[Qemu-devel] [PULL 00/10] target-arm queue
[PULL 00/28] target-arm queue
1
target-arm queue for rc1 -- these are all bug fixes.
1
Just flushing my target-arm queue since I won't be working next week :-)
2
2
3
thanks
4
-- PMM
3
-- PMM
5
4
6
The following changes since commit b9404bf592e7ba74180e1a54ed7a266ec6ee67f2:
5
The following changes since commit b3cd3b5a66f0dddfe3d5ba2bef13cd4f5b89cde9:
7
6
8
Merge remote-tracking branch 'remotes/dgilbert/tags/pull-hmp-20190715' into staging (2019-07-15 12:22:07 +0100)
7
Merge tag 'pull-riscv-to-apply-20220610' of github.com:alistair23/qemu into staging (2022-06-09 22:08:27 -0700)
9
8
10
are available in the Git repository at:
9
are available in the Git repository at:
11
10
12
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190715
11
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220610
13
12
14
for you to fetch changes up to 51c9122e92b776a3f16af0b9282f1dc5012e2a19:
13
for you to fetch changes up to 90c072e063737e9e8f431489bbd334452f89056e:
15
14
16
target/arm: NS BusFault on vector table fetch escalates to NS HardFault (2019-07-15 14:17:04 +0100)
15
semihosting/config: Merge --semihosting-config option groups (2022-06-10 14:32:36 +0100)
17
16
18
----------------------------------------------------------------
17
----------------------------------------------------------------
19
target-arm queue:
18
* refactor exception routing code
20
* report ARMv8-A FP support for AArch32 -cpu max
19
* fix SCR_EL3 RAO/RAZ bits
21
* hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory
20
* gdbstub: Don't use GDB syscalls if no GDB is attached
22
* hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[]
21
* semihosting/config: Merge --semihosting-config option groups
23
* hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO
22
* tests/qtest: Reduce npcm7xx_sdhci test image size
24
* hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO
25
* hw/arm/virt: Fix non-secure flash mode
26
* pl031: Correctly migrate state when using -rtc clock=host
27
* fix regression that meant arm926 and arm1026 lost VFP
28
double-precision support
29
* v8M: NS BusFault on vector table fetch escalates to NS HardFault
30
23
31
----------------------------------------------------------------
24
----------------------------------------------------------------
32
Alex Bennée (1):
25
Hao Wu (1):
33
target/arm: report ARMv8-A FP support for AArch32 -cpu max
26
tests/qtest: Reduce npcm7xx_sdhci test image size
34
27
35
David Engraf (1):
28
Peter Maydell (2):
36
hw/arm/virt: Fix non-secure flash mode
29
gdbstub: Don't use GDB syscalls if no GDB is attached
30
semihosting/config: Merge --semihosting-config option groups
37
31
38
Peter Maydell (3):
32
Richard Henderson (25):
39
pl031: Correctly migrate state when using -rtc clock=host
33
target/arm: Mark exception helpers as noreturn
40
target/arm: Set VFP-related MVFR0 fields for arm926 and arm1026
34
target/arm: Add coproc parameter to syn_fp_access_trap
41
target/arm: NS BusFault on vector table fetch escalates to NS HardFault
35
target/arm: Move exception_target_el out of line
36
target/arm: Move arm_singlestep_active out of line
37
target/arm: Move arm_generate_debug_exceptions out of line
38
target/arm: Use is_a64 in arm_generate_debug_exceptions
39
target/arm: Move exception_bkpt_insn to debug_helper.c
40
target/arm: Move arm_debug_exception_fsr to debug_helper.c
41
target/arm: Rename helper_exception_with_syndrome
42
target/arm: Introduce gen_exception_insn_el_v
43
target/arm: Rename gen_exception_insn to gen_exception_insn_el
44
target/arm: Introduce gen_exception_insn
45
target/arm: Create helper_exception_swstep
46
target/arm: Remove TBFLAG_ANY.DEBUG_TARGET_EL
47
target/arm: Move gen_exception to translate.c
48
target/arm: Rename gen_exception to gen_exception_el
49
target/arm: Introduce gen_exception
50
target/arm: Introduce gen_exception_el_v
51
target/arm: Introduce helper_exception_with_syndrome
52
target/arm: Remove default_exception_el
53
target/arm: Create raise_exception_debug
54
target/arm: Move arm_debug_target_el to debug_helper.c
55
target/arm: Fix Secure PL1 tests in fp_exception_el
56
target/arm: Adjust format test in scr_write
57
target/arm: SCR_EL3.RW is RAO/WI without AArch32 EL[12]
42
58
43
Philippe Mathieu-Daudé (5):
59
target/arm/cpu.h | 133 ++---------------------
44
hw/ssi/xilinx_spips: Convert lqspi_read() to read_with_attrs
60
target/arm/helper.h | 8 +-
45
hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory
61
target/arm/internals.h | 43 +-------
46
hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[]
62
target/arm/syndrome.h | 7 +-
47
hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO
63
target/arm/translate.h | 43 ++------
48
hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO
64
gdbstub.c | 14 ++-
49
65
semihosting/config.c | 1 +
50
include/hw/timer/pl031.h | 2 ++
66
target/arm/debug_helper.c | 220 +++++++++++++++++++++++++++++++++++++--
51
hw/arm/virt.c | 2 +-
67
target/arm/helper.c | 53 ++++------
52
hw/core/machine.c | 1 +
68
target/arm/op_helper.c | 52 +++++----
53
hw/display/xlnx_dp.c | 15 +++++---
69
target/arm/translate-a64.c | 34 +++---
54
hw/ssi/mss-spi.c | 8 ++++-
70
target/arm/translate-m-nocp.c | 15 ++-
55
hw/ssi/xilinx_spips.c | 43 +++++++++++++++-------
71
target/arm/translate-mve.c | 3 +-
56
hw/timer/pl031.c | 92 +++++++++++++++++++++++++++++++++++++++++++++---
72
target/arm/translate-vfp.c | 18 +++-
57
target/arm/cpu.c | 16 +++++++++
73
target/arm/translate.c | 106 ++++++++++---------
58
target/arm/m_helper.c | 21 ++++++++---
74
tests/qtest/npcm7xx_sdhci-test.c | 2 +-
59
9 files changed, 174 insertions(+), 26 deletions(-)
75
16 files changed, 390 insertions(+), 362 deletions(-)
60
diff view generated by jsdifflib
New patch
[PULL 01/28] target/arm: Mark exception helpers as noreturn
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20220609202901.1177572-2-richard.henderson@linaro.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
target/arm/helper.h | 6 +++---
9
1 file changed, 3 insertions(+), 3 deletions(-)
10
11
diff --git a/target/arm/helper.h b/target/arm/helper.h
12
index XXXXXXX..XXXXXXX 100644
13
--- a/target/arm/helper.h
14
+++ b/target/arm/helper.h
15
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_2(usad8, TCG_CALL_NO_RWG_SE, i32, i32, i32)
16
17
DEF_HELPER_FLAGS_3(sel_flags, TCG_CALL_NO_RWG_SE,
18
i32, i32, i32, i32)
19
-DEF_HELPER_2(exception_internal, void, env, i32)
20
-DEF_HELPER_4(exception_with_syndrome, void, env, i32, i32, i32)
21
-DEF_HELPER_2(exception_bkpt_insn, void, env, i32)
22
+DEF_HELPER_2(exception_internal, noreturn, env, i32)
23
+DEF_HELPER_4(exception_with_syndrome, noreturn, env, i32, i32, i32)
24
+DEF_HELPER_2(exception_bkpt_insn, noreturn, env, i32)
25
DEF_HELPER_2(exception_pc_alignment, noreturn, env, tl)
26
DEF_HELPER_1(setend, void, env)
27
DEF_HELPER_2(wfi, void, env, i32)
28
--
29
2.25.1
diff view generated by jsdifflib
New patch
[PULL 02/28] target/arm: Add coproc parameter to syn_fp_access_trap
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
With ARMv8, this field is always RES0.
4
With ARMv7, targeting EL2 and TA=0, it is always 0xA.
5
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20220609202901.1177572-3-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/syndrome.h | 7 ++++---
12
target/arm/translate-a64.c | 3 ++-
13
target/arm/translate-vfp.c | 14 ++++++++++++--
14
3 files changed, 18 insertions(+), 6 deletions(-)
15
16
diff --git a/target/arm/syndrome.h b/target/arm/syndrome.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/syndrome.h
19
+++ b/target/arm/syndrome.h
20
@@ -XXX,XX +XXX,XX @@ static inline uint32_t syn_cp15_rrt_trap(int cv, int cond, int opc1, int crm,
21
| (rt2 << 10) | (rt << 5) | (crm << 1) | isread;
22
}
23
24
-static inline uint32_t syn_fp_access_trap(int cv, int cond, bool is_16bit)
25
+static inline uint32_t syn_fp_access_trap(int cv, int cond, bool is_16bit,
26
+ int coproc)
27
{
28
- /* AArch32 FP trap or any AArch64 FP/SIMD trap: TA == 0 coproc == 0xa */
29
+ /* AArch32 FP trap or any AArch64 FP/SIMD trap: TA == 0 */
30
return (EC_ADVSIMDFPACCESSTRAP << ARM_EL_EC_SHIFT)
31
| (is_16bit ? 0 : ARM_EL_IL)
32
- | (cv << 24) | (cond << 20) | 0xa;
33
+ | (cv << 24) | (cond << 20) | coproc;
34
}
35
36
static inline uint32_t syn_simd_access_trap(int cv, int cond, bool is_16bit)
37
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
38
index XXXXXXX..XXXXXXX 100644
39
--- a/target/arm/translate-a64.c
40
+++ b/target/arm/translate-a64.c
41
@@ -XXX,XX +XXX,XX @@ static bool fp_access_check(DisasContext *s)
42
s->fp_access_checked = true;
43
44
gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
45
- syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
46
+ syn_fp_access_trap(1, 0xe, false, 0),
47
+ s->fp_excp_el);
48
return false;
49
}
50
s->fp_access_checked = true;
51
diff --git a/target/arm/translate-vfp.c b/target/arm/translate-vfp.c
52
index XXXXXXX..XXXXXXX 100644
53
--- a/target/arm/translate-vfp.c
54
+++ b/target/arm/translate-vfp.c
55
@@ -XXX,XX +XXX,XX @@ static void gen_update_fp_context(DisasContext *s)
56
static bool vfp_access_check_a(DisasContext *s, bool ignore_vfp_enabled)
57
{
58
if (s->fp_excp_el) {
59
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
60
- syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
61
+ /*
62
+ * The full syndrome is only used for HSR when HCPTR traps:
63
+ * For v8, when TA==0, coproc is RES0.
64
+ * For v7, any use of a Floating-point instruction or access
65
+ * to a Floating-point Extension register that is trapped to
66
+ * Hyp mode because of a trap configured in the HCPTR sets
67
+ * this field to 0xA.
68
+ */
69
+ int coproc = arm_dc_feature(s, ARM_FEATURE_V8) ? 0 : 0xa;
70
+ uint32_t syn = syn_fp_access_trap(1, 0xe, false, coproc);
71
+
72
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn, s->fp_excp_el);
73
return false;
74
}
75
76
--
77
2.25.1
diff view generated by jsdifflib
New patch
[PULL 03/28] target/arm: Move exception_target_el out of line
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Move the function to op_helper.c, near raise_exception.
4
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20220609202901.1177572-4-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
target/arm/internals.h | 16 +---------------
11
target/arm/op_helper.c | 15 +++++++++++++++
12
2 files changed, 16 insertions(+), 15 deletions(-)
13
14
diff --git a/target/arm/internals.h b/target/arm/internals.h
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/internals.h
17
+++ b/target/arm/internals.h
18
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
19
int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx);
20
int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx);
21
22
-static inline int exception_target_el(CPUARMState *env)
23
-{
24
- int target_el = MAX(1, arm_current_el(env));
25
-
26
- /*
27
- * No such thing as secure EL1 if EL3 is aarch32,
28
- * so update the target EL to EL3 in this case.
29
- */
30
- if (arm_is_secure(env) && !arm_el_is_aa64(env, 3) && target_el == 1) {
31
- target_el = 3;
32
- }
33
-
34
- return target_el;
35
-}
36
-
37
/* Determine if allocation tags are available. */
38
static inline bool allocation_tag_access_enabled(CPUARMState *env, int el,
39
uint64_t sctlr)
40
@@ -XXX,XX +XXX,XX @@ void define_cortex_a72_a57_a53_cp_reginfo(ARMCPU *cpu);
41
bool el_is_in_host(CPUARMState *env, int el);
42
43
void aa32_max_features(ARMCPU *cpu);
44
+int exception_target_el(CPUARMState *env);
45
46
/* Powers of 2 for sve_vq_map et al. */
47
#define SVE_VQ_POW2_MAP \
48
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
49
index XXXXXXX..XXXXXXX 100644
50
--- a/target/arm/op_helper.c
51
+++ b/target/arm/op_helper.c
52
@@ -XXX,XX +XXX,XX @@
53
#define SIGNBIT (uint32_t)0x80000000
54
#define SIGNBIT64 ((uint64_t)1 << 63)
55
56
+int exception_target_el(CPUARMState *env)
57
+{
58
+ int target_el = MAX(1, arm_current_el(env));
59
+
60
+ /*
61
+ * No such thing as secure EL1 if EL3 is aarch32,
62
+ * so update the target EL to EL3 in this case.
63
+ */
64
+ if (arm_is_secure(env) && !arm_el_is_aa64(env, 3) && target_el == 1) {
65
+ target_el = 3;
66
+ }
67
+
68
+ return target_el;
69
+}
70
+
71
void raise_exception(CPUARMState *env, uint32_t excp,
72
uint32_t syndrome, uint32_t target_el)
73
{
74
--
75
2.25.1
diff view generated by jsdifflib
New patch
[PULL 04/28] target/arm: Move arm_singlestep_active out of line
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Move the function to debug_helper.c, and the
4
declaration to internals.h.
5
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20220609202901.1177572-5-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/cpu.h | 10 ----------
12
target/arm/internals.h | 1 +
13
target/arm/debug_helper.c | 12 ++++++++++++
14
3 files changed, 13 insertions(+), 10 deletions(-)
15
16
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/cpu.h
19
+++ b/target/arm/cpu.h
20
@@ -XXX,XX +XXX,XX @@ static inline bool arm_generate_debug_exceptions(CPUARMState *env)
21
}
22
}
23
24
-/* Is single-stepping active? (Note that the "is EL_D AArch64?" check
25
- * implicitly means this always returns false in pre-v8 CPUs.)
26
- */
27
-static inline bool arm_singlestep_active(CPUARMState *env)
28
-{
29
- return extract32(env->cp15.mdscr_el1, 0, 1)
30
- && arm_el_is_aa64(env, arm_debug_target_el(env))
31
- && arm_generate_debug_exceptions(env);
32
-}
33
-
34
static inline bool arm_sctlr_b(CPUARMState *env)
35
{
36
return
37
diff --git a/target/arm/internals.h b/target/arm/internals.h
38
index XXXXXXX..XXXXXXX 100644
39
--- a/target/arm/internals.h
40
+++ b/target/arm/internals.h
41
@@ -XXX,XX +XXX,XX @@ bool el_is_in_host(CPUARMState *env, int el);
42
43
void aa32_max_features(ARMCPU *cpu);
44
int exception_target_el(CPUARMState *env);
45
+bool arm_singlestep_active(CPUARMState *env);
46
47
/* Powers of 2 for sve_vq_map et al. */
48
#define SVE_VQ_POW2_MAP \
49
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
50
index XXXXXXX..XXXXXXX 100644
51
--- a/target/arm/debug_helper.c
52
+++ b/target/arm/debug_helper.c
53
@@ -XXX,XX +XXX,XX @@
54
#include "exec/exec-all.h"
55
#include "exec/helper-proto.h"
56
57
+
58
+/*
59
+ * Is single-stepping active? (Note that the "is EL_D AArch64?" check
60
+ * implicitly means this always returns false in pre-v8 CPUs.)
61
+ */
62
+bool arm_singlestep_active(CPUARMState *env)
63
+{
64
+ return extract32(env->cp15.mdscr_el1, 0, 1)
65
+ && arm_el_is_aa64(env, arm_debug_target_el(env))
66
+ && arm_generate_debug_exceptions(env);
67
+}
68
+
69
/* Return true if the linked breakpoint entry lbn passes its checks */
70
static bool linked_bp_matches(ARMCPU *cpu, int lbn)
71
{
72
--
73
2.25.1
diff view generated by jsdifflib
New patch
[PULL 05/28] target/arm: Move arm_generate_debug_exceptions out of line
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Move arm_generate_debug_exceptions and its two subroutines,
4
{aa32,aa64}_generate_debug_exceptions into debug_helper.c,
5
and the one interface declaration to internals.h.
