[Qemu-devel] [PULL 00/10] target-arm queue
[PULL 00/29] target-arm queue
1
target-arm queue for rc1 -- these are all bug fixes.
1
target-arm queue: nothing big, just a collection of minor things.
2
2
3
thanks
4
-- PMM
3
-- PMM
5
4
6
The following changes since commit b9404bf592e7ba74180e1a54ed7a266ec6ee67f2:
5
The following changes since commit ae3aa5da96f4ccf0c2a28851449d92db9fcfad71:
7
6
8
Merge remote-tracking branch 'remotes/dgilbert/tags/pull-hmp-20190715' into staging (2019-07-15 12:22:07 +0100)
7
Merge remote-tracking branch 'remotes/berrange/tags/socket-next-pull-request' into staging (2020-05-21 16:47:28 +0100)
9
8
10
are available in the Git repository at:
9
are available in the Git repository at:
11
10
12
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190715
11
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200521
13
12
14
for you to fetch changes up to 51c9122e92b776a3f16af0b9282f1dc5012e2a19:
13
for you to fetch changes up to 17b5df7b65d0192c5d775b5e1581518580774c77:
15
14
16
target/arm: NS BusFault on vector table fetch escalates to NS HardFault (2019-07-15 14:17:04 +0100)
15
linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32 (2020-05-21 20:00:19 +0100)
17
16
18
----------------------------------------------------------------
17
----------------------------------------------------------------
19
target-arm queue:
18
target-arm queue:
20
* report ARMv8-A FP support for AArch32 -cpu max
19
* tests/acceptance: Add a test for the canon-a1100 machine
21
* hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory
20
* docs/system: Document some of the Arm development boards
22
* hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[]
21
* linux-user: make BKPT insn cause SIGTRAP, not be a syscall
23
* hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO
22
* target/arm: Remove unused GEN_NEON_INTEGER_OP macro
24
* hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO
23
* fsl-imx25, fsl-imx31, fsl-imx6, fsl-imx6ul, fsl-imx7: implement watchdog
25
* hw/arm/virt: Fix non-secure flash mode
24
* hw/arm: Use qemu_log_mask() instead of hw_error() in various places
26
* pl031: Correctly migrate state when using -rtc clock=host
25
* ARM: PL061: Introduce N_GPIOS
27
* fix regression that meant arm926 and arm1026 lost VFP
26
* target/arm: Improve clear_vec_high() usage
28
double-precision support
27
* target/arm: Allow user-mode code to write CPSR.E via MSR
29
* v8M: NS BusFault on vector table fetch escalates to NS HardFault
28
* linux-user/arm: Reset CPSR_E when entering a signal handler
29
* linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32
30
30
31
----------------------------------------------------------------
31
----------------------------------------------------------------
32
Alex Bennée (1):
32
Amanieu d'Antras (1):
33
target/arm: report ARMv8-A FP support for AArch32 -cpu max
33
linux-user/arm: Reset CPSR_E when entering a signal handler
34
34
35
David Engraf (1):
35
Geert Uytterhoeven (1):
36
hw/arm/virt: Fix non-secure flash mode
36
ARM: PL061: Introduce N_GPIOS
37
37
38
Peter Maydell (3):
38
Guenter Roeck (8):
39
pl031: Correctly migrate state when using -rtc clock=host
39
hw: Move i.MX watchdog driver to hw/watchdog
40
target/arm: Set VFP-related MVFR0 fields for arm926 and arm1026
40
hw/watchdog: Implement full i.MX watchdog support
41
target/arm: NS BusFault on vector table fetch escalates to NS HardFault
41
hw/arm/fsl-imx25: Wire up watchdog
42
hw/arm/fsl-imx31: Wire up watchdog
43
hw/arm/fsl-imx6: Connect watchdog interrupts
44
hw/arm/fsl-imx6ul: Connect watchdog interrupts
45
hw/arm/fsl-imx7: Instantiate various unimplemented devices
46
hw/arm/fsl-imx7: Connect watchdog interrupts
42
47
43
Philippe Mathieu-Daudé (5):
48
Peter Maydell (12):
44
hw/ssi/xilinx_spips: Convert lqspi_read() to read_with_attrs
49
docs/system: Add 'Arm' to the Integrator/CP document title
45
hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory
50
docs/system: Sort Arm board index into alphabetical order
46
hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[]
51
docs/system: Document Arm Versatile Express boards
47
hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO
52
docs/system: Document the various MPS2 models
48
hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO
53
docs/system: Document Musca boards
54
linux-user/arm: BKPT should cause SIGTRAP, not be a syscall
55
linux-user/arm: Remove bogus SVC 0xf0002 handling
56
linux-user/arm: Handle invalid arm-specific syscalls correctly
57
linux-user/arm: Fix identification of syscall numbers
58
target/arm: Remove unused GEN_NEON_INTEGER_OP macro
59
target/arm: Allow user-mode code to write CPSR.E via MSR
60
linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32
49
61
50
include/hw/timer/pl031.h | 2 ++
62
Philippe Mathieu-Daudé (4):
51
hw/arm/virt.c | 2 +-
63
hw/arm/integratorcp: Replace hw_error() by qemu_log_mask()
52
hw/core/machine.c | 1 +
64
hw/arm/pxa2xx: Replace hw_error() by qemu_log_mask()
53
hw/display/xlnx_dp.c | 15 +++++---
65
hw/char/xilinx_uartlite: Replace hw_error() by qemu_log_mask()
54
hw/ssi/mss-spi.c | 8 ++++-
66
hw/timer/exynos4210_mct: Replace hw_error() by qemu_log_mask()
55
hw/ssi/xilinx_spips.c | 43 +++++++++++++++-------
56
hw/timer/pl031.c | 92 +++++++++++++++++++++++++++++++++++++++++++++---
57
target/arm/cpu.c | 16 +++++++++
58
target/arm/m_helper.c | 21 ++++++++---
59
9 files changed, 174 insertions(+), 26 deletions(-)
60
67
68
Richard Henderson (2):
69
target/arm: Use tcg_gen_gvec_mov for clear_vec_high
70
target/arm: Use clear_vec_high more effectively
71
72
Thomas Huth (1):
73
tests/acceptance: Add a test for the canon-a1100 machine
74
75
docs/system/arm/integratorcp.rst | 4 +-
76
docs/system/arm/mps2.rst | 29 +++
77
docs/system/arm/musca.rst | 31 +++
78
docs/system/arm/vexpress.rst | 60 ++++++
79
docs/system/target-arm.rst | 20 +-
80
include/hw/arm/fsl-imx25.h | 5 +
81
include/hw/arm/fsl-imx31.h | 4 +
82
include/hw/arm/fsl-imx6.h | 2 +-
83
include/hw/arm/fsl-imx6ul.h | 2 +-
84
include/hw/arm/fsl-imx7.h | 23 ++-
85
include/hw/misc/imx2_wdt.h | 33 ----
86
include/hw/watchdog/wdt_imx2.h | 90 +++++++++
87
target/arm/cpu.h | 2 +-
88
hw/arm/fsl-imx25.c | 10 +
89
hw/arm/fsl-imx31.c | 6 +
90
hw/arm/fsl-imx6.c | 9 +
91
hw/arm/fsl-imx6ul.c | 10 +
92
hw/arm/fsl-imx7.c | 35 ++++
93
hw/arm/integratorcp.c | 23 ++-
94
hw/arm/pxa2xx_gpio.c | 7 +-
95
hw/char/xilinx_uartlite.c | 5 +-
96
hw/display/pxa2xx_lcd.c | 8 +-
97
hw/dma/pxa2xx_dma.c | 14 +-
98
hw/gpio/pl061.c | 12 +-
99
hw/misc/imx2_wdt.c | 90 ---------
100
hw/timer/exynos4210_mct.c | 12 +-
101
hw/watchdog/wdt_imx2.c | 303 +++++++++++++++++++++++++++++
102
linux-user/arm/cpu_loop.c | 145 ++++++++------
103
linux-user/arm/signal.c | 15 +-
104
target/arm/translate-a64.c | 63 +++---
105
target/arm/translate.c | 23 ---
106
MAINTAINERS | 6 +
107
hw/arm/Kconfig | 5 +
108
hw/misc/Makefile.objs | 1 -
109
hw/watchdog/Kconfig | 3 +
110
hw/watchdog/Makefile.objs | 1 +
111
tests/acceptance/machine_arm_canona1100.py | 35 ++++
112
37 files changed, 854 insertions(+), 292 deletions(-)
113
create mode 100644 docs/system/arm/mps2.rst
114
create mode 100644 docs/system/arm/musca.rst
115
create mode 100644 docs/system/arm/vexpress.rst
116
delete mode 100644 include/hw/misc/imx2_wdt.h
117
create mode 100644 include/hw/watchdog/wdt_imx2.h
118
delete mode 100644 hw/misc/imx2_wdt.c
119
create mode 100644 hw/watchdog/wdt_imx2.c
120
create mode 100644 tests/acceptance/machine_arm_canona1100.py
121
diff view generated by jsdifflib
New patch
[PULL 01/29] tests/acceptance: Add a test for the canon-a1100 machine
1
From: Thomas Huth <thuth@redhat.com>
1
2
3
The canon-a1100 machine can be used with the Barebox firmware. The
4
QEMU Advent Calendar 2018 features a pre-compiled image which we
5
can use for testing.
6
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
9
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
10
Tested-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
11
Signed-off-by: Thomas Huth <thuth@redhat.com>
12
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
13
Message-id: 20200514190422.23645-1-f4bug@amsat.org
14
Message-Id: <20200129090420.13954-1-thuth@redhat.com>
15
[PMD: Rebased MAINTAINERS]
16
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
---
19
MAINTAINERS | 1 +
20
tests/acceptance/machine_arm_canona1100.py | 35 ++++++++++++++++++++++
21
2 files changed, 36 insertions(+)
22
create mode 100644 tests/acceptance/machine_arm_canona1100.py
23
24
diff --git a/MAINTAINERS b/MAINTAINERS
25
index XXXXXXX..XXXXXXX 100644
26
--- a/MAINTAINERS
27
+++ b/MAINTAINERS
28
@@ -XXX,XX +XXX,XX @@ S: Odd Fixes
29
F: include/hw/arm/digic.h
30
F: hw/*/digic*
31
F: include/hw/*/digic*
32
+F: tests/acceptance/machine_arm_canona1100.py
33
34
Goldfish RTC
35
M: Anup Patel <anup.patel@wdc.com>
36
diff --git a/tests/acceptance/machine_arm_canona1100.py b/tests/acceptance/machine_arm_canona1100.py
37
new file mode 100644
38
index XXXXXXX..XXXXXXX
39
--- /dev/null
40
+++ b/tests/acceptance/machine_arm_canona1100.py
41
@@ -XXX,XX +XXX,XX @@
42
+# Functional test that boots the canon-a1100 machine with firmware
43
+#
44
+# Copyright (c) 2020 Red Hat, Inc.
45
+#
46
+# Author:
47
+# Thomas Huth <thuth@redhat.com>
48
+#
49
+# This work is licensed under the terms of the GNU GPL, version 2 or
50
+# later. See the COPYING file in the top-level directory.
51
+
52
+from avocado_qemu import Test
53
+from avocado_qemu import wait_for_console_pattern
54
+from avocado.utils import archive
55
+
56
+class CanonA1100Machine(Test):
57
+ """Boots the barebox firmware and checks that the console is operational"""
58
+
59
+ timeout = 90
60
+
61
+ def test_arm_canona1100(self):
62
+ """
63
+ :avocado: tags=arch:arm
64
+ :avocado: tags=machine:canon-a1100
65
+ :avocado: tags=device:pflash_cfi02
66
+ """
67
+ tar_url = ('https://www.qemu-advent-calendar.org'
68
+ '/2018/download/day18.tar.xz')
69
+ tar_hash = '068b5fc4242b29381acee94713509f8a876e9db6'
70
+ file_path = self.fetch_asset(tar_url, asset_hash=tar_hash)
71
+ archive.extract(file_path, self.workdir)
72
+ self.vm.set_console()
73
+ self.vm.add_args('-bios',
74
+ self.workdir + '/day18/barebox.canon-a1100.bin')
75
+ self.vm.launch()
76
+ wait_for_console_pattern(self, 'running /env/bin/init')
77
--
78
2.20.1
79
80
diff view generated by jsdifflib
New patch
[PULL 02/29] docs/system: Add 'Arm' to the Integrator/CP document title
1
Add 'Arm' to the Integrator/CP document title, for consistency with
2
the titling of the other documentation of Arm devboard models
3
(versatile, realview).
1
4
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
8
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
9
Message-id: 20200507151819.28444-2-peter.maydell@linaro.org
10
---
11
docs/system/arm/integratorcp.rst | 4 ++--
12
1 file changed, 2 insertions(+), 2 deletions(-)
13
14
diff --git a/docs/system/arm/integratorcp.rst b/docs/system/arm/integratorcp.rst
15
index XXXXXXX..XXXXXXX 100644
16
--- a/docs/system/arm/integratorcp.rst
17
+++ b/docs/system/arm/integratorcp.rst
18
@@ -XXX,XX +XXX,XX @@
19
-Integrator/CP (``integratorcp``)
20
-================================
21
+Arm Integrator/CP (``integratorcp``)
22
+====================================
23
24
The Arm Integrator/CP board is emulated with the following devices:
25
26
--
27
2.20.1
28
29
diff view generated by jsdifflib
New patch
[PULL 03/29] docs/system: Sort Arm board index into alphabetical order
1
Sort the board index into alphabetical order. (Note that we need to
2
sort alphabetically by the title text of each file, which isn't the
3
same ordering as sorting by the filename.)
1
4
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
8
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
9
Message-id: 20200507151819.28444-3-peter.maydell@linaro.org
10
---
11
docs/system/target-arm.rst | 17 +++++++++++------
12
1 file changed, 11 insertions(+), 6 deletions(-)
13
14
diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst
15
index XXXXXXX..XXXXXXX 100644
16
--- a/docs/system/target-arm.rst
17
+++ b/docs/system/target-arm.rst
18
@@ -XXX,XX +XXX,XX @@ Unfortunately many of the Arm boards QEMU supports are currently
19
undocumented; you can get a complete list by running
20
``qemu-system-aarch64 --machine help``.
21
22
+..
23
+ This table of contents should be kept sorted alphabetically
24
+ by the title text of each file, which isn't the same ordering
25
+ as an alphabetical sort by filename.
26
+
27
.. toctree::
28
:maxdepth: 1
29
30
arm/integratorcp
31
- arm/versatile
32
arm/realview
33
- arm/xscale
34
- arm/palm
35
- arm/nseries
36
- arm/stellaris
37
+ arm/versatile
38
arm/musicpal
39
- arm/sx1
40
+ arm/nseries
41
arm/orangepi
42
+ arm/palm
43
+ arm/xscale
44
+ arm/sx1
45
+ arm/stellaris
46
47
Arm CPU features
48
================
49
--
50
2.20.1
51
52
diff view generated by jsdifflib
New patch
[PULL 04/29] docs/system: Document Arm Versatile Express boards
1
Provide a minimal documentation of the Versatile Express boards
2
(vexpress-a9, vexpress-a15).
1
3
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
7
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
8
Message-id: 20200507151819.28444-4-peter.maydell@linaro.org
9
---
10
docs/system/arm/vexpress.rst | 60 ++++++++++++++++++++++++++++++++++++
11
docs/system/target-arm.rst | 1 +
12
MAINTAINERS | 1 +
13
3 files changed, 62 insertions(+)
14
create mode 100644 docs/system/arm/vexpress.rst
15
16
diff --git a/docs/system/arm/vexpress.rst b/docs/system/arm/vexpress.rst
17
new file mode 100644
18
index XXXXXXX..XXXXXXX
19
--- /dev/null
20
+++ b/docs/system/arm/vexpress.rst
21
@@ -XXX,XX +XXX,XX @@
22
+Arm Versatile Express boards (``vexpress-a9``, ``vexpress-a15``)
23
+================================================================
24
+
25
+QEMU models two variants of the Arm Versatile Express development
26
+board family:
27
+
28
+- ``vexpress-a9`` models the combination of the Versatile Express
29
+ motherboard and the CoreTile Express A9x4 daughterboard
30
+- ``vexpress-a15`` models the combination of the Versatile Express
31
+ motherboard and the CoreTile Express A15x2 daughterboard
32
+
33
+Note that as this hardware does not have PCI, IDE or SCSI,
34
+the only available storage option is emulated SD card.
35
+
36
+Implemented devices:
37
+
38
+- PL041 audio
39
+- PL181 SD controller
40
+- PL050 keyboard and mouse
41
+- PL011 UARTs
42
+- SP804 timers
43
+- I2C controller
44
+- PL031 RTC
45
+- PL111 LCD display controller
46
+- Flash memory
47
+- LAN9118 ethernet
48
+
49
+Unimplemented devices:
50
+
51
+- SP810 system control block
52
+- PCI-express
53
+- USB controller (Philips ISP1761)
54
+- Local DAP ROM
55
+- CoreSight interfaces
56
+- PL301 AXI interconnect
57
+- SCC
58
+- System counter
59
+- HDLCD controller (``vexpress-a15``)
60
+- SP805 watchdog
61
+- PL341 dynamic memory controller
62
+- DMA330 DMA controller
63
+- PL354 static memory controller
64
+- BP147 TrustZone Protection Controller
65
+- TrustZone Address Space Controller
66
+
67
+Other differences between the hardware and the QEMU model:
68
+
69
+- QEMU will default to creating one CPU unless you pass a different
70
+ ``-smp`` argument
71
+- QEMU allows the amount of RAM provided to be specified with the
72
+ ``-m`` argument
73
+- QEMU defaults to providing a CPU which does not provide either
74
+ TrustZone or the Virtualization Extensions: if you want these you
75
+ must enable them with ``-machine secure=on`` and ``-machine
76
+ virtualization=on``
77
+- QEMU provides 4 virtio-mmio virtio transports; these start at
78
+ address ``0x10013000`` for ``vexpress-a9`` and at ``0x1c130000`` for
79
+ ``vexpress-a15``, and have IRQs from 40 upwards. If a dtb is
80
+ provided on the command line then QEMU will edit it to include
81
+ suitable entries describing these transports for the guest.
82
diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst
83
index XXXXXXX..XXXXXXX 100644
84
--- a/docs/system/target-arm.rst
85
+++ b/docs/system/target-arm.rst
86
@@ -XXX,XX +XXX,XX @@ undocumented; you can get a complete list by running
87
arm/integratorcp
88
arm/realview
89
arm/versatile
90
+ arm/vexpress
91
arm/musicpal
92
arm/nseries
93
arm/orangepi
94
diff --git a/MAINTAINERS b/MAINTAINERS
95
index XXXXXXX..XXXXXXX 100644
96
--- a/MAINTAINERS
97
+++ b/MAINTAINERS
98
@@ -XXX,XX +XXX,XX @@ M: Peter Maydell <peter.maydell@linaro.org>
99
L: qemu-arm@nongnu.org
100
S: Maintained
101
F: hw/arm/vexpress.c
102
+F: docs/system/arm/vexpress.rst
103
104
Versatile PB
105
M: Peter Maydell <peter.maydell@linaro.org>
106
--
107
2.20.1
108
109
diff view generated by jsdifflib
New patch
[PULL 05/29] docs/system: Document the various MPS2 models
1
Add basic documentation of the MPS2 board models.
