[PULL 0/9] target-arm queue
[PULL 0/4] target-arm queue
1
target-arm queue: nothing major here, but no point
1
Arm patches for rc3 : just a handful of bug fixes.
2
sitting on them waiting for more stuff to come along.
3
2
4
thanks
3
thanks
5
-- PMM
4
-- PMM
6
5
7
The following changes since commit 1329132d28bf14b9508f7a1f04a2c63422bc3f99:
8
6
9
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2019-09-26 16:14:03 +0100)
7
The following changes since commit 4ecc984210ca1bf508a96a550ec8a93a5f833f6c:
8
9
Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.2-rc3' into staging (2019-11-26 12:36:40 +0000)
10
10
11
are available in the Git repository at:
11
are available in the Git repository at:
12
12
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190927
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20191126
14
14
15
for you to fetch changes up to e4e34855e658b78ecac50a651cc847662ff02cfd:
15
for you to fetch changes up to 6a4ef4e5d1084ce41fafa7d470a644b0fd3d9317:
16
16
17
hw/arm/boot: Use the IEC binary prefix definitions (2019-09-27 11:44:39 +0100)
17
target/arm: Honor HCR_EL2.TID3 trapping requirements (2019-11-26 13:55:37 +0000)
18
18
19
----------------------------------------------------------------
19
----------------------------------------------------------------
20
target-arm queue:
20
target-arm queue:
21
* Fix the CBAR register implementation for Cortex-A53,
21
* handle FTYPE flag correctly in v7M exception return
22
Cortex-A57, Cortex-A72
22
for v7M CPUs with an FPU (v8M CPUs were already correct)
23
* Fix direct booting of Linux kernels on emulated CPUs
23
* versal: Add the CRP as unimplemented
24
which have an AArch32 EL3 (incorrect NSACR settings
24
* Fix ISR_EL1 tracking when executing at EL2
25
meant they could not access the FPU)
25
* Honor HCR_EL2.TID3 trapping requirements
26
* semihosting cleanup: do more work at translate time
27
and less work at runtime
28
26
29
----------------------------------------------------------------
27
----------------------------------------------------------------
30
Alex Bennée (6):
28
Edgar E. Iglesias (1):
31
tests/tcg: clean-up some comments after the de-tangling
29
hw/arm: versal: Add the CRP as unimplemented
32
target/arm: handle M-profile semihosting at translate time
33
target/arm: handle A-profile semihosting at translate time
34
target/arm: remove run time semihosting checks
35
target/arm: remove run-time semihosting checks for linux-user
36
tests/tcg: add linux-user semihosting smoke test for ARM
37
30
38
Luc Michel (1):
31
Jean-Hugues Deschênes (1):
39
target/arm: fix CBAR register for AArch64 CPUs
32
target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
40
33
41
Peter Maydell (1):
34
Marc Zyngier (2):
42
hw/arm/boot.c: Set NSACR.{CP11,CP10} for NS kernel boots
35
target/arm: Fix ISR_EL1 tracking when executing at EL2
36
target/arm: Honor HCR_EL2.TID3 trapping requirements
43
37
44
Philippe Mathieu-Daudé (1):
38
include/hw/arm/xlnx-versal.h | 3 ++
45
hw/arm/boot: Use the IEC binary prefix definitions
39
hw/arm/xlnx-versal.c | 2 ++
40
target/arm/helper.c | 83 ++++++++++++++++++++++++++++++++++++++++++--
41
target/arm/m_helper.c | 7 ++--
42
4 files changed, 89 insertions(+), 6 deletions(-)
46
43
47
tests/tcg/Makefile.target | 7 ++-
48
tests/tcg/aarch64/Makefile.target | 8 ++-
49
tests/tcg/arm/Makefile.target | 20 ++++---
50
linux-user/arm/target_syscall.h | 3 -
51
hw/arm/boot.c | 12 ++--
52
linux-user/arm/cpu_loop.c | 3 -
53
target/arm/helper.c | 115 +++++++++++++-------------------------
54
target/arm/m_helper.c | 18 ++----
55
target/arm/translate.c | 30 ++++++++--
56
tests/tcg/arm/semihosting.c | 45 +++++++++++++++
57
10 files changed, 146 insertions(+), 115 deletions(-)
58
create mode 100644 tests/tcg/arm/semihosting.c
59
diff view generated by jsdifflib
[PULL 3/9] target/arm: handle M-profile semihosting at translate time
[PULL 1/4] target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
1
From: Alex Bennée <alex.bennee@linaro.org>
1
From: Jean-Hugues Deschênes <Jean-Hugues.Deschenes@ossiaco.com>
2
2
3
We do this for other semihosting calls so we might as well do it for
3
According to the PushStack() pseudocode in the armv7m RM,
4
M-profile as well.
4
bit 4 of the LR should be set to NOT(CONTROL.PFCA) when
5
an FPU is present. Current implementation is doing it for
6
armv8, but not for armv7. This patch makes the existing
7
logic applicable to both code paths.
5
8
6
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
9
Signed-off-by: Jean-Hugues Deschenes <jean-hugues.deschenes@ossiaco.com>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20190913151845.12582-3-alex.bennee@linaro.org
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
---
12
target/arm/m_helper.c | 18 ++++++------------
13
target/arm/m_helper.c | 7 +++----
13
target/arm/translate.c | 11 ++++++++++-
14
1 file changed, 3 insertions(+), 4 deletions(-)
14
2 files changed, 16 insertions(+), 13 deletions(-)
15
15
16
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
16
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
17
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/m_helper.c
18
--- a/target/arm/m_helper.c
19
+++ b/target/arm/m_helper.c
19
+++ b/target/arm/m_helper.c
20
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
20
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
21
break;
21
if (env->v7m.secure) {
22
lr |= R_V7M_EXCRET_S_MASK;
22
}
23
}
23
break;
24
- if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
24
+ case EXCP_SEMIHOST:
25
- lr |= R_V7M_EXCRET_FTYPE_MASK;
25
+ qemu_log_mask(CPU_LOG_INT,
26
+ "...handling as semihosting call 0x%x\n",
27
+ env->regs[0]);
28
+ env->regs[0] = do_arm_semihosting(env);
29
+ return;
30
case EXCP_BKPT:
31
- if (semihosting_enabled()) {
32
- int nr;
33
- nr = arm_lduw_code(env, env->regs[15], arm_sctlr_b(env)) & 0xff;
34
- if (nr == 0xab) {
35
- env->regs[15] += 2;
36
- qemu_log_mask(CPU_LOG_INT,
37
- "...handling as semihosting call 0x%x\n",
38
- env->regs[0]);
39
- env->regs[0] = do_arm_semihosting(env);
40
- return;
41
- }
42
- }
26
- }
43
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_DEBUG, false);
27
} else {
44
break;
28
lr = R_V7M_EXCRET_RES1_MASK |
45
case EXCP_IRQ:
29
R_V7M_EXCRET_S_MASK |
46
diff --git a/target/arm/translate.c b/target/arm/translate.c
30
R_V7M_EXCRET_DCRS_MASK |
47
index XXXXXXX..XXXXXXX 100644
31
- R_V7M_EXCRET_FTYPE_MASK |
48
--- a/target/arm/translate.c
32
R_V7M_EXCRET_ES_MASK;
49
+++ b/target/arm/translate.c
33
if (env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK) {
50
@@ -XXX,XX +XXX,XX @@ static bool trans_BKPT(DisasContext *s, arg_BKPT *a)
34
lr |= R_V7M_EXCRET_SPSEL_MASK;
51
if (!ENABLE_ARCH_5) {
35
}
52
return false;
53
}
36
}
54
- gen_exception_bkpt_insn(s, syn_aa32_bkpt(a->imm, false));
37
+ if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
55
+ if (arm_dc_feature(s, ARM_FEATURE_M) &&
38
+ lr |= R_V7M_EXCRET_FTYPE_MASK;
56
+ semihosting_enabled() &&
57
+#ifndef CONFIG_USER_ONLY
58
+ !IS_USER(s) &&
59
+#endif
60
+ (a->imm == 0xab)) {
61
+ gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
62
+ } else {
63
+ gen_exception_bkpt_insn(s, syn_aa32_bkpt(a->imm, false));
64
+ }
39
+ }
65
return true;
40
if (!arm_v7m_is_handler_mode(env)) {
66
}
41
lr |= R_V7M_EXCRET_MODE_MASK;
67
42
}
68
--
43
--
69
2.20.1
44
2.20.1
70
45
71
46
diff view generated by jsdifflib
[PULL 9/9] hw/arm/boot: Use the IEC binary prefix definitions
[PULL 2/4] hw/arm: versal: Add the CRP as unimplemented
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
2
2
3
IEC binary prefixes ease code review: the unit is explicit.