6
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20220609202901.1177572-6-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
target/arm/cpu.h | 91 -------------------------------------
13
target/arm/internals.h | 1 +
14
target/arm/debug_helper.c | 94 +++++++++++++++++++++++++++++++++++++++
15
3 files changed, 95 insertions(+), 91 deletions(-)
16
17
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/cpu.h
20
+++ b/target/arm/cpu.h
21
@@ -XXX,XX +XXX,XX @@ static inline bool arm_v7m_csselr_razwi(ARMCPU *cpu)
22
return (cpu->clidr & R_V7M_CLIDR_CTYPE_ALL_MASK) != 0;
23
}
24
25
-/* See AArch64.GenerateDebugExceptionsFrom() in ARM ARM pseudocode */
26
-static inline bool aa64_generate_debug_exceptions(CPUARMState *env)
27
-{
28
- int cur_el = arm_current_el(env);
29
- int debug_el;
30
-
31
- if (cur_el == 3) {
32
- return false;
33
- }
34
-
35
- /* MDCR_EL3.SDD disables debug events from Secure state */
36
- if (arm_is_secure_below_el3(env)
37
- && extract32(env->cp15.mdcr_el3, 16, 1)) {
38
- return false;
39
- }
40
-
41
- /*
42
- * Same EL to same EL debug exceptions need MDSCR_KDE enabled
43
- * while not masking the (D)ebug bit in DAIF.
44
- */
45
- debug_el = arm_debug_target_el(env);
46
-
47
- if (cur_el == debug_el) {
48
- return extract32(env->cp15.mdscr_el1, 13, 1)
49
- && !(env->daif & PSTATE_D);
50
- }
51
-
52
- /* Otherwise the debug target needs to be a higher EL */
53
- return debug_el > cur_el;
54
-}
55
-
56
-static inline bool aa32_generate_debug_exceptions(CPUARMState *env)
57
-{
58
- int el = arm_current_el(env);
59
-
60
- if (el == 0 && arm_el_is_aa64(env, 1)) {
61
- return aa64_generate_debug_exceptions(env);
62
- }
63
-
64
- if (arm_is_secure(env)) {
65
- int spd;
66
-
67
- if (el == 0 && (env->cp15.sder & 1)) {
68
- /* SDER.SUIDEN means debug exceptions from Secure EL0
69
- * are always enabled. Otherwise they are controlled by
70
- * SDCR.SPD like those from other Secure ELs.
71
- */
72
- return true;
73
- }
74
-
75
- spd = extract32(env->cp15.mdcr_el3, 14, 2);
76
- switch (spd) {
77
- case 1:
78
- /* SPD == 0b01 is reserved, but behaves as 0b00. */
79
- case 0:
80
- /* For 0b00 we return true if external secure invasive debug
81
- * is enabled. On real hardware this is controlled by external
82
- * signals to the core. QEMU always permits debug, and behaves
83
- * as if DBGEN, SPIDEN, NIDEN and SPNIDEN are all tied high.
84
- */
85
- return true;
86
- case 2:
87
- return false;
88
- case 3:
89
- return true;
90
- }
91
- }
92
-
93
- return el != 2;
94
-}
95
-
96
-/* Return true if debugging exceptions are currently enabled.
97
- * This corresponds to what in ARM ARM pseudocode would be
98
- * if UsingAArch32() then
99
- * return AArch32.GenerateDebugExceptions()
100
- * else
101
- * return AArch64.GenerateDebugExceptions()
102
- * We choose to push the if() down into this function for clarity,
103
- * since the pseudocode has it at all callsites except for the one in
104
- * CheckSoftwareStep(), where it is elided because both branches would
105
- * always return the same value.
106
- */
107
-static inline bool arm_generate_debug_exceptions(CPUARMState *env)
108
-{
109
- if (env->aarch64) {
110
- return aa64_generate_debug_exceptions(env);
111
- } else {
112
- return aa32_generate_debug_exceptions(env);
113
- }
114
-}
115
-
116
static inline bool arm_sctlr_b(CPUARMState *env)
117
{
118
return
119
diff --git a/target/arm/internals.h b/target/arm/internals.h
120
index XXXXXXX..XXXXXXX 100644
121
--- a/target/arm/internals.h
122
+++ b/target/arm/internals.h
123
@@ -XXX,XX +XXX,XX @@ bool el_is_in_host(CPUARMState *env, int el);
124
void aa32_max_features(ARMCPU *cpu);
125
int exception_target_el(CPUARMState *env);
126
bool arm_singlestep_active(CPUARMState *env);
127
+bool arm_generate_debug_exceptions(CPUARMState *env);
128
129
/* Powers of 2 for sve_vq_map et al. */
130
#define SVE_VQ_POW2_MAP \
131
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
132
index XXXXXXX..XXXXXXX 100644
133
--- a/target/arm/debug_helper.c
134
+++ b/target/arm/debug_helper.c
135
@@ -XXX,XX +XXX,XX @@
136
#include "exec/helper-proto.h"
137
138
139
+/* See AArch64.GenerateDebugExceptionsFrom() in ARM ARM pseudocode */
140
+static bool aa64_generate_debug_exceptions(CPUARMState *env)
141
+{
142
+ int cur_el = arm_current_el(env);
143
+ int debug_el;
144
+
145
+ if (cur_el == 3) {
146
+ return false;
147
+ }
148
+
149
+ /* MDCR_EL3.SDD disables debug events from Secure state */
150
+ if (arm_is_secure_below_el3(env)
151
+ && extract32(env->cp15.mdcr_el3, 16, 1)) {
152
+ return false;
153
+ }
154
+
155
+ /*
156
+ * Same EL to same EL debug exceptions need MDSCR_KDE enabled
157
+ * while not masking the (D)ebug bit in DAIF.
158
+ */
159
+ debug_el = arm_debug_target_el(env);
160
+
161
+ if (cur_el == debug_el) {
162
+ return extract32(env->cp15.mdscr_el1, 13, 1)
163
+ && !(env->daif & PSTATE_D);
164
+ }
165
+
166
+ /* Otherwise the debug target needs to be a higher EL */
167
+ return debug_el > cur_el;
168
+}
169
+
170
+static bool aa32_generate_debug_exceptions(CPUARMState *env)
171
+{
172
+ int el = arm_current_el(env);
173
+
174
+ if (el == 0 && arm_el_is_aa64(env, 1)) {
175
+ return aa64_generate_debug_exceptions(env);
176
+ }
177
+
178
+ if (arm_is_secure(env)) {
179
+ int spd;
180
+
181
+ if (el == 0 && (env->cp15.sder & 1)) {
182
+ /*
183
+ * SDER.SUIDEN means debug exceptions from Secure EL0
184
+ * are always enabled. Otherwise they are controlled by
185
+ * SDCR.SPD like those from other Secure ELs.
186
+ */
187
+ return true;
188
+ }
189
+
190
+ spd = extract32(env->cp15.mdcr_el3, 14, 2);
191
+ switch (spd) {
192
+ case 1:
193
+ /* SPD == 0b01 is reserved, but behaves as 0b00. */
194
+ case 0:
195
+ /*
196
+ * For 0b00 we return true if external secure invasive debug
197
+ * is enabled. On real hardware this is controlled by external
198
+ * signals to the core. QEMU always permits debug, and behaves
199
+ * as if DBGEN, SPIDEN, NIDEN and SPNIDEN are all tied high.
200
+ */
201
+ return true;
202
+ case 2:
203
+ return false;
204
+ case 3:
205
+ return true;
206
+ }
207
+ }
208
+
209
+ return el != 2;
210
+}
211
+
212
+/*
213
+ * Return true if debugging exceptions are currently enabled.
214
+ * This corresponds to what in ARM ARM pseudocode would be
215
+ * if UsingAArch32() then
216
+ * return AArch32.GenerateDebugExceptions()
217
+ * else
218
+ * return AArch64.GenerateDebugExceptions()
219
+ * We choose to push the if() down into this function for clarity,
220
+ * since the pseudocode has it at all callsites except for the one in
221
+ * CheckSoftwareStep(), where it is elided because both branches would
222
+ * always return the same value.
223
+ */
224
+bool arm_generate_debug_exceptions(CPUARMState *env)
225
+{
226
+ if (env->aarch64) {
227
+ return aa64_generate_debug_exceptions(env);
228
+ } else {
229
+ return aa32_generate_debug_exceptions(env);
230
+ }
231
+}
232
+
233
/*
234
* Is single-stepping active? (Note that the "is EL_D AArch64?" check
235
* implicitly means this always returns false in pre-v8 CPUs.)
236
--
237
2.25.1
diff view generated by jsdifflib
New patch
[PULL 06/28] target/arm: Use is_a64 in arm_generate_debug_exceptions
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Use the accessor rather than the raw structure member.
4
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20220609202901.1177572-7-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
target/arm/debug_helper.c | 2 +-
11
1 file changed, 1 insertion(+), 1 deletion(-)
12
13
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/debug_helper.c
16
+++ b/target/arm/debug_helper.c
17
@@ -XXX,XX +XXX,XX @@ static bool aa32_generate_debug_exceptions(CPUARMState *env)
18
*/
19
bool arm_generate_debug_exceptions(CPUARMState *env)
20
{
21
- if (env->aarch64) {
22
+ if (is_a64(env)) {
23
return aa64_generate_debug_exceptions(env);
24
} else {
25
return aa32_generate_debug_exceptions(env);
26
--
27
2.25.1
diff view generated by jsdifflib
New patch
[PULL 07/28] target/arm: Move exception_bkpt_insn to debug_helper.c
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20220609202901.1177572-8-richard.henderson@linaro.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
target/arm/debug_helper.c | 31 +++++++++++++++++++++++++++++++
9
target/arm/op_helper.c | 29 -----------------------------
10
2 files changed, 31 insertions(+), 29 deletions(-)
11
12
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
13
index XXXXXXX..XXXXXXX 100644
14
--- a/target/arm/debug_helper.c
15
+++ b/target/arm/debug_helper.c
16
@@ -XXX,XX +XXX,XX @@ void arm_debug_excp_handler(CPUState *cs)
17
}
18
}
19
20
+/*
21
+ * Raise an EXCP_BKPT with the specified syndrome register value,
22
+ * targeting the correct exception level for debug exceptions.
23
+ */
24
+void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome)
25
+{
26
+ int debug_el = arm_debug_target_el(env);
27
+ int cur_el = arm_current_el(env);
28
+
29
+ /* FSR will only be used if the debug target EL is AArch32. */
30
+ env->exception.fsr = arm_debug_exception_fsr(env);
31
+ /*
32
+ * FAR is UNKNOWN: clear vaddress to avoid potentially exposing
33
+ * values to the guest that it shouldn't be able to see at its
34
+ * exception/security level.
35
+ */
36
+ env->exception.vaddress = 0;
37
+ /*
38
+ * Other kinds of architectural debug exception are ignored if
39
+ * they target an exception level below the current one (in QEMU
40
+ * this is checked by arm_generate_debug_exceptions()). Breakpoint
41
+ * instructions are special because they always generate an exception
42
+ * to somewhere: if they can't go to the configured debug exception
43
+ * level they are taken to the current exception level.
44
+ */
45
+ if (debug_el < cur_el) {
46
+ debug_el = cur_el;
47
+ }
48
+ raise_exception(env, EXCP_BKPT, syndrome, debug_el);
49
+}
50
+
51
#if !defined(CONFIG_USER_ONLY)
52
53
vaddr arm_adjust_watchpoint_address(CPUState *cs, vaddr addr, int len)
54
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
55
index XXXXXXX..XXXXXXX 100644
56
--- a/target/arm/op_helper.c
57
+++ b/target/arm/op_helper.c
58
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_with_syndrome)(CPUARMState *env, uint32_t excp,
59
raise_exception(env, excp, syndrome, target_el);
60
}
61
62
-/* Raise an EXCP_BKPT with the specified syndrome register value,
63
- * targeting the correct exception level for debug exceptions.
64
- */
65
-void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome)
66
-{
67
- int debug_el = arm_debug_target_el(env);
68
- int cur_el = arm_current_el(env);
69
-
70
- /* FSR will only be used if the debug target EL is AArch32. */
71
- env->exception.fsr = arm_debug_exception_fsr(env);
72
- /* FAR is UNKNOWN: clear vaddress to avoid potentially exposing
73
- * values to the guest that it shouldn't be able to see at its
74
- * exception/security level.
75
- */
76
- env->exception.vaddress = 0;
77
- /*
78
- * Other kinds of architectural debug exception are ignored if
79
- * they target an exception level below the current one (in QEMU
80
- * this is checked by arm_generate_debug_exceptions()). Breakpoint
81
- * instructions are special because they always generate an exception
82
- * to somewhere: if they can't go to the configured debug exception
83
- * level they are taken to the current exception level.
84
- */
85
- if (debug_el < cur_el) {
86
- debug_el = cur_el;
87
- }
88
- raise_exception(env, EXCP_BKPT, syndrome, debug_el);
89
-}
90
-
91
uint32_t HELPER(cpsr_read)(CPUARMState *env)
92
{
93
return cpsr_read(env) & ~CPSR_EXEC;
94
--
95
2.25.1
diff view generated by jsdifflib
New patch
[PULL 08/28] target/arm: Move arm_debug_exception_fsr to debug_helper.c
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
This function now now only used in debug_helper.c, so there is
4
no reason to have a declaration in a header.
5
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20220609202901.1177572-9-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/internals.h | 25 -------------------------
12
target/arm/debug_helper.c | 26 ++++++++++++++++++++++++++
13
2 files changed, 26 insertions(+), 25 deletions(-)
14
15
diff --git a/target/arm/internals.h b/target/arm/internals.h
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/internals.h
18
+++ b/target/arm/internals.h
19
@@ -XXX,XX +XXX,XX @@ static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
20
return &env->cp15.tcr_el[regime_el(env, mmu_idx)];
21
}
22
23
-/* Return the FSR value for a debug exception (watchpoint, hardware
24
- * breakpoint or BKPT insn) targeting the specified exception level.
25
- */
26
-static inline uint32_t arm_debug_exception_fsr(CPUARMState *env)
27
-{
28
- ARMMMUFaultInfo fi = { .type = ARMFault_Debug };
29
- int target_el = arm_debug_target_el(env);
30
- bool using_lpae = false;
31
-
32
- if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
33
- using_lpae = true;
34
- } else {
35
- if (arm_feature(env, ARM_FEATURE_LPAE) &&
36
- (env->cp15.tcr_el[target_el].raw_tcr & TTBCR_EAE)) {
37
- using_lpae = true;
38
- }
39
- }
40
-
41
- if (using_lpae) {
42
- return arm_fi_to_lfsc(&fi);
43
- } else {
44
- return arm_fi_to_sfsc(&fi);
45
- }
46
-}
47
-
48
/**
49
* arm_num_brps: Return number of implemented breakpoints.
50
* Note that the ID register BRPS field is "number of bps - 1",
51
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
52
index XXXXXXX..XXXXXXX 100644
53
--- a/target/arm/debug_helper.c
54
+++ b/target/arm/debug_helper.c
55
@@ -XXX,XX +XXX,XX @@ bool arm_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp)
56
return check_watchpoints(cpu);
57
}
58
59
+/*
60
+ * Return the FSR value for a debug exception (watchpoint, hardware
61
+ * breakpoint or BKPT insn) targeting the specified exception level.
62
+ */
63
+static uint32_t arm_debug_exception_fsr(CPUARMState *env)
64
+{
65
+ ARMMMUFaultInfo fi = { .type = ARMFault_Debug };
66
+ int target_el = arm_debug_target_el(env);
67
+ bool using_lpae = false;
68
+
69
+ if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
70
+ using_lpae = true;
71
+ } else {
72
+ if (arm_feature(env, ARM_FEATURE_LPAE) &&
73
+ (env->cp15.tcr_el[target_el].raw_tcr & TTBCR_EAE)) {
74
+ using_lpae = true;
75
+ }
76
+ }
77
+
78
+ if (using_lpae) {
79
+ return arm_fi_to_lfsc(&fi);
80
+ } else {
81
+ return arm_fi_to_sfsc(&fi);
82
+ }
83
+}
84
+
85
void arm_debug_excp_handler(CPUState *cs)
86
{
87
/*
88
--
89
2.25.1
diff view generated by jsdifflib
New patch
[PULL 09/28] target/arm: Rename helper_exception_with_syndrome
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Rename to helper_exception_with_syndrome_el, to emphasize
4
that the target el is a parameter.
5
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20220609202901.1177572-10-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/helper.h | 2 +-
12
target/arm/translate.h | 6 +++---
13
target/arm/op_helper.c | 6 +++---
14
target/arm/translate.c | 6 +++---
15
4 files changed, 10 insertions(+), 10 deletions(-)
16
17
diff --git a/target/arm/helper.h b/target/arm/helper.h
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/helper.h
20
+++ b/target/arm/helper.h
21
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_2(usad8, TCG_CALL_NO_RWG_SE, i32, i32, i32)
22
DEF_HELPER_FLAGS_3(sel_flags, TCG_CALL_NO_RWG_SE,
23
i32, i32, i32, i32)
24
DEF_HELPER_2(exception_internal, noreturn, env, i32)
25
-DEF_HELPER_4(exception_with_syndrome, noreturn, env, i32, i32, i32)
26
+DEF_HELPER_4(exception_with_syndrome_el, noreturn, env, i32, i32, i32)
27
DEF_HELPER_2(exception_bkpt_insn, noreturn, env, i32)
28
DEF_HELPER_2(exception_pc_alignment, noreturn, env, tl)
29
DEF_HELPER_1(setend, void, env)
30
diff --git a/target/arm/translate.h b/target/arm/translate.h
31
index XXXXXXX..XXXXXXX 100644
32
--- a/target/arm/translate.h
33
+++ b/target/arm/translate.h
34
@@ -XXX,XX +XXX,XX @@ static inline void gen_ss_advance(DisasContext *s)
35
static inline void gen_exception(int excp, uint32_t syndrome,
36
uint32_t target_el)
37
{
38
- gen_helper_exception_with_syndrome(cpu_env, tcg_constant_i32(excp),
39
- tcg_constant_i32(syndrome),
40
- tcg_constant_i32(target_el));
41
+ gen_helper_exception_with_syndrome_el(cpu_env, tcg_constant_i32(excp),
42
+ tcg_constant_i32(syndrome),
43
+ tcg_constant_i32(target_el));
44
}
45
46
/* Generate an architectural singlestep exception */
47
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
48
index XXXXXXX..XXXXXXX 100644
49
--- a/target/arm/op_helper.c
50
+++ b/target/arm/op_helper.c
51
@@ -XXX,XX +XXX,XX @@ void HELPER(yield)(CPUARMState *env)
52
* those EXCP values which are special cases for QEMU to interrupt
53
* execution and not to be used for exceptions which are passed to
54
* the guest (those must all have syndrome information and thus should
55
- * use exception_with_syndrome).