1
2
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
7
Message-id: 20200507151819.28444-5-peter.maydell@linaro.org
8
---
9
docs/system/arm/mps2.rst | 29 +++++++++++++++++++++++++++++
10
docs/system/target-arm.rst | 1 +
11
MAINTAINERS | 1 +
12
3 files changed, 31 insertions(+)
13
create mode 100644 docs/system/arm/mps2.rst
14
15
diff --git a/docs/system/arm/mps2.rst b/docs/system/arm/mps2.rst
16
new file mode 100644
17
index XXXXXXX..XXXXXXX
18
--- /dev/null
19
+++ b/docs/system/arm/mps2.rst
20
@@ -XXX,XX +XXX,XX @@
21
+Arm MPS2 boards (``mps2-an385``, ``mps2-an505``, ``mps2-an511``, ``mps2-an521``)
22
+================================================================================
23
+
24
+These board models all use Arm M-profile CPUs.
25
+
26
+The Arm MPS2 and MPS2+ dev boards are FPGA based (the 2+ has a bigger
27
+FPGA but is otherwise the same as the 2). Since the CPU itself
28
+and most of the devices are in the FPGA, the details of the board
29
+as seen by the guest depend significantly on the FPGA image.
30
+
31
+QEMU models the following FPGA images:
32
+
33
+``mps2-an385``
34
+ Cortex-M3 as documented in ARM Application Note AN385
35
+``mps2-an511``
36
+ Cortex-M3 'DesignStart' as documented in AN511
37
+``mps2-an505``
38
+ Cortex-M33 as documented in ARM Application Note AN505
39
+``mps2-an521``
40
+ Dual Cortex-M33 as documented in Application Note AN521
41
+
42
+Differences between QEMU and real hardware:
43
+
44
+- AN385 remapping of low 16K of memory to either ZBT SSRAM1 or to
45
+ block RAM is unimplemented (QEMU always maps this to ZBT SSRAM1, as
46
+ if zbt_boot_ctrl is always zero)
47
+- QEMU provides a LAN9118 ethernet rather than LAN9220; the only guest
48
+ visible difference is that the LAN9118 doesn't support checksum
49
+ offloading
50
diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst
51
index XXXXXXX..XXXXXXX 100644
52
--- a/docs/system/target-arm.rst
53
+++ b/docs/system/target-arm.rst
54
@@ -XXX,XX +XXX,XX @@ undocumented; you can get a complete list by running
55
:maxdepth: 1
56
57
arm/integratorcp
58
+ arm/mps2
59
arm/realview
60
arm/versatile
61
arm/vexpress
62
diff --git a/MAINTAINERS b/MAINTAINERS
63
index XXXXXXX..XXXXXXX 100644
64
--- a/MAINTAINERS
65
+++ b/MAINTAINERS
66
@@ -XXX,XX +XXX,XX @@ F: hw/misc/armsse-cpuid.c
67
F: include/hw/misc/armsse-cpuid.h
68
F: hw/misc/armsse-mhu.c
69
F: include/hw/misc/armsse-mhu.h
70
+F: docs/system/arm/mps2.rst
71
72
Musca
73
M: Peter Maydell <peter.maydell@linaro.org>
74
--
75
2.20.1
76
77
diff view generated by jsdifflib
New patch
[PULL 06/29] docs/system: Document Musca boards
1
Provide a minimal documentation of the Musca boards.
1
2
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
7
Message-id: 20200507151819.28444-6-peter.maydell@linaro.org
8
---
9
docs/system/arm/musca.rst | 31 +++++++++++++++++++++++++++++++
10
docs/system/target-arm.rst | 1 +
11
MAINTAINERS | 1 +
12
3 files changed, 33 insertions(+)
13
create mode 100644 docs/system/arm/musca.rst
14
15
diff --git a/docs/system/arm/musca.rst b/docs/system/arm/musca.rst
16
new file mode 100644
17
index XXXXXXX..XXXXXXX
18
--- /dev/null
19
+++ b/docs/system/arm/musca.rst
20
@@ -XXX,XX +XXX,XX @@
21
+Arm Musca boards (``musca-a``, ``musca-b1``)
22
+============================================
23
+
24
+The Arm Musca development boards are a reference implementation
25
+of a system using the SSE-200 Subsystem for Embedded. They are
26
+dual Cortex-M33 systems.
27
+
28
+QEMU provides models of the A and B1 variants of this board.
29
+
30
+Unimplemented devices:
31
+
32
+- SPI
33
+- |I2C|
34
+- |I2S|
35
+- PWM
36
+- QSPI
37
+- Timer
38
+- SCC
39
+- GPIO
40
+- eFlash
41
+- MHU
42
+- PVT
43
+- SDIO
44
+- CryptoCell
45
+
46
+Note that (like the real hardware) the Musca-A machine is
47
+asymmetric: CPU 0 does not have the FPU or DSP extensions,
48
+but CPU 1 does. Also like the real hardware, the memory maps
49
+for the A and B1 variants differ significantly, so guest
50
+software must be built for the right variant.
51
+
52
diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst
53
index XXXXXXX..XXXXXXX 100644
54
--- a/docs/system/target-arm.rst
55
+++ b/docs/system/target-arm.rst
56
@@ -XXX,XX +XXX,XX @@ undocumented; you can get a complete list by running
57
58
arm/integratorcp
59
arm/mps2
60
+ arm/musca
61
arm/realview
62
arm/versatile
63
arm/vexpress
64
diff --git a/MAINTAINERS b/MAINTAINERS
65
index XXXXXXX..XXXXXXX 100644
66
--- a/MAINTAINERS
67
+++ b/MAINTAINERS
68
@@ -XXX,XX +XXX,XX @@ M: Peter Maydell <peter.maydell@linaro.org>
69
L: qemu-arm@nongnu.org
70
S: Maintained
71
F: hw/arm/musca.c
72
+F: docs/system/arm/musca.rst
73
74
Musicpal
75
M: Jan Kiszka <jan.kiszka@web.de>
76
--
77
2.20.1
78
79
diff view generated by jsdifflib
New patch
[PULL 07/29] linux-user/arm: BKPT should cause SIGTRAP, not be a syscall
1
In linux-user/arm/cpu-loop.c we incorrectly treat EXCP_BKPT similarly
2
to EXCP_SWI, which means that if the guest executes a BKPT insn then
3
QEMU will perform a syscall for it (which syscall depends on what
4
value happens to be in r7...). The correct behaviour is that the
5
guest process should take a SIGTRAP.
1
6
7
This code has been like this (more or less) since commit
8
06c949e62a098f in 2006 which added BKPT in the first place. This is
9
probably because at the time the same code path was used to handle
10
both Linux syscalls and semihosting calls, and (on M profile) BKPT
11
with a suitable magic number is used for semihosting calls. But
12
these days we've moved handling of semihosting out to an entirely
13
different codepath, so we can fix this bug by simply removing this
14
handling of EXCP_BKPT and instead making it deliver a SIGTRAP like
15
EXCP_DEBUG (as we do already on aarch64).
16
17
Reported-by: <omerg681@gmail.com>
18
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
19
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
21
Message-id: 20200420212206.12776-2-peter.maydell@linaro.org
22
Fixes: https://bugs.launchpad.net/qemu/+bug/1873898
23
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
24
---
25
linux-user/arm/cpu_loop.c | 30 ++++++++----------------------
26
1 file changed, 8 insertions(+), 22 deletions(-)
27
28
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
29
index XXXXXXX..XXXXXXX 100644
30
--- a/linux-user/arm/cpu_loop.c
31
+++ b/linux-user/arm/cpu_loop.c
32
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
33
}
34
break;
35
case EXCP_SWI:
36
- case EXCP_BKPT:
37
{
38
env->eabi = 1;
39
/* system call */
40
- if (trapnr == EXCP_BKPT) {
41
- if (env->thumb) {
42
- /* FIXME - what to do if get_user() fails? */
43
- get_user_code_u16(insn, env->regs[15], env);
44
- n = insn & 0xff;
45
- env->regs[15] += 2;
46
- } else {
47
- /* FIXME - what to do if get_user() fails? */
48
- get_user_code_u32(insn, env->regs[15], env);
49
- n = (insn & 0xf) | ((insn >> 4) & 0xff0);
50
- env->regs[15] += 4;
51
- }
52
+ if (env->thumb) {
53
+ /* FIXME - what to do if get_user() fails? */
54
+ get_user_code_u16(insn, env->regs[15] - 2, env);
55
+ n = insn & 0xff;
56
} else {
57
- if (env->thumb) {
58
- /* FIXME - what to do if get_user() fails? */
59
- get_user_code_u16(insn, env->regs[15] - 2, env);
60
- n = insn & 0xff;
61
- } else {
62
- /* FIXME - what to do if get_user() fails? */
63
- get_user_code_u32(insn, env->regs[15] - 4, env);
64
- n = insn & 0xffffff;
65
- }
66
+ /* FIXME - what to do if get_user() fails? */
67
+ get_user_code_u32(insn, env->regs[15] - 4, env);
68
+ n = insn & 0xffffff;
69
}
70
71
if (n == ARM_NR_cacheflush) {
72
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
73
}
74
break;
75
case EXCP_DEBUG:
76
+ case EXCP_BKPT:
77
excp_debug:
78
info.si_signo = TARGET_SIGTRAP;
79
info.si_errno = 0;
80
--
81
2.20.1
82
83
diff view generated by jsdifflib
New patch
[PULL 08/29] linux-user/arm: Remove bogus SVC 0xf0002 handling
1
We incorrectly treat SVC 0xf0002 as a cacheflush request (which is a
2
NOP for QEMU). This is the wrong syscall number, because in the
3
svc-immediate OABI syscall numbers are all offset by the
4
ARM_SYSCALL_BASE value and so the correct insn is SVC 0x9f0002.
5
(This is handled further down in the code with the other Arm-specific
6
syscalls like NR_breakpoint.)
1
7
8
When this code was initially added in commit 6f1f31c069b20611 in
9
2004, ARM_NR_cacheflush was defined as (ARM_SYSCALL_BASE + 0xf0000 + 2)
10
so the value in the comparison took account of the extra 0x900000
11
offset. In commit fbb4a2e371f2fa7 in 2008, the ARM_SYSCALL_BASE
12
was removed from the definition of ARM_NR_cacheflush and handling
13
for this group of syscalls was added below the point where we subtract
14
ARM_SYSCALL_BASE from the SVC immediate value. However that commit
15
forgot to remove the now-obsolete earlier handling code.
16
17
Remove the spurious ARM_NR_cacheflush condition.
18
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
21
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
22
Message-id: 20200420212206.12776-3-peter.maydell@linaro.org
23
---
24
linux-user/arm/cpu_loop.c | 4 +---
25
1 file changed, 1 insertion(+), 3 deletions(-)
26
27
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
28
index XXXXXXX..XXXXXXX 100644
29
--- a/linux-user/arm/cpu_loop.c
30
+++ b/linux-user/arm/cpu_loop.c
31
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
32
n = insn & 0xffffff;
33
}
34
35
- if (n == ARM_NR_cacheflush) {
36
- /* nop */
37
- } else if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
38
+ if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
39
/* linux syscall */
40
if (env->thumb || n == 0) {
41
n = env->regs[7];
42
--
43
2.20.1
44
45
diff view generated by jsdifflib
New patch
[PULL 09/29] linux-user/arm: Handle invalid arm-specific syscalls correctly
1
The kernel has different handling for syscalls with invalid
2
numbers that are in the "arm-specific" range 0x9f0000 and up:
3
* 0x9f0000..0x9f07ff return -ENOSYS if not implemented
4
* other out of range syscalls cause a SIGILL
5
(see the kernel's arch/arm/kernel/traps.c:arm_syscall())
1
6
7
Implement this distinction. (Note that our code doesn't look
8
quite like the kernel's, because we have removed the
9
0x900000 prefix by this point, whereas the kernel retains
10
it in arm_syscall().)
11
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
14
Message-id: 20200420212206.12776-4-peter.maydell@linaro.org
15
---
16
linux-user/arm/cpu_loop.c | 30 ++++++++++++++++++++++++++----
17
1 file changed, 26 insertions(+), 4 deletions(-)
18
19
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/linux-user/arm/cpu_loop.c
22
+++ b/linux-user/arm/cpu_loop.c
23
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
24
env->regs[0] = cpu_get_tls(env);
25
break;
26
default:
27
- qemu_log_mask(LOG_UNIMP,
28
- "qemu: Unsupported ARM syscall: 0x%x\n",
29
- n);
30
- env->regs[0] = -TARGET_ENOSYS;
31
+ if (n < 0xf0800) {
32
+ /*
33
+ * Syscalls 0xf0000..0xf07ff (or 0x9f0000..
34
+ * 0x9f07ff in OABI numbering) are defined
35
+ * to return -ENOSYS rather than raising
36
+ * SIGILL. Note that we have already
37
+ * removed the 0x900000 prefix.
38
+ */
39
+ qemu_log_mask(LOG_UNIMP,
40
+ "qemu: Unsupported ARM syscall: 0x%x\n",
41
+ n);
42
+ env->regs[0] = -TARGET_ENOSYS;
43
+ } else {
44
+ /* Otherwise SIGILL */
45
+ info.si_signo = TARGET_SIGILL;
46
+ info.si_errno = 0;
47
+ info.si_code = TARGET_ILL_ILLTRP;
48
+ info._sifields._sigfault._addr = env->regs[15];
49
+ if (env->thumb) {
50
+ info._sifields._sigfault._addr -= 2;
51
+ } else {
52
+ info._sifields._sigfault._addr -= 4;
53
+ }
54
+ queue_signal(env, info.si_signo,
55
+ QEMU_SI_FAULT, &info);
56
+ }
57
break;
58
}
59
} else {
60
--
61
2.20.1
62
63
diff view generated by jsdifflib
New patch
[PULL 10/29] linux-user/arm: Fix identification of syscall numbers
1
Our code to identify syscall numbers has some issues:
2
* for Thumb mode, we never need the immediate value from the insn,
3
but we always read it anyway
4
* bad immediate values in the svc insn should cause a SIGILL, but we
5
were abort()ing instead (via "goto error")
1
6
7
We can fix both these things by refactoring the code that identifies
8
the syscall number to more closely follow the kernel COMPAT_OABI code:
9
* for Thumb it is always r7
10
* for Arm, if the immediate value is 0, then this is an EABI call
11
with the syscall number in r7
12
* otherwise, we XOR the immediate value with 0x900000
13
(ARM_SYSCALL_BASE for QEMU; __NR_OABI_SYSCALL_BASE in the kernel),
14
which converts valid syscall immediates into the desired value,
15
and puts all invalid immediates in the range 0x100000 or above
16
* then we can just let the existing "value too large, deliver
17
SIGILL" case handle invalid numbers, and drop the 'goto error'
18
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
21
Message-id: 20200420212206.12776-5-peter.maydell@linaro.org
22
---
23
linux-user/arm/cpu_loop.c | 143 ++++++++++++++++++++------------------
24
1 file changed, 77 insertions(+), 66 deletions(-)
25
26
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
27
index XXXXXXX..XXXXXXX 100644
28
--- a/linux-user/arm/cpu_loop.c
29
+++ b/linux-user/arm/cpu_loop.c
30
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
31
env->eabi = 1;
32
/* system call */
33
if (env->thumb) {
34
- /* FIXME - what to do if get_user() fails? */
35
- get_user_code_u16(insn, env->regs[15] - 2, env);
36
- n = insn & 0xff;
37
+ /* Thumb is always EABI style with syscall number in r7 */
38
+ n = env->regs[7];
39
} else {
40
+ /*
41
+ * Equivalent of kernel CONFIG_OABI_COMPAT: read the
42
+ * Arm SVC insn to extract the immediate, which is the
43
+ * syscall number in OABI.
44
+ */
45
/* FIXME - what to do if get_user() fails? */
46
get_user_code_u32(insn, env->regs[15] - 4, env);
47
n = insn & 0xffffff;
48
- }
49
-
50
- if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
51
- /* linux syscall */
52
- if (env->thumb || n == 0) {
53
+ if (n == 0) {
54
+ /* zero immediate: EABI, syscall number in r7 */
55
n = env->regs[7];
56
} else {
57
- n -= ARM_SYSCALL_BASE;
58
+ /*
59
+ * This XOR matches the kernel code: an immediate
60
+ * in the valid range (0x900000 .. 0x9fffff) is
61
+ * converted into the correct EABI-style syscall
62
+ * number; invalid immediates end up as values
63
+ * > 0xfffff and are handled below as out-of-range.
64
+ */
65
+ n ^= ARM_SYSCALL_BASE;
66
env->eabi = 0;
67
}
68
- if ( n > ARM_NR_BASE) {
69
- switch (n) {
70
- case ARM_NR_cacheflush:
71
- /* nop */
72
- break;
73
- case ARM_NR_set_tls:
74
- cpu_set_tls(env, env->regs[0]);
75
- env->regs[0] = 0;
76
- break;
77
- case ARM_NR_breakpoint:
78
- env->regs[15] -= env->thumb ? 2 : 4;
79
- goto excp_debug;
80
- case ARM_NR_get_tls:
81
- env->regs[0] = cpu_get_tls(env);
82
- break;
83
- default:
84
- if (n < 0xf0800) {
85
- /*
86
- * Syscalls 0xf0000..0xf07ff (or 0x9f0000..
87
- * 0x9f07ff in OABI numbering) are defined
88
- * to return -ENOSYS rather than raising
89
- * SIGILL. Note that we have already
90
- * removed the 0x900000 prefix.
91
- */
92
- qemu_log_mask(LOG_UNIMP,
93
- "qemu: Unsupported ARM syscall: 0x%x\n",
94
- n);
95
- env->regs[0] = -TARGET_ENOSYS;
96
+ }
97
+
98
+ if (n > ARM_NR_BASE) {
99
+ switch (n) {
100
+ case ARM_NR_cacheflush:
101
+ /* nop */
102
+ break;
103
+ case ARM_NR_set_tls:
104
+ cpu_set_tls(env, env->regs[0]);
105
+ env->regs[0] = 0;
106
+ break;
107
+ case ARM_NR_breakpoint:
108
+ env->regs[15] -= env->thumb ? 2 : 4;
109
+ goto excp_debug;
110
+ case ARM_NR_get_tls:
111
+ env->regs[0] = cpu_get_tls(env);
112
+ break;
113
+ default:
114
+ if (n < 0xf0800) {
115
+ /*
116
+ * Syscalls 0xf0000..0xf07ff (or 0x9f0000..
117
+ * 0x9f07ff in OABI numbering) are defined
118
+ * to return -ENOSYS rather than raising
119
+ * SIGILL. Note that we have already
120
+ * removed the 0x900000 prefix.
121
+ */
122
+ qemu_log_mask(LOG_UNIMP,
123
+ "qemu: Unsupported ARM syscall: 0x%x\n",
124
+ n);
125
+ env->regs[0] = -TARGET_ENOSYS;
126
+ } else {
127
+ /*
128
+ * Otherwise SIGILL. This includes any SWI with
129
+ * immediate not originally 0x9fxxxx, because
130
+ * of the earlier XOR.