3
Add the CRP as unimplemented thus avoiding bus errors when
4
guests access these registers.
4
5
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
6
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
7
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
7
Reviewed-by: Thomas Huth <thuth@redhat.com>
8
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
8
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
9
Message-id: 20191115154734.26449-2-edgar.iglesias@gmail.com
9
Message-id: 20190923131108.21459-1-philmd@redhat.com
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
11
---
12
hw/arm/boot.c | 10 +++++-----
12
include/hw/arm/xlnx-versal.h | 3 +++
13
1 file changed, 5 insertions(+), 5 deletions(-)
13
hw/arm/xlnx-versal.c | 2 ++
14
2 files changed, 5 insertions(+)
14
15
15
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
16
diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h
16
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/arm/boot.c
18
--- a/include/hw/arm/xlnx-versal.h
18
+++ b/hw/arm/boot.c
19
+++ b/include/hw/arm/xlnx-versal.h
19
@@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
20
@@ -XXX,XX +XXX,XX @@ typedef struct Versal {
20
goto fail;
21
#define MM_IOU_SCNTRS_SIZE 0x10000
21
}
22
#define MM_FPD_CRF 0xfd1a0000U
22
23
#define MM_FPD_CRF_SIZE 0x140000
23
- if (scells < 2 && binfo->ram_size >= (1ULL << 32)) {
24
+
24
+ if (scells < 2 && binfo->ram_size >= 4 * GiB) {
25
+#define MM_PMC_CRP 0xf1260000U
25
/* This is user error so deserves a friendlier error message
26
+#define MM_PMC_CRP_SIZE 0x10000
26
* than the failure of setprop_sized_cells would provide
27
#endif
27
*/
28
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
28
@@ -XXX,XX +XXX,XX @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
29
index XXXXXXX..XXXXXXX 100644
29
* we might still make a bad choice here.
30
--- a/hw/arm/xlnx-versal.c
30
*/
31
+++ b/hw/arm/xlnx-versal.c
31
info->initrd_start = info->loader_start +
32
@@ -XXX,XX +XXX,XX @@ static void versal_unimp(Versal *s)
32
- MIN(info->ram_size / 2, 128 * 1024 * 1024);
33
MM_CRL, MM_CRL_SIZE);
33
+ MIN(info->ram_size / 2, 128 * MiB);
34
versal_unimp_area(s, "crf", &s->mr_ps,
34
if (image_high_addr) {
35
MM_FPD_CRF, MM_FPD_CRF_SIZE);
35
info->initrd_start = MAX(info->initrd_start, image_high_addr);
36
+ versal_unimp_area(s, "crp", &s->mr_ps,
36
}
37
+ MM_PMC_CRP, MM_PMC_CRP_SIZE);
37
@@ -XXX,XX +XXX,XX @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
38
versal_unimp_area(s, "iou-scntr", &s->mr_ps,
38
*
39
MM_IOU_SCNTR, MM_IOU_SCNTR_SIZE);
39
* Let's play safe and prealign it to 2MB to give us some space.
40
versal_unimp_area(s, "iou-scntr-seucre", &s->mr_ps,
40
*/
41
- align = 2 * 1024 * 1024;
42
+ align = 2 * MiB;
43
} else {
44
/*
45
* Some 32bit kernels will trash anything in the 4K page the
46
* initrd ends in, so make sure the DTB isn't caught up in that.
47
*/
48
- align = 4096;
49
+ align = 4 * KiB;
50
}
51
52
/* Place the DTB after the initrd in memory with alignment. */
53
@@ -XXX,XX +XXX,XX @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
54
info->loader_start + KERNEL_ARGS_ADDR;
55
fixupcontext[FIXUP_ARGPTR_HI] =
56
(info->loader_start + KERNEL_ARGS_ADDR) >> 32;
57
- if (info->ram_size >= (1ULL << 32)) {
58
+ if (info->ram_size >= 4 * GiB) {
59
error_report("RAM size must be less than 4GB to boot"
60
" Linux kernel using ATAGS (try passing a device tree"
61
" using -dtb)");
62
--
41
--
63
2.20.1
42
2.20.1
64
43
65
44
diff view generated by jsdifflib
[PULL 5/9] target/arm: remove run time semihosting checks
[PULL 3/4] target/arm: Fix ISR_EL1 tracking when executing at EL2
1
From: Alex Bennée <alex.bennee@linaro.org>
1
From: Marc Zyngier <maz@kernel.org>
2
2
3
Now we do all our checking and use a common EXCP_SEMIHOST for
3
The ARMv8 ARM states when executing at EL2, EL3 or Secure EL1,
4
semihosting operations we can make helper code a lot simpler.
4
ISR_EL1 shows the pending status of the physical IRQ, FIQ, or
5
SError interrupts.
5
6
6
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
7
Unfortunately, QEMU's implementation only considers the HCR_EL2
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
bits, and ignores the current exception level. This means a hypervisor
8
Message-id: 20190913151845.12582-5-alex.bennee@linaro.org
9
trying to look at its own interrupt state actually sees the guest
10
state, which is unexpected and breaks KVM as of Linux 5.3.
11
12
Instead, check for the running EL and return the physical bits
13
if not running in a virtualized context.