56
+ * use exception_with_syndrome*).
57
*/
58
void HELPER(exception_internal)(CPUARMState *env, uint32_t excp)
59
{
60
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_internal)(CPUARMState *env, uint32_t excp)
61
}
62
63
/* Raise an exception with the specified syndrome register value */
64
-void HELPER(exception_with_syndrome)(CPUARMState *env, uint32_t excp,
65
- uint32_t syndrome, uint32_t target_el)
66
+void HELPER(exception_with_syndrome_el)(CPUARMState *env, uint32_t excp,
67
+ uint32_t syndrome, uint32_t target_el)
68
{
69
raise_exception(env, excp, syndrome, target_el);
70
}
71
diff --git a/target/arm/translate.c b/target/arm/translate.c
72
index XXXXXXX..XXXXXXX 100644
73
--- a/target/arm/translate.c
74
+++ b/target/arm/translate.c
75
@@ -XXX,XX +XXX,XX @@ static void gen_exception_el(DisasContext *s, int excp, uint32_t syn,
76
{
77
gen_set_condexec(s);
78
gen_set_pc_im(s, s->pc_curr);
79
- gen_helper_exception_with_syndrome(cpu_env,
80
- tcg_constant_i32(excp),
81
- tcg_constant_i32(syn), tcg_el);
82
+ gen_helper_exception_with_syndrome_el(cpu_env,
83
+ tcg_constant_i32(excp),
84
+ tcg_constant_i32(syn), tcg_el);
85
s->base.is_jmp = DISAS_NORETURN;
86
}
87
88
--
89
2.25.1
diff view generated by jsdifflib
New patch
[PULL 10/28] target/arm: Introduce gen_exception_insn_el_v
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Create a function below gen_exception_insn that takes
4
the target_el as a TCGv_i32, replacing gen_exception_el.
5
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20220609202901.1177572-11-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/translate.c | 27 ++++++++++++---------------
12
1 file changed, 12 insertions(+), 15 deletions(-)
13
14
diff --git a/target/arm/translate.c b/target/arm/translate.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/translate.c
17
+++ b/target/arm/translate.c
18
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
19
s->base.is_jmp = DISAS_NORETURN;
20
}
21
22
-void gen_exception_insn(DisasContext *s, uint64_t pc, int excp,
23
- uint32_t syn, uint32_t target_el)
24
+static void gen_exception_insn_el_v(DisasContext *s, uint64_t pc, int excp,
25
+ uint32_t syn, TCGv_i32 tcg_el)
26
{
27
if (s->aarch64) {
28
gen_a64_set_pc_im(pc);
29
@@ -XXX,XX +XXX,XX @@ void gen_exception_insn(DisasContext *s, uint64_t pc, int excp,
30
gen_set_condexec(s);
31
gen_set_pc_im(s, pc);
32
}
33
- gen_exception(excp, syn, target_el);
34
+ gen_helper_exception_with_syndrome_el(cpu_env, tcg_constant_i32(excp),
35
+ tcg_constant_i32(syn), tcg_el);
36
s->base.is_jmp = DISAS_NORETURN;
37
}
38
39
+void gen_exception_insn(DisasContext *s, uint64_t pc, int excp,
40
+ uint32_t syn, uint32_t target_el)
41
+{
42
+ gen_exception_insn_el_v(s, pc, excp, syn, tcg_constant_i32(target_el));
43
+}
44
+
45
static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
46
{
47
gen_set_condexec(s);
48
@@ -XXX,XX +XXX,XX @@ void unallocated_encoding(DisasContext *s)
49
default_exception_el(s));
50
}
51
52
-static void gen_exception_el(DisasContext *s, int excp, uint32_t syn,
53
- TCGv_i32 tcg_el)
54
-{
55
- gen_set_condexec(s);
56
- gen_set_pc_im(s, s->pc_curr);
57
- gen_helper_exception_with_syndrome_el(cpu_env,
58
- tcg_constant_i32(excp),
59
- tcg_constant_i32(syn), tcg_el);
60
- s->base.is_jmp = DISAS_NORETURN;
61
-}
62
-
63
/* Force a TB lookup after an instruction that changes the CPU state. */
64
void gen_lookup_tb(DisasContext *s)
65
{
66
@@ -XXX,XX +XXX,XX @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
67
tcg_el = tcg_constant_i32(3);
68
}
69
70
- gen_exception_el(s, EXCP_UDEF, syn_uncategorized(), tcg_el);
71
+ gen_exception_insn_el_v(s, s->pc_curr, EXCP_UDEF,
72
+ syn_uncategorized(), tcg_el);
73
tcg_temp_free_i32(tcg_el);
74
return false;
75
}
76
--
77
2.25.1
diff view generated by jsdifflib
New patch
[PULL 11/28] target/arm: Rename gen_exception_insn to gen_exception_insn_el
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20220609202901.1177572-12-richard.henderson@linaro.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
target/arm/translate.h | 4 ++--
9
target/arm/translate-a64.c | 36 ++++++++++++++++----------------
10
target/arm/translate-m-nocp.c | 16 +++++++-------
11
target/arm/translate-mve.c | 4 ++--
12
target/arm/translate-vfp.c | 6 +++---
13
target/arm/translate.c | 39 ++++++++++++++++++-----------------
14
6 files changed, 53 insertions(+), 52 deletions(-)
15
16
diff --git a/target/arm/translate.h b/target/arm/translate.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/translate.h
19
+++ b/target/arm/translate.h
20
@@ -XXX,XX +XXX,XX @@ void arm_jump_cc(DisasCompare *cmp, TCGLabel *label);
21
void arm_gen_test_cc(int cc, TCGLabel *label);
22
MemOp pow2_align(unsigned i);
23
void unallocated_encoding(DisasContext *s);
24
-void gen_exception_insn(DisasContext *s, uint64_t pc, int excp,
25
- uint32_t syn, uint32_t target_el);
26
+void gen_exception_insn_el(DisasContext *s, uint64_t pc, int excp,
27
+ uint32_t syn, uint32_t target_el);
28
29
/* Return state of Alternate Half-precision flag, caller frees result */
30
static inline TCGv_i32 get_ahp_flag(void)
31
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
32
index XXXXXXX..XXXXXXX 100644
33
--- a/target/arm/translate-a64.c
34
+++ b/target/arm/translate-a64.c
35
@@ -XXX,XX +XXX,XX @@ static bool fp_access_check(DisasContext *s)
36
assert(!s->fp_access_checked);
37
s->fp_access_checked = true;
38
39
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
40
- syn_fp_access_trap(1, 0xe, false, 0),
41
- s->fp_excp_el);
42
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
43
+ syn_fp_access_trap(1, 0xe, false, 0),
44
+ s->fp_excp_el);
45
return false;
46
}
47
s->fp_access_checked = true;
48
@@ -XXX,XX +XXX,XX @@ bool sve_access_check(DisasContext *s)
49
assert(!s->sve_access_checked);
50
s->sve_access_checked = true;
51
52
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
53
- syn_sve_access_trap(), s->sve_excp_el);
54
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
55
+ syn_sve_access_trap(), s->sve_excp_el);
56
return false;
57
}
58
s->sve_access_checked = true;
59
@@ -XXX,XX +XXX,XX @@ static void gen_sysreg_undef(DisasContext *s, bool isread,
60
} else {
61
syndrome = syn_uncategorized();
62
}
63
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syndrome,
64
- default_exception_el(s));
65
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF, syndrome,
66
+ default_exception_el(s));
67
}
68
69
/* MRS - move from system register
70
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
71
switch (op2_ll) {
72
case 1: /* SVC */
73
gen_ss_advance(s);
74
- gen_exception_insn(s, s->base.pc_next, EXCP_SWI,
75
- syn_aa64_svc(imm16), default_exception_el(s));
76
+ gen_exception_insn_el(s, s->base.pc_next, EXCP_SWI,
77
+ syn_aa64_svc(imm16), default_exception_el(s));
78
break;
79
case 2: /* HVC */
80
if (s->current_el == 0) {
81
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
82
gen_a64_set_pc_im(s->pc_curr);
83
gen_helper_pre_hvc(cpu_env);
84
gen_ss_advance(s);
85
- gen_exception_insn(s, s->base.pc_next, EXCP_HVC,
86
- syn_aa64_hvc(imm16), 2);
87
+ gen_exception_insn_el(s, s->base.pc_next, EXCP_HVC,
88
+ syn_aa64_hvc(imm16), 2);
89
break;
90
case 3: /* SMC */
91
if (s->current_el == 0) {
92
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
93
gen_a64_set_pc_im(s->pc_curr);
94
gen_helper_pre_smc(cpu_env, tcg_constant_i32(syn_aa64_smc(imm16)));
95
gen_ss_advance(s);
96
- gen_exception_insn(s, s->base.pc_next, EXCP_SMC,
97
- syn_aa64_smc(imm16), 3);
98
+ gen_exception_insn_el(s, s->base.pc_next, EXCP_SMC,
99
+ syn_aa64_smc(imm16), 3);
100
break;
101
default:
102
unallocated_encoding(s);
103
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
104
* Illegal execution state. This has priority over BTI
105
* exceptions, but comes after instruction abort exceptions.
106
*/
107
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
108
- syn_illegalstate(), default_exception_el(s));
109
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
110
+ syn_illegalstate(), default_exception_el(s));
111
return;
112
}
113
114
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
115
if (s->btype != 0
116
&& s->guarded_page
117
&& !btype_destination_ok(insn, s->bt, s->btype)) {
118
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
119
- syn_btitrap(s->btype),
120
- default_exception_el(s));
121
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
122
+ syn_btitrap(s->btype),
123
+ default_exception_el(s));
124
return;
125
}
126
} else {
127
diff --git a/target/arm/translate-m-nocp.c b/target/arm/translate-m-nocp.c
128
index XXXXXXX..XXXXXXX 100644
129
--- a/target/arm/translate-m-nocp.c
130
+++ b/target/arm/translate-m-nocp.c
131
@@ -XXX,XX +XXX,XX @@ static bool trans_VSCCLRM(DisasContext *s, arg_VSCCLRM *a)
132
tcg_gen_brcondi_i32(TCG_COND_EQ, sfpa, 0, s->condlabel);
133
134
if (s->fp_excp_el != 0) {
135
- gen_exception_insn(s, s->pc_curr, EXCP_NOCP,
136
- syn_uncategorized(), s->fp_excp_el);
137
+ gen_exception_insn_el(s, s->pc_curr, EXCP_NOCP,
138
+ syn_uncategorized(), s->fp_excp_el);
139
return true;
140
}
141
142
@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,
143
if (!vfp_access_check_m(s, true)) {
144
/*
145
* This was only a conditional exception, so override
146
- * gen_exception_insn()'s default to DISAS_NORETURN
147
+ * gen_exception_insn_el()'s default to DISAS_NORETURN
148
*/
149
s->base.is_jmp = DISAS_NEXT;
150
break;
151
@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_read(DisasContext *s, int regno,
152
if (!vfp_access_check_m(s, true)) {
153
/*
154
* This was only a conditional exception, so override
155
- * gen_exception_insn()'s default to DISAS_NORETURN
156
+ * gen_exception_insn_el()'s default to DISAS_NORETURN
157
*/
158
s->base.is_jmp = DISAS_NEXT;
159
break;
160
@@ -XXX,XX +XXX,XX @@ static bool trans_NOCP(DisasContext *s, arg_nocp *a)
161
}
162
163
if (a->cp != 10) {
164
- gen_exception_insn(s, s->pc_curr, EXCP_NOCP,
165
- syn_uncategorized(), default_exception_el(s));
166
+ gen_exception_insn_el(s, s->pc_curr, EXCP_NOCP,
167
+ syn_uncategorized(), default_exception_el(s));
168
return true;
169
}
170
171
if (s->fp_excp_el != 0) {
172
- gen_exception_insn(s, s->pc_curr, EXCP_NOCP,
173
- syn_uncategorized(), s->fp_excp_el);
174
+ gen_exception_insn_el(s, s->pc_curr, EXCP_NOCP,
175
+ syn_uncategorized(), s->fp_excp_el);
176
return true;
177
}
178
179
diff --git a/target/arm/translate-mve.c b/target/arm/translate-mve.c
180
index XXXXXXX..XXXXXXX 100644
181
--- a/target/arm/translate-mve.c
182
+++ b/target/arm/translate-mve.c
183
@@ -XXX,XX +XXX,XX @@ bool mve_eci_check(DisasContext *s)
184
return true;
185
default:
186
/* Reserved value: INVSTATE UsageFault */
187
- gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
188
- default_exception_el(s));
189
+ gen_exception_insn_el(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
190
+ default_exception_el(s));
191
return false;
192
}
193
}
194
diff --git a/target/arm/translate-vfp.c b/target/arm/translate-vfp.c
195
index XXXXXXX..XXXXXXX 100644
196
--- a/target/arm/translate-vfp.c
197
+++ b/target/arm/translate-vfp.c
198
@@ -XXX,XX +XXX,XX @@ static bool vfp_access_check_a(DisasContext *s, bool ignore_vfp_enabled)
199
int coproc = arm_dc_feature(s, ARM_FEATURE_V8) ? 0 : 0xa;
200
uint32_t syn = syn_fp_access_trap(1, 0xe, false, coproc);
201
202
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn, s->fp_excp_el);
203
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF, syn, s->fp_excp_el);
204
return false;
205
}
206
207
@@ -XXX,XX +XXX,XX @@ bool vfp_access_check_m(DisasContext *s, bool skip_context_update)
208
* the encoding space handled by the patterns in m-nocp.decode,
209
* and for them we may need to raise NOCP here.
210
*/
211
- gen_exception_insn(s, s->pc_curr, EXCP_NOCP,
212
- syn_uncategorized(), s->fp_excp_el);
213
+ gen_exception_insn_el(s, s->pc_curr, EXCP_NOCP,
214
+ syn_uncategorized(), s->fp_excp_el);
215
return false;
216
}
217
218
diff --git a/target/arm/translate.c b/target/arm/translate.c
219
index XXXXXXX..XXXXXXX 100644
220
--- a/target/arm/translate.c
221
+++ b/target/arm/translate.c
222
@@ -XXX,XX +XXX,XX @@ static void gen_exception_insn_el_v(DisasContext *s, uint64_t pc, int excp,
223
s->base.is_jmp = DISAS_NORETURN;
224
}
225
226
-void gen_exception_insn(DisasContext *s, uint64_t pc, int excp,
227
- uint32_t syn, uint32_t target_el)
228
+void gen_exception_insn_el(DisasContext *s, uint64_t pc, int excp,
229
+ uint32_t syn, uint32_t target_el)
230
{
231
gen_exception_insn_el_v(s, pc, excp, syn, tcg_constant_i32(target_el));
232
}
233
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
234
void unallocated_encoding(DisasContext *s)
235
{
236
/* Unallocated and reserved encodings are uncategorized */
237
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
238
- default_exception_el(s));
239
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
240
+ default_exception_el(s));
241
}
242
243
/* Force a TB lookup after an instruction that changes the CPU state. */
244
@@ -XXX,XX +XXX,XX @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
245
246
undef:
247
/* If we get here then some access check did not pass */
248
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
249
- syn_uncategorized(), exc_target);
250
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
251
+ syn_uncategorized(), exc_target);
252
return false;
253
}
254
255
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
256
* For the UNPREDICTABLE cases we choose to UNDEF.
257
*/
258
if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
259
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(), 3);
260
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
261
+ syn_uncategorized(), 3);
262
return;
263
}
264
265
@@ -XXX,XX +XXX,XX @@ static bool trans_WLS(DisasContext *s, arg_WLS *a)
266
* Do the check-and-raise-exception by hand.
267
*/
268
if (s->fp_excp_el) {
269
- gen_exception_insn(s, s->pc_curr, EXCP_NOCP,
270
- syn_uncategorized(), s->fp_excp_el);
271
+ gen_exception_insn_el(s, s->pc_curr, EXCP_NOCP,
272
+ syn_uncategorized(), s->fp_excp_el);
273
return true;
274
}
275
}
276
@@ -XXX,XX +XXX,XX @@ static bool trans_LE(DisasContext *s, arg_LE *a)
277
tmp = load_cpu_field(v7m.ltpsize);
278
tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 4, skipexc);
279
tcg_temp_free_i32(tmp);
280
- gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
281
- default_exception_el(s));
282
+ gen_exception_insn_el(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
283
+ default_exception_el(s));
284
gen_set_label(skipexc);
285
}
286
287
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
288
* UsageFault exception.