131
+ */
132
+ info.si_signo = TARGET_SIGILL;
133
+ info.si_errno = 0;
134
+ info.si_code = TARGET_ILL_ILLTRP;
135
+ info._sifields._sigfault._addr = env->regs[15];
136
+ if (env->thumb) {
137
+ info._sifields._sigfault._addr -= 2;
138
} else {
139
- /* Otherwise SIGILL */
140
- info.si_signo = TARGET_SIGILL;
141
- info.si_errno = 0;
142
- info.si_code = TARGET_ILL_ILLTRP;
143
- info._sifields._sigfault._addr = env->regs[15];
144
- if (env->thumb) {
145
- info._sifields._sigfault._addr -= 2;
146
- } else {
147
- info._sifields._sigfault._addr -= 4;
148
- }
149
- queue_signal(env, info.si_signo,
150
- QEMU_SI_FAULT, &info);
151
+ info._sifields._sigfault._addr -= 4;
152
}
153
- break;
154
- }
155
- } else {
156
- ret = do_syscall(env,
157
- n,
158
- env->regs[0],
159
- env->regs[1],
160
- env->regs[2],
161
- env->regs[3],
162
- env->regs[4],
163
- env->regs[5],
164
- 0, 0);
165
- if (ret == -TARGET_ERESTARTSYS) {
166
- env->regs[15] -= env->thumb ? 2 : 4;
167
- } else if (ret != -TARGET_QEMU_ESIGRETURN) {
168
- env->regs[0] = ret;
169
+ queue_signal(env, info.si_signo,
170
+ QEMU_SI_FAULT, &info);
171
}
172
+ break;
173
}
174
} else {
175
- goto error;
176
+ ret = do_syscall(env,
177
+ n,
178
+ env->regs[0],
179
+ env->regs[1],
180
+ env->regs[2],
181
+ env->regs[3],
182
+ env->regs[4],
183
+ env->regs[5],
184
+ 0, 0);
185
+ if (ret == -TARGET_ERESTARTSYS) {
186
+ env->regs[15] -= env->thumb ? 2 : 4;
187
+ } else if (ret != -TARGET_QEMU_ESIGRETURN) {
188
+ env->regs[0] = ret;
189
+ }
190
}
191
}
192
break;
193
--
194
2.20.1
195
196
diff view generated by jsdifflib
New patch
[PULL 11/29] target/arm: Remove unused GEN_NEON_INTEGER_OP macro
1
The GEN_NEON_INTEGER_OP macro is no longer used; remove it.
1
2
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
---
6
target/arm/translate.c | 23 -----------------------
7
1 file changed, 23 deletions(-)
8
9
diff --git a/target/arm/translate.c b/target/arm/translate.c
10
index XXXXXXX..XXXXXXX 100644
11
--- a/target/arm/translate.c
12
+++ b/target/arm/translate.c
13
@@ -XXX,XX +XXX,XX @@ static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
14
default: return 1; \
15
}} while (0)
16
17
-#define GEN_NEON_INTEGER_OP(name) do { \
18
- switch ((size << 1) | u) { \
19
- case 0: \
20
- gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
21
- break; \
22
- case 1: \
23
- gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
24
- break; \
25
- case 2: \
26
- gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
27
- break; \
28
- case 3: \
29
- gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
30
- break; \
31
- case 4: \
32
- gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
33
- break; \
34
- case 5: \
35
- gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
36
- break; \
37
- default: return 1; \
38
- }} while (0)
39
-
40
static TCGv_i32 neon_load_scratch(int scratch)
41
{
42
TCGv_i32 tmp = tcg_temp_new_i32();
43
--
44
2.20.1
45
46
diff view generated by jsdifflib
New patch
[PULL 12/29] hw: Move i.MX watchdog driver to hw/watchdog
1
From: Guenter Roeck <linux@roeck-us.net>
1
2
3
In preparation for a full implementation, move i.MX watchdog driver
4
from hw/misc to hw/watchdog. While at it, add the watchdog files
5
to MAINTAINERS.
6
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
9
Message-id: 20200517162135.110364-2-linux@roeck-us.net
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
include/hw/arm/fsl-imx6.h | 2 +-
13
include/hw/arm/fsl-imx6ul.h | 2 +-
14
include/hw/arm/fsl-imx7.h | 2 +-
15
include/hw/{misc/imx2_wdt.h => watchdog/wdt_imx2.h} | 0
16
hw/{misc/imx2_wdt.c => watchdog/wdt_imx2.c} | 2 +-
17
MAINTAINERS | 2 ++
18
hw/arm/Kconfig | 3 +++
19
hw/misc/Makefile.objs | 1 -
20
hw/watchdog/Kconfig | 3 +++
21
hw/watchdog/Makefile.objs | 1 +
22
10 files changed, 13 insertions(+), 5 deletions(-)
23
rename include/hw/{misc/imx2_wdt.h => watchdog/wdt_imx2.h} (100%)
24
rename hw/{misc/imx2_wdt.c => watchdog/wdt_imx2.c} (98%)
25
26
diff --git a/include/hw/arm/fsl-imx6.h b/include/hw/arm/fsl-imx6.h
27
index XXXXXXX..XXXXXXX 100644
28
--- a/include/hw/arm/fsl-imx6.h
29
+++ b/include/hw/arm/fsl-imx6.h
30
@@ -XXX,XX +XXX,XX @@
31
#include "hw/cpu/a9mpcore.h"
32
#include "hw/misc/imx6_ccm.h"
33
#include "hw/misc/imx6_src.h"
34
-#include "hw/misc/imx2_wdt.h"
35
+#include "hw/watchdog/wdt_imx2.h"
36
#include "hw/char/imx_serial.h"
37
#include "hw/timer/imx_gpt.h"
38
#include "hw/timer/imx_epit.h"
39
diff --git a/include/hw/arm/fsl-imx6ul.h b/include/hw/arm/fsl-imx6ul.h
40
index XXXXXXX..XXXXXXX 100644
41
--- a/include/hw/arm/fsl-imx6ul.h
42
+++ b/include/hw/arm/fsl-imx6ul.h
43
@@ -XXX,XX +XXX,XX @@
44
#include "hw/misc/imx7_snvs.h"
45
#include "hw/misc/imx7_gpr.h"
46
#include "hw/intc/imx_gpcv2.h"
47
-#include "hw/misc/imx2_wdt.h"
48
+#include "hw/watchdog/wdt_imx2.h"
49
#include "hw/gpio/imx_gpio.h"
50
#include "hw/char/imx_serial.h"
51
#include "hw/timer/imx_gpt.h"
52
diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h
53
index XXXXXXX..XXXXXXX 100644
54
--- a/include/hw/arm/fsl-imx7.h
55
+++ b/include/hw/arm/fsl-imx7.h
56
@@ -XXX,XX +XXX,XX @@
57
#include "hw/misc/imx7_snvs.h"
58
#include "hw/misc/imx7_gpr.h"
59
#include "hw/misc/imx6_src.h"
60
-#include "hw/misc/imx2_wdt.h"
61
+#include "hw/watchdog/wdt_imx2.h"
62
#include "hw/gpio/imx_gpio.h"
63
#include "hw/char/imx_serial.h"
64
#include "hw/timer/imx_gpt.h"
65
diff --git a/include/hw/misc/imx2_wdt.h b/include/hw/watchdog/wdt_imx2.h
66
similarity index 100%
67
rename from include/hw/misc/imx2_wdt.h
68
rename to include/hw/watchdog/wdt_imx2.h
69
diff --git a/hw/misc/imx2_wdt.c b/hw/watchdog/wdt_imx2.c
70
similarity index 98%
71
rename from hw/misc/imx2_wdt.c
72
rename to hw/watchdog/wdt_imx2.c
73
index XXXXXXX..XXXXXXX 100644
74
--- a/hw/misc/imx2_wdt.c
75
+++ b/hw/watchdog/wdt_imx2.c
76
@@ -XXX,XX +XXX,XX @@
77
#include "qemu/module.h"
78
#include "sysemu/watchdog.h"
79
80
-#include "hw/misc/imx2_wdt.h"
81
+#include "hw/watchdog/wdt_imx2.h"
82
83
#define IMX2_WDT_WCR_WDA BIT(5) /* -> External Reset WDOG_B */
84
#define IMX2_WDT_WCR_SRS BIT(4) /* -> Software Reset Signal */
85
diff --git a/MAINTAINERS b/MAINTAINERS
86
index XXXXXXX..XXXXXXX 100644
87
--- a/MAINTAINERS
88
+++ b/MAINTAINERS
89
@@ -XXX,XX +XXX,XX @@ S: Odd Fixes
90
F: hw/arm/fsl-imx25.c
91
F: hw/arm/imx25_pdk.c
92
F: hw/misc/imx25_ccm.c
93
+F: hw/watchdog/wdt_imx2.c
94
F: include/hw/arm/fsl-imx25.h
95
F: include/hw/misc/imx25_ccm.h
96
+F: include/hw/watchdog/wdt_imx2.h
97
98
i.MX31 (kzm)
99
M: Peter Chubb <peter.chubb@nicta.com.au>
100
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
101
index XXXXXXX..XXXXXXX 100644
102
--- a/hw/arm/Kconfig
103
+++ b/hw/arm/Kconfig
104
@@ -XXX,XX +XXX,XX @@ config FSL_IMX6
105
select IMX_FEC
106
select IMX_I2C
107
select IMX_USBPHY
108
+ select WDT_IMX2
109
select SDHCI
110
111
config ASPEED_SOC
112
@@ -XXX,XX +XXX,XX @@ config FSL_IMX7
113
select IMX
114
select IMX_FEC
115
select IMX_I2C
116
+ select WDT_IMX2
117
select PCI_EXPRESS_DESIGNWARE
118
select SDHCI
119
select UNIMP
120
@@ -XXX,XX +XXX,XX @@ config FSL_IMX6UL
121
select IMX
122
select IMX_FEC
123
select IMX_I2C
124
+ select WDT_IMX2
125
select SDHCI
126
select UNIMP
127
128
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
129
index XXXXXXX..XXXXXXX 100644
130
--- a/hw/misc/Makefile.objs
131
+++ b/hw/misc/Makefile.objs
132
@@ -XXX,XX +XXX,XX @@ common-obj-$(CONFIG_IMX) += imx6_ccm.o
133
common-obj-$(CONFIG_IMX) += imx6ul_ccm.o
134
obj-$(CONFIG_IMX) += imx6_src.o
135
common-obj-$(CONFIG_IMX) += imx7_ccm.o
136
-common-obj-$(CONFIG_IMX) += imx2_wdt.o
137
common-obj-$(CONFIG_IMX) += imx7_snvs.o
138
common-obj-$(CONFIG_IMX) += imx7_gpr.o
139
common-obj-$(CONFIG_IMX) += imx_rngc.o
140
diff --git a/hw/watchdog/Kconfig b/hw/watchdog/Kconfig
141
index XXXXXXX..XXXXXXX 100644
142
--- a/hw/watchdog/Kconfig
143
+++ b/hw/watchdog/Kconfig
144
@@ -XXX,XX +XXX,XX @@ config WDT_IB700
145
146
config WDT_DIAG288
147
bool
148
+
149
+config WDT_IMX2
150
+ bool
151
diff --git a/hw/watchdog/Makefile.objs b/hw/watchdog/Makefile.objs
152
index XXXXXXX..XXXXXXX 100644
153
--- a/hw/watchdog/Makefile.objs
154
+++ b/hw/watchdog/Makefile.objs
155
@@ -XXX,XX +XXX,XX @@ common-obj-$(CONFIG_WDT_IB6300ESB) += wdt_i6300esb.o
156
common-obj-$(CONFIG_WDT_IB700) += wdt_ib700.o
157
common-obj-$(CONFIG_WDT_DIAG288) += wdt_diag288.o
158
common-obj-$(CONFIG_ASPEED_SOC) += wdt_aspeed.o
159
+common-obj-$(CONFIG_WDT_IMX2) += wdt_imx2.o
160
--
161
2.20.1
162
163
diff view generated by jsdifflib
[Qemu-devel] [PULL 08/10] pl031: Correctly migrate state when using -rtc clock=host
[PULL 13/29] hw/watchdog: Implement full i.MX watchdog support
1
The PL031 RTC tracks the difference between the guest RTC
1
From: Guenter Roeck <linux@roeck-us.net>
2
and the host RTC using a tick_offset field. For migration,
2
3
however, we currently always migrate the offset between
3
Implement full support for the watchdog in i.MX systems.
4
the guest and the vm_clock, even if the RTC clock is not
4
Pretimeout support is optional because the watchdog hardware
5
the same as the vm_clock; this was an attempt to retain
5
on i.MX31 does not support pretimeouts.
6
migration backwards compatibility.
6
7
7
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
8
Unfortunately this results in the RTC behaving oddly across
8
Message-id: 20200517162135.110364-3-linux@roeck-us.net
9
a VM state save and restore -- since the VM clock stands still
10
across save-then-restore, regardless of how much real world
11
time has elapsed, the guest RTC ends up out of sync with the
12
host RTC in the restored VM.
13
14
Fix this by migrating the raw tick_offset. To retain migration
15
compatibility as far as possible, we have a new property
16
migrate-tick-offset; by default this is 'true' and we will
17
migrate the true tick offset in a new subsection; if the
18
incoming data has no subsection we fall back to the old
19
vm_clock-based offset information, so old->new migration
20
compatibility is preserved. For complete new->old migration
21
compatibility, the property is set to 'false' for 4.0 and
22
earlier machine types (this will only affect 'virt-4.0'
23
and below, as none of the other pl031-using machines are
24
versioned).
25
26
Reported-by: Russell King <rmk@armlinux.org.uk>
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
28
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
29
Message-id: 20190709143912.28905-1-peter.maydell@linaro.org
30
---
11
---
31
include/hw/timer/pl031.h | 2 +
12
include/hw/watchdog/wdt_imx2.h | 61 ++++++++-
32
hw/core/machine.c | 1 +
13
hw/watchdog/wdt_imx2.c | 239 +++++++++++++++++++++++++++++++--
33
hw/timer/pl031.c | 92 ++++++++++++++++++++++++++++++++++++++--
14
2 files changed, 285 insertions(+), 15 deletions(-)
34
3 files changed, 91 insertions(+), 4 deletions(-)
15
35
16
diff --git a/include/hw/watchdog/wdt_imx2.h b/include/hw/watchdog/wdt_imx2.h
36
diff --git a/include/hw/timer/pl031.h b/include/hw/timer/pl031.h
37
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
38
--- a/include/hw/timer/pl031.h
18
--- a/include/hw/watchdog/wdt_imx2.h
39
+++ b/include/hw/timer/pl031.h
19
+++ b/include/hw/watchdog/wdt_imx2.h
40
@@ -XXX,XX +XXX,XX @@ typedef struct PL031State {
20
@@ -XXX,XX +XXX,XX @@
41
*/
21
#ifndef IMX2_WDT_H
42
uint32_t tick_offset_vmstate;
22
#define IMX2_WDT_H
43
uint32_t tick_offset;
23
44
+ bool tick_offset_migrated;
24
+#include "qemu/bitops.h"
45
+ bool migrate_tick_offset;
25
#include "hw/sysbus.h"
46
26
+#include "hw/irq.h"
47
uint32_t mr;
27
+#include "hw/ptimer.h"
48
uint32_t lr;
28
49
diff --git a/hw/core/machine.c b/hw/core/machine.c
29
#define TYPE_IMX2_WDT "imx2.wdt"
30
#define IMX2_WDT(obj) OBJECT_CHECK(IMX2WdtState, (obj), TYPE_IMX2_WDT)
31
32
enum IMX2WdtRegisters {
33
- IMX2_WDT_WCR = 0x0000,
34
- IMX2_WDT_REG_NUM = 0x0008 / sizeof(uint16_t) + 1,
35
+ IMX2_WDT_WCR = 0x0000, /* Control Register */
36
+ IMX2_WDT_WSR = 0x0002, /* Service Register */
37
+ IMX2_WDT_WRSR = 0x0004, /* Reset Status Register */
38
+ IMX2_WDT_WICR = 0x0006, /* Interrupt Control Register */
39
+ IMX2_WDT_WMCR = 0x0008, /* Misc Register */
40
};
41
42
+#define IMX2_WDT_MMIO_SIZE 0x000a
43
+
44
+/* Control Register definitions */
45
+#define IMX2_WDT_WCR_WT (0xFF << 8) /* Watchdog Timeout Field */
46
+#define IMX2_WDT_WCR_WDW BIT(7) /* WDOG Disable for Wait */
47
+#define IMX2_WDT_WCR_WDA BIT(5) /* WDOG Assertion */
48
+#define IMX2_WDT_WCR_SRS BIT(4) /* Software Reset Signal */
49
+#define IMX2_WDT_WCR_WDT BIT(3) /* WDOG Timeout Assertion */
50
+#define IMX2_WDT_WCR_WDE BIT(2) /* Watchdog Enable */
51
+#define IMX2_WDT_WCR_WDBG BIT(1) /* Watchdog Debug Enable */
52
+#define IMX2_WDT_WCR_WDZST BIT(0) /* Watchdog Timer Suspend */
53
+
54
+#define IMX2_WDT_WCR_LOCK_MASK (IMX2_WDT_WCR_WDZST | IMX2_WDT_WCR_WDBG \
55
+ | IMX2_WDT_WCR_WDW)
56
+
57
+/* Service Register definitions */
58
+#define IMX2_WDT_SEQ1 0x5555 /* service sequence 1 */
59
+#define IMX2_WDT_SEQ2 0xAAAA /* service sequence 2 */
60
+
61
+/* Reset Status Register definitions */
62
+#define IMX2_WDT_WRSR_TOUT BIT(1) /* Reset due to Timeout */
63
+#define IMX2_WDT_WRSR_SFTW BIT(0) /* Reset due to software reset */
64
+
65
+/* Interrupt Control Register definitions */
66
+#define IMX2_WDT_WICR_WIE BIT(15) /* Interrupt Enable */
67
+#define IMX2_WDT_WICR_WTIS BIT(14) /* Interrupt Status */
68
+#define IMX2_WDT_WICR_WICT 0xff /* Interrupt Timeout */
69
+#define IMX2_WDT_WICR_WICT_DEF 0x04 /* Default interrupt timeout (2s) */
70
+
71
+#define IMX2_WDT_WICR_LOCK_MASK (IMX2_WDT_WICR_WIE | IMX2_WDT_WICR_WICT)
72
+
73
+/* Misc Control Register definitions */
74
+#define IMX2_WDT_WMCR_PDE BIT(0) /* Power-Down Enable */
75
76
typedef struct IMX2WdtState {
77
/* <private> */
78
SysBusDevice parent_obj;
79
80
+ /*< public >*/
81
MemoryRegion mmio;
82
+ qemu_irq irq;
83
+
84
+ struct ptimer_state *timer;
85
+ struct ptimer_state *itimer;
86
+
87
+ bool pretimeout_support;
88
+ bool wicr_locked;
89
+
90
+ uint16_t wcr;
91
+ uint16_t wsr;
92
+ uint16_t wrsr;
93
+ uint16_t wicr;
94
+ uint16_t wmcr;
95
+
96
+ bool wcr_locked; /* affects WDZST, WDBG, and WDW */
97
+ bool wcr_wde_locked; /* affects WDE */
98
+ bool wcr_wdt_locked; /* affects WDT (never cleared) */
99
} IMX2WdtState;
100
101
#endif /* IMX2_WDT_H */
102
diff --git a/hw/watchdog/wdt_imx2.c b/hw/watchdog/wdt_imx2.c
50
index XXXXXXX..XXXXXXX 100644
103
index XXXXXXX..XXXXXXX 100644
51
--- a/hw/core/machine.c
104
--- a/hw/watchdog/wdt_imx2.c
52
+++ b/hw/core/machine.c
105
+++ b/hw/watchdog/wdt_imx2.c
53
@@ -XXX,XX +XXX,XX @@ GlobalProperty hw_compat_4_0[] = {
106
@@ -XXX,XX +XXX,XX @@
54
{ "virtio-gpu-pci", "edid", "false" },
107
#include "qemu/bitops.h"
55
{ "virtio-device", "use-started", "false" },
108
#include "qemu/module.h"
56
{ "virtio-balloon-device", "qemu-4-0-config-size", "true" },
109
#include "sysemu/watchdog.h"
57
+ { "pl031", "migrate-tick-offset", "false" },
110
+#include "migration/vmstate.h"
58
};
111
+#include "hw/qdev-properties.h"
59
const size_t hw_compat_4_0_len = G_N_ELEMENTS(hw_compat_4_0);
112
60
113
#include "hw/watchdog/wdt_imx2.h"
61
diff --git a/hw/timer/pl031.c b/hw/timer/pl031.c
114
62
index XXXXXXX..XXXXXXX 100644
115
-#define IMX2_WDT_WCR_WDA BIT(5) /* -> External Reset WDOG_B */
63
--- a/hw/timer/pl031.c
116
-#define IMX2_WDT_WCR_SRS BIT(4) /* -> Software Reset Signal */
64
+++ b/hw/timer/pl031.c
117
-
65
@@ -XXX,XX +XXX,XX @@ static int pl031_pre_save(void *opaque)
118
-static uint64_t imx2_wdt_read(void *opaque, hwaddr addr,
119
- unsigned int size)
120
+static void imx2_wdt_interrupt(void *opaque)
66
{
121
{
67
PL031State *s = opaque;
122
+ IMX2WdtState *s = IMX2_WDT(opaque);
68
123
+
69
- /* tick_offset is base_time - rtc_clock base time. Instead, we want to
124
+ s->wicr |= IMX2_WDT_WICR_WTIS;
70
- * store the base time relative to the QEMU_CLOCK_VIRTUAL for backwards-compatibility. */
125
+ qemu_set_irq(s->irq, 1);
71
+ /*
126
+}
72
+ * The PL031 device model code uses the tick_offset field, which is
127
+
73
+ * the offset between what the guest RTC should read and what the
128
+static void imx2_wdt_expired(void *opaque)
74
+ * QEMU rtc_clock reads:
129
+{
75
+ * guest_rtc = rtc_clock + tick_offset
130
+ IMX2WdtState *s = IMX2_WDT(opaque);
76
+ * and so
131
+
77
+ * tick_offset = guest_rtc - rtc_clock
132
+ s->wrsr = IMX2_WDT_WRSR_TOUT;
78
+ *
133
+
79
+ * We want to migrate this offset, which sounds straightforward.
