[Qemu-devel] [PULL 0/5] target-arm queue
[PULL 00/12] target-arm queue
1
Handful of bug fixes to sneak in before rc3.
1
Hi; here's a relatively small target-arm queue, pretty much all
2
bug fixes. (There are a few non-arm patches that I've thrown in
3
there too for my convenience :-))
2
4
3
thanks
5
thanks
4
-- PMM
6
-- PMM
5
7
6
The following changes since commit c985266ea5b50e46e07b3568c1346e10064205c9:
8
The following changes since commit 278238505d28d292927bff7683f39fb4fbca7fd1:
7
9
8
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20190726' into staging (2019-07-26 13:52:06 +0100)
10
Merge tag 'pull-tcg-20230511-2' of https://gitlab.com/rth7680/qemu into staging (2023-05-11 11:44:23 +0100)
9
11
10
are available in the Git repository at:
12
are available in the Git repository at:
11
13
12
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190726
14
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230512
13
15
14
for you to fetch changes up to 67505c114e6acc26f3a1a2b74833c61b6a34ff95:
16
for you to fetch changes up to 478dccbb99db0bf8f00537dd0b4d0de88d5cb537:
15
17
16
hw/arm/boot: Further improve initrd positioning code (2019-07-26 16:17:56 +0100)
18
target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check (2023-05-12 16:01:25 +0100)
17
19
18
----------------------------------------------------------------
20
----------------------------------------------------------------
19
target-arm queue:
21
target-arm queue:
20
* Fix broken migration on pl330 device
22
* More refactoring of files into tcg/
21
* Fix broken migration on stellaris-input device
23
* Don't allow stage 2 page table walks to downgrade to NS
22
* Add type checks to vmstate varry macros to avoid this class of bugs
24
* Fix handling of SW and NSW bits for stage 2 walks
23
* hw/arm/boot: Fix some remaining cases where we would put the
25
* MAINTAINERS: Update Akihiko Odaki's email address
24
initrd on top of the kernel image
26
* ui: Fix pixel colour channel order for PNG screenshots
27
* docs: Remove unused weirdly-named cross-reference targets
28
* hw/mips/malta: Fix minor dead code issue
29
* Fixes for the "allow CONFIG_TCG=n" changes
30
* tests/qtest: Don't run cdrom boot tests if no accelerator is present
31
* target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check
25
32
26
----------------------------------------------------------------
33
----------------------------------------------------------------
27
Damien Hedde (1):
34
Akihiko Odaki (1):
28
pl330: fix vmstate description
35
MAINTAINERS: Update Akihiko Odaki's email address
29
36
30
Peter Maydell (4):
37
Fabiano Rosas (3):
31
stellaris_input: Fix vmstate description of buttons field
38
target/arm: Select SEMIHOSTING when using TCG
32
vmstate.h: Type check VMSTATE_STRUCT_VARRAY macros
39
target/arm: Select CONFIG_ARM_V7M when TCG is enabled
33
hw/arm/boot: Rename elf_{low, high}_addr to image_{low, high}_addr
40
tests/qtest: Don't run cdrom boot tests if no accelerator is present
34
hw/arm/boot: Further improve initrd positioning code
35
41
36
include/migration/vmstate.h | 30 ++++++++++++++++++++++++------
42
Peter Maydell (6):
37
hw/arm/boot.c | 37 +++++++++++++++++++++++++++----------
43
target/arm: Don't allow stage 2 page table walks to downgrade to NS
38
hw/dma/pl330.c | 17 +++++++++--------
44
target/arm: Fix handling of SW and NSW bits for stage 2 walks
39
hw/input/stellaris_input.c | 10 ++++++----
45
ui: Fix pixel colour channel order for PNG screenshots
40
4 files changed, 66 insertions(+), 28 deletions(-)
46
docs: Remove unused weirdly-named cross-reference targets
47
hw/mips/malta: Fix minor dead code issue
48
target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check
41
49
50
Richard Henderson (2):
51
target/arm: Move translate-a32.h, arm_ldst.h, sve_ldst_internal.h to tcg/
52
target/arm: Move helper-{a64,mve,sme,sve}.h to tcg/
53
54
MAINTAINERS | 4 +-
55
docs/system/devices/igb.rst | 2 +-
56
docs/system/devices/ivshmem.rst | 2 -
57
docs/system/devices/net.rst | 2 +-
58
docs/system/devices/usb.rst | 2 -
59
docs/system/keys.rst | 2 +-
60
docs/system/linuxboot.rst | 2 +-
61
docs/system/target-i386.rst | 4 --
62
target/arm/helper.h | 8 +--
63
target/arm/internals.h | 12 +++-
64
target/arm/{ => tcg}/arm_ldst.h | 0
65
target/arm/{ => tcg}/helper-a64.h | 0
66
target/arm/{ => tcg}/helper-mve.h | 0
67
target/arm/{ => tcg}/helper-sme.h | 0
68
target/arm/{ => tcg}/helper-sve.h | 0
69
target/arm/{ => tcg}/sve_ldst_internal.h | 0
70
target/arm/{ => tcg}/translate-a32.h | 0
71
hw/mips/malta.c | 5 +-
72
target/arm/gdbstub64.c | 2 +-
73
target/arm/helper.c | 15 ++++-
74
target/arm/ptw.c | 95 +++++++++++++++++++-------------
75
target/arm/tcg/pauth_helper.c | 6 +-
76
tests/qtest/cdrom-test.c | 10 ++++
77
ui/console.c | 4 +-
78
target/arm/Kconfig | 9 +--
79
25 files changed, 109 insertions(+), 77 deletions(-)
80
rename target/arm/{ => tcg}/arm_ldst.h (100%)
81
rename target/arm/{ => tcg}/helper-a64.h (100%)
82
rename target/arm/{ => tcg}/helper-mve.h (100%)
83
rename target/arm/{ => tcg}/helper-sme.h (100%)
84
rename target/arm/{ => tcg}/helper-sve.h (100%)
85
rename target/arm/{ => tcg}/sve_ldst_internal.h (100%)
86
rename target/arm/{ => tcg}/translate-a32.h (100%)
diff view generated by jsdifflib
New patch
[PULL 01/12] target/arm: Move translate-a32.h, arm_ldst.h, sve_ldst_internal.h to tcg/
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
These files got missed when populating tcg/.
4
Because they are included with "", no change to the users required.
5
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Fabiano Rosas <farosas@suse.de>
8
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9
Message-id: 20230504110412.1892411-2-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
target/arm/{ => tcg}/arm_ldst.h | 0
13
target/arm/{ => tcg}/sve_ldst_internal.h | 0
14
target/arm/{ => tcg}/translate-a32.h | 0
15
3 files changed, 0 insertions(+), 0 deletions(-)
16
rename target/arm/{ => tcg}/arm_ldst.h (100%)
17
rename target/arm/{ => tcg}/sve_ldst_internal.h (100%)
18
rename target/arm/{ => tcg}/translate-a32.h (100%)
19
20
diff --git a/target/arm/arm_ldst.h b/target/arm/tcg/arm_ldst.h
21
similarity index 100%
22
rename from target/arm/arm_ldst.h
23
rename to target/arm/tcg/arm_ldst.h
24
diff --git a/target/arm/sve_ldst_internal.h b/target/arm/tcg/sve_ldst_internal.h
25
similarity index 100%
26
rename from target/arm/sve_ldst_internal.h
27
rename to target/arm/tcg/sve_ldst_internal.h
28
diff --git a/target/arm/translate-a32.h b/target/arm/tcg/translate-a32.h
29
similarity index 100%
30
rename from target/arm/translate-a32.h
31
rename to target/arm/tcg/translate-a32.h
32
--
33
2.34.1
34
35
diff view generated by jsdifflib
[Qemu-devel] [PULL 5/5] hw/arm/boot: Further improve initrd positioning code
[PULL 02/12] target/arm: Move helper-{a64,mve,sme,sve}.h to tcg/
1
In commit e6b2b20d9735d4ef we made the boot loader code try to avoid
1
From: Richard Henderson <richard.henderson@linaro.org>
2
putting the initrd on top of the kernel. However the expression used
3
to calculate the start of the initrd:
4
2
5
info->initrd_start = info->loader_start +
3
While we cannot move the main "helper.h" out of target/arm/,
6
MAX(MIN(info->ram_size / 2, 128 * 1024 * 1024), kernel_size);
4
due to usage by generic code, we can move the sub-includes.