289
*/
290
if (arm_dc_feature(s, ARM_FEATURE_M)) {
291
- gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
292
- default_exception_el(s));
293
+ gen_exception_insn_el(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
294
+ default_exception_el(s));
295
return;
296
}
297
298
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
299
* Illegal execution state. This has priority over BTI
300
* exceptions, but comes after instruction abort exceptions.
301
*/
302
- gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
303
- syn_illegalstate(), default_exception_el(s));
304
+ gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
305
+ syn_illegalstate(), default_exception_el(s));
306
return;
307
}
308
309
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
310
* Illegal execution state. This has priority over BTI
311
* exceptions, but comes after instruction abort exceptions.
312
*/
313
- gen_exception_insn(dc, dc->pc_curr, EXCP_UDEF,
314
- syn_illegalstate(), default_exception_el(dc));
315
+ gen_exception_insn_el(dc, dc->pc_curr, EXCP_UDEF,
316
+ syn_illegalstate(), default_exception_el(dc));
317
return;
318
}
319
320
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
321
*/
322
tcg_remove_ops_after(dc->insn_eci_rewind);
323
dc->condjmp = 0;
324
- gen_exception_insn(dc, dc->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
325
- default_exception_el(dc));
326
+ gen_exception_insn_el(dc, dc->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
327
+ default_exception_el(dc));
328
}
329
330
arm_post_translate_insn(dc);
331
--
332
2.25.1
diff view generated by jsdifflib
New patch
[PULL 12/28] target/arm: Introduce gen_exception_insn
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Create a new wrapper function that passes the default
4
exception target to gen_exception_insn_el.
5
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20220609202901.1177572-13-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/translate.h | 1 +
12
target/arm/translate-a64.c | 15 ++++++---------
13
target/arm/translate-m-nocp.c | 3 +--
14
target/arm/translate-mve.c | 3 +--
15
target/arm/translate.c | 29 +++++++++++++----------------
16
5 files changed, 22 insertions(+), 29 deletions(-)
17
18
diff --git a/target/arm/translate.h b/target/arm/translate.h
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/translate.h
21
+++ b/target/arm/translate.h
22
@@ -XXX,XX +XXX,XX @@ MemOp pow2_align(unsigned i);
23
void unallocated_encoding(DisasContext *s);
24
void gen_exception_insn_el(DisasContext *s, uint64_t pc, int excp,
25
uint32_t syn, uint32_t target_el);
26
+void gen_exception_insn(DisasContext *s, uint64_t pc, int excp, uint32_t syn);
27
28
/* Return state of Alternate Half-precision flag, caller frees result */
29
static inline TCGv_i32 get_ahp_flag(void)
30
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
31
index XXXXXXX..XXXXXXX 100644
32
--- a/target/arm/translate-a64.c
33
+++ b/target/arm/translate-a64.c
34
@@ -XXX,XX +XXX,XX @@ static void gen_sysreg_undef(DisasContext *s, bool isread,
35
} else {
36
syndrome = syn_uncategorized();
37
}
38
- gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF, syndrome,
39
- default_exception_el(s));
40
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syndrome);
41
}
42
43
/* MRS - move from system register
44
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
45
switch (op2_ll) {
46
case 1: /* SVC */
47
gen_ss_advance(s);
48
- gen_exception_insn_el(s, s->base.pc_next, EXCP_SWI,
49
- syn_aa64_svc(imm16), default_exception_el(s));
50
+ gen_exception_insn(s, s->base.pc_next, EXCP_SWI,
51
+ syn_aa64_svc(imm16));
52
break;
53
case 2: /* HVC */
54
if (s->current_el == 0) {
55
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
56
* Illegal execution state. This has priority over BTI
57
* exceptions, but comes after instruction abort exceptions.
58
*/
59
- gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
60
- syn_illegalstate(), default_exception_el(s));
61
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_illegalstate());
62
return;
63
}
64
65
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
66
if (s->btype != 0
67
&& s->guarded_page
68
&& !btype_destination_ok(insn, s->bt, s->btype)) {
69
- gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
70
- syn_btitrap(s->btype),
71
- default_exception_el(s));
72
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
73
+ syn_btitrap(s->btype));
74
return;
75
}
76
} else {
77
diff --git a/target/arm/translate-m-nocp.c b/target/arm/translate-m-nocp.c
78
index XXXXXXX..XXXXXXX 100644
79
--- a/target/arm/translate-m-nocp.c
80
+++ b/target/arm/translate-m-nocp.c
81
@@ -XXX,XX +XXX,XX @@ static bool trans_NOCP(DisasContext *s, arg_nocp *a)
82
}
83
84
if (a->cp != 10) {
85
- gen_exception_insn_el(s, s->pc_curr, EXCP_NOCP,
86
- syn_uncategorized(), default_exception_el(s));
87
+ gen_exception_insn(s, s->pc_curr, EXCP_NOCP, syn_uncategorized());
88
return true;
89
}
90
91
diff --git a/target/arm/translate-mve.c b/target/arm/translate-mve.c
92
index XXXXXXX..XXXXXXX 100644
93
--- a/target/arm/translate-mve.c
94
+++ b/target/arm/translate-mve.c
95
@@ -XXX,XX +XXX,XX @@ bool mve_eci_check(DisasContext *s)
96
return true;
97
default:
98
/* Reserved value: INVSTATE UsageFault */
99
- gen_exception_insn_el(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
100
- default_exception_el(s));
101
+ gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized());
102
return false;
103
}
104
}
105
diff --git a/target/arm/translate.c b/target/arm/translate.c
106
index XXXXXXX..XXXXXXX 100644
107
--- a/target/arm/translate.c
108
+++ b/target/arm/translate.c
109
@@ -XXX,XX +XXX,XX @@ void gen_exception_insn_el(DisasContext *s, uint64_t pc, int excp,
110
gen_exception_insn_el_v(s, pc, excp, syn, tcg_constant_i32(target_el));
111
}
112
113
+void gen_exception_insn(DisasContext *s, uint64_t pc, int excp, uint32_t syn)
114
+{
115
+ gen_exception_insn_el(s, pc, excp, syn, default_exception_el(s));
116
+}
117
+
118
static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
119
{
120
gen_set_condexec(s);
121
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
122
void unallocated_encoding(DisasContext *s)
123
{
124
/* Unallocated and reserved encodings are uncategorized */
125
- gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
126
- default_exception_el(s));
127
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized());
128
}
129
130
/* Force a TB lookup after an instruction that changes the CPU state. */
131
@@ -XXX,XX +XXX,XX @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
132
* an exception and return false. Otherwise it will return true,
133
* and set *tgtmode and *regno appropriately.
134
*/
135
- int exc_target = default_exception_el(s);
136
-
137
/* These instructions are present only in ARMv8, or in ARMv7 with the
138
* Virtualization Extensions.
139
*/
140
@@ -XXX,XX +XXX,XX @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
141
142
undef:
143
/* If we get here then some access check did not pass */
144
- gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
145
- syn_uncategorized(), exc_target);
146
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized());
147
return false;
148
}
149
150
@@ -XXX,XX +XXX,XX @@ static bool trans_LE(DisasContext *s, arg_LE *a)
151
tmp = load_cpu_field(v7m.ltpsize);
152
tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 4, skipexc);
153
tcg_temp_free_i32(tmp);
154
- gen_exception_insn_el(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
155
- default_exception_el(s));
156
+ gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized());
157
gen_set_label(skipexc);
158
}
159
160
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
161
* UsageFault exception.
162
*/
163
if (arm_dc_feature(s, ARM_FEATURE_M)) {
164
- gen_exception_insn_el(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
165
- default_exception_el(s));
166
+ gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized());
167
return;
168
}
169
170
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
171
* Illegal execution state. This has priority over BTI
172
* exceptions, but comes after instruction abort exceptions.
173
*/
174
- gen_exception_insn_el(s, s->pc_curr, EXCP_UDEF,
175
- syn_illegalstate(), default_exception_el(s));
176
+ gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_illegalstate());
177
return;
178
}
179
180
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
181
* Illegal execution state. This has priority over BTI
182
* exceptions, but comes after instruction abort exceptions.
183
*/
184
- gen_exception_insn_el(dc, dc->pc_curr, EXCP_UDEF,
185
- syn_illegalstate(), default_exception_el(dc));
186
+ gen_exception_insn(dc, dc->pc_curr, EXCP_UDEF, syn_illegalstate());
187
return;
188
}
189
190
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
191
*/
192
tcg_remove_ops_after(dc->insn_eci_rewind);
193
dc->condjmp = 0;
194
- gen_exception_insn_el(dc, dc->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
195
- default_exception_el(dc));
196
+ gen_exception_insn(dc, dc->pc_curr, EXCP_INVSTATE,
197
+ syn_uncategorized());
198
}
199
200
arm_post_translate_insn(dc);
201
--
202
2.25.1
diff view generated by jsdifflib
New patch
[PULL 13/28] target/arm: Create helper_exception_swstep
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Move the computation from gen_swstep_exception into a helper.
4
5
This fixes a bug when:
6
- MDSCR_EL1.KDE == 1 to enable debug exceptions within EL_D itself
7
- we singlestep an ERET from EL_D to some lower EL
8
9
Previously we were computing 'same el' based on the EL which
10
executed the ERET instruction, whereas it ought to be computed
11
based on the EL to which ERET returned. This happens naturally
12
with the new helper, which runs after EL has been changed.
13
14
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
16
Message-id: 20220609202901.1177572-14-richard.henderson@linaro.org
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
---
19
target/arm/helper.h | 1 +
20
target/arm/translate.h | 12 +++---------
21
target/arm/debug_helper.c | 16 ++++++++++++++++
22
3 files changed, 20 insertions(+), 9 deletions(-)
23
24
diff --git a/target/arm/helper.h b/target/arm/helper.h
25
index XXXXXXX..XXXXXXX 100644
26
--- a/target/arm/helper.h
27
+++ b/target/arm/helper.h
28
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_3(sel_flags, TCG_CALL_NO_RWG_SE,
29
DEF_HELPER_2(exception_internal, noreturn, env, i32)
30
DEF_HELPER_4(exception_with_syndrome_el, noreturn, env, i32, i32, i32)
31
DEF_HELPER_2(exception_bkpt_insn, noreturn, env, i32)
32
+DEF_HELPER_2(exception_swstep, noreturn, env, i32)
33
DEF_HELPER_2(exception_pc_alignment, noreturn, env, tl)
34
DEF_HELPER_1(setend, void, env)
35
DEF_HELPER_2(wfi, void, env, i32)
36
diff --git a/target/arm/translate.h b/target/arm/translate.h
37
index XXXXXXX..XXXXXXX 100644
38
--- a/target/arm/translate.h
39
+++ b/target/arm/translate.h
40
@@ -XXX,XX +XXX,XX @@ static inline void gen_exception(int excp, uint32_t syndrome,
41
/* Generate an architectural singlestep exception */
42
static inline void gen_swstep_exception(DisasContext *s, int isv, int ex)
43
{
44
- bool same_el = (s->debug_target_el == s->current_el);
45
-
46
- /*
47
- * If singlestep is targeting a lower EL than the current one,
48
- * then s->ss_active must be false and we can never get here.
49
- */
50
- assert(s->debug_target_el >= s->current_el);
51
-
52
- gen_exception(EXCP_UDEF, syn_swstep(same_el, isv, ex), s->debug_target_el);
53
+ /* Fill in the same_el field of the syndrome in the helper. */
54
+ uint32_t syn = syn_swstep(false, isv, ex);
55
+ gen_helper_exception_swstep(cpu_env, tcg_constant_i32(syn));
56
}
57
58
/*
59
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
60
index XXXXXXX..XXXXXXX 100644
61
--- a/target/arm/debug_helper.c
62
+++ b/target/arm/debug_helper.c
63
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome)
64
raise_exception(env, EXCP_BKPT, syndrome, debug_el);
65
}
66
67
+void HELPER(exception_swstep)(CPUARMState *env, uint32_t syndrome)
68
+{
69
+ int debug_el = arm_debug_target_el(env);
70
+ int cur_el = arm_current_el(env);
71
+
72
+ /*
73
+ * If singlestep is targeting a lower EL than the current one, then
74
+ * DisasContext.ss_active must be false and we can never get here.
75
+ */
76
+ assert(debug_el >= cur_el);
77
+ if (debug_el == cur_el) {
78
+ syndrome |= 1 << ARM_EL_EC_SHIFT;
79
+ }
80
+ raise_exception(env, EXCP_UDEF, syndrome, debug_el);
81
+}
82
+
83
#if !defined(CONFIG_USER_ONLY)
84
85
vaddr arm_adjust_watchpoint_address(CPUState *cs, vaddr addr, int len)
86
--
87
2.25.1
diff view generated by jsdifflib
New patch
[PULL 14/28] target/arm: Remove TBFLAG_ANY.DEBUG_TARGET_EL
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
We no longer need this value during translation,
4
as it is now handled within the helpers.
5
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20220609202901.1177572-15-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/cpu.h | 6 ++----
12
target/arm/translate.h | 2 --
13
target/arm/helper.c | 12 ++----------
14
target/arm/translate-a64.c | 1 -
15
target/arm/translate.c | 1 -
16
5 files changed, 4 insertions(+), 18 deletions(-)
17
18
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/cpu.h
21
+++ b/target/arm/cpu.h
22
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_ANY, BE_DATA, 3, 1)
23
FIELD(TBFLAG_ANY, MMUIDX, 4, 4)
24
/* Target EL if we take a floating-point-disabled exception */
25
FIELD(TBFLAG_ANY, FPEXC_EL, 8, 2)
26
-/* For A-profile only, target EL for debug exceptions. */
27
-FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 10, 2)
28
/* Memory operations require alignment: SCTLR_ELx.A or CCR.UNALIGN_TRP */
29
-FIELD(TBFLAG_ANY, ALIGN_MEM, 12, 1)
30
-FIELD(TBFLAG_ANY, PSTATE__IL, 13, 1)
31
+FIELD(TBFLAG_ANY, ALIGN_MEM, 10, 1)
32
+FIELD(TBFLAG_ANY, PSTATE__IL, 11, 1)
33
34
/*
35
* Bit usage when in AArch32 state, both A- and M-profile.
36
diff --git a/target/arm/translate.h b/target/arm/translate.h
37
index XXXXXXX..XXXXXXX 100644
38
--- a/target/arm/translate.h
39
+++ b/target/arm/translate.h
40
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
41
*/
42
uint32_t svc_imm;
43
int current_el;
44
- /* Debug target exception level for single-step exceptions */
45
- int debug_target_el;
46
GHashTable *cp_regs;
47
uint64_t features; /* CPU features bits */
48
bool aarch64;
49
diff --git a/target/arm/helper.c b/target/arm/helper.c
50
index XXXXXXX..XXXXXXX 100644
51
--- a/target/arm/helper.c
52
+++ b/target/arm/helper.c
53
@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_m32(CPUARMState *env, int fp_el,
54
return rebuild_hflags_common_32(env, fp_el, mmu_idx, flags);
55
}
56
57
-static CPUARMTBFlags rebuild_hflags_aprofile(CPUARMState *env)
58
-{
59
- CPUARMTBFlags flags = {};
60
-
61
- DP_TBFLAG_ANY(flags, DEBUG_TARGET_EL, arm_debug_target_el(env));
62
- return flags;
63
-}
64
-
65
static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
66
ARMMMUIdx mmu_idx)
67
{
68
- CPUARMTBFlags flags = rebuild_hflags_aprofile(env);
69
+ CPUARMTBFlags flags = {};
70
int el = arm_current_el(env);
71
72
if (arm_sctlr(env, el) & SCTLR_A) {
73
@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_a32(CPUARMState *env, int fp_el,
74
static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
75
ARMMMUIdx mmu_idx)
76
{
77
- CPUARMTBFlags flags = rebuild_hflags_aprofile(env);
78
+ CPUARMTBFlags flags = {};
79
ARMMMUIdx stage1 = stage_1_mmu_idx(mmu_idx);
80
uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
81
uint64_t sctlr;
82
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
83
index XXXXXXX..XXXXXXX 100644
84
--- a/target/arm/translate-a64.c
85
+++ b/target/arm/translate-a64.c
86
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
87
dc->ss_active = EX_TBFLAG_ANY(tb_flags, SS_ACTIVE);
88
dc->pstate_ss = EX_TBFLAG_ANY(tb_flags, PSTATE__SS);
89
dc->is_ldex = false;
90
- dc->debug_target_el = EX_TBFLAG_ANY(tb_flags, DEBUG_TARGET_EL);
91
92
/* Bound the number of insns to execute to those left on the page. */
93
bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
94
diff --git a/target/arm/translate.c b/target/arm/translate.c
95
index XXXXXXX..XXXXXXX 100644
96
--- a/target/arm/translate.c
97
+++ b/target/arm/translate.c
98
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
99
dc->v7m_lspact = EX_TBFLAG_M32(tb_flags, LSPACT);
100
dc->mve_no_pred = EX_TBFLAG_M32(tb_flags, MVE_NO_PRED);
101
} else {
102
- dc->debug_target_el = EX_TBFLAG_ANY(tb_flags, DEBUG_TARGET_EL);
103
dc->sctlr_b = EX_TBFLAG_A32(tb_flags, SCTLR__B);
104
dc->hstr_active = EX_TBFLAG_A32(tb_flags, HSTR_ACTIVE);
105
dc->ns = EX_TBFLAG_A32(tb_flags, NS);
106
--
107
2.25.1
diff view generated by jsdifflib
New patch
[PULL 15/28] target/arm: Move gen_exception to translate.c
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
This function is not required by any other translation file.