134
+ /* Perform watchdog action if watchdog is enabled */
80
+ * Unfortunately older versions of QEMU migrated a conversion of this
135
+ if (s->wcr & IMX2_WDT_WCR_WDE) {
81
+ * offset into an offset from the vm_clock. (This was in turn an
136
+ s->wrsr = IMX2_WDT_WRSR_TOUT;
82
+ * attempt to be compatible with even older QEMU versions, but it
137
+ watchdog_perform_action();
83
+ * has incorrect behaviour if the rtc_clock is not the same as the
138
+ }
84
+ * vm_clock.) So we put the actual tick_offset into a migration
139
+}
85
+ * subsection, and the backwards-compatible time-relative-to-vm_clock
140
+
86
+ * in the main migration state.
141
+static void imx2_wdt_reset(DeviceState *dev)
87
+ *
142
+{
88
+ * Calculate base time relative to QEMU_CLOCK_VIRTUAL:
143
+ IMX2WdtState *s = IMX2_WDT(dev);
89
+ */
144
+
90
int64_t delta = qemu_clock_get_ns(rtc_clock) - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
145
+ ptimer_transaction_begin(s->timer);
91
s->tick_offset_vmstate = s->tick_offset + delta / NANOSECONDS_PER_SECOND;
146
+ ptimer_stop(s->timer);
92
147
+ ptimer_transaction_commit(s->timer);
148
+
149
+ if (s->pretimeout_support) {
150
+ ptimer_transaction_begin(s->itimer);
151
+ ptimer_stop(s->itimer);
152
+ ptimer_transaction_commit(s->itimer);
153
+ }
154
+
155
+ s->wicr_locked = false;
156
+ s->wcr_locked = false;
157
+ s->wcr_wde_locked = false;
158
+
159
+ s->wcr = IMX2_WDT_WCR_WDA | IMX2_WDT_WCR_SRS;
160
+ s->wsr = 0;
161
+ s->wrsr &= ~(IMX2_WDT_WRSR_TOUT | IMX2_WDT_WRSR_SFTW);
162
+ s->wicr = IMX2_WDT_WICR_WICT_DEF;
163
+ s->wmcr = IMX2_WDT_WMCR_PDE;
164
+}
165
+
166
+static uint64_t imx2_wdt_read(void *opaque, hwaddr addr, unsigned int size)
167
+{
168
+ IMX2WdtState *s = IMX2_WDT(opaque);
169
+
170
+ switch (addr) {
171
+ case IMX2_WDT_WCR:
172
+ return s->wcr;
173
+ case IMX2_WDT_WSR:
174
+ return s->wsr;
175
+ case IMX2_WDT_WRSR:
176
+ return s->wrsr;
177
+ case IMX2_WDT_WICR:
178
+ return s->wicr;
179
+ case IMX2_WDT_WMCR:
180
+ return s->wmcr;
181
+ }
93
return 0;
182
return 0;
94
}
183
}
95
184
96
+static int pl031_pre_load(void *opaque)
185
+static void imx_wdt2_update_itimer(IMX2WdtState *s, bool start)
97
+{
186
+{
98
+ PL031State *s = opaque;
187
+ bool running = (s->wcr & IMX2_WDT_WCR_WDE) && (s->wcr & IMX2_WDT_WCR_WT);
99
+
188
+ bool enabled = s->wicr & IMX2_WDT_WICR_WIE;
100
+ s->tick_offset_migrated = false;
189
+
101
+ return 0;
190
+ ptimer_transaction_begin(s->itimer);
102
+}
191
+ if (start || !enabled) {
103
+
192
+ ptimer_stop(s->itimer);
104
static int pl031_post_load(void *opaque, int version_id)
193
+ }
194
+ if (running && enabled) {
195
+ int count = ptimer_get_count(s->timer);
196
+ int pretimeout = s->wicr & IMX2_WDT_WICR_WICT;
197
+
198
+ /*
199
+ * Only (re-)start pretimeout timer if its counter value is larger
200
+ * than 0. Otherwise it will fire right away and we'll get an
201
+ * interrupt loop.
202
+ */
203
+ if (count > pretimeout) {
204
+ ptimer_set_count(s->itimer, count - pretimeout);
205
+ if (start) {
206
+ ptimer_run(s->itimer, 1);
207
+ }
208
+ }
209
+ }
210
+ ptimer_transaction_commit(s->itimer);
211
+}
212
+
213
+static void imx_wdt2_update_timer(IMX2WdtState *s, bool start)
214
+{
215
+ ptimer_transaction_begin(s->timer);
216
+ if (start) {
217
+ ptimer_stop(s->timer);
218
+ }
219
+ if ((s->wcr & IMX2_WDT_WCR_WDE) && (s->wcr & IMX2_WDT_WCR_WT)) {
220
+ int count = (s->wcr & IMX2_WDT_WCR_WT) >> 8;
221
+
222
+ /* A value of 0 reflects one period (0.5s). */
223
+ ptimer_set_count(s->timer, count + 1);
224
+ if (start) {
225
+ ptimer_run(s->timer, 1);
226
+ }
227
+ }
228
+ ptimer_transaction_commit(s->timer);
229
+ if (s->pretimeout_support) {
230
+ imx_wdt2_update_itimer(s, start);
231
+ }
232
+}
233
+
234
static void imx2_wdt_write(void *opaque, hwaddr addr,
235
uint64_t value, unsigned int size)
105
{
236
{
106
PL031State *s = opaque;
237
- if (addr == IMX2_WDT_WCR &&
107
238
- (~value & (IMX2_WDT_WCR_WDA | IMX2_WDT_WCR_SRS))) {
108
- int64_t delta = qemu_clock_get_ns(rtc_clock) - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
239
- watchdog_perform_action();
109
- s->tick_offset = s->tick_offset_vmstate - delta / NANOSECONDS_PER_SECOND;
240
+ IMX2WdtState *s = IMX2_WDT(opaque);
110
+ /*
241
+
111
+ * If we got the tick_offset subsection, then we can just use
242
+ switch (addr) {
112
+ * the value in that. Otherwise the source is an older QEMU and
243
+ case IMX2_WDT_WCR:
113
+ * has given us the offset from the vm_clock; convert it back to
244
+ if (s->wcr_locked) {
114
+ * an offset from the rtc_clock. This will cause time to incorrectly
245
+ value &= ~IMX2_WDT_WCR_LOCK_MASK;
115
+ * go backwards compared to the host RTC, but this is unavoidable.
246
+ value |= (s->wicr & IMX2_WDT_WCR_LOCK_MASK);
116
+ */
247
+ }
117
+
248
+ s->wcr_locked = true;
118
+ if (!s->tick_offset_migrated) {
249
+ if (s->wcr_wde_locked) {
119
+ int64_t delta = qemu_clock_get_ns(rtc_clock) -
250
+ value &= ~IMX2_WDT_WCR_WDE;
120
+ qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
251
+ value |= (s->wicr & ~IMX2_WDT_WCR_WDE);
121
+ s->tick_offset = s->tick_offset_vmstate -
252
+ } else if (value & IMX2_WDT_WCR_WDE) {
122
+ delta / NANOSECONDS_PER_SECOND;
253
+ s->wcr_wde_locked = true;
123
+ }
254
+ }
124
pl031_set_alarm(s);
255
+ if (s->wcr_wdt_locked) {
125
return 0;
256
+ value &= ~IMX2_WDT_WCR_WDT;
257
+ value |= (s->wicr & ~IMX2_WDT_WCR_WDT);
258
+ } else if (value & IMX2_WDT_WCR_WDT) {
259
+ s->wcr_wdt_locked = true;
260
+ }
261
+
262
+ s->wcr = value;
263
+ if (!(value & IMX2_WDT_WCR_SRS)) {
264
+ s->wrsr = IMX2_WDT_WRSR_SFTW;
265
+ }
266
+ if (!(value & (IMX2_WDT_WCR_WDA | IMX2_WDT_WCR_SRS)) ||
267
+ (!(value & IMX2_WDT_WCR_WT) && (value & IMX2_WDT_WCR_WDE))) {
268
+ watchdog_perform_action();
269
+ }
270
+ s->wcr |= IMX2_WDT_WCR_SRS;
271
+ imx_wdt2_update_timer(s, true);
272
+ break;
273
+ case IMX2_WDT_WSR:
274
+ if (s->wsr == IMX2_WDT_SEQ1 && value == IMX2_WDT_SEQ2) {
275
+ imx_wdt2_update_timer(s, false);
276
+ }
277
+ s->wsr = value;
278
+ break;
279
+ case IMX2_WDT_WRSR:
280
+ break;
281
+ case IMX2_WDT_WICR:
282
+ if (!s->pretimeout_support) {
283
+ return;
284
+ }
285
+ value &= IMX2_WDT_WICR_LOCK_MASK | IMX2_WDT_WICR_WTIS;
286
+ if (s->wicr_locked) {
287
+ value &= IMX2_WDT_WICR_WTIS;
288
+ value |= (s->wicr & IMX2_WDT_WICR_LOCK_MASK);
289
+ }
290
+ s->wicr = value | (s->wicr & IMX2_WDT_WICR_WTIS);
291
+ if (value & IMX2_WDT_WICR_WTIS) {
292
+ s->wicr &= ~IMX2_WDT_WICR_WTIS;
293
+ qemu_set_irq(s->irq, 0);
294
+ }
295
+ imx_wdt2_update_itimer(s, true);
296
+ s->wicr_locked = true;
297
+ break;
298
+ case IMX2_WDT_WMCR:
299
+ s->wmcr = value & IMX2_WDT_WMCR_PDE;
300
+ break;
301
}
126
}
302
}
127
303
128
+static int pl031_tick_offset_post_load(void *opaque, int version_id)
304
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps imx2_wdt_ops = {
129
+{
305
* real device but in practice there is no reason for a guest
130
+ PL031State *s = opaque;
306
* to access this device unaligned.
131
+
307
*/
132
+ s->tick_offset_migrated = true;
308
- .min_access_size = 4,
133
+ return 0;
309
- .max_access_size = 4,
134
+}
310
+ .min_access_size = 2,
135
+
311
+ .max_access_size = 2,
136
+static bool pl031_tick_offset_needed(void *opaque)
312
.unaligned = false,
137
+{
313
},
138
+ PL031State *s = opaque;
314
};
139
+
315
140
+ return s->migrate_tick_offset;
316
+static const VMStateDescription vmstate_imx2_wdt = {
141
+}
317
+ .name = "imx2.wdt",
142
+
143
+static const VMStateDescription vmstate_pl031_tick_offset = {
144
+ .name = "pl031/tick-offset",
145
+ .version_id = 1,
146
+ .minimum_version_id = 1,
147
+ .needed = pl031_tick_offset_needed,
148
+ .post_load = pl031_tick_offset_post_load,
149
+ .fields = (VMStateField[]) {
318
+ .fields = (VMStateField[]) {
150
+ VMSTATE_UINT32(tick_offset, PL031State),
319
+ VMSTATE_PTIMER(timer, IMX2WdtState),
320
+ VMSTATE_PTIMER(itimer, IMX2WdtState),
321
+ VMSTATE_BOOL(wicr_locked, IMX2WdtState),
322
+ VMSTATE_BOOL(wcr_locked, IMX2WdtState),
323
+ VMSTATE_BOOL(wcr_wde_locked, IMX2WdtState),
324
+ VMSTATE_BOOL(wcr_wdt_locked, IMX2WdtState),
325
+ VMSTATE_UINT16(wcr, IMX2WdtState),
326
+ VMSTATE_UINT16(wsr, IMX2WdtState),
327
+ VMSTATE_UINT16(wrsr, IMX2WdtState),
328
+ VMSTATE_UINT16(wmcr, IMX2WdtState),
329
+ VMSTATE_UINT16(wicr, IMX2WdtState),
151
+ VMSTATE_END_OF_LIST()
330
+ VMSTATE_END_OF_LIST()
152
+ }
331
+ }
153
+};
332
+};
154
+
333
+
155
static const VMStateDescription vmstate_pl031 = {
334
static void imx2_wdt_realize(DeviceState *dev, Error **errp)
156
.name = "pl031",
335
{
157
.version_id = 1,
336
IMX2WdtState *s = IMX2_WDT(dev);
158
.minimum_version_id = 1,
337
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
159
.pre_save = pl031_pre_save,
338
160
+ .pre_load = pl031_pre_load,
339
memory_region_init_io(&s->mmio, OBJECT(dev),
161
.post_load = pl031_post_load,
340
&imx2_wdt_ops, s,
162
.fields = (VMStateField[]) {
341
- TYPE_IMX2_WDT".mmio",
163
VMSTATE_UINT32(tick_offset_vmstate, PL031State),
342
- IMX2_WDT_REG_NUM * sizeof(uint16_t));
164
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_pl031 = {
343
- sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->mmio);
165
VMSTATE_UINT32(im, PL031State),
344
+ TYPE_IMX2_WDT,
166
VMSTATE_UINT32(is, PL031State),
345
+ IMX2_WDT_MMIO_SIZE);
167
VMSTATE_END_OF_LIST()
346
+ sysbus_init_mmio(sbd, &s->mmio);
168
+ },
347
+ sysbus_init_irq(sbd, &s->irq);
169
+ .subsections = (const VMStateDescription*[]) {
348
+
170
+ &vmstate_pl031_tick_offset,
349
+ s->timer = ptimer_init(imx2_wdt_expired, s,
171
+ NULL
350
+ PTIMER_POLICY_NO_IMMEDIATE_TRIGGER |
172
}
351
+ PTIMER_POLICY_NO_IMMEDIATE_RELOAD |
173
};
352
+ PTIMER_POLICY_NO_COUNTER_ROUND_DOWN);
174
353
+ ptimer_transaction_begin(s->timer);
175
+static Property pl031_properties[] = {
354
+ ptimer_set_freq(s->timer, 2);
176
+ /*
355
+ ptimer_set_limit(s->timer, 0xff, 1);
177
+ * True to correctly migrate the tick offset of the RTC. False to
356
+ ptimer_transaction_commit(s->timer);
178
+ * obtain backward migration compatibility with older QEMU versions,
357
+ if (s->pretimeout_support) {
179
+ * at the expense of the guest RTC going backwards compared with the
358
+ s->itimer = ptimer_init(imx2_wdt_interrupt, s,
180
+ * host RTC when the VM is saved/restored if using -rtc host.
359
+ PTIMER_POLICY_NO_IMMEDIATE_TRIGGER |
181
+ * (Even if set to 'true' older QEMU can migrate forward to newer QEMU;
360
+ PTIMER_POLICY_NO_IMMEDIATE_RELOAD |
182
+ * 'false' also permits newer QEMU to migrate to older QEMU.)
361
+ PTIMER_POLICY_NO_COUNTER_ROUND_DOWN);
183
+ */
362
+ ptimer_transaction_begin(s->itimer);
184
+ DEFINE_PROP_BOOL("migrate-tick-offset",
363
+ ptimer_set_freq(s->itimer, 2);
185
+ PL031State, migrate_tick_offset, true),
364
+ ptimer_set_limit(s->itimer, 0xff, 1);
186
+ DEFINE_PROP_END_OF_LIST()
365
+ ptimer_transaction_commit(s->itimer);
366
+ }
367
}
368
369
+static Property imx2_wdt_properties[] = {
370
+ DEFINE_PROP_BOOL("pretimeout-support", IMX2WdtState, pretimeout_support,
371
+ false),
187
+};
372
+};
188
+
373
+
189
static void pl031_class_init(ObjectClass *klass, void *data)
374
static void imx2_wdt_class_init(ObjectClass *klass, void *data)
190
{
375
{
191
DeviceClass *dc = DEVICE_CLASS(klass);
376
DeviceClass *dc = DEVICE_CLASS(klass);
192
377
193
dc->vmsd = &vmstate_pl031;
378
+ device_class_set_props(dc, imx2_wdt_properties);
194
+ dc->props = pl031_properties;
379
dc->realize = imx2_wdt_realize;
380
+ dc->reset = imx2_wdt_reset;
381
+ dc->vmsd = &vmstate_imx2_wdt;
382
+ dc->desc = "i.MX watchdog timer";
383
set_bit(DEVICE_CATEGORY_MISC, dc->categories);
195
}
384
}
196
385
197
static const TypeInfo pl031_info = {
198
--
386
--
199
2.20.1
387
2.20.1
200
388
201
389
diff view generated by jsdifflib
New patch
[PULL 14/29] hw/arm/fsl-imx25: Wire up watchdog
1
From: Guenter Roeck <linux@roeck-us.net>
1
2
3
With this commit, the watchdog on imx25-pdk is fully operational,
4
including pretimeout support.
