ b/include/hw/arm/smmu-common.h
26
+++ b/docs/about/deprecated.rst
25
@@ -XXX,XX +XXX,XX @@ typedef struct SMMUDevice {
27
@@ -XXX,XX +XXX,XX @@ Use the more generic event ``DEVICE_UNPLUG_GUEST_ERROR`` instead.
26
AddressSpace as;
28
System emulator machines
27
uint32_t cfg_cache_hits;
29
------------------------
28
uint32_t cfg_cache_misses;
30
29
+ QLIST_ENTRY(SMMUDevice) next;
31
+Arm ``virt`` machine ``dtb-kaslr-seed`` property
30
} SMMUDevice;
32
+''''''''''''''''''''''''''''''''''''''''''''''''
31
33
+
32
-typedef struct SMMUNotifierNode {
34
+The ``dtb-kaslr-seed`` property on the ``virt`` board has been
33
- SMMUDevice *sdev;
35
+deprecated; use the new name ``dtb-randomness`` instead. The new name
34
- QLIST_ENTRY(SMMUNotifierNode) next;
36
+better reflects the way this property affects all random data within
35
-} SMMUNotifierNode;
37
+the device tree blob, not just the ``kaslr-seed`` node.
36
-
38
+
37
typedef struct SMMUPciBus {
39
PPC 405 ``taihu`` machine (since 7.0)
38
PCIBus *bus;
40
'''''''''''''''''''''''''''''''''''''
39
SMMUDevice *pbdev[0]; /* Parent array is sparse, so dynamically alloc */
41
40
@@ -XXX,XX +XXX,XX @@ typedef struct SMMUState {
42
diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
41
GHashTable *iotlb;
42
SMMUPciBus *smmu_pcibus_by_bus_num[SMMU_PCI_BUS_MAX];
43
PCIBus *pci_bus;
44
- QLIST_HEAD(, SMMUNotifierNode) notifiers_list;
45
+ QLIST_HEAD(, SMMUDevice) devices_with_notifiers;
46
uint8_t bus_num;
47
PCIBus *primary_bus;
48
} SMMUState;
49
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
50
index XXXXXXX..XXXXXXX 100644
43
index XXXXXXX..XXXXXXX 100644
51
--- a/hw/arm/smmu-common.c
44
--- a/docs/system/arm/virt.rst
52
+++ b/hw/arm/smmu-common.c
45
+++ b/docs/system/arm/virt.rst
53
@@ -XXX,XX +XXX,XX @@ inline void smmu_inv_notifiers_mr(IOMMUMemoryRegion *mr)
46
@@ -XXX,XX +XXX,XX @@ ras
54
/* Unmap all notifiers of all mr's */
47
Set ``on``/``off`` to enable/disable reporting host memory errors to a guest
55
void smmu_inv_notifiers_all(SMMUState *s)
48
using ACPI and guest external abort exceptions. The default is off.
49
50
+dtb-randomness
51
+ Set ``on``/``off`` to pass random seeds via the guest DTB
52
+ rng-seed and kaslr-seed nodes (in both "/chosen" and
53
+ "/secure-chosen") to use for features like the random number
54
+ generator and address space randomisation. The default is
55
+ ``on``. You will want to disable it if your trusted boot chain
56
+ will verify the DTB it is passed, since this option causes the
57
+ DTB to be non-deterministic. It would be the responsibility of
58
+ the firmware to come up with a seed and pass it on if it wants to.
59
+
60
dtb-kaslr-seed
61
- Set ``on``/``off`` to pass a random seed via the guest dtb
62
- kaslr-seed node (in both "/chosen" and /secure-chosen) to use
63
- for features like address space randomisation. The default is
64
- ``on``. You will want to disable it if your trusted boot chain will
65
- verify the DTB it is passed. It would be the responsibility of the
66
- firmware to come up with a seed and pass it on if it wants to.
67
+ A deprecated synonym for dtb-randomness.
68
69
Linux guest kernel configuration
70
""""""""""""""""""""""""""""""""
71
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
72
index XXXXXXX..XXXXXXX 100644
73
--- a/include/hw/arm/virt.h
74
+++ b/include/hw/arm/virt.h
75
@@ -XXX,XX +XXX,XX @@ struct VirtMachineState {
76
bool virt;
77
bool ras;
78
bool mte;
79
- bool dtb_kaslr_seed;
80
+ bool dtb_randomness;
81
OnOffAuto acpi;
82
VirtGICType gic_version;
83
VirtIOMMUType iommu;
84
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
85
index XXXXXXX..XXXXXXX 100644
86
--- a/hw/arm/virt.c
87
+++ b/hw/arm/virt.c
88
@@ -XXX,XX +XXX,XX @@ static bool cpu_type_valid(const char *cpu)
89
return false;
90
}
91
92
-static void create_kaslr_seed(MachineState *ms, const char *node)
93
+static void create_randomness(MachineState *ms, const char *node)
56
{
94
{
57
- SMMUNotifierNode *node;
95
- uint64_t seed;
58
+ SMMUDevice *sdev;
96
+ struct {
59
97
+ uint64_t kaslr;
60
- QLIST_FOREACH(node, &s->notifiers_list, next) {
98
+ uint8_t rng[32];
61
- smmu_inv_notifiers_mr(&node->sdev->iommu);
99
+ } seed;
62
+ QLIST_FOREACH(sdev, &s->devices_with_notifiers, next) {
100
63
+ smmu_inv_notifiers_mr(&sdev->iommu);
101
if (qemu_guest_getrandom(&seed, sizeof(seed), NULL)) {
102
return;
64
}
103
}
104
- qemu_fdt_setprop_u64(ms->fdt, node, "kaslr-seed", seed);
105
+ qemu_fdt_setprop_u64(ms->fdt, node, "kaslr-seed", seed.kaslr);
106
+ qemu_fdt_setprop(ms->fdt, node, "rng-seed", seed.rng, sizeof(seed.rng));
65
}
107
}
66
108
67
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
109
static void create_fdt(VirtMachineState *vms)
68
index XXXXXXX..XXXXXXX 100644
110
@@ -XXX,XX +XXX,XX @@ static void create_fdt(VirtMachineState *vms)
69
--- a/hw/arm/smmuv3.c
111
70
+++ b/hw/arm/smmuv3.c
112
/* /chosen must exist for load_dtb to fill in necessary properties later */
71
@@ -XXX,XX +XXX,XX @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr,
113
qemu_fdt_add_subnode(fdt, "/chosen");
72
/* invalidate an asid/iova tuple in all mr's */
114
- if (vms->dtb_kaslr_seed) {
73
static void smmuv3_inv_notifiers_iova(SMMUState *s, int asid, dma_addr_t iova)
115
- create_kaslr_seed(ms, "/chosen");
116
+ if (vms->dtb_randomness) {
117
+ create_randomness(ms, "/chosen");
118
}
119
120
if (vms->secure) {
121
qemu_fdt_add_subnode(fdt, "/secure-chosen");
122
- if (vms->dtb_kaslr_seed) {
123
- create_kaslr_seed(ms, "/secure-chosen");
124
+ if (vms->dtb_randomness) {
125
+ create_randomness(ms, "/secure-chosen");
126
}
127
}
128
129
@@ -XXX,XX +XXX,XX @@ static void virt_set_its(Object *obj, bool value, Error **errp)
130
vms->its = value;
131
}
132
133
-static bool virt_get_dtb_kaslr_seed(Object *obj, Error **errp)
134
+static bool virt_get_dtb_randomness(Object *obj, Error **errp)
74
{
135
{
75
- SMMUNotifierNode *node;
136
VirtMachineState *vms = VIRT_MACHINE(obj);
76
+ SMMUDevice *sdev;
137
77
138
- return vms->dtb_kaslr_seed;
78
- QLIST_FOREACH(node, &s->notifiers_list, next) {
139
+ return vms->dtb_randomness;
79
- IOMMUMemoryRegion *mr = &node->sdev->iommu;
80
+ QLIST_FOREACH(sdev, &s->devices_with_notifiers, next) {
81
+ IOMMUMemoryRegion *mr = &sdev->iommu;
82
IOMMUNotifier *n;
83
84
trace_smmuv3_inv_notifiers_iova(mr->parent_obj.name, asid, iova);
85
@@ -XXX,XX +XXX,XX @@ static void smmuv3_notify_flag_changed(IOMMUMemoryRegion *iommu,
86
SMMUDevice *sdev = container_of(iommu, SMMUDevice, iommu);
87
SMMUv3State *s3 = sdev->smmu;
88
SMMUState *s = &(s3->smmu_state);
89
- SMMUNotifierNode *node = NULL;
90
- SMMUNotifierNode *next_node = NULL;
91
92
if (new & IOMMU_NOTIFIER_MAP) {
93
int bus_num = pci_bus_num(sdev->bus);
94
@@ -XXX,XX +XXX,XX @@ static void smmuv3_notify_flag_changed(IOMMUMemoryRegion *iommu,
95
96
if (old == IOMMU_NOTIFIER_NONE) {
97
trace_smmuv3_notify_flag_add(iommu->parent_obj.name);
98
- node = g_malloc0(sizeof(*node));
99
- node->sdev = sdev;
100
- QLIST_INSERT_HEAD(&s->notifiers_list, node, next);
101
- return;
102
- }
103
-
104
- /* update notifier node with new flags */
105
- QLIST_FOREACH_SAFE(node, &s->notifiers_list, next, next_node) {
106
- if (node->sdev == sdev) {
107
- if (new == IOMMU_NOTIFIER_NONE) {
108
- trace_smmuv3_notify_flag_del(iommu->parent_obj.name);
109
- QLIST_REMOVE(node, next);
110
- g_free(node);
111
- }
112
- return;
113
- }
114
+ QLIST_INSERT_HEAD(&s->devices_with_notifiers, sdev, next);
115
+ } else if (new == IOMMU_NOTIFIER_NONE) {
116
+ trace_smmuv3_notify_flag_del(iommu->parent_obj.name);
117
+ QLIST_REMOVE(sdev, next);
118
}
119
}
140
}
120
141
142
-static void virt_set_dtb_kaslr_seed(Object *obj, bool value, Error **errp)
143
+static void virt_set_dtb_randomness(Object *obj, bool value, Error **errp)
144
{
145
VirtMachineState *vms = VIRT_MACHINE(obj);
146
147
- vms->dtb_kaslr_seed = value;
148
+ vms->dtb_randomness = value;
149
}
150
151
static char *virt_get_oem_id(Object *obj, Error **errp)
152
@@ -XXX,XX +XXX,XX @@ static void virt_machine_class_init(ObjectClass *oc, void *data)
153
"Set on/off to enable/disable "
154
"ITS instantiation");
155
156
+ object_class_property_add_bool(oc, "dtb-randomness",
157
+ virt_get_dtb_randomness,
158
+ virt_set_dtb_randomness);
159
+ object_class_property_set_description(oc, "dtb-randomness",
160
+ "Set off to disable passing random or "
161
+ "non-deterministic dtb nodes to guest");
162
+
163
object_class_property_add_bool(oc, "dtb-kaslr-seed",
164
- virt_get_dtb_kaslr_seed,
165
- virt_set_dtb_kaslr_seed);
166
+ virt_get_dtb_randomness,
167
+ virt_set_dtb_randomness);
168
object_class_property_set_description(oc, "dtb-kaslr-seed",
169
- "Set off to disable passing of kaslr-seed "
170
- "dtb node to guest");
171
+ "Deprecated synonym of dtb-randomness");
172
173
object_class_property_add_str(oc, "x-oem-id",
174
virt_get_oem_id,
175
@@ -XXX,XX +XXX,XX @@ static void virt_instance_init(Object *obj)
176
/* MTE is disabled by default. */
177
vms->mte = false;
178
179
- /* Supply a kaslr-seed by default */
180
- vms->dtb_kaslr_seed = true;
181
+ /* Supply kaslr-seed and rng-seed by default */
182
+ vms->dtb_randomness = true;
183
184
vms->irqmap = a15irqmap;
185
121
--
186
--
122
2.20.1
187
2.25.1
123
124
diff view generated by jsdifflib
Deleted patch
1
In the stripe8() function we use a variable length array; however
2
we know that the maximum length required is MAX_NUM_BUSSES. Use
3
a fixed-length array and an assert instead.
4
1
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
8
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
9
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
10
Message-id: 20190328152635.2794-1-peter.maydell@linaro.org
11
---
12
hw/ssi/xilinx_spips.c | 6 ++++--
13
1 file changed, 4 insertions(+), 2 deletions(-)
14
15
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
16
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/ssi/xilinx_spips.c
18
+++ b/hw/ssi/xilinx_spips.c
19
@@ -XXX,XX +XXX,XX @@ static void xlnx_zynqmp_qspips_reset(DeviceState *d)
20
21
static inline void stripe8(uint8_t *x, int num, bool dir)
22
{
23
- uint8_t r[num];
24
- memset(r, 0, sizeof(uint8_t) * num);
25
+ uint8_t r[MAX_NUM_BUSSES];
26
int idx[2] = {0, 0};
27
int bit[2] = {0, 7};
28
int d = dir;
29
30
+ assert(num <= MAX_NUM_BUSSES);
31
+ memset(r, 0, sizeof(uint8_t) * num);
32
+
33
for (idx[0] = 0; idx[0] < num; ++idx[0]) {
34
for (bit[0] = 7; bit[0] >= 0; bit[0]--) {
35
r[idx[!d]] |= x[idx[d]] & 1 << bit[d] ? 1 << bit[!d] : 0;
36
--
37
2.20.1
38
39
diff view generated by jsdifflib
Deleted patch
1
Normally configure identifies the source path by looking
2
at the location where the configure script itself exists.
3
We also provide a --source-path option which lets the user
4
manually override this.
5
1
6
There isn't really an obvious use case for the --source-path
7
option, and in commit 927128222b0a91f56c13a in 2017 we
8
accidentally added some logic that looks at $source_path
9
before the command line option that overrides it has been
10
processed.
11
12
The fact that nobody complained suggests that there isn't
13
any use of this option and we aren't testing it either;
14
remove it. This allows us to move the "make $source_path
15
absolute" logic up so that there is no window in the script
16
where $source_path is set but not yet absolute.
17
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
20
Message-id: 20190318134019.23729-1-peter.maydell@linaro.org
21
---
22
configure | 10 ++--------
23
1 file changed, 2 insertions(+), 8 deletions(-)
24
25
diff --git a/configure b/configure
26
index XXXXXXX..XXXXXXX 100755
27
--- a/configure
28
+++ b/configure
29
@@ -XXX,XX +XXX,XX @@ ld_has() {
30
31
# default parameters
32
source_path=$(dirname "$0")
33
+# make source path absolute
34
+source_path=$(cd "$source_path"; pwd)
35
cpu=""
36
iasl="iasl"
37
interp_prefix="/usr/gnemul/qemu-%M"
38
@@ -XXX,XX +XXX,XX @@ for opt do
39
;;
40
--cxx=*) CXX="$optarg"
41
;;
42
- --source-path=*) source_path="$optarg"
43
- ;;
44
--cpu=*) cpu="$optarg"
45
;;
46
--extra-cflags=*) QEMU_CFLAGS="$QEMU_CFLAGS $optarg"
47
@@ -XXX,XX +XXX,XX @@ if test "$debug_info" = "yes"; then
48
LDFLAGS="-g $LDFLAGS"
49
fi
50
51
-# make source path absolute
52
-source_path=$(cd "$source_path"; pwd)
53
-
54
# running configure in the source tree?
55
# we know that's the case if configure is there.
56
if test -f "./configure"; then
57
@@ -XXX,XX +XXX,XX @@ for opt do
58
;;
59
--interp-prefix=*) interp_prefix="$optarg"
60
;;
61
- --source-path=*)
62
- ;;
63
--cross-prefix=*)
64
;;
65
--cc=*)
66
@@ -XXX,XX +XXX,XX @@ $(echo Available targets: $default_target_list | \
67
--target-list-exclude=LIST exclude a set of targets from the default target-list
68
69
Advanced options (experts only):
70
- --source-path=PATH path of source code [$source_path]
71
--cross-prefix=PREFIX use PREFIX for compile tools [$cross_prefix]
72
--cc=CC use C compiler CC [$cc]
73
--iasl=IASL use ACPI compiler IASL [$iasl]
74
--
75
2.20.1
76
77
diff view generated by jsdifflib
Deleted patch
1
Enforce that for M-profile various FPSCR bits which are RES0 there
2
but have defined meanings on A-profile are never settable. This
3
ensures that M-profile code can't enable the A-profile behaviour
4
(notably vector length/stride handling) by accident.
5
1
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20190416125744.27770-2-peter.maydell@linaro.org
9
---
10
target/arm/vfp_helper.c | 8 ++++++++
11
1 file changed, 8 insertions(+)
12
13
diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/vfp_helper.c
16
+++ b/target/arm/vfp_helper.c
17
@@ -XXX,XX +XXX,XX @@ void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
18
val &= ~FPCR_FZ16;
19
}
20
21
+ if (arm_feature(env, ARM_FEATURE_M)) {
22
+ /*
23
+ * M profile FPSCR is RES0 for the QC, STRIDE, FZ16, LEN bits
24
+ * and also for the trapped-exception-handling bits IxE.
25
+ */
26
+ val &= 0xf7c0009f;
27
+ }
28
+
29
/*
30
* We don't implement trapped exception handling, so the
31
* trap enable bits, IDE|IXE|UFE|OFE|DZE|IOE are all RAZ/WI (not RES0!)
32
--
33
2.20.1
34
35
diff view generated by jsdifflib
Deleted patch
1
For M-profile the MVFR* ID registers are memory mapped, in the
2
range we implement via the NVIC. Allow them to be read.
3
(If the CPU has no FPU, these registers are defined to be RAZ.)
4
1
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20190416125744.27770-3-peter.maydell@linaro.org
8
---
9
hw/intc/armv7m_nvic.c | 6 ++++++
10
1 file changed, 6 insertions(+)
11
12
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
13
index XXXXXXX..XXXXXXX 100644
14
--- a/hw/intc/armv7m_nvic.c
15
+++ b/hw/intc/armv7m_nvic.c
16
@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
17
return 0;
18
}
19
return cpu->env.v7m.sfar;
20
+ case 0xf40: /* MVFR0 */
21
+ return cpu->isar.mvfr0;
22
+ case 0xf44: /* MVFR1 */
23
+ return cpu->isar.mvfr1;
24
+ case 0xf48: /* MVFR2 */
25
+ return cpu->isar.mvfr2;
26
default:
27
bad_offset:
28
qemu_log_mask(LOG_GUEST_ERROR, "NVIC: Bad read offset 0x%x\n", offset);
29
--
30
2.20.1
31
32
diff view generated by jsdifflib
Deleted patch
1
The M-profile floating point support has three associated config
2
registers: FPCAR, FPCCR and FPDSCR. It also makes the registers
3
CPACR and NSACR have behaviour other than reads-as-zero.
4
Add support for all of these as simple reads-as-written registers.
5
We will hook up actual functionality later.
6
1
7
The main complexity here is handling the FPCCR register, which
8
has a mix of banked and unbanked bits.
9
10
Note that we don't share storage with the A-profile
11
cpu->cp15.nsacr and cpu->cp15.cpacr_el1, though the behaviour
12
is quite similar, for two reasons:
13
* the M profile CPACR is banked between security states
14
* it preserves the invariant that M profile uses no state
15
inside the cp15 substruct
16
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
19
Message-id: 20190416125744.27770-4-peter.maydell@linaro.org
20
---
21
target/arm/cpu.h | 34 ++++++++++++
22
hw/intc/armv7m_nvic.c | 125 ++++++++++++++++++++++++++++++++++++++++++
23
target/arm/cpu.c | 5 ++
24
target/arm/machine.c | 16 ++++++
25
4 files changed, 180 insertions(+)
26
27
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
28
index XXXXXXX..XXXXXXX 100644
29
--- a/target/arm/cpu.h
30
+++ b/target/arm/cpu.h
31
@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
32
uint32_t scr[M_REG_NUM_BANKS];
33
uint32_t msplim[M_REG_NUM_BANKS];
34
uint32_t psplim[M_REG_NUM_BANKS];
35
+ uint32_t fpcar[M_REG_NUM_BANKS];
36
+ uint32_t fpccr[M_REG_NUM_BANKS];
37
+ uint32_t fpdscr[M_REG_NUM_BANKS];
38
+ uint32_t cpacr[M_REG_NUM_BANKS];
39
+ uint32_t nsacr;
40
} v7m;
41
42
/* Information associated with an exception about to be taken:
43
@@ -XXX,XX +XXX,XX @@ FIELD(V7M_CSSELR, LEVEL, 1, 3)
44
*/
45
FIELD(V7M_CSSELR, INDEX, 0, 4)
46
47
+/* v7M FPCCR bits */
48
+FIELD(V7M_FPCCR, LSPACT, 0, 1)
49
+FIELD(V7M_FPCCR, USER, 1, 1)
50
+FIELD(V7M_FPCCR, S, 2, 1)
51
+FIELD(V7M_FPCCR, THREAD, 3, 1)
52
+FIELD(V7M_FPCCR, HFRDY, 4, 1)
53
+FIELD(V7M_FPCCR, MMRDY, 5, 1)
54
+FIELD(V7M_FPCCR, BFRDY, 6, 1)
55
+FIELD(V7M_FPCCR, SFRDY, 7, 1)
56
+FIELD(V7M_FPCCR, MONRDY, 8, 1)
57
+FIELD(V7M_FPCCR, SPLIMVIOL, 9, 1)
58
+FIELD(V7M_FPCCR, UFRDY, 10, 1)
59
+FIELD(V7M_FPCCR, RES0, 11, 15)
60
+FIELD(V7M_FPCCR, TS, 26, 1)
61
+FIELD(V7M_FPCCR, CLRONRETS, 27, 1)
62
+FIELD(V7M_FPCCR, CLRONRET, 28, 1)
63
+FIELD(V7M_FPCCR, LSPENS, 29, 1)
64
+FIELD(V7M_FPCCR, LSPEN, 30, 1)
65
+FIELD(V7M_FPCCR, ASPEN, 31, 1)
66
+/* These bits are banked. Others are non-banked and live in the M_REG_S bank */
67
+#define R_V7M_FPCCR_BANKED_MASK \
68
+ (R_V7M_FPCCR_LSPACT_MASK | \
69
+ R_V7M_FPCCR_USER_MASK | \
70
+ R_V7M_FPCCR_THREAD_MASK | \
71
+ R_V7M_FPCCR_MMRDY_MASK | \
72
+ R_V7M_FPCCR_SPLIMVIOL_MASK | \
73
+ R_V7M_FPCCR_UFRDY_MASK | \
74
+ R_V7M_FPCCR_ASPEN_MASK)
75
+
76
/*
77
* System register ID fields.
78
*/
79
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
80
index XXXXXXX..XXXXXXX 100644
81
--- a/hw/intc/armv7m_nvic.c
82
+++ b/hw/intc/armv7m_nvic.c
83
@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
84
}
85
case 0xd84: /* CSSELR */
86
return cpu->env.v7m.csselr[attrs.secure];
87
+ case 0xd88: /* CPACR */
88
+ if (!arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
89
+ return 0;
90
+ }
91
+ return cpu->env.v7m.cpacr[attrs.secure];
92
+ case 0xd8c: /* NSACR */
93
+ if (!attrs.secure || !arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
94
+ return 0;
95
+ }
96
+ return cpu->env.v7m.nsacr;
97
/* TODO: Implement debug registers. */
98
case 0xd90: /* MPU_TYPE */
99
/* Unified MPU; if the MPU is not present this value is zero */
100
@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
101
return 0;
102
}
103
return cpu->env.v7m.sfar;
104
+ case 0xf34: /* FPCCR */
105
+ if (!arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
106
+ return 0;
107
+ }
108
+ if (attrs.secure) {
109
+ return cpu->env.v7m.fpccr[M_REG_S];
110
+ } else {
111
+ /*
112
+ * NS can read LSPEN, CLRONRET and MONRDY. It can read
113
+ * BFRDY and HFRDY if AIRCR.BFHFNMINS != 0;
114
+ * other non-banked bits RAZ.
115
+ * TODO: MONRDY should RAZ/WI if DEMCR.SDME is set.
116
+ */
117
+ uint32_t value = cpu->env.v7m.fpccr[M_REG_S];
118
+ uint32_t mask = R_V7M_FPCCR_LSPEN_MASK |
119
+ R_V7M_FPCCR_CLRONRET_MASK |
120
+ R_V7M_FPCCR_MONRDY_MASK;
121
+
122
+ if (s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
123
+ mask |= R_V7M_FPCCR_BFRDY_MASK | R_V7M_FPCCR_HFRDY_MASK;
124
+ }
125
+
126
+ value &= mask;
127
+
128
+ value |= cpu->env.v7m.fpccr[M_REG_NS];
129
+ return value;
130
+ }
131
+ case 0xf38: /* FPCAR */
132
+ if (!arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
133
+ return 0;
134
+ }
135
+ return cpu->env.v7m.fpcar[attrs.secure];
136
+ case 0xf3c: /* FPDSCR */
137
+ if (!arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
138
+ return 0;
139
+ }
140
+ return cpu->env.v7m.fpdscr[attrs.secure];
141
case 0xf40: /* MVFR0 */
142
return cpu->isar.mvfr0;
143
case 0xf44: /* MVFR1 */
144
@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
145
cpu->env.v7m.csselr[attrs.secure] = value & R_V7M_CSSELR_INDEX_MASK;
146
}
147
break;
148
+ case 0xd88: /* CPACR */
149
+ if (arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
150
+ /* We implement only the Floating Point extension's CP10/CP11 */
151
+ cpu->env.v7m.cpacr[attrs.secure] = value & (0xf << 20);
152
+ }
153
+ break;
154
+ case 0xd8c: /* NSACR */
155
+ if (attrs.secure && arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
156
+ /* We implement only the Floating Point extension's CP10/CP11 */
157
+ cpu->env.v7m.nsacr = value & (3 << 10);
158
+ }
159
+ break;
160
case 0xd90: /* MPU_TYPE */
161
return; /* RO */
162
case 0xd94: /* MPU_CTRL */
163
@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
164
}
165
break;
166
}
167
+ case 0xf34: /* FPCCR */
168
+ if (arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
169
+ /* Not all bits here are banked. */
170
+ uint32_t fpccr_s;
171
+
172
+ if (!arm_feature(&cpu->env, ARM_FEATURE_V8)) {
173
+ /* Don't allow setting of bits not present in v7M */
174
+ value &= (R_V7M_FPCCR_LSPACT_MASK |
175
+ R_V7M_FPCCR_USER_MASK |
176
+ R_V7M_FPCCR_THREAD_MASK |
177
+ R_V7M_FPCCR_HFRDY_MASK |
178
+ R_V7M_FPCCR_MMRDY_MASK |
179
+ R_V7M_FPCCR_BFRDY_MASK |
180
+ R_V7M_FPCCR_MONRDY_MASK |
181
+ R_V7M_FPCCR_LSPEN_MASK |
182
+ R_V7M_FPCCR_ASPEN_MASK);
183
+ }
184
+ value &= ~R_V7M_FPCCR_RES0_MASK;
185
+
186
+ if (!attrs.secure) {
187
+ /* Some non-banked bits are configurably writable by NS */
188
+ fpccr_s = cpu->env.v7m.fpccr[M_REG_S];
189
+ if (!(fpccr_s & R_V7M_FPCCR_LSPENS_MASK)) {
190
+ uint32_t lspen = FIELD_EX32(value, V7M_FPCCR, LSPEN);
191
+ fpccr_s = FIELD_DP32(fpccr_s, V7M_FPCCR, LSPEN, lspen);
192
+ }
193
+ if (!(fpccr_s & R_V7M_FPCCR_CLRONRETS_MASK)) {
194
+ uint32_t cor = FIELD_EX32(value, V7M_FPCCR, CLRONRET);
195
+ fpccr_s = FIELD_DP32(fpccr_s, V7M_FPCCR, CLRONRET, cor);
196
+ }
197
+ if ((s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
198
+ uint32_t hfrdy = FIELD_EX32(value, V7M_FPCCR, HFRDY);
199
+ uint32_t bfrdy = FIELD_EX32(value, V7M_FPCCR, BFRDY);
200
+ fpccr_s = FIELD_DP32(fpccr_s, V7M_FPCCR, HFRDY, hfrdy);
201
+ fpccr_s = FIELD_DP32(fpccr_s, V7M_FPCCR, BFRDY, bfrdy);
202
+ }
203
+ /* TODO MONRDY should RAZ/WI if DEMCR.SDME is set */
204
+ {
205
+ uint32_t monrdy = FIELD_EX32(value, V7M_FPCCR, MONRDY);
206
+ fpccr_s = FIELD_DP32(fpccr_s, V7M_FPCCR, MONRDY, monrdy);
207
+ }
208
+
209
+ /*
210
+ * All other non-banked bits are RAZ/WI from NS; write
211
+ * just the banked bits to fpccr[M_REG_NS].
212
+ */
213
+ value &= R_V7M_FPCCR_BANKED_MASK;
214
+ cpu->env.v7m.fpccr[M_REG_NS] = value;
215
+ } else {
216
+ fpccr_s = value;
217
+ }
218
+ cpu->env.v7m.fpccr[M_REG_S] = fpccr_s;
219
+ }
220
+ break;
221
+ case 0xf38: /* FPCAR */
222
+ if (arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
223
+ value &= ~7;
224
+ cpu->env.v7m.fpcar[attrs.secure] = value;
225
+ }
226
+ break;
227
+ case 0xf3c: /* FPDSCR */
228
+ if (arm_feature(&cpu->env, ARM_FEATURE_VFP)) {
229
+ value &= 0x07c00000;
230
+ cpu->env.v7m.fpdscr[attrs.secure] = value;
231
+ }
232
+ break;
233
case 0xf50: /* ICIALLU */
234
case 0xf58: /* ICIMVAU */
235
case 0xf5c: /* DCIMVAC */
236
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
237
index XXXXXXX..XXXXXXX 100644
238
--- a/target/arm/cpu.c
239
+++ b/target/arm/cpu.c
240
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(CPUState *s)
241
env->v7m.ccr[M_REG_S] |= R_V7M_CCR_UNALIGN_TRP_MASK;
242
}
243
244
+ if (arm_feature(env, ARM_FEATURE_VFP)) {
245
+ env->v7m.fpccr[M_REG_NS] = R_V7M_FPCCR_ASPEN_MASK;
246
+ env->v7m.fpccr[M_REG_S] = R_V7M_FPCCR_ASPEN_MASK |
247
+ R_V7M_FPCCR_LSPEN_MASK | R_V7M_FPCCR_S_MASK;
248
+ }
249
/* Unlike A/R profile, M profile defines the reset LR value */
250
env->regs[14] = 0xffffffff;
251
252
diff --git a/target/arm/machine.c b/target/arm/machine.c
253
index XXXXXXX..XXXXXXX 100644
254
--- a/target/arm/machine.c
255
+++ b/target/arm/machine.c
256
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m_v8m = {
257
}
258
};
259
260
+static const VMStateDescription vmstate_m_fp = {
261
+ .name = "cpu/m/fp",
262
+ .version_id = 1,
263
+ .minimum_version_id = 1,
264
+ .needed = vfp_needed,
265
+ .fields = (VMStateField[]) {
266
+ VMSTATE_UINT32_ARRAY(env.v7m.fpcar, ARMCPU, M_REG_NUM_BANKS),
267
+ VMSTATE_UINT32_ARRAY(env.v7m.fpccr, ARMCPU, M_REG_NUM_BANKS),
268
+ VMSTATE_UINT32_ARRAY(env.v7m.fpdscr, ARMCPU, M_REG_NUM_BANKS),
269
+ VMSTATE_UINT32_ARRAY(env.v7m.cpacr, ARMCPU, M_REG_NUM_BANKS),
270
+ VMSTATE_UINT32(env.v7m.nsacr, ARMCPU),
271
+ VMSTATE_END_OF_LIST()
272
+ }
273
+};
274
+
275
static const VMStateDescription vmstate_m = {
276
.name = "cpu/m",
277
.version_id = 4,
278
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_m = {
279
&vmstate_m_scr,
280
&vmstate_m_other_sp,
281
&vmstate_m_v8m,
282
+ &vmstate_m_fp,
283
NULL
284
}
285
};
286
--
287
2.20.1
288
289
diff view generated by jsdifflib
Deleted patch
1
The only "system register" that M-profile floating point exposes
2
via the VMRS/VMRS instructions is FPSCR, and it does not have
3
the odd special case for rd==15. Add a check to ensure we only
4
expose FPSCR.
5
1
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20190416125744.27770-5-peter.maydell@linaro.org
9
---
10
target/arm/translate.c | 19 +++++++++++++++++--
11
1 file changed, 17 insertions(+), 2 deletions(-)
12
13
diff --git a/target/arm/translate.c b/target/arm/translate.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/translate.c
16
+++ b/target/arm/translate.c
17
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
18
}
19
}
20
} else { /* !dp */
21
+ bool is_sysreg;
22
+
23
if ((insn & 0x6f) != 0x00)
24
return 1;
25
rn = VFP_SREG_N(insn);
26
+
27
+ is_sysreg = extract32(insn, 21, 1);
28
+
29
+ if (arm_dc_feature(s, ARM_FEATURE_M)) {
30
+ /*
31
+ * The only M-profile VFP vmrs/vmsr sysreg is FPSCR.
32
+ * Writes to R15 are UNPREDICTABLE; we choose to undef.
33
+ */
34
+ if (is_sysreg && (rd == 15 || (rn >> 1) != ARM_VFP_FPSCR)) {
35
+ return 1;
36
+ }
37
+ }
38
+
39
if (insn & ARM_CP_RW_BIT) {
40
/* vfp->arm */
41
- if (insn & (1 << 21)) {
42
+ if (is_sysreg) {
43
/* system register */
44
rn >>= 1;
45
46
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
47
}
48
} else {
49
/* arm->vfp */
50
- if (insn & (1 << 21)) {
51
+ if (is_sysreg) {
52
rn >>= 1;
53
/* system register */
54
switch (rn) {
55
--
56
2.20.1
57
58
diff view generated by jsdifflib
Deleted patch
1
Like AArch64, M-profile floating point has no FPEXC enable
2
bit to gate floating point; so always set the VFPEN TB flag.
