Peter Maydell (1):

target/arm: Explicitly select short-format FSR for M-profile

Thomas Huth (1):

tests/qtest: Run arm-specific tests only if the required machine is available

Tommy Wu (1):

hw/dma/xilinx_axidma: Check DMASR.HALTED to prevent infinite loop.

Vitaly Cheptsov (1):

fsl-imx6: Add SNVS support for i.MX6 boards

docs/conf.py | 2 +-

docs/system/arm/sbsa.rst | 2 +-

configs/devices/aarch64-softmmu/default.mak | 6 +

configs/devices/arm-softmmu/default.mak | 40 ++++

hw/arm/smmu-internal.h | 37 +++

hw/arm/smmuv3-internal.h | 12 +-

include/hw/arm/fsl-imx6.h | 2 +

include/hw/arm/smmu-common.h | 45 +++-

include/hw/arm/smmuv3.h | 4 +

include/qemu/help-texts.h | 2 +-

hw/arm/fsl-imx6.c | 8 +

hw/arm/sbsa-ref.c | 19 +-

hw/arm/smmu-common.c | 209 ++++++++++++++--

hw/arm/smmuv3.c | 357 ++++++++++++++++++++++++----

hw/arm/xlnx-zynqmp.c | 2 +-

hw/dma/xilinx_axidma.c | 11 +-

target/arm/tcg/tlb_helper.c | 13 +-

hw/arm/Kconfig | 123 ++++++----

hw/arm/trace-events | 14 +-

target/arm/Kconfig | 3 +

tests/qtest/meson.build | 7 +-

21 files changed, 773 insertions(+), 145 deletions(-)

From: Vitaly Cheptsov <cheptsov@ispras.ru>

SNVS is supported on both i.MX6 and i.MX6UL and is needed

to support shutdown on the board.

Cc: Peter Maydell <peter.maydell@linaro.org> (odd fixer:SABRELITE / i.MX6)

Cc: Jean-Christophe Dubois <jcd@tribudubois.net> (reviewer:SABRELITE / i.MX6)

Cc: qemu-arm@nongnu.org (open list:SABRELITE / i.MX6)

Cc: qemu-devel@nongnu.org (open list:All patches CC here)

Signed-off-by: Vitaly Cheptsov <cheptsov@ispras.ru>

Message-id: 20230515095015.66860-1-cheptsov@ispras.ru

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

include/hw/arm/fsl-imx6.h | 2 ++

hw/arm/fsl-imx6.c | 8 ++++++++

2 files changed, 10 insertions(+)

diff --git a/include/hw/arm/fsl-imx6.h b/include/hw/arm/fsl-imx6.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/arm/fsl-imx6.h

+++ b/include/hw/arm/fsl-imx6.h

@@ -XXX,XX +XXX,XX @@

#include "hw/cpu/a9mpcore.h"

#include "hw/misc/imx6_ccm.h"

#include "hw/misc/imx6_src.h"

+#include "hw/misc/imx7_snvs.h"

#include "hw/watchdog/wdt_imx2.h"

#include "hw/char/imx_serial.h"

#include "hw/timer/imx_gpt.h"

@@ -XXX,XX +XXX,XX @@ struct FslIMX6State {

A9MPPrivState a9mpcore;

IMX6CCMState ccm;

IMX6SRCState src;

+ IMX7SNVSState snvs;

IMXSerialState uart[FSL_IMX6_NUM_UARTS];

IMXGPTState gpt;

IMXEPITState epit[FSL_IMX6_NUM_EPITS];

diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/fsl-imx6.c

+++ b/hw/arm/fsl-imx6.c

@@ -XXX,XX +XXX,XX @@ static void fsl_imx6_init(Object *obj)

object_initialize_child(obj, "src", &s->src, TYPE_IMX6_SRC);

+ object_initialize_child(obj, "snvs", &s->snvs, TYPE_IMX7_SNVS);

+

for (i = 0; i < FSL_IMX6_NUM_UARTS; i++) {

snprintf(name, NAME_SIZE, "uart%d", i + 1);

object_initialize_child(obj, name, &s->uart[i], TYPE_IMX_SERIAL);

@@ -XXX,XX +XXX,XX @@ static void fsl_imx6_realize(DeviceState *dev, Error **errp)

qdev_get_gpio_in(DEVICE(&s->a9mpcore),

FSL_IMX6_ENET_MAC_1588_IRQ));

+ /*

+ * SNVS

+ */

+ sysbus_realize(SYS_BUS_DEVICE(&s->snvs), &error_abort);

+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->snvs), 0, FSL_IMX6_SNVSHP_ADDR);

+

/*

* Watchdog

*/

--

2.34.1

From: Mostafa Saleh <smostafa@google.com>

In preparation for adding stage-2 support.