7
5
8
incorrectly uses 'kernel_size' as the offset within RAM of the
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
highest address to avoid. This is incorrect because the kernel
7
Reviewed-by: Fabiano Rosas <farosas@suse.de>
10
doesn't start at address 0, but slightly higher than that. This
8
Message-id: 20230504110412.1892411-3-richard.henderson@linaro.org
11
means that we can still incorrectly end up overlaying the initrd on
9
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
12
the kernel in some cases, for example:
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
target/arm/helper.h | 8 ++++----
13
target/arm/{ => tcg}/helper-a64.h | 0
14
target/arm/{ => tcg}/helper-mve.h | 0
15
target/arm/{ => tcg}/helper-sme.h | 0
16
target/arm/{ => tcg}/helper-sve.h | 0
17
5 files changed, 4 insertions(+), 4 deletions(-)
18
rename target/arm/{ => tcg}/helper-a64.h (100%)
19
rename target/arm/{ => tcg}/helper-mve.h (100%)
20
rename target/arm/{ => tcg}/helper-sme.h (100%)
21
rename target/arm/{ => tcg}/helper-sve.h (100%)
13
22
14
* The kernel's image_size is 0x0a7a8000
23
diff --git a/target/arm/helper.h b/target/arm/helper.h
15
* The kernel was loaded at 0x40080000
16
* The end of the kernel is 0x4A828000
17
* The DTB was loaded at 0x4a800000
18
19
To get this right we need to track the actual highest address used
20
by the kernel and use that rather than kernel_size. We already
21
set image_low_addr and image_high_addr for ELF images; set them
22
also for the various other image types we support, and then use
23
image_high_addr as the lowest allowed address for the initrd.
24
(We don't use image_low_addr, but we set it for consistency
25
with the existing code path for ELF files.)
26
27
Fixes: e6b2b20d9735d4ef
28
Reported-by: Mark Rutland <mark.rutland@arm.com>
29
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
30
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
31
Tested-by: Mark Rutland <mark.rutland@arm.com>
32
Message-id: 20190722151804.25467-3-peter.maydell@linaro.org
33
---
34
hw/arm/boot.c | 19 +++++++++++++++++--
35
1 file changed, 17 insertions(+), 2 deletions(-)
36
37
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
38
index XXXXXXX..XXXXXXX 100644
24
index XXXXXXX..XXXXXXX 100644
39
--- a/hw/arm/boot.c
25
--- a/target/arm/helper.h
40
+++ b/hw/arm/boot.c
26
+++ b/target/arm/helper.h
41
@@ -XXX,XX +XXX,XX @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
27
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_5(gvec_uclamp_d, TCG_CALL_NO_RWG,
42
int is_linux = 0;
28
void, ptr, ptr, ptr, ptr, i32)
43
uint64_t elf_entry;
29
44
/* Addresses of first byte used and first byte not used by the image */
30
#ifdef TARGET_AARCH64
45
- uint64_t image_low_addr, image_high_addr;
31
-#include "helper-a64.h"
46
+ uint64_t image_low_addr = 0, image_high_addr = 0;
32
-#include "helper-sve.h"
47
int elf_machine;
33
-#include "helper-sme.h"
48
hwaddr entry;
34
+#include "tcg/helper-a64.h"
49
static const ARMInsnFixup *primary_loader;
35
+#include "tcg/helper-sve.h"
50
@@ -XXX,XX +XXX,XX @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
36
+#include "tcg/helper-sme.h"
51
uint64_t loadaddr = info->loader_start + KERNEL_NOLOAD_ADDR;
37
#endif
52
kernel_size = load_uimage_as(info->kernel_filename, &entry, &loadaddr,
38
53
&is_linux, NULL, NULL, as);
39
-#include "helper-mve.h"
54
+ if (kernel_size >= 0) {
40
+#include "tcg/helper-mve.h"
55
+ image_low_addr = loadaddr;
41
diff --git a/target/arm/helper-a64.h b/target/arm/tcg/helper-a64.h
56
+ image_high_addr = image_low_addr + kernel_size;
42
similarity index 100%
57
+ }
43
rename from target/arm/helper-a64.h
58
}
44
rename to target/arm/tcg/helper-a64.h
59
if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64) && kernel_size < 0) {
45
diff --git a/target/arm/helper-mve.h b/target/arm/tcg/helper-mve.h
60
kernel_size = load_aarch64_image(info->kernel_filename,
46
similarity index 100%
61
info->loader_start, &entry, as);
47
rename from target/arm/helper-mve.h
62
is_linux = 1;
48
rename to target/arm/tcg/helper-mve.h
63
+ if (kernel_size >= 0) {
49
diff --git a/target/arm/helper-sme.h b/target/arm/tcg/helper-sme.h
64
+ image_low_addr = entry;
50
similarity index 100%
65
+ image_high_addr = image_low_addr + kernel_size;
51
rename from target/arm/helper-sme.h
66
+ }
52
rename to target/arm/tcg/helper-sme.h
67
} else if (kernel_size < 0) {
53
diff --git a/target/arm/helper-sve.h b/target/arm/tcg/helper-sve.h
68
/* 32-bit ARM */
54
similarity index 100%
69
entry = info->loader_start + KERNEL_LOAD_ADDR;
55
rename from target/arm/helper-sve.h
70
kernel_size = load_image_targphys_as(info->kernel_filename, entry,
56
rename to target/arm/tcg/helper-sve.h
71
ram_end - KERNEL_LOAD_ADDR, as);
72
is_linux = 1;
73
+ if (kernel_size >= 0) {
74
+ image_low_addr = entry;
75
+ image_high_addr = image_low_addr + kernel_size;
76
+ }
77
}
78
if (kernel_size < 0) {
79
error_report("could not load kernel '%s'", info->kernel_filename);
80
@@ -XXX,XX +XXX,XX @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
81
* we might still make a bad choice here.
82
*/
83
info->initrd_start = info->loader_start +
84
- MAX(MIN(info->ram_size / 2, 128 * 1024 * 1024), kernel_size);
85
+ MIN(info->ram_size / 2, 128 * 1024 * 1024);
86
+ if (image_high_addr) {
87
+ info->initrd_start = MAX(info->initrd_start, image_high_addr);
88
+ }
89
info->initrd_start = TARGET_PAGE_ALIGN(info->initrd_start);
90
91
if (is_linux) {
92
--
57
--
93
2.20.1
58
2.34.1
94
59
95
60
diff view generated by jsdifflib
[Qemu-devel] [PULL 4/5] hw/arm/boot: Rename elf_{low, high}_addr to image_{low, high}_addr
[PULL 03/12] target/arm: Don't allow stage 2 page table walks to downgrade to NS
1
Rename the elf_low_addr and elf_high_addr variables to image_low_addr
1
Bit 63 in a Table descriptor is only the NSTable bit for stage 1
2
and image_high_addr -- in the next commit we will extend them to
2
translations; in stage 2 it is RES0. We were incorrectly looking at
3
be set for other kinds of image file and not just ELF files.
3
it all the time.
4
4
5
This causes problems if:
6
* the stage 2 table descriptor was incorrectly setting the RES0 bit
7
* we are doing a stage 2 translation in Secure address space for
8
a NonSecure stage 1 regime -- in this case we would incorrectly
9
do an immediate downgrade to NonSecure
10
11
A bug elsewhere in the code currently prevents us from getting
12
to the second situation, but when we fix that it will be possible.