3
1
4
M-profile also has CPACR and NSACR similar to A-profile;
5
they behave slightly differently:
6
* the CPACR is banked between Secure and Non-Secure
7
* if the NSACR forces a trap then this is taken to
8
the Secure state, not the Non-Secure state
9
10
Honour the CPACR and NSACR settings. The NSACR handling
11
requires us to borrow the exception.target_el field
12
(usually meaningless for M profile) to distinguish the
13
NOCP UsageFault taken to Secure state from the more
14
usual fault taken to the current security state.
15
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
18
Message-id: 20190416125744.27770-6-peter.maydell@linaro.org
19
---
20
target/arm/helper.c | 55 +++++++++++++++++++++++++++++++++++++++---
21
target/arm/translate.c | 10 ++++++--
22
2 files changed, 60 insertions(+), 5 deletions(-)
23
24
diff --git a/target/arm/helper.c b/target/arm/helper.c
25
index XXXXXXX..XXXXXXX 100644
26
--- a/target/arm/helper.c
27
+++ b/target/arm/helper.c
28
@@ -XXX,XX +XXX,XX @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
29
return target_el;
30
}
31
32
+/*
33
+ * Return true if the v7M CPACR permits access to the FPU for the specified
34
+ * security state and privilege level.
35
+ */
36
+static bool v7m_cpacr_pass(CPUARMState *env, bool is_secure, bool is_priv)
37
+{
38
+ switch (extract32(env->v7m.cpacr[is_secure], 20, 2)) {
39
+ case 0:
40
+ case 2: /* UNPREDICTABLE: we treat like 0 */
41
+ return false;
42
+ case 1:
43
+ return is_priv;
44
+ case 3:
45
+ return true;
46
+ default:
47
+ g_assert_not_reached();
48
+ }
49
+}
50
+
51
static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
52
ARMMMUIdx mmu_idx, bool ignfault)
53
{
54
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
55
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_UNDEFINSTR_MASK;
56
break;
57
case EXCP_NOCP:
58
- armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
59
- env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_NOCP_MASK;
60
+ {
61
+ /*
62
+ * NOCP might be directed to something other than the current
63
+ * security state if this fault is because of NSACR; we indicate
64
+ * the target security state using exception.target_el.
65
+ */
66
+ int target_secstate;
67
+
68
+ if (env->exception.target_el == 3) {
69
+ target_secstate = M_REG_S;
70
+ } else {
71
+ target_secstate = env->v7m.secure;
72
+ }
73
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, target_secstate);
74
+ env->v7m.cfsr[target_secstate] |= R_V7M_CFSR_NOCP_MASK;
75
break;
76
+ }
77
case EXCP_INVSTATE:
78
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
79
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVSTATE_MASK;
80
@@ -XXX,XX +XXX,XX @@ int fp_exception_el(CPUARMState *env, int cur_el)
81
return 0;
82
}
83
84
+ if (arm_feature(env, ARM_FEATURE_M)) {
85
+ /* CPACR can cause a NOCP UsageFault taken to current security state */
86
+ if (!v7m_cpacr_pass(env, env->v7m.secure, cur_el != 0)) {
87
+ return 1;
88
+ }
89
+
90
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY) && !env->v7m.secure) {
91
+ if (!extract32(env->v7m.nsacr, 10, 1)) {
92
+ /* FP insns cause a NOCP UsageFault taken to Secure */
93
+ return 3;
94
+ }
95
+ }
96
+
97
+ return 0;
98
+ }
99
+
100
/* The CPACR controls traps to EL1, or PL1 if we're 32 bit:
101
* 0, 2 : trap EL0 and EL1/PL1 accesses
102
* 1 : trap only EL0 accesses
103
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
104
flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR_B, arm_sctlr_b(env));
105
flags = FIELD_DP32(flags, TBFLAG_A32, NS, !access_secure_reg(env));
106
if (env->vfp.xregs[ARM_VFP_FPEXC] & (1 << 30)
107
- || arm_el_is_aa64(env, 1)) {
108
+ || arm_el_is_aa64(env, 1) || arm_feature(env, ARM_FEATURE_M)) {
109
flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
110
}
111
flags = FIELD_DP32(flags, TBFLAG_A32, XSCALE_CPAR, env->cp15.c15_cpar);
112
diff --git a/target/arm/translate.c b/target/arm/translate.c
113
index XXXXXXX..XXXXXXX 100644
114
--- a/target/arm/translate.c
115
+++ b/target/arm/translate.c
116
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
117
* for attempts to execute invalid vfp/neon encodings with FP disabled.
118
*/
119
if (s->fp_excp_el) {
120
- gen_exception_insn(s, 4, EXCP_UDEF,
121
- syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
122
+ if (arm_dc_feature(s, ARM_FEATURE_M)) {
123
+ gen_exception_insn(s, 4, EXCP_NOCP, syn_uncategorized(),
124
+ s->fp_excp_el);
125
+ } else {
126
+ gen_exception_insn(s, 4, EXCP_UDEF,
127
+ syn_fp_access_trap(1, 0xe, false),
128
+ s->fp_excp_el);
129
+ }
130
return 0;
131
}
132
133
--
134
2.20.1
135
136
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Suggested-by: Markus Armbruster <armbru@redhat.com>
3
The comment was correct, but the test was not:
4
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
4
disable mte if tagged is *not* set.
5
Message-id: 20190412165416.7977-3-philmd@redhat.com
5
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
9
---
9
hw/arm/nseries.c | 3 ++-
10
target/arm/sve_helper.c | 2 +-
10
1 file changed, 2 insertions(+), 1 deletion(-)
11
1 file changed, 1 insertion(+), 1 deletion(-)
11
12
12
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
13
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
13
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
14
--- a/hw/arm/nseries.c
15
--- a/target/arm/sve_helper.c
15
+++ b/hw/arm/nseries.c
16
+++ b/target/arm/sve_helper.c
16
@@ -XXX,XX +XXX,XX @@
17
@@ -XXX,XX +XXX,XX @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
17
#include "hw/boards.h"
18
* Disable MTE checking if the Tagged bit is not set. Since TBI must
18
#include "hw/i2c/i2c.h"
19
* be set within MTEDESC for MTE, !mtedesc => !mte_active.
19
#include "hw/devices.h"
20
*/
20
+#include "hw/misc/tmp105.h"
21
- if (arm_tlb_mte_tagged(&info.page[0].attrs)) {
21
#include "hw/block/flash.h"
22
+ if (!arm_tlb_mte_tagged(&info.page[0].attrs)) {
22
#include "hw/hw.h"
23
mtedesc = 0;
23
#include "hw/bt.h"
24
}
24
@@ -XXX,XX +XXX,XX @@ static void n8x0_i2c_setup(struct n800_s *s)
25
qemu_register_powerdown_notifier(&n8x0_system_powerdown_notifier);
26
27
/* Attach a TMP105 PM chip (A0 wired to ground) */
28
- dev = i2c_create_slave(i2c, "tmp105", N8X0_TMP105_ADDR);
29
+ dev = i2c_create_slave(i2c, TYPE_TMP105, N8X0_TMP105_ADDR);
30
qdev_connect_gpio_out(dev, 0, tmp_irq);
31
}
32
25
33
--
26
--
34
2.20.1
27
2.25.1
35
36
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
No code used the tc6393xb_gpio_in_get() and tc6393xb_gpio_out_set()
3
Fixes a bug in that we were not honoring MTE from user-only
4
functions since their introduction in commit 88d2c950b002. Time to
4
SVE. Copy the user-only MTE logic from allocation_tag_mem
5
remove them.
5
into sve_probe_page.
6
6
7
Suggested-by: Markus Armbruster <armbru@redhat.com>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
9
Message-id: 20190412165416.7977-4-philmd@redhat.com
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
10
---
13
include/hw/devices.h | 3 ---
11
target/arm/sve_helper.c | 3 +++
14
hw/display/tc6393xb.c | 16 ----------------
12
1 file changed, 3 insertions(+)
15
2 files changed, 19 deletions(-)
16
13
17
diff --git a/include/hw/devices.h b/include/hw/devices.h
14
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
18
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
19
--- a/include/hw/devices.h
16
--- a/target/arm/sve_helper.c
20
+++ b/include/hw/devices.h
17
+++ b/target/arm/sve_helper.c
21
@@ -XXX,XX +XXX,XX @@ void retu_key_event(void *retu, int state);
18
@@ -XXX,XX +XXX,XX @@ bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
22
typedef struct TC6393xbState TC6393xbState;
19
23
TC6393xbState *tc6393xb_init(struct MemoryRegion *sysmem,
20
#ifdef CONFIG_USER_ONLY
24
uint32_t base, qemu_irq irq);
21
memset(&info->attrs, 0, sizeof(info->attrs));
25
-void tc6393xb_gpio_out_set(TC6393xbState *s, int line,
22
+ /* Require both MAP_ANON and PROT_MTE -- see allocation_tag_mem. */
26
- qemu_irq handler);
23
+ arm_tlb_mte_tagged(&info->attrs) =
27
-qemu_irq *tc6393xb_gpio_in_get(TC6393xbState *s);
24
+ (flags & PAGE_ANON) && (flags & PAGE_MTE);
28
qemu_irq tc6393xb_l3v_get(TC6393xbState *s);
25
#else
29
26
/*
30
#endif
27
* Find the iotlbentry for addr and return the transaction attributes.
31
diff --git a/hw/display/tc6393xb.c b/hw/display/tc6393xb.c
32
index XXXXXXX..XXXXXXX 100644
33
--- a/hw/display/tc6393xb.c
34
+++ b/hw/display/tc6393xb.c
35
@@ -XXX,XX +XXX,XX @@ struct TC6393xbState {
36
blanked : 1;
37
};
38
39
-qemu_irq *tc6393xb_gpio_in_get(TC6393xbState *s)
40
-{
41
- return s->gpio_in;
42
-}
43
-
44
static void tc6393xb_gpio_set(void *opaque, int line, int level)
45
{
46
// TC6393xbState *s = opaque;
47
@@ -XXX,XX +XXX,XX @@ static void tc6393xb_gpio_set(void *opaque, int line, int level)
48
// FIXME: how does the chip reflect the GPIO input level change?
49
}
50
51
-void tc6393xb_gpio_out_set(TC6393xbState *s, int line,
52
- qemu_irq handler)
53
-{
54
- if (line >= TC6393XB_GPIOS) {
55
- fprintf(stderr, "TC6393xb: no GPIO pin %d\n", line);
56
- return;
57
- }
58
-
59
- s->handler[line] = handler;
60
-}
61
-
62
static void tc6393xb_gpio_handler_update(TC6393xbState *s)
63
{
64
uint32_t level, diff;
65
--
28
--
66
2.20.1
29
2.25.1
67
68
diff view generated by jsdifflib
1
Handle floating point registers in exception return.
1
Before moving debug system register helper functions to a
2
This corresponds to pseudocode functions ValidateExceptionReturn(),
2
different file, fix the code style issues (mostly block
3
ExceptionReturn(), PopStack() and ConsumeExcStackFrame().
3
comment syntax) so checkpatch doesn't complain about the
4
code-motion patch.
4
5
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20190416125744.27770-16-peter.maydell@linaro.org
8
Message-id: 20220630194116.3438513-2-peter.maydell@linaro.org
8
---
9
---
9
target/arm/helper.c | 142 +++++++++++++++++++++++++++++++++++++++++++-
10
target/arm/helper.c | 58 +++++++++++++++++++++++++++++----------------
10
1 file changed, 141 insertions(+), 1 deletion(-)
11
1 file changed, 38 insertions(+), 20 deletions(-)
11
12
12
diff --git a/target/arm/helper.c b/target/arm/helper.c
13
diff --git a/target/arm/helper.c b/target/arm/helper.c
13
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
14
--- a/target/arm/helper.c
15
--- a/target/arm/helper.c
15
+++ b/target/arm/helper.c
16
+++ b/target/arm/helper.c
16
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
17
@@ -XXX,XX +XXX,XX @@ static uint64_t arm_mdcr_el2_eff(CPUARMState *env)
17
bool rettobase = false;
18
return arm_is_el2_enabled(env) ? env->cp15.mdcr_el2 : 0;
18
bool exc_secure = false;
19
}
19
bool return_to_secure;
20
20
+ bool ftype;
21
-/* Check for traps to "powerdown debug" registers, which are controlled
21
+ bool restore_s16_s31;
22
+/*
22
23
+ * Check for traps to "powerdown debug" registers, which are controlled
23
/* If we're not in Handler mode then jumps to magic exception-exit
24
* by MDCR.TDOSA
24
* addresses don't have magic behaviour. However for the v8M
25
*/
25
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
26
static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri,
26
excret);
27
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri,
28
return CP_ACCESS_OK;
29
}
30
31
-/* Check for traps to "debug ROM" registers, which are controlled
32
+/*
33
+ * Check for traps to "debug ROM" registers, which are controlled
34
* by MDCR_EL2.TDRA for EL2 but by the more general MDCR_EL3.TDA for EL3.
35
*/
36
static CPAccessResult access_tdra(CPUARMState *env, const ARMCPRegInfo *ri,
37
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_tdra(CPUARMState *env, const ARMCPRegInfo *ri,
38
return CP_ACCESS_OK;
39
}
40
41
-/* Check for traps to general debug registers, which are controlled
42
+/*
43
+ * Check for traps to general debug registers, which are controlled
44
* by MDCR_EL2.TDA for EL2 and MDCR_EL3.TDA for EL3.
45
*/
46
static CPAccessResult access_tda(CPUARMState *env, const ARMCPRegInfo *ri,
47
@@ -XXX,XX +XXX,XX @@ static CPAccessResult ctr_el0_access(CPUARMState *env, const ARMCPRegInfo *ri,
48
static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
49
uint64_t value)
50
{
51
- /* Writes to OSLAR_EL1 may update the OS lock status, which can be
52
+ /*
53
+ * Writes to OSLAR_EL1 may update the OS lock status, which can be
54
* read via a bit in OSLSR_EL1.
55
*/
56
int oslock;
57
@@ -XXX,XX +XXX,XX @@ static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
58
}
59
60
static const ARMCPRegInfo debug_cp_reginfo[] = {
61
- /* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
62
+ /*
63
+ * DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
64
* debug components. The AArch64 version of DBGDRAR is named MDRAR_EL1;
65
* unlike DBGDRAR it is never accessible from EL0.
66
* DBGDSAR is deprecated and must RAZ from v8 anyway, so it has no AArch64
67
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
68
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 4,
69
.access = PL1_RW, .accessfn = access_tdosa,
70
.type = ARM_CP_NOP },
71
- /* Dummy DBGVCR: Linux wants to clear this on startup, but we don't
72
+ /*
73
+ * Dummy DBGVCR: Linux wants to clear this on startup, but we don't
74
* implement vector catch debug events yet.
75
*/
76
{ .name = "DBGVCR",
77
.cp = 14, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
78
.access = PL1_RW, .accessfn = access_tda,
79
.type = ARM_CP_NOP },
80
- /* Dummy DBGVCR32_EL2 (which is only for a 64-bit hypervisor
81
+ /*
82
+ * Dummy DBGVCR32_EL2 (which is only for a 64-bit hypervisor
83
* to save and restore a 32-bit guest's DBGVCR)
84
*/
85
{ .name = "DBGVCR32_EL2", .state = ARM_CP_STATE_AA64,
86
.opc0 = 2, .opc1 = 4, .crn = 0, .crm = 7, .opc2 = 0,
87
.access = PL2_RW, .accessfn = access_tda,
88
.type = ARM_CP_NOP | ARM_CP_EL3_NO_EL2_KEEP },
89
- /* Dummy MDCCINT_EL1, since we don't implement the Debug Communications
90
+ /*
91
+ * Dummy MDCCINT_EL1, since we don't implement the Debug Communications
92
* Channel but Linux may try to access this register. The 32-bit
93
* alias is DBGDCCINT.
94
*/
95
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
96
static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
97
/* 64 bit access versions of the (dummy) debug registers */
98
{ .name = "DBGDRAR", .cp = 14, .crm = 1, .opc1 = 0,
99
- .access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
100
+ .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
101
{ .name = "DBGDSAR", .cp = 14, .crm = 2, .opc1 = 0,
102
- .access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
103
+ .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
104
};
105
106
/*
107
@@ -XXX,XX +XXX,XX @@ void hw_watchpoint_update(ARMCPU *cpu, int n)
108
break;
27
}
109
}
28
110
29
+ ftype = excret & R_V7M_EXCRET_FTYPE_MASK;
111
- /* Attempts to use both MASK and BAS fields simultaneously are
30
+
112
+ /*
31
+ if (!arm_feature(env, ARM_FEATURE_VFP) && !ftype) {
113
+ * Attempts to use both MASK and BAS fields simultaneously are
32
+ qemu_log_mask(LOG_GUEST_ERROR, "M profile: zero FTYPE in exception "
114
* CONSTRAINED UNPREDICTABLE; we opt to ignore BAS in this case,
33
+ "exit PC value 0x%" PRIx32 " is UNPREDICTABLE "
115
* thus generating a watchpoint for every byte in the masked region.
34
+ "if FPU not present\n",
116
*/
35
+ excret);
117
mask = FIELD_EX64(wcr, DBGWCR, MASK);
36
+ ftype = true;
118
if (mask == 1 || mask == 2) {
37
+ }
119
- /* Reserved values of MASK; we must act as if the mask value was
38
+
120
+ /*
39
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
121
+ * Reserved values of MASK; we must act as if the mask value was
40
/* EXC_RETURN.ES validation check (R_SMFL). We must do this before
122
* some non-reserved value, or as if the watchpoint were disabled.
41
* we pick which FAULTMASK to clear.
123
* We choose the latter.
42
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
124
*/
43
*/
125
@@ -XXX,XX +XXX,XX @@ void hw_watchpoint_update(ARMCPU *cpu, int n)
44
write_v7m_control_spsel_for_secstate(env, return_to_sp_process, exc_secure);
126
} else if (mask) {
45
127
/* Watchpoint covers an aligned area up to 2GB in size */
46
+ /*
128
len = 1ULL << mask;
47
+ * Clear scratch FP values left in caller saved registers; this
129
- /* If masked bits in WVR are not zero it's CONSTRAINED UNPREDICTABLE
48
+ * must happen before any kind of tail chaining.
130
+ /*
49
+ */
131
+ * If masked bits in WVR are not zero it's CONSTRAINED UNPREDICTABLE
50
+ if ((env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_CLRONRET_MASK) &&
132
* whether the watchpoint fires when the unmasked bits match; we opt
51
+ (env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
133
* to generate the exceptions.
52
+ if (env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPACT_MASK) {
134
*/
53
+ env->v7m.sfsr |= R_V7M_SFSR_LSERR_MASK;
135
@@ -XXX,XX +XXX,XX @@ void hw_watchpoint_update(ARMCPU *cpu, int n)
54
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
136
int basstart;
55
+ qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing "
137
56
+ "stackframe: error during lazy state deactivation\n");
138
if (extract64(wvr, 2, 1)) {
57
+ v7m_exception_taken(cpu, excret, true, false);
139
- /* Deprecated case of an only 4-aligned address. BAS[7:4] are
58
+ return;
140
+ /*
59
+ } else {
141
+ * Deprecated case of an only 4-aligned address. BAS[7:4] are
60
+ /* Clear s0..s15 and FPSCR */
142
* ignored, and BAS[3:0] define which bytes to watch.
61
+ int i;
143
*/
62
+
144
bas &= 0xf;
63
+ for (i = 0; i < 16; i += 2) {
145
@@ -XXX,XX +XXX,XX @@ void hw_watchpoint_update(ARMCPU *cpu, int n)
64
+ *aa32_vfp_dreg(env, i / 2) = 0;
146
return;
65
+ }
66
+ vfp_set_fpscr(env, 0);
67
+ }
68
+ }
69
+
70
if (sfault) {
71
env->v7m.sfsr |= R_V7M_SFSR_INVER_MASK;
72
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
73
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
74
}
75
}
147
}
76
148
77
+ if (!ftype) {
149
- /* The BAS bits are supposed to be programmed to indicate a contiguous
78
+ /* FP present and we need to handle it */
150
+ /*
79
+ if (!return_to_secure &&
151
+ * The BAS bits are supposed to be programmed to indicate a contiguous
80
+ (env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPACT_MASK)) {
152
* range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether
81
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
153
* we fire for each byte in the word/doubleword addressed by the WVR.
82
+ env->v7m.sfsr |= R_V7M_SFSR_LSERR_MASK;
154
* We choose to ignore any non-zero bits after the first range of 1s.
83
+ qemu_log_mask(CPU_LOG_INT,
155
@@ -XXX,XX +XXX,XX @@ void hw_watchpoint_update_all(ARMCPU *cpu)
84
+ "...taking SecureFault on existing stackframe: "
156
int i;
85
+ "Secure LSPACT set but exception return is "
157
CPUARMState *env = &cpu->env;
86
+ "not to secure state\n");
158
87
+ v7m_exception_taken(cpu, excret, true, false);
159
- /* Completely clear out existing QEMU watchpoints and our array, to
88
+ return;
160
+ /*
89
+ }
161
+ * Completely clear out existing QEMU watchpoints and our array, to
90
+
162
* avoid possible stale entries following migration load.
91
+ restore_s16_s31 = return_to_secure &&
163
*/
92
+ (env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK);
164
cpu_watchpoint_remove_all(CPU(cpu), BP_CPU);
93
+
165
@@ -XXX,XX +XXX,XX @@ void hw_breakpoint_update(ARMCPU *cpu, int n)
94
+ if (env->v7m.fpccr[return_to_secure] & R_V7M_FPCCR_LSPACT_MASK) {
166
case 11: /* linked context ID and VMID match (reserved if no EL2) */
95
+ /* State in FPU is still valid, just clear LSPACT */
167
case 3: /* linked context ID match */
96
+ env->v7m.fpccr[return_to_secure] &= ~R_V7M_FPCCR_LSPACT_MASK;
168
default:
97
+ } else {
169
- /* We must generate no events for Linked context matches (unless
98
+ int i;
170
+ /*
99
+ uint32_t fpscr;
171
+ * We must generate no events for Linked context matches (unless
100
+ bool cpacr_pass, nsacr_pass;
172
* they are linked to by some other bp/wp, which is handled in
101
+
173
* updates for the linking bp/wp). We choose to also generate no events
102
+ cpacr_pass = v7m_cpacr_pass(env, return_to_secure,
174
* for reserved values.
103
+ return_to_priv);
175
@@ -XXX,XX +XXX,XX @@ void hw_breakpoint_update_all(ARMCPU *cpu)
104
+ nsacr_pass = return_to_secure ||
176
int i;
105
+ extract32(env->v7m.nsacr, 10, 1);
177
CPUARMState *env = &cpu->env;
106
+
178
107
+ if (!cpacr_pass) {
179
- /* Completely clear out existing QEMU breakpoints and our array, to
108
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,
180
+ /*
109
+ return_to_secure);
181
+ * Completely clear out existing QEMU breakpoints and our array, to
110
+ env->v7m.cfsr[return_to_secure] |= R_V7M_CFSR_NOCP_MASK;
182
* avoid possible stale entries following migration load.
111
+ qemu_log_mask(CPU_LOG_INT,
183
*/
112
+ "...taking UsageFault on existing "
184
cpu_breakpoint_remove_all(CPU(cpu), BP_CPU);
113
+ "stackframe: CPACR.CP10 prevents unstacking "
185
@@ -XXX,XX +XXX,XX @@ static void dbgbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
114
+ "FP regs\n");
186
ARMCPU *cpu = env_archcpu(env);
115
+ v7m_exception_taken(cpu, excret, true, false);
187
int i = ri->crm;
116
+ return;
188
117
+ } else if (!nsacr_pass) {
189
- /* BAS[3] is a read-only copy of BAS[2], and BAS[1] a read-only
118
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, true);
190
+ /*
119
+ env->v7m.cfsr[M_REG_S] |= R_V7M_CFSR_INVPC_MASK;
191
+ * BAS[3] is a read-only copy of BAS[2], and BAS[1] a read-only
120
+ qemu_log_mask(CPU_LOG_INT,
192
* copy of BAS[0].
121
+ "...taking Secure UsageFault on existing "
193
*/
122
+ "stackframe: NSACR.CP10 prevents unstacking "
194
value = deposit64(value, 6, 1, extract64(value, 5, 1));
123
+ "FP regs\n");
195
@@ -XXX,XX +XXX,XX @@ static void dbgbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
124
+ v7m_exception_taken(cpu, excret, true, false);
196
125
+ return;
197
static void define_debug_regs(ARMCPU *cpu)
126
+ }
198
{
127
+
199
- /* Define v7 and v8 architectural debug registers.
128
+ for (i = 0; i < (restore_s16_s31 ? 32 : 16); i += 2) {
200
+ /*
129
+ uint32_t slo, shi;
201
+ * Define v7 and v8 architectural debug registers.
130
+ uint64_t dn;
202
* These are just dummy implementations for now.
131
+ uint32_t faddr = frameptr + 0x20 + 4 * i;
203
*/
132
+
204
int i;
133
+ if (i >= 16) {
134
+ faddr += 8; /* Skip the slot for the FPSCR */
135
+ }
136
+
137
+ pop_ok = pop_ok &&
138
+ v7m_stack_read(cpu, &slo, faddr, mmu_idx) &&
139
+ v7m_stack_read(cpu, &shi, faddr + 4, mmu_idx);
140
+
141
+ if (!pop_ok) {
142
+ break;
143
+ }
144
+
145
+ dn = (uint64_t)shi << 32 | slo;
146
+ *aa32_vfp_dreg(env, i / 2) = dn;
147
+ }
148
+ pop_ok = pop_ok &&
149
+ v7m_stack_read(cpu, &fpscr, frameptr + 0x60, mmu_idx);
150
+ if (pop_ok) {
151
+ vfp_set_fpscr(env, fpscr);
152
+ }
153
+ if (!pop_ok) {
154
+ /*
155
+ * These regs are 0 if security extension present;
156
+ * otherwise merely UNKNOWN. We zero always.
157
+ */
158
+ for (i = 0; i < (restore_s16_s31 ? 32 : 16); i += 2) {
159
+ *aa32_vfp_dreg(env, i / 2) = 0;
160
+ }
161
+ vfp_set_fpscr(env, 0);
162
+ }
163
+ }
164
+ }
165
+ env->v7m.control[M_REG_S] = FIELD_DP32(env->v7m.control[M_REG_S],
166
+ V7M_CONTROL, FPCA, !ftype);
167
+
168
/* Commit to consuming the stack frame */
169
frameptr += 0x20;
170
+ if (!ftype) {
171
+ frameptr += 0x48;
172
+ if (restore_s16_s31) {
173
+ frameptr += 0x40;
174
+ }
175
+ }
176
/* Undo stack alignment (the SPREALIGN bit indicates that the original
177
* pre-exception SP was not 8-aligned and we added a padding word to
178
* align it, so we undo this by ORing in the bit that increases it
179
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
180
*frame_sp_p = frameptr;
181
}
182
/* This xpsr_write() will invalidate frame_sp_p as it may switch stack */
183
- xpsr_write(env, xpsr, ~XPSR_SPREALIGN);
184
+ xpsr_write(env, xpsr, ~(XPSR_SPREALIGN | XPSR_SFPA));
185
+
186
+ if (env->v7m.secure) {
187
+ bool sfpa = xpsr & XPSR_SFPA;
188
+
189
+ env->v7m.control[M_REG_S] = FIELD_DP32(env->v7m.control[M_REG_S],
190
+ V7M_CONTROL, SFPA, sfpa);
191
+ }
192
193
/* The restored xPSR exception field will be zero if we're
194
* resuming in Thread mode. If that doesn't match what the
195
--
205
--
196
2.20.1
206
2.25.1
197
198
diff view generated by jsdifflib
1
Add a new helper function which returns the MMU index to use
1
The target/arm/helper.c file is very long and is a grabbag of all
2
for v7M, where the caller specifies all of the security
2
kinds of functionality. We have already a debug_helper.c which has
3
state, privilege level and whether the execution priority
3
code for implementing architectural debug. Move the code which
4
is negative, and reimplement the existing
4
defines the debug-related system registers out to this file also.
5
arm_v7m_mmu_idx_for_secstate_and_priv() in terms of it.
5
This affects the define_debug_regs() function and the various
6
functions and arrays which are used only by it.
6
7
7
We are going to need this for the lazy-FP-stacking code.
8
The functions raw_write() and arm_mdcr_el2_eff() and
9
define_debug_regs() now need to be global rather than local to
10
helper.c; everything else is pure code movement.
8
11
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
11
Message-id: 20190416125744.27770-21-peter.maydell@linaro.org
14
Message-id: 20220630194116.3438513-3-peter.maydell@linaro.org
12
---
15
---
13
target/arm/cpu.h | 7 +++++++
16
target/arm/cpregs.h | 3 +
14
target/arm/helper.c | 14 +++++++++++---
17
target/arm/internals.h | 9 +
15
2 files changed, 18 insertions(+), 3 deletions(-)
18
target/arm/debug_helper.c | 525 +++++++++++++++++++++++++++++++++++++
19
target/arm/helper.c | 531 +-------------------------------------
20
4 files changed, 538 insertions(+), 530 deletions(-)
16
21
17
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
22
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
18
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/cpu.h
24
--- a/target/arm/cpregs.h
20
+++ b/target/arm/cpu.h
25
+++ b/target/arm/cpregs.h
21
@@ -XXX,XX +XXX,XX @@ static inline int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
26
@@ -XXX,XX +XXX,XX @@ void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
22
}
27
/* CPReadFn that can be used for read-as-zero behaviour */
28
uint64_t arm_cp_read_zero(CPUARMState *env, const ARMCPRegInfo *ri);
29
30
+/* CPWriteFn that just writes the value to ri->fieldoffset */
31
+void raw_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value);
32
+
33
/*
34
* CPResetFn that does nothing, for use if no reset is required even
35
* if fieldoffset is non zero.
36
diff --git a/target/arm/internals.h b/target/arm/internals.h
37
index XXXXXXX..XXXXXXX 100644
38
--- a/target/arm/internals.h
39
+++ b/target/arm/internals.h
40
@@ -XXX,XX +XXX,XX @@ int exception_target_el(CPUARMState *env);
41
bool arm_singlestep_active(CPUARMState *env);
42
bool arm_generate_debug_exceptions(CPUARMState *env);
43
44
+/* Add the cpreg definitions for debug related system registers */
45
+void define_debug_regs(ARMCPU *cpu);
46
+
47
+/* Effective value of MDCR_EL2 */
48
+static inline uint64_t arm_mdcr_el2_eff(CPUARMState *env)
49
+{
50
+ return arm_is_el2_enabled(env) ? env->cp15.mdcr_el2 : 0;
51
+}
52
+
53
/* Powers of 2 for sve_vq_map et al. */
54
#define SVE_VQ_POW2_MAP \
55
((1 << (1 - 1)) | (1 << (2 - 1)) | \
56
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
57
index XXXXXXX..XXXXXXX 100644
58
--- a/target/arm/debug_helper.c
59
+++ b/target/arm/debug_helper.c
60
@@ -XXX,XX +XXX,XX @@
61
* SPDX-License-Identifier: GPL-2.0-or-later
62
*/
63
#include "qemu/osdep.h"
64
+#include "qemu/log.h"
65
#include "cpu.h"
66
#include "internals.h"
67
+#include "cpregs.h"
68
#include "exec/exec-all.h"
69
#include "exec/helper-proto.h"
70
71
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_swstep)(CPUARMState *env, uint32_t syndrome)
72
raise_exception_debug(env, EXCP_UDEF, syndrome);
23
}
73
}
24
74
25
+/*
75
+/*
26
+ * Return the MMU index for a v7M CPU with all relevant information
76
+ * Check for traps to "powerdown debug" registers, which are controlled
27
+ * manually specified.
77
+ * by MDCR.TDOSA
28
+ */
78
+ */
29
+ARMMMUIdx arm_v7m_mmu_idx_all(CPUARMState *env,
79
+static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri,
30
+ bool secstate, bool priv, bool negpri);
80
+ bool isread)
31
+
81
+{
32
/* Return the MMU index for a v7M CPU in the specified security and
82
+ int el = arm_current_el(env);
33
* privilege state.
83
+ uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
34
*/
84
+ bool mdcr_el2_tdosa = (mdcr_el2 & MDCR_TDOSA) || (mdcr_el2 & MDCR_TDE) ||
85
+ (arm_hcr_el2_eff(env) & HCR_TGE);
86
+
87
+ if (el < 2 && mdcr_el2_tdosa) {
88
+ return CP_ACCESS_TRAP_EL2;
89
+ }
90
+ if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDOSA)) {
91
+ return CP_ACCESS_TRAP_EL3;
92
+ }
93
+ return CP_ACCESS_OK;
94
+}
95
+
96
+/*
97
+ * Check for traps to "debug ROM" registers, which are controlled
98
+ * by MDCR_EL2.TDRA for EL2 but by the more general MDCR_EL3.TDA for EL3.
99
+ */
100
+static CPAccessResult access_tdra(CPUARMState *env, const ARMCPRegInfo *ri,
101
+ bool isread)
102
+{
103
+ int el = arm_current_el(env);
104
+ uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
105
+ bool mdcr_el2_tdra = (mdcr_el2 & MDCR_TDRA) || (mdcr_el2 & MDCR_TDE) ||
106
+ (arm_hcr_el2_eff(env) & HCR_TGE);
107
+
108
+ if (el < 2 && mdcr_el2_tdra) {
109
+ return CP_ACCESS_TRAP_EL2;
110
+ }
111
+ if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDA)) {
112
+ return CP_ACCESS_TRAP_EL3;
113
+ }
114
+ return CP_ACCESS_OK;
115
+}
116
+
117
+/*
118
+ * Check for traps to general debug registers, which are controlled
119
+ * by MDCR_EL2.TDA for EL2 and MDCR_EL3.TDA for EL3.