5
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
8
Message-id: 20200517162135.110364-4-linux@roeck-us.net
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
include/hw/arm/fsl-imx25.h | 5 +++++
12
hw/arm/fsl-imx25.c | 10 ++++++++++
13
hw/arm/Kconfig | 1 +
14
3 files changed, 16 insertions(+)
15
16
diff --git a/include/hw/arm/fsl-imx25.h b/include/hw/arm/fsl-imx25.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/arm/fsl-imx25.h
19
+++ b/include/hw/arm/fsl-imx25.h
20
@@ -XXX,XX +XXX,XX @@
21
#include "hw/gpio/imx_gpio.h"
22
#include "hw/sd/sdhci.h"
23
#include "hw/usb/chipidea.h"
24
+#include "hw/watchdog/wdt_imx2.h"
25
#include "exec/memory.h"
26
#include "target/arm/cpu.h"
27
28
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX25State {
29
IMXGPIOState gpio[FSL_IMX25_NUM_GPIOS];
30
SDHCIState esdhc[FSL_IMX25_NUM_ESDHCS];
31
ChipideaState usb[FSL_IMX25_NUM_USBS];
32
+ IMX2WdtState wdt;
33
MemoryRegion rom[2];
34
MemoryRegion iram;
35
MemoryRegion iram_alias;
36
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX25State {
37
#define FSL_IMX25_GPIO1_SIZE 0x4000
38
#define FSL_IMX25_GPIO2_ADDR 0x53FD0000
39
#define FSL_IMX25_GPIO2_SIZE 0x4000
40
+#define FSL_IMX25_WDT_ADDR 0x53FDC000
41
+#define FSL_IMX25_WDT_SIZE 0x4000
42
#define FSL_IMX25_USB1_ADDR 0x53FF4000
43
#define FSL_IMX25_USB1_SIZE 0x0200
44
#define FSL_IMX25_USB2_ADDR 0x53FF4400
45
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX25State {
46
#define FSL_IMX25_ESDHC2_IRQ 8
47
#define FSL_IMX25_USB1_IRQ 37
48
#define FSL_IMX25_USB2_IRQ 35
49
+#define FSL_IMX25_WDT_IRQ 55
50
51
#endif /* FSL_IMX25_H */
52
diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
53
index XXXXXXX..XXXXXXX 100644
54
--- a/hw/arm/fsl-imx25.c
55
+++ b/hw/arm/fsl-imx25.c
56
@@ -XXX,XX +XXX,XX @@ static void fsl_imx25_init(Object *obj)
57
TYPE_CHIPIDEA);
58
}
59
60
+ sysbus_init_child_obj(obj, "wdt", &s->wdt, sizeof(s->wdt), TYPE_IMX2_WDT);
61
}
62
63
static void fsl_imx25_realize(DeviceState *dev, Error **errp)
64
@@ -XXX,XX +XXX,XX @@ static void fsl_imx25_realize(DeviceState *dev, Error **errp)
65
usb_table[i].irq));
66
}
67
68
+ /* Watchdog */
69
+ object_property_set_bool(OBJECT(&s->wdt), true, "pretimeout-support",
70
+ &error_abort);
71
+ object_property_set_bool(OBJECT(&s->wdt), true, "realized", &error_abort);
72
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt), 0, FSL_IMX25_WDT_ADDR);
73
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt), 0,
74
+ qdev_get_gpio_in(DEVICE(&s->avic),
75
+ FSL_IMX25_WDT_IRQ));
76
+
77
/* initialize 2 x 16 KB ROM */
78
memory_region_init_rom(&s->rom[0], OBJECT(dev), "imx25.rom0",
79
FSL_IMX25_ROM0_SIZE, &err);
80
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
81
index XXXXXXX..XXXXXXX 100644
82
--- a/hw/arm/Kconfig
83
+++ b/hw/arm/Kconfig
84
@@ -XXX,XX +XXX,XX @@ config FSL_IMX25
85
select IMX
86
select IMX_FEC
87
select IMX_I2C
88
+ select WDT_IMX2
89
select DS1338
90
91
config FSL_IMX31
92
--
93
2.20.1
94
95
diff view generated by jsdifflib
New patch
[PULL 15/29] hw/arm/fsl-imx31: Wire up watchdog
1
From: Guenter Roeck <linux@roeck-us.net>
1
2
3
With this patch, the watchdog on i.MX31 emulations is fully operational.
4
5
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
7
Message-id: 20200517162135.110364-5-linux@roeck-us.net
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
include/hw/arm/fsl-imx31.h | 4 ++++
11
hw/arm/fsl-imx31.c | 6 ++++++
12
hw/arm/Kconfig | 1 +
13
3 files changed, 11 insertions(+)
14
15
diff --git a/include/hw/arm/fsl-imx31.h b/include/hw/arm/fsl-imx31.h
16
index XXXXXXX..XXXXXXX 100644
17
--- a/include/hw/arm/fsl-imx31.h
18
+++ b/include/hw/arm/fsl-imx31.h
19
@@ -XXX,XX +XXX,XX @@
20
#include "hw/timer/imx_epit.h"
21
#include "hw/i2c/imx_i2c.h"
22
#include "hw/gpio/imx_gpio.h"
23
+#include "hw/watchdog/wdt_imx2.h"
24
#include "exec/memory.h"
25
#include "target/arm/cpu.h"
26
27
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX31State {
28
IMXEPITState epit[FSL_IMX31_NUM_EPITS];
29
IMXI2CState i2c[FSL_IMX31_NUM_I2CS];
30
IMXGPIOState gpio[FSL_IMX31_NUM_GPIOS];
31
+ IMX2WdtState wdt;
32
MemoryRegion secure_rom;
33
MemoryRegion rom;
34
MemoryRegion iram;
35
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX31State {
36
#define FSL_IMX31_GPIO1_SIZE 0x4000
37
#define FSL_IMX31_GPIO2_ADDR 0x53FD0000
38
#define FSL_IMX31_GPIO2_SIZE 0x4000
39
+#define FSL_IMX31_WDT_ADDR 0x53FDC000
40
+#define FSL_IMX31_WDT_SIZE 0x4000
41
#define FSL_IMX31_AVIC_ADDR 0x68000000
42
#define FSL_IMX31_AVIC_SIZE 0x100
43
#define FSL_IMX31_SDRAM0_ADDR 0x80000000
44
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
45
index XXXXXXX..XXXXXXX 100644
46
--- a/hw/arm/fsl-imx31.c
47
+++ b/hw/arm/fsl-imx31.c
48
@@ -XXX,XX +XXX,XX @@ static void fsl_imx31_init(Object *obj)
49
sysbus_init_child_obj(obj, "gpio[*]", &s->gpio[i], sizeof(s->gpio[i]),
50
TYPE_IMX_GPIO);
51
}
52
+
53
+ sysbus_init_child_obj(obj, "wdt", &s->wdt, sizeof(s->wdt), TYPE_IMX2_WDT);
54
}
55
56
static void fsl_imx31_realize(DeviceState *dev, Error **errp)
57
@@ -XXX,XX +XXX,XX @@ static void fsl_imx31_realize(DeviceState *dev, Error **errp)
58
gpio_table[i].irq));
59
}
60
61
+ /* Watchdog */
62
+ object_property_set_bool(OBJECT(&s->wdt), true, "realized", &error_abort);
63
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt), 0, FSL_IMX31_WDT_ADDR);
64
+
65
/* On a real system, the first 16k is a `secure boot rom' */
66
memory_region_init_rom(&s->secure_rom, OBJECT(dev), "imx31.secure_rom",
67
FSL_IMX31_SECURE_ROM_SIZE, &err);
68
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
69
index XXXXXXX..XXXXXXX 100644
70
--- a/hw/arm/Kconfig
71
+++ b/hw/arm/Kconfig
72
@@ -XXX,XX +XXX,XX @@ config FSL_IMX31
73
select SERIAL
74
select IMX
75
select IMX_I2C
76
+ select WDT_IMX2
77
select LAN9118
78
79
config FSL_IMX6
80
--
81
2.20.1
82
83
diff view generated by jsdifflib
New patch
[PULL 16/29] hw/arm/fsl-imx6: Connect watchdog interrupts
1
From: Guenter Roeck <linux@roeck-us.net>
1
2
3
With this patch applied, the watchdog in the sabrelite emulation
4
is fully operational, including pretimeout support.
5
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
8
Message-id: 20200517162135.110364-6-linux@roeck-us.net
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
hw/arm/fsl-imx6.c | 9 +++++++++
12
1 file changed, 9 insertions(+)
13
14
diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/arm/fsl-imx6.c
17
+++ b/hw/arm/fsl-imx6.c
18
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6_realize(DeviceState *dev, Error **errp)
19
FSL_IMX6_WDOG1_ADDR,
20
FSL_IMX6_WDOG2_ADDR,
21
};
22
+ static const int FSL_IMX6_WDOGn_IRQ[FSL_IMX6_NUM_WDTS] = {
23
+ FSL_IMX6_WDOG1_IRQ,
24
+ FSL_IMX6_WDOG2_IRQ,
25
+ };
26
27
+ object_property_set_bool(OBJECT(&s->wdt[i]), true, "pretimeout-support",
28
+ &error_abort);
29
object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized",
30
&error_abort);
31
32
sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt[i]), 0, FSL_IMX6_WDOGn_ADDR[i]);
33
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt[i]), 0,
34
+ qdev_get_gpio_in(DEVICE(&s->a9mpcore),
35
+ FSL_IMX6_WDOGn_IRQ[i]));
36
}
37
38
/* ROM memory */
39
--
40
2.20.1
41
42
diff view generated by jsdifflib
New patch
[PULL 17/29] hw/arm/fsl-imx6ul: Connect watchdog interrupts
1
From: Guenter Roeck <linux@roeck-us.net>
1
2
3
With this commit, the watchdog on mcimx6ul-evk is fully operational,
4
including pretimeout support.
5
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
8
Message-id: 20200517162135.110364-7-linux@roeck-us.net
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
hw/arm/fsl-imx6ul.c | 10 ++++++++++
12
1 file changed, 10 insertions(+)
13
14
diff --git a/hw/arm/fsl-imx6ul.c b/hw/arm/fsl-imx6ul.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/arm/fsl-imx6ul.c
17
+++ b/hw/arm/fsl-imx6ul.c
18
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_realize(DeviceState *dev, Error **errp)
19
FSL_IMX6UL_WDOG2_ADDR,
20
FSL_IMX6UL_WDOG3_ADDR,
21
};
22
+ static const int FSL_IMX6UL_WDOGn_IRQ[FSL_IMX6UL_NUM_WDTS] = {
23
+ FSL_IMX6UL_WDOG1_IRQ,
24
+ FSL_IMX6UL_WDOG2_IRQ,
25
+ FSL_IMX6UL_WDOG3_IRQ,
26
+ };
27
28
+ object_property_set_bool(OBJECT(&s->wdt[i]), true, "pretimeout-support",
29
+ &error_abort);
30
object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized",
31
&error_abort);
32
33
sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt[i]), 0,
34
FSL_IMX6UL_WDOGn_ADDR[i]);
35
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt[i]), 0,
36
+ qdev_get_gpio_in(DEVICE(&s->a7mpcore),
37
+ FSL_IMX6UL_WDOGn_IRQ[i]));
38
}
39
40
/*
41
--
42
2.20.1
43
44
diff view generated by jsdifflib
New patch
[PULL 18/29] hw/arm/fsl-imx7: Instantiate various unimplemented devices
1
From: Guenter Roeck <linux@roeck-us.net>
1
2
3
Instantiating PWM, CAN, CAAM, and OCOTP devices is necessary to avoid
4
crashes when booting mainline Linux.
5
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
8
Message-id: 20200517162135.110364-8-linux@roeck-us.net
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
include/hw/arm/fsl-imx7.h | 16 ++++++++++++++++
12
hw/arm/fsl-imx7.c | 24 ++++++++++++++++++++++++
13
2 files changed, 40 insertions(+)
14
15
diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h
16
index XXXXXXX..XXXXXXX 100644
17
--- a/include/hw/arm/fsl-imx7.h
18
+++ b/include/hw/arm/fsl-imx7.h
19
@@ -XXX,XX +XXX,XX @@ enum FslIMX7MemoryMap {
20
FSL_IMX7_IOMUXC_GPR_ADDR = 0x30340000,
21
FSL_IMX7_IOMUXCn_SIZE = 0x1000,
22
23
+ FSL_IMX7_OCOTP_ADDR = 0x30350000,
24
+ FSL_IMX7_OCOTP_SIZE = 0x10000,
25
+
26
FSL_IMX7_ANALOG_ADDR = 0x30360000,
27
FSL_IMX7_SNVS_ADDR = 0x30370000,
28
FSL_IMX7_CCM_ADDR = 0x30380000,
29
@@ -XXX,XX +XXX,XX @@ enum FslIMX7MemoryMap {
30
FSL_IMX7_ADC2_ADDR = 0x30620000,
31
FSL_IMX7_ADCn_SIZE = 0x1000,
32
33
+ FSL_IMX7_PWM1_ADDR = 0x30660000,
34
+ FSL_IMX7_PWM2_ADDR = 0x30670000,
35
+ FSL_IMX7_PWM3_ADDR = 0x30680000,
36
+ FSL_IMX7_PWM4_ADDR = 0x30690000,
37
+ FSL_IMX7_PWMn_SIZE = 0x10000,
38
+
39
FSL_IMX7_PCIE_PHY_ADDR = 0x306D0000,
40
FSL_IMX7_PCIE_PHY_SIZE = 0x10000,
41
42
FSL_IMX7_GPC_ADDR = 0x303A0000,
43
44
+ FSL_IMX7_CAAM_ADDR = 0x30900000,
45
+ FSL_IMX7_CAAM_SIZE = 0x40000,
46
+
47
+ FSL_IMX7_CAN1_ADDR = 0x30A00000,
48
+ FSL_IMX7_CAN2_ADDR = 0x30A10000,
49
+ FSL_IMX7_CANn_SIZE = 0x10000,
50
+
51
FSL_IMX7_I2C1_ADDR = 0x30A20000,
52
FSL_IMX7_I2C2_ADDR = 0x30A30000,
53
FSL_IMX7_I2C3_ADDR = 0x30A40000,
54
diff --git a/hw/arm/fsl-imx7.c b/hw/arm/fsl-imx7.c
55
index XXXXXXX..XXXXXXX 100644
56
--- a/hw/arm/fsl-imx7.c
57
+++ b/hw/arm/fsl-imx7.c
58
@@ -XXX,XX +XXX,XX @@ static void fsl_imx7_realize(DeviceState *dev, Error **errp)
59
*/
60
create_unimplemented_device("sdma", FSL_IMX7_SDMA_ADDR, FSL_IMX7_SDMA_SIZE);
61
62
+ /*
63
+ * CAAM
64
+ */
65
+ create_unimplemented_device("caam", FSL_IMX7_CAAM_ADDR, FSL_IMX7_CAAM_SIZE);
66
+
67
+ /*
68
+ * PWM
69
+ */
70
+ create_unimplemented_device("pwm1", FSL_IMX7_PWM1_ADDR, FSL_IMX7_PWMn_SIZE);
71
+ create_unimplemented_device("pwm2", FSL_IMX7_PWM2_ADDR, FSL_IMX7_PWMn_SIZE);
72
+ create_unimplemented_device("pwm3", FSL_IMX7_PWM3_ADDR, FSL_IMX7_PWMn_SIZE);
73
+ create_unimplemented_device("pwm4", FSL_IMX7_PWM4_ADDR, FSL_IMX7_PWMn_SIZE);
74
+
75
+ /*
76
+ * CAN
77
+ */
78
+ create_unimplemented_device("can1", FSL_IMX7_CAN1_ADDR, FSL_IMX7_CANn_SIZE);
79
+ create_unimplemented_device("can2", FSL_IMX7_CAN2_ADDR, FSL_IMX7_CANn_SIZE);
80
+
81
+ /*
82
+ * OCOTP
83
+ */
84
+ create_unimplemented_device("ocotp", FSL_IMX7_OCOTP_ADDR,
85
+ FSL_IMX7_OCOTP_SIZE);
86
87
object_property_set_bool(OBJECT(&s->gpr), true, "realized",
88
&error_abort);
89
--
90
2.20.1
91
92
diff view generated by jsdifflib
New patch
[PULL 19/29] hw/arm/fsl-imx7: Connect watchdog interrupts
1
From: Guenter Roeck <linux@roeck-us.net>
1
2
3
i.MX7 supports watchdog pretimeout interupts. With this commit,
4
the watchdog in mcimx7d-sabre is fully operational, including
5
pretimeout support.
6
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
9
Message-id: 20200517162135.110364-9-linux@roeck-us.net
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
include/hw/arm/fsl-imx7.h | 5 +++++
13
hw/arm/fsl-imx7.c | 11 +++++++++++
14
2 files changed, 16 insertions(+)
15
16
diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/arm/fsl-imx7.h
19
+++ b/include/hw/arm/fsl-imx7.h
20
@@ -XXX,XX +XXX,XX @@ enum FslIMX7IRQs {
21
FSL_IMX7_USB2_IRQ = 42,
22
FSL_IMX7_USB3_IRQ = 40,
23
24
+ FSL_IMX7_WDOG1_IRQ = 78,
25
+ FSL_IMX7_WDOG2_IRQ = 79,
26
+ FSL_IMX7_WDOG3_IRQ = 10,
27
+ FSL_IMX7_WDOG4_IRQ = 109,
28
+
29
FSL_IMX7_PCI_INTA_IRQ = 125,
30
FSL_IMX7_PCI_INTB_IRQ = 124,
31
FSL_IMX7_PCI_INTC_IRQ = 123,
32
diff --git a/hw/arm/fsl-imx7.c b/hw/arm/fsl-imx7.c
33
index XXXXXXX..XXXXXXX 100644
34
--- a/hw/arm/fsl-imx7.c
35
+++ b/hw/arm/fsl-imx7.c
36
@@ -XXX,XX +XXX,XX @@ static void fsl_imx7_realize(DeviceState *dev, Error **errp)
37
FSL_IMX7_WDOG3_ADDR,
38
FSL_IMX7_WDOG4_ADDR,
39
};
40
+ static const int FSL_IMX7_WDOGn_IRQ[FSL_IMX7_NUM_WDTS] = {
41
+ FSL_IMX7_WDOG1_IRQ,
42
+ FSL_IMX7_WDOG2_IRQ,
43
+ FSL_IMX7_WDOG3_IRQ,
44
+ FSL_IMX7_WDOG4_IRQ,
45
+ };
46
47
+ object_property_set_bool(OBJECT(&s->wdt[i]), true, "pretimeout-support",
48
+ &error_abort);
49
object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized",
50
&error_abort);
51
52
sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt[i]), 0, FSL_IMX7_WDOGn_ADDR[i]);
53
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt[i]), 0,
54
+ qdev_get_gpio_in(DEVICE(&s->a7mpcore),
55
+ FSL_IMX7_WDOGn_IRQ[i]));
56
}
57
58
/*
59
--
60
2.20.1
61
62
diff view generated by jsdifflib
New patch
[PULL 20/29] hw/arm/integratorcp: Replace hw_error() by qemu_log_mask()
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
2
3
hw_error() calls exit(). This a bit overkill when we can log
4
the accesses as unimplemented or guest error.