13
14
Cc: qemu-stable@nongnu.org
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
17
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
8
Tested-by: Mark Rutland <mark.rutland@arm.com>
18
Message-id: 20230504135425.2748672-2-peter.maydell@linaro.org
9
Message-id: 20190722151804.25467-2-peter.maydell@linaro.org
10
---
19
---
11
hw/arm/boot.c | 20 +++++++++++---------
20
target/arm/ptw.c | 5 +++--
12
1 file changed, 11 insertions(+), 9 deletions(-)
21
1 file changed, 3 insertions(+), 2 deletions(-)
13
22
14
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
23
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
15
index XXXXXXX..XXXXXXX 100644
24
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/arm/boot.c
25
--- a/target/arm/ptw.c
17
+++ b/hw/arm/boot.c
26
+++ b/target/arm/ptw.c
18
@@ -XXX,XX +XXX,XX @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
27
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
19
int kernel_size;
28
descaddrmask &= ~indexmask_grainsize;
20
int initrd_size;
29
21
int is_linux = 0;
30
/*
22
- uint64_t elf_entry, elf_low_addr, elf_high_addr;
31
- * Secure accesses start with the page table in secure memory and
23
+ uint64_t elf_entry;
32
+ * Secure stage 1 accesses start with the page table in secure memory and
24
+ /* Addresses of first byte used and first byte not used by the image */
33
* can be downgraded to non-secure at any step. Non-secure accesses
25
+ uint64_t image_low_addr, image_high_addr;
34
* remain non-secure. We implement this by just ORing in the NSTable/NS
26
int elf_machine;
35
* bits at each step.
27
hwaddr entry;
36
+ * Stage 2 never gets this kind of downgrade.
28
static const ARMInsnFixup *primary_loader;
37
*/
29
@@ -XXX,XX +XXX,XX @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
38
tableattrs = is_secure ? 0 : (1 << 4);
30
info->nb_cpus = 1;
39
31
40
next_level:
32
/* Assume that raw images are linux kernels, and ELF images are not. */
41
descaddr |= (address >> (stride * (4 - level))) & indexmask;
33
- kernel_size = arm_load_elf(info, &elf_entry, &elf_low_addr,
42
descaddr &= ~7ULL;
34
- &elf_high_addr, elf_machine, as);
43
- nstable = extract32(tableattrs, 4, 1);
35
+ kernel_size = arm_load_elf(info, &elf_entry, &image_low_addr,
44
+ nstable = !regime_is_stage2(mmu_idx) && extract32(tableattrs, 4, 1);
36
+ &image_high_addr, elf_machine, as);
45
if (nstable) {
37
if (kernel_size > 0 && have_dtb(info)) {
38
/*
46
/*
39
* If there is still some room left at the base of RAM, try and put
47
* Stage2_S -> Stage2 or Phys_S -> Phys_NS
40
* the DTB there like we do for images loaded with -bios or -pflash.
41
*/
42
- if (elf_low_addr > info->loader_start
43
- || elf_high_addr < info->loader_start) {
44
+ if (image_low_addr > info->loader_start
45
+ || image_high_addr < info->loader_start) {
46
/*
47
- * Set elf_low_addr as address limit for arm_load_dtb if it may be
48
+ * Set image_low_addr as address limit for arm_load_dtb if it may be
49
* pointing into RAM, otherwise pass '0' (no limit)
50
*/
51
- if (elf_low_addr < info->loader_start) {
52
- elf_low_addr = 0;
53
+ if (image_low_addr < info->loader_start) {
54
+ image_low_addr = 0;
55
}
56
info->dtb_start = info->loader_start;
57
- info->dtb_limit = elf_low_addr;
58
+ info->dtb_limit = image_low_addr;
59
}
60
}
61
entry = elf_entry;
62
--
48
--
63
2.20.1
49
2.34.1
64
50
65
51
diff view generated by jsdifflib
New patch
[PULL 04/12] target/arm: Fix handling of SW and NSW bits for stage 2 walks
1
We currently don't correctly handle the VSTCR_EL2.SW and VTCR_EL2.NSW
2
configuration bits. These allow configuration of whether the stage 2
3
page table walks for Secure IPA and NonSecure IPA should do their
4
descriptor reads from Secure or NonSecure physical addresses. (This
5
is separate from how the translation table base address and other
6
parameters are set: an NS IPA always uses VTTBR_EL2 and VTCR_EL2
7
for its base address and walk parameters, regardless of the NSW bit,
8
and similarly for Secure.)
1
9
10
Provide a new function ptw_idx_for_stage_2() which returns the
11
MMU index to use for descriptor reads, and use it to set up
12
the .in_ptw_idx wherever we call get_phys_addr_lpae().
13
14
For a stage 2 walk, wherever we call get_phys_addr_lpae():
15
* .in_ptw_idx should be ptw_idx_for_stage_2() of the .in_mmu_idx
16
* .in_secure should be true if .in_mmu_idx is Stage2_S
17
18
This allows us to correct S1_ptw_translate() so that it consistently
19
always sets its (out_secure, out_phys) to the result it gets from the
20
S2 walk (either by calling get_phys_addr_lpae() or by TLB lookup).
21
This makes better conceptual sense because the S2 walk should return
22
us an (address space, address) tuple, not an address that we then
23
randomly assign to S or NS.
24
25
Our previous handling of SW and NSW was broken, so guest code
26
trying to use these bits to put the s2 page tables in the "other"
27
address space wouldn't work correctly.
28
29
Cc: qemu-stable@nongnu.org
30
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1600
31
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
32
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
33
Message-id: 20230504135425.2748672-3-peter.maydell@linaro.org
34
---
35
target/arm/ptw.c | 76 ++++++++++++++++++++++++++++++++----------------
36
1 file changed, 51 insertions(+), 25 deletions(-)
37
38
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
39
index XXXXXXX..XXXXXXX 100644
40
--- a/target/arm/ptw.c
41
+++ b/target/arm/ptw.c
42
@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env)
43
return stage_1_mmu_idx(arm_mmu_idx(env));
44
}
45
46
+/*
47
+ * Return where we should do ptw loads from for a stage 2 walk.
48
+ * This depends on whether the address we are looking up is a
49
+ * Secure IPA or a NonSecure IPA, which we know from whether this is
50
+ * Stage2 or Stage2_S.
51
+ * If this is the Secure EL1&0 regime we need to check the NSW and SW bits.
52
+ */
53
+static ARMMMUIdx ptw_idx_for_stage_2(CPUARMState *env, ARMMMUIdx stage2idx)
54
+{
55
+ bool s2walk_secure;
56
+
57
+ /*
58
+ * We're OK to check the current state of the CPU here because
59
+ * (1) we always invalidate all TLBs when the SCR_EL3.NS bit changes
60
+ * (2) there's no way to do a lookup that cares about Stage 2 for a
61
+ * different security state to the current one for AArch64, and AArch32
62
+ * never has a secure EL2. (AArch32 ATS12NSO[UP][RW] allow EL3 to do
63
+ * an NS stage 1+2 lookup while the NS bit is 0.)