Add IDR0 fields related to stage-2.

VMID16: 16-bit VMID supported.

S2P: Stage-2 translation supported.

They are described in 6.3.1 SMMU_IDR0.

No functional change intended.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Eric Auger <eric.auger@redhat.com>

Signed-off-by: Mostafa Saleh <smostafa@google.com>

Tested-by: Eric Auger <eric.auger@redhat.com>

Tested-by: Jean-Philippe Brucker <jean-philippe@linaro.org>

Message-id: 20230516203327.2051088-2-smostafa@google.com

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

hw/arm/smmuv3-internal.h | 2 ++

1 file changed, 2 insertions(+)

diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/smmuv3-internal.h

+++ b/hw/arm/smmuv3-internal.h

@@ -XXX,XX +XXX,XX @@ typedef enum SMMUTranslationStatus {

/* MMIO Registers */

REG32(IDR0, 0x0)

+ FIELD(IDR0, S2P, 0 , 1)

FIELD(IDR0, S1P, 1 , 1)

FIELD(IDR0, TTF, 2 , 2)

FIELD(IDR0, COHACC, 4 , 1)

FIELD(IDR0, ASID16, 12, 1)

+ FIELD(IDR0, VMID16, 18, 1)

FIELD(IDR0, TTENDIAN, 21, 2)

FIELD(IDR0, STALL_MODEL, 24, 2)

FIELD(IDR0, TERM_MODEL, 26, 1)

--

2.34.1

From: Mostafa Saleh <smostafa@google.com>

In preparation for adding stage-2 support, add a S2 config

struct(SMMUS2Cfg), composed of the following fields and embedded in

the main SMMUTransCfg:

-tsz: Size of IPA input region (S2T0SZ)

-sl0: Start level of translation (S2SL0)

-affd: AF Fault Disable (S2AFFD)

-record_faults: Record fault events (S2R)

-granule_sz: Granule page shift (based on S2TG)

-vmid: Virtual Machine ID (S2VMID)

-vttb: Address of translation table base (S2TTB)

-eff_ps: Effective PA output range (based on S2PS)

They will be used in the next patches in stage-2 address translation.

The fields in SMMUS2Cfg, are reordered to make the shared and stage-1

fields next to each other, this reordering didn't change the struct

size (104 bytes before and after).

Stage-1 only fields: aa64, asid, tt, ttb, tbi, record_faults, oas.

oas is stage-1 output address size. However, it is used to check

input address in case stage-1 is unimplemented or bypassed according

to SMMUv3 manual IHI0070.E "3.4. Address sizes"

Shared fields: stage, disabled, bypassed, aborted, iotlb_*.

No functional change intended.

Reviewed-by: Eric Auger <eric.auger@redhat.com>

Signed-off-by: Mostafa Saleh <smostafa@google.com>

Tested-by: Eric Auger <eric.auger@redhat.com>

Tested-by: Jean-Philippe Brucker <jean-philippe@linaro.org>

Message-id: 20230516203327.2051088-3-smostafa@google.com

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

include/hw/arm/smmu-common.h | 22 +++++++++++++++++++---

1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/arm/smmu-common.h

+++ b/include/hw/arm/smmu-common.h

@@ -XXX,XX +XXX,XX @@ typedef struct SMMUTLBEntry {

uint8_t granule;

} SMMUTLBEntry;

+/* Stage-2 configuration. */

+typedef struct SMMUS2Cfg {

+ uint8_t tsz; /* Size of IPA input region (S2T0SZ) */

+ uint8_t sl0; /* Start level of translation (S2SL0) */

+ bool affd; /* AF Fault Disable (S2AFFD) */

+ bool record_faults; /* Record fault events (S2R) */

+ uint8_t granule_sz; /* Granule page shift (based on S2TG) */

+ uint8_t eff_ps; /* Effective PA output range (based on S2PS) */

+ uint16_t vmid; /* Virtual Machine ID (S2VMID) */

+ uint64_t vttb; /* Address of translation table base (S2TTB) */

+} SMMUS2Cfg;