4
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20220609202901.1177572-16-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
target/arm/translate.h | 8 --------
11
target/arm/translate.c | 7 +++++++
12
2 files changed, 7 insertions(+), 8 deletions(-)
13
14
diff --git a/target/arm/translate.h b/target/arm/translate.h
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/translate.h
17
+++ b/target/arm/translate.h
18
@@ -XXX,XX +XXX,XX @@ static inline void gen_ss_advance(DisasContext *s)
19
}
20
}
21
22
-static inline void gen_exception(int excp, uint32_t syndrome,
23
- uint32_t target_el)
24
-{
25
- gen_helper_exception_with_syndrome_el(cpu_env, tcg_constant_i32(excp),
26
- tcg_constant_i32(syndrome),
27
- tcg_constant_i32(target_el));
28
-}
29
-
30
/* Generate an architectural singlestep exception */
31
static inline void gen_swstep_exception(DisasContext *s, int isv, int ex)
32
{
33
diff --git a/target/arm/translate.c b/target/arm/translate.c
34
index XXXXXXX..XXXXXXX 100644
35
--- a/target/arm/translate.c
36
+++ b/target/arm/translate.c
37
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
38
s->base.is_jmp = DISAS_NORETURN;
39
}
40
41
+static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el)
42
+{
43
+ gen_helper_exception_with_syndrome_el(cpu_env, tcg_constant_i32(excp),
44
+ tcg_constant_i32(syndrome),
45
+ tcg_constant_i32(target_el));
46
+}
47
+
48
static void gen_exception_insn_el_v(DisasContext *s, uint64_t pc, int excp,
49
uint32_t syn, TCGv_i32 tcg_el)
50
{
51
--
52
2.25.1
diff view generated by jsdifflib
New patch
[PULL 16/28] target/arm: Rename gen_exception to gen_exception_el
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20220609202901.1177572-17-richard.henderson@linaro.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
target/arm/translate.c | 18 +++++++++---------
9
1 file changed, 9 insertions(+), 9 deletions(-)
10
11
diff --git a/target/arm/translate.c b/target/arm/translate.c
12
index XXXXXXX..XXXXXXX 100644
13
--- a/target/arm/translate.c
14
+++ b/target/arm/translate.c
15
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
16
s->base.is_jmp = DISAS_NORETURN;
17
}
18
19
-static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el)
20
+static void gen_exception_el(int excp, uint32_t syndrome, uint32_t target_el)
21
{
22
gen_helper_exception_with_syndrome_el(cpu_env, tcg_constant_i32(excp),
23
tcg_constant_i32(syndrome),
24
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
25
switch (dc->base.is_jmp) {
26
case DISAS_SWI:
27
gen_ss_advance(dc);
28
- gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
29
- default_exception_el(dc));
30
+ gen_exception_el(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
31
+ default_exception_el(dc));
32
break;
33
case DISAS_HVC:
34
gen_ss_advance(dc);
35
- gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
36
+ gen_exception_el(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
37
break;
38
case DISAS_SMC:
39
gen_ss_advance(dc);
40
- gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
41
+ gen_exception_el(EXCP_SMC, syn_aa32_smc(), 3);
42
break;
43
case DISAS_NEXT:
44
case DISAS_TOO_MANY:
45
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
46
gen_helper_yield(cpu_env);
47
break;
48
case DISAS_SWI:
49
- gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
50
- default_exception_el(dc));
51
+ gen_exception_el(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
52
+ default_exception_el(dc));
53
break;
54
case DISAS_HVC:
55
- gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
56
+ gen_exception_el(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
57
break;
58
case DISAS_SMC:
59
- gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
60
+ gen_exception_el(EXCP_SMC, syn_aa32_smc(), 3);
61
break;
62
}
63
}
64
--
65
2.25.1
diff view generated by jsdifflib
[Qemu-devel] [PULL 03/10] hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory
[PULL 17/28] target/arm: Introduce gen_exception
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Lei Sun found while auditing the code that a CPU write would
3
Create a new wrapper function that passes the default
4
trigger a NULL pointer dereference.
4
exception target to gen_exception_el.
5
5
6
>From UG1085 datasheet [*] AXI writes in this region are ignored
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
and generates an AXI Slave Error (SLVERR).
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
8
Message-id: 20220609202901.1177572-18-richard.henderson@linaro.org
9
Fix by implementing the write_with_attrs() handler.
10
Return MEMTX_ERROR when the region is accessed (this error maps
11
to an AXI slave error).
12
13
[*] https://www.xilinx.com/support/documentation/user_guides/ug1085-zynq-ultrascale-trm.pdf
14
15
Reported-by: Lei Sun <slei.casper@gmail.com>
16
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
17
Tested-by: Francisco Iglesias <frasse.iglesias@gmail.com>
18
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
---
10
---
21
hw/ssi/xilinx_spips.c | 16 ++++++++++++++++
11
target/arm/translate.c | 11 +++++++----
22
1 file changed, 16 insertions(+)
12
1 file changed, 7 insertions(+), 4 deletions(-)
23
13
24
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
14
diff --git a/target/arm/translate.c b/target/arm/translate.c
25
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
26
--- a/hw/ssi/xilinx_spips.c
16
--- a/target/arm/translate.c
27
+++ b/hw/ssi/xilinx_spips.c
17
+++ b/target/arm/translate.c
28
@@ -XXX,XX +XXX,XX @@ static MemTxResult lqspi_read(void *opaque, hwaddr addr, uint64_t *value,
18
@@ -XXX,XX +XXX,XX @@ static void gen_exception_el(int excp, uint32_t syndrome, uint32_t target_el)
29
return lqspi_read(opaque, addr, value, size, attrs);
19
tcg_constant_i32(target_el));
30
}
20
}
31
21
32
+static MemTxResult lqspi_write(void *opaque, hwaddr offset, uint64_t value,
22
+static void gen_exception(DisasContext *s, int excp, uint32_t syndrome)
33
+ unsigned size, MemTxAttrs attrs)
34
+{
23
+{
35
+ /*
24
+ gen_exception_el(excp, syndrome, default_exception_el(s));
36
+ * From UG1085, Chapter 24 (Quad-SPI controllers):
37
+ * - Writes are ignored
38
+ * - AXI writes generate an external AXI slave error (SLVERR)
39
+ */
40
+ qemu_log_mask(LOG_GUEST_ERROR, "%s Unexpected %u-bit access to 0x%" PRIx64
41
+ " (value: 0x%" PRIx64 "\n",
42
+ __func__, size << 3, offset, value);
43
+
44
+ return MEMTX_ERROR;
45
+}
25
+}
46
+
26
+
47
static const MemoryRegionOps lqspi_ops = {
27
static void gen_exception_insn_el_v(DisasContext *s, uint64_t pc, int excp,
48
.read_with_attrs = lqspi_read,
28
uint32_t syn, TCGv_i32 tcg_el)
49
+ .write_with_attrs = lqspi_write,
29
{
50
.endianness = DEVICE_NATIVE_ENDIAN,
30
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
51
.valid = {
31
switch (dc->base.is_jmp) {
52
.min_access_size = 1,
32
case DISAS_SWI:
33
gen_ss_advance(dc);
34
- gen_exception_el(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
35
- default_exception_el(dc));
36
+ gen_exception(dc, EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb));
37
break;
38
case DISAS_HVC:
39
gen_ss_advance(dc);
40
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
41
gen_helper_yield(cpu_env);
42
break;
43
case DISAS_SWI:
44
- gen_exception_el(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
45
- default_exception_el(dc));
46
+ gen_exception(dc, EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb));
47
break;
48
case DISAS_HVC:
49
gen_exception_el(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
53
--
50
--
54
2.20.1
51
2.25.1
55
56
diff view generated by jsdifflib
[Qemu-devel] [PULL 06/10] hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO
[PULL 18/28] target/arm: Introduce gen_exception_el_v
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
In the previous commit we fixed a crash when the guest read a
3
Split out a common helper function for gen_exception_el
4
register that pop from an empty FIFO.
4
and gen_exception_insn_el_v.
5
By auditing the repository, we found another similar use with
6
an easy way to reproduce:
7
5
8
$ qemu-system-aarch64 -M xlnx-zcu102 -monitor stdio -S
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
QEMU 4.0.50 monitor - type 'help' for more information
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
(qemu) xp/b 0xfd4a0134
8
Message-id: 20220609202901.1177572-19-richard.henderson@linaro.org
11
Aborted (core dumped)
12
13
(gdb) bt
14
#0 0x00007f6936dea57f in raise () at /lib64/libc.so.6
15
#1 0x00007f6936dd4895 in abort () at /lib64/libc.so.6
16
#2 0x0000561ad32975ec in xlnx_dp_aux_pop_rx_fifo (s=0x7f692babee70) at hw/display/xlnx_dp.c:431
17
#3 0x0000561ad3297dc0 in xlnx_dp_read (opaque=0x7f692babee70, offset=77, size=4) at hw/display/xlnx_dp.c:667
18
#4 0x0000561ad321b896 in memory_region_read_accessor (mr=0x7f692babf620, addr=308, value=0x7ffe05c1db88, size=4, shift=0, mask=4294967295, attrs=...) at memory.c:439
19
#5 0x0000561ad321bd70 in access_with_adjusted_size (addr=308, value=0x7ffe05c1db88, size=1, access_size_min=4, access_size_max=4, access_fn=0x561ad321b858 <memory_region_read_accessor>, mr=0x7f692babf620, attrs=...) at memory.c:569
20
#6 0x0000561ad321e9d5 in memory_region_dispatch_read1 (mr=0x7f692babf620, addr=308, pval=0x7ffe05c1db88, size=1, attrs=...) at memory.c:1420
21
#7 0x0000561ad321ea9d in memory_region_dispatch_read (mr=0x7f692babf620, addr=308, pval=0x7ffe05c1db88, size=1, attrs=...) at memory.c:1447
22
#8 0x0000561ad31bd742 in flatview_read_continue (fv=0x561ad69c04f0, addr=4249485620, attrs=..., buf=0x7ffe05c1dcf0 "\020\335\301\005\376\177", len=1, addr1=308, l=1, mr=0x7f692babf620) at exec.c:3385
23
#9 0x0000561ad31bd895 in flatview_read (fv=0x561ad69c04f0, addr=4249485620, attrs=..., buf=0x7ffe05c1dcf0 "\020\335\301\005\376\177", len=1) at exec.c:3423
24
#10 0x0000561ad31bd90b in address_space_read_full (as=0x561ad5bb3020, addr=4249485620, attrs=..., buf=0x7ffe05c1dcf0 "\020\335\301\005\376\177", len=1) at exec.c:3436
25
#11 0x0000561ad33b1c42 in address_space_read (len=1, buf=0x7ffe05c1dcf0 "\020\335\301\005\376\177", attrs=..., addr=4249485620, as=0x561ad5bb3020) at include/exec/memory.h:2131
26
#12 0x0000561ad33b1c42 in memory_dump (mon=0x561ad59c4530, count=1, format=120, wsize=1, addr=4249485620, is_physical=1) at monitor/misc.c:723
27
#13 0x0000561ad33b1fc1 in hmp_physical_memory_dump (mon=0x561ad59c4530, qdict=0x561ad6c6fd00) at monitor/misc.c:795
28
#14 0x0000561ad37b4a9f in handle_hmp_command (mon=0x561ad59c4530, cmdline=0x561ad59d0f22 "/b 0x00000000fd4a0134") at monitor/hmp.c:1082
29
30
Fix by checking the FIFO is not empty before popping from it.
31
32
The datasheet is not clear about the reset value of this register,
33
we choose to return '0'.
34
35
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
36
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
37
Message-id: 20190709113715.7761-4-philmd@redhat.com
38
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
39
---
10
---
40
hw/display/xlnx_dp.c | 15 +++++++++++----
11
target/arm/translate.c | 13 ++++++++-----
41
1 file changed, 11 insertions(+), 4 deletions(-)
12
1 file changed, 8 insertions(+), 5 deletions(-)
42
13
43
diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c
14
diff --git a/target/arm/translate.c b/target/arm/translate.c
44
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
45
--- a/hw/display/xlnx_dp.c
16
--- a/target/arm/translate.c
46
+++ b/hw/display/xlnx_dp.c
17
+++ b/target/arm/translate.c
47
@@ -XXX,XX +XXX,XX @@ static uint8_t xlnx_dp_aux_pop_rx_fifo(XlnxDPState *s)
18
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
48
uint8_t ret;
19
s->base.is_jmp = DISAS_NORETURN;
49
20
}
50
if (fifo8_is_empty(&s->rx_fifo)) {
21
51
- DPRINTF("rx_fifo underflow..\n");
22
-static void gen_exception_el(int excp, uint32_t syndrome, uint32_t target_el)
52
- abort();
23
+static void gen_exception_el_v(int excp, uint32_t syndrome, TCGv_i32 tcg_el)
53
+ qemu_log_mask(LOG_GUEST_ERROR,
24
{
54
+ "%s: Reading empty RX_FIFO\n",
25
gen_helper_exception_with_syndrome_el(cpu_env, tcg_constant_i32(excp),
55
+ __func__);
26
- tcg_constant_i32(syndrome),
56
+ /*
27
- tcg_constant_i32(target_el));
57
+ * The datasheet is not clear about the reset value, it seems
28
+ tcg_constant_i32(syndrome), tcg_el);
58
+ * to be unspecified. We choose to return '0'.
29
+}
59
+ */
30
+
60
+ ret = 0;
31
+static void gen_exception_el(int excp, uint32_t syndrome, uint32_t target_el)
61
+ } else {
32
+{
62
+ ret = fifo8_pop(&s->rx_fifo);
33
+ gen_exception_el_v(excp, syndrome, tcg_constant_i32(target_el));
63
+ DPRINTF("pop 0x%" PRIX8 " from rx_fifo.\n", ret);
34
}
35
36
static void gen_exception(DisasContext *s, int excp, uint32_t syndrome)
37
@@ -XXX,XX +XXX,XX @@ static void gen_exception_insn_el_v(DisasContext *s, uint64_t pc, int excp,
38
gen_set_condexec(s);
39
gen_set_pc_im(s, pc);
64
}
40
}
65
- ret = fifo8_pop(&s->rx_fifo);
41
- gen_helper_exception_with_syndrome_el(cpu_env, tcg_constant_i32(excp),
66
- DPRINTF("pop 0x%" PRIX8 " from rx_fifo.\n", ret);
42
- tcg_constant_i32(syn), tcg_el);
67
return ret;
43
+ gen_exception_el_v(excp, syn, tcg_el);
44
s->base.is_jmp = DISAS_NORETURN;
68
}
45
}
69
46
70
--
47
--
71
2.20.1
48
2.25.1
72
73
diff view generated by jsdifflib
[Qemu-devel] [PULL 08/10] pl031: Correctly migrate state when using -rtc clock=host
[PULL 19/28] target/arm: Introduce helper_exception_with_syndrome
1
The PL031 RTC tracks the difference between the guest RTC
1
From: Richard Henderson <richard.henderson@linaro.org>
2
and the host RTC using a tick_offset field. For migration,
3
however, we currently always migrate the offset between
4
the guest and the vm_clock, even if the RTC clock is not
5
the same as the vm_clock; this was an attempt to retain
6
migration backwards compatibility.
7
2
8
Unfortunately this results in the RTC behaving oddly across
3
With the helper we can use exception_target_el at runtime,
9
a VM state save and restore -- since the VM clock stands still
4
instead of default_exception_el at translate time.
10
across save-then-restore, regardless of how much real world
5
While we're at it, remove the DisasContext parameter from
11
time has elapsed, the guest RTC ends up out of sync with the
6
gen_exception, as it is no longer used.
12
host RTC in the restored VM.
13
7
14
Fix this by migrating the raw tick_offset. To retain migration
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
15
compatibility as far as possible, we have a new property
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
16
migrate-tick-offset; by default this is 'true' and we will
10
Message-id: 20220609202901.1177572-20-richard.henderson@linaro.org
17
migrate the true tick offset in a new subsection; if the
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
incoming data has no subsection we fall back to the old
12
---
19
vm_clock-based offset information, so old->new migration
13
target/arm/helper.h | 1 +
20
compatibility is preserved. For complete new->old migration
14
target/arm/op_helper.c | 10 ++++++++++
21
compatibility, the property is set to 'false' for 4.0 and
15
target/arm/translate.c | 18 +++++++++++++-----
22
earlier machine types (this will only affect 'virt-4.0'
16
3 files changed, 24 insertions(+), 5 deletions(-)
23
and below, as none of the other pl031-using machines are
24
versioned).