5
6
When fuzzing the devices, we don't want the whole process to
7
exit. Replace some hw_error() calls by qemu_log_mask().
8
9
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
11
Message-id: 20200518140309.5220-2-f4bug@amsat.org
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
14
hw/arm/integratorcp.c | 23 +++++++++++++++--------
15
1 file changed, 15 insertions(+), 8 deletions(-)
16
17
diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
18
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/arm/integratorcp.c
20
+++ b/hw/arm/integratorcp.c
21
@@ -XXX,XX +XXX,XX @@
22
#include "exec/address-spaces.h"
23
#include "sysemu/runstate.h"
24
#include "sysemu/sysemu.h"
25
+#include "qemu/log.h"
26
#include "qemu/error-report.h"
27
#include "hw/char/pl011.h"
28
#include "hw/hw.h"
29
@@ -XXX,XX +XXX,XX @@ static uint64_t integratorcm_read(void *opaque, hwaddr offset,
30
/* ??? Voltage control unimplemented. */
31
return 0;
32
default:
33
- hw_error("integratorcm_read: Unimplemented offset 0x%x\n",
34
- (int)offset);
35
+ qemu_log_mask(LOG_UNIMP,
36
+ "%s: Unimplemented offset 0x%" HWADDR_PRIX "\n",
37
+ __func__, offset);
38
return 0;
39
}
40
}
41
@@ -XXX,XX +XXX,XX @@ static void integratorcm_write(void *opaque, hwaddr offset,
42
/* ??? Voltage control unimplemented. */
43
break;
44
default:
45
- hw_error("integratorcm_write: Unimplemented offset 0x%x\n",
46
- (int)offset);
47
+ qemu_log_mask(LOG_UNIMP,
48
+ "%s: Unimplemented offset 0x%" HWADDR_PRIX "\n",
49
+ __func__, offset);
50
break;
51
}
52
}
53
@@ -XXX,XX +XXX,XX @@ static uint64_t icp_pic_read(void *opaque, hwaddr offset,
54
case 5: /* INT_SOFTCLR */
55
case 11: /* FRQ_ENABLECLR */
56
default:
57
- printf ("icp_pic_read: Bad register offset 0x%x\n", (int)offset);
58
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
59
+ __func__, offset);
60
return 0;
61
}
62
}
63
@@ -XXX,XX +XXX,XX @@ static void icp_pic_write(void *opaque, hwaddr offset,
64
case 8: /* FRQ_STATUS */
65
case 9: /* FRQ_RAWSTAT */
66
default:
67
- printf ("icp_pic_write: Bad register offset 0x%x\n", (int)offset);
68
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
69
+ __func__, offset);
70
return;
71
}
72
icp_pic_update(s);
73
@@ -XXX,XX +XXX,XX @@ static uint64_t icp_control_read(void *opaque, hwaddr offset,
74
case 3: /* CP_DECODE */
75
return 0x11;
76
default:
77
- hw_error("icp_control_read: Bad offset %x\n", (int)offset);
78
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
79
+ __func__, offset);
80
return 0;
81
}
82
}
83
@@ -XXX,XX +XXX,XX @@ static void icp_control_write(void *opaque, hwaddr offset,
84
/* Nothing interesting implemented yet. */
85
break;
86
default:
87
- hw_error("icp_control_write: Bad offset %x\n", (int)offset);
88
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
89
+ __func__, offset);
90
}
91
}
92
93
--
94
2.20.1
95
96
diff view generated by jsdifflib
[Qemu-devel] [PULL 07/10] hw/arm/virt: Fix non-secure flash mode
[PULL 21/29] hw/arm/pxa2xx: Replace hw_error() by qemu_log_mask()
1
From: David Engraf <david.engraf@sysgo.com>
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
2
3
Using the whole 128 MiB flash in non-secure mode is not working because
3
hw_error() calls exit(). This a bit overkill when we can log
4
virt_flash_fdt() expects the same address for secure_sysmem and sysmem.
4
the accesses as unimplemented or guest error.
5
This is not correctly handled by caller because it forwards NULL for
6
secure_sysmem in non-secure flash mode.
7
5
8
Fixed by using sysmem when secure_sysmem is NULL.
6
When fuzzing the devices, we don't want the whole process to
7
exit. Replace some hw_error() calls by qemu_log_mask().
9
8
10
Signed-off-by: David Engraf <david.engraf@sysgo.com>
9
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
11
Message-id: 20190712075002.14326-1-david.engraf@sysgo.com
10
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Message-id: 20200518140309.5220-3-f4bug@amsat.org
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
13
---
15
hw/arm/virt.c | 2 +-
14
hw/arm/pxa2xx_gpio.c | 7 ++++---
16
1 file changed, 1 insertion(+), 1 deletion(-)
15
hw/display/pxa2xx_lcd.c | 8 +++++---
16
hw/dma/pxa2xx_dma.c | 14 +++++++++-----
17
3 files changed, 18 insertions(+), 11 deletions(-)
17
18
18
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
19
diff --git a/hw/arm/pxa2xx_gpio.c b/hw/arm/pxa2xx_gpio.c
19
index XXXXXXX..XXXXXXX 100644
20
index XXXXXXX..XXXXXXX 100644
20
--- a/hw/arm/virt.c
21
--- a/hw/arm/pxa2xx_gpio.c
21
+++ b/hw/arm/virt.c
22
+++ b/hw/arm/pxa2xx_gpio.c
22
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
23
@@ -XXX,XX +XXX,XX @@
23
&machine->device_memory->mr);
24
25
#include "qemu/osdep.h"
26
#include "cpu.h"
27
-#include "hw/hw.h"
28
#include "hw/irq.h"
29
#include "hw/qdev-properties.h"
30
#include "hw/sysbus.h"
31
@@ -XXX,XX +XXX,XX @@ static uint64_t pxa2xx_gpio_read(void *opaque, hwaddr offset,
32
return s->status[bank];
33
34
default:
35
- hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset);
36
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
37
+ __func__, offset);
24
}
38
}
25
39
26
- virt_flash_fdt(vms, sysmem, secure_sysmem);
40
return 0;
27
+ virt_flash_fdt(vms, sysmem, secure_sysmem ?: sysmem);
41
@@ -XXX,XX +XXX,XX @@ static void pxa2xx_gpio_write(void *opaque, hwaddr offset,
28
42
break;
29
create_gic(vms, pic);
43
44
default:
45
- hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset);
46
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
47
+ __func__, offset);
48
}
49
}
50
51
diff --git a/hw/display/pxa2xx_lcd.c b/hw/display/pxa2xx_lcd.c
52
index XXXXXXX..XXXXXXX 100644
53
--- a/hw/display/pxa2xx_lcd.c
54
+++ b/hw/display/pxa2xx_lcd.c
55
@@ -XXX,XX +XXX,XX @@
56
*/
57
58
#include "qemu/osdep.h"
59
-#include "hw/hw.h"
60
+#include "qemu/log.h"
61
#include "hw/irq.h"
62
#include "migration/vmstate.h"
63
#include "ui/console.h"
64
@@ -XXX,XX +XXX,XX @@ static uint64_t pxa2xx_lcdc_read(void *opaque, hwaddr offset,
65
66
default:
67
fail:
68
- hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset);
69
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
70
+ __func__, offset);
71
}
72
73
return 0;
74
@@ -XXX,XX +XXX,XX @@ static void pxa2xx_lcdc_write(void *opaque, hwaddr offset,
75
76
default:
77
fail:
78
- hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset);
79
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
80
+ __func__, offset);
81
}
82
}
83
84
diff --git a/hw/dma/pxa2xx_dma.c b/hw/dma/pxa2xx_dma.c
85
index XXXXXXX..XXXXXXX 100644
86
--- a/hw/dma/pxa2xx_dma.c
87
+++ b/hw/dma/pxa2xx_dma.c
88
@@ -XXX,XX +XXX,XX @@
89
*/
90
91
#include "qemu/osdep.h"
92
+#include "qemu/log.h"
93
#include "hw/hw.h"
94
#include "hw/irq.h"
95
#include "hw/qdev-properties.h"
96
@@ -XXX,XX +XXX,XX @@ static uint64_t pxa2xx_dma_read(void *opaque, hwaddr offset,
97
unsigned int channel;
98
99
if (size != 4) {
100
- hw_error("%s: Bad access width\n", __func__);
101
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad access width %u\n",
102
+ __func__, size);
103
return 5;
104
}
105
106
@@ -XXX,XX +XXX,XX @@ static uint64_t pxa2xx_dma_read(void *opaque, hwaddr offset,
107
return s->chan[channel].cmd;
108
}
109
}
110
-
111
- hw_error("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
112
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
113
+ __func__, offset);
114
return 7;
115
}
116
117
@@ -XXX,XX +XXX,XX @@ static void pxa2xx_dma_write(void *opaque, hwaddr offset,
118
unsigned int channel;
119
120
if (size != 4) {
121
- hw_error("%s: Bad access width\n", __func__);
122
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad access width %u\n",
123
+ __func__, size);
124
return;
125
}
126
127
@@ -XXX,XX +XXX,XX @@ static void pxa2xx_dma_write(void *opaque, hwaddr offset,
128
break;
129
}
130
fail:
131
- hw_error("%s: Bad offset " TARGET_FMT_plx "\n", __func__, offset);
132
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
133
+ __func__, offset);
134
}
135
}
30
136
31
--
137
--
32
2.20.1
138
2.20.1
33
139
34
140
diff view generated by jsdifflib
[Qemu-devel] [PULL 04/10] hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[]
[PULL 22/29] hw/char/xilinx_uartlite: Replace hw_error() by qemu_log_mask()
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
2
3
Both lqspi_read() and lqspi_load_cache() expect a 32-bit
3
hw_error() calls exit(). This a bit overkill when we can log
4
aligned address.
4
the accesses as unimplemented or guest error.
5
5
6
>From UG1085 datasheet [*] chapter on 'Quad-SPI Controller':
6
When fuzzing the devices, we don't want the whole process to
7
exit. Replace some hw_error() calls by qemu_log_mask().
7
8
8
Transfer Size Limitations
9
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
9
10
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
Because of the 32-bit wide TX, RX, and generic FIFO, all
11
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
11
APB/AXI transfers must be an integer multiple of 4-bytes.
12
Message-id: 20200518140309.5220-4-f4bug@amsat.org
12
Shorter transfers are not possible.
13
14
Set MemoryRegionOps.impl values to force 32-bit accesses,
15
this way we are sure we do not access the lqspi_buf[] array
16
out of bound.
17
18
[*] https://www.xilinx.com/support/documentation/user_guides/ug1085-zynq-ultrascale-trm.pdf
19
20
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
21
Tested-by: Francisco Iglesias <frasse.iglesias@gmail.com>
22
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
23
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
24
---
14
---
25
hw/ssi/xilinx_spips.c | 4 ++++
15
hw/char/xilinx_uartlite.c | 5 +++--
26
1 file changed, 4 insertions(+)
16
1 file changed, 3 insertions(+), 2 deletions(-)
27
17
28
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
18
diff --git a/hw/char/xilinx_uartlite.c b/hw/char/xilinx_uartlite.c
29
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
30
--- a/hw/ssi/xilinx_spips.c
20
--- a/hw/char/xilinx_uartlite.c
31
+++ b/hw/ssi/xilinx_spips.c
21
+++ b/hw/char/xilinx_uartlite.c
32
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps lqspi_ops = {
22
@@ -XXX,XX +XXX,XX @@
33
.read_with_attrs = lqspi_read,
23
*/
34
.write_with_attrs = lqspi_write,
24
35
.endianness = DEVICE_NATIVE_ENDIAN,
25
#include "qemu/osdep.h"
36
+ .impl = {
26
-#include "hw/hw.h"
37
+ .min_access_size = 4,
27
+#include "qemu/log.h"
38
+ .max_access_size = 4,
28
#include "hw/irq.h"
39
+ },
29
#include "hw/qdev-properties.h"
40
.valid = {
30
#include "hw/sysbus.h"
41
.min_access_size = 1,
31
@@ -XXX,XX +XXX,XX @@ uart_write(void *opaque, hwaddr addr,
42
.max_access_size = 4
32
switch (addr)
33
{
34
case R_STATUS:
35
- hw_error("write to UART STATUS?\n");
36
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: write to UART STATUS\n",
37
+ __func__);
38
break;
39
40
case R_CTRL:
43
--
41
--
44
2.20.1
42
2.20.1
45
43
46
44
diff view generated by jsdifflib
[Qemu-devel] [PULL 01/10] target/arm: report ARMv8-A FP support for AArch32 -cpu max
[PULL 23/29] hw/timer/exynos4210_mct: Replace hw_error() by qemu_log_mask()
1
From: Alex Bennée <alex.bennee@linaro.org>
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
2
3
When we converted to using feature bits in 602f6e42cfbf we missed out
3
hw_error() calls exit(). This a bit overkill when we can log
4
the fact (dp && arm_dc_feature(s, ARM_FEATURE_V8)) was supported for
4
the accesses as unimplemented or guest error.
5
-cpu max configurations. This caused a regression in the GCC test
6
suite. Fix this by setting the appropriate bits in mvfr1.FPHP to
7
report ARMv8-A with FP support (but not ARMv8.2-FP16).
8
5
9
Fixes: https://bugs.launchpad.net/qemu/+bug/1836078
6
When fuzzing the devices, we don't want the whole process to
10
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
7
exit. Replace some hw_error() calls by qemu_log_mask().
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
12
Message-id: 20190711103737.10017-1-alex.bennee@linaro.org
9
Per the datasheet "Exynos 4412 RISC Microprocessor Rev 1.00"
10
Chapter 25 "Multi Core Timer (MCT)" figure 1 and table 4,
11
the default value on the APB bus is 0.
12
13
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
14
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
15
Message-id: 20200518140309.5220-5-f4bug@amsat.org
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
17
---
15
target/arm/cpu.c | 4 ++++
18
hw/timer/exynos4210_mct.c | 12 +++++-------
16
1 file changed, 4 insertions(+)
19
1 file changed, 5 insertions(+), 7 deletions(-)
17
20
18
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
21
diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
19
index XXXXXXX..XXXXXXX 100644
22
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/cpu.c
23
--- a/hw/timer/exynos4210_mct.c
21
+++ b/target/arm/cpu.c
24
+++ b/hw/timer/exynos4210_mct.c
22
@@ -XXX,XX +XXX,XX @@ static void arm_max_initfn(Object *obj)
25
@@ -XXX,XX +XXX,XX @@
23
t = FIELD_DP32(t, ID_ISAR6, SPECRES, 1);
26
24
cpu->isar.id_isar6 = t;
27
#include "qemu/osdep.h"
25
28
#include "qemu/log.h"
26
+ t = cpu->isar.mvfr1;
29
-#include "hw/hw.h"
27
+ t = FIELD_DP32(t, MVFR1, FPHP, 2); /* v8.0 FP support */
30
#include "hw/sysbus.h"
28
+ cpu->isar.mvfr1 = t;
31
#include "migration/vmstate.h"
29
+
32
#include "qemu/timer.h"
30
t = cpu->isar.mvfr2;
33
@@ -XXX,XX +XXX,XX @@
31
t = FIELD_DP32(t, MVFR2, SIMDMISC, 3); /* SIMD MaxNum */
34
#include "hw/ptimer.h"
32
t = FIELD_DP32(t, MVFR2, FPMISC, 4); /* FP MaxNum */
35
36
#include "hw/arm/exynos4210.h"
37
-#include "hw/hw.h"
38
#include "hw/irq.h"
39
40
//#define DEBUG_MCT
41
@@ -XXX,XX +XXX,XX @@ static uint64_t exynos4210_mct_read(void *opaque, hwaddr offset,
42
int index;
43
int shift;
44
uint64_t count;
45
- uint32_t value;
46
+ uint32_t value = 0;
47
int lt_i;
48
49
switch (offset) {
50
@@ -XXX,XX +XXX,XX @@ static uint64_t exynos4210_mct_read(void *opaque, hwaddr offset,
51
break;
52
53
default:
54
- hw_error("exynos4210.mct: bad read offset "
55
- TARGET_FMT_plx "\n", offset);
56
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
57
+ __func__, offset);
58
break;
59
}
60
return value;
61
@@ -XXX,XX +XXX,XX @@ static void exynos4210_mct_write(void *opaque, hwaddr offset,
62
break;
63
64
default:
65
- hw_error("exynos4210.mct: bad write offset "
66
- TARGET_FMT_plx "\n", offset);
67
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
68
+ __func__, offset);
69
break;
70
}
71
}
33
--
72
--
34
2.20.1
73
2.20.1
35
74
36
75
diff view generated by jsdifflib
[Qemu-devel] [PULL 06/10] hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO
[PULL 24/29] ARM: PL061: Introduce N_GPIOS
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Geert Uytterhoeven <geert+renesas@glider.be>
2
2
3
In the previous commit we fixed a crash when the guest read a
3
Add a definition for the number of GPIO lines controlled by a PL061
4
register that pop from an empty FIFO.
4
instance, and use it instead of the hardcoded magic value 8.