14
15
Fixes: 636540e9c40b
16
Cc: qemu-stable@nongnu.org
17
Reported-by: Quentin Perret <qperret@google.com>
18
Signed-off-by: Marc Zyngier <maz@kernel.org>
19
Message-id: 20191122135833.28953-1-maz@kernel.org
20
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
21
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
23
---
11
target/arm/helper.c | 96 +++++++++++----------------------------------
24
target/arm/helper.c | 7 +++++--
12
1 file changed, 22 insertions(+), 74 deletions(-)
25
1 file changed, 5 insertions(+), 2 deletions(-)
13
26
14
diff --git a/target/arm/helper.c b/target/arm/helper.c
27
diff --git a/target/arm/helper.c b/target/arm/helper.c
15
index XXXXXXX..XXXXXXX 100644
28
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/helper.c
29
--- a/target/arm/helper.c
17
+++ b/target/arm/helper.c
30
+++ b/target/arm/helper.c
18
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
31
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
19
new_el, env->pc, pstate_read(env));
32
CPUState *cs = env_cpu(env);
20
}
33
uint64_t hcr_el2 = arm_hcr_el2_eff(env);
21
34
uint64_t ret = 0;
22
-static inline bool check_for_semihosting(CPUState *cs)
35
+ bool allow_virt = (arm_current_el(env) == 1 &&
23
-{
36
+ (!arm_is_secure_below_el3(env) ||
24
+/*
37
+ (env->cp15.scr_el3 & SCR_EEL2)));
25
+ * Do semihosting call and set the appropriate return value. All the
38
26
+ * permission and validity checks have been done at translate time.
39
- if (hcr_el2 & HCR_IMO) {
27
+ *
40
+ if (allow_virt && (hcr_el2 & HCR_IMO)) {
28
+ * We only see semihosting exceptions in TCG only as they are not
41
if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) {
29
+ * trapped to the hypervisor in KVM.
42
ret |= CPSR_I;
30
+ */
43
}
31
#ifdef CONFIG_TCG
44
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
32
- /* Check whether this exception is a semihosting call; if so
45
}
33
- * then handle it and return true; otherwise return false.
34
- */
35
+static void handle_semihosting(CPUState *cs)
36
+{
37
ARMCPU *cpu = ARM_CPU(cs);
38
CPUARMState *env = &cpu->env;
39
40
if (is_a64(env)) {
41
- if (cs->exception_index == EXCP_SEMIHOST) {
42
- /* This is always the 64-bit semihosting exception.
43
- * The "is this usermode" and "is semihosting enabled"
44
- * checks have been done at translate time.
45
- */
46
- qemu_log_mask(CPU_LOG_INT,
47
- "...handling as semihosting call 0x%" PRIx64 "\n",
48
- env->xregs[0]);
49
- env->xregs[0] = do_arm_semihosting(env);
50
- return true;
51
- }
52
- return false;
53
+ qemu_log_mask(CPU_LOG_INT,
54
+ "...handling as semihosting call 0x%" PRIx64 "\n",
55
+ env->xregs[0]);
56
+ env->xregs[0] = do_arm_semihosting(env);
57
} else {
58
- uint32_t imm;
59
-
60
- /* Only intercept calls from privileged modes, to provide some
61
- * semblance of security.
62
- */
63
- if (cs->exception_index != EXCP_SEMIHOST &&
64
- (!semihosting_enabled() ||
65
- ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_USR))) {
66
- return false;
67
- }
68
-
69
- switch (cs->exception_index) {
70
- case EXCP_SEMIHOST:
71
- /* This is always a semihosting call; the "is this usermode"
72
- * and "is semihosting enabled" checks have been done at
73
- * translate time.
74
- */
75
- break;
76
- case EXCP_SWI:
77
- /* Check for semihosting interrupt. */
78
- if (env->thumb) {
79
- imm = arm_lduw_code(env, env->regs[15] - 2, arm_sctlr_b(env))
80
- & 0xff;
81
- if (imm == 0xab) {
82
- break;
83
- }
84
- } else {
85
- imm = arm_ldl_code(env, env->regs[15] - 4, arm_sctlr_b(env))
86
- & 0xffffff;
87
- if (imm == 0x123456) {
88
- break;
89
- }
90
- }
91
- return false;
92
- case EXCP_BKPT:
93
- /* See if this is a semihosting syscall. */
94
- if (env->thumb) {
95
- imm = arm_lduw_code(env, env->regs[15], arm_sctlr_b(env))
96
- & 0xff;
97
- if (imm == 0xab) {
98
- env->regs[15] += 2;
99
- break;
100
- }
101
- }
102
- return false;
103
- default:
104
- return false;
105
- }
106
-
107
qemu_log_mask(CPU_LOG_INT,
108
"...handling as semihosting call 0x%x\n",
109
env->regs[0]);
110
env->regs[0] = do_arm_semihosting(env);
111
- return true;
112
}
46
}
113
-#else
47
114
- return false;
48
- if (hcr_el2 & HCR_FMO) {
115
-#endif
49
+ if (allow_virt && (hcr_el2 & HCR_FMO)) {
116
}
50
if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) {
117
+#endif
51
ret |= CPSR_F;
118
52
}
119
/* Handle a CPU exception for A and R profile CPUs.
120
* Do any appropriate logging, handle PSCI calls, and then hand off
121
@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_interrupt(CPUState *cs)
122
return;
123
}
124
125
- /* Semihosting semantics depend on the register width of the
126
- * code that caused the exception, not the target exception level,
127
- * so must be handled here.
128
+ /*
129
+ * Semihosting semantics depend on the register width of the code
130
+ * that caused the exception, not the target exception level, so
131
+ * must be handled here.
132
*/
133
- if (check_for_semihosting(cs)) {
134
+#ifdef CONFIG_TCG
135
+ if (cs->exception_index == EXCP_SEMIHOST) {
136
+ handle_semihosting(cs);
137
return;
138
}
139
+#endif
140
141
/* Hooks may change global state so BQL should be held, also the
142
* BQL needs to be held for any modification of
143
--
53
--
144
2.20.1
54
2.20.1
145
55
146
56
diff view generated by jsdifflib
[PULL 1/9] target/arm: fix CBAR register for AArch64 CPUs
[PULL 4/4] target/arm: Honor HCR_EL2.TID3 trapping requirements
1
From: Luc Michel <luc.michel@greensocs.com>
1
From: Marc Zyngier <maz@kernel.org>
2
2
3
For AArch64 CPUs with a CBAR register, we have two views for it:
3
HCR_EL2.TID3 mandates that access from EL1 to a long list of id
4
- in AArch64 state, the CBAR_EL1 register (S3_1_C15_C3_0), returns the
4
registers traps to EL2, and QEMU has so far ignored this requirement.
5
full 64 bits CBAR value
5
6
- in AArch32 state, the CBAR register (cp15, opc1=1, CRn=15, CRm=3, opc2=0)
6
This breaks (among other things) KVM guests that have PtrAuth enabled,
7
returns a 32 bits view such that:
7
while the hypervisor doesn't want to expose the feature to its guest.