64
+ */
65
+ if (!arm_is_secure_below_el3(env) || !arm_el_is_aa64(env, 3)) {
66
+ return ARMMMUIdx_Phys_NS;
67
+ }
68
+ if (stage2idx == ARMMMUIdx_Stage2_S) {
69
+ s2walk_secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
70
+ } else {
71
+ s2walk_secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
72
+ }
73
+ return s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
74
+
75
+}
76
+
77
static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx)
78
{
79
return (regime_sctlr(env, mmu_idx) & SCTLR_EE) != 0;
80
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
81
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
82
ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
83
uint8_t pte_attrs;
84
- bool pte_secure;
85
86
ptw->out_virt = addr;
87
88
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
89
if (regime_is_stage2(s2_mmu_idx)) {
90
S1Translate s2ptw = {
91
.in_mmu_idx = s2_mmu_idx,
92
- .in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS,
93
- .in_secure = is_secure,
94
+ .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
95
+ .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
96
.in_debug = true,
97
};
98
GetPhysAddrResult s2 = { };
99
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
100
}
101
ptw->out_phys = s2.f.phys_addr;
102
pte_attrs = s2.cacheattrs.attrs;
103
- pte_secure = s2.f.attrs.secure;
104
+ ptw->out_secure = s2.f.attrs.secure;
105
} else {
106
/* Regime is physical. */
107
ptw->out_phys = addr;
108
pte_attrs = 0;
109
- pte_secure = is_secure;
110
+ ptw->out_secure = s2_mmu_idx == ARMMMUIdx_Phys_S;
111
}
112
ptw->out_host = NULL;
113
ptw->out_rw = false;
114
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
115
ptw->out_phys = full->phys_addr | (addr & ~TARGET_PAGE_MASK);
116
ptw->out_rw = full->prot & PAGE_WRITE;
117
pte_attrs = full->pte_attrs;
118
- pte_secure = full->attrs.secure;
119
+ ptw->out_secure = full->attrs.secure;
120
#else
121
g_assert_not_reached();
122
#endif
123
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
124
}
125
}
126
127
- /* Check if page table walk is to secure or non-secure PA space. */
128
- ptw->out_secure = (is_secure
129
- && !(pte_secure
130
- ? env->cp15.vstcr_el2 & VSTCR_SW
131
- : env->cp15.vtcr_el2 & VTCR_NSW));
132
ptw->out_be = regime_translation_big_endian(env, mmu_idx);
133
return true;
134
135
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
136
hwaddr ipa;
137
int s1_prot, s1_lgpgsz;
138
bool is_secure = ptw->in_secure;
139
- bool ret, ipa_secure, s2walk_secure;
140
+ bool ret, ipa_secure;
141
ARMCacheAttrs cacheattrs1;
142
bool is_el0;
143
uint64_t hcr;
144
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
145
146
ipa = result->f.phys_addr;
147
ipa_secure = result->f.attrs.secure;
148
- if (is_secure) {
149
- /* Select TCR based on the NS bit from the S1 walk. */
150
- s2walk_secure = !(ipa_secure
151
- ? env->cp15.vstcr_el2 & VSTCR_SW
152
- : env->cp15.vtcr_el2 & VTCR_NSW);
153
- } else {
154
- assert(!ipa_secure);
155
- s2walk_secure = false;
156
- }
157
158
is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
159
- ptw->in_mmu_idx = s2walk_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
160
- ptw->in_ptw_idx = s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
161
- ptw->in_secure = s2walk_secure;
162
+ ptw->in_mmu_idx = ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
163
+ ptw->in_secure = ipa_secure;
164
+ ptw->in_ptw_idx = ptw_idx_for_stage_2(env, ptw->in_mmu_idx);
165
166
/*
167
* S1 is done, now do S2 translation.
168
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
169
ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
170
break;
171
172
+ case ARMMMUIdx_Stage2:
173
+ case ARMMMUIdx_Stage2_S:
174
+ /*
175
+ * Second stage lookup uses physical for ptw; whether this is S or
176
+ * NS may depend on the SW/NSW bits if this is a stage 2 lookup for
177
+ * the Secure EL2&0 regime.
178
+ */
179
+ ptw->in_ptw_idx = ptw_idx_for_stage_2(env, mmu_idx);
180
+ break;
181
+
182
case ARMMMUIdx_E10_0:
183
s1_mmu_idx = ARMMMUIdx_Stage1_E0;
184
goto do_twostage;
185
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
186
/* fall through */
187
188
default:
189
- /* Single stage and second stage uses physical for ptw. */
190
+ /* Single stage uses physical for ptw. */
191
ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
192
break;
193
}
194
--
195
2.34.1
diff view generated by jsdifflib
[Qemu-devel] [PULL 1/5] pl330: fix vmstate description
[PULL 05/12] MAINTAINERS: Update Akihiko Odaki's email address
1
From: Damien Hedde <damien.hedde@greensocs.com>
1
From: Akihiko Odaki <akihiko.odaki@gmail.com>
2
2
3
Fix the pl330 main and queue vmstate description.
3
I am now employed by Daynix. Although my role as a reviewer of
4
There were missing POINTER flags causing crashes during
4
macOS-related change is not very relevant to the employment, I decided
5
incoming migration because:
5
to use the company email address to avoid confusions from different
6
+ PL330State chan field is a pointer to an array
6
addresses.
7
+ PL330Queue queue field is a pointer to an array
8
7
9
Also bump corresponding vmsd version numbers.
8
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
10
9
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
11
Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
10
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
12
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
11
Message-id: 20230506072333.32510-1-akihiko.odaki@daynix.com
13
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
14
Message-id: 20190724143553.21557-1-damien.hedde@greensocs.com
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
---
13
---
17
hw/dma/pl330.c | 17 +++++++++--------
14
MAINTAINERS | 4 ++--
18
1 file changed, 9 insertions(+), 8 deletions(-)
15
1 file changed, 2 insertions(+), 2 deletions(-)
19
16
20
diff --git a/hw/dma/pl330.c b/hw/dma/pl330.c
17
diff --git a/MAINTAINERS b/MAINTAINERS
21
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
22
--- a/hw/dma/pl330.c
19
--- a/MAINTAINERS
23
+++ b/hw/dma/pl330.c
20
+++ b/MAINTAINERS
24
@@ -XXX,XX +XXX,XX @@ typedef struct PL330Queue {
21
@@ -XXX,XX +XXX,XX @@ Core Audio framework backend
25
22
M: Gerd Hoffmann <kraxel@redhat.com>
26
static const VMStateDescription vmstate_pl330_queue = {
23
M: Philippe Mathieu-Daudé <philmd@linaro.org>
27
.name = "pl330_queue",
24
R: Christian Schoenebeck <qemu_oss@crudebyte.com>
28
- .version_id = 1,
25
-R: Akihiko Odaki <akihiko.odaki@gmail.com>
29
- .minimum_version_id = 1,
26
+R: Akihiko Odaki <akihiko.odaki@daynix.com>
30
+ .version_id = 2,
27
S: Odd Fixes
31
+ .minimum_version_id = 2,
28
F: audio/coreaudio.c
32
.fields = (VMStateField[]) {
29
33
- VMSTATE_STRUCT_VARRAY_UINT32(queue, PL330Queue, queue_size, 1,
30
@@ -XXX,XX +XXX,XX @@ F: docs/devel/ui.rst
34
- vmstate_pl330_queue_entry, PL330QueueEntry),
31
Cocoa graphics
35
+ VMSTATE_STRUCT_VARRAY_POINTER_UINT32(queue, PL330Queue, queue_size,
32
M: Peter Maydell <peter.maydell@linaro.org>
36
+ vmstate_pl330_queue_entry,
33
M: Philippe Mathieu-Daudé <philmd@linaro.org>
37
+ PL330QueueEntry),
34
-R: Akihiko Odaki <akihiko.odaki@gmail.com>
38
VMSTATE_END_OF_LIST()
35
+R: Akihiko Odaki <akihiko.odaki@daynix.com>
39
}
36
S: Odd Fixes
40
};
37
F: ui/cocoa.m
41
@@ -XXX,XX +XXX,XX @@ struct PL330State {
38
42
43
static const VMStateDescription vmstate_pl330 = {
44
.name = "pl330",
45
- .version_id = 1,
46
- .minimum_version_id = 1,
47
+ .version_id = 2,
48
+ .minimum_version_id = 2,
49
.fields = (VMStateField[]) {
50
VMSTATE_STRUCT(manager, PL330State, 0, vmstate_pl330_chan, PL330Chan),
51
- VMSTATE_STRUCT_VARRAY_UINT32(chan, PL330State, num_chnls, 0,
52
- vmstate_pl330_chan, PL330Chan),
53
+ VMSTATE_STRUCT_VARRAY_POINTER_UINT32(chan, PL330State, num_chnls,
54
+ vmstate_pl330_chan, PL330Chan),
55
VMSTATE_VBUFFER_UINT32(lo_seqn, PL330State, 1, NULL, num_chnls),
56
VMSTATE_VBUFFER_UINT32(hi_seqn, PL330State, 1, NULL, num_chnls),
57
VMSTATE_STRUCT(fifo, PL330State, 0, vmstate_pl330_fifo, PL330Fifo),
58
--
39
--
59
2.20.1
40
2.34.1
60
41
61
42
diff view generated by jsdifflib
[Qemu-devel] [PULL 3/5] vmstate.h: Type check VMSTATE_STRUCT_VARRAY macros
[PULL 06/12] ui: Fix pixel colour channel order for PNG screenshots
1
The VMSTATE_STRUCT_VARRAY_UINT32 macro is intended to handle
1
When we take a PNG screenshot the ordering of the colour channels in
2
migrating a field which is an array of structs, but where instead of
2
the data is not correct, resulting in the image having weird
3
migrating the entire array we only migrate a variable number of
3
colouring compared to the actual display. (Specifically, on a
4
elements of it.