5
By auditing the repository, we found another similar use with
6
an easy way to reproduce:
7
5
8
$ qemu-system-aarch64 -M xlnx-zcu102 -monitor stdio -S
6
Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
9
QEMU 4.0.50 monitor - type 'help' for more information
7
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
10
(qemu) xp/b 0xfd4a0134
8
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
11
Aborted (core dumped)
9
Message-id: 20200519085143.1376-1-geert+renesas@glider.be
12
13
(gdb) bt
14
#0 0x00007f6936dea57f in raise () at /lib64/libc.so.6
15
#1 0x00007f6936dd4895 in abort () at /lib64/libc.so.6
16
#2 0x0000561ad32975ec in xlnx_dp_aux_pop_rx_fifo (s=0x7f692babee70) at hw/display/xlnx_dp.c:431
17
#3 0x0000561ad3297dc0 in xlnx_dp_read (opaque=0x7f692babee70, offset=77, size=4) at hw/display/xlnx_dp.c:667
18
#4 0x0000561ad321b896 in memory_region_read_accessor (mr=0x7f692babf620, addr=308, value=0x7ffe05c1db88, size=4, shift=0, mask=4294967295, attrs=...) at memory.c:439
19
#5 0x0000561ad321bd70 in access_with_adjusted_size (addr=308, value=0x7ffe05c1db88, size=1, access_size_min=4, access_size_max=4, access_fn=0x561ad321b858 <memory_region_read_accessor>, mr=0x7f692babf620, attrs=...) at memory.c:569
20
#6 0x0000561ad321e9d5 in memory_region_dispatch_read1 (mr=0x7f692babf620, addr=308, pval=0x7ffe05c1db88, size=1, attrs=...) at memory.c:1420
21
#7 0x0000561ad321ea9d in memory_region_dispatch_read (mr=0x7f692babf620, addr=308, pval=0x7ffe05c1db88, size=1, attrs=...) at memory.c:1447
22
#8 0x0000561ad31bd742 in flatview_read_continue (fv=0x561ad69c04f0, addr=4249485620, attrs=..., buf=0x7ffe05c1dcf0 "\020\335\301\005\376\177", len=1, addr1=308, l=1, mr=0x7f692babf620) at exec.c:3385
23
#9 0x0000561ad31bd895 in flatview_read (fv=0x561ad69c04f0, addr=4249485620, attrs=..., buf=0x7ffe05c1dcf0 "\020\335\301\005\376\177", len=1) at exec.c:3423
24
#10 0x0000561ad31bd90b in address_space_read_full (as=0x561ad5bb3020, addr=4249485620, attrs=..., buf=0x7ffe05c1dcf0 "\020\335\301\005\376\177", len=1) at exec.c:3436
25
#11 0x0000561ad33b1c42 in address_space_read (len=1, buf=0x7ffe05c1dcf0 "\020\335\301\005\376\177", attrs=..., addr=4249485620, as=0x561ad5bb3020) at include/exec/memory.h:2131
26
#12 0x0000561ad33b1c42 in memory_dump (mon=0x561ad59c4530, count=1, format=120, wsize=1, addr=4249485620, is_physical=1) at monitor/misc.c:723
27
#13 0x0000561ad33b1fc1 in hmp_physical_memory_dump (mon=0x561ad59c4530, qdict=0x561ad6c6fd00) at monitor/misc.c:795
28
#14 0x0000561ad37b4a9f in handle_hmp_command (mon=0x561ad59c4530, cmdline=0x561ad59d0f22 "/b 0x00000000fd4a0134") at monitor/hmp.c:1082
29
30
Fix by checking the FIFO is not empty before popping from it.
31
32
The datasheet is not clear about the reset value of this register,
33
we choose to return '0'.
34
35
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
36
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
37
Message-id: 20190709113715.7761-4-philmd@redhat.com
38
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
39
---
11
---
40
hw/display/xlnx_dp.c | 15 +++++++++++----
12
hw/gpio/pl061.c | 12 +++++++-----
41
1 file changed, 11 insertions(+), 4 deletions(-)
13
1 file changed, 7 insertions(+), 5 deletions(-)
42
14
43
diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c
15
diff --git a/hw/gpio/pl061.c b/hw/gpio/pl061.c
44
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
45
--- a/hw/display/xlnx_dp.c
17
--- a/hw/gpio/pl061.c
46
+++ b/hw/display/xlnx_dp.c
18
+++ b/hw/gpio/pl061.c
47
@@ -XXX,XX +XXX,XX @@ static uint8_t xlnx_dp_aux_pop_rx_fifo(XlnxDPState *s)
19
@@ -XXX,XX +XXX,XX @@ static const uint8_t pl061_id_luminary[12] =
48
uint8_t ret;
20
#define TYPE_PL061 "pl061"
49
21
#define PL061(obj) OBJECT_CHECK(PL061State, (obj), TYPE_PL061)
50
if (fifo8_is_empty(&s->rx_fifo)) {
22
51
- DPRINTF("rx_fifo underflow..\n");
23
+#define N_GPIOS 8
52
- abort();
24
+
53
+ qemu_log_mask(LOG_GUEST_ERROR,
25
typedef struct PL061State {
54
+ "%s: Reading empty RX_FIFO\n",
26
SysBusDevice parent_obj;
55
+ __func__);
27
56
+ /*
28
@@ -XXX,XX +XXX,XX @@ typedef struct PL061State {
57
+ * The datasheet is not clear about the reset value, it seems
29
uint32_t cr;
58
+ * to be unspecified. We choose to return '0'.
30
uint32_t amsel;
59
+ */
31
qemu_irq irq;
60
+ ret = 0;
32
- qemu_irq out[8];
61
+ } else {
33
+ qemu_irq out[N_GPIOS];
62
+ ret = fifo8_pop(&s->rx_fifo);
34
const unsigned char *id;
63
+ DPRINTF("pop 0x%" PRIX8 " from rx_fifo.\n", ret);
35
uint32_t rsvd_start; /* reserved area: [rsvd_start, 0xfcc] */
64
}
36
} PL061State;
65
- ret = fifo8_pop(&s->rx_fifo);
37
@@ -XXX,XX +XXX,XX @@ static void pl061_update(PL061State *s)
66
- DPRINTF("pop 0x%" PRIX8 " from rx_fifo.\n", ret);
38
changed = s->old_out_data ^ out;
67
return ret;
39
if (changed) {
40
s->old_out_data = out;
41
- for (i = 0; i < 8; i++) {
42
+ for (i = 0; i < N_GPIOS; i++) {
43
mask = 1 << i;
44
if (changed & mask) {
45
DPRINTF("Set output %d = %d\n", i, (out & mask) != 0);
46
@@ -XXX,XX +XXX,XX @@ static void pl061_update(PL061State *s)
47
changed = (s->old_in_data ^ s->data) & ~s->dir;
48
if (changed) {
49
s->old_in_data = s->data;
50
- for (i = 0; i < 8; i++) {
51
+ for (i = 0; i < N_GPIOS; i++) {
52
mask = 1 << i;
53
if (changed & mask) {
54
DPRINTF("Changed input %d = %d\n", i, (s->data & mask) != 0);
55
@@ -XXX,XX +XXX,XX @@ static void pl061_init(Object *obj)
56
memory_region_init_io(&s->iomem, obj, &pl061_ops, s, "pl061", 0x1000);
57
sysbus_init_mmio(sbd, &s->iomem);
58
sysbus_init_irq(sbd, &s->irq);
59
- qdev_init_gpio_in(dev, pl061_set_irq, 8);
60
- qdev_init_gpio_out(dev, s->out, 8);
61
+ qdev_init_gpio_in(dev, pl061_set_irq, N_GPIOS);
62
+ qdev_init_gpio_out(dev, s->out, N_GPIOS);
68
}
63
}
69
64
65
static void pl061_class_init(ObjectClass *klass, void *data)
70
--
66
--
71
2.20.1
67
2.20.1
72
68
73
69
diff view generated by jsdifflib
[Qemu-devel] [PULL 03/10] hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory
[PULL 25/29] target/arm: Use tcg_gen_gvec_mov for clear_vec_high
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Lei Sun found while auditing the code that a CPU write would
3
The 8-byte store for the end a !is_q operation can be
4
trigger a NULL pointer dereference.
4
merged with the other stores. Use a no-op vector move
5
to trigger the expand_clr portion of tcg_gen_gvec_mov.
5
6
6
>From UG1085 datasheet [*] AXI writes in this region are ignored
7
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
7
and generates an AXI Slave Error (SLVERR).
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
9
Message-id: 20200519212453.28494-2-richard.henderson@linaro.org
9
Fix by implementing the write_with_attrs() handler.
10
Return MEMTX_ERROR when the region is accessed (this error maps
11
to an AXI slave error).
12
13
[*] https://www.xilinx.com/support/documentation/user_guides/ug1085-zynq-ultrascale-trm.pdf
14
15
Reported-by: Lei Sun <slei.casper@gmail.com>
16
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
17
Tested-by: Francisco Iglesias <frasse.iglesias@gmail.com>
18
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
---
11
---
21
hw/ssi/xilinx_spips.c | 16 ++++++++++++++++
12
target/arm/translate-a64.c | 10 ++--------
22
1 file changed, 16 insertions(+)
13
1 file changed, 2 insertions(+), 8 deletions(-)
23
14
24
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
15
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
25
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
26
--- a/hw/ssi/xilinx_spips.c
17
--- a/target/arm/translate-a64.c
27
+++ b/hw/ssi/xilinx_spips.c
18
+++ b/target/arm/translate-a64.c
28
@@ -XXX,XX +XXX,XX @@ static MemTxResult lqspi_read(void *opaque, hwaddr addr, uint64_t *value,
19
@@ -XXX,XX +XXX,XX @@ static void clear_vec_high(DisasContext *s, bool is_q, int rd)
29
return lqspi_read(opaque, addr, value, size, attrs);
20
unsigned ofs = fp_reg_offset(s, rd, MO_64);
21
unsigned vsz = vec_full_reg_size(s);
22
23
- if (!is_q) {
24
- TCGv_i64 tcg_zero = tcg_const_i64(0);
25
- tcg_gen_st_i64(tcg_zero, cpu_env, ofs + 8);
26
- tcg_temp_free_i64(tcg_zero);
27
- }
28
- if (vsz > 16) {
29
- tcg_gen_gvec_dup_imm(MO_64, ofs + 16, vsz - 16, vsz - 16, 0);
30
- }
31
+ /* Nop move, with side effect of clearing the tail. */
32
+ tcg_gen_gvec_mov(MO_64, ofs, ofs, is_q ? 16 : 8, vsz);
30
}
33
}
31
34
32
+static MemTxResult lqspi_write(void *opaque, hwaddr offset, uint64_t value,
35
void write_fp_dreg(DisasContext *s, int reg, TCGv_i64 v)
33
+ unsigned size, MemTxAttrs attrs)
34
+{
35
+ /*
36
+ * From UG1085, Chapter 24 (Quad-SPI controllers):
37
+ * - Writes are ignored
38
+ * - AXI writes generate an external AXI slave error (SLVERR)
39
+ */
40
+ qemu_log_mask(LOG_GUEST_ERROR, "%s Unexpected %u-bit access to 0x%" PRIx64
41
+ " (value: 0x%" PRIx64 "\n",
42
+ __func__, size << 3, offset, value);
43
+
44
+ return MEMTX_ERROR;
45
+}
46
+
47
static const MemoryRegionOps lqspi_ops = {
48
.read_with_attrs = lqspi_read,
49
+ .write_with_attrs = lqspi_write,
50
.endianness = DEVICE_NATIVE_ENDIAN,
51
.valid = {
52
.min_access_size = 1,
53
--
36
--
54
2.20.1
37
2.20.1
55
38
56
39
diff view generated by jsdifflib
[Qemu-devel] [PULL 02/10] hw/ssi/xilinx_spips: Convert lqspi_read() to read_with_attrs
[PULL 26/29] target/arm: Use clear_vec_high more effectively
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
In the next commit we will implement the write_with_attrs()
3
Do not explicitly store zero to the NEON high part
4
handler. To avoid using different APIs, convert the read()
4
when we can pass !is_q to clear_vec_high.
5
handler first.
6
5
7
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
8
Tested-by: Francisco Iglesias <frasse.iglesias@gmail.com>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Message-id: 20200519212453.28494-3-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
10
---
12
hw/ssi/xilinx_spips.c | 23 +++++++++++------------
11
target/arm/translate-a64.c | 53 +++++++++++++++++++++++---------------
13
1 file changed, 11 insertions(+), 12 deletions(-)
12
1 file changed, 32 insertions(+), 21 deletions(-)
14
13
15
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
14
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
16
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/ssi/xilinx_spips.c
16
--- a/target/arm/translate-a64.c
18
+++ b/hw/ssi/xilinx_spips.c
17
+++ b/target/arm/translate-a64.c
19
@@ -XXX,XX +XXX,XX @@ static void lqspi_load_cache(void *opaque, hwaddr addr)
18
@@ -XXX,XX +XXX,XX @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size)
19
{
20
/* This always zero-extends and writes to a full 128 bit wide vector */
21
TCGv_i64 tmplo = tcg_temp_new_i64();
22
- TCGv_i64 tmphi;
23
+ TCGv_i64 tmphi = NULL;
24
25
if (size < 4) {
26
MemOp memop = s->be_data + size;
27
- tmphi = tcg_const_i64(0);
28
tcg_gen_qemu_ld_i64(tmplo, tcg_addr, get_mem_index(s), memop);
29
} else {
30
bool be = s->be_data == MO_BE;
31
@@ -XXX,XX +XXX,XX @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size)
20
}
32
}
33
34
tcg_gen_st_i64(tmplo, cpu_env, fp_reg_offset(s, destidx, MO_64));
35
- tcg_gen_st_i64(tmphi, cpu_env, fp_reg_hi_offset(s, destidx));
36
-
37
tcg_temp_free_i64(tmplo);
38
- tcg_temp_free_i64(tmphi);
39
40
- clear_vec_high(s, true, destidx);
41
+ if (tmphi) {
42
+ tcg_gen_st_i64(tmphi, cpu_env, fp_reg_hi_offset(s, destidx));
43
+ tcg_temp_free_i64(tmphi);
44
+ }
45
+ clear_vec_high(s, tmphi != NULL, destidx);
21
}
46
}
22
47
23
-static uint64_t
48
/*
24
-lqspi_read(void *opaque, hwaddr addr, unsigned int size)
49
@@ -XXX,XX +XXX,XX @@ static void disas_simd_ext(DisasContext *s, uint32_t insn)
25
+static MemTxResult lqspi_read(void *opaque, hwaddr addr, uint64_t *value,
50
read_vec_element(s, tcg_resh, rm, 0, MO_64);
26
+ unsigned size, MemTxAttrs attrs)
51
do_ext64(s, tcg_resh, tcg_resl, pos);
27
{
52
}
28
- XilinxQSPIPS *q = opaque;
53
- tcg_gen_movi_i64(tcg_resh, 0);
29
- uint32_t ret;
54
} else {
30
+ XilinxQSPIPS *q = XILINX_QSPIPS(opaque);
55
TCGv_i64 tcg_hh;
31
56
typedef struct {
32
if (addr >= q->lqspi_cached_addr &&
57
@@ -XXX,XX +XXX,XX @@ static void disas_simd_ext(DisasContext *s, uint32_t insn)
33
addr <= q->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) {
58
34
uint8_t *retp = &q->lqspi_buf[addr - q->lqspi_cached_addr];
59
write_vec_element(s, tcg_resl, rd, 0, MO_64);
35
- ret = cpu_to_le32(*(uint32_t *)retp);
60
tcg_temp_free_i64(tcg_resl);
36
- DB_PRINT_L(1, "addr: %08x, data: %08x\n", (unsigned)addr,
61
- write_vec_element(s, tcg_resh, rd, 1, MO_64);
37
- (unsigned)ret);
62
+ if (is_q) {
38
- return ret;
63
+ write_vec_element(s, tcg_resh, rd, 1, MO_64);
64
+ }
65
tcg_temp_free_i64(tcg_resh);
66
- clear_vec_high(s, true, rd);
67
+ clear_vec_high(s, is_q, rd);
68
}
69
70
/* TBL/TBX
71
@@ -XXX,XX +XXX,XX @@ static void disas_simd_tb(DisasContext *s, uint32_t insn)
72
* the input.
73
*/
74
tcg_resl = tcg_temp_new_i64();
75
- tcg_resh = tcg_temp_new_i64();
76
+ tcg_resh = NULL;
77
78
if (is_tblx) {
79
read_vec_element(s, tcg_resl, rd, 0, MO_64);
80
} else {
81
tcg_gen_movi_i64(tcg_resl, 0);
82
}
83
- if (is_tblx && is_q) {
84
- read_vec_element(s, tcg_resh, rd, 1, MO_64);
39
- } else {
85
- } else {
40
- lqspi_load_cache(opaque, addr);
86
- tcg_gen_movi_i64(tcg_resh, 0);
41
- return lqspi_read(opaque, addr, size);
87
+
42
+ *value = cpu_to_le32(*(uint32_t *)retp);
88
+ if (is_q) {
43
+ DB_PRINT_L(1, "addr: %08" HWADDR_PRIx ", data: %08" PRIx64 "\n",
89
+ tcg_resh = tcg_temp_new_i64();
44
+ addr, *value);
90
+ if (is_tblx) {
45
+ return MEMTX_OK;
91
+ read_vec_element(s, tcg_resh, rd, 1, MO_64);
92
+ } else {
93
+ tcg_gen_movi_i64(tcg_resh, 0);
94
+ }
46
}
95
}
96
97
tcg_idx = tcg_temp_new_i64();
98
@@ -XXX,XX +XXX,XX @@ static void disas_simd_tb(DisasContext *s, uint32_t insn)
99
100
write_vec_element(s, tcg_resl, rd, 0, MO_64);
101
tcg_temp_free_i64(tcg_resl);
102
- write_vec_element(s, tcg_resh, rd, 1, MO_64);
103
- tcg_temp_free_i64(tcg_resh);
104
- clear_vec_high(s, true, rd);
47
+
105
+
48
+ lqspi_load_cache(opaque, addr);
106
+ if (is_q) {
49
+ return lqspi_read(opaque, addr, value, size, attrs);
107
+ write_vec_element(s, tcg_resh, rd, 1, MO_64);
108
+ tcg_temp_free_i64(tcg_resh);
109
+ }
110
+ clear_vec_high(s, is_q, rd);
50
}
111
}
51
112
52
static const MemoryRegionOps lqspi_ops = {
113
/* ZIP/UZP/TRN
53
- .read = lqspi_read,
114
@@ -XXX,XX +XXX,XX @@ static void disas_simd_zip_trn(DisasContext *s, uint32_t insn)
54
+ .read_with_attrs = lqspi_read,
115
}
55
.endianness = DEVICE_NATIVE_ENDIAN,
116
56
.valid = {
117
tcg_resl = tcg_const_i64(0);
57
.min_access_size = 1,
118
- tcg_resh = tcg_const_i64(0);
119
+ tcg_resh = is_q ? tcg_const_i64(0) : NULL;
120
tcg_res = tcg_temp_new_i64();
121
122
for (i = 0; i < elements; i++) {
123
@@ -XXX,XX +XXX,XX @@ static void disas_simd_zip_trn(DisasContext *s, uint32_t insn)
124
125
write_vec_element(s, tcg_resl, rd, 0, MO_64);
126
tcg_temp_free_i64(tcg_resl);
127
- write_vec_element(s, tcg_resh, rd, 1, MO_64);
128
- tcg_temp_free_i64(tcg_resh);
129
- clear_vec_high(s, true, rd);
130
+
131
+ if (is_q) {
132
+ write_vec_element(s, tcg_resh, rd, 1, MO_64);
133
+ tcg_temp_free_i64(tcg_resh);
134
+ }
135
+ clear_vec_high(s, is_q, rd);
136
}
137
138
/*
58
--
139
--
59
2.20.1
140
2.20.1
60
141
61
142
diff view generated by jsdifflib
[Qemu-devel] [PULL 10/10] target/arm: NS BusFault on vector table fetch escalates to NS HardFault
[PULL 27/29] target/arm: Allow user-mode code to write CPSR.E via MSR
1
In the M-profile architecture, when we do a vector table fetch and it
1
Using the MSR instruction to write to CPSR.E is deprecated, but it is
2
fails, we need to report a HardFault. Whether this is a Secure HF or
2
required to work from any mode including unprivileged code. We were
3
a NonSecure HF depends on several things. If AIRCR.BFHFNMINS is 0
3
incorrectly forbidding usermode code from writing it because
4
then HF is always Secure, because there is no NonSecure HardFault.