8
CBAR = CBAR_EL1[31:18] 0..0 CBAR_EL1[43:32]
8
To achieve this, KVM traps the ID registers (ID_AA64ISAR1_EL1 in this
9
9
case), and masks out the unsupported feature.
10
This commit fixes the current implementation where:
10
11
- CBAR_EL1 was returning the 32 bits view instead of the full 64 bits
11
QEMU not honoring the trap request means that the guest observes
12
value,
12
that the feature is present in the HW, starts using it, and dies
13
- CBAR was returning a truncated 32 bits version of the full 64 bits
13
a horrible death when KVM injects an UNDEF, because the feature
14
one, instead of the 32 bits view
14
*really* isn't supported.
15
- CBAR was declared as cp15, opc1=4, CRn=15, CRm=0, opc2=0, which is
15
16
the CBAR register found in the ARMv7 Cortex-Ax CPUs, but not in
16
Do the right thing by trapping to EL2 if HCR_EL2.TID3 is set.
17
ARMv8 CPUs.
17
18
18
Note that this change does not include trapping of the MVFR
19
Signed-off-by: Luc Michel <luc.michel@greensocs.com>
19
registers from AArch32 (they are accessed via the VMRS
20
Message-id: 20190912110103.1417887-1-luc.michel@greensocs.com
20
instruction and need to be handled in a different way).
21
[PMM: Added a comment about the two different kinds of CBAR]
21
22
Reported-by: Will Deacon <will@kernel.org>
23
Signed-off-by: Marc Zyngier <maz@kernel.org>
24
Tested-by: Will Deacon <will@kernel.org>
25
Message-id: 20191123115618.29230-1-maz@kernel.org
26
[PMM: added missing accessfn line for ID_AA4PFR2_EL1_RESERVED;
27
changed names of access functions to include _tid3]
22
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
28
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
23
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
29
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
24
---
30
---
25
target/arm/helper.c | 19 ++++++++++++++++---
31
target/arm/helper.c | 76 +++++++++++++++++++++++++++++++++++++++++++++
26
1 file changed, 16 insertions(+), 3 deletions(-)
32
1 file changed, 76 insertions(+)
27
33
28
diff --git a/target/arm/helper.c b/target/arm/helper.c
34
diff --git a/target/arm/helper.c b/target/arm/helper.c
29
index XXXXXXX..XXXXXXX 100644
35
index XXXXXXX..XXXXXXX 100644
30
--- a/target/arm/helper.c
36
--- a/target/arm/helper.c
31
+++ b/target/arm/helper.c
37
+++ b/target/arm/helper.c
38
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo predinv_reginfo[] = {
39
REGINFO_SENTINEL
40
};
41
42
+static CPAccessResult access_aa64_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
43
+ bool isread)
44
+{
45
+ if ((arm_current_el(env) < 2) && (arm_hcr_el2_eff(env) & HCR_TID3)) {
46
+ return CP_ACCESS_TRAP_EL2;
47
+ }
48
+
49
+ return CP_ACCESS_OK;
50
+}
51
+
52
+static CPAccessResult access_aa32_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
53
+ bool isread)
54
+{
55
+ if (arm_feature(env, ARM_FEATURE_V8)) {
56
+ return access_aa64_tid3(env, ri, isread);
57
+ }
58
+
59
+ return CP_ACCESS_OK;
60
+}
61
+
62
void register_cp_regs_for_features(ARMCPU *cpu)
63
{
64
/* Register all the coprocessor registers based on feature bits */
32
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
65
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
33
}
66
{ .name = "ID_PFR0", .state = ARM_CP_STATE_BOTH,
34
67
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 0,
35
if (arm_feature(env, ARM_FEATURE_CBAR)) {
68
.access = PL1_R, .type = ARM_CP_CONST,
36
+ /*
69
+ .accessfn = access_aa32_tid3,
37
+ * CBAR is IMPDEF, but common on Arm Cortex-A implementations.
70
.resetvalue = cpu->id_pfr0 },
38
+ * There are two flavours:
71
/* ID_PFR1 is not a plain ARM_CP_CONST because we don't know
39
+ * (1) older 32-bit only cores have a simple 32-bit CBAR
72
* the value of the GIC field until after we define these regs.
40
+ * (2) 64-bit cores have a 64-bit CBAR visible to AArch64, plus a
41
+ * 32-bit register visible to AArch32 at a different encoding
42
+ * to the "flavour 1" register and with the bits rearranged to
43
+ * be able to squash a 64-bit address into the 32-bit view.
44
+ * We distinguish the two via the ARM_FEATURE_AARCH64 flag, but
45
+ * in future if we support AArch32-only configs of some of the
46
+ * AArch64 cores we might need to add a specific feature flag
47
+ * to indicate cores with "flavour 2" CBAR.
48
+ */
49
if (arm_feature(env, ARM_FEATURE_AARCH64)) {
50
/* 32 bit view is [31:18] 0...0 [43:32]. */
51
uint32_t cbar32 = (extract64(cpu->reset_cbar, 18, 14) << 18)
52
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
73
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
53
ARMCPRegInfo cbar_reginfo[] = {
74
{ .name = "ID_PFR1", .state = ARM_CP_STATE_BOTH,
54
{ .name = "CBAR",
75
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 1,
55
.type = ARM_CP_CONST,
76
.access = PL1_R, .type = ARM_CP_NO_RAW,
56
- .cp = 15, .crn = 15, .crm = 0, .opc1 = 4, .opc2 = 0,
77
+ .accessfn = access_aa32_tid3,
57
- .access = PL1_R, .resetvalue = cpu->reset_cbar },
78
.readfn = id_pfr1_read,
58
+ .cp = 15, .crn = 15, .crm = 3, .opc1 = 1, .opc2 = 0,
79
.writefn = arm_cp_write_ignore },
59
+ .access = PL1_R, .resetvalue = cbar32 },
80
{ .name = "ID_DFR0", .state = ARM_CP_STATE_BOTH,
60
{ .name = "CBAR_EL1", .state = ARM_CP_STATE_AA64,
81
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 2,
61
.type = ARM_CP_CONST,
82
.access = PL1_R, .type = ARM_CP_CONST,
62
.opc0 = 3, .opc1 = 1, .crn = 15, .crm = 3, .opc2 = 0,
83
+ .accessfn = access_aa32_tid3,
63
- .access = PL1_R, .resetvalue = cbar32 },
84
.resetvalue = cpu->id_dfr0 },
64
+ .access = PL1_R, .resetvalue = cpu->reset_cbar },
85
{ .name = "ID_AFR0", .state = ARM_CP_STATE_BOTH,
65
REGINFO_SENTINEL
86
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 3,
66
};
87
.access = PL1_R, .type = ARM_CP_CONST,
67
/* We don't implement a r/w 64 bit CBAR currently */
88
+ .accessfn = access_aa32_tid3,
89
.resetvalue = cpu->id_afr0 },
90
{ .name = "ID_MMFR0", .state = ARM_CP_STATE_BOTH,
91
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 4,
92
.access = PL1_R, .type = ARM_CP_CONST,
93
+ .accessfn = access_aa32_tid3,
94
.resetvalue = cpu->id_mmfr0 },
95
{ .name = "ID_MMFR1", .state = ARM_CP_STATE_BOTH,
96
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 5,
97
.access = PL1_R, .type = ARM_CP_CONST,
98
+ .accessfn = access_aa32_tid3,
99