4
little-endian host the blue and red channels are swapped; on
5
big-endian everything is wrong.)
5
6
6
The VMSTATE_STRUCT_VARRAY_POINTER_UINT32 macro is intended to handle
7
This happens because the pixman idea of the pixel data and the libpng
7
migrating a field which is of pointer type, and points to a
8
idea differ. PIXMAN_a8r8g8b8 defines that pixels are 32-bit values,
8
dynamically allocated array of structs of variable size.
9
with A in bits 24-31, R in bits 16-23, G in bits 8-15 and B in bits
10
0-7. This means that on little-endian systems the bytes in memory
11
are
12
B G R A
13
and on big-endian systems they are
14
A R G B
9
15
10
We weren't actually checking that the field passed to
16
libpng, on the other hand, thinks of pixels as being a series of
11
VMSTATE_STRUCT_VARRAY_UINT32 really is an array, with the result that
17
values for each channel, so its format PNG_COLOR_TYPE_RGB_ALPHA
12
accidentally using it where the _POINTER_ macro was intended would
18
always wants bytes in the order
13
compile but silently corrupt memory on migration.
19
R G B A
14
20
15
Add type-checking that enforces that the field passed in is
21
This isn't the same as the pixman order for either big or little
16
really of the right array type. This applies to all the VMSTATE
22
endian hosts.
17
macros which use flags including VMS_VARRAY_* but not VMS_POINTER.
18
23
24
The alpha channel is also unnecessary bulk in the output PNG file,
25
because there is no alpha information in a screenshot.
26
27
To handle the endianness issue, we already define in ui/qemu-pixman.h
28
various PIXMAN_BE_* and PIXMAN_LE_* values that give consistent
29
byte-order pixel channel formats. So we can use PIXMAN_BE_r8g8b8 and
30
PNG_COLOR_TYPE_RGB, which both have an in-memory byte order of
31
R G B
32
and 3 bytes per pixel.
33
34
(PPM format screenshots get this right; they already use the
35
PIXMAN_BE_r8g8b8 format.)
36
37
Cc: qemu-stable@nongnu.org
38
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1622
39
Fixes: 9a0a119a382867 ("Added parameter to take screenshot with screendump as PNG")
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
40
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
41
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
21
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
42
Message-id: 20230502135548.2451309-1-peter.maydell@linaro.org
22
Tested-by: Damien Hedde <damien.hedde@greensocs.com>
23
Message-id: 20190725163710.11703-3-peter.maydell@linaro.org
24
---
43
---
25
include/migration/vmstate.h | 30 ++++++++++++++++++++++++------
44
ui/console.c | 4 ++--
26
1 file changed, 24 insertions(+), 6 deletions(-)
45
1 file changed, 2 insertions(+), 2 deletions(-)
27
46
28
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
47
diff --git a/ui/console.c b/ui/console.c
29
index XXXXXXX..XXXXXXX 100644
48
index XXXXXXX..XXXXXXX 100644
30
--- a/include/migration/vmstate.h
49
--- a/ui/console.c
31
+++ b/include/migration/vmstate.h
50
+++ b/ui/console.c
32
@@ -XXX,XX +XXX,XX @@ extern const VMStateInfo vmstate_info_bitmap;
51
@@ -XXX,XX +XXX,XX @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
33
extern const VMStateInfo vmstate_info_qtailq;
52
png_struct *png_ptr;
34
53
png_info *info_ptr;
35
#define type_check_2darray(t1,t2,n,m) ((t1(*)[n][m])0 - (t2*)0)
54
g_autoptr(pixman_image_t) linebuf =
36
+/*
55
- qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width);
37
+ * Check that type t2 is an array of type t1 of size n,
56
+ qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, width);
38
+ * e.g. if t1 is 'foo' and n is 32 then t2 must be 'foo[32]'
57
uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf);
39
+ */
58
FILE *f = fdopen(fd, "wb");
40
#define type_check_array(t1,t2,n) ((t1(*)[n])0 - (t2*)0)
59
int y;
41
#define type_check_pointer(t1,t2) ((t1**)0 - (t2*)0)
60
@@ -XXX,XX +XXX,XX @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
42
+/*
61
png_init_io(png_ptr, f);
43
+ * type of element 0 of the specified (array) field of the type.
62
44
+ * Note that if the field is a pointer then this will return the
63
png_set_IHDR(png_ptr, info_ptr, width, height, 8,
45
+ * pointed-to type rather than complaining.