120
+ */
121
+static CPAccessResult access_tda(CPUARMState *env, const ARMCPRegInfo *ri,
122
+ bool isread)
123
+{
124
+ int el = arm_current_el(env);
125
+ uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
126
+ bool mdcr_el2_tda = (mdcr_el2 & MDCR_TDA) || (mdcr_el2 & MDCR_TDE) ||
127
+ (arm_hcr_el2_eff(env) & HCR_TGE);
128
+
129
+ if (el < 2 && mdcr_el2_tda) {
130
+ return CP_ACCESS_TRAP_EL2;
131
+ }
132
+ if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDA)) {
133
+ return CP_ACCESS_TRAP_EL3;
134
+ }
135
+ return CP_ACCESS_OK;
136
+}
137
+
138
+static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
139
+ uint64_t value)
140
+{
141
+ /*
142
+ * Writes to OSLAR_EL1 may update the OS lock status, which can be
143
+ * read via a bit in OSLSR_EL1.
144
+ */
145
+ int oslock;
146
+
147
+ if (ri->state == ARM_CP_STATE_AA32) {
148
+ oslock = (value == 0xC5ACCE55);
149
+ } else {
150
+ oslock = value & 1;
151
+ }
152
+
153
+ env->cp15.oslsr_el1 = deposit32(env->cp15.oslsr_el1, 1, 1, oslock);
154
+}
155
+
156
+static const ARMCPRegInfo debug_cp_reginfo[] = {
157
+ /*
158
+ * DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
159
+ * debug components. The AArch64 version of DBGDRAR is named MDRAR_EL1;
160
+ * unlike DBGDRAR it is never accessible from EL0.
161
+ * DBGDSAR is deprecated and must RAZ from v8 anyway, so it has no AArch64
162
+ * accessor.
163
+ */
164
+ { .name = "DBGDRAR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
165
+ .access = PL0_R, .accessfn = access_tdra,
166
+ .type = ARM_CP_CONST, .resetvalue = 0 },
167
+ { .name = "MDRAR_EL1", .state = ARM_CP_STATE_AA64,
168
+ .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 0,
169
+ .access = PL1_R, .accessfn = access_tdra,
170
+ .type = ARM_CP_CONST, .resetvalue = 0 },
171
+ { .name = "DBGDSAR", .cp = 14, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
172
+ .access = PL0_R, .accessfn = access_tdra,
173
+ .type = ARM_CP_CONST, .resetvalue = 0 },
174
+ /* Monitor debug system control register; the 32-bit alias is DBGDSCRext. */
175
+ { .name = "MDSCR_EL1", .state = ARM_CP_STATE_BOTH,
176
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
177
+ .access = PL1_RW, .accessfn = access_tda,
178
+ .fieldoffset = offsetof(CPUARMState, cp15.mdscr_el1),
179
+ .resetvalue = 0 },
180
+ /*
181
+ * MDCCSR_EL0[30:29] map to EDSCR[30:29]. Simply RAZ as the external
182
+ * Debug Communication Channel is not implemented.
183
+ */
184
+ { .name = "MDCCSR_EL0", .state = ARM_CP_STATE_AA64,
185
+ .opc0 = 2, .opc1 = 3, .crn = 0, .crm = 1, .opc2 = 0,
186
+ .access = PL0_R, .accessfn = access_tda,
187
+ .type = ARM_CP_CONST, .resetvalue = 0 },
188
+ /*
189
+ * DBGDSCRint[15,12,5:2] map to MDSCR_EL1[15,12,5:2]. Map all bits as
190
+ * it is unlikely a guest will care.
191
+ * We don't implement the configurable EL0 access.
192
+ */
193
+ { .name = "DBGDSCRint", .state = ARM_CP_STATE_AA32,
194
+ .cp = 14, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 0,
195
+ .type = ARM_CP_ALIAS,
196
+ .access = PL1_R, .accessfn = access_tda,
197
+ .fieldoffset = offsetof(CPUARMState, cp15.mdscr_el1), },
198
+ { .name = "OSLAR_EL1", .state = ARM_CP_STATE_BOTH,
199
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 4,
200
+ .access = PL1_W, .type = ARM_CP_NO_RAW,
201
+ .accessfn = access_tdosa,
202
+ .writefn = oslar_write },
203
+ { .name = "OSLSR_EL1", .state = ARM_CP_STATE_BOTH,
204
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 4,
205
+ .access = PL1_R, .resetvalue = 10,
206
+ .accessfn = access_tdosa,
207
+ .fieldoffset = offsetof(CPUARMState, cp15.oslsr_el1) },
208
+ /* Dummy OSDLR_EL1: 32-bit Linux will read this */
209
+ { .name = "OSDLR_EL1", .state = ARM_CP_STATE_BOTH,
210
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 4,
211
+ .access = PL1_RW, .accessfn = access_tdosa,
212
+ .type = ARM_CP_NOP },
213
+ /*
214
+ * Dummy DBGVCR: Linux wants to clear this on startup, but we don't
215
+ * implement vector catch debug events yet.
216
+ */
217
+ { .name = "DBGVCR",
218
+ .cp = 14, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
219
+ .access = PL1_RW, .accessfn = access_tda,
220
+ .type = ARM_CP_NOP },
221
+ /*
222
+ * Dummy DBGVCR32_EL2 (which is only for a 64-bit hypervisor
223
+ * to save and restore a 32-bit guest's DBGVCR)
224
+ */
225
+ { .name = "DBGVCR32_EL2", .state = ARM_CP_STATE_AA64,
226
+ .opc0 = 2, .opc1 = 4, .crn = 0, .crm = 7, .opc2 = 0,
227
+ .access = PL2_RW, .accessfn = access_tda,
228
+ .type = ARM_CP_NOP | ARM_CP_EL3_NO_EL2_KEEP },
229
+ /*
230
+ * Dummy MDCCINT_EL1, since we don't implement the Debug Communications
231
+ * Channel but Linux may try to access this register. The 32-bit
232
+ * alias is DBGDCCINT.
233
+ */
234
+ { .name = "MDCCINT_EL1", .state = ARM_CP_STATE_BOTH,
235
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
236
+ .access = PL1_RW, .accessfn = access_tda,
237
+ .type = ARM_CP_NOP },
238
+};
239
+
240
+static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
241
+ /* 64 bit access versions of the (dummy) debug registers */
242
+ { .name = "DBGDRAR", .cp = 14, .crm = 1, .opc1 = 0,
243
+ .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
244
+ { .name = "DBGDSAR", .cp = 14, .crm = 2, .opc1 = 0,
245
+ .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
246
+};
247
+
248
+void hw_watchpoint_update(ARMCPU *cpu, int n)
249
+{
250
+ CPUARMState *env = &cpu->env;
251
+ vaddr len = 0;
252
+ vaddr wvr = env->cp15.dbgwvr[n];
253
+ uint64_t wcr = env->cp15.dbgwcr[n];
254
+ int mask;
255
+ int flags = BP_CPU | BP_STOP_BEFORE_ACCESS;
256
+
257
+ if (env->cpu_watchpoint[n]) {
258
+ cpu_watchpoint_remove_by_ref(CPU(cpu), env->cpu_watchpoint[n]);
259
+ env->cpu_watchpoint[n] = NULL;
260
+ }
261
+
262
+ if (!FIELD_EX64(wcr, DBGWCR, E)) {
263
+ /* E bit clear : watchpoint disabled */
264
+ return;
265
+ }
266
+
267
+ switch (FIELD_EX64(wcr, DBGWCR, LSC)) {
268
+ case 0:
269
+ /* LSC 00 is reserved and must behave as if the wp is disabled */
270
+ return;
271
+ case 1:
272
+ flags |= BP_MEM_READ;
273
+ break;
274
+ case 2:
275
+ flags |= BP_MEM_WRITE;
276
+ break;
277
+ case 3:
278
+ flags |= BP_MEM_ACCESS;
279
+ break;
280
+ }
281
+
282
+ /*
283
+ * Attempts to use both MASK and BAS fields simultaneously are
284
+ * CONSTRAINED UNPREDICTABLE; we opt to ignore BAS in this case,
285
+ * thus generating a watchpoint for every byte in the masked region.
286
+ */
287
+ mask = FIELD_EX64(wcr, DBGWCR, MASK);
288
+ if (mask == 1 || mask == 2) {
289
+ /*
290
+ * Reserved values of MASK; we must act as if the mask value was
291
+ * some non-reserved value, or as if the watchpoint were disabled.
292
+ * We choose the latter.
293
+ */
294
+ return;
295
+ } else if (mask) {
296
+ /* Watchpoint covers an aligned area up to 2GB in size */
297
+ len = 1ULL << mask;
298
+ /*
299
+ * If masked bits in WVR are not zero it's CONSTRAINED UNPREDICTABLE
300
+ * whether the watchpoint fires when the unmasked bits match; we opt
301
+ * to generate the exceptions.
302
+ */
303
+ wvr &= ~(len - 1);
304
+ } else {
305
+ /* Watchpoint covers bytes defined by the byte address select bits */
306
+ int bas = FIELD_EX64(wcr, DBGWCR, BAS);
307
+ int basstart;
308
+
309
+ if (extract64(wvr, 2, 1)) {
310
+ /*
311
+ * Deprecated case of an only 4-aligned address. BAS[7:4] are
312
+ * ignored, and BAS[3:0] define which bytes to watch.
313
+ */
314
+ bas &= 0xf;
315
+ }
316
+
317
+ if (bas == 0) {
318
+ /* This must act as if the watchpoint is disabled */
319
+ return;
320
+ }
321
+
322
+ /*
323
+ * The BAS bits are supposed to be programmed to indicate a contiguous
324
+ * range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether
325
+ * we fire for each byte in the word/doubleword addressed by the WVR.
326
+ * We choose to ignore any non-zero bits after the first range of 1s.
327
+ */
328
+ basstart = ctz32(bas);
329
+ len = cto32(bas >> basstart);
330
+ wvr += basstart;
331
+ }
332
+
333
+ cpu_watchpoint_insert(CPU(cpu), wvr, len, flags,
334
+ &env->cpu_watchpoint[n]);
335
+}
336
+
337
+void hw_watchpoint_update_all(ARMCPU *cpu)
338
+{
339
+ int i;
340
+ CPUARMState *env = &cpu->env;
341
+
342
+ /*
343
+ * Completely clear out existing QEMU watchpoints and our array, to
344
+ * avoid possible stale entries following migration load.
345
+ */
346
+ cpu_watchpoint_remove_all(CPU(cpu), BP_CPU);
347
+ memset(env->cpu_watchpoint, 0, sizeof(env->cpu_watchpoint));
348
+
349
+ for (i = 0; i < ARRAY_SIZE(cpu->env.cpu_watchpoint); i++) {
350
+ hw_watchpoint_update(cpu, i);
351
+ }
352
+}
353
+
354
+static void dbgwvr_write(CPUARMState *env, const ARMCPRegInfo *ri,
355
+ uint64_t value)
356
+{
357
+ ARMCPU *cpu = env_archcpu(env);
358
+ int i = ri->crm;
359
+
360
+ /*
361
+ * Bits [1:0] are RES0.
362
+ *
363
+ * It is IMPLEMENTATION DEFINED whether [63:49] ([63:53] with FEAT_LVA)
364
+ * are hardwired to the value of bit [48] ([52] with FEAT_LVA), or if
365
+ * they contain the value written. It is CONSTRAINED UNPREDICTABLE
366
+ * whether the RESS bits are ignored when comparing an address.
367
+ *
368
+ * Therefore we are allowed to compare the entire register, which lets
369
+ * us avoid considering whether or not FEAT_LVA is actually enabled.
370
+ */
371
+ value &= ~3ULL;
372
+
373
+ raw_write(env, ri, value);
374
+ hw_watchpoint_update(cpu, i);
375
+}
376
+
377
+static void dbgwcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
378
+ uint64_t value)
379
+{
380
+ ARMCPU *cpu = env_archcpu(env);
381
+ int i = ri->crm;
382
+
383
+ raw_write(env, ri, value);
384
+ hw_watchpoint_update(cpu, i);
385
+}
386
+
387
+void hw_breakpoint_update(ARMCPU *cpu, int n)
388
+{
389
+ CPUARMState *env = &cpu->env;
390
+ uint64_t bvr = env->cp15.dbgbvr[n];
391
+ uint64_t bcr = env->cp15.dbgbcr[n];
392
+ vaddr addr;
393
+ int bt;
394
+ int flags = BP_CPU;
395
+
396
+ if (env->cpu_breakpoint[n]) {
397
+ cpu_breakpoint_remove_by_ref(CPU(cpu), env->cpu_breakpoint[n]);
398
+ env->cpu_breakpoint[n] = NULL;
399
+ }
400
+
401
+ if (!extract64(bcr, 0, 1)) {
402
+ /* E bit clear : watchpoint disabled */
403
+ return;
404
+ }
405
+
406
+ bt = extract64(bcr, 20, 4);
407
+
408
+ switch (bt) {
409
+ case 4: /* unlinked address mismatch (reserved if AArch64) */
410
+ case 5: /* linked address mismatch (reserved if AArch64) */
411
+ qemu_log_mask(LOG_UNIMP,
412
+ "arm: address mismatch breakpoint types not implemented\n");
413
+ return;
414
+ case 0: /* unlinked address match */
415
+ case 1: /* linked address match */
416
+ {
417
+ /*
418
+ * Bits [1:0] are RES0.
419
+ *
420
+ * It is IMPLEMENTATION DEFINED whether bits [63:49]
421
+ * ([63:53] for FEAT_LVA) are hardwired to a copy of the sign bit
422
+ * of the VA field ([48] or [52] for FEAT_LVA), or whether the
423
+ * value is read as written. It is CONSTRAINED UNPREDICTABLE
424
+ * whether the RESS bits are ignored when comparing an address.
425
+ * Therefore we are allowed to compare the entire register, which
426
+ * lets us avoid considering whether FEAT_LVA is actually enabled.
427
+ *
428
+ * The BAS field is used to allow setting breakpoints on 16-bit
429
+ * wide instructions; it is CONSTRAINED UNPREDICTABLE whether
430
+ * a bp will fire if the addresses covered by the bp and the addresses
431
+ * covered by the insn overlap but the insn doesn't start at the
432
+ * start of the bp address range. We choose to require the insn and
433
+ * the bp to have the same address. The constraints on writing to
434
+ * BAS enforced in dbgbcr_write mean we have only four cases:
435
+ * 0b0000 => no breakpoint
436
+ * 0b0011 => breakpoint on addr
437
+ * 0b1100 => breakpoint on addr + 2
438
+ * 0b1111 => breakpoint on addr
439
+ * See also figure D2-3 in the v8 ARM ARM (DDI0487A.c).
440
+ */
441
+ int bas = extract64(bcr, 5, 4);
442
+ addr = bvr & ~3ULL;
443
+ if (bas == 0) {
444
+ return;
445
+ }
446
+ if (bas == 0xc) {
447
+ addr += 2;
448
+ }
449
+ break;
450
+ }
451
+ case 2: /* unlinked context ID match */
452
+ case 8: /* unlinked VMID match (reserved if no EL2) */
453
+ case 10: /* unlinked context ID and VMID match (reserved if no EL2) */
454
+ qemu_log_mask(LOG_UNIMP,
455
+ "arm: unlinked context breakpoint types not implemented\n");
456
+ return;
457
+ case 9: /* linked VMID match (reserved if no EL2) */
458
+ case 11: /* linked context ID and VMID match (reserved if no EL2) */
459
+ case 3: /* linked context ID match */
460
+ default:
461
+ /*
462
+ * We must generate no events for Linked context matches (unless
463
+ * they are linked to by some other bp/wp, which is handled in
464
+ * updates for the linking bp/wp). We choose to also generate no events
465
+ * for reserved values.
466
+ */
467
+ return;
468
+ }
469
+
470
+ cpu_breakpoint_insert(CPU(cpu), addr, flags, &env->cpu_breakpoint[n]);
471
+}
472
+
473
+void hw_breakpoint_update_all(ARMCPU *cpu)
474
+{
475
+ int i;
476
+ CPUARMState *env = &cpu->env;
477
+
478
+ /*
479
+ * Completely clear out existing QEMU breakpoints and our array, to
480
+ * avoid possible stale entries following migration load.
481
+ */
482
+ cpu_breakpoint_remove_all(CPU(cpu), BP_CPU);
483
+ memset(env->cpu_breakpoint, 0, sizeof(env->cpu_breakpoint));
484
+
485
+ for (i = 0; i < ARRAY_SIZE(cpu->env.cpu_breakpoint); i++) {
486
+ hw_breakpoint_update(cpu, i);
487
+ }
488
+}
489
+
490
+static void dbgbvr_write(CPUARMState *env, const ARMCPRegInfo *ri,
491
+ uint64_t value)
492
+{
493
+ ARMCPU *cpu = env_archcpu(env);
494
+ int i = ri->crm;
495
+
496
+ raw_write(env, ri, value);
497
+ hw_breakpoint_update(cpu, i);
498
+}
499
+
500
+static void dbgbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
501
+ uint64_t value)
502
+{
503
+ ARMCPU *cpu = env_archcpu(env);
504
+ int i = ri->crm;
505
+
506
+ /*
507
+ * BAS[3] is a read-only copy of BAS[2], and BAS[1] a read-only
508
+ * copy of BAS[0].
509
+ */
510
+ value = deposit64(value, 6, 1, extract64(value, 5, 1));
511
+ value = deposit64(value, 8, 1, extract64(value, 7, 1));
512
+
513
+ raw_write(env, ri, value);
514
+ hw_breakpoint_update(cpu, i);
515
+}
516
+
517
+void define_debug_regs(ARMCPU *cpu)
518
+{
519
+ /*
520
+ * Define v7 and v8 architectural debug registers.
521
+ * These are just dummy implementations for now.
522
+ */
523
+ int i;
524
+ int wrps, brps, ctx_cmps;
525
+
526
+ /*
527
+ * The Arm ARM says DBGDIDR is optional and deprecated if EL1 cannot
528
+ * use AArch32. Given that bit 15 is RES1, if the value is 0 then
529
+ * the register must not exist for this cpu.
530
+ */
531
+ if (cpu->isar.dbgdidr != 0) {
532
+ ARMCPRegInfo dbgdidr = {
533
+ .name = "DBGDIDR", .cp = 14, .crn = 0, .crm = 0,
534
+ .opc1 = 0, .opc2 = 0,
535
+ .access = PL0_R, .accessfn = access_tda,
536
+ .type = ARM_CP_CONST, .resetvalue = cpu->isar.dbgdidr,
537
+ };
538
+ define_one_arm_cp_reg(cpu, &dbgdidr);
539
+ }
540
+
541
+ brps = arm_num_brps(cpu);
542
+ wrps = arm_num_wrps(cpu);
543
+ ctx_cmps = arm_num_ctx_cmps(cpu);
544
+
545
+ assert(ctx_cmps <= brps);
546
+
547
+ define_arm_cp_regs(cpu, debug_cp_reginfo);
548
+
549
+ if (arm_feature(&cpu->env, ARM_FEATURE_LPAE)) {
550
+ define_arm_cp_regs(cpu, debug_lpae_cp_reginfo);
551
+ }
552
+
553
+ for (i = 0; i < brps; i++) {
554
+ char *dbgbvr_el1_name = g_strdup_printf("DBGBVR%d_EL1", i);
555
+ char *dbgbcr_el1_name = g_strdup_printf("DBGBCR%d_EL1", i);
556
+ ARMCPRegInfo dbgregs[] = {
557
+ { .name = dbgbvr_el1_name, .state = ARM_CP_STATE_BOTH,
558
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 4,
559
+ .access = PL1_RW, .accessfn = access_tda,
560
+ .fieldoffset = offsetof(CPUARMState, cp15.dbgbvr[i]),
561
+ .writefn = dbgbvr_write, .raw_writefn = raw_write
562
+ },
563
+ { .name = dbgbcr_el1_name, .state = ARM_CP_STATE_BOTH,
564
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 5,
565
+ .access = PL1_RW, .accessfn = access_tda,
566
+ .fieldoffset = offsetof(CPUARMState, cp15.dbgbcr[i]),
567
+ .writefn = dbgbcr_write, .raw_writefn = raw_write
568
+ },
569
+ };
570
+ define_arm_cp_regs(cpu, dbgregs);
571
+ g_free(dbgbvr_el1_name);
572
+ g_free(dbgbcr_el1_name);
573
+ }
574
+
575
+ for (i = 0; i < wrps; i++) {
576
+ char *dbgwvr_el1_name = g_strdup_printf("DBGWVR%d_EL1", i);
577
+ char *dbgwcr_el1_name = g_strdup_printf("DBGWCR%d_EL1", i);
578
+ ARMCPRegInfo dbgregs[] = {
579
+ { .name = dbgwvr_el1_name, .state = ARM_CP_STATE_BOTH,
580
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 6,
581
+ .access = PL1_RW, .accessfn = access_tda,
582
+ .fieldoffset = offsetof(CPUARMState, cp15.dbgwvr[i]),
583
+ .writefn = dbgwvr_write, .raw_writefn = raw_write
584
+ },
585
+ { .name = dbgwcr_el1_name, .state = ARM_CP_STATE_BOTH,
586
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 7,
587
+ .access = PL1_RW, .accessfn = access_tda,
588
+ .fieldoffset = offsetof(CPUARMState, cp15.dbgwcr[i]),
589
+ .writefn = dbgwcr_write, .raw_writefn = raw_write
590
+ },
591
+ };
592
+ define_arm_cp_regs(cpu, dbgregs);
593
+ g_free(dbgwvr_el1_name);
594
+ g_free(dbgwcr_el1_name);
595
+ }
596
+}
597
+
598
#if !defined(CONFIG_USER_ONLY)
599
600
vaddr arm_adjust_watchpoint_address(CPUState *cs, vaddr addr, int len)
35
diff --git a/target/arm/helper.c b/target/arm/helper.c
601
diff --git a/target/arm/helper.c b/target/arm/helper.c
36
index XXXXXXX..XXXXXXX 100644
602
index XXXXXXX..XXXXXXX 100644
37
--- a/target/arm/helper.c
603
--- a/target/arm/helper.c
38
+++ b/target/arm/helper.c
604
+++ b/target/arm/helper.c
39
@@ -XXX,XX +XXX,XX @@ int fp_exception_el(CPUARMState *env, int cur_el)
605
@@ -XXX,XX +XXX,XX @@ static uint64_t raw_read(CPUARMState *env, const ARMCPRegInfo *ri)
40
return 0;
606
}
41
}
607
}
42
608
43
-ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env,
609
-static void raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
44
- bool secstate, bool priv)
610
- uint64_t value)
45
+ARMMMUIdx arm_v7m_mmu_idx_all(CPUARMState *env,
611
+void raw_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
46
+ bool secstate, bool priv, bool negpri)
47
{
612
{
48
ARMMMUIdx mmu_idx = ARM_MMU_IDX_M;
613
assert(ri->fieldoffset);
49
614
if (cpreg_field_is_64bit(ri)) {
50
@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env,
615
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_trap_aa32s_el1(CPUARMState *env,
51
mmu_idx |= ARM_MMU_IDX_M_PRIV;
616
return CP_ACCESS_TRAP_UNCATEGORIZED;
52
}
53
54
- if (armv7m_nvic_neg_prio_requested(env->nvic, secstate)) {
55
+ if (negpri) {
56
mmu_idx |= ARM_MMU_IDX_M_NEGPRI;
57
}
58
59
@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env,
60
return mmu_idx;
61
}
617
}
62
618
63
+ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env,
619
-static uint64_t arm_mdcr_el2_eff(CPUARMState *env)
64
+ bool secstate, bool priv)
620
-{
65
+{
621
- return arm_is_el2_enabled(env) ? env->cp15.mdcr_el2 : 0;
66
+ bool negpri = armv7m_nvic_neg_prio_requested(env->nvic, secstate);
622
-}
67
+
623
-
68
+ return arm_v7m_mmu_idx_all(env, secstate, priv, negpri);
624
-/*
69
+}
625
- * Check for traps to "powerdown debug" registers, which are controlled
70
+
626
- * by MDCR.TDOSA
71
/* Return the MMU index for a v7M CPU in the specified security state */
627
- */
72
ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate)
628
-static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri,
629
- bool isread)
630
-{
631
- int el = arm_current_el(env);
632
- uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
633
- bool mdcr_el2_tdosa = (mdcr_el2 & MDCR_TDOSA) || (mdcr_el2 & MDCR_TDE) ||
634
- (arm_hcr_el2_eff(env) & HCR_TGE);
635
-
636
- if (el < 2 && mdcr_el2_tdosa) {
637
- return CP_ACCESS_TRAP_EL2;
638
- }
639
- if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDOSA)) {
640
- return CP_ACCESS_TRAP_EL3;
641
- }
642
- return CP_ACCESS_OK;
643
-}
644
-
645
-/*
646
- * Check for traps to "debug ROM" registers, which are controlled
647
- * by MDCR_EL2.TDRA for EL2 but by the more general MDCR_EL3.TDA for EL3.
648
- */
649
-static CPAccessResult access_tdra(CPUARMState *env, const ARMCPRegInfo *ri,
650
- bool isread)
651
-{
652
- int el = arm_current_el(env);
653
- uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
654
- bool mdcr_el2_tdra = (mdcr_el2 & MDCR_TDRA) || (mdcr_el2 & MDCR_TDE) ||
655
- (arm_hcr_el2_eff(env) & HCR_TGE);
656
-
657
- if (el < 2 && mdcr_el2_tdra) {
658
- return CP_ACCESS_TRAP_EL2;
659
- }
660
- if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDA)) {
661
- return CP_ACCESS_TRAP_EL3;
662
- }
663
- return CP_ACCESS_OK;
664
-}
665
-
666
-/*
667
- * Check for traps to general debug registers, which are controlled
668
- * by MDCR_EL2.TDA for EL2 and MDCR_EL3.TDA for EL3.
669
- */
670
-static CPAccessResult access_tda(CPUARMState *env, const ARMCPRegInfo *ri,
671
- bool isread)
672
-{
673
- int el = arm_current_el(env);
674
- uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
675
- bool mdcr_el2_tda = (mdcr_el2 & MDCR_TDA) || (mdcr_el2 & MDCR_TDE) ||
676
- (arm_hcr_el2_eff(env) & HCR_TGE);
677
-
678
- if (el < 2 && mdcr_el2_tda) {
679
- return CP_ACCESS_TRAP_EL2;
680
- }
681
- if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDA)) {
682
- return CP_ACCESS_TRAP_EL3;
683
- }
684
- return CP_ACCESS_OK;
685
-}
686
-
687
/* Check for traps to performance monitor registers, which are controlled
688
* by MDCR_EL2.TPM for EL2 and MDCR_EL3.TPM for EL3.
689
*/
690
@@ -XXX,XX +XXX,XX @@ static CPAccessResult ctr_el0_access(CPUARMState *env, const ARMCPRegInfo *ri,
691
return CP_ACCESS_OK;
692
}
693
694
-static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
695
- uint64_t value)
696
-{
697
- /*
698
- * Writes to OSLAR_EL1 may update the OS lock status, which can be
699
- * read via a bit in OSLSR_EL1.
700
- */
701
- int oslock;
702
-
703
- if (ri->state == ARM_CP_STATE_AA32) {
704
- oslock = (value == 0xC5ACCE55);
705
- } else {
706
- oslock = value & 1;
707
- }
708
-
709
- env->cp15.oslsr_el1 = deposit32(env->cp15.oslsr_el1, 1, 1, oslock);
710
-}
711
-
712
-static const ARMCPRegInfo debug_cp_reginfo[] = {
713
- /*
714
- * DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
715
- * debug components. The AArch64 version of DBGDRAR is named MDRAR_EL1;
716
- * unlike DBGDRAR it is never accessible from EL0.
717
- * DBGDSAR is deprecated and must RAZ from v8 anyway, so it has no AArch64
718
- * accessor.
719
- */
720
- { .name = "DBGDRAR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
721
- .access = PL0_R, .accessfn = access_tdra,
722
- .type = ARM_CP_CONST, .resetvalue = 0 },
723
- { .name = "MDRAR_EL1", .state = ARM_CP_STATE_AA64,
724
- .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 0,
725
- .access = PL1_R, .accessfn = access_tdra,
726
- .type = ARM_CP_CONST, .resetvalue = 0 },
727
- { .name = "DBGDSAR", .cp = 14, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
728
- .access = PL0_R, .accessfn = access_tdra,
729
- .type = ARM_CP_CONST, .resetvalue = 0 },
730
- /* Monitor debug system control register; the 32-bit alias is DBGDSCRext. */
731
- { .name = "MDSCR_EL1", .state = ARM_CP_STATE_BOTH,
732
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
733
- .access = PL1_RW, .accessfn = access_tda,
734
- .fieldoffset = offsetof(CPUARMState, cp15.mdscr_el1),
735
- .resetvalue = 0 },
736
- /*
737
- * MDCCSR_EL0[30:29] map to EDSCR[30:29]. Simply RAZ as the external
738
- * Debug Communication Channel is not implemented.
739
- */
740
- { .name = "MDCCSR_EL0", .state = ARM_CP_STATE_AA64,
741
- .opc0 = 2, .opc1 = 3, .crn = 0, .crm = 1, .opc2 = 0,
742
- .access = PL0_R, .accessfn = access_tda,
743
- .type = ARM_CP_CONST, .resetvalue = 0 },
744
- /*
745
- * DBGDSCRint[15,12,5:2] map to MDSCR_EL1[15,12,5:2]. Map all bits as
746
- * it is unlikely a guest will care.
747
- * We don't implement the configurable EL0 access.
748
- */
749
- { .name = "DBGDSCRint", .state = ARM_CP_STATE_AA32,
750
- .cp = 14, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 0,
751
- .type = ARM_CP_ALIAS,
752
- .access = PL1_R, .accessfn = access_tda,
753
- .fieldoffset = offsetof(CPUARMState, cp15.mdscr_el1), },
754
- { .name = "OSLAR_EL1", .state = ARM_CP_STATE_BOTH,
755
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 4,
756
- .access = PL1_W, .type = ARM_CP_NO_RAW,
757
- .accessfn = access_tdosa,
758
- .writefn = oslar_write },
759
- { .name = "OSLSR_EL1", .state = ARM_CP_STATE_BOTH,
760
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 4,
761
- .access = PL1_R, .resetvalue = 10,
762
- .accessfn = access_tdosa,
763
- .fieldoffset = offsetof(CPUARMState, cp15.oslsr_el1) },
764
- /* Dummy OSDLR_EL1: 32-bit Linux will read this */
765
- { .name = "OSDLR_EL1", .state = ARM_CP_STATE_BOTH,
766
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 4,
767
- .access = PL1_RW, .accessfn = access_tdosa,
768
- .type = ARM_CP_NOP },
769
- /*
770
- * Dummy DBGVCR: Linux wants to clear this on startup, but we don't
771
- * implement vector catch debug events yet.
772
- */
773
- { .name = "DBGVCR",
774
- .cp = 14, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
775
- .access = PL1_RW, .accessfn = access_tda,
776
- .type = ARM_CP_NOP },
777
- /*
778
- * Dummy DBGVCR32_EL2 (which is only for a 64-bit hypervisor
779
- * to save and restore a 32-bit guest's DBGVCR)
780
- */
781
- { .name = "DBGVCR32_EL2", .state = ARM_CP_STATE_AA64,
782
- .opc0 = 2, .opc1 = 4, .crn = 0, .crm = 7, .opc2 = 0,
783
- .access = PL2_RW, .accessfn = access_tda,
784
- .type = ARM_CP_NOP | ARM_CP_EL3_NO_EL2_KEEP },
785
- /*
786
- * Dummy MDCCINT_EL1, since we don't implement the Debug Communications
787
- * Channel but Linux may try to access this register. The 32-bit
788
- * alias is DBGDCCINT.
789
- */
790
- { .name = "MDCCINT_EL1", .state = ARM_CP_STATE_BOTH,
791
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
792
- .access = PL1_RW, .accessfn = access_tda,
793
- .type = ARM_CP_NOP },
794
-};
795
-
796
-static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
797
- /* 64 bit access versions of the (dummy) debug registers */
798
- { .name = "DBGDRAR", .cp = 14, .crm = 1, .opc1 = 0,
799
- .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
800
- { .name = "DBGDSAR", .cp = 14, .crm = 2, .opc1 = 0,
801
- .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
802
-};
803
-
804
/*
805
* Check for traps to RAS registers, which are controlled
806
* by HCR_EL2.TERR and SCR_EL3.TERR.
807
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo sme_reginfo[] = {
808
};
809
#endif /* TARGET_AARCH64 */
810
811
-void hw_watchpoint_update(ARMCPU *cpu, int n)
812
-{
813
- CPUARMState *env = &cpu->env;
814
- vaddr len = 0;
815
- vaddr wvr = env->cp15.dbgwvr[n];
816
- uint64_t wcr = env->cp15.dbgwcr[n];
817
- int mask;
818
- int flags = BP_CPU | BP_STOP_BEFORE_ACCESS;
819
-
820
- if (env->cpu_watchpoint[n]) {
821
- cpu_watchpoint_remove_by_ref(CPU(cpu), env->cpu_watchpoint[n]);
822
- env->cpu_watchpoint[n] = NULL;
823
- }
824
-
825
- if (!FIELD_EX64(wcr, DBGWCR, E)) {
826
- /* E bit clear : watchpoint disabled */
827
- return;
828
- }
829
-
830
- switch (FIELD_EX64(wcr, DBGWCR, LSC)) {
831
- case 0:
832
- /* LSC 00 is reserved and must behave as if the wp is disabled */
833
- return;
834
- case 1:
835
- flags |= BP_MEM_READ;
836
- break;
837
- case 2:
838
- flags |= BP_MEM_WRITE;
839
- break;
840
- case 3:
841
- flags |= BP_MEM_ACCESS;
842
- break;
843
- }
844
-
845
- /*
846
- * Attempts to use both MASK and BAS fields simultaneously are
847
- * CONSTRAINED UNPREDICTABLE; we opt to ignore BAS in this case,
848
- * thus generating a watchpoint for every byte in the masked region.