.resetvalue = cpu->id_mmfr1 },
100
{ .name = "ID_MMFR2", .state = ARM_CP_STATE_BOTH,
101
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 6,
102
.access = PL1_R, .type = ARM_CP_CONST,
103
+ .accessfn = access_aa32_tid3,
104
.resetvalue = cpu->id_mmfr2 },
105
{ .name = "ID_MMFR3", .state = ARM_CP_STATE_BOTH,
106
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 7,
107
.access = PL1_R, .type = ARM_CP_CONST,
108
+ .accessfn = access_aa32_tid3,
109
.resetvalue = cpu->id_mmfr3 },
110
{ .name = "ID_ISAR0", .state = ARM_CP_STATE_BOTH,
111
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
112
.access = PL1_R, .type = ARM_CP_CONST,
113
+ .accessfn = access_aa32_tid3,
114
.resetvalue = cpu->isar.id_isar0 },
115
{ .name = "ID_ISAR1", .state = ARM_CP_STATE_BOTH,
116
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 1,
117
.access = PL1_R, .type = ARM_CP_CONST,
118
+ .accessfn = access_aa32_tid3,
119
.resetvalue = cpu->isar.id_isar1 },
120
{ .name = "ID_ISAR2", .state = ARM_CP_STATE_BOTH,
121
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
122
.access = PL1_R, .type = ARM_CP_CONST,
123
+ .accessfn = access_aa32_tid3,
124
.resetvalue = cpu->isar.id_isar2 },
125
{ .name = "ID_ISAR3", .state = ARM_CP_STATE_BOTH,
126
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 3,
127
.access = PL1_R, .type = ARM_CP_CONST,
128
+ .accessfn = access_aa32_tid3,
129
.resetvalue = cpu->isar.id_isar3 },
130
{ .name = "ID_ISAR4", .state = ARM_CP_STATE_BOTH,
131
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 4,
132
.access = PL1_R, .type = ARM_CP_CONST,
133
+ .accessfn = access_aa32_tid3,
134
.resetvalue = cpu->isar.id_isar4 },
135
{ .name = "ID_ISAR5", .state = ARM_CP_STATE_BOTH,
136
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 5,
137
.access = PL1_R, .type = ARM_CP_CONST,
138
+ .accessfn = access_aa32_tid3,
139
.resetvalue = cpu->isar.id_isar5 },
140
{ .name = "ID_MMFR4", .state = ARM_CP_STATE_BOTH,
141
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 6,
142
.access = PL1_R, .type = ARM_CP_CONST,
143
+ .accessfn = access_aa32_tid3,
144
.resetvalue = cpu->id_mmfr4 },
145
{ .name = "ID_ISAR6", .state = ARM_CP_STATE_BOTH,
146
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 7,
147
.access = PL1_R, .type = ARM_CP_CONST,
148
+ .accessfn = access_aa32_tid3,
149
.resetvalue = cpu->isar.id_isar6 },
150
REGINFO_SENTINEL
151
};
152
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
153
{ .name = "ID_AA64PFR0_EL1", .state = ARM_CP_STATE_AA64,
154
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 0,
155
.access = PL1_R, .type = ARM_CP_NO_RAW,
156
+ .accessfn = access_aa64_tid3,
157
.readfn = id_aa64pfr0_read,
158
.writefn = arm_cp_write_ignore },
159
{ .name = "ID_AA64PFR1_EL1", .state = ARM_CP_STATE_AA64,
160
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 1,
161
.access = PL1_R, .type = ARM_CP_CONST,
162
+ .accessfn = access_aa64_tid3,
163
.resetvalue = cpu->isar.id_aa64pfr1},
164
{ .name = "ID_AA64PFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
165
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 2,
166
.access = PL1_R, .type = ARM_CP_CONST,
167
+ .accessfn = access_aa64_tid3,
168
.resetvalue = 0 },
169
{ .name = "ID_AA64PFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
170
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 3,
171
.access = PL1_R, .type = ARM_CP_CONST,
172
+ .accessfn = access_aa64_tid3,
173
.resetvalue = 0 },
174
{ .name = "ID_AA64ZFR0_EL1", .state = ARM_CP_STATE_AA64,
175
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 4,
176
.access = PL1_R, .type = ARM_CP_CONST,
177
+ .accessfn = access_aa64_tid3,
178
/* At present, only SVEver == 0 is defined anyway. */
179
.resetvalue = 0 },
180
{ .name = "ID_AA64PFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
181
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 5,
182
.access = PL1_R, .type = ARM_CP_CONST,
183
+ .accessfn = access_aa64_tid3,
184
.resetvalue = 0 },
185
{ .name = "ID_AA64PFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
186
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 6,
187
.access = PL1_R, .type = ARM_CP_CONST,
188
+ .accessfn = access_aa64_tid3,
189
.resetvalue = 0 },
190
{ .name = "ID_AA64PFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
191
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 7,
192
.access = PL1_R, .type = ARM_CP_CONST,
193
+ .accessfn = access_aa64_tid3,
194
.resetvalue = 0 },
195
{ .name = "ID_AA64DFR0_EL1", .state = ARM_CP_STATE_AA64,
196
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 0,
197
.access = PL1_R, .type = ARM_CP_CONST,
198
+ .accessfn = access_aa64_tid3,
199
.resetvalue = cpu->id_aa64dfr0 },
200
{ .name = "ID_AA64DFR1_EL1", .state = ARM_CP_STATE_AA64,
201
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 1,
202
.access = PL1_R, .type = ARM_CP_CONST,
203
+ .accessfn = access_aa64_tid3,
204
.resetvalue = cpu->id_aa64dfr1 },
205
{ .name = "ID_AA64DFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
206
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 2,
207
.access = PL1_R, .type = ARM_CP_CONST,
208
+ .accessfn = access_aa64_tid3,
209
.resetvalue = 0 },
210
{ .name = "ID_AA64DFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
211
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 3,
212
.access = PL1_R, .type = ARM_CP_CONST,
213
+ .accessfn = access_aa64_tid3,
214
.resetvalue = 0 },
215
{ .name = "ID_AA64AFR0_EL1", .state = ARM_CP_STATE_AA64,
216
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 4,
217
.access = PL1_R, .type = ARM_CP_CONST,
218
+ .accessfn = access_aa64_tid3,
219
.resetvalue = cpu->id_aa64afr0 },
220
{ .name = "ID_AA64AFR1_EL1", .state = ARM_CP_STATE_AA64,
221
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 5,
222
.access = PL1_R, .type = ARM_CP_CONST,
223
+ .accessfn = access_aa64_tid3,
224
.resetvalue = cpu->id_aa64afr1 },
225
{ .name = "ID_AA64AFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
226
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 6,
227
.access = PL1_R, .type = ARM_CP_CONST,
228
+ .accessfn = access_aa64_tid3,
229
.resetvalue = 0 },
230
{ .name = "ID_AA64AFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
231
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 7,
232
.access = PL1_R, .type = ARM_CP_CONST,
233