4
CPSR_USER did not include the CPSR_E bit.
5
Otherwise, the answer depends on whether the 'underlying exception'
6
(MemManage, BusFault, SecureFault) targets Secure or NonSecure. (In
7
the pseudocode, this is handled in the Vector() function: the final
8
exc.isSecure is calculated by looking at the exc.isSecure from the
9
exception returned from the memory access, not the isSecure input
10
argument.)
11
5
12
We weren't doing this correctly, because we were looking at
6
We use CPSR_USER in only three places:
13
the target security domain of the exception we were trying to
7
* as the mask of what to allow userspace MSR to write to CPSR
14
load the vector table entry for. This produces errors of two kinds:
8
* when deciding what bits a linux-user signal-return should be
15
* a load from the NS vector table which hits the "NS access
9
able to write from the sigcontext structure
16
to S memory" SecureFault should end up as a Secure HardFault,
10
* in target_user_copy_regs() when we set up the initial
17
but we were raising an NS HardFault
11
registers for the linux-user process
18
* a load from the S vector table which causes a BusFault
19
should raise an NS HardFault if BFHFNMINS == 1 (because
20
in that case all BusFaults are NonSecure), but we were raising
21
a Secure HardFault
22
12
23
Correct the logic.
13
In the first two cases not being able to update CPSR.E is a bug, and
14
in the third case it doesn't matter because CPSR.E is always 0 there.
15
So we can fix both bugs by adding CPSR_E to CPSR_USER.
24
16
25
We also fix a comment error where we claimed that we might
17
Because the cpsr_write() in restore_sigcontext() is now changing
26
be escalating MemManage to HardFault, and forgot about SecureFault.
18
a CPSR bit which is cached in hflags, we need to add an
27
(Vector loads can never hit MPU access faults, because they're
19
arm_rebuild_hflags() call there; the callsite in
28
always aligned and always use the default address map.)
20
target_user_copy_regs() was already rebuilding hflags for other
21
reasons.
22
23
(The recommended way to change CPSR.E is to use the 'SETEND'
24
instruction, which we do correctly allow from usermode code.)
29
25
30
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
26
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
31
Message-id: 20190705094823.28905-1-peter.maydell@linaro.org
27
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
28
Message-id: 20200518142801.20503-1-peter.maydell@linaro.org
32
---
29
---
33
target/arm/m_helper.c | 21 +++++++++++++++++----
30
target/arm/cpu.h | 2 +-
34
1 file changed, 17 insertions(+), 4 deletions(-)
31
linux-user/arm/signal.c | 1 +
32
2 files changed, 2 insertions(+), 1 deletion(-)
35
33
36
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
34
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
37
index XXXXXXX..XXXXXXX 100644
35
index XXXXXXX..XXXXXXX 100644
38
--- a/target/arm/m_helper.c
36
--- a/target/arm/cpu.h
39
+++ b/target/arm/m_helper.c
37
+++ b/target/arm/cpu.h
40
@@ -XXX,XX +XXX,XX @@ static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure,
38
@@ -XXX,XX +XXX,XX @@ void pmu_init(ARMCPU *cpu);
41
if (sattrs.ns) {
39
#define CACHED_CPSR_BITS (CPSR_T | CPSR_AIF | CPSR_GE | CPSR_IT | CPSR_Q \
42
attrs.secure = false;
40
| CPSR_NZCV)
43
} else if (!targets_secure) {
41
/* Bits writable in user mode. */
44
- /* NS access to S memory */
42
-#define CPSR_USER (CPSR_NZCV | CPSR_Q | CPSR_GE)
45
+ /*
43
+#define CPSR_USER (CPSR_NZCV | CPSR_Q | CPSR_GE | CPSR_E)
46
+ * NS access to S memory: the underlying exception which we escalate
44
/* Execution state bits. MRS read as zero, MSR writes ignored. */
47
+ * to HardFault is SecureFault, which always targets Secure.
45
#define CPSR_EXEC (CPSR_T | CPSR_IT | CPSR_J | CPSR_IL)
48
+ */
46
49
+ exc_secure = true;
47
diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c
50
goto load_fail;
48
index XXXXXXX..XXXXXXX 100644
51
}
49
--- a/linux-user/arm/signal.c
52
}
50
+++ b/linux-user/arm/signal.c
53
@@ -XXX,XX +XXX,XX @@ static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure,
51
@@ -XXX,XX +XXX,XX @@ restore_sigcontext(CPUARMState *env, struct target_sigcontext *sc)
54
vector_entry = address_space_ldl(arm_addressspace(cs, attrs), addr,
52
#ifdef TARGET_CONFIG_CPU_32
55
attrs, &result);
53
__get_user(cpsr, &sc->arm_cpsr);
56
if (result != MEMTX_OK) {
54
cpsr_write(env, cpsr, CPSR_USER | CPSR_EXEC, CPSRWriteByInstr);
57
+ /*
55
+ arm_rebuild_hflags(env);
58
+ * Underlying exception is BusFault: its target security state
56
#endif
59
+ * depends on BFHFNMINS.
57
60
+ */
58
err |= !valid_user_regs(env);
61
+ exc_secure = !(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK);
62
goto load_fail;
63
}
64
*pvec = vector_entry;
65
@@ -XXX,XX +XXX,XX @@ load_fail:
66
/*
67
* All vector table fetch fails are reported as HardFault, with
68
* HFSR.VECTTBL and .FORCED set. (FORCED is set because
69
- * technically the underlying exception is a MemManage or BusFault
70
+ * technically the underlying exception is a SecureFault or BusFault
71
* that is escalated to HardFault.) This is a terminal exception,
72
* so we will either take the HardFault immediately or else enter
73
* lockup (the latter case is handled in armv7m_nvic_set_pending_derived()).
74
+ * The HardFault is Secure if BFHFNMINS is 0 (meaning that all HFs are
75
+ * secure); otherwise it targets the same security state as the
76
+ * underlying exception.
77
*/
78
- exc_secure = targets_secure ||
79
- !(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK);
80
+ if (!(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
81
+ exc_secure = true;
82
+ }
83
env->v7m.hfsr |= R_V7M_HFSR_VECTTBL_MASK | R_V7M_HFSR_FORCED_MASK;
84
armv7m_nvic_set_pending_derived(env->nvic, ARMV7M_EXCP_HARD, exc_secure);
85
return false;
86
--
59
--
87
2.20.1
60
2.20.1
88
61
89
62
diff view generated by jsdifflib
[Qemu-devel] [PULL 05/10] hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO
[PULL 28/29] linux-user/arm: Reset CPSR_E when entering a signal handler
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Amanieu d'Antras <amanieu@gmail.com>
2
2
3
Reading the RX_DATA register when the RX_FIFO is empty triggers
3
This fixes signal handlers running with the wrong endianness if the
4
an abort. This can be easily reproduced:
4
interrupted code used SETEND to dynamically switch endianness.
5
5
6
$ qemu-system-arm -M emcraft-sf2 -monitor stdio -S
6
Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
7
QEMU 4.0.50 monitor - type 'help' for more information
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
(qemu) x 0x40001010
8
Message-id: 20200511131117.2486486-1-amanieu@gmail.com
9
Aborted (core dumped)
10
11
(gdb) bt
12
#1 0x00007f035874f895 in abort () at /lib64/libc.so.6
13
#2 0x00005628686591ff in fifo8_pop (fifo=0x56286a9a4c68) at util/fifo8.c:66
14
#3 0x00005628683e0b8e in fifo32_pop (fifo=0x56286a9a4c68) at include/qemu/fifo32.h:137
15
#4 0x00005628683e0efb in spi_read (opaque=0x56286a9a4850, addr=4, size=4) at hw/ssi/mss-spi.c:168
16
#5 0x0000562867f96801 in memory_region_read_accessor (mr=0x56286a9a4b60, addr=16, value=0x7ffeecb0c5c8, size=4, shift=0, mask=4294967295, attrs=...) at memory.c:439
17
#6 0x0000562867f96cdb in access_with_adjusted_size (addr=16, value=0x7ffeecb0c5c8, size=4, access_size_min=1, access_size_max=4, access_fn=0x562867f967c3 <memory_region_read_accessor>, mr=0x56286a9a4b60, attrs=...) at memory.c:569
18
#7 0x0000562867f99940 in memory_region_dispatch_read1 (mr=0x56286a9a4b60, addr=16, pval=0x7ffeecb0c5c8, size=4, attrs=...) at memory.c:1420
19
#8 0x0000562867f99a08 in memory_region_dispatch_read (mr=0x56286a9a4b60, addr=16, pval=0x7ffeecb0c5c8, size=4, attrs=...) at memory.c:1447
20
#9 0x0000562867f38721 in flatview_read_continue (fv=0x56286aec6360, addr=1073745936, attrs=..., buf=0x7ffeecb0c7c0 "\340ǰ\354\376\177", len=4, addr1=16, l=4, mr=0x56286a9a4b60) at exec.c:3385
21
#10 0x0000562867f38874 in flatview_read (fv=0x56286aec6360, addr=1073745936, attrs=..., buf=0x7ffeecb0c7c0 "\340ǰ\354\376\177", len=4) at exec.c:3423
22
#11 0x0000562867f388ea in address_space_read_full (as=0x56286aa3e890, addr=1073745936, attrs=..., buf=0x7ffeecb0c7c0 "\340ǰ\354\376\177", len=4) at exec.c:3436
23
#12 0x0000562867f389c5 in address_space_rw (as=0x56286aa3e890, addr=1073745936, attrs=..., buf=0x7ffeecb0c7c0 "\340ǰ\354\376\177", len=4, is_write=false) at exec.c:3466
24
#13 0x0000562867f3bdd7 in cpu_memory_rw_debug (cpu=0x56286aa19d00, addr=1073745936, buf=0x7ffeecb0c7c0 "\340ǰ\354\376\177", len=4, is_write=0) at exec.c:3976
25
#14 0x000056286811ed51 in memory_dump (mon=0x56286a8c32d0, count=1, format=120, wsize=4, addr=1073745936, is_physical=0) at monitor/misc.c:730
26
#15 0x000056286811eff1 in hmp_memory_dump (mon=0x56286a8c32d0, qdict=0x56286b15c400) at monitor/misc.c:785
27
#16 0x00005628684740ee in handle_hmp_command (mon=0x56286a8c32d0, cmdline=0x56286a8caeb2 "0x40001010") at monitor/hmp.c:1082
28
29
From the datasheet "Actel SmartFusion Microcontroller Subsystem
30
User's Guide" Rev.1, Table 13-3 "SPI Register Summary", this
31
register has a reset value of 0.
32
33
Check the FIFO is not empty before accessing it, else log an
34
error message.
35
36
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
37
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
38
Message-id: 20190709113715.7761-3-philmd@redhat.com
39
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
40
---
10
---
41
hw/ssi/mss-spi.c | 8 +++++++-
11
linux-user/arm/signal.c | 8 +++++++-
42
1 file changed, 7 insertions(+), 1 deletion(-)
12
1 file changed, 7 insertions(+), 1 deletion(-)
43
13
44
diff --git a/hw/ssi/mss-spi.c b/hw/ssi/mss-spi.c
14
diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c
45
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
46
--- a/hw/ssi/mss-spi.c
16
--- a/linux-user/arm/signal.c
47
+++ b/hw/ssi/mss-spi.c
17
+++ b/linux-user/arm/signal.c
48
@@ -XXX,XX +XXX,XX @@ spi_read(void *opaque, hwaddr addr, unsigned int size)
18
@@ -XXX,XX +XXX,XX @@ setup_return(CPUARMState *env, struct target_sigaction *ka,
49
case R_SPI_RX:
19
} else {
50
s->regs[R_SPI_STATUS] &= ~S_RXFIFOFUL;
20
cpsr &= ~CPSR_T;
51
s->regs[R_SPI_STATUS] &= ~S_RXCHOVRF;
21
}
52
- ret = fifo32_pop(&s->rx_fifo);
22
+ if (env->cp15.sctlr_el[1] & SCTLR_E0E) {
53
+ if (fifo32_is_empty(&s->rx_fifo)) {
23
+ cpsr |= CPSR_E;
54
+ qemu_log_mask(LOG_GUEST_ERROR,
24
+ } else {
55
+ "%s: Reading empty RX_FIFO\n",
25
+ cpsr &= ~CPSR_E;
56
+ __func__);
26
+ }
57
+ } else {
27
58
+ ret = fifo32_pop(&s->rx_fifo);
28
if (ka->sa_flags & TARGET_SA_RESTORER) {
59
+ }
29
if (is_fdpic) {
60
if (fifo32_is_empty(&s->rx_fifo)) {
30
@@ -XXX,XX +XXX,XX @@ setup_return(CPUARMState *env, struct target_sigaction *ka,
61
s->regs[R_SPI_STATUS] |= S_RXFIFOEMP;
31
env->regs[13] = frame_addr;
62
}
32
env->regs[14] = retcode;
33
env->regs[15] = handler & (thumb ? ~1 : ~3);
34
- cpsr_write(env, cpsr, CPSR_IT | CPSR_T, CPSRWriteByInstr);
35
+ cpsr_write(env, cpsr, CPSR_IT | CPSR_T | CPSR_E, CPSRWriteByInstr);
36
+ arm_rebuild_hflags(env);
37
38
return 0;
39
}
63
--
40
--
64
2.20.1
41
2.20.1
65
42
66
43
diff view generated by jsdifflib
[Qemu-devel] [PULL 09/10] target/arm: Set VFP-related MVFR0 fields for arm926 and arm1026
[PULL 29/29] linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32
1
The ARMv5 architecture didn't specify detailed per-feature ID
1
The Arm signal-handling code has some parts ifdeffed with a
2
registers. Now that we're using the MVFR0 register fields to
2
TARGET_CONFIG_CPU_32, which is always defined. This is a leftover
3
gate the existence of VFP instructions, we need to set up
3
from when this code's structure was based on the Linux kernel
4
the correct values in the cpu->isar structure so that we still
4
signal handling code, where it was intended to support 26-bit
5
provide an FPU to the guest.
5
Arm CPUs. The kernel dropped its CONFIG_CPU_32 in kernel commit
6
4da8b8208eded0ba21e3 in 2009.
6
7
7
This fixes a regression in the arm926 and arm1026 CPUs, which
8
QEMU has never had 26-bit CPU support and is unlikely to ever
8
are the only ones that both have VFP and are ARMv5 or earlier.
9
add it; we certainly aren't going to support 26-bit Linux
9
This regression was introduced by the VFP refactoring, and more
10
binaries via linux-user mode. The ifdef is just unhelpful
10
specifically by commits 1120827fa182f0e76 and 266bd25c485597c,
11
noise, so remove it entirely.
11
which accidentally disabled VFP short-vector support and
12
double-precision support on these CPUs.
13
12
14
Fixes: 1120827fa182f0e
15
Fixes: 266bd25c485597c
16
Fixes: https://bugs.launchpad.net/qemu/+bug/1836192
17
Reported-by: Christophe Lyon <christophe.lyon@linaro.org>
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
14
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
20
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
15
Message-id: 20200518143014.20689-1-peter.maydell@linaro.org
21
Tested-by: Christophe Lyon <christophe.lyon@linaro.org>
22
Message-id: 20190711131241.22231-1-peter.maydell@linaro.org
23
---
16
---
24
target/arm/cpu.c | 12 ++++++++++++
17
linux-user/arm/signal.c | 6 ------
25
1 file changed, 12 insertions(+)
18
1 file changed, 6 deletions(-)
26
19
27
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
20
diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c
28
index XXXXXXX..XXXXXXX 100644
21
index XXXXXXX..XXXXXXX 100644
29
--- a/target/arm/cpu.c
22
--- a/linux-user/arm/signal.c
30
+++ b/target/arm/cpu.c
23
+++ b/linux-user/arm/signal.c
31
@@ -XXX,XX +XXX,XX @@ static void arm926_initfn(Object *obj)
24
@@ -XXX,XX +XXX,XX @@ struct rt_sigframe_v2
32
* set the field to indicate Jazelle support within QEMU.
25
abi_ulong retcode[4];
33
*/
26
};
34
cpu->isar.id_isar1 = FIELD_DP32(cpu->isar.id_isar1, ID_ISAR1, JAZELLE, 1);
27
35
+ /*
28
-#define TARGET_CONFIG_CPU_32 1
36
+ * Similarly, we need to set MVFR0 fields to enable double precision
29
-
37
+ * and short vector support even though ARMv5 doesn't have this register.
30
/*
38
+ */
31
* For ARM syscalls, we encode the syscall number into the instruction.
39
+ cpu->isar.mvfr0 = FIELD_DP32(cpu->isar.mvfr0, MVFR0, FPSHVEC, 1);
32
*/
40
+ cpu->isar.mvfr0 = FIELD_DP32(cpu->isar.mvfr0, MVFR0, FPDP, 1);
33
@@ -XXX,XX +XXX,XX @@ setup_sigcontext(struct target_sigcontext *sc, /*struct _fpstate *fpstate,*/
41
}
34
__put_user(env->regs[13], &sc->arm_sp);
42
35
__put_user(env->regs[14], &sc->arm_lr);
43
static void arm946_initfn(Object *obj)
36
__put_user(env->regs[15], &sc->arm_pc);
44
@@ -XXX,XX +XXX,XX @@ static void arm1026_initfn(Object *obj)
37
-#ifdef TARGET_CONFIG_CPU_32
45
* set the field to indicate Jazelle support within QEMU.
38
__put_user(cpsr_read(env), &sc->arm_cpsr);
46
*/
39
-#endif
47
cpu->isar.id_isar1 = FIELD_DP32(cpu->isar.id_isar1, ID_ISAR1, JAZELLE, 1);
40
48
+ /*
41
__put_user(/* current->thread.trap_no */ 0, &sc->trap_no);
49
+ * Similarly, we need to set MVFR0 fields to enable double precision
42
__put_user(/* current->thread.error_code */ 0, &sc->error_code);
50
+ * and short vector support even though ARMv5 doesn't have this register.
43
@@ -XXX,XX +XXX,XX @@ restore_sigcontext(CPUARMState *env, struct target_sigcontext *sc)
51
+ */
44
__get_user(env->regs[13], &sc->arm_sp);
52
+ cpu->isar.mvfr0 = FIELD_DP32(cpu->isar.mvfr0, MVFR0, FPSHVEC, 1);
45
__get_user(env->regs[14], &sc->arm_lr);
53
+ cpu->isar.mvfr0 = FIELD_DP32(cpu->isar.mvfr0, MVFR0, FPDP, 1);
46
__get_user(env->regs[15], &sc->arm_pc);
54
47
-#ifdef TARGET_CONFIG_CPU_32
55
{
48
__get_user(cpsr, &sc->arm_cpsr);
56
/* The 1026 had an IFAR at c6,c0,0,1 rather than the ARMv6 c6,c0,0,2 */
49
cpsr_write(env, cpsr, CPSR_USER | CPSR_EXEC, CPSRWriteByInstr);
50
arm_rebuild_hflags(env);
51
-#endif
52
53
err |= !valid_user_regs(env);
54
57
--
55
--
58
2.20.1
56
2.20.1
59
57
60
58
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.