849
- */
850
- mask = FIELD_EX64(wcr, DBGWCR, MASK);
851
- if (mask == 1 || mask == 2) {
852
- /*
853
- * Reserved values of MASK; we must act as if the mask value was
854
- * some non-reserved value, or as if the watchpoint were disabled.
855
- * We choose the latter.
856
- */
857
- return;
858
- } else if (mask) {
859
- /* Watchpoint covers an aligned area up to 2GB in size */
860
- len = 1ULL << mask;
861
- /*
862
- * If masked bits in WVR are not zero it's CONSTRAINED UNPREDICTABLE
863
- * whether the watchpoint fires when the unmasked bits match; we opt
864
- * to generate the exceptions.
865
- */
866
- wvr &= ~(len - 1);
867
- } else {
868
- /* Watchpoint covers bytes defined by the byte address select bits */
869
- int bas = FIELD_EX64(wcr, DBGWCR, BAS);
870
- int basstart;
871
-
872
- if (extract64(wvr, 2, 1)) {
873
- /*
874
- * Deprecated case of an only 4-aligned address. BAS[7:4] are
875
- * ignored, and BAS[3:0] define which bytes to watch.
876
- */
877
- bas &= 0xf;
878
- }
879
-
880
- if (bas == 0) {
881
- /* This must act as if the watchpoint is disabled */
882
- return;
883
- }
884
-
885
- /*
886
- * The BAS bits are supposed to be programmed to indicate a contiguous
887
- * range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether
888
- * we fire for each byte in the word/doubleword addressed by the WVR.
889
- * We choose to ignore any non-zero bits after the first range of 1s.
890
- */
891
- basstart = ctz32(bas);
892
- len = cto32(bas >> basstart);
893
- wvr += basstart;
894
- }
895
-
896
- cpu_watchpoint_insert(CPU(cpu), wvr, len, flags,
897
- &env->cpu_watchpoint[n]);
898
-}
899
-
900
-void hw_watchpoint_update_all(ARMCPU *cpu)
901
-{
902
- int i;
903
- CPUARMState *env = &cpu->env;
904
-
905
- /*
906
- * Completely clear out existing QEMU watchpoints and our array, to
907
- * avoid possible stale entries following migration load.
908
- */
909
- cpu_watchpoint_remove_all(CPU(cpu), BP_CPU);
910
- memset(env->cpu_watchpoint, 0, sizeof(env->cpu_watchpoint));
911
-
912
- for (i = 0; i < ARRAY_SIZE(cpu->env.cpu_watchpoint); i++) {
913
- hw_watchpoint_update(cpu, i);
914
- }
915
-}
916
-
917
-static void dbgwvr_write(CPUARMState *env, const ARMCPRegInfo *ri,
918
- uint64_t value)
919
-{
920
- ARMCPU *cpu = env_archcpu(env);
921
- int i = ri->crm;
922
-
923
- /*
924
- * Bits [1:0] are RES0.
925
- *
926
- * It is IMPLEMENTATION DEFINED whether [63:49] ([63:53] with FEAT_LVA)
927
- * are hardwired to the value of bit [48] ([52] with FEAT_LVA), or if
928
- * they contain the value written. It is CONSTRAINED UNPREDICTABLE
929
- * whether the RESS bits are ignored when comparing an address.
930
- *
931
- * Therefore we are allowed to compare the entire register, which lets
932
- * us avoid considering whether or not FEAT_LVA is actually enabled.
933
- */
934
- value &= ~3ULL;
935
-
936
- raw_write(env, ri, value);
937
- hw_watchpoint_update(cpu, i);
938
-}
939
-
940
-static void dbgwcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
941
- uint64_t value)
942
-{
943
- ARMCPU *cpu = env_archcpu(env);
944
- int i = ri->crm;
945
-
946
- raw_write(env, ri, value);
947
- hw_watchpoint_update(cpu, i);
948
-}
949
-
950
-void hw_breakpoint_update(ARMCPU *cpu, int n)
951
-{
952
- CPUARMState *env = &cpu->env;
953
- uint64_t bvr = env->cp15.dbgbvr[n];
954
- uint64_t bcr = env->cp15.dbgbcr[n];
955
- vaddr addr;
956
- int bt;
957
- int flags = BP_CPU;
958
-
959
- if (env->cpu_breakpoint[n]) {
960
- cpu_breakpoint_remove_by_ref(CPU(cpu), env->cpu_breakpoint[n]);
961
- env->cpu_breakpoint[n] = NULL;
962
- }
963
-
964
- if (!extract64(bcr, 0, 1)) {
965
- /* E bit clear : watchpoint disabled */
966
- return;
967
- }
968
-
969
- bt = extract64(bcr, 20, 4);
970
-
971
- switch (bt) {
972
- case 4: /* unlinked address mismatch (reserved if AArch64) */
973
- case 5: /* linked address mismatch (reserved if AArch64) */
974
- qemu_log_mask(LOG_UNIMP,
975
- "arm: address mismatch breakpoint types not implemented\n");
976
- return;
977
- case 0: /* unlinked address match */
978
- case 1: /* linked address match */
979
- {
980
- /*
981
- * Bits [1:0] are RES0.
982
- *
983
- * It is IMPLEMENTATION DEFINED whether bits [63:49]
984
- * ([63:53] for FEAT_LVA) are hardwired to a copy of the sign bit
985
- * of the VA field ([48] or [52] for FEAT_LVA), or whether the
986
- * value is read as written. It is CONSTRAINED UNPREDICTABLE
987
- * whether the RESS bits are ignored when comparing an address.
988
- * Therefore we are allowed to compare the entire register, which
989
- * lets us avoid considering whether FEAT_LVA is actually enabled.
990
- *
991
- * The BAS field is used to allow setting breakpoints on 16-bit
992
- * wide instructions; it is CONSTRAINED UNPREDICTABLE whether
993
- * a bp will fire if the addresses covered by the bp and the addresses
994
- * covered by the insn overlap but the insn doesn't start at the
995
- * start of the bp address range. We choose to require the insn and
996
- * the bp to have the same address. The constraints on writing to
997
- * BAS enforced in dbgbcr_write mean we have only four cases:
998
- * 0b0000 => no breakpoint
999
- * 0b0011 => breakpoint on addr
1000
- * 0b1100 => breakpoint on addr + 2
1001
- * 0b1111 => breakpoint on addr
1002
- * See also figure D2-3 in the v8 ARM ARM (DDI0487A.c).
1003
- */
1004
- int bas = extract64(bcr, 5, 4);
1005
- addr = bvr & ~3ULL;
1006
- if (bas == 0) {
1007
- return;
1008
- }
1009
- if (bas == 0xc) {
1010
- addr += 2;
1011
- }
1012
- break;
1013
- }
1014
- case 2: /* unlinked context ID match */
1015
- case 8: /* unlinked VMID match (reserved if no EL2) */
1016
- case 10: /* unlinked context ID and VMID match (reserved if no EL2) */
1017
- qemu_log_mask(LOG_UNIMP,
1018
- "arm: unlinked context breakpoint types not implemented\n");
1019
- return;
1020
- case 9: /* linked VMID match (reserved if no EL2) */
1021
- case 11: /* linked context ID and VMID match (reserved if no EL2) */
1022
- case 3: /* linked context ID match */
1023
- default:
1024
- /*
1025
- * We must generate no events for Linked context matches (unless
1026
- * they are linked to by some other bp/wp, which is handled in
1027
- * updates for the linking bp/wp). We choose to also generate no events
1028
- * for reserved values.
1029
- */
1030
- return;
1031
- }
1032
-
1033
- cpu_breakpoint_insert(CPU(cpu), addr, flags, &env->cpu_breakpoint[n]);
1034
-}
1035
-
1036
-void hw_breakpoint_update_all(ARMCPU *cpu)
1037
-{
1038
- int i;
1039
- CPUARMState *env = &cpu->env;
1040
-
1041
- /*
1042
- * Completely clear out existing QEMU breakpoints and our array, to
1043
- * avoid possible stale entries following migration load.
1044
- */
1045
- cpu_breakpoint_remove_all(CPU(cpu), BP_CPU);
1046
- memset(env->cpu_breakpoint, 0, sizeof(env->cpu_breakpoint));
1047
-
1048
- for (i = 0; i < ARRAY_SIZE(cpu->env.cpu_breakpoint); i++) {
1049
- hw_breakpoint_update(cpu, i);
1050
- }
1051
-}
1052
-
1053
-static void dbgbvr_write(CPUARMState *env, const ARMCPRegInfo *ri,
1054
- uint64_t value)
1055
-{
1056
- ARMCPU *cpu = env_archcpu(env);
1057
- int i = ri->crm;
1058
-
1059
- raw_write(env, ri, value);
1060
- hw_breakpoint_update(cpu, i);
1061
-}
1062
-
1063
-static void dbgbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
1064
- uint64_t value)
1065
-{
1066
- ARMCPU *cpu = env_archcpu(env);
1067
- int i = ri->crm;
1068
-
1069
- /*
1070
- * BAS[3] is a read-only copy of BAS[2], and BAS[1] a read-only
1071
- * copy of BAS[0].
1072
- */
1073
- value = deposit64(value, 6, 1, extract64(value, 5, 1));
1074
- value = deposit64(value, 8, 1, extract64(value, 7, 1));
1075
-
1076
- raw_write(env, ri, value);
1077
- hw_breakpoint_update(cpu, i);
1078
-}
1079
-
1080
-static void define_debug_regs(ARMCPU *cpu)
1081
-{
1082
- /*
1083
- * Define v7 and v8 architectural debug registers.
1084
- * These are just dummy implementations for now.
1085
- */
1086
- int i;
1087
- int wrps, brps, ctx_cmps;
1088
-
1089
- /*
1090
- * The Arm ARM says DBGDIDR is optional and deprecated if EL1 cannot
1091
- * use AArch32. Given that bit 15 is RES1, if the value is 0 then
1092
- * the register must not exist for this cpu.
1093
- */
1094
- if (cpu->isar.dbgdidr != 0) {
1095
- ARMCPRegInfo dbgdidr = {
1096
- .name = "DBGDIDR", .cp = 14, .crn = 0, .crm = 0,
1097
- .opc1 = 0, .opc2 = 0,
1098
- .access = PL0_R, .accessfn = access_tda,
1099
- .type = ARM_CP_CONST, .resetvalue = cpu->isar.dbgdidr,
1100
- };
1101
- define_one_arm_cp_reg(cpu, &dbgdidr);
1102
- }
1103
-
1104
- brps = arm_num_brps(cpu);
1105
- wrps = arm_num_wrps(cpu);
1106
- ctx_cmps = arm_num_ctx_cmps(cpu);
1107
-
1108
- assert(ctx_cmps <= brps);
1109
-
1110
- define_arm_cp_regs(cpu, debug_cp_reginfo);
1111
-
1112
- if (arm_feature(&cpu->env, ARM_FEATURE_LPAE)) {
1113
- define_arm_cp_regs(cpu, debug_lpae_cp_reginfo);
1114
- }
1115
-
1116
- for (i = 0; i < brps; i++) {
1117
- char *dbgbvr_el1_name = g_strdup_printf("DBGBVR%d_EL1", i);
1118
- char *dbgbcr_el1_name = g_strdup_printf("DBGBCR%d_EL1", i);
1119
- ARMCPRegInfo dbgregs[] = {
1120
- { .name = dbgbvr_el1_name, .state = ARM_CP_STATE_BOTH,
1121
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 4,
1122
- .access = PL1_RW, .accessfn = access_tda,
1123
- .fieldoffset = offsetof(CPUARMState, cp15.dbgbvr[i]),
1124
- .writefn = dbgbvr_write, .raw_writefn = raw_write
1125
- },
1126
- { .name = dbgbcr_el1_name, .state = ARM_CP_STATE_BOTH,
1127
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 5,
1128
- .access = PL1_RW, .accessfn = access_tda,
1129
- .fieldoffset = offsetof(CPUARMState, cp15.dbgbcr[i]),
1130
- .writefn = dbgbcr_write, .raw_writefn = raw_write
1131
- },
1132
- };
1133
- define_arm_cp_regs(cpu, dbgregs);
1134
- g_free(dbgbvr_el1_name);
1135
- g_free(dbgbcr_el1_name);
1136
- }
1137
-
1138
- for (i = 0; i < wrps; i++) {
1139
- char *dbgwvr_el1_name = g_strdup_printf("DBGWVR%d_EL1", i);
1140
- char *dbgwcr_el1_name = g_strdup_printf("DBGWCR%d_EL1", i);
1141
- ARMCPRegInfo dbgregs[] = {
1142
- { .name = dbgwvr_el1_name, .state = ARM_CP_STATE_BOTH,
1143
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 6,
1144
- .access = PL1_RW, .accessfn = access_tda,
1145
- .fieldoffset = offsetof(CPUARMState, cp15.dbgwvr[i]),
1146
- .writefn = dbgwvr_write, .raw_writefn = raw_write
1147
- },
1148
- { .name = dbgwcr_el1_name, .state = ARM_CP_STATE_BOTH,
1149
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 7,
1150
- .access = PL1_RW, .accessfn = access_tda,
1151
- .fieldoffset = offsetof(CPUARMState, cp15.dbgwcr[i]),
1152
- .writefn = dbgwcr_write, .raw_writefn = raw_write
1153
- },
1154
- };
1155
- define_arm_cp_regs(cpu, dbgregs);
1156
- g_free(dbgwvr_el1_name);
1157
- g_free(dbgwcr_el1_name);
1158
- }
1159
-}
1160
-
1161
static void define_pmu_regs(ARMCPU *cpu)
73
{
1162
{
1163
/*
74
--
1164
--
75
2.20.1
1165
2.25.1
76
77
diff view generated by jsdifflib
1
Correct the decode of the M-profile "coprocessor and
1
The "OS Lock" in the Arm debug architecture is a way for software
2
floating-point instructions" space:
2
to suppress debug exceptions while it is trying to power down
3
* op0 == 0b11 is always unallocated
3
a CPU and save the state of the breakpoint and watchpoint
4
* if the CPU has an FPU then all insns with op1 == 0b101
4
registers. In QEMU we implemented the support for writing
5
are floating point and go to disas_vfp_insn()
5
the OS Lock bit via OSLAR_EL1 and reading it via OSLSR_EL1,
6
but didn't implement the actual behaviour.
6
7
7
For the moment we leave VLLDM and VLSTM as NOPs; in
8
The required behaviour with the OS Lock set is:
8
a later commit we will fill in the proper implementation
9
* debug exceptions (apart from BKPT insns) are suppressed
9
for the case where an FPU is present.
10
* some MDSCR_EL1 bits allow write access to the corresponding
11
EDSCR external debug status register that they shadow
12
(we can ignore this because we don't implement external debug)
13
* similarly with the OSECCR_EL1 which shadows the EDECCR
14
(but we don't implement OSECCR_EL1 anyway)
15
16
Implement the missing behaviour of suppressing debug
17
exceptions.
10
18
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
20
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
13
Message-id: 20190416125744.27770-7-peter.maydell@linaro.org
21
Message-id: 20220630194116.3438513-4-peter.maydell@linaro.org
14
---
22
---
15
target/arm/translate.c | 26 ++++++++++++++++++++++----
23
target/arm/debug_helper.c | 3 +++
16
1 file changed, 22 insertions(+), 4 deletions(-)
24
1 file changed, 3 insertions(+)
17
25
18
diff --git a/target/arm/translate.c b/target/arm/translate.c
26
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
19
index XXXXXXX..XXXXXXX 100644
27
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/translate.c
28
--- a/target/arm/debug_helper.c
21
+++ b/target/arm/translate.c
29
+++ b/target/arm/debug_helper.c
22
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
30
@@ -XXX,XX +XXX,XX @@ static bool aa32_generate_debug_exceptions(CPUARMState *env)
23
case 6: case 7: case 14: case 15:
31
*/
24
/* Coprocessor. */
32
bool arm_generate_debug_exceptions(CPUARMState *env)
25
if (arm_dc_feature(s, ARM_FEATURE_M)) {
33
{
26
- /* We don't currently implement M profile FP support,
34
+ if (env->cp15.oslsr_el1 & 1) {
27
- * so this entire space should give a NOCP fault, with
35
+ return false;
28
- * the exception of the v8M VLLDM and VLSTM insns, which
36
+ }
29
- * must be NOPs in Secure state and UNDEF in Nonsecure state.
37
if (is_a64(env)) {
30
+ /* 0b111x_11xx_xxxx_xxxx_xxxx_xxxx_xxxx_xxxx */
38
return aa64_generate_debug_exceptions(env);
31
+ if (extract32(insn, 24, 2) == 3) {
39
} else {
32
+ goto illegal_op; /* op0 = 0b11 : unallocated */
33
+ }
34
+
35
+ /*
36
+ * Decode VLLDM and VLSTM first: these are nonstandard because:
37
+ * * if there is no FPU then these insns must NOP in
38
+ * Secure state and UNDEF in Nonsecure state
39
+ * * if there is an FPU then these insns do not have
40
+ * the usual behaviour that disas_vfp_insn() provides of
41
+ * being controlled by CPACR/NSACR enable bits or the
42
+ * lazy-stacking logic.
43
*/
44
if (arm_dc_feature(s, ARM_FEATURE_V8) &&
45
(insn & 0xffa00f00) == 0xec200a00) {
46
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
47
/* Just NOP since FP support is not implemented */
48
break;
49
}
50
+ if (arm_dc_feature(s, ARM_FEATURE_VFP) &&
51
+ ((insn >> 8) & 0xe) == 10) {
52
+ /* FP, and the CPU supports it */
53
+ if (disas_vfp_insn(s, insn)) {
54
+ goto illegal_op;
55
+ }
56
+ break;
57
+ }
58
+
59
/* All other insns: NOCP */
60
gen_exception_insn(s, 4, EXCP_NOCP, syn_uncategorized(),
61
default_exception_el(s));
62
--
40
--
63
2.20.1
41
2.25.1
64
65
diff view generated by jsdifflib
Deleted patch
1
If the floating point extension is present, then the SG instruction
2
must clear the CONTROL_S.SFPA bit. Implement this.
3
1
4
(On a no-FPU system the bit will always be zero, so we don't need
5
to make the clearing of the bit conditional on ARM_FEATURE_VFP.)
6
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20190416125744.27770-8-peter.maydell@linaro.org
10
---
11
target/arm/helper.c | 1 +
12
1 file changed, 1 insertion(+)
13
14
diff --git a/target/arm/helper.c b/target/arm/helper.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/helper.c
17
+++ b/target/arm/helper.c
18
@@ -XXX,XX +XXX,XX @@ static bool v7m_handle_execute_nsc(ARMCPU *cpu)
19
qemu_log_mask(CPU_LOG_INT, "...really an SG instruction at 0x%08" PRIx32
20
", executing it\n", env->regs[15]);
21
env->regs[14] &= ~1;
22
+ env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_SFPA_MASK;
23
switch_v7m_security_state(env, true);
24
xpsr_write(env, 0, XPSR_IT);
25
env->regs[15] += 4;
26
--
27
2.20.1
28
29
diff view generated by jsdifflib
Deleted patch
1
The M-profile CONTROL register has two bits -- SFPA and FPCA --
2
which relate to floating-point support, and should be RES0 otherwise.
3
Handle them correctly in the MSR/MRS register access code.
4
Neither is banked between security states, so they are stored
5
in v7m.control[M_REG_S] regardless of current security state.
6
1
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20190416125744.27770-9-peter.maydell@linaro.org
10
---
11
target/arm/helper.c | 57 ++++++++++++++++++++++++++++++++++++++-------
12
1 file changed, 49 insertions(+), 8 deletions(-)
13
14
diff --git a/target/arm/helper.c b/target/arm/helper.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/helper.c
17
+++ b/target/arm/helper.c
18
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
19
return xpsr_read(env) & mask;
20
break;
21
case 20: /* CONTROL */
22
- return env->v7m.control[env->v7m.secure];
23
+ {
24
+ uint32_t value = env->v7m.control[env->v7m.secure];
25
+ if (!env->v7m.secure) {
26
+ /* SFPA is RAZ/WI from NS; FPCA is stored in the M_REG_S bank */
27
+ value |= env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK;
28
+ }
29
+ return value;
30
+ }
31
case 0x94: /* CONTROL_NS */
32
/* We have to handle this here because unprivileged Secure code
33
* can read the NS CONTROL register.
34
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
35
if (!env->v7m.secure) {
36
return 0;
37
}
38
- return env->v7m.control[M_REG_NS];
39
+ return env->v7m.control[M_REG_NS] |
40
+ (env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK);
41
}
42
43
if (el == 0) {
44
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
45
*/
46
uint32_t mask = extract32(maskreg, 8, 4);
47
uint32_t reg = extract32(maskreg, 0, 8);
48
+ int cur_el = arm_current_el(env);
49
50
- if (arm_current_el(env) == 0 && reg > 7) {
51
- /* only xPSR sub-fields may be written by unprivileged */
52
+ if (cur_el == 0 && reg > 7 && reg != 20) {
53
+ /*
54
+ * only xPSR sub-fields and CONTROL.SFPA may be written by
55
+ * unprivileged code
56
+ */
57
return;
58
}
59
60
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
61
env->v7m.control[M_REG_NS] &= ~R_V7M_CONTROL_NPRIV_MASK;
62
env->v7m.control[M_REG_NS] |= val & R_V7M_CONTROL_NPRIV_MASK;
63
}
64
+ /*
65
+ * SFPA is RAZ/WI from NS. FPCA is RO if NSACR.CP10 == 0,
66
+ * RES0 if the FPU is not present, and is stored in the S bank
67
+ */
68
+ if (arm_feature(env, ARM_FEATURE_VFP) &&
69
+ extract32(env->v7m.nsacr, 10, 1)) {
70
+ env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_FPCA_MASK;
71
+ env->v7m.control[M_REG_S] |= val & R_V7M_CONTROL_FPCA_MASK;
72
+ }
73
return;
74
case 0x98: /* SP_NS */
75
{
76
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
77
env->v7m.faultmask[env->v7m.secure] = val & 1;
78
break;
79
case 20: /* CONTROL */
80
- /* Writing to the SPSEL bit only has an effect if we are in
81
+ /*
82
+ * Writing to the SPSEL bit only has an effect if we are in
83
* thread mode; other bits can be updated by any privileged code.
84
* write_v7m_control_spsel() deals with updating the SPSEL bit in
85
* env->v7m.control, so we only need update the others.
86
* For v7M, we must just ignore explicit writes to SPSEL in handler
87
* mode; for v8M the write is permitted but will have no effect.
88
+ * All these bits are writes-ignored from non-privileged code,
89
+ * except for SFPA.
90
*/
91
- if (arm_feature(env, ARM_FEATURE_V8) ||
92
- !arm_v7m_is_handler_mode(env)) {
93
+ if (cur_el > 0 && (arm_feature(env, ARM_FEATURE_V8) ||
94
+ !arm_v7m_is_handler_mode(env))) {
95
write_v7m_control_spsel(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
96
}
97
- if (arm_feature(env, ARM_FEATURE_M_MAIN)) {
98
+ if (cur_el > 0 && arm_feature(env, ARM_FEATURE_M_MAIN)) {
99
env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK;
100
env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK;
101
}
102
+ if (arm_feature(env, ARM_FEATURE_VFP)) {
103
+ /*
104
+ * SFPA is RAZ/WI from NS or if no FPU.
105
+ * FPCA is RO if NSACR.CP10 == 0, RES0 if the FPU is not present.
106
+ * Both are stored in the S bank.
107
+ */
108
+ if (env->v7m.secure) {
109
+ env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_SFPA_MASK;
110
+ env->v7m.control[M_REG_S] |= val & R_V7M_CONTROL_SFPA_MASK;
111
+ }
112
+ if (cur_el > 0 &&
113
+ (env->v7m.secure || !arm_feature(env, ARM_FEATURE_M_SECURITY) ||
114
+ extract32(env->v7m.nsacr, 10, 1))) {
115
+ env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_FPCA_MASK;
116
+ env->v7m.control[M_REG_S] |= val & R_V7M_CONTROL_FPCA_MASK;
117
+ }
118
+ }
119
break;
120
default:
121
bad_reg:
122
--
123
2.20.1
124
125
diff view generated by jsdifflib
Deleted patch
1
Currently the code in v7m_push_stack() which detects a violation
2
of the v8M stack limit simply returns early if it does so. This
3
is OK for the current integer-only code, but won't work for the
4
floating point handling we're about to add. We need to continue
5
executing the rest of the function so that we check for other
6
exceptions like not having permission to use the FPU and so
7
that we correctly set the FPCCR state if we are doing lazy
8
stacking. Refactor to avoid the early return.
9
1
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Message-id: 20190416125744.27770-10-peter.maydell@linaro.org
13
---
14
target/arm/helper.c | 23 ++++++++++++++++++-----
15
1 file changed, 18 insertions(+), 5 deletions(-)
16
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/helper.c
20
+++ b/target/arm/helper.c
21
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_stack(ARMCPU *cpu)
22
* should ignore further stack faults trying to process
23
* that derived exception.)
24
*/
25
- bool stacked_ok;
26
+ bool stacked_ok = true, limitviol = false;
27
CPUARMState *env = &cpu->env;
28
uint32_t xpsr = xpsr_read(env);
29
uint32_t frameptr = env->regs[13];
30
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_stack(ARMCPU *cpu)
31
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,
32
env->v7m.secure);
33
env->regs[13] = limit;
34
- return true;
35
+ /*
36
+ * We won't try to perform any further memory accesses but
37
+ * we must continue through the following code to check for
38
+ * permission faults during FPU state preservation, and we
39
+ * must update FPCCR if lazy stacking is enabled.
40
+ */
41
+ limitviol = true;
42
+ stacked_ok = false;
43
}
44
}
45
46
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_stack(ARMCPU *cpu)
47
* (which may be taken in preference to the one we started with
48
* if it has higher priority).
49
*/
50
- stacked_ok =
51
+ stacked_ok = stacked_ok &&
52
v7m_stack_write(cpu, frameptr, env->regs[0], mmu_idx, false) &&
53
v7m_stack_write(cpu, frameptr + 4, env->regs[1], mmu_idx, false) &&
54
v7m_stack_write(cpu, frameptr + 8, env->regs[2], mmu_idx, false) &&
55
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_stack(ARMCPU *cpu)
56
v7m_stack_write(cpu, frameptr + 24, env->regs[15], mmu_idx, false) &&
57
v7m_stack_write(cpu, frameptr + 28, xpsr, mmu_idx, false);
58
59
- /* Update SP regardless of whether any of the stack accesses failed. */
60
- env->regs[13] = frameptr;
61
+ /*
62
+ * If we broke a stack limit then SP was already updated earlier;
63
+ * otherwise we update SP regardless of whether any of the stack
64
+ * accesses failed or we took some other kind of fault.
65
+ */
66
+ if (!limitviol) {
67
+ env->regs[13] = frameptr;
68
+ }
69
70
return !stacked_ok;
71
}
72
--
73
2.20.1
74
75
diff view generated by jsdifflib
Deleted patch
1
Handle floating point registers in exception entry.
2
This corresponds to the FP-specific parts of the pseudocode
3
functions ActivateException() and PushStack().
4
1
5
We defer the code corresponding to UpdateFPCCR() to a later patch.
6
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20190416125744.27770-11-peter.maydell@linaro.org
10
---
11
target/arm/helper.c | 98 +++++++++++++++++++++++++++++++++++++++++++--
12
1 file changed, 95 insertions(+), 3 deletions(-)
13
14
diff --git a/target/arm/helper.c b/target/arm/helper.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/helper.c
17
+++ b/target/arm/helper.c
18
@@ -XXX,XX +XXX,XX @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain,
19
switch_v7m_security_state(env, targets_secure);
20
write_v7m_control_spsel(env, 0);
21
arm_clear_exclusive(env);
22
+ /* Clear SFPA and FPCA (has no effect if no FPU) */
23
+ env->v7m.control[M_REG_S] &=
24
+ ~(R_V7M_CONTROL_FPCA_MASK | R_V7M_CONTROL_SFPA_MASK);
25
/* Clear IT bits */
26
env->condexec_bits = 0;
27
env->regs[14] = lr;
28
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_stack(ARMCPU *cpu)
29
uint32_t xpsr = xpsr_read(env);
30
uint32_t frameptr = env->regs[13];
31
ARMMMUIdx mmu_idx = arm_mmu_idx(env);
32
+ uint32_t framesize;
33
+ bool nsacr_cp10 = extract32(env->v7m.nsacr, 10, 1);
34
+
35
+ if ((env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK) &&
36
+ (env->v7m.secure || nsacr_cp10)) {
37
+ if (env->v7m.secure &&
38
+ env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK) {
39
+ framesize = 0xa8;
40
+ } else {
41
+ framesize = 0x68;
42
+ }
43
+ } else {
44
+ framesize = 0x20;
45
+ }
46
47
/* Align stack pointer if the guest wants that */
48
if ((frameptr & 4) &&
49
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_stack(ARMCPU *cpu)
50
xpsr |= XPSR_SPREALIGN;
51
}
52
53
- frameptr -= 0x20;
54
+ xpsr &= ~XPSR_SFPA;
55
+ if (env->v7m.secure &&
56
+ (env->v7m.control[M_REG_S] & R_V7M_CONTROL_SFPA_MASK)) {
57
+ xpsr |= XPSR_SFPA;
58
+ }
59
+
60
+ frameptr -= framesize;
61
62
if (arm_feature(env, ARM_FEATURE_V8)) {
63
uint32_t limit = v7m_sp_limit(env);
64
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_stack(ARMCPU *cpu)
65
v7m_stack_write(cpu, frameptr + 24, env->regs[15], mmu_idx, false) &&
66
v7m_stack_write(cpu, frameptr + 28, xpsr, mmu_idx, false);
67
68
+ if (env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK) {
69
+ /* FPU is active, try to save its registers */
70
+ bool fpccr_s = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK;
71
+ bool lspact = env->v7m.fpccr[fpccr_s] & R_V7M_FPCCR_LSPACT_MASK;
72
+
73
+ if (lspact && arm_feature(env, ARM_FEATURE_M_SECURITY)) {
74
+ qemu_log_mask(CPU_LOG_INT,
75
+ "...SecureFault because LSPACT and FPCA both set\n");
76
+ env->v7m.sfsr |= R_V7M_SFSR_LSERR_MASK;
77
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
78
+ } else if (!env->v7m.secure && !nsacr_cp10) {
79
+ qemu_log_mask(CPU_LOG_INT,
80
+ "...Secure UsageFault with CFSR.NOCP because "
81
+ "NSACR.CP10 prevents stacking FP regs\n");
82
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, M_REG_S);
83
+ env->v7m.cfsr[M_REG_S] |= R_V7M_CFSR_NOCP_MASK;
84
+ } else {
85
+ if (!(env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPEN_MASK)) {
86
+ /* Lazy stacking disabled, save registers now */
87
+ int i;
88
+ bool cpacr_pass = v7m_cpacr_pass(env, env->v7m.secure,
89
+ arm_current_el(env) != 0);
90
+
91
+ if (stacked_ok && !cpacr_pass) {
92
+ /*
93
+ * Take UsageFault if CPACR forbids access. The pseudocode
94
+ * here does a full CheckCPEnabled() but we know the NSACR
95
+ * check can never fail as we have already handled that.
96
+ */
97
+ qemu_log_mask(CPU_LOG_INT,
98
+ "...UsageFault with CFSR.NOCP because "
99
+ "CPACR.CP10 prevents stacking FP regs\n");
100
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,
101
+ env->v7m.secure);
102
+ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_NOCP_MASK;
103
+ stacked_ok = false;
104
+ }
105
+
106
+ for (i = 0; i < ((framesize == 0xa8) ? 32 : 16); i += 2) {
107
+ uint64_t dn = *aa32_vfp_dreg(env, i / 2);
108
+ uint32_t faddr = frameptr + 0x20 + 4 * i;
109
+ uint32_t slo = extract64(dn, 0, 32);
110
+ uint32_t shi = extract64(dn, 32, 32);
111
+
112
+ if (i >= 16) {
113
+ faddr += 8; /* skip the slot for the FPSCR */
114
+ }
115
+ stacked_ok = stacked_ok &&
116
+ v7m_stack_write(cpu, faddr, slo, mmu_idx, false) &&
117
+ v7m_stack_write(cpu, faddr + 4, shi, mmu_idx, false);
118
+ }
119
+ stacked_ok = stacked_ok &&
120
+ v7m_stack_write(cpu, frameptr + 0x60,
121
+ vfp_get_fpscr(env), mmu_idx, false);
122
+ if (cpacr_pass) {
123
+ for (i = 0; i < ((framesize == 0xa8) ? 32 : 16); i += 2) {
124
+ *aa32_vfp_dreg(env, i / 2) = 0;
125
+ }
126
+ vfp_set_fpscr(env, 0);
127
+ }
128
+ } else {
129
+ /* Lazy stacking enabled, save necessary info to stack later */
130
+ /* TODO : equivalent of UpdateFPCCR() pseudocode */
131
+ }
132
+ }
133
+ }
134
+
135
/*
136
* If we broke a stack limit then SP was already updated earlier;
137
* otherwise we update SP regardless of whether any of the stack
138
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
139
140
if (arm_feature(env, ARM_FEATURE_V8)) {
141
lr = R_V7M_EXCRET_RES1_MASK |
142
- R_V7M_EXCRET_DCRS_MASK |
143
- R_V7M_EXCRET_FTYPE_MASK;
144
+ R_V7M_EXCRET_DCRS_MASK;
145
/* The S bit indicates whether we should return to Secure
146
* or NonSecure (ie our current state).