+ .accessfn = access_aa64_tid3,
234
.resetvalue = 0 },
235
{ .name = "ID_AA64ISAR0_EL1", .state = ARM_CP_STATE_AA64,
236
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 0,
237
.access = PL1_R, .type = ARM_CP_CONST,
238
+ .accessfn = access_aa64_tid3,
239
.resetvalue = cpu->isar.id_aa64isar0 },
240
{ .name = "ID_AA64ISAR1_EL1", .state = ARM_CP_STATE_AA64,
241
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 1,
242
.access = PL1_R, .type = ARM_CP_CONST,
243
+ .accessfn = access_aa64_tid3,
244
.resetvalue = cpu->isar.id_aa64isar1 },
245
{ .name = "ID_AA64ISAR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
246
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
247
.access = PL1_R, .type = ARM_CP_CONST,
248
+ .accessfn = access_aa64_tid3,
249
.resetvalue = 0 },
250
{ .name = "ID_AA64ISAR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
251
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 3,
252
.access = PL1_R, .type = ARM_CP_CONST,
253
+ .accessfn = access_aa64_tid3,
254
.resetvalue = 0 },
255
{ .name = "ID_AA64ISAR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
256
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 4,
257
.access = PL1_R, .type = ARM_CP_CONST,
258
+ .accessfn = access_aa64_tid3,
259
.resetvalue = 0 },
260
{ .name = "ID_AA64ISAR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
261
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 5,
262
.access = PL1_R, .type = ARM_CP_CONST,
263
+ .accessfn = access_aa64_tid3,
264
.resetvalue = 0 },
265
{ .name = "ID_AA64ISAR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
266
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 6,
267
.access = PL1_R, .type = ARM_CP_CONST,
268
+ .accessfn = access_aa64_tid3,
269
.resetvalue = 0 },
270
{ .name = "ID_AA64ISAR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
271
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 7,
272
.access = PL1_R, .type = ARM_CP_CONST,
273
+ .accessfn = access_aa64_tid3,
274
.resetvalue = 0 },
275
{ .name = "ID_AA64MMFR0_EL1", .state = ARM_CP_STATE_AA64,
276
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
277
.access = PL1_R, .type = ARM_CP_CONST,
278
+ .accessfn = access_aa64_tid3,
279
.resetvalue = cpu->isar.id_aa64mmfr0 },
280
{ .name = "ID_AA64MMFR1_EL1", .state = ARM_CP_STATE_AA64,
281
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 1,
282
.access = PL1_R, .type = ARM_CP_CONST,
283
+ .accessfn = access_aa64_tid3,
284
.resetvalue = cpu->isar.id_aa64mmfr1 },
285
{ .name = "ID_AA64MMFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
286
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 2,
287
.access = PL1_R, .type = ARM_CP_CONST,
288
+ .accessfn = access_aa64_tid3,
289
.resetvalue = 0 },
290
{ .name = "ID_AA64MMFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
291
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 3,
292
.access = PL1_R, .type = ARM_CP_CONST,
293
+ .accessfn = access_aa64_tid3,
294
.resetvalue = 0 },
295
{ .name = "ID_AA64MMFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
296
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 4,
297
.access = PL1_R, .type = ARM_CP_CONST,
298
+ .accessfn = access_aa64_tid3,
299
.resetvalue = 0 },
300
{ .name = "ID_AA64MMFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
301
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 5,
302
.access = PL1_R, .type = ARM_CP_CONST,
303
+ .accessfn = access_aa64_tid3,
304
.resetvalue = 0 },
305
{ .name = "ID_AA64MMFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
306
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 6,
307
.access = PL1_R, .type = ARM_CP_CONST,
308
+ .accessfn = access_aa64_tid3,
309
.resetvalue = 0 },
310
{ .name = "ID_AA64MMFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
311
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 7,
312
.access = PL1_R, .type = ARM_CP_CONST,
313
+ .accessfn = access_aa64_tid3,
314
.resetvalue = 0 },
315
{ .name = "MVFR0_EL1", .state = ARM_CP_STATE_AA64,
316
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 0,
317
.access = PL1_R, .type = ARM_CP_CONST,
318
+ .accessfn = access_aa64_tid3,
319
.resetvalue = cpu->isar.mvfr0 },
320
{ .name = "MVFR1_EL1", .state = ARM_CP_STATE_AA64,
321
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 1,
322
.access = PL1_R, .type = ARM_CP_CONST,
323
+ .accessfn = access_aa64_tid3,
324
.resetvalue = cpu->isar.mvfr1 },
325
{ .name = "MVFR2_EL1", .state = ARM_CP_STATE_AA64,
326
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2,
327
.access = PL1_R, .type = ARM_CP_CONST,
328
+ .accessfn = access_aa64_tid3,
329
.resetvalue = cpu->isar.mvfr2 },
330
{ .name = "MVFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
331
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 3,
332
.access = PL1_R, .type = ARM_CP_CONST,
333
+ .accessfn = access_aa64_tid3,
334
.resetvalue = 0 },
335
{ .name = "MVFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
336
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 4,
337
.access = PL1_R, .type = ARM_CP_CONST,
338
+ .accessfn = access_aa64_tid3,
339
.resetvalue = 0 },
340
{ .name = "MVFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
341
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 5,
342
.access = PL1_R, .type = ARM_CP_CONST,
343
+ .accessfn = access_aa64_tid3,
344
.resetvalue = 0 },
345
{ .name = "MVFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
346
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 6,
347
.access = PL1_R, .type = ARM_CP_CONST,
348
+ .accessfn = access_aa64_tid3,
349
.resetvalue = 0 },
350
{ .name = "MVFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
351
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 7,
352
.access = PL1_R, .type = ARM_CP_CONST,
353
+ .accessfn = access_aa64_tid3,
354
.resetvalue = 0 },
355
{ .name = "PMCEID0", .state = ARM_CP_STATE_AA32,
356
.cp = 15, .opc1 = 0, .crn = 9, .crm = 12, .opc2 = 6,
68
--
357
--
69
2.20.1
358
2.20.1
70
359
71
360
diff view generated by jsdifflib
[PULL 2/9] tests/tcg: clean-up some comments after the de-tangling
Deleted patch
1
From: Alex Bennée <alex.bennee@linaro.org>
2
1
3
These were missed in the recent de-tangling so have been updated to be
4
more actuate. I've also built up ARM_TESTS in a manner similar to
5
AARCH64_TESTS for better consistency.