64
- PNG_COLOR_TYPE_RGB_ALPHA, PNG_INTERLACE_NONE,
46
+ */
65
+ PNG_COLOR_TYPE_RGB, PNG_INTERLACE_NONE,
47
+#define typeof_elt_of_field(type, field) typeof(((type *)0)->field[0])
66
PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE);
48
+/* Check that field f in struct type t2 is an array of t1, of any size */
67
49
+#define type_check_varray(t1, t2, f) \
68
png_write_info(png_ptr, info_ptr);
50
+ (type_check(t1, typeof_elt_of_field(t2, f)) \
51
+ + QEMU_BUILD_BUG_ON_ZERO(!QEMU_IS_ARRAY(((t2 *)0)->f)))
52
53
#define vmstate_offset_value(_state, _field, _type) \
54
(offsetof(_state, _field) + \
55
@@ -XXX,XX +XXX,XX @@ extern const VMStateInfo vmstate_info_qtailq;
56
vmstate_offset_array(_state, _field, uint8_t, \
57
sizeof(typeof_field(_state, _field)))
58
59
+#define vmstate_offset_varray(_state, _field, _type) \
60
+ (offsetof(_state, _field) + \
61
+ type_check_varray(_type, _state, _field))
62
+
63
/* In the macros below, if there is a _version, that means the macro's
64
* field will be processed only if the version being received is >=
65
* the _version specified. In general, if you add a new field, you
66
@@ -XXX,XX +XXX,XX @@ extern const VMStateInfo vmstate_info_qtailq;
67
.info = &(_info), \
68
.size = sizeof(_type), \
69
.flags = VMS_VARRAY_UINT32|VMS_MULTIPLY_ELEMENTS, \
70
- .offset = offsetof(_state, _field), \
71
+ .offset = vmstate_offset_varray(_state, _field, _type), \
72
}
73
74
#define VMSTATE_ARRAY_TEST(_field, _state, _num, _test, _info, _type) {\
75
@@ -XXX,XX +XXX,XX @@ extern const VMStateInfo vmstate_info_qtailq;
76
.info = &(_info), \
77
.size = sizeof(_type), \
78
.flags = VMS_VARRAY_INT32, \
79
- .offset = offsetof(_state, _field), \
80
+ .offset = vmstate_offset_varray(_state, _field, _type), \
81
}
82
83
#define VMSTATE_VARRAY_INT32(_field, _state, _field_num, _version, _info, _type) {\
84
@@ -XXX,XX +XXX,XX @@ extern const VMStateInfo vmstate_info_qtailq;
85
.info = &(_info), \
86
.size = sizeof(_type), \
87
.flags = VMS_VARRAY_UINT16, \
88
- .offset = offsetof(_state, _field), \
89
+ .offset = vmstate_offset_varray(_state, _field, _type), \
90
}
91
92
#define VMSTATE_VSTRUCT_TEST(_field, _state, _test, _version, _vmsd, _type, _struct_version) { \
93
@@ -XXX,XX +XXX,XX @@ extern const VMStateInfo vmstate_info_qtailq;
94
.vmsd = &(_vmsd), \
95
.size = sizeof(_type), \
96
.flags = VMS_STRUCT|VMS_VARRAY_UINT8, \
97
- .offset = offsetof(_state, _field), \
98
+ .offset = vmstate_offset_varray(_state, _field, _type), \
99
}
100
101
/* a variable length array (i.e. _type *_field) but we know the
102
@@ -XXX,XX +XXX,XX @@ extern const VMStateInfo vmstate_info_qtailq;
103
.vmsd = &(_vmsd), \
104
.size = sizeof(_type), \
105
.flags = VMS_STRUCT|VMS_VARRAY_INT32, \
106
- .offset = offsetof(_state, _field), \
107
+ .offset = vmstate_offset_varray(_state, _field, _type), \
108
}
109
110
#define VMSTATE_STRUCT_VARRAY_UINT32(_field, _state, _field_num, _version, _vmsd, _type) { \
111
@@ -XXX,XX +XXX,XX @@ extern const VMStateInfo vmstate_info_qtailq;
112
.vmsd = &(_vmsd), \
113
.size = sizeof(_type), \
114
.flags = VMS_STRUCT|VMS_VARRAY_UINT32, \
115
- .offset = offsetof(_state, _field), \
116
+ .offset = vmstate_offset_varray(_state, _field, _type), \
117
}
118
119
#define VMSTATE_STRUCT_VARRAY_ALLOC(_field, _state, _field_num, _version, _vmsd, _type) {\
120
--
69
--
121
2.20.1
70
2.34.1
122
71
123
72
diff view generated by jsdifflib
New patch
[PULL 07/12] docs: Remove unused weirdly-named cross-reference targets
1
In the doc sources, we have a few cross-reference targets with odd
2
names "pcsys_005fxyz". These are the legacy of the semi-automated
3
conversion of the old info docs to rST (the '005f' is because ASCII
4
0x5f is '_' and the old info link names had underscores in them).
1
5
6
Remove the targets which nothing links to, and rename the two targets
7
which are used to something a bit more descriptive.
8
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Message-id: 20230421163642.1151904-1-peter.maydell@linaro.org
11
Reviewed-by: Markus Armbruster <armbru@redhat.com>
12
---
13
docs/system/devices/igb.rst | 2 +-
14
docs/system/devices/ivshmem.rst | 2 --
15
docs/system/devices/net.rst | 2 +-
16
docs/system/devices/usb.rst | 2 --
17
docs/system/keys.rst | 2 +-
18
docs/system/linuxboot.rst | 2 +-
19
docs/system/target-i386.rst | 4 ----
20
7 files changed, 4 insertions(+), 12 deletions(-)
21
22
diff --git a/docs/system/devices/igb.rst b/docs/system/devices/igb.rst
23
index XXXXXXX..XXXXXXX 100644
24
--- a/docs/system/devices/igb.rst
25
+++ b/docs/system/devices/igb.rst
26
@@ -XXX,XX +XXX,XX @@ Using igb
27
=========
28
29
Using igb should be nothing different from using another network device. See
30
-:ref:`pcsys_005fnetwork` in general.
31
+:ref:`Network_emulation` in general.
32
33
However, you may also need to perform additional steps to activate SR-IOV
34
feature on your guest. For Linux, refer to [4]_.
35
diff --git a/docs/system/devices/ivshmem.rst b/docs/system/devices/ivshmem.rst
36
index XXXXXXX..XXXXXXX 100644
37
--- a/docs/system/devices/ivshmem.rst
38
+++ b/docs/system/devices/ivshmem.rst
39
@@ -XXX,XX +XXX,XX @@
40
-.. _pcsys_005fivshmem:
41
-
42
Inter-VM Shared Memory device
43
-----------------------------
44
45
diff --git a/docs/system/devices/net.rst b/docs/system/devices/net.rst
46
index XXXXXXX..XXXXXXX 100644
47
--- a/docs/system/devices/net.rst
48
+++ b/docs/system/devices/net.rst
49
@@ -XXX,XX +XXX,XX @@
50
-.. _pcsys_005fnetwork:
51
+.. _Network_Emulation:
52
53
Network emulation
54
-----------------
55
diff --git a/docs/system/devices/usb.rst b/docs/system/devices/usb.rst
56
index XXXXXXX..XXXXXXX 100644
57
--- a/docs/system/devices/usb.rst
58
+++ b/docs/system/devices/usb.rst
59
@@ -XXX,XX +XXX,XX @@
60
-.. _pcsys_005fusb:
61
-
62
USB emulation
63
-------------
64
65
diff --git a/docs/system/keys.rst b/docs/system/keys.rst
66
index XXXXXXX..XXXXXXX 100644
67
--- a/docs/system/keys.rst
68
+++ b/docs/system/keys.rst
69
@@ -XXX,XX +XXX,XX @@
70
-.. _pcsys_005fkeys:
71
+.. _GUI_keys:
72
73
Keys in the graphical frontends
74
-------------------------------
75
diff --git a/docs/system/linuxboot.rst b/docs/system/linuxboot.rst
76
index XXXXXXX..XXXXXXX 100644
77
--- a/docs/system/linuxboot.rst
78
+++ b/docs/system/linuxboot.rst
79
@@ -XXX,XX +XXX,XX @@ virtual serial port and the QEMU monitor to the console with the
80
-append "root=/dev/hda console=ttyS0" -nographic
81
82
Use Ctrl-a c to switch between the serial console and the monitor (see
83
-:ref:`pcsys_005fkeys`).
84
+:ref:`GUI_keys`).
85
diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst
86
index XXXXXXX..XXXXXXX 100644
87
--- a/docs/system/target-i386.rst
88
+++ b/docs/system/target-i386.rst
89
@@ -XXX,XX +XXX,XX @@
90
x86 System emulator
91
-------------------
92
93
-.. _pcsys_005fdevices:
94
-
95
Board-specific documentation
96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
97
98
@@ -XXX,XX +XXX,XX @@ Architectural features
99
i386/sgx
100
i386/amd-memory-encryption
101
102
-.. _pcsys_005freq:
103
-
104
OS requirements
105
~~~~~~~~~~~~~~~
106
107
--
108
2.34.1
diff view generated by jsdifflib
[Qemu-devel] [PULL 2/5] stellaris_input: Fix vmstate description of buttons field
[PULL 08/12] hw/mips/malta: Fix minor dead code issue
1
gamepad_state::buttons is a pointer to an array of structs,
1
Coverity points out (in CID 1508390) that write_bootloader has
2
not an array of structs, so should be declared in the vmstate
2
some dead code, where we assign to 'p' and then in the following
3
with VMSTATE_STRUCT_VARRAY_POINTER_INT32; otherwise we
3
line assign to it again. This happened as a result of the
4
corrupt memory on incoming migration.
4
refactoring in commit cd5066f8618b.