147
* The ES bit indicates whether we're taking this exception
148
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
149
if (env->v7m.secure) {
150
lr |= R_V7M_EXCRET_S_MASK;
151
}
152
+ if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
153
+ lr |= R_V7M_EXCRET_FTYPE_MASK;
154
+ }
155
} else {
156
lr = R_V7M_EXCRET_RES1_MASK |
157
R_V7M_EXCRET_S_MASK |
158
--
159
2.20.1
160
161
diff view generated by jsdifflib
1
The M-profile architecture floating point system supports
1
Starting with v7 of the debug architecture, there are three extra
2
lazy FP state preservation, where FP registers are not
2
ID registers that add information on top of that provided in
3
pushed to the stack when an exception occurs but are instead
3
DBGDIDR. These are DBGDEVID, DBGDEVID1 and DBGDEVID2. In the
4
only saved if and when the first FP instruction in the exception
4
v7 debug architecture, DBGDEVID is optional, present only of
5
handler is executed. Implement this in QEMU, corresponding
5
DBGDIDR.DEVID_imp is set. In v7.1 all three must be present.
6
to the check of LSPACT in the pseudocode ExecuteFPCheck().
6
7
Implement the missing registers. Note that we only need to set the
8
values in the ARMISARegisters struct for the CPUs Cortex-A7, A15,
9
A53, A57 and A72 (plus the 32-bit 'max' which uses the Cortex-A53
10
values): earlier CPUs didn't implement v7 of the architecture, and
11
our other 64-bit CPUs (Cortex-A76, Neoverse-N1 and A64fx) don't have
12
AArch32 support at EL1.
7
13
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
15
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20190416125744.27770-24-peter.maydell@linaro.org
16
Message-id: 20220630194116.3438513-5-peter.maydell@linaro.org
11
---
17
---
12
target/arm/cpu.h | 3 ++
18
target/arm/cpu.h | 7 +++++++
13
target/arm/helper.h | 2 +
19
target/arm/cpu64.c | 6 ++++++
14
target/arm/translate.h | 1 +
20
target/arm/cpu_tcg.c | 6 ++++++
15
target/arm/helper.c | 112 +++++++++++++++++++++++++++++++++++++++++
21
target/arm/debug_helper.c | 36 ++++++++++++++++++++++++++++++++++++
16
target/arm/translate.c | 22 ++++++++
22
4 files changed, 55 insertions(+)
17
5 files changed, 140 insertions(+)
18
23
19
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
24
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
20
index XXXXXXX..XXXXXXX 100644
25
index XXXXXXX..XXXXXXX 100644
21
--- a/target/arm/cpu.h
26
--- a/target/arm/cpu.h
22
+++ b/target/arm/cpu.h
27
+++ b/target/arm/cpu.h
23
@@ -XXX,XX +XXX,XX @@
28
@@ -XXX,XX +XXX,XX @@ struct ArchCPU {
24
#define EXCP_NOCP 17 /* v7M NOCP UsageFault */
29
uint32_t mvfr2;
25
#define EXCP_INVSTATE 18 /* v7M INVSTATE UsageFault */
30
uint32_t id_dfr0;
26
#define EXCP_STKOF 19 /* v8M STKOF UsageFault */
31
uint32_t dbgdidr;
27
+#define EXCP_LAZYFP 20 /* v7M fault during lazy FP stacking */
32
+ uint32_t dbgdevid;
28
/* NB: add new EXCP_ defines to the array in arm_log_exception() too */
33
+ uint32_t dbgdevid1;
29
34
uint64_t id_aa64isar0;
30
#define ARMV7M_EXCP_RESET 1
35
uint64_t id_aa64isar1;
31
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A32, NS, 6, 1)
36
uint64_t id_aa64pfr0;
32
FIELD(TBFLAG_A32, VFPEN, 7, 1)
37
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa32_ssbs(const ARMISARegisters *id)
33
FIELD(TBFLAG_A32, CONDEXEC, 8, 8)
38
return FIELD_EX32(id->id_pfr2, ID_PFR2, SSBS) != 0;
34
FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
35
+/* For M profile only, set if FPCCR.LSPACT is set */
36
+FIELD(TBFLAG_A32, LSPACT, 18, 1)
37
/* For M profile only, set if we must create a new FP context */
38
FIELD(TBFLAG_A32, NEW_FP_CTXT_NEEDED, 19, 1)
39
/* For M profile only, set if FPCCR.S does not match current security state */
40
diff --git a/target/arm/helper.h b/target/arm/helper.h
41
index XXXXXXX..XXXXXXX 100644
42
--- a/target/arm/helper.h
43
+++ b/target/arm/helper.h
44
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(v7m_blxns, void, env, i32)
45
46
DEF_HELPER_3(v7m_tt, i32, env, i32, i32)
47
48
+DEF_HELPER_1(v7m_preserve_fp_state, void, env)
49
+
50
DEF_HELPER_2(v8m_stackcheck, void, env, i32)
51
52
DEF_HELPER_4(access_check_cp_reg, void, env, ptr, i32, i32)
53
diff --git a/target/arm/translate.h b/target/arm/translate.h
54
index XXXXXXX..XXXXXXX 100644
55
--- a/target/arm/translate.h
56
+++ b/target/arm/translate.h
57
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
58
bool v8m_stackcheck; /* true if we need to perform v8M stack limit checks */
59
bool v8m_fpccr_s_wrong; /* true if v8M FPCCR.S != v8m_secure */
60
bool v7m_new_fp_ctxt_needed; /* ASPEN set but no active FP context */
61
+ bool v7m_lspact; /* FPCCR.LSPACT set */
62
/* Immediate value in AArch32 SVC insn; must be set if is_jmp == DISAS_SWI
63
* so that top level loop can generate correct syndrome information.
64
*/
65
diff --git a/target/arm/helper.c b/target/arm/helper.c
66
index XXXXXXX..XXXXXXX 100644
67
--- a/target/arm/helper.c
68
+++ b/target/arm/helper.c
69
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_blxns)(CPUARMState *env, uint32_t dest)
70
g_assert_not_reached();
71
}
39
}
72
40
73
+void HELPER(v7m_preserve_fp_state)(CPUARMState *env)
41
+static inline bool isar_feature_aa32_debugv7p1(const ARMISARegisters *id)
74
+{
42
+{
75
+ /* translate.c should never generate calls here in user-only mode */
43
+ return FIELD_EX32(id->id_dfr0, ID_DFR0, COPDBG) >= 5;
76
+ g_assert_not_reached();
77
+}
44
+}
78
+
45
+
79
uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
46
static inline bool isar_feature_aa32_debugv8p2(const ARMISARegisters *id)
80
{
47
{
81
/* The TT instructions can be used by unprivileged code, but in
48
return FIELD_EX32(id->id_dfr0, ID_DFR0, COPDBG) >= 8;
82
@@ -XXX,XX +XXX,XX @@ pend_fault:
49
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
83
return false;
50
index XXXXXXX..XXXXXXX 100644
84
}
51
--- a/target/arm/cpu64.c
85
52
+++ b/target/arm/cpu64.c
86
+void HELPER(v7m_preserve_fp_state)(CPUARMState *env)
53
@@ -XXX,XX +XXX,XX @@ static void aarch64_a57_initfn(Object *obj)
87
+{
54
cpu->isar.id_aa64isar0 = 0x00011120;
55
cpu->isar.id_aa64mmfr0 = 0x00001124;
56
cpu->isar.dbgdidr = 0x3516d000;
57
+ cpu->isar.dbgdevid = 0x01110f13;
58
+ cpu->isar.dbgdevid1 = 0x2;
59
cpu->isar.reset_pmcr_el0 = 0x41013000;
60
cpu->clidr = 0x0a200023;
61
cpu->ccsidr[0] = 0x701fe00a; /* 32KB L1 dcache */
62
@@ -XXX,XX +XXX,XX @@ static void aarch64_a53_initfn(Object *obj)
63
cpu->isar.id_aa64isar0 = 0x00011120;
64
cpu->isar.id_aa64mmfr0 = 0x00001122; /* 40 bit physical addr */
65
cpu->isar.dbgdidr = 0x3516d000;
66
+ cpu->isar.dbgdevid = 0x00110f13;
67
+ cpu->isar.dbgdevid1 = 0x1;
68
cpu->isar.reset_pmcr_el0 = 0x41033000;
69
cpu->clidr = 0x0a200023;
70
cpu->ccsidr[0] = 0x700fe01a; /* 32KB L1 dcache */
71
@@ -XXX,XX +XXX,XX @@ static void aarch64_a72_initfn(Object *obj)
72
cpu->isar.id_aa64isar0 = 0x00011120;
73
cpu->isar.id_aa64mmfr0 = 0x00001124;
74
cpu->isar.dbgdidr = 0x3516d000;
75
+ cpu->isar.dbgdevid = 0x01110f13;
76
+ cpu->isar.dbgdevid1 = 0x2;
77
cpu->isar.reset_pmcr_el0 = 0x41023000;
78
cpu->clidr = 0x0a200023;
79
cpu->ccsidr[0] = 0x701fe00a; /* 32KB L1 dcache */
80
diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
81
index XXXXXXX..XXXXXXX 100644
82
--- a/target/arm/cpu_tcg.c
83
+++ b/target/arm/cpu_tcg.c
84
@@ -XXX,XX +XXX,XX @@ static void cortex_a7_initfn(Object *obj)
85
cpu->isar.id_isar3 = 0x11112131;
86
cpu->isar.id_isar4 = 0x10011142;
87
cpu->isar.dbgdidr = 0x3515f005;
88
+ cpu->isar.dbgdevid = 0x01110f13;
89
+ cpu->isar.dbgdevid1 = 0x1;
90
cpu->clidr = 0x0a200023;
91
cpu->ccsidr[0] = 0x701fe00a; /* 32K L1 dcache */
92
cpu->ccsidr[1] = 0x201fe00a; /* 32K L1 icache */
93
@@ -XXX,XX +XXX,XX @@ static void cortex_a15_initfn(Object *obj)
94
cpu->isar.id_isar3 = 0x11112131;
95
cpu->isar.id_isar4 = 0x10011142;
96
cpu->isar.dbgdidr = 0x3515f021;
97
+ cpu->isar.dbgdevid = 0x01110f13;
98
+ cpu->isar.dbgdevid1 = 0x0;
99
cpu->clidr = 0x0a200023;
100
cpu->ccsidr[0] = 0x701fe00a; /* 32K L1 dcache */
101
cpu->ccsidr[1] = 0x201fe00a; /* 32K L1 icache */
102
@@ -XXX,XX +XXX,XX @@ static void arm_max_initfn(Object *obj)
103
cpu->isar.id_isar5 = 0x00011121;
104
cpu->isar.id_isar6 = 0;
105
cpu->isar.dbgdidr = 0x3516d000;
106
+ cpu->isar.dbgdevid = 0x00110f13;
107
+ cpu->isar.dbgdevid1 = 0x2;
108
cpu->isar.reset_pmcr_el0 = 0x41013000;
109
cpu->clidr = 0x0a200023;
110
cpu->ccsidr[0] = 0x701fe00a; /* 32KB L1 dcache */
111
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
112
index XXXXXXX..XXXXXXX 100644
113
--- a/target/arm/debug_helper.c
114
+++ b/target/arm/debug_helper.c
115
@@ -XXX,XX +XXX,XX @@ void define_debug_regs(ARMCPU *cpu)
116
define_one_arm_cp_reg(cpu, &dbgdidr);
117
}
118
88
+ /*
119
+ /*
89
+ * Preserve FP state (because LSPACT was set and we are about
120
+ * DBGDEVID is present in the v7 debug architecture if
90
+ * to execute an FP instruction). This corresponds to the
121
+ * DBGDIDR.DEVID_imp is 1 (bit 15); from v7.1 and on it is
91
+ * PreserveFPState() pseudocode.
122
+ * mandatory (and bit 15 is RES1). DBGDEVID1 and DBGDEVID2 exist
92
+ * We may throw an exception if the stacking fails.
123
+ * from v7.1 of the debug architecture. Because no fields have yet
124
+ * been defined in DBGDEVID2 (and quite possibly none will ever
125
+ * be) we don't define an ARMISARegisters field for it.
126
+ * These registers exist only if EL1 can use AArch32, but that
127
+ * happens naturally because they are only PL1 accessible anyway.
93
+ */
128
+ */
94
+ ARMCPU *cpu = arm_env_get_cpu(env);
129
+ if (extract32(cpu->isar.dbgdidr, 15, 1)) {
95
+ bool is_secure = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK;
130
+ ARMCPRegInfo dbgdevid = {
96
+ bool negpri = !(env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_HFRDY_MASK);
131
+ .name = "DBGDEVID",
97
+ bool is_priv = !(env->v7m.fpccr[is_secure] & R_V7M_FPCCR_USER_MASK);
132
+ .cp = 14, .opc1 = 0, .crn = 7, .opc2 = 2, .crn = 7,
98
+ bool splimviol = env->v7m.fpccr[is_secure] & R_V7M_FPCCR_SPLIMVIOL_MASK;
133
+ .access = PL1_R, .accessfn = access_tda,
99
+ uint32_t fpcar = env->v7m.fpcar[is_secure];
134
+ .type = ARM_CP_CONST, .resetvalue = cpu->isar.dbgdevid,
100
+ bool stacked_ok = true;
135
+ };
101
+ bool ts = is_secure && (env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK);
136
+ define_one_arm_cp_reg(cpu, &dbgdevid);
102
+ bool take_exception;
137
+ }
103
+
138
+ if (cpu_isar_feature(aa32_debugv7p1, cpu)) {
104
+ /* Take the iothread lock as we are going to touch the NVIC */
139
+ ARMCPRegInfo dbgdevid12[] = {
105
+ qemu_mutex_lock_iothread();
140
+ {
106
+
141
+ .name = "DBGDEVID1",
107
+ /* Check the background context had access to the FPU */
142
+ .cp = 14, .opc1 = 0, .crn = 7, .opc2 = 1, .crn = 7,
108
+ if (!v7m_cpacr_pass(env, is_secure, is_priv)) {
143
+ .access = PL1_R, .accessfn = access_tda,
109
+ armv7m_nvic_set_pending_lazyfp(env->nvic, ARMV7M_EXCP_USAGE, is_secure);
144
+ .type = ARM_CP_CONST, .resetvalue = cpu->isar.dbgdevid1,
110
+ env->v7m.cfsr[is_secure] |= R_V7M_CFSR_NOCP_MASK;
145
+ }, {
111
+ stacked_ok = false;
146
+ .name = "DBGDEVID2",
112
+ } else if (!is_secure && !extract32(env->v7m.nsacr, 10, 1)) {
147
+ .cp = 14, .opc1 = 0, .crn = 7, .opc2 = 0, .crn = 7,
113
+ armv7m_nvic_set_pending_lazyfp(env->nvic, ARMV7M_EXCP_USAGE, M_REG_S);
148
+ .access = PL1_R, .accessfn = access_tda,
114
+ env->v7m.cfsr[M_REG_S] |= R_V7M_CFSR_NOCP_MASK;
149
+ .type = ARM_CP_CONST, .resetvalue = 0,
115
+ stacked_ok = false;
150
+ },
151
+ };
152
+ define_arm_cp_regs(cpu, dbgdevid12);
116
+ }
153
+ }
117
+
154
+
118
+ if (!splimviol && stacked_ok) {
155
brps = arm_num_brps(cpu);
119
+ /* We only stack if the stack limit wasn't violated */
156
wrps = arm_num_wrps(cpu);
120
+ int i;
157
ctx_cmps = arm_num_ctx_cmps(cpu);
121
+ ARMMMUIdx mmu_idx;
122
+
123
+ mmu_idx = arm_v7m_mmu_idx_all(env, is_secure, is_priv, negpri);
124
+ for (i = 0; i < (ts ? 32 : 16); i += 2) {
125
+ uint64_t dn = *aa32_vfp_dreg(env, i / 2);
126
+ uint32_t faddr = fpcar + 4 * i;
127
+ uint32_t slo = extract64(dn, 0, 32);
128
+ uint32_t shi = extract64(dn, 32, 32);
129
+
130
+ if (i >= 16) {
131
+ faddr += 8; /* skip the slot for the FPSCR */
132
+ }
133
+ stacked_ok = stacked_ok &&
134
+ v7m_stack_write(cpu, faddr, slo, mmu_idx, STACK_LAZYFP) &&
135
+ v7m_stack_write(cpu, faddr + 4, shi, mmu_idx, STACK_LAZYFP);
136
+ }
137
+
138
+ stacked_ok = stacked_ok &&
139
+ v7m_stack_write(cpu, fpcar + 0x40,
140
+ vfp_get_fpscr(env), mmu_idx, STACK_LAZYFP);
141
+ }
142
+
143
+ /*
144
+ * We definitely pended an exception, but it's possible that it
145
+ * might not be able to be taken now. If its priority permits us
146
+ * to take it now, then we must not update the LSPACT or FP regs,
147
+ * but instead jump out to take the exception immediately.
148
+ * If it's just pending and won't be taken until the current
149
+ * handler exits, then we do update LSPACT and the FP regs.
150
+ */
151
+ take_exception = !stacked_ok &&
152
+ armv7m_nvic_can_take_pending_exception(env->nvic);
153
+
154
+ qemu_mutex_unlock_iothread();
155
+
156
+ if (take_exception) {
157
+ raise_exception_ra(env, EXCP_LAZYFP, 0, 1, GETPC());
158
+ }
159
+
160
+ env->v7m.fpccr[is_secure] &= ~R_V7M_FPCCR_LSPACT_MASK;
161
+
162
+ if (ts) {
163
+ /* Clear s0 to s31 and the FPSCR */
164
+ int i;
165
+
166
+ for (i = 0; i < 32; i += 2) {
167
+ *aa32_vfp_dreg(env, i / 2) = 0;
168
+ }
169
+ vfp_set_fpscr(env, 0);
170
+ }
171
+ /*
172
+ * Otherwise s0 to s15 and FPSCR are UNKNOWN; we choose to leave them
173
+ * unchanged.
174
+ */
175
+}
176
+
177
/* Write to v7M CONTROL.SPSEL bit for the specified security bank.
178
* This may change the current stack pointer between Main and Process
179
* stack pointers if it is done for the CONTROL register for the current
180
@@ -XXX,XX +XXX,XX @@ static void arm_log_exception(int idx)
181
[EXCP_NOCP] = "v7M NOCP UsageFault",
182
[EXCP_INVSTATE] = "v7M INVSTATE UsageFault",
183
[EXCP_STKOF] = "v8M STKOF UsageFault",
184
+ [EXCP_LAZYFP] = "v7M exception during lazy FP stacking",
185
};
186
187
if (idx >= 0 && idx < ARRAY_SIZE(excnames)) {
188
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
189
return;
190
}
191
break;
192
+ case EXCP_LAZYFP:
193
+ /*
194
+ * We already pended the specific exception in the NVIC in the
195
+ * v7m_preserve_fp_state() helper function.
196
+ */
197
+ break;
198
default:
199
cpu_abort(cs, "Unhandled exception 0x%x\n", cs->exception_index);
200
return; /* Never happens. Keep compiler happy. */
201
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
202
flags = FIELD_DP32(flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED, 1);
203
}
204
205
+ if (arm_feature(env, ARM_FEATURE_M)) {
206
+ bool is_secure = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK;
207
+
208
+ if (env->v7m.fpccr[is_secure] & R_V7M_FPCCR_LSPACT_MASK) {
209
+ flags = FIELD_DP32(flags, TBFLAG_A32, LSPACT, 1);
210
+ }
211
+ }
212
+
213
*pflags = flags;
214
*cs_base = 0;
215
}
216
diff --git a/target/arm/translate.c b/target/arm/translate.c
217
index XXXXXXX..XXXXXXX 100644
218
--- a/target/arm/translate.c
219
+++ b/target/arm/translate.c
220
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
221
if (arm_dc_feature(s, ARM_FEATURE_M)) {
222
/* Handle M-profile lazy FP state mechanics */
223
224
+ /* Trigger lazy-state preservation if necessary */
225
+ if (s->v7m_lspact) {
226
+ /*
227
+ * Lazy state saving affects external memory and also the NVIC,
228
+ * so we must mark it as an IO operation for icount.
229
+ */
230
+ if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
231
+ gen_io_start();
232
+ }
233
+ gen_helper_v7m_preserve_fp_state(cpu_env);
234
+ if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
235
+ gen_io_end();
236
+ }
237
+ /*
238
+ * If the preserve_fp_state helper doesn't throw an exception
239
+ * then it will clear LSPACT; we don't need to repeat this for
240
+ * any further FP insns in this TB.
241
+ */
242
+ s->v7m_lspact = false;
243
+ }
244
+
245
/* Update ownership of FP context: set FPCCR.S to match current state */
246
if (s->v8m_fpccr_s_wrong) {
247
TCGv_i32 tmp;
248
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
249
dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG);
250
dc->v7m_new_fp_ctxt_needed =
251
FIELD_EX32(tb_flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED);
252
+ dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_A32, LSPACT);
253
dc->cp_regs = cpu->cp_regs;
254
dc->features = env->features;
255
256
--
158
--
257
2.20.1
159
2.25.1
258
259
diff view generated by jsdifflib
1
Implement the code which updates the FPCCR register on an
1
The architecture defines the OS DoubleLock as a register which
2
exception entry where we are going to use lazy FP stacking.
2
(similarly to the OS Lock) suppresses debug events for use in CPU
3
We have to defer to the NVIC to determine whether the
3
powerdown sequences. This functionality is required in Arm v7 and
4
various exceptions are currently ready or not.
4
v8.0; from v8.2 it becomes optional and in v9 it must not be
5
implemented.
5
6
7
Currently in QEMU we implement the OSDLR_EL1 register as a NOP. This
8
is wrong both for the "feature implemented" and the "feature not
9
implemented" cases: if the feature is implemented then the DLK bit
10
should read as written and cause suppression of debug exceptions, and
11
if it is not implemented then the bit must be RAZ/WI.
12
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Message-id: 20190416125744.27770-12-peter.maydell@linaro.org
8
---
15
---
9
target/arm/cpu.h | 14 +++++++++
16
target/arm/cpu.h | 20 ++++++++++++++++++++
10
hw/intc/armv7m_nvic.c | 34 ++++++++++++++++++++++
17
target/arm/debug_helper.c | 20 ++++++++++++++++++--
11
target/arm/helper.c | 67 ++++++++++++++++++++++++++++++++++++++++++-
18
2 files changed, 38 insertions(+), 2 deletions(-)
12
3 files changed, 114 insertions(+), 1 deletion(-)
13
19
14
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
20
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
15
index XXXXXXX..XXXXXXX 100644
21
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/cpu.h
22
--- a/target/arm/cpu.h
17
+++ b/target/arm/cpu.h
23
+++ b/target/arm/cpu.h
18
@@ -XXX,XX +XXX,XX @@ void armv7m_nvic_acknowledge_irq(void *opaque);
24
@@ -XXX,XX +XXX,XX @@ typedef struct CPUArchState {
19
* (Ignoring -1, this is the same as the RETTOBASE value before completion.)
25
uint64_t dbgwcr[16]; /* watchpoint control registers */
20
*/
26
uint64_t mdscr_el1;
21
int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure);
27
uint64_t oslsr_el1; /* OS Lock Status */
22
+/**
28
+ uint64_t osdlr_el1; /* OS DoubleLock status */
23
+ * armv7m_nvic_get_ready_status(void *opaque, int irq, bool secure)
29
uint64_t mdcr_el2;
24
+ * @opaque: the NVIC
30
uint64_t mdcr_el3;
25
+ * @irq: the exception number to mark pending
31
/* Stores the architectural value of the counter *the last time it was
26
+ * @secure: false for non-banked exceptions or for the nonsecure
32
@@ -XXX,XX +XXX,XX @@ FIELD(DBGDIDR, CTX_CMPS, 20, 4)
27
+ * version of a banked exception, true for the secure version of a banked
33
FIELD(DBGDIDR, BRPS, 24, 4)
28
+ * exception.
34
FIELD(DBGDIDR, WRPS, 28, 4)
29
+ *
35
30
+ * Return whether an exception is "ready", i.e. whether the exception is
36
+FIELD(DBGDEVID, PCSAMPLE, 0, 4)
31
+ * enabled and is configured at a priority which would allow it to
37
+FIELD(DBGDEVID, WPADDRMASK, 4, 4)
32
+ * interrupt the current execution priority. This controls whether the
38
+FIELD(DBGDEVID, BPADDRMASK, 8, 4)
33
+ * RDY bit for it in the FPCCR is set.
39
+FIELD(DBGDEVID, VECTORCATCH, 12, 4)
34
+ */
40
+FIELD(DBGDEVID, VIRTEXTNS, 16, 4)
35
+bool armv7m_nvic_get_ready_status(void *opaque, int irq, bool secure);
41
+FIELD(DBGDEVID, DOUBLELOCK, 20, 4)
36
/**
42
+FIELD(DBGDEVID, AUXREGS, 24, 4)
37
* armv7m_nvic_raw_execution_priority: return the raw execution priority
43
+FIELD(DBGDEVID, CIDMASK, 28, 4)
38
* @opaque: the NVIC
44
+
39
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
45
FIELD(MVFR0, SIMDREG, 0, 4)
40
index XXXXXXX..XXXXXXX 100644
46
FIELD(MVFR0, FPSP, 4, 4)
41
--- a/hw/intc/armv7m_nvic.c
47
FIELD(MVFR0, FPDP, 8, 4)
42
+++ b/hw/intc/armv7m_nvic.c
48
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa32_debugv8p2(const ARMISARegisters *id)
43
@@ -XXX,XX +XXX,XX @@ int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure)
49
return FIELD_EX32(id->id_dfr0, ID_DFR0, COPDBG) >= 8;
44
return ret;
45
}
50
}
46
51
47
+bool armv7m_nvic_get_ready_status(void *opaque, int irq, bool secure)
52
+static inline bool isar_feature_aa32_doublelock(const ARMISARegisters *id)
48
+{
53
+{
49
+ /*
54
+ return FIELD_EX32(id->dbgdevid, DBGDEVID, DOUBLELOCK) > 0;
50
+ * Return whether an exception is "ready", i.e. it is enabled and is
51
+ * configured at a priority which would allow it to interrupt the
52
+ * current execution priority.
53
+ *
54
+ * irq and secure have the same semantics as for armv7m_nvic_set_pending():
55
+ * for non-banked exceptions secure is always false; for banked exceptions
56
+ * it indicates which of the exceptions is required.
57
+ */
58
+ NVICState *s = (NVICState *)opaque;
59
+ bool banked = exc_is_banked(irq);
60
+ VecInfo *vec;
61
+ int running = nvic_exec_prio(s);
62
+
63
+ assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
64
+ assert(!secure || banked);
65
+
66
+ /*
67
+ * HardFault is an odd special case: we always check against -1,
68
+ * even if we're secure and HardFault has priority -3; we never
69
+ * need to check for enabled state.
70
+ */
71
+ if (irq == ARMV7M_EXCP_HARD) {
72
+ return running > -1;
73
+ }
74
+
75
+ vec = (banked && secure) ? &s->sec_vectors[irq] : &s->vectors[irq];
76
+
77
+ return vec->enabled &&
78
+ exc_group_prio(s, vec->prio, secure) < running;
79
+}
55
+}
80
+
56
+
81
/* callback when external interrupt line is changed */
57
/*
82
static void set_irq_level(void *opaque, int n, int level)
58
* 64-bit feature tests via id registers.
59
*/
60
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_sme_fa64(const ARMISARegisters *id)
61
return FIELD_EX64(id->id_aa64smfr0, ID_AA64SMFR0, FA64);
62
}
63
64
+static inline bool isar_feature_aa64_doublelock(const ARMISARegisters *id)
65
+{
66
+ return FIELD_SEX64(id->id_aa64dfr0, ID_AA64DFR0, DOUBLELOCK) >= 0;
67
+}
68
+
69
/*
70
* Feature tests for "does this exist in either 32-bit or 64-bit?"
71
*/
72
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
73
index XXXXXXX..XXXXXXX 100644
74
--- a/target/arm/debug_helper.c
75
+++ b/target/arm/debug_helper.c
76
@@ -XXX,XX +XXX,XX @@ static bool aa32_generate_debug_exceptions(CPUARMState *env)
77
*/
78
bool arm_generate_debug_exceptions(CPUARMState *env)
83
{
79
{
84
diff --git a/target/arm/helper.c b/target/arm/helper.c
80
- if (env->cp15.oslsr_el1 & 1) {
85
index XXXXXXX..XXXXXXX 100644
81
+ if ((env->cp15.oslsr_el1 & 1) || (env->cp15.osdlr_el1 & 1)) {
86
--- a/target/arm/helper.c
82
return false;
87
+++ b/target/arm/helper.c
83
}
88
@@ -XXX,XX +XXX,XX @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain,
84
if (is_a64(env)) {
89
env->thumb = addr & 1;
85
@@ -XXX,XX +XXX,XX @@ static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
86
env->cp15.oslsr_el1 = deposit32(env->cp15.oslsr_el1, 1, 1, oslock);
90
}
87
}
91
88
92
+static void v7m_update_fpccr(CPUARMState *env, uint32_t frameptr,
89
+static void osdlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
93
+ bool apply_splim)
90
+ uint64_t value)
94
+{
91
+{
92
+ ARMCPU *cpu = env_archcpu(env);
95
+ /*
93
+ /*
96
+ * Like the pseudocode UpdateFPCCR: save state in FPCAR and FPCCR
94
+ * Only defined bit is bit 0 (DLK); if Feat_DoubleLock is not
97
+ * that we will need later in order to do lazy FP reg stacking.
95
+ * implemented this is RAZ/WI.
98
+ */
96
+ */
99
+ bool is_secure = env->v7m.secure;
97
+ if(arm_feature(env, ARM_FEATURE_AARCH64)
100
+ void *nvic = env->nvic;
98
+ ? cpu_isar_feature(aa64_doublelock, cpu)
101
+ /*
99
+ : cpu_isar_feature(aa32_doublelock, cpu)) {
102
+ * Some bits are unbanked and live always in fpccr[M_REG_S]; some bits
100
+ env->cp15.osdlr_el1 = value & 1;
103
+ * are banked and we want to update the bit in the bank for the
104
+ * current security state; and in one case we want to specifically
105
+ * update the NS banked version of a bit even if we are secure.
106
+ */
107
+ uint32_t *fpccr_s = &env->v7m.fpccr[M_REG_S];
108
+ uint32_t *fpccr_ns = &env->v7m.fpccr[M_REG_NS];
109
+ uint32_t *fpccr = &env->v7m.fpccr[is_secure];
110
+ bool hfrdy, bfrdy, mmrdy, ns_ufrdy, s_ufrdy, sfrdy, monrdy;
111
+
112
+ env->v7m.fpcar[is_secure] = frameptr & ~0x7;
113
+
114
+ if (apply_splim && arm_feature(env, ARM_FEATURE_V8)) {
115
+ bool splimviol;
116
+ uint32_t splim = v7m_sp_limit(env);
117
+ bool ign = armv7m_nvic_neg_prio_requested(nvic, is_secure) &&
118
+ (env->v7m.ccr[is_secure] & R_V7M_CCR_STKOFHFNMIGN_MASK);
119
+
120
+ splimviol = !ign && frameptr < splim;
121
+ *fpccr = FIELD_DP32(*fpccr, V7M_FPCCR, SPLIMVIOL, splimviol);
122
+ }
123
+
124
+ *fpccr = FIELD_DP32(*fpccr, V7M_FPCCR, LSPACT, 1);
125
+
126
+ *fpccr_s = FIELD_DP32(*fpccr_s, V7M_FPCCR, S, is_secure);
127
+
128
+ *fpccr = FIELD_DP32(*fpccr, V7M_FPCCR, USER, arm_current_el(env) == 0);
129
+
130
+ *fpccr = FIELD_DP32(*fpccr, V7M_FPCCR, THREAD,
131
+ !arm_v7m_is_handler_mode(env));
132
+
133
+ hfrdy = armv7m_nvic_get_ready_status(nvic, ARMV7M_EXCP_HARD, false);
134
+ *fpccr_s = FIELD_DP32(*fpccr_s, V7M_FPCCR, HFRDY, hfrdy);
135
+
136
+ bfrdy = armv7m_nvic_get_ready_status(nvic, ARMV7M_EXCP_BUS, false);
137
+ *fpccr_s = FIELD_DP32(*fpccr_s, V7M_FPCCR, BFRDY, bfrdy);
138
+
139
+ mmrdy = armv7m_nvic_get_ready_status(nvic, ARMV7M_EXCP_MEM, is_secure);
140
+ *fpccr = FIELD_DP32(*fpccr, V7M_FPCCR, MMRDY, mmrdy);
141
+
142
+ ns_ufrdy = armv7m_nvic_get_ready_status(nvic, ARMV7M_EXCP_USAGE, false);
143
+ *fpccr_ns = FIELD_DP32(*fpccr_ns, V7M_FPCCR, UFRDY, ns_ufrdy);
144
+
145
+ monrdy = armv7m_nvic_get_ready_status(nvic, ARMV7M_EXCP_DEBUG, false);
146
+ *fpccr_s = FIELD_DP32(*fpccr_s, V7M_FPCCR, MONRDY, monrdy);
147
+
148
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
149
+ s_ufrdy = armv7m_nvic_get_ready_status(nvic, ARMV7M_EXCP_USAGE, true);
150
+ *fpccr_s = FIELD_DP32(*fpccr_s, V7M_FPCCR, UFRDY, s_ufrdy);
151
+
152
+ sfrdy = armv7m_nvic_get_ready_status(nvic, ARMV7M_EXCP_SECURE, false);
153
+ *fpccr_s = FIELD_DP32(*fpccr_s, V7M_FPCCR, SFRDY, sfrdy);
154
+ }
101
+ }
155
+}
102
+}
156
+
103
+
157
static bool v7m_push_stack(ARMCPU *cpu)
104
static const ARMCPRegInfo debug_cp_reginfo[] = {
158
{
105
/*
159
/* Do the "set up stack frame" part of exception entry,
106
* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
160
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_stack(ARMCPU *cpu)
107
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
161
}
108
{ .name = "OSDLR_EL1", .state = ARM_CP_STATE_BOTH,
162
} else {
109
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 4,
163
/* Lazy stacking enabled, save necessary info to stack later */
110
.access = PL1_RW, .accessfn = access_tdosa,
164
- /* TODO : equivalent of UpdateFPCCR() pseudocode */
111
- .type = ARM_CP_NOP },
165
+ v7m_update_fpccr(env, frameptr + 0x20, true);
112
+ .writefn = osdlr_write,
166
}
113
+ .fieldoffset = offsetof(CPUARMState, cp15.osdlr_el1) },
167
}
114
/*
168
}
115
* Dummy DBGVCR: Linux wants to clear this on startup, but we don't
116
* implement vector catch debug events yet.