25
17
26
Reported-by: Russell King <rmk@armlinux.org.uk>
18
diff --git a/target/arm/helper.h b/target/arm/helper.h
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
28
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
29
Message-id: 20190709143912.28905-1-peter.maydell@linaro.org
30
---
31
include/hw/timer/pl031.h | 2 +
32
hw/core/machine.c | 1 +
33
hw/timer/pl031.c | 92 ++++++++++++++++++++++++++++++++++++++--
34
3 files changed, 91 insertions(+), 4 deletions(-)
35
36
diff --git a/include/hw/timer/pl031.h b/include/hw/timer/pl031.h
37
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
38
--- a/include/hw/timer/pl031.h
20
--- a/target/arm/helper.h
39
+++ b/include/hw/timer/pl031.h
21
+++ b/target/arm/helper.h
40
@@ -XXX,XX +XXX,XX @@ typedef struct PL031State {
22
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_2(usad8, TCG_CALL_NO_RWG_SE, i32, i32, i32)
41
*/
23
DEF_HELPER_FLAGS_3(sel_flags, TCG_CALL_NO_RWG_SE,
42
uint32_t tick_offset_vmstate;
24
i32, i32, i32, i32)
43
uint32_t tick_offset;
25
DEF_HELPER_2(exception_internal, noreturn, env, i32)
44
+ bool tick_offset_migrated;
26
+DEF_HELPER_3(exception_with_syndrome, noreturn, env, i32, i32)
45
+ bool migrate_tick_offset;
27
DEF_HELPER_4(exception_with_syndrome_el, noreturn, env, i32, i32, i32)
46
28
DEF_HELPER_2(exception_bkpt_insn, noreturn, env, i32)
47
uint32_t mr;
29
DEF_HELPER_2(exception_swstep, noreturn, env, i32)
48
uint32_t lr;
30
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
49
diff --git a/hw/core/machine.c b/hw/core/machine.c
50
index XXXXXXX..XXXXXXX 100644
31
index XXXXXXX..XXXXXXX 100644
51
--- a/hw/core/machine.c
32
--- a/target/arm/op_helper.c
52
+++ b/hw/core/machine.c
33
+++ b/target/arm/op_helper.c
53
@@ -XXX,XX +XXX,XX @@ GlobalProperty hw_compat_4_0[] = {
34
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_with_syndrome_el)(CPUARMState *env, uint32_t excp,
54
{ "virtio-gpu-pci", "edid", "false" },
35
raise_exception(env, excp, syndrome, target_el);
55
{ "virtio-device", "use-started", "false" },
56
{ "virtio-balloon-device", "qemu-4-0-config-size", "true" },
57
+ { "pl031", "migrate-tick-offset", "false" },
58
};
59
const size_t hw_compat_4_0_len = G_N_ELEMENTS(hw_compat_4_0);
60
61
diff --git a/hw/timer/pl031.c b/hw/timer/pl031.c
62
index XXXXXXX..XXXXXXX 100644
63
--- a/hw/timer/pl031.c
64
+++ b/hw/timer/pl031.c
65
@@ -XXX,XX +XXX,XX @@ static int pl031_pre_save(void *opaque)
66
{
67
PL031State *s = opaque;
68
69
- /* tick_offset is base_time - rtc_clock base time. Instead, we want to
70
- * store the base time relative to the QEMU_CLOCK_VIRTUAL for backwards-compatibility. */
71
+ /*
72
+ * The PL031 device model code uses the tick_offset field, which is
73
+ * the offset between what the guest RTC should read and what the
74
+ * QEMU rtc_clock reads:
75
+ * guest_rtc = rtc_clock + tick_offset
76
+ * and so
77
+ * tick_offset = guest_rtc - rtc_clock
78
+ *
79
+ * We want to migrate this offset, which sounds straightforward.
80
+ * Unfortunately older versions of QEMU migrated a conversion of this
81
+ * offset into an offset from the vm_clock. (This was in turn an
82
+ * attempt to be compatible with even older QEMU versions, but it
83
+ * has incorrect behaviour if the rtc_clock is not the same as the
84
+ * vm_clock.) So we put the actual tick_offset into a migration
85
+ * subsection, and the backwards-compatible time-relative-to-vm_clock
86
+ * in the main migration state.
87
+ *
88
+ * Calculate base time relative to QEMU_CLOCK_VIRTUAL:
89
+ */
90
int64_t delta = qemu_clock_get_ns(rtc_clock) - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
91
s->tick_offset_vmstate = s->tick_offset + delta / NANOSECONDS_PER_SECOND;
92
93
return 0;
94
}
36
}
95
37
96
+static int pl031_pre_load(void *opaque)
38
+/*
39
+ * Raise an exception with the specified syndrome register value
40
+ * to the default target el.
41
+ */
42
+void HELPER(exception_with_syndrome)(CPUARMState *env, uint32_t excp,
43
+ uint32_t syndrome)
97
+{
44
+{
98
+ PL031State *s = opaque;
45
+ raise_exception(env, excp, syndrome, exception_target_el(env));
99
+
100
+ s->tick_offset_migrated = false;
101
+ return 0;
102
+}
46
+}
103
+
47
+
104
static int pl031_post_load(void *opaque, int version_id)
48
uint32_t HELPER(cpsr_read)(CPUARMState *env)
105
{
49
{
106
PL031State *s = opaque;
50
return cpsr_read(env) & ~CPSR_EXEC;
107
51
diff --git a/target/arm/translate.c b/target/arm/translate.c
108
- int64_t delta = qemu_clock_get_ns(rtc_clock) - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
52
index XXXXXXX..XXXXXXX 100644
109
- s->tick_offset = s->tick_offset_vmstate - delta / NANOSECONDS_PER_SECOND;
53
--- a/target/arm/translate.c
110
+ /*
54
+++ b/target/arm/translate.c
111
+ * If we got the tick_offset subsection, then we can just use
55
@@ -XXX,XX +XXX,XX @@ static void gen_exception_el(int excp, uint32_t syndrome, uint32_t target_el)
112
+ * the value in that. Otherwise the source is an older QEMU and
56
gen_exception_el_v(excp, syndrome, tcg_constant_i32(target_el));
113
+ * has given us the offset from the vm_clock; convert it back to
57
}
114
+ * an offset from the rtc_clock. This will cause time to incorrectly
58
115
+ * go backwards compared to the host RTC, but this is unavoidable.
59
-static void gen_exception(DisasContext *s, int excp, uint32_t syndrome)
116
+ */
60
+static void gen_exception(int excp, uint32_t syndrome)
117
+
61
{
118
+ if (!s->tick_offset_migrated) {
62
- gen_exception_el(excp, syndrome, default_exception_el(s));
119
+ int64_t delta = qemu_clock_get_ns(rtc_clock) -
63
+ gen_helper_exception_with_syndrome(cpu_env, tcg_constant_i32(excp),
120
+ qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
64
+ tcg_constant_i32(syndrome));
121
+ s->tick_offset = s->tick_offset_vmstate -
65
}
122
+ delta / NANOSECONDS_PER_SECOND;
66
67
static void gen_exception_insn_el_v(DisasContext *s, uint64_t pc, int excp,
68
@@ -XXX,XX +XXX,XX @@ void gen_exception_insn_el(DisasContext *s, uint64_t pc, int excp,
69
70
void gen_exception_insn(DisasContext *s, uint64_t pc, int excp, uint32_t syn)
71
{
72
- gen_exception_insn_el(s, pc, excp, syn, default_exception_el(s));
73
+ if (s->aarch64) {
74
+ gen_a64_set_pc_im(pc);
75
+ } else {
76
+ gen_set_condexec(s);
77
+ gen_set_pc_im(s, pc);
123
+ }
78
+ }
124
pl031_set_alarm(s);
79
+ gen_exception(excp, syn);
125
return 0;
80
+ s->base.is_jmp = DISAS_NORETURN;
126
}
81
}
127
82
128
+static int pl031_tick_offset_post_load(void *opaque, int version_id)
83
static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
129
+{
84
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
130
+ PL031State *s = opaque;
85
switch (dc->base.is_jmp) {
131
+
86
case DISAS_SWI:
132
+ s->tick_offset_migrated = true;
87
gen_ss_advance(dc);
133
+ return 0;
88
- gen_exception(dc, EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb));
134
+}
89
+ gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb));
135
+
90
break;
136
+static bool pl031_tick_offset_needed(void *opaque)
91
case DISAS_HVC:
137
+{
92
gen_ss_advance(dc);
138
+ PL031State *s = opaque;
93
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
139
+
94
gen_helper_yield(cpu_env);
140
+ return s->migrate_tick_offset;
95
break;
141
+}
96
case DISAS_SWI:
142
+
97
- gen_exception(dc, EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb));
143
+static const VMStateDescription vmstate_pl031_tick_offset = {
98
+ gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb));
144
+ .name = "pl031/tick-offset",
99
break;
145
+ .version_id = 1,
100
case DISAS_HVC:
146
+ .minimum_version_id = 1,
101
gen_exception_el(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
147
+ .needed = pl031_tick_offset_needed,
148
+ .post_load = pl031_tick_offset_post_load,
149
+ .fields = (VMStateField[]) {
150
+ VMSTATE_UINT32(tick_offset, PL031State),
151
+ VMSTATE_END_OF_LIST()
152
+ }
153
+};
154
+
155
static const VMStateDescription vmstate_pl031 = {
156
.name = "pl031",
157
.version_id = 1,
158
.minimum_version_id = 1,
159
.pre_save = pl031_pre_save,
160
+ .pre_load = pl031_pre_load,
161
.post_load = pl031_post_load,
162
.fields = (VMStateField[]) {
163
VMSTATE_UINT32(tick_offset_vmstate, PL031State),
164
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_pl031 = {
165
VMSTATE_UINT32(im, PL031State),
166
VMSTATE_UINT32(is, PL031State),
167
VMSTATE_END_OF_LIST()
168
+ },
169
+ .subsections = (const VMStateDescription*[]) {
170
+ &vmstate_pl031_tick_offset,
171
+ NULL
172
}
173
};
174
175
+static Property pl031_properties[] = {
176
+ /*
177
+ * True to correctly migrate the tick offset of the RTC. False to
178
+ * obtain backward migration compatibility with older QEMU versions,
179
+ * at the expense of the guest RTC going backwards compared with the
180
+ * host RTC when the VM is saved/restored if using -rtc host.
181
+ * (Even if set to 'true' older QEMU can migrate forward to newer QEMU;
182
+ * 'false' also permits newer QEMU to migrate to older QEMU.)
183
+ */
184
+ DEFINE_PROP_BOOL("migrate-tick-offset",
185
+ PL031State, migrate_tick_offset, true),
186
+ DEFINE_PROP_END_OF_LIST()
187
+};
188
+
189
static void pl031_class_init(ObjectClass *klass, void *data)
190
{
191
DeviceClass *dc = DEVICE_CLASS(klass);
192
193
dc->vmsd = &vmstate_pl031;
194
+ dc->props = pl031_properties;
195
}
196
197
static const TypeInfo pl031_info = {
198
--
102
--
199
2.20.1
103
2.25.1
200
201
diff view generated by jsdifflib
New patch
[PULL 20/28] target/arm: Remove default_exception_el
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
This function is no longer used. At the same time, remove
4
DisasContext.secure_routed_to_el3, as it in turn becomes unused.
5
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20220609202901.1177572-21-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/translate.h | 16 ----------------
12
target/arm/translate-a64.c | 5 -----
13
target/arm/translate.c | 5 -----
14
3 files changed, 26 deletions(-)
15
16
diff --git a/target/arm/translate.h b/target/arm/translate.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/translate.h
19
+++ b/target/arm/translate.h
20
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
21
int fp_excp_el; /* FP exception EL or 0 if enabled */
22
int sve_excp_el; /* SVE exception EL or 0 if enabled */
23
int vl; /* current vector length in bytes */
24
- /* Flag indicating that exceptions from secure mode are routed to EL3. */
25
- bool secure_routed_to_el3;
26
bool vfp_enabled; /* FP enabled via FPSCR.EN */
27
int vec_len;
28
int vec_stride;
29
@@ -XXX,XX +XXX,XX @@ static inline int get_mem_index(DisasContext *s)
30
return arm_to_core_mmu_idx(s->mmu_idx);
31
}
32
33
-/* Function used to determine the target exception EL when otherwise not known
34
- * or default.
35
- */
36
-static inline int default_exception_el(DisasContext *s)
37
-{
38
- /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
39
- * there is no secure EL1, so we route exceptions to EL3. Otherwise,
40
- * exceptions can only be routed to ELs above 1, so we target the higher of
41
- * 1 or the current EL.
42
- */
43
- return (s->mmu_idx == ARMMMUIdx_SE10_0 && s->secure_routed_to_el3)
44
- ? 3 : MAX(1, s->current_el);
45
-}
46
-
47
static inline void disas_set_insn_syndrome(DisasContext *s, uint32_t syn)
48
{
49
/* We don't need to save all of the syndrome so we mask and shift
50
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
51
index XXXXXXX..XXXXXXX 100644
52
--- a/target/arm/translate-a64.c
53
+++ b/target/arm/translate-a64.c
54
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
55
dc->condjmp = 0;
56
57
dc->aarch64 = true;
58
- /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
59
- * there is no secure EL1, so we route exceptions to EL3.
60
- */
61
- dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
62
- !arm_el_is_aa64(env, 3);
63
dc->thumb = false;
64
dc->sctlr_b = 0;
65
dc->be_data = EX_TBFLAG_ANY(tb_flags, BE_DATA) ? MO_BE : MO_LE;
66
diff --git a/target/arm/translate.c b/target/arm/translate.c
67
index XXXXXXX..XXXXXXX 100644
68
--- a/target/arm/translate.c
69
+++ b/target/arm/translate.c
70
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
71
dc->condjmp = 0;
72
73
dc->aarch64 = false;
74
- /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
75
- * there is no secure EL1, so we route exceptions to EL3.
76
- */
77
- dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
78
- !arm_el_is_aa64(env, 3);
79
dc->thumb = EX_TBFLAG_AM32(tb_flags, THUMB);
80
dc->be_data = EX_TBFLAG_ANY(tb_flags, BE_DATA) ? MO_BE : MO_LE;
81
condexec = EX_TBFLAG_AM32(tb_flags, CONDEXEC);
82
--
83
2.25.1
diff view generated by jsdifflib
[Qemu-devel] [PULL 02/10] hw/ssi/xilinx_spips: Convert lqspi_read() to read_with_attrs
[PULL 21/28] target/arm: Create raise_exception_debug
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
In the next commit we will implement the write_with_attrs()
3
Handle the debug vs current el exception test in one place.
4
handler. To avoid using different APIs, convert the read()
4
Leave EXCP_BKPT alone, since that treats debug < current differently.
5
handler first.
6
5
7
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Tested-by: Francisco Iglesias <frasse.iglesias@gmail.com>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Message-id: 20220609202901.1177572-22-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
10
---
12
hw/ssi/xilinx_spips.c | 23 +++++++++++------------
11
target/arm/debug_helper.c | 44 +++++++++++++++++++++------------------
13
1 file changed, 11 insertions(+), 12 deletions(-)
12
1 file changed, 24 insertions(+), 20 deletions(-)
14
13
15
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
14
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
16
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/ssi/xilinx_spips.c
16
--- a/target/arm/debug_helper.c
18
+++ b/hw/ssi/xilinx_spips.c
17
+++ b/target/arm/debug_helper.c
19
@@ -XXX,XX +XXX,XX @@ static void lqspi_load_cache(void *opaque, hwaddr addr)
18
@@ -XXX,XX +XXX,XX @@
19
#include "exec/helper-proto.h"
20
21
22
+/*
23
+ * Raise an exception to the debug target el.
24
+ * Modify syndrome to indicate when origin and target EL are the same.
25
+ */
26
+G_NORETURN static void
27
+raise_exception_debug(CPUARMState *env, uint32_t excp, uint32_t syndrome)
28
+{
29
+ int debug_el = arm_debug_target_el(env);
30
+ int cur_el = arm_current_el(env);
31
+
32
+ /*
33
+ * If singlestep is targeting a lower EL than the current one, then
34
+ * DisasContext.ss_active must be false and we can never get here.
35
+ * Similarly for watchpoint and breakpoint matches.
36
+ */
37
+ assert(debug_el >= cur_el);
38
+ syndrome |= (debug_el == cur_el) << ARM_EL_EC_SHIFT;
39
+ raise_exception(env, excp, syndrome, debug_el);
40
+}
41
+
42
/* See AArch64.GenerateDebugExceptionsFrom() in ARM ARM pseudocode */
43
static bool aa64_generate_debug_exceptions(CPUARMState *env)
44
{
45
@@ -XXX,XX +XXX,XX @@ void arm_debug_excp_handler(CPUState *cs)
46
if (wp_hit) {
47
if (wp_hit->flags & BP_CPU) {
48
bool wnr = (wp_hit->flags & BP_WATCHPOINT_HIT_WRITE) != 0;
49
- bool same_el = arm_debug_target_el(env) == arm_current_el(env);
50
51
cs->watchpoint_hit = NULL;
52
53
env->exception.fsr = arm_debug_exception_fsr(env);
54
env->exception.vaddress = wp_hit->hitaddr;
55
- raise_exception(env, EXCP_DATA_ABORT,
56
- syn_watchpoint(same_el, 0, wnr),
57
- arm_debug_target_el(env));
58
+ raise_exception_debug(env, EXCP_DATA_ABORT,
59
+ syn_watchpoint(0, 0, wnr));
60
}
61
} else {
62
uint64_t pc = is_a64(env) ? env->pc : env->regs[15];
63
- bool same_el = (arm_debug_target_el(env) == arm_current_el(env));
64
65
/*
66
* (1) GDB breakpoints should be handled first.
67
@@ -XXX,XX +XXX,XX @@ void arm_debug_excp_handler(CPUState *cs)
68
* exception/security level.