5
5
6
We bump the vmstate version field as the easiest way to
6
Fix the dead code by removing the 'void *v' variable entirely and
7
deal with the migration break, since migration wouldn't have
7
instead adding a cast when calling bl_setup_gt64120_jump_kernel(), as
8
worked reliably before anyway.
8
we do at its other callsite in write_bootloader_nanomips().
9
9
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
11
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
12
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
13
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
14
Message-id: 20190725163710.11703-2-peter.maydell@linaro.org
15
---
12
---
16
hw/input/stellaris_input.c | 10 ++++++----
13
hw/mips/malta.c | 5 +----
17
1 file changed, 6 insertions(+), 4 deletions(-)
14
1 file changed, 1 insertion(+), 4 deletions(-)
18
15
19
diff --git a/hw/input/stellaris_input.c b/hw/input/stellaris_input.c
16
diff --git a/hw/mips/malta.c b/hw/mips/malta.c
20
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/input/stellaris_input.c
18
--- a/hw/mips/malta.c
22
+++ b/hw/input/stellaris_input.c
19
+++ b/hw/mips/malta.c
23
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_stellaris_button = {
20
@@ -XXX,XX +XXX,XX @@ static void write_bootloader(uint8_t *base, uint64_t run_addr,
24
21
uint64_t kernel_entry)
25
static const VMStateDescription vmstate_stellaris_gamepad = {
22
{
26
.name = "stellaris_gamepad",
23
uint32_t *p;
27
- .version_id = 1,
24
- void *v;
28
- .minimum_version_id = 1,
25
29
+ .version_id = 2,
26
/* Small bootloader */
30
+ .minimum_version_id = 2,
27
p = (uint32_t *)base;
31
.fields = (VMStateField[]) {
28
@@ -XXX,XX +XXX,XX @@ static void write_bootloader(uint8_t *base, uint64_t run_addr,
32
VMSTATE_INT32(extension, gamepad_state),
29
*
33
- VMSTATE_STRUCT_VARRAY_INT32(buttons, gamepad_state, num_buttons, 0,
30
*/
34
- vmstate_stellaris_button, gamepad_button),
31
35
+ VMSTATE_STRUCT_VARRAY_POINTER_INT32(buttons, gamepad_state,
32
- v = p;
36
+ num_buttons,
33
- bl_setup_gt64120_jump_kernel(&v, run_addr, kernel_entry);
37
+ vmstate_stellaris_button,
34
- p = v;
38
+ gamepad_button),
35
+ bl_setup_gt64120_jump_kernel((void **)&p, run_addr, kernel_entry);
39
VMSTATE_END_OF_LIST()
36
40
}
37
/* YAMON subroutines */
41
};
38
p = (uint32_t *) (base + 0x800);
42
--
39
--
43
2.20.1
40
2.34.1
44
41
45
42
diff view generated by jsdifflib
New patch
[PULL 09/12] target/arm: Select SEMIHOSTING when using TCG
1
From: Fabiano Rosas <farosas@suse.de>
1
2
3
Semihosting has been made a 'default y' entry in Kconfig, which does
4
not work because when building --without-default-devices, the
5
semihosting code would not be available.
6
7
Make semihosting unconditional when TCG is present.
8
9
Fixes: 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a KVM-only build")
10
Signed-off-by: Fabiano Rosas <farosas@suse.de>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Message-id: 20230508181611.2621-2-farosas@suse.de
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
15
target/arm/Kconfig | 8 +-------
16
1 file changed, 1 insertion(+), 7 deletions(-)
17
18
diff --git a/target/arm/Kconfig b/target/arm/Kconfig
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/Kconfig
21
+++ b/target/arm/Kconfig
22
@@ -XXX,XX +XXX,XX @@
23
config ARM
24
bool
25
+ select ARM_COMPATIBLE_SEMIHOSTING if TCG
26
27
config AARCH64
28
bool
29
select ARM
30
-
31
-# This config exists just so we can make SEMIHOSTING default when TCG
32
-# is selected without also changing it for other architectures.
33
-config ARM_SEMIHOSTING
34
- bool
35
- default y if TCG && ARM
36
- select ARM_COMPATIBLE_SEMIHOSTING
37
--
38
2.34.1
diff view generated by jsdifflib
New patch
[PULL 10/12] target/arm: Select CONFIG_ARM_V7M when TCG is enabled
1
From: Fabiano Rosas <farosas@suse.de>
1
2
3
We cannot allow this config to be disabled at the moment as not all of
4
the relevant code is protected by it.
5
6
Commit 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a
7
KVM-only build") moved the CONFIGs of several boards to Kconfig, so it
8
is now possible that nothing selects ARM_V7M (e.g. when doing a
9
--without-default-devices build).
10
11
Return the CONFIG_ARM_V7M entry to a state where it is always selected
12
whenever TCG is available.
13
14
Fixes: 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a KVM-only build")
15
Signed-off-by: Fabiano Rosas <farosas@suse.de>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Message-id: 20230508181611.2621-3-farosas@suse.de
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
---
20
target/arm/Kconfig | 1 +
21
1 file changed, 1 insertion(+)
22
23
diff --git a/target/arm/Kconfig b/target/arm/Kconfig
24
index XXXXXXX..XXXXXXX 100644
25
--- a/target/arm/Kconfig
26
+++ b/target/arm/Kconfig
27
@@ -XXX,XX +XXX,XX @@
28
config ARM
29
bool
30
select ARM_COMPATIBLE_SEMIHOSTING if TCG
31
+ select ARM_V7M if TCG
32
33
config AARCH64
34
bool
35
--
36
2.34.1
diff view generated by jsdifflib
New patch
[PULL 11/12] tests/qtest: Don't run cdrom boot tests if no accelerator is present
1
From: Fabiano Rosas <farosas@suse.de>
1
2
3
On a build configured with: --disable-tcg --enable-xen it is possible
4
to produce a QEMU binary with no TCG nor KVM support. Skip the cdrom
5
boot tests if that's the case.
6
7
Fixes: 0c1ae3ff9d ("tests/qtest: Fix tests when no KVM or TCG are present")
8
Signed-off-by: Fabiano Rosas <farosas@suse.de>
9
Reviewed-by: Thomas Huth <thuth@redhat.com>
10
Message-id: 20230508181611.2621-4-farosas@suse.de
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
tests/qtest/cdrom-test.c | 10 ++++++++++
14
1 file changed, 10 insertions(+)
15
16
diff --git a/tests/qtest/cdrom-test.c b/tests/qtest/cdrom-test.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/tests/qtest/cdrom-test.c
19
+++ b/tests/qtest/cdrom-test.c
20
@@ -XXX,XX +XXX,XX @@ static void test_cdboot(gconstpointer data)
21
22
static void add_x86_tests(void)
23
{
24
+ if (!qtest_has_accel("tcg") && !qtest_has_accel("kvm")) {
25
+ g_test_skip("No KVM or TCG accelerator available, skipping boot tests");
26
+ return;
27
+ }
28
+
29
qtest_add_data_func("cdrom/boot/default", "-cdrom ", test_cdboot);
30
qtest_add_data_func("cdrom/boot/virtio-scsi",
31
"-device virtio-scsi -device scsi-cd,drive=cdr "
32
@@ -XXX,XX +XXX,XX @@ static void add_x86_tests(void)
33
34
static void add_s390x_tests(void)
35
{
36
+ if (!qtest_has_accel("tcg") && !qtest_has_accel("kvm")) {
37
+ g_test_skip("No KVM or TCG accelerator available, skipping boot tests");
38
+ return;
39
+ }
40
+
41
qtest_add_data_func("cdrom/boot/default", "-cdrom ", test_cdboot);
42
qtest_add_data_func("cdrom/boot/virtio-scsi",
43
"-device virtio-scsi -device scsi-cd,drive=cdr "
44
--
45
2.34.1
diff view generated by jsdifflib
New patch
[PULL 12/12] target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check
1
In check_s2_mmu_setup() we have a check that is attempting to
2
implement the part of AArch64.S2MinTxSZ that is specific to when EL1
3
is AArch32:
1
4
5
if !s1aarch64 then
6
// EL1 is AArch32
7
min_txsz = Min(min_txsz, 24);
8
9
Unfortunately we got this wrong in two ways:
10
11
(1) The minimum txsz corresponds to a maximum inputsize, but we got
12
the sense of the comparison wrong and were faulting for all
13
inputsizes less than 40 bits
14
15
(2) We try to implement this as an extra check that happens after
16
we've done the same txsz checks we would do for an AArch64 EL1, but
17
in fact the pseudocode is *loosening* the requirements, so that txsz
18
values that would fault for an AArch64 EL1 do not fault for AArch32
19
EL1, because it does Min(old_min, 24), not Max(old_min, 24).