169
--
117
--
170
2.20.1
118
2.25.1
171
172
diff view generated by jsdifflib
Deleted patch
1
For v8M floating point support, transitions from Secure
2
to Non-secure state via BLNS and BLXNS must clear the
3
CONTROL.SFPA bit. (This corresponds to the pseudocode
4
BranchToNS() function.)
5
1
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20190416125744.27770-13-peter.maydell@linaro.org
9
---
10
target/arm/helper.c | 4 ++++
11
1 file changed, 4 insertions(+)
12
13
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.c
16
+++ b/target/arm/helper.c
17
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_bxns)(CPUARMState *env, uint32_t dest)
18
/* translate.c should have made BXNS UNDEF unless we're secure */
19
assert(env->v7m.secure);
20
21
+ if (!(dest & 1)) {
22
+ env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_SFPA_MASK;
23
+ }
24
switch_v7m_security_state(env, dest & 1);
25
env->thumb = 1;
26
env->regs[15] = dest & ~1;
27
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_blxns)(CPUARMState *env, uint32_t dest)
28
*/
29
write_v7m_exception(env, 1);
30
}
31
+ env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_SFPA_MASK;
32
switch_v7m_security_state(env, 0);
33
env->thumb = 1;
34
env->regs[15] = dest;
35
--
36
2.20.1
37
38
diff view generated by jsdifflib
Deleted patch
1
The TailChain() pseudocode specifies that a tail chaining
2
exception should sanitize the excReturn all-ones bits and
3
(if there is no FPU) the excReturn FType bits; we weren't
4
doing this.
5
1
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20190416125744.27770-14-peter.maydell@linaro.org
9
---
10
target/arm/helper.c | 8 ++++++++
11
1 file changed, 8 insertions(+)
12
13
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.c
16
+++ b/target/arm/helper.c
17
@@ -XXX,XX +XXX,XX @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain,
18
qemu_log_mask(CPU_LOG_INT, "...taking pending %s exception %d\n",
19
targets_secure ? "secure" : "nonsecure", exc);
20
21
+ if (dotailchain) {
22
+ /* Sanitize LR FType and PREFIX bits */
23
+ if (!arm_feature(env, ARM_FEATURE_VFP)) {
24
+ lr |= R_V7M_EXCRET_FTYPE_MASK;
25
+ }
26
+ lr = deposit32(lr, 24, 8, 0xff);
27
+ }
28
+
29
if (arm_feature(env, ARM_FEATURE_V8)) {
30
if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&
31
(lr & R_V7M_EXCRET_S_MASK)) {
32
--
33
2.20.1
34
35
diff view generated by jsdifflib
Deleted patch
1
The magic value pushed onto the callee stack as an integrity
2
check is different if floating point is present.
3
1
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Message-id: 20190416125744.27770-15-peter.maydell@linaro.org
7
---
8
target/arm/helper.c | 22 +++++++++++++++++++---
9
1 file changed, 19 insertions(+), 3 deletions(-)
10
11
diff --git a/target/arm/helper.c b/target/arm/helper.c
12
index XXXXXXX..XXXXXXX 100644
13
--- a/target/arm/helper.c
14
+++ b/target/arm/helper.c
15
@@ -XXX,XX +XXX,XX @@ load_fail:
16
return false;
17
}
18
19
+static uint32_t v7m_integrity_sig(CPUARMState *env, uint32_t lr)
20
+{
21
+ /*
22
+ * Return the integrity signature value for the callee-saves
23
+ * stack frame section. @lr is the exception return payload/LR value
24
+ * whose FType bit forms bit 0 of the signature if FP is present.
25
+ */
26
+ uint32_t sig = 0xfefa125a;
27
+
28
+ if (!arm_feature(env, ARM_FEATURE_VFP) || (lr & R_V7M_EXCRET_FTYPE_MASK)) {
29
+ sig |= 1;
30
+ }
31
+ return sig;
32
+}
33
+
34
static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
35
bool ignore_faults)
36
{
37
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
38
bool stacked_ok;
39
uint32_t limit;
40
bool want_psp;
41
+ uint32_t sig;
42
43
if (dotailchain) {
44
bool mode = lr & R_V7M_EXCRET_MODE_MASK;
45
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
46
/* Write as much of the stack frame as we can. A write failure may
47
* cause us to pend a derived exception.
48
*/
49
+ sig = v7m_integrity_sig(env, lr);
50
stacked_ok =
51
- v7m_stack_write(cpu, frameptr, 0xfefa125b, mmu_idx, ignore_faults) &&
52
+ v7m_stack_write(cpu, frameptr, sig, mmu_idx, ignore_faults) &&
53
v7m_stack_write(cpu, frameptr + 0x8, env->regs[4], mmu_idx,
54
ignore_faults) &&
55
v7m_stack_write(cpu, frameptr + 0xc, env->regs[5], mmu_idx,
56
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
57
if (return_to_secure &&
58
((excret & R_V7M_EXCRET_ES_MASK) == 0 ||
59
(excret & R_V7M_EXCRET_DCRS_MASK) == 0)) {
60
- uint32_t expected_sig = 0xfefa125b;
61
uint32_t actual_sig;
62
63
pop_ok = v7m_stack_read(cpu, &actual_sig, frameptr, mmu_idx);
64
65
- if (pop_ok && expected_sig != actual_sig) {
66
+ if (pop_ok && v7m_integrity_sig(env, excret) != actual_sig) {
67
/* Take a SecureFault on the current stack */
68
env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK;
69
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
70
--
71
2.20.1
72
73
diff view generated by jsdifflib
Deleted patch
1
Move the NS TBFLAG down from bit 19 to bit 6, which has not
2
been used since commit c1e3781090b9d36c60 in 2015, when we
3
started passing the entire MMU index in the TB flags rather
4
than just a 'privilege level' bit.
5
1
6
This rearrangement is not strictly necessary, but means that
7
we can put M-profile-only bits next to each other rather
8
than scattered across the flag word.
9
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Message-id: 20190416125744.27770-17-peter.maydell@linaro.org
13
---
14
target/arm/cpu.h | 11 ++++++-----
15
1 file changed, 6 insertions(+), 5 deletions(-)
16
17
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/cpu.h
20
+++ b/target/arm/cpu.h
21
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_ANY, BE_DATA, 23, 1)
22
FIELD(TBFLAG_A32, THUMB, 0, 1)
23
FIELD(TBFLAG_A32, VECLEN, 1, 3)
24
FIELD(TBFLAG_A32, VECSTRIDE, 4, 2)
25
+/*
26
+ * Indicates whether cp register reads and writes by guest code should access
27
+ * the secure or nonsecure bank of banked registers; note that this is not
28
+ * the same thing as the current security state of the processor!
29
+ */
30
+FIELD(TBFLAG_A32, NS, 6, 1)
31
FIELD(TBFLAG_A32, VFPEN, 7, 1)
32
FIELD(TBFLAG_A32, CONDEXEC, 8, 8)
33
FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
34
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
35
* checks on the other bits at runtime
36
*/
37
FIELD(TBFLAG_A32, XSCALE_CPAR, 17, 2)
38
-/* Indicates whether cp register reads and writes by guest code should access
39
- * the secure or nonsecure bank of banked registers; note that this is not
40
- * the same thing as the current security state of the processor!
41
- */
42
-FIELD(TBFLAG_A32, NS, 19, 1)
43
/* For M profile only, Handler (ie not Thread) mode */
44
FIELD(TBFLAG_A32, HANDLER, 21, 1)
45
/* For M profile only, whether we should generate stack-limit checks */
46
--
47
2.20.1
48
49
diff view generated by jsdifflib
Deleted patch
1
We are close to running out of TB flags for AArch32; we could
2
start using the cs_base word, but before we do that we can
3
economise on our usage by sharing the same bits for the VFP
4
VECSTRIDE field and the XScale XSCALE_CPAR field. This
5
works because no XScale CPU ever had VFP.
6
1
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20190416125744.27770-18-peter.maydell@linaro.org
10
---
11
target/arm/cpu.h | 10 ++++++----
12
target/arm/cpu.c | 7 +++++++
13
target/arm/helper.c | 6 +++++-
14
target/arm/translate.c | 9 +++++++--
15
4 files changed, 25 insertions(+), 7 deletions(-)
16
17
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/cpu.h
20
+++ b/target/arm/cpu.h
21
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_ANY, BE_DATA, 23, 1)
22
FIELD(TBFLAG_A32, THUMB, 0, 1)
23
FIELD(TBFLAG_A32, VECLEN, 1, 3)
24
FIELD(TBFLAG_A32, VECSTRIDE, 4, 2)
25
+/*
26
+ * We store the bottom two bits of the CPAR as TB flags and handle
27
+ * checks on the other bits at runtime. This shares the same bits as
28
+ * VECSTRIDE, which is OK as no XScale CPU has VFP.
29
+ */
30
+FIELD(TBFLAG_A32, XSCALE_CPAR, 4, 2)
31
/*
32
* Indicates whether cp register reads and writes by guest code should access
33
* the secure or nonsecure bank of banked registers; note that this is not
34
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A32, NS, 6, 1)
35
FIELD(TBFLAG_A32, VFPEN, 7, 1)
36
FIELD(TBFLAG_A32, CONDEXEC, 8, 8)
37
FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
38
-/* We store the bottom two bits of the CPAR as TB flags and handle
39
- * checks on the other bits at runtime
40
- */
41
-FIELD(TBFLAG_A32, XSCALE_CPAR, 17, 2)
42
/* For M profile only, Handler (ie not Thread) mode */
43
FIELD(TBFLAG_A32, HANDLER, 21, 1)
44
/* For M profile only, whether we should generate stack-limit checks */
45
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
46
index XXXXXXX..XXXXXXX 100644
47
--- a/target/arm/cpu.c
48
+++ b/target/arm/cpu.c
49
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
50
set_feature(env, ARM_FEATURE_THUMB_DSP);
51
}
52
53
+ /*
54
+ * We rely on no XScale CPU having VFP so we can use the same bits in the
55
+ * TB flags field for VECSTRIDE and XSCALE_CPAR.
56
+ */
57
+ assert(!(arm_feature(env, ARM_FEATURE_VFP) &&
58
+ arm_feature(env, ARM_FEATURE_XSCALE)));
59
+
60
if (arm_feature(env, ARM_FEATURE_V7) &&
61
!arm_feature(env, ARM_FEATURE_M) &&
62
!arm_feature(env, ARM_FEATURE_PMSA)) {
63
diff --git a/target/arm/helper.c b/target/arm/helper.c
64
index XXXXXXX..XXXXXXX 100644
65
--- a/target/arm/helper.c
66
+++ b/target/arm/helper.c
67
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
68
|| arm_el_is_aa64(env, 1) || arm_feature(env, ARM_FEATURE_M)) {
69
flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1);
70
}
71
- flags = FIELD_DP32(flags, TBFLAG_A32, XSCALE_CPAR, env->cp15.c15_cpar);
72
+ /* Note that XSCALE_CPAR shares bits with VECSTRIDE */
73
+ if (arm_feature(env, ARM_FEATURE_XSCALE)) {
74
+ flags = FIELD_DP32(flags, TBFLAG_A32,
75
+ XSCALE_CPAR, env->cp15.c15_cpar);
76
+ }
77
}
78
79
flags = FIELD_DP32(flags, TBFLAG_ANY, MMUIDX, arm_to_core_mmu_idx(mmu_idx));
80
diff --git a/target/arm/translate.c b/target/arm/translate.c
81
index XXXXXXX..XXXXXXX 100644
82
--- a/target/arm/translate.c
83
+++ b/target/arm/translate.c
84
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
85
dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
86
dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
87
dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
88
- dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
89
- dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
90
+ if (arm_feature(env, ARM_FEATURE_XSCALE)) {
91
+ dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
92
+ dc->vec_stride = 0;
93
+ } else {
94
+ dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
95
+ dc->c15_cpar = 0;
96
+ }
97
dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_A32, HANDLER);
98
dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
99
regime_is_secure(env, dc->mmu_idx);
100
--
101
2.20.1
102
103
diff view generated by jsdifflib
Deleted patch
1
The M-profile FPCCR.S bit indicates the security status of
2
the floating point context. In the pseudocode ExecuteFPCheck()
3
function it is unconditionally set to match the current
4
security state whenever a floating point instruction is
5
executed.
6
1
7
Implement this by adding a new TB flag which tracks whether
8
FPCCR.S is different from the current security state, so
9
that we only need to emit the code to update it in the
10
less-common case when it is not already set correctly.
11
12
Note that we will add the handling for the other work done
13
by ExecuteFPCheck() in later commits.
14
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Message-id: 20190416125744.27770-19-peter.maydell@linaro.org
18
---
19
target/arm/cpu.h | 2 ++
20
target/arm/translate.h | 1 +
21
target/arm/helper.c | 5 +++++
22
target/arm/translate.c | 20 ++++++++++++++++++++
23
4 files changed, 28 insertions(+)
24
25
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
26
index XXXXXXX..XXXXXXX 100644
27
--- a/target/arm/cpu.h
28
+++ b/target/arm/cpu.h
29
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A32, NS, 6, 1)
30
FIELD(TBFLAG_A32, VFPEN, 7, 1)
31
FIELD(TBFLAG_A32, CONDEXEC, 8, 8)
32
FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
33
+/* For M profile only, set if FPCCR.S does not match current security state */
34
+FIELD(TBFLAG_A32, FPCCR_S_WRONG, 20, 1)
35
/* For M profile only, Handler (ie not Thread) mode */
36
FIELD(TBFLAG_A32, HANDLER, 21, 1)
37
/* For M profile only, whether we should generate stack-limit checks */
38
diff --git a/target/arm/translate.h b/target/arm/translate.h
39
index XXXXXXX..XXXXXXX 100644
40
--- a/target/arm/translate.h
41
+++ b/target/arm/translate.h
42
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
43
bool v7m_handler_mode;
44
bool v8m_secure; /* true if v8M and we're in Secure mode */
45
bool v8m_stackcheck; /* true if we need to perform v8M stack limit checks */
46
+ bool v8m_fpccr_s_wrong; /* true if v8M FPCCR.S != v8m_secure */
47
/* Immediate value in AArch32 SVC insn; must be set if is_jmp == DISAS_SWI
48
* so that top level loop can generate correct syndrome information.
49
*/
50
diff --git a/target/arm/helper.c b/target/arm/helper.c
51
index XXXXXXX..XXXXXXX 100644
52
--- a/target/arm/helper.c
53
+++ b/target/arm/helper.c
54
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
55
flags = FIELD_DP32(flags, TBFLAG_A32, STACKCHECK, 1);
56
}
57
58
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY) &&
59
+ FIELD_EX32(env->v7m.fpccr[M_REG_S], V7M_FPCCR, S) != env->v7m.secure) {
60
+ flags = FIELD_DP32(flags, TBFLAG_A32, FPCCR_S_WRONG, 1);
61
+ }
62
+
63
*pflags = flags;
64
*cs_base = 0;
65
}
66
diff --git a/target/arm/translate.c b/target/arm/translate.c
67
index XXXXXXX..XXXXXXX 100644
68
--- a/target/arm/translate.c
69
+++ b/target/arm/translate.c
70
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
71
}
72
}
73
74
+ if (arm_dc_feature(s, ARM_FEATURE_M)) {
75
+ /* Handle M-profile lazy FP state mechanics */
76
+
77
+ /* Update ownership of FP context: set FPCCR.S to match current state */
78
+ if (s->v8m_fpccr_s_wrong) {
79
+ TCGv_i32 tmp;
80
+
81
+ tmp = load_cpu_field(v7m.fpccr[M_REG_S]);
82
+ if (s->v8m_secure) {
83
+ tcg_gen_ori_i32(tmp, tmp, R_V7M_FPCCR_S_MASK);
84
+ } else {
85
+ tcg_gen_andi_i32(tmp, tmp, ~R_V7M_FPCCR_S_MASK);
86
+ }
87
+ store_cpu_field(tmp, v7m.fpccr[M_REG_S]);
88
+ /* Don't need to do this for any further FP insns in this TB */
89
+ s->v8m_fpccr_s_wrong = false;
90
+ }
91
+ }
92
+
93
if (extract32(insn, 28, 4) == 0xf) {
94
/*
95
* Encodings with T=1 (Thumb) or unconditional (ARM):
96
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
97
dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
98
regime_is_secure(env, dc->mmu_idx);
99
dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_A32, STACKCHECK);
100
+ dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG);
101
dc->cp_regs = cpu->cp_regs;
102
dc->features = env->features;
103
104
--
105
2.20.1
106
107
diff view generated by jsdifflib
Deleted patch
1
The M-profile FPCCR.ASPEN bit indicates that automatic floating-point
2
context preservation is enabled. Before executing any floating-point
3
instruction, if FPCCR.ASPEN is set and the CONTROL FPCA/SFPA bits
4
indicate that there is no active floating point context then we
5
must create a new context (by initializing FPSCR and setting
6
FPCA/SFPA to indicate that the context is now active). In the
7
pseudocode this is handled by ExecuteFPCheck().
8
1
9
Implement this with a new TB flag which tracks whether we
10
need to create a new FP context.
11
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
14
Message-id: 20190416125744.27770-20-peter.maydell@linaro.org
15
---
16
target/arm/cpu.h | 2 ++
17
target/arm/translate.h | 1 +
18
target/arm/helper.c | 13 +++++++++++++
19
target/arm/translate.c | 29 +++++++++++++++++++++++++++++
20
4 files changed, 45 insertions(+)
21
22
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
23
index XXXXXXX..XXXXXXX 100644
24
--- a/target/arm/cpu.h
25
+++ b/target/arm/cpu.h
26
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_A32, NS, 6, 1)
27
FIELD(TBFLAG_A32, VFPEN, 7, 1)
28
FIELD(TBFLAG_A32, CONDEXEC, 8, 8)
29
FIELD(TBFLAG_A32, SCTLR_B, 16, 1)
30
+/* For M profile only, set if we must create a new FP context */
31
+FIELD(TBFLAG_A32, NEW_FP_CTXT_NEEDED, 19, 1)
32
/* For M profile only, set if FPCCR.S does not match current security state */
33
FIELD(TBFLAG_A32, FPCCR_S_WRONG, 20, 1)
34
/* For M profile only, Handler (ie not Thread) mode */
35
diff --git a/target/arm/translate.h b/target/arm/translate.h
36
index XXXXXXX..XXXXXXX 100644
37
--- a/target/arm/translate.h
38
+++ b/target/arm/translate.h
39
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
40
bool v8m_secure; /* true if v8M and we're in Secure mode */
41
bool v8m_stackcheck; /* true if we need to perform v8M stack limit checks */
42
bool v8m_fpccr_s_wrong; /* true if v8M FPCCR.S != v8m_secure */
43
+ bool v7m_new_fp_ctxt_needed; /* ASPEN set but no active FP context */
44
/* Immediate value in AArch32 SVC insn; must be set if is_jmp == DISAS_SWI
45
* so that top level loop can generate correct syndrome information.
46
*/
47
diff --git a/target/arm/helper.c b/target/arm/helper.c
48
index XXXXXXX..XXXXXXX 100644
49
--- a/target/arm/helper.c
50
+++ b/target/arm/helper.c
51
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
52
flags = FIELD_DP32(flags, TBFLAG_A32, FPCCR_S_WRONG, 1);
53
}
54
55
+ if (arm_feature(env, ARM_FEATURE_M) &&
56
+ (env->v7m.fpccr[env->v7m.secure] & R_V7M_FPCCR_ASPEN_MASK) &&
57
+ (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK) ||
58
+ (env->v7m.secure &&
59
+ !(env->v7m.control[M_REG_S] & R_V7M_CONTROL_SFPA_MASK)))) {
60
+ /*
61
+ * ASPEN is set, but FPCA/SFPA indicate that there is no active
62
+ * FP context; we must create a new FP context before executing
63
+ * any FP insn.
64
+ */
65
+ flags = FIELD_DP32(flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED, 1);
66
+ }
67
+
68
*pflags = flags;
69
*cs_base = 0;
70
}
71
diff --git a/target/arm/translate.c b/target/arm/translate.c
72
index XXXXXXX..XXXXXXX 100644
73
--- a/target/arm/translate.c
74
+++ b/target/arm/translate.c
75
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
76
/* Don't need to do this for any further FP insns in this TB */
77
s->v8m_fpccr_s_wrong = false;
78
}
79
+
80
+ if (s->v7m_new_fp_ctxt_needed) {
81
+ /*
82
+ * Create new FP context by updating CONTROL.FPCA, CONTROL.SFPA
83
+ * and the FPSCR.
84
+ */
85
+ TCGv_i32 control, fpscr;
86
+ uint32_t bits = R_V7M_CONTROL_FPCA_MASK;
87
+
88
+ fpscr = load_cpu_field(v7m.fpdscr[s->v8m_secure]);
89
+ gen_helper_vfp_set_fpscr(cpu_env, fpscr);
90
+ tcg_temp_free_i32(fpscr);
91
+ /*
92
+ * We don't need to arrange to end the TB, because the only
93
+ * parts of FPSCR which we cache in the TB flags are the VECLEN
94
+ * and VECSTRIDE, and those don't exist for M-profile.
95
+ */
96
+
97
+ if (s->v8m_secure) {
98
+ bits |= R_V7M_CONTROL_SFPA_MASK;
99
+ }
100
+ control = load_cpu_field(v7m.control[M_REG_S]);
101
+ tcg_gen_ori_i32(control, control, bits);
102
+ store_cpu_field(control, v7m.control[M_REG_S]);
103
+ /* Don't need to do this for any further FP insns in this TB */
104
+ s->v7m_new_fp_ctxt_needed = false;
105
+ }
106
}
107
108
if (extract32(insn, 28, 4) == 0xf) {
109
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
110
regime_is_secure(env, dc->mmu_idx);
111
dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_A32, STACKCHECK);
112
dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG);
113
+ dc->v7m_new_fp_ctxt_needed =
114
+ FIELD_EX32(tb_flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED);
115
dc->cp_regs = cpu->cp_regs;
116
dc->features = env->features;
117
118
--
119
2.20.1
120
121
diff view generated by jsdifflib
Deleted patch
1
In the v7M architecture, if an exception is generated in the process
2
of doing the lazy stacking of FP registers, the handling of
3
possible escalation to HardFault is treated differently to the normal
4
approach: it works based on the saved information about exception
5
readiness that was stored in the FPCCR when the stack frame was
6
created. Provide a new function armv7m_nvic_set_pending_lazyfp()
7
which pends exceptions during lazy stacking, and implements
8
this logic.
9
1
10
This corresponds to the pseudocode TakePreserveFPException().
11
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
14
Message-id: 20190416125744.27770-22-peter.maydell@linaro.org
15
---
16
target/arm/cpu.h | 12 ++++++
17
hw/intc/armv7m_nvic.c | 96 +++++++++++++++++++++++++++++++++++++++++++
18
2 files changed, 108 insertions(+)
19
20
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
21
index XXXXXXX..XXXXXXX 100644
22
--- a/target/arm/cpu.h
23
+++ b/target/arm/cpu.h
24
@@ -XXX,XX +XXX,XX @@ void armv7m_nvic_set_pending(void *opaque, int irq, bool secure);
25
* a different exception).
26
*/
27
void armv7m_nvic_set_pending_derived(void *opaque, int irq, bool secure);
28
+/**
29
+ * armv7m_nvic_set_pending_lazyfp: mark this lazy FP exception as pending
30
+ * @opaque: the NVIC
31
+ * @irq: the exception number to mark pending
32
+ * @secure: false for non-banked exceptions or for the nonsecure
33
+ * version of a banked exception, true for the secure version of a banked
34
+ * exception.
35
+ *
36
+ * Similar to armv7m_nvic_set_pending(), but specifically for exceptions
37
+ * generated in the course of lazy stacking of FP registers.
38
+ */
39
+void armv7m_nvic_set_pending_lazyfp(void *opaque, int irq, bool secure);
40
/**
41
* armv7m_nvic_get_pending_irq_info: return highest priority pending
42
* exception, and whether it targets Secure state
43
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
44
index XXXXXXX..XXXXXXX 100644
45
--- a/hw/intc/armv7m_nvic.c
46
+++ b/hw/intc/armv7m_nvic.c
47
@@ -XXX,XX +XXX,XX @@ void armv7m_nvic_set_pending_derived(void *opaque, int irq, bool secure)
48
do_armv7m_nvic_set_pending(opaque, irq, secure, true);
49
}
50
51
+void armv7m_nvic_set_pending_lazyfp(void *opaque, int irq, bool secure)
52
+{
53
+ /*
54
+ * Pend an exception during lazy FP stacking. This differs
55
+ * from the usual exception pending because the logic for
56
+ * whether we should escalate depends on the saved context
57
+ * in the FPCCR register, not on the current state of the CPU/NVIC.
58
+ */
59
+ NVICState *s = (NVICState *)opaque;
60
+ bool banked = exc_is_banked(irq);
61
+ VecInfo *vec;
62
+ bool targets_secure;
63
+ bool escalate = false;
64
+ /*
65
+ * We will only look at bits in fpccr if this is a banked exception
66
+ * (in which case 'secure' tells us whether it is the S or NS version).
67
+ * All the bits for the non-banked exceptions are in fpccr_s.
68
+ */
69
+ uint32_t fpccr_s = s->cpu->env.v7m.fpccr[M_REG_S];
70
+ uint32_t fpccr = s->cpu->env.v7m.fpccr[secure];
71
+
72
+ assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq);
73
+ assert(!secure || banked);
74
+
75
+ vec = (banked && secure) ? &s->sec_vectors[irq] : &s->vectors[irq];
76
+
77
+ targets_secure = banked ? secure : exc_targets_secure(s, irq);
78
+
79
+ switch (irq) {
80
+ case ARMV7M_EXCP_DEBUG:
81
+ if (!(fpccr_s & R_V7M_FPCCR_MONRDY_MASK)) {
82
+ /* Ignore DebugMonitor exception */
83
+ return;
84
+ }
85
+ break;
86
+ case ARMV7M_EXCP_MEM:
87
+ escalate = !(fpccr & R_V7M_FPCCR_MMRDY_MASK);
88
+ break;
89
+ case ARMV7M_EXCP_USAGE:
90
+ escalate = !(fpccr & R_V7M_FPCCR_UFRDY_MASK);
91
+ break;
92
+ case ARMV7M_EXCP_BUS:
93
+ escalate = !(fpccr_s & R_V7M_FPCCR_BFRDY_MASK);
94
+ break;
95
+ case ARMV7M_EXCP_SECURE:
96
+ escalate = !(fpccr_s & R_V7M_FPCCR_SFRDY_MASK);
97
+ break;
98
+ default:
99
+ g_assert_not_reached();
100
+ }
101
+
102
+ if (escalate) {
103
+ /*
104
+ * Escalate to HardFault: faults that initially targeted Secure
105
+ * continue to do so, even if HF normally targets NonSecure.
106
+ */
107
+ irq = ARMV7M_EXCP_HARD;
108
+ if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY) &&
109
+ (targets_secure ||
110
+ !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK))) {
111
+ vec = &s->sec_vectors[irq];
112
+ } else {
113
+ vec = &s->vectors[irq];
114
+ }
115
+ }
116
+
117
+ if (!vec->enabled ||
118
+ nvic_exec_prio(s) <= exc_group_prio(s, vec->prio, secure)) {
119
+ if (!(fpccr_s & R_V7M_FPCCR_HFRDY_MASK)) {
120
+ /*
121
+ * We want to escalate to HardFault but the context the
122
+ * FP state belongs to prevents the exception pre-empting.
123
+ */
124
+ cpu_abort(&s->cpu->parent_obj,
125
+ "Lockup: can't escalate to HardFault during "
126
+ "lazy FP register stacking\n");
127
+ }
128
+ }
129
+
130
+ if (escalate) {
131
+ s->cpu->env.v7m.hfsr |= R_V7M_HFSR_FORCED_MASK;
132
+ }
133
+ if (!vec->pending) {
134
+ vec->pending = 1;
135
+ /*
136
+ * We do not call nvic_irq_update(), because we know our caller
137
+ * is going to handle causing us to take the exception by
138
+ * raising EXCP_LAZYFP, so raising the IRQ line would be
139
+ * pointless extra work. We just need to recompute the
140
+ * priorities so that armv7m_nvic_can_take_pending_exception()
141
+ * returns the right answer.
142
+ */
143
+ nvic_recompute_state(s);
144
+ }
145
+}
146
+
147
/* Make pending IRQ active. */
148
void armv7m_nvic_acknowledge_irq(void *opaque)
149
{
150
--
151
2.20.1
152
153
diff view generated by jsdifflib
Deleted patch
1
Pushing registers to the stack for v7M needs to handle three cases:
2
* the "normal" case where we pend exceptions
3
* an "ignore faults" case where we set FSR bits but
4
do not pend exceptions (this is used when we are
5
handling some kinds of derived exception on exception entry)
6
* a "lazy FP stacking" case, where different FSR bits
7
are set and the exception is pended differently
8
1
9
Implement this by changing the existing flag argument that
10
tells us whether to ignore faults or not into an enum that
11
specifies which of the 3 modes we should handle.
12
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
15
Message-id: 20190416125744.27770-23-peter.maydell@linaro.org
16
---
17
target/arm/helper.c | 118 +++++++++++++++++++++++++++++---------------
18
1 file changed, 79 insertions(+), 39 deletions(-)
19
20
diff --git a/target/arm/helper.c b/target/arm/helper.c
21
index XXXXXXX..XXXXXXX 100644
22
--- a/target/arm/helper.c
23
+++ b/target/arm/helper.c
24
@@ -XXX,XX +XXX,XX @@ static bool v7m_cpacr_pass(CPUARMState *env, bool is_secure, bool is_priv)
25
}
26
}
27
28
+/*
29
+ * What kind of stack write are we doing? This affects how exceptions
30
+ * generated during the stacking are treated.
31
+ */
32
+typedef enum StackingMode {
33
+ STACK_NORMAL,
34
+ STACK_IGNFAULTS,
35
+ STACK_LAZYFP,
36
+} StackingMode;
37
+
38
static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
39
- ARMMMUIdx mmu_idx, bool ignfault)
40
+ ARMMMUIdx mmu_idx, StackingMode mode)
41
{
42
CPUState *cs = CPU(cpu);
43
CPUARMState *env = &cpu->env;
44
@@ -XXX,XX +XXX,XX @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
45
&attrs, &prot, &page_size, &fi, NULL)) {
46
/* MPU/SAU lookup failed */
47
if (fi.type == ARMFault_QEMU_SFault) {
48
- qemu_log_mask(CPU_LOG_INT,
49
- "...SecureFault with SFSR.AUVIOL during stacking\n");
50
- env->v7m.sfsr |= R_V7M_SFSR_AUVIOL_MASK | R_V7M_SFSR_SFARVALID_MASK;
51
+ if (mode == STACK_LAZYFP) {
52
+ qemu_log_mask(CPU_LOG_INT,
53
+ "...SecureFault with SFSR.LSPERR "
54
+ "during lazy stacking\n");
55
+ env->v7m.sfsr |= R_V7M_SFSR_LSPERR_MASK;
56
+ } else {
57
+ qemu_log_mask(CPU_LOG_INT,
58
+ "...SecureFault with SFSR.AUVIOL "
59
+ "during stacking\n");
60
+ env->v7m.sfsr |= R_V7M_SFSR_AUVIOL_MASK;
61
+ }
62
+ env->v7m.sfsr |= R_V7M_SFSR_SFARVALID_MASK;
63
env->v7m.sfar = addr;
64
exc = ARMV7M_EXCP_SECURE;
65
exc_secure = false;
66
} else {
67
- qemu_log_mask(CPU_LOG_INT, "...MemManageFault with CFSR.MSTKERR\n");
68
- env->v7m.cfsr[secure] |= R_V7M_CFSR_MSTKERR_MASK;
69
+ if (mode == STACK_LAZYFP) {
70
+ qemu_log_mask(CPU_LOG_INT,
71
+ "...MemManageFault with CFSR.MLSPERR\n");
72
+ env->v7m.cfsr[secure] |= R_V7M_CFSR_MLSPERR_MASK;
73
+ } else {
74
+ qemu_log_mask(CPU_LOG_INT,
75
+ "...MemManageFault with CFSR.MSTKERR\n");
76
+ env->v7m.cfsr[secure] |= R_V7M_CFSR_MSTKERR_MASK;
77
+ }
78
exc = ARMV7M_EXCP_MEM;
79
exc_secure = secure;
80
}
81
@@ -XXX,XX +XXX,XX @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
82
attrs, &txres);
83
if (txres != MEMTX_OK) {
84
/* BusFault trying to write the data */
85
- qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.STKERR\n");
86
- env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_STKERR_MASK;
87
+ if (mode == STACK_LAZYFP) {
88
+ qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.LSPERR\n");
89
+ env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_LSPERR_MASK;
90
+ } else {
91
+ qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.STKERR\n");
92
+ env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_STKERR_MASK;
93
+ }
94
exc = ARMV7M_EXCP_BUS;
95
exc_secure = false;
96
goto pend_fault;
97
@@ -XXX,XX +XXX,XX @@ pend_fault:
98
* later if we have two derived exceptions.
99
* The only case when we must not pend the exception but instead
100
* throw it away is if we are doing the push of the callee registers
101
- * and we've already generated a derived exception. Even in this
102
- * case we will still update the fault status registers.
103
+ * and we've already generated a derived exception (this is indicated
104
+ * by the caller passing STACK_IGNFAULTS). Even in this case we will
105
+ * still update the fault status registers.