69
*/
70
env->exception.vaddress = 0;
71
- raise_exception(env, EXCP_PREFETCH_ABORT,
72
- syn_breakpoint(same_el),
73
- arm_debug_target_el(env));
74
+ raise_exception_debug(env, EXCP_PREFETCH_ABORT, syn_breakpoint(0));
20
}
75
}
21
}
76
}
22
77
23
-static uint64_t
78
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome)
24
-lqspi_read(void *opaque, hwaddr addr, unsigned int size)
79
25
+static MemTxResult lqspi_read(void *opaque, hwaddr addr, uint64_t *value,
80
void HELPER(exception_swstep)(CPUARMState *env, uint32_t syndrome)
26
+ unsigned size, MemTxAttrs attrs)
27
{
81
{
28
- XilinxQSPIPS *q = opaque;
82
- int debug_el = arm_debug_target_el(env);
29
- uint32_t ret;
83
- int cur_el = arm_current_el(env);
30
+ XilinxQSPIPS *q = XILINX_QSPIPS(opaque);
84
-
31
85
- /*
32
if (addr >= q->lqspi_cached_addr &&
86
- * If singlestep is targeting a lower EL than the current one, then
33
addr <= q->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) {
87
- * DisasContext.ss_active must be false and we can never get here.
34
uint8_t *retp = &q->lqspi_buf[addr - q->lqspi_cached_addr];
88
- */
35
- ret = cpu_to_le32(*(uint32_t *)retp);
89
- assert(debug_el >= cur_el);
36
- DB_PRINT_L(1, "addr: %08x, data: %08x\n", (unsigned)addr,
90
- if (debug_el == cur_el) {
37
- (unsigned)ret);
91
- syndrome |= 1 << ARM_EL_EC_SHIFT;
38
- return ret;
92
- }
39
- } else {
93
- raise_exception(env, EXCP_UDEF, syndrome, debug_el);
40
- lqspi_load_cache(opaque, addr);
94
+ raise_exception_debug(env, EXCP_UDEF, syndrome);
41
- return lqspi_read(opaque, addr, size);
42
+ *value = cpu_to_le32(*(uint32_t *)retp);
43
+ DB_PRINT_L(1, "addr: %08" HWADDR_PRIx ", data: %08" PRIx64 "\n",
44
+ addr, *value);
45
+ return MEMTX_OK;
46
}
47
+
48
+ lqspi_load_cache(opaque, addr);
49
+ return lqspi_read(opaque, addr, value, size, attrs);
50
}
95
}
51
96
52
static const MemoryRegionOps lqspi_ops = {
97
#if !defined(CONFIG_USER_ONLY)
53
- .read = lqspi_read,
54
+ .read_with_attrs = lqspi_read,
55
.endianness = DEVICE_NATIVE_ENDIAN,
56
.valid = {
57
.min_access_size = 1,
58
--
98
--
59
2.20.1
99
2.25.1
60
61
diff view generated by jsdifflib
New patch
[PULL 22/28] target/arm: Move arm_debug_target_el to debug_helper.c
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
This function is no longer used outside debug_helper.c.
4
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20220609202901.1177572-23-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
target/arm/cpu.h | 21 ---------------------
11
target/arm/debug_helper.c | 21 +++++++++++++++++++++
12
2 files changed, 21 insertions(+), 21 deletions(-)
13
14
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/cpu.h
17
+++ b/target/arm/cpu.h
18
@@ -XXX,XX +XXX,XX @@ typedef enum ARMASIdx {
19
ARMASIdx_TagS = 3,
20
} ARMASIdx;
21
22
-/* Return the Exception Level targeted by debug exceptions. */
23
-static inline int arm_debug_target_el(CPUARMState *env)
24
-{
25
- bool secure = arm_is_secure(env);
26
- bool route_to_el2 = false;
27
-
28
- if (arm_is_el2_enabled(env)) {
29
- route_to_el2 = env->cp15.hcr_el2 & HCR_TGE ||
30
- env->cp15.mdcr_el2 & MDCR_TDE;
31
- }
32
-
33
- if (route_to_el2) {
34
- return 2;
35
- } else if (arm_feature(env, ARM_FEATURE_EL3) &&
36
- !arm_el_is_aa64(env, 3) && secure) {
37
- return 3;
38
- } else {
39
- return 1;
40
- }
41
-}
42
-
43
static inline bool arm_v7m_csselr_razwi(ARMCPU *cpu)
44
{
45
/* If all the CLIDR.Ctypem bits are 0 there are no caches, and
46
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
47
index XXXXXXX..XXXXXXX 100644
48
--- a/target/arm/debug_helper.c
49
+++ b/target/arm/debug_helper.c
50
@@ -XXX,XX +XXX,XX @@
51
#include "exec/helper-proto.h"
52
53
54
+/* Return the Exception Level targeted by debug exceptions. */
55
+static int arm_debug_target_el(CPUARMState *env)
56
+{
57
+ bool secure = arm_is_secure(env);
58
+ bool route_to_el2 = false;
59
+
60
+ if (arm_is_el2_enabled(env)) {
61
+ route_to_el2 = env->cp15.hcr_el2 & HCR_TGE ||
62
+ env->cp15.mdcr_el2 & MDCR_TDE;
63
+ }
64
+
65
+ if (route_to_el2) {
66
+ return 2;
67
+ } else if (arm_feature(env, ARM_FEATURE_EL3) &&
68
+ !arm_el_is_aa64(env, 3) && secure) {
69
+ return 3;
70
+ } else {
71
+ return 1;
72
+ }
73
+}
74
+
75
/*
76
* Raise an exception to the debug target el.
77
* Modify syndrome to indicate when origin and target EL are the same.
78
--
79
2.25.1
diff view generated by jsdifflib
[Qemu-devel] [PULL 04/10] hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[]
[PULL 23/28] target/arm: Fix Secure PL1 tests in fp_exception_el
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Both lqspi_read() and lqspi_load_cache() expect a 32-bit
3
We were using arm_is_secure and is_a64, which are
4
aligned address.
4
tests against the current EL, as opposed to
5
arm_el_is_aa64 and arm_is_secure_below_el3, which
6
can be applied to a different EL than current.
7
Consolidate the two tests.
5
8
6
>From UG1085 datasheet [*] chapter on 'Quad-SPI Controller':
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
10
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Transfer Size Limitations
11
Message-id: 20220609202901.1177572-24-richard.henderson@linaro.org
9
10
Because of the 32-bit wide TX, RX, and generic FIFO, all
11
APB/AXI transfers must be an integer multiple of 4-bytes.
12
Shorter transfers are not possible.
13
14
Set MemoryRegionOps.impl values to force 32-bit accesses,
15
this way we are sure we do not access the lqspi_buf[] array
16
out of bound.
17
18
[*] https://www.xilinx.com/support/documentation/user_guides/ug1085-zynq-ultrascale-trm.pdf
19
20
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
21
Tested-by: Francisco Iglesias <frasse.iglesias@gmail.com>
22
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
23
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
24
---
13
---
25
hw/ssi/xilinx_spips.c | 4 ++++
14
target/arm/helper.c | 23 +++++++++--------------
26
1 file changed, 4 insertions(+)
15
1 file changed, 9 insertions(+), 14 deletions(-)
27
16
28
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
29
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
30
--- a/hw/ssi/xilinx_spips.c
19
--- a/target/arm/helper.c
31
+++ b/hw/ssi/xilinx_spips.c
20
+++ b/target/arm/helper.c
32
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps lqspi_ops = {
21
@@ -XXX,XX +XXX,XX @@ int fp_exception_el(CPUARMState *env, int cur_el)
33
.read_with_attrs = lqspi_read,
22
int fpen = FIELD_EX64(env->cp15.cpacr_el1, CPACR_EL1, FPEN);
34
.write_with_attrs = lqspi_write,
23
35
.endianness = DEVICE_NATIVE_ENDIAN,
24
switch (fpen) {
36
+ .impl = {
25
+ case 1:
37
+ .min_access_size = 4,
26
+ if (cur_el != 0) {
38
+ .max_access_size = 4,
27
+ break;
39
+ },
28
+ }
40
.valid = {
29
+ /* fall through */
41
.min_access_size = 1,
30
case 0:
42
.max_access_size = 4
31
case 2:
32
- if (cur_el == 0 || cur_el == 1) {
33
- /* Trap to PL1, which might be EL1 or EL3 */
34
- if (arm_is_secure(env) && !arm_el_is_aa64(env, 3)) {
35
- return 3;
36
- }
37
- return 1;
38
- }
39
- if (cur_el == 3 && !is_a64(env)) {
40
- /* Secure PL1 running at EL3 */
41
+ /* Trap from Secure PL0 or PL1 to Secure PL1. */
42
+ if (!arm_el_is_aa64(env, 3)
43
+ && (cur_el == 3 || arm_is_secure_below_el3(env))) {
44
return 3;
45
}
46
- break;
47
- case 1:
48
- if (cur_el == 0) {
49
+ if (cur_el <= 1) {
50
return 1;
51
}
52
break;
53
- case 3:
54
- break;
55
}
56
}
57
43
--
58
--
44
2.20.1
59
2.25.1
45
46
diff view generated by jsdifflib
[Qemu-devel] [PULL 07/10] hw/arm/virt: Fix non-secure flash mode
[PULL 24/28] tests/qtest: Reduce npcm7xx_sdhci test image size
1
From: David Engraf <david.engraf@sysgo.com>
1
From: Hao Wu <wuhaotsh@google.com>
2
2
3
Using the whole 128 MiB flash in non-secure mode is not working because
3
Creating 1GB image for a simple qtest is unnecessary
4
virt_flash_fdt() expects the same address for secure_sysmem and sysmem.
4
and could lead to failures. We reduce the image size
5
This is not correctly handled by caller because it forwards NULL for
5
to 1MB to reduce the test overhead.
6
secure_sysmem in non-secure flash mode.
7
6
8
Fixed by using sysmem when secure_sysmem is NULL.
7
Signed-off-by: Hao Wu <wuhaotsh@google.com>
9
8
Message-id: 20220609214125.4192212-1-wuhaotsh@google.com
10
Signed-off-by: David Engraf <david.engraf@sysgo.com>
11
Message-id: 20190712075002.14326-1-david.engraf@sysgo.com
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
11
---
15
hw/arm/virt.c | 2 +-
12
tests/qtest/npcm7xx_sdhci-test.c | 2 +-
16
1 file changed, 1 insertion(+), 1 deletion(-)
13
1 file changed, 1 insertion(+), 1 deletion(-)
17
14
18
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
15
diff --git a/tests/qtest/npcm7xx_sdhci-test.c b/tests/qtest/npcm7xx_sdhci-test.c
19
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
20
--- a/hw/arm/virt.c
17
--- a/tests/qtest/npcm7xx_sdhci-test.c
21
+++ b/hw/arm/virt.c
18
+++ b/tests/qtest/npcm7xx_sdhci-test.c
22
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
19
@@ -XXX,XX +XXX,XX @@
23
&machine->device_memory->mr);
20
#define NPCM7XX_REG_SIZE 0x100
24
}
21
#define NPCM7XX_MMC_BA 0xF0842000
25
22
#define NPCM7XX_BLK_SIZE 512
26
- virt_flash_fdt(vms, sysmem, secure_sysmem);
23
-#define NPCM7XX_TEST_IMAGE_SIZE (1 << 30)
27
+ virt_flash_fdt(vms, sysmem, secure_sysmem ?: sysmem);
24
+#define NPCM7XX_TEST_IMAGE_SIZE (1 << 20)
28
25
29
create_gic(vms, pic);
26
char *sd_path;
30
27
31
--
28
--
32
2.20.1
29
2.25.1
33
34
diff view generated by jsdifflib
[Qemu-devel] [PULL 01/10] target/arm: report ARMv8-A FP support for AArch32 -cpu max
[PULL 25/28] target/arm: Adjust format test in scr_write
1
From: Alex Bennée <alex.bennee@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
When we converted to using feature bits in 602f6e42cfbf we missed out
3
Because reset always initializes the AA64 version, SCR_EL3,
4
the fact (dp && arm_dc_feature(s, ARM_FEATURE_V8)) was supported for
4
test the mode of EL3 instead of the type of the cpreg.
5
-cpu max configurations. This caused a regression in the GCC test
6
suite. Fix this by setting the appropriate bits in mvfr1.FPHP to
7
report ARMv8-A with FP support (but not ARMv8.2-FP16).
8
5
9
Fixes: https://bugs.launchpad.net/qemu/+bug/1836078
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
7
Message-id: 20220609214657.1217913-2-richard.henderson@linaro.org
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Message-id: 20190711103737.10017-1-alex.bennee@linaro.org
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
10
---
15
target/arm/cpu.c | 4 ++++
11
target/arm/helper.c | 14 ++++++++------
16
1 file changed, 4 insertions(+)
12
1 file changed, 8 insertions(+), 6 deletions(-)
17
13
18
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
14
diff --git a/target/arm/helper.c b/target/arm/helper.c
19
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/cpu.c
16
--- a/target/arm/helper.c
21
+++ b/target/arm/cpu.c
17
+++ b/target/arm/helper.c
22
@@ -XXX,XX +XXX,XX @@ static void arm_max_initfn(Object *obj)
18
@@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
23
t = FIELD_DP32(t, ID_ISAR6, SPECRES, 1);
19
uint32_t valid_mask = 0x3fff;
24
cpu->isar.id_isar6 = t;
20
ARMCPU *cpu = env_archcpu(env);
25
21
26
+ t = cpu->isar.mvfr1;
22
- if (ri->state == ARM_CP_STATE_AA64) {
27
+ t = FIELD_DP32(t, MVFR1, FPHP, 2); /* v8.0 FP support */
23
- if (arm_feature(env, ARM_FEATURE_AARCH64) &&
28
+ cpu->isar.mvfr1 = t;
24
- !cpu_isar_feature(aa64_aa32_el1, cpu)) {
29
+
25
- value |= SCR_FW | SCR_AW; /* these two bits are RES1. */
30
t = cpu->isar.mvfr2;
26
- }
31
t = FIELD_DP32(t, MVFR2, SIMDMISC, 3); /* SIMD MaxNum */
27
- valid_mask &= ~SCR_NET;
32
t = FIELD_DP32(t, MVFR2, FPMISC, 4); /* FP MaxNum */
28
+ /*
29
+ * Because SCR_EL3 is the "real" cpreg and SCR is the alias, reset always
30
+ * passes the reginfo for SCR_EL3, which has type ARM_CP_STATE_AA64.
31
+ * Instead, choose the format based on the mode of EL3.
32
+ */
33
+ if (arm_el_is_aa64(env, 3)) {
34
+ value |= SCR_FW | SCR_AW; /* RES1 */
35
+ valid_mask &= ~SCR_NET; /* RES0 */
36
37
if (cpu_isar_feature(aa64_ras, cpu)) {
38
valid_mask |= SCR_TERR;
33
--
39
--
34
2.20.1
40
2.25.1
35
36
diff view generated by jsdifflib
[Qemu-devel] [PULL 05/10] hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO
[PULL 26/28] target/arm: SCR_EL3.RW is RAO/WI without AArch32 EL[12]
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Reading the RX_DATA register when the RX_FIFO is empty triggers
3
Since DDI0487F.a, the RW bit is RAO/WI. When specifically
4
an abort. This can be easily reproduced:
4
targeting such a cpu, e.g. cortex-a76, it is legitimate to
5
ignore the bit within the secure monitor.
5
6
6
$ qemu-system-arm -M emcraft-sf2 -monitor stdio -S
7
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1062
7
QEMU 4.0.50 monitor - type 'help' for more information
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
(qemu) x 0x40001010
9
Message-id: 20220609214657.1217913-3-richard.henderson@linaro.org
9
Aborted (core dumped)
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
11
(gdb) bt
12
#1 0x00007f035874f895 in abort () at /lib64/libc.so.6
13
#2 0x00005628686591ff in fifo8_pop (fifo=0x56286a9a4c68) at util/fifo8.c:66
14
#3 0x00005628683e0b8e in fifo32_pop (fifo=0x56286a9a4c68) at include/qemu/fifo32.h:137
15
#4 0x00005628683e0efb in spi_read (opaque=0x56286a9a4850, addr=4, size=4) at hw/ssi/mss-spi.c:168
16
#5 0x0000562867f96801 in memory_region_read_accessor (mr=0x56286a9a4b60, addr=16, value=0x7ffeecb0c5c8, size=4, shift=0, mask=4294967295, attrs=...) at memory.c:439
17
#6 0x0000562867f96cdb in access_with_adjusted_size (addr=16, value=0x7ffeecb0c5c8, size=4, access_size_min=1, access_size_max=4, access_fn=0x562867f967c3 <memory_region_read_accessor>, mr=0x56286a9a4b60, attrs=...) at memory.c:569
18
#7 0x0000562867f99940 in memory_region_dispatch_read1 (mr=0x56286a9a4b60, addr=16, pval=0x7ffeecb0c5c8, size=4, attrs=...) at memory.c:1420
19
#8 0x0000562867f99a08 in memory_region_dispatch_read (mr=0x56286a9a4b60, addr=16, pval=0x7ffeecb0c5c8, size=4, attrs=...) at memory.c:1447
20
#9 0x0000562867f38721 in flatview_read_continue (fv=0x56286aec6360, addr=1073745936, attrs=..., buf=0x7ffeecb0c7c0 "\340ǰ\354\376\177", len=4, addr1=16, l=4, mr=0x56286a9a4b60) at exec.c:3385
21
#10 0x0000562867f38874 in flatview_read (fv=0x56286aec6360, addr=1073745936, attrs=..., buf=0x7ffeecb0c7c0 "\340ǰ\354\376\177", len=4) at exec.c:3423
22
#11 0x0000562867f388ea in address_space_read_full (as=0x56286aa3e890, addr=1073745936, attrs=..., buf=0x7ffeecb0c7c0 "\340ǰ\354\376\177", len=4) at exec.c:3436
23
#12 0x0000562867f389c5 in address_space_rw (as=0x56286aa3e890, addr=1073745936, attrs=..., buf=0x7ffeecb0c7c0 "\340ǰ\354\376\177", len=4, is_write=false) at exec.c:3466
24
#13 0x0000562867f3bdd7 in cpu_memory_rw_debug (cpu=0x56286aa19d00, addr=1073745936, buf=0x7ffeecb0c7c0 "\340ǰ\354\376\177", len=4, is_write=0) at exec.c:3976
25
#14 0x000056286811ed51 in memory_dump (mon=0x56286a8c32d0, count=1, format=120, wsize=4, addr=1073745936, is_physical=0) at monitor/misc.c:730
26
#15 0x000056286811eff1 in hmp_memory_dump (mon=0x56286a8c32d0, qdict=0x56286b15c400) at monitor/misc.c:785
27
#16 0x00005628684740ee in handle_hmp_command (mon=0x56286a8c32d0, cmdline=0x56286a8caeb2 "0x40001010") at monitor/hmp.c:1082
28
29
From the datasheet "Actel SmartFusion Microcontroller Subsystem
30
User's Guide" Rev.1, Table 13-3 "SPI Register Summary", this
31
register has a reset value of 0.