20
21
You can see this also in the text of the Arm ARM in table D8-8, which
22
shows that where the implemented PA size is less than 40 bits an
23
AArch32 EL1 is still OK with a configured stage2 T0SZ for a 40 bit
24
IPA, whereas if EL1 is AArch64 then the T0SZ must be big enough to
25
constrain the IPA to the implemented PA size.
26
27
Because of part (2), we can't do this as a separate check, but
28
have to integrate it into aa64_va_parameters(). Add a new argument
29
to that function to indicate that EL1 is 32-bit. All the existing
30
callsites except the one in get_phys_addr_lpae() can pass 'false',
31
because they are either doing a lookup for a stage 1 regime or
32
else they don't care about the tsz/tsz_oob fields.
33
34
Cc: qemu-stable@nongnu.org
35
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1627
36
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
37
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
38
Message-id: 20230509092059.3176487-1-peter.maydell@linaro.org
39
---
40
target/arm/internals.h | 12 +++++++++++-
41
target/arm/gdbstub64.c | 2 +-
42
target/arm/helper.c | 15 +++++++++++++--
43
target/arm/ptw.c | 14 ++------------
44
target/arm/tcg/pauth_helper.c | 6 +++---
45
5 files changed, 30 insertions(+), 19 deletions(-)
46
47
diff --git a/target/arm/internals.h b/target/arm/internals.h
48
index XXXXXXX..XXXXXXX 100644
49
--- a/target/arm/internals.h
50
+++ b/target/arm/internals.h
51
@@ -XXX,XX +XXX,XX @@ typedef struct ARMVAParameters {
52
ARMGranuleSize gran : 2;
53
} ARMVAParameters;
54
55
+/**
56
+ * aa64_va_parameters: Return parameters for an AArch64 virtual address
57
+ * @env: CPU
58
+ * @va: virtual address to look up
59
+ * @mmu_idx: determines translation regime to use
60
+ * @data: true if this is a data access
61
+ * @el1_is_aa32: true if we are asking about stage 2 when EL1 is AArch32
62
+ * (ignored if @mmu_idx is for a stage 1 regime; only affects tsz/tsz_oob)
63
+ */
64
ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
65
- ARMMMUIdx mmu_idx, bool data);
66
+ ARMMMUIdx mmu_idx, bool data,
67
+ bool el1_is_aa32);
68
69
int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx);
70
int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx);
71
diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c
72
index XXXXXXX..XXXXXXX 100644
73
--- a/target/arm/gdbstub64.c
74
+++ b/target/arm/gdbstub64.c
75
@@ -XXX,XX +XXX,XX @@ int aarch64_gdb_get_pauth_reg(CPUARMState *env, GByteArray *buf, int reg)
76
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
77
ARMVAParameters param;
78
79
- param = aa64_va_parameters(env, -is_high, mmu_idx, is_data);
80
+ param = aa64_va_parameters(env, -is_high, mmu_idx, is_data, false);
81
return gdb_get_reg64(buf, pauth_ptr_mask(param));
82
}
83
default:
84
diff --git a/target/arm/helper.c b/target/arm/helper.c
85
index XXXXXXX..XXXXXXX 100644
86
--- a/target/arm/helper.c
87
+++ b/target/arm/helper.c
88
@@ -XXX,XX +XXX,XX @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx,
89
unsigned int page_size_granule, page_shift, num, scale, exponent;
90
/* Extract one bit to represent the va selector in use. */
91
uint64_t select = sextract64(value, 36, 1);
92
- ARMVAParameters param = aa64_va_parameters(env, select, mmuidx, true);
93
+ ARMVAParameters param = aa64_va_parameters(env, select, mmuidx, true, false);
94
TLBIRange ret = { };
95
ARMGranuleSize gran;
96
97
@@ -XXX,XX +XXX,XX @@ static ARMGranuleSize sanitize_gran_size(ARMCPU *cpu, ARMGranuleSize gran,
98
}
99
100
ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
101
- ARMMMUIdx mmu_idx, bool data)
102
+ ARMMMUIdx mmu_idx, bool data,
103
+ bool el1_is_aa32)
104
{
105
uint64_t tcr = regime_tcr(env, mmu_idx);
106
bool epd, hpd, tsz_oob, ds, ha, hd;
107
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
108
}
109
}
110
111
+ if (stage2 && el1_is_aa32) {
112
+ /*
113
+ * For AArch32 EL1 the min txsz (and thus max IPA size) requirements
114
+ * are loosened: a configured IPA of 40 bits is permitted even if
115
+ * the implemented PA is less than that (and so a 40 bit IPA would
116
+ * fault for an AArch64 EL1). See R_DTLMN.
117
+ */
118
+ min_tsz = MIN(min_tsz, 24);
119
+ }
120
+
121
if (tsz > max_tsz) {
122
tsz = max_tsz;
123
tsz_oob = true;
124
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
125
index XXXXXXX..XXXXXXX 100644
126
--- a/target/arm/ptw.c
127
+++ b/target/arm/ptw.c
128
@@ -XXX,XX +XXX,XX @@ static int check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, uint64_t tcr,
129
130
sl0 = extract32(tcr, 6, 2);
131
if (is_aa64) {
132
- /*
133
- * AArch64.S2InvalidTxSZ: While we checked tsz_oob near the top of
134
- * get_phys_addr_lpae, that used aa64_va_parameters which apply
135
- * to aarch64. If Stage1 is aarch32, the min_txsz is larger.
136
- * See AArch64.S2MinTxSZ, where min_tsz is 24, translated to
137
- * inputsize is 64 - 24 = 40.
138
- */
139
- if (iasize < 40 && !arm_el_is_aa64(&cpu->env, 1)) {
140
- goto fail;
141
- }
142
-
143
/*
144
* AArch64.S2InvalidSL: Interpretation of SL depends on the page size,
145
* so interleave AArch64.S2StartLevel.
146
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
147
int ps;
148
149
param = aa64_va_parameters(env, address, mmu_idx,
150
- access_type != MMU_INST_FETCH);
151
+ access_type != MMU_INST_FETCH,
152
+ !arm_el_is_aa64(env, 1));
153
level = 0;
154
155
/*
156
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
157
index XXXXXXX..XXXXXXX 100644
158
--- a/target/arm/tcg/pauth_helper.c
159
+++ b/target/arm/tcg/pauth_helper.c
160
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
161
ARMPACKey *key, bool data)
162
{
163
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
164
- ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
165
+ ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
166
uint64_t pac, ext_ptr, ext, test;
167
int bot_bit, top_bit;
168
169
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
170
ARMPACKey *key, bool data, int keynumber)
171
{
172
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
173
- ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
174
+ ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
175
int bot_bit, top_bit;
176
uint64_t pac, orig_ptr, test;
177
178
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
179
static uint64_t pauth_strip(CPUARMState *env, uint64_t ptr, bool data)
180
{
181
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
182
- ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
183
+ ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
184
185
return pauth_original_ptr(ptr, param);
186
}
187
--
188
2.34.1
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.