6
7
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Message-id: 20190913151845.12582-2-alex.bennee@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
tests/tcg/Makefile.target | 7 +++++--
13
tests/tcg/aarch64/Makefile.target | 3 ++-
14
tests/tcg/arm/Makefile.target | 15 ++++++++-------
15
3 files changed, 15 insertions(+), 10 deletions(-)
16
17
diff --git a/tests/tcg/Makefile.target b/tests/tcg/Makefile.target
18
index XXXXXXX..XXXXXXX 100644
19
--- a/tests/tcg/Makefile.target
20
+++ b/tests/tcg/Makefile.target
21
@@ -XXX,XX +XXX,XX @@ TIMEOUT=15
22
endif
23
24
ifdef CONFIG_USER_ONLY
25
-# The order we include is important. We include multiarch, base arch
26
-# and finally arch if it's not the same as base arch.
27
+# The order we include is important. We include multiarch first and
28
+# then the target. If there are common tests shared between
29
+# sub-targets (e.g. ARM & AArch64) then it is up to
30
+# $(TARGET_NAME)/Makefile.target to include the common parent
31
+# architecture in its VPATH.
32
-include $(SRC_PATH)/tests/tcg/multiarch/Makefile.target
33
-include $(SRC_PATH)/tests/tcg/$(TARGET_NAME)/Makefile.target
34
35
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
36
index XXXXXXX..XXXXXXX 100644
37
--- a/tests/tcg/aarch64/Makefile.target
38
+++ b/tests/tcg/aarch64/Makefile.target
39
@@ -XXX,XX +XXX,XX @@ VPATH         += $(ARM_SRC)
40
AARCH64_SRC=$(SRC_PATH)/tests/tcg/aarch64
41
VPATH         += $(AARCH64_SRC)
42
43
-# we don't build any other ARM test
44
+# Float-convert Tests
45
AARCH64_TESTS=fcvt
46
47
fcvt: LDFLAGS+=-lm
48
@@ -XXX,XX +XXX,XX @@ run-fcvt: fcvt
49
    $(call run-test,$<,$(QEMU) $<, "$< on $(TARGET_NAME)")
50
    $(call diff-out,$<,$(AARCH64_SRC)/fcvt.ref)
51
52
+# Pauth Tests
53
AARCH64_TESTS += pauth-1 pauth-2
54
run-pauth-%: QEMU_OPTS += -cpu max
55
56
diff --git a/tests/tcg/arm/Makefile.target b/tests/tcg/arm/Makefile.target
57
index XXXXXXX..XXXXXXX 100644
58
--- a/tests/tcg/arm/Makefile.target
59
+++ b/tests/tcg/arm/Makefile.target
60
@@ -XXX,XX +XXX,XX @@ ARM_SRC=$(SRC_PATH)/tests/tcg/arm
61
# Set search path for all sources
62
VPATH         += $(ARM_SRC)
63
64
-ARM_TESTS=hello-arm test-arm-iwmmxt
65
-
66
-TESTS += $(ARM_TESTS) fcvt
67
-
68
+# Basic Hello World
69
+ARM_TESTS = hello-arm
70
hello-arm: CFLAGS+=-marm -ffreestanding
71
hello-arm: LDFLAGS+=-nostdlib
72
73
+# IWMXT floating point extensions
74
+ARM_TESTS += test-arm-iwmmxt
75
test-arm-iwmmxt: CFLAGS+=-marm -march=iwmmxt -mabi=aapcs -mfpu=fpv4-sp-d16
76
test-arm-iwmmxt: test-arm-iwmmxt.S
77
    $(CC) $(CFLAGS) $< -o $@ $(LDFLAGS)
78
79
-ifeq ($(TARGET_NAME), arm)
80
+# Float-convert Tests
81
+ARM_TESTS += fcvt
82
fcvt: LDFLAGS+=-lm
83
# fcvt: CFLAGS+=-march=armv8.2-a+fp16 -mfpu=neon-fp-armv8
84
-
85
run-fcvt: fcvt
86
    $(call run-test,fcvt,$(QEMU) $<,"$< on $(TARGET_NAME)")
87
    $(call diff-out,fcvt,$(ARM_SRC)/fcvt.ref)
88
-endif
89
+
90
+TESTS += $(ARM_TESTS)
91
92
# On ARM Linux only supports 4k pages
93
EXTRA_RUNS+=run-test-mmap-4096
94
--
95
2.20.1
96
97
diff view generated by jsdifflib
[PULL 4/9] target/arm: handle A-profile semihosting at translate time
Deleted patch
1
From: Alex Bennée <alex.bennee@linaro.org>
2
1
3
As for the other semihosting calls we can resolve this at translate
4
time.
5
6
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Message-id: 20190913151845.12582-4-alex.bennee@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
target/arm/translate.c | 19 +++++++++++++++----
12
1 file changed, 15 insertions(+), 4 deletions(-)
13
14
diff --git a/target/arm/translate.c b/target/arm/translate.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/translate.c
17
+++ b/target/arm/translate.c
18
@@ -XXX,XX +XXX,XX @@ static bool trans_CBZ(DisasContext *s, arg_CBZ *a)
19
}
20
21
/*
22
- * Supervisor call
23
+ * Supervisor call - both T32 & A32 come here so we need to check
24
+ * which mode we are in when checking for semihosting.
25
*/
26
27
static bool trans_SVC(DisasContext *s, arg_SVC *a)
28
{
29
- gen_set_pc_im(s, s->base.pc_next);
30
- s->svc_imm = a->imm;
31
- s->base.is_jmp = DISAS_SWI;
32
+ const uint32_t semihost_imm = s->thumb ? 0xab : 0x123456;
33
+
34
+ if (!arm_dc_feature(s, ARM_FEATURE_M) && semihosting_enabled() &&
35
+#ifndef CONFIG_USER_ONLY
36
+ !IS_USER(s) &&
37
+#endif
38
+ (a->imm == semihost_imm)) {
39
+ gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
40
+ } else {
41
+ gen_set_pc_im(s, s->base.pc_next);
42
+ s->svc_imm = a->imm;
43
+ s->base.is_jmp = DISAS_SWI;
44
+ }
45
return true;
46
}
47
48
--
49
2.20.1
50
51
diff view generated by jsdifflib
[PULL 6/9] target/arm: remove run-time semihosting checks for linux-user
Deleted patch
1
From: Alex Bennée <alex.bennee@linaro.org>
2
1
3
Now we do all our checking at translate time we can make cpu_loop a
4
little bit simpler. We also introduce a simple linux-user semihosting
5
test case to defend the functionality. The out-of-tree softmmu based
6
semihosting tests are still more comprehensive.