+

/*

* Generic structure populated by derived SMMU devices

* after decoding the configuration information and used as

* input to the page table walk

*/

typedef struct SMMUTransCfg {

+ /* Shared fields between stage-1 and stage-2. */

int stage; /* translation stage */

- bool aa64; /* arch64 or aarch32 translation table */

bool disabled; /* smmu is disabled */

bool bypassed; /* translation is bypassed */

bool aborted; /* translation is aborted */

+ uint32_t iotlb_hits; /* counts IOTLB hits */

+ uint32_t iotlb_misses; /* counts IOTLB misses*/

+ /* Used by stage-1 only. */

+ bool aa64; /* arch64 or aarch32 translation table */

bool record_faults; /* record fault events */

uint64_t ttb; /* TT base address */

uint8_t oas; /* output address width */

uint8_t tbi; /* Top Byte Ignore */

uint16_t asid;

SMMUTransTableInfo tt[2];

- uint32_t iotlb_hits; /* counts IOTLB hits for this asid */

- uint32_t iotlb_misses; /* counts IOTLB misses for this asid */

+ /* Used by stage-2 only. */

+ struct SMMUS2Cfg s2cfg;

} SMMUTransCfg;

typedef struct SMMUDevice {

--

2.34.1

From: Mostafa Saleh <smostafa@google.com>

In preparation for adding stage-2 support, rename smmu_ptw_64 to

smmu_ptw_64_s1 and refactor some of the code so it can be reused in

stage-2 page table walk.

Remove AA64 check from PTW as decode_cd already ensures that AA64 is

used, otherwise it faults with C_BAD_CD.

A stage member is added to SMMUPTWEventInfo to differentiate

between stage-1 and stage-2 ptw faults.

Add stage argument to trace_smmu_ptw_level be consistent with other

trace events.

Signed-off-by: Mostafa Saleh <smostafa@google.com>

Reviewed-by: Eric Auger <eric.auger@redhat.com>

Tested-by: Eric Auger <eric.auger@redhat.com>

Tested-by: Jean-Philippe Brucker <jean-philippe@linaro.org>

Message-id: 20230516203327.2051088-4-smostafa@google.com

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

include/hw/arm/smmu-common.h | 16 +++++++++++++---

hw/arm/smmu-common.c | 27 ++++++++++-----------------

hw/arm/smmuv3.c | 2 ++

hw/arm/trace-events | 2 +-

4 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h

index XXXXXXX..XXXXXXX 100644

--- a/include/hw/arm/smmu-common.h

+++ b/include/hw/arm/smmu-common.h

@@ -XXX,XX +XXX,XX @@

#include "hw/pci/pci.h"

#include "qom/object.h"

-#define SMMU_PCI_BUS_MAX 256

-#define SMMU_PCI_DEVFN_MAX 256

-#define SMMU_PCI_DEVFN(sid) (sid & 0xFF)

+#define SMMU_PCI_BUS_MAX 256

+#define SMMU_PCI_DEVFN_MAX 256

+#define SMMU_PCI_DEVFN(sid) (sid & 0xFF)

+

+/* VMSAv8-64 Translation constants and functions */

+#define VMSA_LEVELS 4

+

+#define VMSA_STRIDE(gran) ((gran) - VMSA_LEVELS + 1)

+#define VMSA_BIT_LVL(isz, strd, lvl) ((isz) - (strd) * \

+ (VMSA_LEVELS - (lvl)))

+#define VMSA_IDXMSK(isz, strd, lvl) ((1ULL << \

+ VMSA_BIT_LVL(isz, strd, lvl)) - 1)

/*

* Page table walk error types

@@ -XXX,XX +XXX,XX @@ typedef enum {

} SMMUPTWEventType;

typedef struct SMMUPTWEventInfo {

+ int stage;

SMMUPTWEventType type;

dma_addr_t addr; /* fetched address that induced an abort, if any */

} SMMUPTWEventInfo;

diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/smmu-common.c

+++ b/hw/arm/smmu-common.c

@@ -XXX,XX +XXX,XX @@ SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova)

}

/**

- * smmu_ptw_64 - VMSAv8-64 Walk of the page tables for a given IOVA

+ * smmu_ptw_64_s1 - VMSAv8-64 Walk of the page tables for a given IOVA

* @cfg: translation config

* @iova: iova to translate

* @perm: access type

@@ -XXX,XX +XXX,XX @@ SMMUTransTableInfo *select_tt(SMMUTransCfg *cfg, dma_addr_t iova)

* Upon success, @tlbe is filled with translated_addr and entry

* permission rights.