106
*/
107
- if (!ignfault) {
108
+ switch (mode) {
109
+ case STACK_NORMAL:
110
armv7m_nvic_set_pending_derived(env->nvic, exc, exc_secure);
111
+ break;
112
+ case STACK_LAZYFP:
113
+ armv7m_nvic_set_pending_lazyfp(env->nvic, exc, exc_secure);
114
+ break;
115
+ case STACK_IGNFAULTS:
116
+ break;
117
}
118
return false;
119
}
120
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
121
uint32_t limit;
122
bool want_psp;
123
uint32_t sig;
124
+ StackingMode smode = ignore_faults ? STACK_IGNFAULTS : STACK_NORMAL;
125
126
if (dotailchain) {
127
bool mode = lr & R_V7M_EXCRET_MODE_MASK;
128
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
129
*/
130
sig = v7m_integrity_sig(env, lr);
131
stacked_ok =
132
- v7m_stack_write(cpu, frameptr, sig, mmu_idx, ignore_faults) &&
133
- v7m_stack_write(cpu, frameptr + 0x8, env->regs[4], mmu_idx,
134
- ignore_faults) &&
135
- v7m_stack_write(cpu, frameptr + 0xc, env->regs[5], mmu_idx,
136
- ignore_faults) &&
137
- v7m_stack_write(cpu, frameptr + 0x10, env->regs[6], mmu_idx,
138
- ignore_faults) &&
139
- v7m_stack_write(cpu, frameptr + 0x14, env->regs[7], mmu_idx,
140
- ignore_faults) &&
141
- v7m_stack_write(cpu, frameptr + 0x18, env->regs[8], mmu_idx,
142
- ignore_faults) &&
143
- v7m_stack_write(cpu, frameptr + 0x1c, env->regs[9], mmu_idx,
144
- ignore_faults) &&
145
- v7m_stack_write(cpu, frameptr + 0x20, env->regs[10], mmu_idx,
146
- ignore_faults) &&
147
- v7m_stack_write(cpu, frameptr + 0x24, env->regs[11], mmu_idx,
148
- ignore_faults);
149
+ v7m_stack_write(cpu, frameptr, sig, mmu_idx, smode) &&
150
+ v7m_stack_write(cpu, frameptr + 0x8, env->regs[4], mmu_idx, smode) &&
151
+ v7m_stack_write(cpu, frameptr + 0xc, env->regs[5], mmu_idx, smode) &&
152
+ v7m_stack_write(cpu, frameptr + 0x10, env->regs[6], mmu_idx, smode) &&
153
+ v7m_stack_write(cpu, frameptr + 0x14, env->regs[7], mmu_idx, smode) &&
154
+ v7m_stack_write(cpu, frameptr + 0x18, env->regs[8], mmu_idx, smode) &&
155
+ v7m_stack_write(cpu, frameptr + 0x1c, env->regs[9], mmu_idx, smode) &&
156
+ v7m_stack_write(cpu, frameptr + 0x20, env->regs[10], mmu_idx, smode) &&
157
+ v7m_stack_write(cpu, frameptr + 0x24, env->regs[11], mmu_idx, smode);
158
159
/* Update SP regardless of whether any of the stack accesses failed. */
160
*frame_sp_p = frameptr;
161
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_stack(ARMCPU *cpu)
162
* if it has higher priority).
163
*/
164
stacked_ok = stacked_ok &&
165
- v7m_stack_write(cpu, frameptr, env->regs[0], mmu_idx, false) &&
166
- v7m_stack_write(cpu, frameptr + 4, env->regs[1], mmu_idx, false) &&
167
- v7m_stack_write(cpu, frameptr + 8, env->regs[2], mmu_idx, false) &&
168
- v7m_stack_write(cpu, frameptr + 12, env->regs[3], mmu_idx, false) &&
169
- v7m_stack_write(cpu, frameptr + 16, env->regs[12], mmu_idx, false) &&
170
- v7m_stack_write(cpu, frameptr + 20, env->regs[14], mmu_idx, false) &&
171
- v7m_stack_write(cpu, frameptr + 24, env->regs[15], mmu_idx, false) &&
172
- v7m_stack_write(cpu, frameptr + 28, xpsr, mmu_idx, false);
173
+ v7m_stack_write(cpu, frameptr, env->regs[0], mmu_idx, STACK_NORMAL) &&
174
+ v7m_stack_write(cpu, frameptr + 4, env->regs[1],
175
+ mmu_idx, STACK_NORMAL) &&
176
+ v7m_stack_write(cpu, frameptr + 8, env->regs[2],
177
+ mmu_idx, STACK_NORMAL) &&
178
+ v7m_stack_write(cpu, frameptr + 12, env->regs[3],
179
+ mmu_idx, STACK_NORMAL) &&
180
+ v7m_stack_write(cpu, frameptr + 16, env->regs[12],
181
+ mmu_idx, STACK_NORMAL) &&
182
+ v7m_stack_write(cpu, frameptr + 20, env->regs[14],
183
+ mmu_idx, STACK_NORMAL) &&
184
+ v7m_stack_write(cpu, frameptr + 24, env->regs[15],
185
+ mmu_idx, STACK_NORMAL) &&
186
+ v7m_stack_write(cpu, frameptr + 28, xpsr, mmu_idx, STACK_NORMAL);
187
188
if (env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK) {
189
/* FPU is active, try to save its registers */
190
@@ -XXX,XX +XXX,XX @@ static bool v7m_push_stack(ARMCPU *cpu)
191
faddr += 8; /* skip the slot for the FPSCR */
192
}
193
stacked_ok = stacked_ok &&
194
- v7m_stack_write(cpu, faddr, slo, mmu_idx, false) &&
195
- v7m_stack_write(cpu, faddr + 4, shi, mmu_idx, false);
196
+ v7m_stack_write(cpu, faddr, slo,
197
+ mmu_idx, STACK_NORMAL) &&
198
+ v7m_stack_write(cpu, faddr + 4, shi,
199
+ mmu_idx, STACK_NORMAL);
200
}
201
stacked_ok = stacked_ok &&
202
v7m_stack_write(cpu, frameptr + 0x60,
203
- vfp_get_fpscr(env), mmu_idx, false);
204
+ vfp_get_fpscr(env), mmu_idx, STACK_NORMAL);
205
if (cpacr_pass) {
206
for (i = 0; i < ((framesize == 0xa8) ? 32 : 16); i += 2) {
207
*aa32_vfp_dreg(env, i / 2) = 0;
208
--
209
2.20.1
210
211
diff view generated by jsdifflib
Deleted patch
1
Implement the VLSTM instruction for v7M for the FPU present case.
2
1
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20190416125744.27770-25-peter.maydell@linaro.org
6
---
7
target/arm/cpu.h | 2 +
8
target/arm/helper.h | 2 +
9
target/arm/helper.c | 84 ++++++++++++++++++++++++++++++++++++++++++
10
target/arm/translate.c | 15 +++++++-
11
4 files changed, 102 insertions(+), 1 deletion(-)
12
13
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/cpu.h
16
+++ b/target/arm/cpu.h
17
@@ -XXX,XX +XXX,XX @@
18
#define EXCP_INVSTATE 18 /* v7M INVSTATE UsageFault */
19
#define EXCP_STKOF 19 /* v8M STKOF UsageFault */
20
#define EXCP_LAZYFP 20 /* v7M fault during lazy FP stacking */
21
+#define EXCP_LSERR 21 /* v8M LSERR SecureFault */
22
+#define EXCP_UNALIGNED 22 /* v7M UNALIGNED UsageFault */
23
/* NB: add new EXCP_ defines to the array in arm_log_exception() too */
24
25
#define ARMV7M_EXCP_RESET 1
26
diff --git a/target/arm/helper.h b/target/arm/helper.h
27
index XXXXXXX..XXXXXXX 100644
28
--- a/target/arm/helper.h
29
+++ b/target/arm/helper.h
30
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_3(v7m_tt, i32, env, i32, i32)
31
32
DEF_HELPER_1(v7m_preserve_fp_state, void, env)
33
34
+DEF_HELPER_2(v7m_vlstm, void, env, i32)
35
+
36
DEF_HELPER_2(v8m_stackcheck, void, env, i32)
37
38
DEF_HELPER_4(access_check_cp_reg, void, env, ptr, i32, i32)
39
diff --git a/target/arm/helper.c b/target/arm/helper.c
40
index XXXXXXX..XXXXXXX 100644
41
--- a/target/arm/helper.c
42
+++ b/target/arm/helper.c
43
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_preserve_fp_state)(CPUARMState *env)
44
g_assert_not_reached();
45
}
46
47
+void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr)
48
+{
49
+ /* translate.c should never generate calls here in user-only mode */
50
+ g_assert_not_reached();
51
+}
52
+
53
uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
54
{
55
/* The TT instructions can be used by unprivileged code, but in
56
@@ -XXX,XX +XXX,XX @@ static void v7m_update_fpccr(CPUARMState *env, uint32_t frameptr,
57
}
58
}
59
60
+void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr)
61
+{
62
+ /* fptr is the value of Rn, the frame pointer we store the FP regs to */
63
+ bool s = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK;
64
+ bool lspact = env->v7m.fpccr[s] & R_V7M_FPCCR_LSPACT_MASK;
65
+
66
+ assert(env->v7m.secure);
67
+
68
+ if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_SFPA_MASK)) {
69
+ return;
70
+ }
71
+
72
+ /* Check access to the coprocessor is permitted */
73
+ if (!v7m_cpacr_pass(env, true, arm_current_el(env) != 0)) {
74
+ raise_exception_ra(env, EXCP_NOCP, 0, 1, GETPC());
75
+ }
76
+
77
+ if (lspact) {
78
+ /* LSPACT should not be active when there is active FP state */
79
+ raise_exception_ra(env, EXCP_LSERR, 0, 1, GETPC());
80
+ }
81
+
82
+ if (fptr & 7) {
83
+ raise_exception_ra(env, EXCP_UNALIGNED, 0, 1, GETPC());
84
+ }
85
+
86
+ /*
87
+ * Note that we do not use v7m_stack_write() here, because the
88
+ * accesses should not set the FSR bits for stacking errors if they
89
+ * fail. (In pseudocode terms, they are AccType_NORMAL, not AccType_STACK
90
+ * or AccType_LAZYFP). Faults in cpu_stl_data() will throw exceptions
91
+ * and longjmp out.
92
+ */
93
+ if (!(env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPEN_MASK)) {
94
+ bool ts = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK;
95
+ int i;
96
+
97
+ for (i = 0; i < (ts ? 32 : 16); i += 2) {
98
+ uint64_t dn = *aa32_vfp_dreg(env, i / 2);
99
+ uint32_t faddr = fptr + 4 * i;
100
+ uint32_t slo = extract64(dn, 0, 32);
101
+ uint32_t shi = extract64(dn, 32, 32);
102
+
103
+ if (i >= 16) {
104
+ faddr += 8; /* skip the slot for the FPSCR */
105
+ }
106
+ cpu_stl_data(env, faddr, slo);
107
+ cpu_stl_data(env, faddr + 4, shi);
108
+ }
109
+ cpu_stl_data(env, fptr + 0x40, vfp_get_fpscr(env));
110
+
111
+ /*
112
+ * If TS is 0 then s0 to s15 and FPSCR are UNKNOWN; we choose to
113
+ * leave them unchanged, matching our choice in v7m_preserve_fp_state.
114
+ */
115
+ if (ts) {
116
+ for (i = 0; i < 32; i += 2) {
117
+ *aa32_vfp_dreg(env, i / 2) = 0;
118
+ }
119
+ vfp_set_fpscr(env, 0);
120
+ }
121
+ } else {
122
+ v7m_update_fpccr(env, fptr, false);
123
+ }
124
+
125
+ env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_FPCA_MASK;
126
+}
127
+
128
static bool v7m_push_stack(ARMCPU *cpu)
129
{
130
/* Do the "set up stack frame" part of exception entry,
131
@@ -XXX,XX +XXX,XX @@ static void arm_log_exception(int idx)
132
[EXCP_INVSTATE] = "v7M INVSTATE UsageFault",
133
[EXCP_STKOF] = "v8M STKOF UsageFault",
134
[EXCP_LAZYFP] = "v7M exception during lazy FP stacking",
135
+ [EXCP_LSERR] = "v8M LSERR UsageFault",
136
+ [EXCP_UNALIGNED] = "v7M UNALIGNED UsageFault",
137
};
138
139
if (idx >= 0 && idx < ARRAY_SIZE(excnames)) {
140
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
141
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
142
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_STKOF_MASK;
143
break;
144
+ case EXCP_LSERR:
145
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
146
+ env->v7m.sfsr |= R_V7M_SFSR_LSERR_MASK;
147
+ break;
148
+ case EXCP_UNALIGNED:
149
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
150
+ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_UNALIGNED_MASK;
151
+ break;
152
case EXCP_SWI:
153
/* The PC already points to the next instruction. */
154
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SVC, env->v7m.secure);
155
diff --git a/target/arm/translate.c b/target/arm/translate.c
156
index XXXXXXX..XXXXXXX 100644
157
--- a/target/arm/translate.c
158
+++ b/target/arm/translate.c
159
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
160
if (!s->v8m_secure || (insn & 0x0040f0ff)) {
161
goto illegal_op;
162
}
163
- /* Just NOP since FP support is not implemented */
164
+
165
+ if (arm_dc_feature(s, ARM_FEATURE_VFP)) {
166
+ TCGv_i32 fptr = load_reg(s, rn);
167
+
168
+ if (extract32(insn, 20, 1)) {
169
+ /* VLLDM */
170
+ } else {
171
+ gen_helper_v7m_vlstm(cpu_env, fptr);
172
+ }
173
+ tcg_temp_free_i32(fptr);
174
+
175
+ /* End the TB, because we have updated FP control bits */
176
+ s->base.is_jmp = DISAS_UPDATE;
177
+ }
178
break;
179
}
180
if (arm_dc_feature(s, ARM_FEATURE_VFP) &&
181
--
182
2.20.1
183
184
diff view generated by jsdifflib
Deleted patch
1
Implement the VLLDM instruction for v7M for the FPU present cas.
2
1
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20190416125744.27770-26-peter.maydell@linaro.org
6
---
7
target/arm/helper.h | 1 +
8
target/arm/helper.c | 54 ++++++++++++++++++++++++++++++++++++++++++
9
target/arm/translate.c | 2 +-
10
3 files changed, 56 insertions(+), 1 deletion(-)
11
12
diff --git a/target/arm/helper.h b/target/arm/helper.h
13
index XXXXXXX..XXXXXXX 100644
14
--- a/target/arm/helper.h
15
+++ b/target/arm/helper.h
16
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_3(v7m_tt, i32, env, i32, i32)
17
DEF_HELPER_1(v7m_preserve_fp_state, void, env)
18
19
DEF_HELPER_2(v7m_vlstm, void, env, i32)
20
+DEF_HELPER_2(v7m_vlldm, void, env, i32)
21
22
DEF_HELPER_2(v8m_stackcheck, void, env, i32)
23
24
diff --git a/target/arm/helper.c b/target/arm/helper.c
25
index XXXXXXX..XXXXXXX 100644
26
--- a/target/arm/helper.c
27
+++ b/target/arm/helper.c
28
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr)
29
g_assert_not_reached();
30
}
31
32
+void HELPER(v7m_vlldm)(CPUARMState *env, uint32_t fptr)
33
+{
34
+ /* translate.c should never generate calls here in user-only mode */
35
+ g_assert_not_reached();
36
+}
37
+
38
uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
39
{
40
/* The TT instructions can be used by unprivileged code, but in
41
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr)
42
env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_FPCA_MASK;
43
}
44
45
+void HELPER(v7m_vlldm)(CPUARMState *env, uint32_t fptr)
46
+{
47
+ /* fptr is the value of Rn, the frame pointer we load the FP regs from */
48
+ assert(env->v7m.secure);
49
+
50
+ if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_SFPA_MASK)) {
51
+ return;
52
+ }
53
+
54
+ /* Check access to the coprocessor is permitted */
55
+ if (!v7m_cpacr_pass(env, true, arm_current_el(env) != 0)) {
56
+ raise_exception_ra(env, EXCP_NOCP, 0, 1, GETPC());
57
+ }
58
+
59
+ if (env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPACT_MASK) {
60
+ /* State in FP is still valid */
61
+ env->v7m.fpccr[M_REG_S] &= ~R_V7M_FPCCR_LSPACT_MASK;
62
+ } else {
63
+ bool ts = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK;
64
+ int i;
65
+ uint32_t fpscr;
66
+
67
+ if (fptr & 7) {
68
+ raise_exception_ra(env, EXCP_UNALIGNED, 0, 1, GETPC());
69
+ }
70
+
71
+ for (i = 0; i < (ts ? 32 : 16); i += 2) {
72
+ uint32_t slo, shi;
73
+ uint64_t dn;
74
+ uint32_t faddr = fptr + 4 * i;
75
+
76
+ if (i >= 16) {
77
+ faddr += 8; /* skip the slot for the FPSCR */
78
+ }
79
+
80
+ slo = cpu_ldl_data(env, faddr);
81
+ shi = cpu_ldl_data(env, faddr + 4);
82
+
83
+ dn = (uint64_t) shi << 32 | slo;
84
+ *aa32_vfp_dreg(env, i / 2) = dn;
85
+ }
86
+ fpscr = cpu_ldl_data(env, fptr + 0x40);
87
+ vfp_set_fpscr(env, fpscr);
88
+ }
89
+
90
+ env->v7m.control[M_REG_S] |= R_V7M_CONTROL_FPCA_MASK;
91
+}
92
+
93
static bool v7m_push_stack(ARMCPU *cpu)
94
{
95
/* Do the "set up stack frame" part of exception entry,
96
diff --git a/target/arm/translate.c b/target/arm/translate.c
97
index XXXXXXX..XXXXXXX 100644
98
--- a/target/arm/translate.c
99
+++ b/target/arm/translate.c
100
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
101
TCGv_i32 fptr = load_reg(s, rn);
102
103
if (extract32(insn, 20, 1)) {
104
- /* VLLDM */
105
+ gen_helper_v7m_vlldm(cpu_env, fptr);
106
} else {
107
gen_helper_v7m_vlstm(cpu_env, fptr);
108
}
109
--
110
2.20.1
111
112
diff view generated by jsdifflib
Deleted patch
1
Enable the FPU by default for the Cortex-M4 and Cortex-M33.
2
1
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20190416125744.27770-27-peter.maydell@linaro.org
6
---
7
target/arm/cpu.c | 8 ++++++++
8
1 file changed, 8 insertions(+)
9
10
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
11
index XXXXXXX..XXXXXXX 100644
12
--- a/target/arm/cpu.c
13
+++ b/target/arm/cpu.c
14
@@ -XXX,XX +XXX,XX @@ static void cortex_m4_initfn(Object *obj)
15
set_feature(&cpu->env, ARM_FEATURE_M);
16
set_feature(&cpu->env, ARM_FEATURE_M_MAIN);
17
set_feature(&cpu->env, ARM_FEATURE_THUMB_DSP);
18
+ set_feature(&cpu->env, ARM_FEATURE_VFP4);
19
cpu->midr = 0x410fc240; /* r0p0 */
20
cpu->pmsav7_dregion = 8;
21
+ cpu->isar.mvfr0 = 0x10110021;
22
+ cpu->isar.mvfr1 = 0x11000011;
23
+ cpu->isar.mvfr2 = 0x00000000;
24
cpu->id_pfr0 = 0x00000030;
25
cpu->id_pfr1 = 0x00000200;
26
cpu->id_dfr0 = 0x00100000;
27
@@ -XXX,XX +XXX,XX @@ static void cortex_m33_initfn(Object *obj)
28
set_feature(&cpu->env, ARM_FEATURE_M_MAIN);
29
set_feature(&cpu->env, ARM_FEATURE_M_SECURITY);
30
set_feature(&cpu->env, ARM_FEATURE_THUMB_DSP);
31
+ set_feature(&cpu->env, ARM_FEATURE_VFP4);
32
cpu->midr = 0x410fd213; /* r0p3 */
33
cpu->pmsav7_dregion = 16;
34
cpu->sau_sregion = 8;
35
+ cpu->isar.mvfr0 = 0x10110021;
36
+ cpu->isar.mvfr1 = 0x11000011;
37
+ cpu->isar.mvfr2 = 0x00000040;
38
cpu->id_pfr0 = 0x00000030;
39
cpu->id_pfr1 = 0x00000210;
40
cpu->id_dfr0 = 0x00200000;
41
--
42
2.20.1
43
44
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
In commit 39a1fd25287f5d we fixed a bug in the handling of LPAE block
2
descriptors where we weren't correctly zeroing out some RES0 bits.
3
However this fix has a bug because the calculation of the mask is
4
done at the wrong width: in
5
descaddr &= ~(page_size - 1);
6
page_size is a target_ulong, so in the 'qemu-system-arm' binary it is
7
only 32 bits, and the effect is that we always zero out the top 32
8
bits of the calculated address. Fix the calculation by forcing the
9
mask to be calculated with the same type as descaddr.
2
10
3
This device is used by both ARM (BCM2836, for raspi2) and AArch64
11
This only affects 32-bit CPUs which support LPAE (e.g. cortex-a15)
4
(BCM2837, for raspi3) targets, and is not CPU-specific.
12
when used on board models which put RAM or devices above the 4GB
5
Move it to common object, so we build it once for all targets.
13
mark and when the 'qemu-system-arm' executable is being used.
14
It was also masked in 7.0 by the main bug reported in
15
https://gitlab.com/qemu-project/qemu/-/issues/1078 where the
16
virt board incorrectly does not enable 'highmem' for 32-bit CPUs.
6
17
7
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
18
The workaround is to use 'qemu-system-aarch64' with the same
8
Message-id: 20190427133028.12874-1-philmd@redhat.com
19
command line.
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
20
21
Reported-by: He Zhe <zhe.he@windriver.com>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
24
Message-id: 20220627134620.3190252-1-peter.maydell@linaro.org
25
Fixes: 39a1fd25287f5de ("target/arm: Fix handling of LPAE block descriptors")
26
Cc: qemu-stable@nongnu.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
28
---
12
hw/dma/Makefile.objs | 2 +-
29
target/arm/ptw.c | 2 +-
13
1 file changed, 1 insertion(+), 1 deletion(-)
30
1 file changed, 1 insertion(+), 1 deletion(-)
14
31
15
diff --git a/hw/dma/Makefile.objs b/hw/dma/Makefile.objs
32
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
16
index XXXXXXX..XXXXXXX 100644
33
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/dma/Makefile.objs
34
--- a/target/arm/ptw.c
18
+++ b/hw/dma/Makefile.objs
35
+++ b/target/arm/ptw.c
19
@@ -XXX,XX +XXX,XX @@ common-obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zdma.o
36
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
20
37
* clear the lower bits here before ORing in the low vaddr bits.
21
obj-$(CONFIG_OMAP) += omap_dma.o soc_dma.o
38
*/
22
obj-$(CONFIG_PXA2XX) += pxa2xx_dma.o
39
page_size = (1ULL << ((stride * (4 - level)) + 3));
23
-obj-$(CONFIG_RASPI) += bcm2835_dma.o
40
- descaddr &= ~(page_size - 1);
24
+common-obj-$(CONFIG_RASPI) += bcm2835_dma.o
41
+ descaddr &= ~(hwaddr)(page_size - 1);
42
descaddr |= (address & (page_size - 1));
43
/* Extract attributes from the descriptor */
44
attrs = extract64(descriptor, 2, 10)
25
--
45
--
26
2.20.1
46
2.25.1
27
28
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
Reviewed-by: Thomas Huth <thuth@redhat.com>
4
Reviewed-by: Cédric Le Goater <clg@kaod.org>
5
Reviewed-by: Markus Armbruster <armbru@redhat.com>
6
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Message-id: 20190412165416.7977-2-philmd@redhat.com
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
hw/arm/aspeed.c | 13 +++++++++----
11
1 file changed, 9 insertions(+), 4 deletions(-)
12
13
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/hw/arm/aspeed.c
16
+++ b/hw/arm/aspeed.c
17
@@ -XXX,XX +XXX,XX @@
18
#include "hw/arm/aspeed_soc.h"
19
#include "hw/boards.h"
20
#include "hw/i2c/smbus_eeprom.h"
21
+#include "hw/misc/pca9552.h"
22
+#include "hw/misc/tmp105.h"
23
#include "qemu/log.h"
24
#include "sysemu/block-backend.h"
25
#include "hw/loader.h"
26
@@ -XXX,XX +XXX,XX @@ static void ast2500_evb_i2c_init(AspeedBoardState *bmc)
27
eeprom_buf);
28
29
/* The AST2500 EVB expects a LM75 but a TMP105 is compatible */
30
- i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 7), "tmp105", 0x4d);
31
+ i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 7),
32
+ TYPE_TMP105, 0x4d);
33
34
/* The AST2500 EVB does not have an RTC. Let's pretend that one is
35
* plugged on the I2C bus header */
36
@@ -XXX,XX +XXX,XX @@ static void witherspoon_bmc_i2c_init(AspeedBoardState *bmc)
37
AspeedSoCState *soc = &bmc->soc;
38
uint8_t *eeprom_buf = g_malloc0(8 * 1024);
39
40
- i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 3), "pca9552", 0x60);
41
+ i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 3), TYPE_PCA9552,
42
+ 0x60);
43
44
i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 4), "tmp423", 0x4c);
45
i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 5), "tmp423", 0x4c);
46
47
/* The Witherspoon expects a TMP275 but a TMP105 is compatible */
48
- i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 9), "tmp105", 0x4a);
49
+ i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 9), TYPE_TMP105,
50
+ 0x4a);
51
52
/* The witherspoon board expects Epson RX8900 I2C RTC but a ds1338 is
53
* good enough */
54
@@ -XXX,XX +XXX,XX @@ static void witherspoon_bmc_i2c_init(AspeedBoardState *bmc)
55
56
smbus_eeprom_init_one(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 11), 0x51,
57
eeprom_buf);
58
- i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 11), "pca9552",
59
+ i2c_create_slave(aspeed_i2c_get_bus(DEVICE(&soc->i2c), 11), TYPE_PCA9552,
60
0x60);
61
}
62
63
--
64
2.20.1
65
66
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
Reviewed-by: Markus Armbruster <armbru@redhat.com>
4
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5
Message-id: 20190412165416.7977-5-philmd@redhat.com
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
include/hw/devices.h | 6 ------
9
include/hw/display/tc6393xb.h | 24 ++++++++++++++++++++++++
10
hw/arm/tosa.c | 2 +-
11
hw/display/tc6393xb.c | 2 +-
12
MAINTAINERS | 1 +
13
5 files changed, 27 insertions(+), 8 deletions(-)
14
create mode 100644 include/hw/display/tc6393xb.h
15
16
diff --git a/include/hw/devices.h b/include/hw/devices.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/devices.h
19
+++ b/include/hw/devices.h
20
@@ -XXX,XX +XXX,XX @@ void *tahvo_init(qemu_irq irq, int betty);
21
22
void retu_key_event(void *retu, int state);
23
24
-/* tc6393xb.c */
25
-typedef struct TC6393xbState TC6393xbState;
26
-TC6393xbState *tc6393xb_init(struct MemoryRegion *sysmem,
27
- uint32_t base, qemu_irq irq);
28
-qemu_irq tc6393xb_l3v_get(TC6393xbState *s);
29
-
30
#endif
31
diff --git a/include/hw/display/tc6393xb.h b/include/hw/display/tc6393xb.h
32
new file mode 100644
33
index XXXXXXX..XXXXXXX
34
--- /dev/null
35
+++ b/include/hw/display/tc6393xb.h
36
@@ -XXX,XX +XXX,XX @@
37
+/*
38
+ * Toshiba TC6393XB I/O Controller.
39
+ * Found in Sharp Zaurus SL-6000 (tosa) or some
40
+ * Toshiba e-Series PDAs.
41
+ *
42
+ * Copyright (c) 2007 Hervé Poussineau
43
+ *
44
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
45
+ * See the COPYING file in the top-level directory.
46
+ */
47
+
48
+#ifndef HW_DISPLAY_TC6393XB_H
49
+#define HW_DISPLAY_TC6393XB_H
50
+
51
+#include "exec/memory.h"
52
+#include "hw/irq.h"
53
+
54
+typedef struct TC6393xbState TC6393xbState;
55
+
56
+TC6393xbState *tc6393xb_init(struct MemoryRegion *sysmem,
57
+ uint32_t base, qemu_irq irq);
58
+qemu_irq tc6393xb_l3v_get(TC6393xbState *s);
59
+
60
+#endif
61
diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
62
index XXXXXXX..XXXXXXX 100644
63
--- a/hw/arm/tosa.c
64
+++ b/hw/arm/tosa.c
65
@@ -XXX,XX +XXX,XX @@
66
#include "hw/hw.h"
67
#include "hw/arm/pxa.h"
68
#include "hw/arm/arm.h"
69
-#include "hw/devices.h"
70
#include "hw/arm/sharpsl.h"
71
#include "hw/pcmcia.h"
72
#include "hw/boards.h"
73
+#include "hw/display/tc6393xb.h"
74
#include "hw/i2c/i2c.h"
75
#include "hw/ssi/ssi.h"
76
#include "hw/sysbus.h"
77
diff --git a/hw/display/tc6393xb.c b/hw/display/tc6393xb.c
78
index XXXXXXX..XXXXXXX 100644
79
--- a/hw/display/tc6393xb.c
80
+++ b/hw/display/tc6393xb.c
81
@@ -XXX,XX +XXX,XX @@
82
#include "qapi/error.h"
83
#include "qemu/host-utils.h"
84
#include "hw/hw.h"
85
-#include "hw/devices.h"
86
+#include "hw/display/tc6393xb.h"
87
#include "hw/block/flash.h"
88
#include "ui/console.h"
89
#include "ui/pixel_ops.h"
90
diff --git a/MAINTAINERS b/MAINTAINERS
91
index XXXXXXX..XXXXXXX 100644
92
--- a/MAINTAINERS
93
+++ b/MAINTAINERS
94
@@ -XXX,XX +XXX,XX @@ F: hw/misc/mst_fpga.c
95
F: hw/misc/max111x.c
96
F: include/hw/arm/pxa.h
97
F: include/hw/arm/sharpsl.h
98
+F: include/hw/display/tc6393xb.h
99
100
SABRELITE / i.MX6
101
M: Peter Maydell <peter.maydell@linaro.org>
102
--
103
2.20.1
104
105
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
Add an entries the Blizzard device in MAINTAINERS.
4
5
Reviewed-by: Thomas Huth <thuth@redhat.com>
6
Reviewed-by: Markus Armbruster <armbru@redhat.com>
7
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Message-id: 20190412165416.7977-6-philmd@redhat.com
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
include/hw/devices.h | 7 -------
12
include/hw/display/blizzard.h | 22 ++++++++++++++++++++++
13
hw/arm/nseries.c | 1 +
14
hw/display/blizzard.c | 2 +-
15
MAINTAINERS | 2 ++
16
5 files changed, 26 insertions(+), 8 deletions(-)
17
create mode 100644 include/hw/display/blizzard.h
18
19
diff --git a/include/hw/devices.h b/include/hw/devices.h
20
index XXXXXXX..XXXXXXX 100644
21
--- a/include/hw/devices.h
22
+++ b/include/hw/devices.h
23
@@ -XXX,XX +XXX,XX @@ void tsc2005_set_transform(void *opaque, MouseTransformInfo *info);
24
/* stellaris_input.c */
25
void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode);
26
27
-/* blizzard.c */
28
-void *s1d13745_init(qemu_irq gpio_int);
29
-void s1d13745_write(void *opaque, int dc, uint16_t value);
30
-void s1d13745_write_block(void *opaque, int dc,
31
- void *buf, size_t len, int pitch);
32
-uint16_t s1d13745_read(void *opaque, int dc);
33
-
34
/* cbus.c */
35
typedef struct {
36
qemu_irq clk;
37
diff --git a/include/hw/display/blizzard.h b/include/hw/display/blizzard.h
38
new file mode 100644
39
index XXXXXXX..XXXXXXX
40
--- /dev/null
41
+++ b/include/hw/display/blizzard.h
42
@@ -XXX,XX +XXX,XX @@
43
+/*
44
+ * Epson S1D13744/S1D13745 (Blizzard/Hailstorm/Tornado) LCD/TV controller.
45
+ *
46
+ * Copyright (C) 2008 Nokia Corporation
47
+ * Written by Andrzej Zaborowski
48
+ *
49
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
50
+ * See the COPYING file in the top-level directory.