32
33
Check the FIFO is not empty before accessing it, else log an
34
error message.
35
36
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
37
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
38
Message-id: 20190709113715.7761-3-philmd@redhat.com
39
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
40
---
12
---
41
hw/ssi/mss-spi.c | 8 +++++++-
13
target/arm/cpu.h | 5 +++++
42
1 file changed, 7 insertions(+), 1 deletion(-)
14
target/arm/helper.c | 4 ++++
15
2 files changed, 9 insertions(+)
43
16
44
diff --git a/hw/ssi/mss-spi.c b/hw/ssi/mss-spi.c
17
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
45
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
46
--- a/hw/ssi/mss-spi.c
19
--- a/target/arm/cpu.h
47
+++ b/hw/ssi/mss-spi.c
20
+++ b/target/arm/cpu.h
48
@@ -XXX,XX +XXX,XX @@ spi_read(void *opaque, hwaddr addr, unsigned int size)
21
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_aa32_el1(const ARMISARegisters *id)
49
case R_SPI_RX:
22
return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, EL1) >= 2;
50
s->regs[R_SPI_STATUS] &= ~S_RXFIFOFUL;
23
}
51
s->regs[R_SPI_STATUS] &= ~S_RXCHOVRF;
24
52
- ret = fifo32_pop(&s->rx_fifo);
25
+static inline bool isar_feature_aa64_aa32_el2(const ARMISARegisters *id)
53
+ if (fifo32_is_empty(&s->rx_fifo)) {
26
+{
54
+ qemu_log_mask(LOG_GUEST_ERROR,
27
+ return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, EL2) >= 2;
55
+ "%s: Reading empty RX_FIFO\n",
28
+}
56
+ __func__);
29
+
57
+ } else {
30
static inline bool isar_feature_aa64_ras(const ARMISARegisters *id)
58
+ ret = fifo32_pop(&s->rx_fifo);
31
{
32
return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, RAS) != 0;
33
diff --git a/target/arm/helper.c b/target/arm/helper.c
34
index XXXXXXX..XXXXXXX 100644
35
--- a/target/arm/helper.c
36
+++ b/target/arm/helper.c
37
@@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
38
value |= SCR_FW | SCR_AW; /* RES1 */
39
valid_mask &= ~SCR_NET; /* RES0 */
40
41
+ if (!cpu_isar_feature(aa64_aa32_el1, cpu) &&
42
+ !cpu_isar_feature(aa64_aa32_el2, cpu)) {
43
+ value |= SCR_RW; /* RAO/WI */
59
+ }
44
+ }
60
if (fifo32_is_empty(&s->rx_fifo)) {
45
if (cpu_isar_feature(aa64_ras, cpu)) {
61
s->regs[R_SPI_STATUS] |= S_RXFIFOEMP;
46
valid_mask |= SCR_TERR;
62
}
47
}
63
--
48
--
64
2.20.1
49
2.25.1
65
66
diff view generated by jsdifflib
[Qemu-devel] [PULL 09/10] target/arm: Set VFP-related MVFR0 fields for arm926 and arm1026
[PULL 27/28] gdbstub: Don't use GDB syscalls if no GDB is attached
1
The ARMv5 architecture didn't specify detailed per-feature ID
1
In two places in gdbstub.c we look at gdbserver_state.init to decide
2
registers. Now that we're using the MVFR0 register fields to
2
whether we're going to do a semihosting syscall via the gdb remote
3
gate the existence of VFP instructions, we need to set up
3
protocol:
4
the correct values in the cpu->isar structure so that we still
4
* when setting up, if the user didn't explicitly select either
5
provide an FPU to the guest.
5
native semihosting or gdb semihosting, we autoselect, with the
6
intended behaviour "use gdb if gdb is connected"
7
* when the semihosting layer attempts to do a syscall via gdb, we
8
silently ignore it if the gdbstub wasn't actually set up
6
9
7
This fixes a regression in the arm926 and arm1026 CPUs, which
10
However, if the user's commandline sets up the gdbstub but tells QEMU
8
are the only ones that both have VFP and are ARMv5 or earlier.
11
to start rather than waiting for a GDB to connect (eg using '-s' but
9
This regression was introduced by the VFP refactoring, and more
12
not '-S'), then we will have gdbserver_state.init true but no actual
10
specifically by commits 1120827fa182f0e76 and 266bd25c485597c,
13
connection; an attempt to use gdb syscalls will then crash because we
11
which accidentally disabled VFP short-vector support and
14
try to use gdbserver_state.c_cpu when it hasn't been set up:
12
double-precision support on these CPUs.
13
15
14
Fixes: 1120827fa182f0e
16
#0 0x00007ffff6803ba8 in qemu_cpu_kick (cpu=0x0) at ../../softmmu/cpus.c:457
15
Fixes: 266bd25c485597c
17
#1 0x00007ffff6c03913 in gdb_do_syscallv (cb=0x7ffff6c19944 <common_semi_cb>,
16
Fixes: https://bugs.launchpad.net/qemu/+bug/1836192
18
fmt=0x7ffff7573b7e "", va=0x7ffff56294c0) at ../../gdbstub.c:2946
17
Reported-by: Christophe Lyon <christophe.lyon@linaro.org>
19
#2 0x00007ffff6c19c3a in common_semi_gdb_syscall (cs=0x7ffff83fe060,
20
cb=0x7ffff6c19944 <common_semi_cb>, fmt=0x7ffff7573b75 "isatty,%x")
21
at ../../semihosting/arm-compat-semi.c:494
22
#3 0x00007ffff6c1a064 in gdb_isattyfn (cs=0x7ffff83fe060, gf=0x7ffff86a3690)
23
at ../../semihosting/arm-compat-semi.c:636
24
#4 0x00007ffff6c1b20f in do_common_semihosting (cs=0x7ffff83fe060)
25
at ../../semihosting/arm-compat-semi.c:967
26
#5 0x00007ffff693a037 in handle_semihosting (cs=0x7ffff83fe060)
27
at ../../target/arm/helper.c:10316
28
29
You can probably also get into this state via some odd
30
corner cases involving connecting a GDB and then telling it
31
to detach from all the vCPUs.
32
33
Abstract out the test into a new gdb_attached() function
34
which returns true only if there's actually a GDB connected
35
to the debug stub and attached to at least one vCPU.
36
37
Reported-by: Liviu Ionescu <ilg@livius.net>
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
38
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
39
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
40
Reviewed-by: Luc Michel <luc@lmichel.fr>
21
Tested-by: Christophe Lyon <christophe.lyon@linaro.org>
41
Message-id: 20220526190053.521505-2-peter.maydell@linaro.org
22
Message-id: 20190711131241.22231-1-peter.maydell@linaro.org
23
---
42
---
24
target/arm/cpu.c | 12 ++++++++++++
43
gdbstub.c | 14 +++++++++++---
25
1 file changed, 12 insertions(+)
44
1 file changed, 11 insertions(+), 3 deletions(-)
26
45
27
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
46
diff --git a/gdbstub.c b/gdbstub.c
28
index XXXXXXX..XXXXXXX 100644
47
index XXXXXXX..XXXXXXX 100644
29
--- a/target/arm/cpu.c
48
--- a/gdbstub.c
30
+++ b/target/arm/cpu.c
49
+++ b/gdbstub.c
31
@@ -XXX,XX +XXX,XX @@ static void arm926_initfn(Object *obj)
50
@@ -XXX,XX +XXX,XX @@ static int get_char(void)
32
* set the field to indicate Jazelle support within QEMU.
33
*/
34
cpu->isar.id_isar1 = FIELD_DP32(cpu->isar.id_isar1, ID_ISAR1, JAZELLE, 1);
35
+ /*
36
+ * Similarly, we need to set MVFR0 fields to enable double precision
37
+ * and short vector support even though ARMv5 doesn't have this register.
38
+ */
39
+ cpu->isar.mvfr0 = FIELD_DP32(cpu->isar.mvfr0, MVFR0, FPSHVEC, 1);
40
+ cpu->isar.mvfr0 = FIELD_DP32(cpu->isar.mvfr0, MVFR0, FPDP, 1);
41
}
51
}
42
52
#endif
43
static void arm946_initfn(Object *obj)
53
44
@@ -XXX,XX +XXX,XX @@ static void arm1026_initfn(Object *obj)
54
+/*
45
* set the field to indicate Jazelle support within QEMU.
55
+ * Return true if there is a GDB currently connected to the stub
46
*/
56
+ * and attached to a CPU
47
cpu->isar.id_isar1 = FIELD_DP32(cpu->isar.id_isar1, ID_ISAR1, JAZELLE, 1);
57
+ */
48
+ /*
58
+static bool gdb_attached(void)
49
+ * Similarly, we need to set MVFR0 fields to enable double precision
59
+{
50
+ * and short vector support even though ARMv5 doesn't have this register.
60
+ return gdbserver_state.init && gdbserver_state.c_cpu;
51
+ */
61
+}
52
+ cpu->isar.mvfr0 = FIELD_DP32(cpu->isar.mvfr0, MVFR0, FPSHVEC, 1);
62
+
53
+ cpu->isar.mvfr0 = FIELD_DP32(cpu->isar.mvfr0, MVFR0, FPDP, 1);
63
static enum {
54
64
GDB_SYS_UNKNOWN,
55
{
65
GDB_SYS_ENABLED,
56
/* The 1026 had an IFAR at c6,c0,0,1 rather than the ARMv6 c6,c0,0,2 */
66
@@ -XXX,XX +XXX,XX @@ int use_gdb_syscalls(void)
67
/* -semihosting-config target=auto */
68
/* On the first call check if gdb is connected and remember. */
69
if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
70
- gdb_syscall_mode = gdbserver_state.init ?
71
- GDB_SYS_ENABLED : GDB_SYS_DISABLED;
72
+ gdb_syscall_mode = gdb_attached() ? GDB_SYS_ENABLED : GDB_SYS_DISABLED;
73
}
74
return gdb_syscall_mode == GDB_SYS_ENABLED;
75
}
76
@@ -XXX,XX +XXX,XX @@ void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
77
target_ulong addr;
78
uint64_t i64;
79
80
- if (!gdbserver_state.init) {
81
+ if (!gdb_attached()) {
82
return;
83
}
84
57
--
85
--
58
2.20.1
86
2.25.1
59
87
60
88
diff view generated by jsdifflib
[Qemu-devel] [PULL 10/10] target/arm: NS BusFault on vector table fetch escalates to NS HardFault
[PULL 28/28] semihosting/config: Merge --semihosting-config option groups
1
In the M-profile architecture, when we do a vector table fetch and it
1
Currently we mishandle the --semihosting-config option if the
2
fails, we need to report a HardFault. Whether this is a Secure HF or
2
user specifies it on the command line more than once. For
3
a NonSecure HF depends on several things. If AIRCR.BFHFNMINS is 0
3
example with:
4
then HF is always Secure, because there is no NonSecure HardFault.
4
--semihosting-config target=gdb --semihosting-config arg=foo,arg=bar
5
Otherwise, the answer depends on whether the 'underlying exception'
6
(MemManage, BusFault, SecureFault) targets Secure or NonSecure. (In
7
the pseudocode, this is handled in the Vector() function: the final
8
exc.isSecure is calculated by looking at the exc.isSecure from the
9
exception returned from the memory access, not the isSecure input
10
argument.)
11
5
12
We weren't doing this correctly, because we were looking at
6
the function qemu_semihosting_config_options() is called twice, once
13
the target security domain of the exception we were trying to
7
for each argument. But that function expects to be called only once,
14
load the vector table entry for. This produces errors of two kinds:
8
and it always unconditionally sets the semihosting.enabled,
15
* a load from the NS vector table which hits the "NS access
9
semihost_chardev and semihosting.target variables. This means that
16
to S memory" SecureFault should end up as a Secure HardFault,
10
if any of those options were set anywhere except the last
17
but we were raising an NS HardFault
11
--semihosting-config option on the command line, those settings are
18
* a load from the S vector table which causes a BusFault
12
ignored. In the example above, 'target=gdb' in the first option is
19
should raise an NS HardFault if BFHFNMINS == 1 (because
13
overridden by an implied default 'target=auto' in the second.
20
in that case all BusFaults are NonSecure), but we were raising
21
a Secure HardFault
22
14
23
Correct the logic.
15
The QemuOptsList machinery has a flag for handling this kind of
24
16
"option group is setting global state": by setting
25
We also fix a comment error where we claimed that we might
17
.merge_lists = true;
26
be escalating MemManage to HardFault, and forgot about SecureFault.
18
we make the machinery merge all the --semihosting-config arguments
27
(Vector loads can never hit MPU access faults, because they're
19
the user passes into a single set of options and call our
28
always aligned and always use the default address map.)
20
qemu_semihosting_config_options() just once.
29
21
30
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
31
Message-id: 20190705094823.28905-1-peter.maydell@linaro.org
23
Reviewed-by: Luc Michel <luc@lmichel.fr>
24
Message-id: 20220526190053.521505-3-peter.maydell@linaro.org
32
---
25
---
33
target/arm/m_helper.c | 21 +++++++++++++++++----
26
semihosting/config.c | 1 +
34
1 file changed, 17 insertions(+), 4 deletions(-)
27
1 file changed, 1 insertion(+)
35
28
36
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
29
diff --git a/semihosting/config.c b/semihosting/config.c
37
index XXXXXXX..XXXXXXX 100644
30
index XXXXXXX..XXXXXXX 100644
38
--- a/target/arm/m_helper.c
31
--- a/semihosting/config.c
39
+++ b/target/arm/m_helper.c
32
+++ b/semihosting/config.c
40
@@ -XXX,XX +XXX,XX @@ static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure,
33
@@ -XXX,XX +XXX,XX @@
41
if (sattrs.ns) {
34
42
attrs.secure = false;
35
QemuOptsList qemu_semihosting_config_opts = {
43
} else if (!targets_secure) {
36
.name = "semihosting-config",
44
- /* NS access to S memory */
37
+ .merge_lists = true,
45
+ /*
38
.implied_opt_name = "enable",
46
+ * NS access to S memory: the underlying exception which we escalate
39
.head = QTAILQ_HEAD_INITIALIZER(qemu_semihosting_config_opts.head),
47
+ * to HardFault is SecureFault, which always targets Secure.
40
.desc = {
48
+ */
49
+ exc_secure = true;
50
goto load_fail;
51
}
52
}
53
@@ -XXX,XX +XXX,XX @@ static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure,
54
vector_entry = address_space_ldl(arm_addressspace(cs, attrs), addr,
55
attrs, &result);
56
if (result != MEMTX_OK) {
57
+ /*
58
+ * Underlying exception is BusFault: its target security state
59
+ * depends on BFHFNMINS.
60
+ */
61
+ exc_secure = !(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK);
62
goto load_fail;
63
}
64
*pvec = vector_entry;
65
@@ -XXX,XX +XXX,XX @@ load_fail:
66
/*
67
* All vector table fetch fails are reported as HardFault, with
68
* HFSR.VECTTBL and .FORCED set. (FORCED is set because
69
- * technically the underlying exception is a MemManage or BusFault
70
+ * technically the underlying exception is a SecureFault or BusFault
71
* that is escalated to HardFault.) This is a terminal exception,
72
* so we will either take the HardFault immediately or else enter
73
* lockup (the latter case is handled in armv7m_nvic_set_pending_derived()).
74
+ * The HardFault is Secure if BFHFNMINS is 0 (meaning that all HFs are
75
+ * secure); otherwise it targets the same security state as the
76
+ * underlying exception.
77
*/
78
- exc_secure = targets_secure ||
79
- !(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK);
80
+ if (!(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
81
+ exc_secure = true;
82
+ }
83
env->v7m.hfsr |= R_V7M_HFSR_VECTTBL_MASK | R_V7M_HFSR_FORCED_MASK;
84
armv7m_nvic_set_pending_derived(env->nvic, ARMV7M_EXCP_HARD, exc_secure);
85
return false;
86
--
41
--
87
2.20.1
42
2.25.1
88
89
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.