*/

-static int smmu_ptw_64(SMMUTransCfg *cfg,

- dma_addr_t iova, IOMMUAccessFlags perm,

- SMMUTLBEntry *tlbe, SMMUPTWEventInfo *info)

+static int smmu_ptw_64_s1(SMMUTransCfg *cfg,

+ dma_addr_t iova, IOMMUAccessFlags perm,

+ SMMUTLBEntry *tlbe, SMMUPTWEventInfo *info)

{

dma_addr_t baseaddr, indexmask;

int stage = cfg->stage;

@@ -XXX,XX +XXX,XX @@ static int smmu_ptw_64(SMMUTransCfg *cfg,

}

granule_sz = tt->granule_sz;

- stride = granule_sz - 3;

+ stride = VMSA_STRIDE(granule_sz);

inputsize = 64 - tt->tsz;

level = 4 - (inputsize - 4) / stride;

- indexmask = (1ULL << (inputsize - (stride * (4 - level)))) - 1;

+ indexmask = VMSA_IDXMSK(inputsize, stride, level);

baseaddr = extract64(tt->ttb, 0, 48);

baseaddr &= ~indexmask;

- while (level <= 3) {

+ while (level < VMSA_LEVELS) {

uint64_t subpage_size = 1ULL << level_shift(level, granule_sz);

uint64_t mask = subpage_size - 1;

uint32_t offset = iova_level_offset(iova, inputsize, level, granule_sz);

@@ -XXX,XX +XXX,XX @@ static int smmu_ptw_64(SMMUTransCfg *cfg,

if (get_pte(baseaddr, offset, &pte, info)) {

goto error;

}

- trace_smmu_ptw_level(level, iova, subpage_size,

+ trace_smmu_ptw_level(stage, level, iova, subpage_size,

baseaddr, offset, pte);

if (is_invalid_pte(pte) || is_reserved_pte(pte, level)) {

@@ -XXX,XX +XXX,XX @@ static int smmu_ptw_64(SMMUTransCfg *cfg,

info->type = SMMU_PTW_ERR_TRANSLATION;

error:

+ info->stage = 1;

tlbe->entry.perm = IOMMU_NONE;

return -EINVAL;

}

@@ -XXX,XX +XXX,XX @@ error:

int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,

SMMUTLBEntry *tlbe, SMMUPTWEventInfo *info)

{

- if (!cfg->aa64) {

- /*

- * This code path is not entered as we check this while decoding

- * the configuration data in the derived SMMU model.

- */

- g_assert_not_reached();

- }

-

- return smmu_ptw_64(cfg, iova, perm, tlbe, info);

+ return smmu_ptw_64_s1(cfg, iova, perm, tlbe, info);

}

/**

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/smmuv3.c

+++ b/hw/arm/smmuv3.c

@@ -XXX,XX +XXX,XX @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,

cached_entry = g_new0(SMMUTLBEntry, 1);

if (smmu_ptw(cfg, aligned_addr, flag, cached_entry, &ptw_info)) {

+ /* All faults from PTW has S2 field. */

+ event.u.f_walk_eabt.s2 = (ptw_info.stage == 2);

g_free(cached_entry);

switch (ptw_info.type) {

case SMMU_PTW_ERR_WALK_EABT:

diff --git a/hw/arm/trace-events b/hw/arm/trace-events

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/trace-events

+++ b/hw/arm/trace-events

@@ -XXX,XX +XXX,XX @@ virt_acpi_setup(void) "No fw cfg or ACPI disabled. Bailing out."

# smmu-common.c

smmu_add_mr(const char *name) "%s"

-smmu_ptw_level(int level, uint64_t iova, size_t subpage_size, uint64_t baseaddr, uint32_t offset, uint64_t pte) "level=%d iova=0x%"PRIx64" subpage_sz=0x%zx baseaddr=0x%"PRIx64" offset=%d => pte=0x%"PRIx64

+smmu_ptw_level(int stage, int level, uint64_t iova, size_t subpage_size, uint64_t baseaddr, uint32_t offset, uint64_t pte) "stage=%d level=%d iova=0x%"PRIx64" subpage_sz=0x%zx baseaddr=0x%"PRIx64" offset=%d => pte=0x%"PRIx64

smmu_ptw_invalid_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr, uint32_t offset, uint64_t pte) "stage=%d level=%d base@=0x%"PRIx64" pte@=0x%"PRIx64" offset=%d pte=0x%"PRIx64

smmu_ptw_page_pte(int stage, int level, uint64_t iova, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t address) "stage=%d level=%d iova=0x%"PRIx64" base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" page address = 0x%"PRIx64

smmu_ptw_block_pte(int stage, int level, uint64_t baseaddr, uint64_t pteaddr, uint64_t pte, uint64_t iova, uint64_t gpa, int bsize_mb) "stage=%d level=%d base@=0x%"PRIx64" pte@=0x%"PRIx64" pte=0x%"PRIx64" iova=0x%"PRIx64" block address = 0x%"PRIx64" block size = %d MiB"

--

2.34.1

From: Mostafa Saleh <smostafa@google.com>

Right now, either stage-1 or stage-2 are supported, this simplifies

how we can deal with TLBs.