7
8
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
9
Message-id: 20190913151845.12582-6-alex.bennee@linaro.org
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
linux-user/arm/target_syscall.h | 3 ---
14
linux-user/arm/cpu_loop.c | 3 ---
15
2 files changed, 6 deletions(-)
16
17
diff --git a/linux-user/arm/target_syscall.h b/linux-user/arm/target_syscall.h
18
index XXXXXXX..XXXXXXX 100644
19
--- a/linux-user/arm/target_syscall.h
20
+++ b/linux-user/arm/target_syscall.h
21
@@ -XXX,XX +XXX,XX @@ struct target_pt_regs {
22
#define ARM_NR_set_tls     (ARM_NR_BASE + 5)
23
#define ARM_NR_get_tls (ARM_NR_BASE + 6)
24
25
-#define ARM_NR_semihosting     0x123456
26
-#define ARM_NR_thumb_semihosting 0xAB
27
-
28
#if defined(TARGET_WORDS_BIGENDIAN)
29
#define UNAME_MACHINE "armv5teb"
30
#else
31
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
32
index XXXXXXX..XXXXXXX 100644
33
--- a/linux-user/arm/cpu_loop.c
34
+++ b/linux-user/arm/cpu_loop.c
35
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
36
37
if (n == ARM_NR_cacheflush) {
38
/* nop */
39
- } else if (n == ARM_NR_semihosting
40
- || n == ARM_NR_thumb_semihosting) {
41
- env->regs[0] = do_arm_semihosting (env);
42
} else if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
43
/* linux syscall */
44
if (env->thumb || n == 0) {
45
--
46
2.20.1
47
48
diff view generated by jsdifflib
[PULL 7/9] tests/tcg: add linux-user semihosting smoke test for ARM
Deleted patch
1
From: Alex Bennée <alex.bennee@linaro.org>
2
1
3
We already use semihosting for the system stuff so this is a simple
4
smoke test to ensure we are working OK on linux-user.
5
6
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
7
Message-id: 20190913151845.12582-7-alex.bennee@linaro.org
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
tests/tcg/aarch64/Makefile.target | 5 ++++
12
tests/tcg/arm/Makefile.target | 5 ++++
13
tests/tcg/arm/semihosting.c | 45 +++++++++++++++++++++++++++++++
14
3 files changed, 55 insertions(+)
15
create mode 100644 tests/tcg/arm/semihosting.c
16
17
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
18
index XXXXXXX..XXXXXXX 100644
19
--- a/tests/tcg/aarch64/Makefile.target
20
+++ b/tests/tcg/aarch64/Makefile.target
21
@@ -XXX,XX +XXX,XX @@ run-fcvt: fcvt
22
AARCH64_TESTS += pauth-1 pauth-2
23
run-pauth-%: QEMU_OPTS += -cpu max
24
25
+# Semihosting smoke test for linux-user
26
+AARCH64_TESTS += semihosting
27
+run-semihosting: semihosting
28
+    $(call run-test,$<,$(QEMU) $< 2> $<.err, "$< on $(TARGET_NAME)")
29
+
30
TESTS += $(AARCH64_TESTS)
31
diff --git a/tests/tcg/arm/Makefile.target b/tests/tcg/arm/Makefile.target
32
index XXXXXXX..XXXXXXX 100644
33
--- a/tests/tcg/arm/Makefile.target
34
+++ b/tests/tcg/arm/Makefile.target
35
@@ -XXX,XX +XXX,XX @@ run-fcvt: fcvt
36
    $(call run-test,fcvt,$(QEMU) $<,"$< on $(TARGET_NAME)")
37
    $(call diff-out,fcvt,$(ARM_SRC)/fcvt.ref)
38
39
+# Semihosting smoke test for linux-user
40
+ARM_TESTS += semihosting
41
+run-semihosting: semihosting
42
+    $(call run-test,$<,$(QEMU) $< 2> $<.err, "$< on $(TARGET_NAME)")
43
+
44
TESTS += $(ARM_TESTS)
45
46
# On ARM Linux only supports 4k pages
47
diff --git a/tests/tcg/arm/semihosting.c b/tests/tcg/arm/semihosting.c
48
new file mode 100644
49
index XXXXXXX..XXXXXXX
50
--- /dev/null
51
+++ b/tests/tcg/arm/semihosting.c
52
@@ -XXX,XX +XXX,XX @@
53
+/*
54
+ * linux-user semihosting checks
55
+ *
56
+ * Copyright (c) 2019
57
+ * Written by Alex Bennée <alex.bennee@linaro.org>
58
+ *
59
+ * SPDX-License-Identifier: GPL-3.0-or-later
60
+ */
61
+
62
+#include <stdint.h>
63
+
64
+#define SYS_WRITE0 0x04
65
+#define SYS_REPORTEXC 0x18
66
+
67
+void __semi_call(uintptr_t type, uintptr_t arg0)
68
+{
69
+#if defined(__arm__)
70
+ register uintptr_t t asm("r0") = type;
71
+ register uintptr_t a0 asm("r1") = arg0;
72
+ asm("svc 0xab"
73
+ : /* no return */
74
+ : "r" (t), "r" (a0));
75
+#else
76
+ register uintptr_t t asm("x0") = type;
77
+ register uintptr_t a0 asm("x1") = arg0;
78
+ asm("hlt 0xf000"
79
+ : /* no return */
80
+ : "r" (t), "r" (a0));
81
+#endif
82
+}
83
+
84
+int main(int argc, char *argv[argc])
85
+{
86
+#if defined(__arm__)
87
+ uintptr_t exit_code = 0x20026;
88
+#else
89
+ uintptr_t exit_block[2] = {0x20026, 0};
90
+ uintptr_t exit_code = (uintptr_t) &exit_block;
91
+#endif
92
+
93
+ __semi_call(SYS_WRITE0, (uintptr_t) "Hello World");
94
+ __semi_call(SYS_REPORTEXC, exit_code);
95
+ /* if we get here we failed */
96
+ return -1;
97
+}
98
--
99
2.20.1
100
101
diff view generated by jsdifflib
[PULL 8/9] hw/arm/boot.c: Set NSACR.{CP11,CP10} for NS kernel boots
Deleted patch
1
If we're booting a Linux kernel directly into Non-Secure
2
state on a CPU which has Secure state, then make sure we
3
set the NSACR CP11 and CP10 bits, so that Non-Secure is allowed
4
to access the FPU. Otherwise an AArch32 kernel will UNDEF as
5
soon as it tries to use the FPU.
6
1
7
It used to not matter that we didn't do this until commit
8
fc1120a7f5f2d4b6, where we implemented actually honouring
9
these NSACR bits.
10
11
The problem only exists for CPUs where EL3 is AArch32; the
12
equivalent AArch64 trap bits are in CPTR_EL3 and are "0 to
13
not trap, 1 to trap", so the reset value of the register
14
permits NS access, unlike NSACR.
15
16
Fixes: fc1120a7f5
17
Fixes: https://bugs.launchpad.net/qemu/+bug/1844597
18
Cc: qemu-stable@nongnu.org
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
21
Message-id: 20190920174039.3916-1-peter.maydell@linaro.org
22
---
23
hw/arm/boot.c | 2 ++
24
1 file changed, 2 insertions(+)
25
26
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
27
index XXXXXXX..XXXXXXX 100644
28
--- a/hw/arm/boot.c
29
+++ b/hw/arm/boot.c
30
@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
31
(cs != first_cpu || !info->secure_board_setup)) {
32
/* Linux expects non-secure state */
33
env->cp15.scr_el3 |= SCR_NS;
34
+ /* Set NSACR.{CP11,CP10} so NS can access the FPU */
35
+ env->cp15.nsacr |= 3 << 10;
36
}
37
}
38
39
--
40
2.20.1
41
42
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.