51
+ */
52
+
53
+#ifndef HW_DISPLAY_BLIZZARD_H
54
+#define HW_DISPLAY_BLIZZARD_H
55
+
56
+#include "hw/irq.h"
57
+
58
+void *s1d13745_init(qemu_irq gpio_int);
59
+void s1d13745_write(void *opaque, int dc, uint16_t value);
60
+void s1d13745_write_block(void *opaque, int dc,
61
+ void *buf, size_t len, int pitch);
62
+uint16_t s1d13745_read(void *opaque, int dc);
63
+
64
+#endif
65
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
66
index XXXXXXX..XXXXXXX 100644
67
--- a/hw/arm/nseries.c
68
+++ b/hw/arm/nseries.c
69
@@ -XXX,XX +XXX,XX @@
70
#include "hw/boards.h"
71
#include "hw/i2c/i2c.h"
72
#include "hw/devices.h"
73
+#include "hw/display/blizzard.h"
74
#include "hw/misc/tmp105.h"
75
#include "hw/block/flash.h"
76
#include "hw/hw.h"
77
diff --git a/hw/display/blizzard.c b/hw/display/blizzard.c
78
index XXXXXXX..XXXXXXX 100644
79
--- a/hw/display/blizzard.c
80
+++ b/hw/display/blizzard.c
81
@@ -XXX,XX +XXX,XX @@
82
#include "qemu/osdep.h"
83
#include "qemu-common.h"
84
#include "ui/console.h"
85
-#include "hw/devices.h"
86
+#include "hw/display/blizzard.h"
87
#include "ui/pixel_ops.h"
88
89
typedef void (*blizzard_fn_t)(uint8_t *, const uint8_t *, unsigned int);
90
diff --git a/MAINTAINERS b/MAINTAINERS
91
index XXXXXXX..XXXXXXX 100644
92
--- a/MAINTAINERS
93
+++ b/MAINTAINERS
94
@@ -XXX,XX +XXX,XX @@ M: Peter Maydell <peter.maydell@linaro.org>
95
L: qemu-arm@nongnu.org
96
S: Odd Fixes
97
F: hw/arm/nseries.c
98
+F: hw/display/blizzard.c
99
F: hw/input/lm832x.c
100
F: hw/input/tsc2005.c
101
F: hw/misc/cbus.c
102
F: hw/timer/twl92230.c
103
+F: include/hw/display/blizzard.h
104
105
Palm
106
M: Andrzej Zaborowski <balrogg@gmail.com>
107
--
108
2.20.1
109
110
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
Reviewed-by: Thomas Huth <thuth@redhat.com>
4
Reviewed-by: Markus Armbruster <armbru@redhat.com>
5
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6
Message-id: 20190412165416.7977-7-philmd@redhat.com
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
9
include/hw/devices.h | 14 --------------
10
include/hw/misc/cbus.h | 32 ++++++++++++++++++++++++++++++++
11
hw/arm/nseries.c | 1 +
12
hw/misc/cbus.c | 2 +-
13
MAINTAINERS | 1 +
14
5 files changed, 35 insertions(+), 15 deletions(-)
15
create mode 100644 include/hw/misc/cbus.h
16
17
diff --git a/include/hw/devices.h b/include/hw/devices.h
18
index XXXXXXX..XXXXXXX 100644
19
--- a/include/hw/devices.h
20
+++ b/include/hw/devices.h
21
@@ -XXX,XX +XXX,XX @@ void tsc2005_set_transform(void *opaque, MouseTransformInfo *info);
22
/* stellaris_input.c */
23
void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode);
24
25
-/* cbus.c */
26
-typedef struct {
27
- qemu_irq clk;
28
- qemu_irq dat;
29
- qemu_irq sel;
30
-} CBus;
31
-CBus *cbus_init(qemu_irq dat_out);
32
-void cbus_attach(CBus *bus, void *slave_opaque);
33
-
34
-void *retu_init(qemu_irq irq, int vilma);
35
-void *tahvo_init(qemu_irq irq, int betty);
36
-
37
-void retu_key_event(void *retu, int state);
38
-
39
#endif
40
diff --git a/include/hw/misc/cbus.h b/include/hw/misc/cbus.h
41
new file mode 100644
42
index XXXXXXX..XXXXXXX
43
--- /dev/null
44
+++ b/include/hw/misc/cbus.h
45
@@ -XXX,XX +XXX,XX @@
46
+/*
47
+ * CBUS three-pin bus and the Retu / Betty / Tahvo / Vilma / Avilma /
48
+ * Hinku / Vinku / Ahne / Pihi chips used in various Nokia platforms.
49
+ * Based on reverse-engineering of a linux driver.
50
+ *
51
+ * Copyright (C) 2008 Nokia Corporation
52
+ * Written by Andrzej Zaborowski
53
+ *
54
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
55
+ * See the COPYING file in the top-level directory.
56
+ */
57
+
58
+#ifndef HW_MISC_CBUS_H
59
+#define HW_MISC_CBUS_H
60
+
61
+#include "hw/irq.h"
62
+
63
+typedef struct {
64
+ qemu_irq clk;
65
+ qemu_irq dat;
66
+ qemu_irq sel;
67
+} CBus;
68
+
69
+CBus *cbus_init(qemu_irq dat_out);
70
+void cbus_attach(CBus *bus, void *slave_opaque);
71
+
72
+void *retu_init(qemu_irq irq, int vilma);
73
+void *tahvo_init(qemu_irq irq, int betty);
74
+
75
+void retu_key_event(void *retu, int state);
76
+
77
+#endif
78
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
79
index XXXXXXX..XXXXXXX 100644
80
--- a/hw/arm/nseries.c
81
+++ b/hw/arm/nseries.c
82
@@ -XXX,XX +XXX,XX @@
83
#include "hw/i2c/i2c.h"
84
#include "hw/devices.h"
85
#include "hw/display/blizzard.h"
86
+#include "hw/misc/cbus.h"
87
#include "hw/misc/tmp105.h"
88
#include "hw/block/flash.h"
89
#include "hw/hw.h"
90
diff --git a/hw/misc/cbus.c b/hw/misc/cbus.c
91
index XXXXXXX..XXXXXXX 100644
92
--- a/hw/misc/cbus.c
93
+++ b/hw/misc/cbus.c
94
@@ -XXX,XX +XXX,XX @@
95
#include "qemu/osdep.h"
96
#include "hw/hw.h"
97
#include "hw/irq.h"
98
-#include "hw/devices.h"
99
+#include "hw/misc/cbus.h"
100
#include "sysemu/sysemu.h"
101
102
//#define DEBUG
103
diff --git a/MAINTAINERS b/MAINTAINERS
104
index XXXXXXX..XXXXXXX 100644
105
--- a/MAINTAINERS
106
+++ b/MAINTAINERS
107
@@ -XXX,XX +XXX,XX @@ F: hw/input/tsc2005.c
108
F: hw/misc/cbus.c
109
F: hw/timer/twl92230.c
110
F: include/hw/display/blizzard.h
111
+F: include/hw/misc/cbus.h
112
113
Palm
114
M: Andrzej Zaborowski <balrogg@gmail.com>
115
--
116
2.20.1
117
118
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
Reviewed-by: Markus Armbruster <armbru@redhat.com>
4
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5
Message-id: 20190412165416.7977-8-philmd@redhat.com
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
include/hw/devices.h | 3 ---
9
include/hw/input/gamepad.h | 19 +++++++++++++++++++
10
hw/arm/stellaris.c | 2 +-
11
hw/input/stellaris_input.c | 2 +-
12
MAINTAINERS | 1 +
13
5 files changed, 22 insertions(+), 5 deletions(-)
14
create mode 100644 include/hw/input/gamepad.h
15
16
diff --git a/include/hw/devices.h b/include/hw/devices.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/devices.h
19
+++ b/include/hw/devices.h
20
@@ -XXX,XX +XXX,XX @@ void *tsc2005_init(qemu_irq pintdav);
21
uint32_t tsc2005_txrx(void *opaque, uint32_t value, int len);
22
void tsc2005_set_transform(void *opaque, MouseTransformInfo *info);
23
24
-/* stellaris_input.c */
25
-void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode);
26
-
27
#endif
28
diff --git a/include/hw/input/gamepad.h b/include/hw/input/gamepad.h
29
new file mode 100644
30
index XXXXXXX..XXXXXXX
31
--- /dev/null
32
+++ b/include/hw/input/gamepad.h
33
@@ -XXX,XX +XXX,XX @@
34
+/*
35
+ * Gamepad style buttons connected to IRQ/GPIO lines
36
+ *
37
+ * Copyright (c) 2007 CodeSourcery.
38
+ * Written by Paul Brook
39
+ *
40
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
41
+ * See the COPYING file in the top-level directory.
42
+ */
43
+
44
+#ifndef HW_INPUT_GAMEPAD_H
45
+#define HW_INPUT_GAMEPAD_H
46
+
47
+#include "hw/irq.h"
48
+
49
+/* stellaris_input.c */
50
+void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode);
51
+
52
+#endif
53
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
54
index XXXXXXX..XXXXXXX 100644
55
--- a/hw/arm/stellaris.c
56
+++ b/hw/arm/stellaris.c
57
@@ -XXX,XX +XXX,XX @@
58
#include "hw/sysbus.h"
59
#include "hw/ssi/ssi.h"
60
#include "hw/arm/arm.h"
61
-#include "hw/devices.h"
62
#include "qemu/timer.h"
63
#include "hw/i2c/i2c.h"
64
#include "net/net.h"
65
@@ -XXX,XX +XXX,XX @@
66
#include "sysemu/sysemu.h"
67
#include "hw/arm/armv7m.h"
68
#include "hw/char/pl011.h"
69
+#include "hw/input/gamepad.h"
70
#include "hw/watchdog/cmsdk-apb-watchdog.h"
71
#include "hw/misc/unimp.h"
72
#include "cpu.h"
73
diff --git a/hw/input/stellaris_input.c b/hw/input/stellaris_input.c
74
index XXXXXXX..XXXXXXX 100644
75
--- a/hw/input/stellaris_input.c
76
+++ b/hw/input/stellaris_input.c
77
@@ -XXX,XX +XXX,XX @@
78
*/
79
#include "qemu/osdep.h"
80
#include "hw/hw.h"
81
-#include "hw/devices.h"
82
+#include "hw/input/gamepad.h"
83
#include "ui/console.h"
84
85
typedef struct {
86
diff --git a/MAINTAINERS b/MAINTAINERS
87
index XXXXXXX..XXXXXXX 100644
88
--- a/MAINTAINERS
89
+++ b/MAINTAINERS
90
@@ -XXX,XX +XXX,XX @@ M: Peter Maydell <peter.maydell@linaro.org>
91
L: qemu-arm@nongnu.org
92
S: Maintained
93
F: hw/*/stellaris*
94
+F: include/hw/input/gamepad.h
95
96
Versatile Express
97
M: Peter Maydell <peter.maydell@linaro.org>
98
--
99
2.20.1
100
101
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
Since uWireSlave is only used in this new header, there is no
4
need to expose it via "qemu/typedefs.h".
5
6
Reviewed-by: Markus Armbruster <armbru@redhat.com>
7
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Message-id: 20190412165416.7977-9-philmd@redhat.com
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
include/hw/arm/omap.h | 6 +-----
12
include/hw/devices.h | 15 ---------------
13
include/hw/input/tsc2xxx.h | 36 ++++++++++++++++++++++++++++++++++++
14
include/qemu/typedefs.h | 1 -
15
hw/arm/nseries.c | 2 +-
16
hw/arm/palm.c | 2 +-
17
hw/input/tsc2005.c | 2 +-
18
hw/input/tsc210x.c | 4 ++--
19
MAINTAINERS | 2 ++
20
9 files changed, 44 insertions(+), 26 deletions(-)
21
create mode 100644 include/hw/input/tsc2xxx.h
22
23
diff --git a/include/hw/arm/omap.h b/include/hw/arm/omap.h
24
index XXXXXXX..XXXXXXX 100644
25
--- a/include/hw/arm/omap.h
26
+++ b/include/hw/arm/omap.h
27
@@ -XXX,XX +XXX,XX @@
28
#include "exec/memory.h"
29
# define hw_omap_h        "omap.h"
30
#include "hw/irq.h"
31
+#include "hw/input/tsc2xxx.h"
32
#include "target/arm/cpu-qom.h"
33
#include "qemu/log.h"
34
35
@@ -XXX,XX +XXX,XX @@ qemu_irq *omap_mpuio_in_get(struct omap_mpuio_s *s);
36
void omap_mpuio_out_set(struct omap_mpuio_s *s, int line, qemu_irq handler);
37
void omap_mpuio_key(struct omap_mpuio_s *s, int row, int col, int down);
38
39
-struct uWireSlave {
40
- uint16_t (*receive)(void *opaque);
41
- void (*send)(void *opaque, uint16_t data);
42
- void *opaque;
43
-};
44
struct omap_uwire_s;
45
void omap_uwire_attach(struct omap_uwire_s *s,
46
uWireSlave *slave, int chipselect);
47
diff --git a/include/hw/devices.h b/include/hw/devices.h
48
index XXXXXXX..XXXXXXX 100644
49
--- a/include/hw/devices.h
50
+++ b/include/hw/devices.h
51
@@ -XXX,XX +XXX,XX @@
52
/* Devices that have nowhere better to go. */
53
54
#include "hw/hw.h"
55
-#include "ui/console.h"
56
57
/* smc91c111.c */
58
void smc91c111_init(NICInfo *, uint32_t, qemu_irq);
59
@@ -XXX,XX +XXX,XX @@ void smc91c111_init(NICInfo *, uint32_t, qemu_irq);
60
/* lan9118.c */
61
void lan9118_init(NICInfo *, uint32_t, qemu_irq);
62
63
-/* tsc210x.c */
64
-uWireSlave *tsc2102_init(qemu_irq pint);
65
-uWireSlave *tsc2301_init(qemu_irq penirq, qemu_irq kbirq, qemu_irq dav);
66
-I2SCodec *tsc210x_codec(uWireSlave *chip);
67
-uint32_t tsc210x_txrx(void *opaque, uint32_t value, int len);
68
-void tsc210x_set_transform(uWireSlave *chip,
69
- MouseTransformInfo *info);
70
-void tsc210x_key_event(uWireSlave *chip, int key, int down);
71
-
72
-/* tsc2005.c */
73
-void *tsc2005_init(qemu_irq pintdav);
74
-uint32_t tsc2005_txrx(void *opaque, uint32_t value, int len);
75
-void tsc2005_set_transform(void *opaque, MouseTransformInfo *info);
76
-
77
#endif
78
diff --git a/include/hw/input/tsc2xxx.h b/include/hw/input/tsc2xxx.h
79
new file mode 100644
80
index XXXXXXX..XXXXXXX
81
--- /dev/null
82
+++ b/include/hw/input/tsc2xxx.h
83
@@ -XXX,XX +XXX,XX @@
84
+/*
85
+ * TI touchscreen controller
86
+ *
87
+ * Copyright (c) 2006 Andrzej Zaborowski
88
+ * Copyright (C) 2008 Nokia Corporation
89
+ *
90
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
91
+ * See the COPYING file in the top-level directory.
92
+ */
93
+
94
+#ifndef HW_INPUT_TSC2XXX_H
95
+#define HW_INPUT_TSC2XXX_H
96
+
97
+#include "hw/irq.h"
98
+#include "ui/console.h"
99
+
100
+typedef struct uWireSlave {
101
+ uint16_t (*receive)(void *opaque);
102
+ void (*send)(void *opaque, uint16_t data);
103
+ void *opaque;
104
+} uWireSlave;
105
+
106
+/* tsc210x.c */
107
+uWireSlave *tsc2102_init(qemu_irq pint);
108
+uWireSlave *tsc2301_init(qemu_irq penirq, qemu_irq kbirq, qemu_irq dav);
109
+I2SCodec *tsc210x_codec(uWireSlave *chip);
110
+uint32_t tsc210x_txrx(void *opaque, uint32_t value, int len);
111
+void tsc210x_set_transform(uWireSlave *chip, MouseTransformInfo *info);
112
+void tsc210x_key_event(uWireSlave *chip, int key, int down);
113
+
114
+/* tsc2005.c */
115
+void *tsc2005_init(qemu_irq pintdav);
116
+uint32_t tsc2005_txrx(void *opaque, uint32_t value, int len);
117
+void tsc2005_set_transform(void *opaque, MouseTransformInfo *info);
118
+
119
+#endif
120
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
121
index XXXXXXX..XXXXXXX 100644
122
--- a/include/qemu/typedefs.h
123
+++ b/include/qemu/typedefs.h
124
@@ -XXX,XX +XXX,XX @@ typedef struct RAMBlock RAMBlock;
125
typedef struct Range Range;
126
typedef struct SHPCDevice SHPCDevice;
127
typedef struct SSIBus SSIBus;
128
-typedef struct uWireSlave uWireSlave;
129
typedef struct VirtIODevice VirtIODevice;
130
typedef struct Visitor Visitor;
131
typedef void SaveStateHandler(QEMUFile *f, void *opaque);
132
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
133
index XXXXXXX..XXXXXXX 100644
134
--- a/hw/arm/nseries.c
135
+++ b/hw/arm/nseries.c
136
@@ -XXX,XX +XXX,XX @@
137
#include "ui/console.h"
138
#include "hw/boards.h"
139
#include "hw/i2c/i2c.h"
140
-#include "hw/devices.h"
141
#include "hw/display/blizzard.h"
142
+#include "hw/input/tsc2xxx.h"
143
#include "hw/misc/cbus.h"
144
#include "hw/misc/tmp105.h"
145
#include "hw/block/flash.h"
146
diff --git a/hw/arm/palm.c b/hw/arm/palm.c
147
index XXXXXXX..XXXXXXX 100644
148
--- a/hw/arm/palm.c
149
+++ b/hw/arm/palm.c
150
@@ -XXX,XX +XXX,XX @@
151
#include "hw/arm/omap.h"
152
#include "hw/boards.h"
153
#include "hw/arm/arm.h"
154
-#include "hw/devices.h"
155
+#include "hw/input/tsc2xxx.h"
156
#include "hw/loader.h"
157
#include "exec/address-spaces.h"
158
#include "cpu.h"
159
diff --git a/hw/input/tsc2005.c b/hw/input/tsc2005.c
160
index XXXXXXX..XXXXXXX 100644
161
--- a/hw/input/tsc2005.c
162
+++ b/hw/input/tsc2005.c
163
@@ -XXX,XX +XXX,XX @@
164
#include "hw/hw.h"
165
#include "qemu/timer.h"
166
#include "ui/console.h"
167
-#include "hw/devices.h"
168
+#include "hw/input/tsc2xxx.h"
169
#include "trace.h"
170
171
#define TSC_CUT_RESOLUTION(value, p)    ((value) >> (16 - (p ? 12 : 10)))
172
diff --git a/hw/input/tsc210x.c b/hw/input/tsc210x.c
173
index XXXXXXX..XXXXXXX 100644
174
--- a/hw/input/tsc210x.c
175
+++ b/hw/input/tsc210x.c
176
@@ -XXX,XX +XXX,XX @@
177
#include "audio/audio.h"
178
#include "qemu/timer.h"
179
#include "ui/console.h"
180
-#include "hw/arm/omap.h"    /* For I2SCodec and uWireSlave */
181
-#include "hw/devices.h"
182
+#include "hw/arm/omap.h" /* For I2SCodec */
183
+#include "hw/input/tsc2xxx.h"
184
185
#define TSC_DATA_REGISTERS_PAGE        0x0
186
#define TSC_CONTROL_REGISTERS_PAGE    0x1
187
diff --git a/MAINTAINERS b/MAINTAINERS
188
index XXXXXXX..XXXXXXX 100644
189
--- a/MAINTAINERS
190
+++ b/MAINTAINERS
191
@@ -XXX,XX +XXX,XX @@ F: hw/input/tsc2005.c
192
F: hw/misc/cbus.c
193
F: hw/timer/twl92230.c
194
F: include/hw/display/blizzard.h
195
+F: include/hw/input/tsc2xxx.h
196
F: include/hw/misc/cbus.h
197
198
Palm
199
@@ -XXX,XX +XXX,XX @@ L: qemu-arm@nongnu.org
200
S: Odd Fixes
201
F: hw/arm/palm.c
202
F: hw/input/tsc210x.c
203
+F: include/hw/input/tsc2xxx.h
204
205
Raspberry Pi
206
M: Peter Maydell <peter.maydell@linaro.org>
207
--
208
2.20.1
209
210
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
Reviewed-by: Markus Armbruster <armbru@redhat.com>
4
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5
Message-id: 20190412165416.7977-10-philmd@redhat.com
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
include/hw/devices.h | 3 ---
9
include/hw/net/lan9118.h | 19 +++++++++++++++++++
10
hw/arm/kzm.c | 2 +-
11
hw/arm/mps2.c | 2 +-
12
hw/arm/realview.c | 1 +
13
hw/arm/vexpress.c | 2 +-
14
hw/net/lan9118.c | 2 +-
15
7 files changed, 24 insertions(+), 7 deletions(-)
16
create mode 100644 include/hw/net/lan9118.h
17
18
diff --git a/include/hw/devices.h b/include/hw/devices.h
19
index XXXXXXX..XXXXXXX 100644
20
--- a/include/hw/devices.h
21
+++ b/include/hw/devices.h
22
@@ -XXX,XX +XXX,XX @@
23
/* smc91c111.c */
24
void smc91c111_init(NICInfo *, uint32_t, qemu_irq);
25
26
-/* lan9118.c */
27
-void lan9118_init(NICInfo *, uint32_t, qemu_irq);
28
-
29
#endif
30
diff --git a/include/hw/net/lan9118.h b/include/hw/net/lan9118.h
31
new file mode 100644
32
index XXXXXXX..XXXXXXX
33
--- /dev/null
34
+++ b/include/hw/net/lan9118.h
35
@@ -XXX,XX +XXX,XX @@
36
+/*
37
+ * SMSC LAN9118 Ethernet interface emulation
38
+ *
39
+ * Copyright (c) 2009 CodeSourcery, LLC.
40
+ * Written by Paul Brook
41
+ *
42
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
43
+ * See the COPYING file in the top-level directory.
44
+ */
45
+
46
+#ifndef HW_NET_LAN9118_H
47
+#define HW_NET_LAN9118_H
48
+
49
+#include "hw/irq.h"
50
+#include "net/net.h"
51
+
52
+void lan9118_init(NICInfo *, uint32_t, qemu_irq);
53
+
54
+#endif
55
diff --git a/hw/arm/kzm.c b/hw/arm/kzm.c
56
index XXXXXXX..XXXXXXX 100644
57
--- a/hw/arm/kzm.c
58
+++ b/hw/arm/kzm.c
59
@@ -XXX,XX +XXX,XX @@
60
#include "qemu/error-report.h"
61
#include "exec/address-spaces.h"
62
#include "net/net.h"
63
-#include "hw/devices.h"
64
+#include "hw/net/lan9118.h"
65
#include "hw/char/serial.h"
66
#include "sysemu/qtest.h"
67
68
diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c
69
index XXXXXXX..XXXXXXX 100644
70
--- a/hw/arm/mps2.c
71
+++ b/hw/arm/mps2.c
72
@@ -XXX,XX +XXX,XX @@
73
#include "hw/timer/cmsdk-apb-timer.h"
74
#include "hw/timer/cmsdk-apb-dualtimer.h"
75
#include "hw/misc/mps2-scc.h"
76
-#include "hw/devices.h"
77
+#include "hw/net/lan9118.h"
78
#include "net/net.h"
79
80
typedef enum MPS2FPGAType {
81
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
82
index XXXXXXX..XXXXXXX 100644
83
--- a/hw/arm/realview.c
84
+++ b/hw/arm/realview.c
85
@@ -XXX,XX +XXX,XX @@
86
#include "hw/arm/arm.h"
87
#include "hw/arm/primecell.h"
88
#include "hw/devices.h"
89
+#include "hw/net/lan9118.h"
90
#include "hw/pci/pci.h"
91
#include "net/net.h"
92
#include "sysemu/sysemu.h"
93
diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c
94
index XXXXXXX..XXXXXXX 100644
95
--- a/hw/arm/vexpress.c
96
+++ b/hw/arm/vexpress.c
97
@@ -XXX,XX +XXX,XX @@
98
#include "hw/sysbus.h"
99
#include "hw/arm/arm.h"
100
#include "hw/arm/primecell.h"
101
-#include "hw/devices.h"
102
+#include "hw/net/lan9118.h"
103
#include "hw/i2c/i2c.h"
104
#include "net/net.h"
105
#include "sysemu/sysemu.h"
106
diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c
107
index XXXXXXX..XXXXXXX 100644
108
--- a/hw/net/lan9118.c
109
+++ b/hw/net/lan9118.c
110
@@ -XXX,XX +XXX,XX @@
111
#include "hw/sysbus.h"
112
#include "net/net.h"
113
#include "net/eth.h"
114
-#include "hw/devices.h"
115
+#include "hw/net/lan9118.h"
116
#include "sysemu/sysemu.h"
117
#include "hw/ptimer.h"
118
#include "qemu/log.h"
119
--
120
2.20.1
121
122
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
Reviewed-by: Thomas Huth <thuth@redhat.com>
4
Reviewed-by: Markus Armbruster <armbru@redhat.com>
5
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6
Message-id: 20190412165416.7977-11-philmd@redhat.com
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
9
include/hw/net/ne2000-isa.h | 6 ++++++
10
1 file changed, 6 insertions(+)
11
12
diff --git a/include/hw/net/ne2000-isa.h b/include/hw/net/ne2000-isa.h
13
index XXXXXXX..XXXXXXX 100644
14
--- a/include/hw/net/ne2000-isa.h
15
+++ b/include/hw/net/ne2000-isa.h
16
@@ -XXX,XX +XXX,XX @@
17
* This work is licensed under the terms of the GNU GPL, version 2 or later.
18
* See the COPYING file in the top-level directory.
19
*/
20
+
21
+#ifndef HW_NET_NE2K_ISA_H
22
+#define HW_NET_NE2K_ISA_H
23
+
24
#include "hw/hw.h"
25
#include "hw/qdev.h"
26
#include "hw/isa/isa.h"
27
@@ -XXX,XX +XXX,XX @@ static inline ISADevice *isa_ne2000_init(ISABus *bus, int base, int irq,
28
}
29
return d;
30
}
31
+
32
+#endif
33
--
34
2.20.1
35
36
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
Reviewed-by: Markus Armbruster <armbru@redhat.com>
4
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5
Message-id: 20190412165416.7977-12-philmd@redhat.com
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
include/hw/net/lan9118.h | 2 ++
9
hw/arm/exynos4_boards.c | 3 ++-
10
hw/arm/mps2-tz.c | 3 ++-
11
hw/net/lan9118.c | 1 -
12
4 files changed, 6 insertions(+), 3 deletions(-)
13
14
diff --git a/include/hw/net/lan9118.h b/include/hw/net/lan9118.h
15
index XXXXXXX..XXXXXXX 100644
16
--- a/include/hw/net/lan9118.h
17
+++ b/include/hw/net/lan9118.h
18
@@ -XXX,XX +XXX,XX @@
19
#include "hw/irq.h"
20
#include "net/net.h"
21
22
+#define TYPE_LAN9118 "lan9118"
23
+
24
void lan9118_init(NICInfo *, uint32_t, qemu_irq);
25
26
#endif
27
diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c
28
index XXXXXXX..XXXXXXX 100644
29
--- a/hw/arm/exynos4_boards.c
30
+++ b/hw/arm/exynos4_boards.c
31
@@ -XXX,XX +XXX,XX @@
32
#include "hw/arm/arm.h"
33
#include "exec/address-spaces.h"
34
#include "hw/arm/exynos4210.h"
35
+#include "hw/net/lan9118.h"
36
#include "hw/boards.h"
37
38
#undef DEBUG
39
@@ -XXX,XX +XXX,XX @@ static void lan9215_init(uint32_t base, qemu_irq irq)
40
/* This should be a 9215 but the 9118 is close enough */
41
if (nd_table[0].used) {
42
qemu_check_nic_model(&nd_table[0], "lan9118");
43
- dev = qdev_create(NULL, "lan9118");
44
+ dev = qdev_create(NULL, TYPE_LAN9118);
45
qdev_set_nic_properties(dev, &nd_table[0]);
46
qdev_prop_set_uint32(dev, "mode_16bit", 1);
47
qdev_init_nofail(dev);
48
diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
49
index XXXXXXX..XXXXXXX 100644
50
--- a/hw/arm/mps2-tz.c
51
+++ b/hw/arm/mps2-tz.c
52
@@ -XXX,XX +XXX,XX @@
53
#include "hw/arm/armsse.h"
54
#include "hw/dma/pl080.h"
55
#include "hw/ssi/pl022.h"
56
+#include "hw/net/lan9118.h"
57
#include "net/net.h"
58
#include "hw/core/split-irq.h"
59
60
@@ -XXX,XX +XXX,XX @@ static MemoryRegion *make_eth_dev(MPS2TZMachineState *mms, void *opaque,
61
* except that it doesn't support the checksum-offload feature.
62
*/
63
qemu_check_nic_model(nd, "lan9118");
64
- mms->lan9118 = qdev_create(NULL, "lan9118");
65
+ mms->lan9118 = qdev_create(NULL, TYPE_LAN9118);
66
qdev_set_nic_properties(mms->lan9118, nd);
67
qdev_init_nofail(mms->lan9118);
68
69
diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c
70
index XXXXXXX..XXXXXXX 100644
71
--- a/hw/net/lan9118.c
72
+++ b/hw/net/lan9118.c
73
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_lan9118_packet = {
74
}
75
};
76
77
-#define TYPE_LAN9118 "lan9118"
78
#define LAN9118(obj) OBJECT_CHECK(lan9118_state, (obj), TYPE_LAN9118)
79
80
typedef struct {
81
--
82
2.20.1
83
84
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
This commit finally deletes "hw/devices.h".
4
5
Reviewed-by: Markus Armbruster <armbru@redhat.com>
6
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Message-id: 20190412165416.7977-13-philmd@redhat.com
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
include/hw/devices.h | 11 -----------
11
include/hw/net/smc91c111.h | 19 +++++++++++++++++++
12
hw/arm/gumstix.c | 2 +-
13
hw/arm/integratorcp.c | 2 +-
14
hw/arm/mainstone.c | 2 +-
15
hw/arm/realview.c | 2 +-
16
hw/arm/versatilepb.c | 2 +-
17
hw/net/smc91c111.c | 2 +-
18
8 files changed, 25 insertions(+), 17 deletions(-)
19
delete mode 100644 include/hw/devices.h
20
create mode 100644 include/hw/net/smc91c111.h
21
22
diff --git a/include/hw/devices.h b/include/hw/devices.h
23
deleted file mode 100644
24
index XXXXXXX..XXXXXXX
25
--- a/include/hw/devices.h
26
+++ /dev/null
27
@@ -XXX,XX +XXX,XX @@
28
-#ifndef QEMU_DEVICES_H
29
-#define QEMU_DEVICES_H
30
-
31
-/* Devices that have nowhere better to go. */
32
-
33
-#include "hw/hw.h"
34
-
35
-/* smc91c111.c */
36
-void smc91c111_init(NICInfo *, uint32_t, qemu_irq);
37
-
38
-#endif
39
diff --git a/include/hw/net/smc91c111.h b/include/hw/net/smc91c111.h
40
new file mode 100644
41
index XXXXXXX..XXXXXXX
42
--- /dev/null
43
+++ b/include/hw/net/smc91c111.h
44
@@ -XXX,XX +XXX,XX @@
45
+/*
46
+ * SMSC 91C111 Ethernet interface emulation
47
+ *
48
+ * Copyright (c) 2005 CodeSourcery, LLC.
49
+ * Written by Paul Brook
50
+ *
51
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
52
+ * See the COPYING file in the top-level directory.
53
+ */
54
+
55
+#ifndef HW_NET_SMC91C111_H
56
+#define HW_NET_SMC91C111_H
57
+
58
+#include "hw/irq.h"
59
+#include "net/net.h"
60
+
61
+void smc91c111_init(NICInfo *, uint32_t, qemu_irq);
62
+
63
+#endif
64
diff --git a/hw/arm/gumstix.c b/hw/arm/gumstix.c
65
index XXXXXXX..XXXXXXX 100644
66
--- a/hw/arm/gumstix.c
67
+++ b/hw/arm/gumstix.c
68
@@ -XXX,XX +XXX,XX @@
69
#include "hw/arm/pxa.h"
70
#include "net/net.h"
71
#include "hw/block/flash.h"
72
-#include "hw/devices.h"
73
+#include "hw/net/smc91c111.h"
74
#include "hw/boards.h"
75
#include "exec/address-spaces.h"
76
#include "sysemu/qtest.h"
77
diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
78
index XXXXXXX..XXXXXXX 100644
79
--- a/hw/arm/integratorcp.c
80
+++ b/hw/arm/integratorcp.c
81
@@ -XXX,XX +XXX,XX @@
82
#include "qemu-common.h"
83
#include "cpu.h"
84
#include "hw/sysbus.h"
85
-#include "hw/devices.h"
86
#include "hw/boards.h"
87
#include "hw/arm/arm.h"
88
#include "hw/misc/arm_integrator_debug.h"
89
+#include "hw/net/smc91c111.h"
90
#include "net/net.h"
91
#include "exec/address-spaces.h"
92
#include "sysemu/sysemu.h"
93
diff --git a/hw/arm/mainstone.c b/hw/arm/mainstone.c
94
index XXXXXXX..XXXXXXX 100644
95
--- a/hw/arm/mainstone.c
96
+++ b/hw/arm/mainstone.c
97
@@ -XXX,XX +XXX,XX @@
98
#include "hw/arm/pxa.h"
99
#include "hw/arm/arm.h"
100
#include "net/net.h"
101
-#include "hw/devices.h"
102
+#include "hw/net/smc91c111.h"
103
#include "hw/boards.h"
104
#include "hw/block/flash.h"
105
#include "hw/sysbus.h"
106
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
107
index XXXXXXX..XXXXXXX 100644
108
--- a/hw/arm/realview.c
109
+++ b/hw/arm/realview.c
110
@@ -XXX,XX +XXX,XX @@
111
#include "hw/sysbus.h"
112
#include "hw/arm/arm.h"
113
#include "hw/arm/primecell.h"
114
-#include "hw/devices.h"
115
#include "hw/net/lan9118.h"
116
+#include "hw/net/smc91c111.h"
117
#include "hw/pci/pci.h"
118
#include "net/net.h"
119
#include "sysemu/sysemu.h"
120
diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c
121
index XXXXXXX..XXXXXXX 100644
122
--- a/hw/arm/versatilepb.c
123
+++ b/hw/arm/versatilepb.c
124
@@ -XXX,XX +XXX,XX @@
125
#include "cpu.h"
126
#include "hw/sysbus.h"
127
#include "hw/arm/arm.h"
128
-#include "hw/devices.h"
129
+#include "hw/net/smc91c111.h"
130
#include "net/net.h"
131
#include "sysemu/sysemu.h"
132
#include "hw/pci/pci.h"
133
diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c
134
index XXXXXXX..XXXXXXX 100644
135
--- a/hw/net/smc91c111.c
136
+++ b/hw/net/smc91c111.c
137
@@ -XXX,XX +XXX,XX @@
138
#include "qemu/osdep.h"
139
#include "hw/sysbus.h"
140
#include "net/net.h"
141
-#include "hw/devices.h"
142
+#include "hw/net/smc91c111.h"
143
#include "qemu/log.h"
144
/* For crc32 */
145
#include <zlib.h>
146
--
147
2.20.1
148
149
diff view generated by jsdifflib