This patch makes TLB lookup work if stage-2 is enabled instead of

stage-1.

TLB lookup is done before a PTW, if a valid entry is found we won't

do the PTW.

To be able to do TLB lookup, we need the correct tagging info, as

granularity and input size, so we get this based on the supported

translation stage. The TLB entries are added correctly from each

stage PTW.

When nested translation is supported, this would need to change, for

example if we go with a combined TLB implementation, we would need to

use the min of the granularities in TLB.

As stage-2 shouldn't be tagged by ASID, it will be set to -1 if S1P

is not enabled.

Signed-off-by: Mostafa Saleh <smostafa@google.com>

Reviewed-by: Eric Auger <eric.auger@redhat.com>

Tested-by: Eric Auger <eric.auger@redhat.com>

Tested-by: Jean-Philippe Brucker <jean-philippe@linaro.org>

Message-id: 20230516203327.2051088-7-smostafa@google.com

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---

hw/arm/smmuv3.c | 44 +++++++++++++++++++++++++++++++++-----------

1 file changed, 33 insertions(+), 11 deletions(-)

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/smmuv3.c

+++ b/hw/arm/smmuv3.c

@@ -XXX,XX +XXX,XX @@ static int smmuv3_decode_config(IOMMUMemoryRegion *mr, SMMUTransCfg *cfg,

STE ste;

CD cd;

+ /* ASID defaults to -1 (if s1 is not supported). */

+ cfg->asid = -1;

+

ret = smmu_find_ste(s, sid, &ste, event);

if (ret) {

return ret;

@@ -XXX,XX +XXX,XX @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,

.addr_mask = ~(hwaddr)0,

.perm = IOMMU_NONE,

};

+ /*

+ * Combined attributes used for TLB lookup, as only one stage is supported,

+ * it will hold attributes based on the enabled stage.

+ */

+ SMMUTransTableInfo tt_combined;

qemu_mutex_lock(&s->mutex);

@@ -XXX,XX +XXX,XX @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegion *mr, hwaddr addr,

goto epilogue;

}

- tt = select_tt(cfg, addr);

- if (!tt) {

- if (cfg->record_faults) {

- event.type = SMMU_EVT_F_TRANSLATION;

- event.u.f_translation.addr = addr;

- event.u.f_translation.rnw = flag & 0x1;

+ if (cfg->stage == 1) {

+ /* Select stage1 translation table. */

+ tt = select_tt(cfg, addr);

+ if (!tt) {

+ if (cfg->record_faults) {

+ event.type = SMMU_EVT_F_TRANSLATION;

+ event.u.f_translation.addr = addr;

+ event.u.f_translation.rnw = flag & 0x1;

+ }

+ status = SMMU_TRANS_ERROR;

+ goto epilogue;

}

- status = SMMU_TRANS_ERROR;

- goto epilogue;

- }

+ tt_combined.granule_sz = tt->granule_sz;

+ tt_combined.tsz = tt->tsz;

- page_mask = (1ULL << (tt->granule_sz)) - 1;

+ } else {

+ /* Stage2. */

+ tt_combined.granule_sz = cfg->s2cfg.granule_sz;

+ tt_combined.tsz = cfg->s2cfg.tsz;

+ }

+ /*

+ * TLB lookup looks for granule and input size for a translation stage,

+ * as only one stage is supported right now, choose the right values

+ * from the configuration.

+ */

+ page_mask = (1ULL << tt_combined.granule_sz) - 1;

aligned_addr = addr & ~page_mask;

- cached_entry = smmu_iotlb_lookup(bs, cfg, tt, aligned_addr);

+ cached_entry = smmu_iotlb_lookup(bs, cfg, &tt_combined, aligned_addr);

if (cached_entry) {

if ((flag & IOMMU_WO) && !(cached_entry->entry.perm & IOMMU_WO)) {

status = SMMU_TRANS_ERROR;

--

2.34.1