[PULL 0/4] target-arm queue
[PULL 0/7] target-arm queue
1
Arm patches for rc3 : just a handful of bug fixes.
1
Just some bugfixes this time around.
2
2
3
thanks
4
-- PMM
3
-- PMM
5
4
5
The following changes since commit 4215d3413272ad6d1c6c9d0234450b602e46a74c:
6
6
7
The following changes since commit 4ecc984210ca1bf508a96a550ec8a93a5f833f6c:
7
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.1-20200727' into staging (2020-07-27 09:33:04 +0100)
8
9
Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.2-rc3' into staging (2019-11-26 12:36:40 +0000)
10
8
11
are available in the Git repository at:
9
are available in the Git repository at:
12
10
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20191126
11
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200727
14
12
15
for you to fetch changes up to 6a4ef4e5d1084ce41fafa7d470a644b0fd3d9317:
13
for you to fetch changes up to d4f6dda182e19afa75706936805e18397cb95f07:
16
14
17
target/arm: Honor HCR_EL2.TID3 trapping requirements (2019-11-26 13:55:37 +0000)
15
target/arm: Improve IMPDEF algorithm for IRG (2020-07-27 16:12:11 +0100)
18
16
19
----------------------------------------------------------------
17
----------------------------------------------------------------
20
target-arm queue:
18
target-arm queue:
21
* handle FTYPE flag correctly in v7M exception return
19
* ACPI: Assert that we don't run out of the preallocated memory
22
for v7M CPUs with an FPU (v8M CPUs were already correct)
20
* hw/misc/aspeed_sdmc: Fix incorrect memory size
23
* versal: Add the CRP as unimplemented
21
* target/arm: Always pass cacheattr in S1_ptw_translate
24
* Fix ISR_EL1 tracking when executing at EL2
22
* docs/system/arm/virt: Document 'mte' machine option
25
* Honor HCR_EL2.TID3 trapping requirements
23
* hw/arm/boot: Fix PAUTH, MTE for EL3 direct kernel boot
24
* target/arm: Improve IMPDEF algorithm for IRG
26
25
27
----------------------------------------------------------------
26
----------------------------------------------------------------
28
Edgar E. Iglesias (1):
27
Dongjiu Geng (1):
29
hw/arm: versal: Add the CRP as unimplemented
28
ACPI: Assert that we don't run out of the preallocated memory
30
29
31
Jean-Hugues Deschênes (1):
30
Peter Maydell (1):
32
target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
31
docs/system/arm/virt: Document 'mte' machine option
33
32
34
Marc Zyngier (2):
33
Philippe Mathieu-Daudé (1):
35
target/arm: Fix ISR_EL1 tracking when executing at EL2
34
hw/misc/aspeed_sdmc: Fix incorrect memory size
36
target/arm: Honor HCR_EL2.TID3 trapping requirements
37
35
38
include/hw/arm/xlnx-versal.h | 3 ++
36
Richard Henderson (4):
39
hw/arm/xlnx-versal.c | 2 ++
37
target/arm: Always pass cacheattr in S1_ptw_translate
40
target/arm/helper.c | 83 ++++++++++++++++++++++++++++++++++++++++++--
38
hw/arm/boot: Fix PAUTH for EL3 direct kernel boot
41
target/arm/m_helper.c | 7 ++--
39
hw/arm/boot: Fix MTE for EL3 direct kernel boot
42
4 files changed, 89 insertions(+), 6 deletions(-)
40
target/arm: Improve IMPDEF algorithm for IRG
43
41
42
docs/system/arm/virt.rst | 4 ++++
43
hw/acpi/ghes.c | 12 ++++--------
44
hw/arm/boot.c | 6 ++++++
45
hw/misc/aspeed_sdmc.c | 7 ++++---
46
target/arm/helper.c | 19 ++++++-------------
47
target/arm/mte_helper.c | 37 ++++++++++++++++++++++++++++++-------
48
6 files changed, 54 insertions(+), 31 deletions(-)
49
diff view generated by jsdifflib
New patch
[PULL 1/7] ACPI: Assert that we don't run out of the preallocated memory
1
From: Dongjiu Geng <gengdongjiu@huawei.com>
1
2
3
data_length is a constant value, so we use assert instead of
4
condition check.
5
6
Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>
7
Message-id: 20200622113146.33421-1-gengdongjiu@huawei.com
8
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
hw/acpi/ghes.c | 12 ++++--------
12
1 file changed, 4 insertions(+), 8 deletions(-)
13
14
diff --git a/hw/acpi/ghes.c b/hw/acpi/ghes.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/acpi/ghes.c
17
+++ b/hw/acpi/ghes.c
18
@@ -XXX,XX +XXX,XX @@ static int acpi_ghes_record_mem_error(uint64_t error_block_address,
19
20
/* This is the length if adding a new generic error data entry*/
21
data_length = ACPI_GHES_DATA_LENGTH + ACPI_GHES_MEM_CPER_LENGTH;
22
-
23
/*
24
- * Check whether it will run out of the preallocated memory if adding a new
25
- * generic error data entry
26
+ * It should not run out of the preallocated memory if adding a new generic
27
+ * error data entry
28
*/
29
- if ((data_length + ACPI_GHES_GESB_SIZE) > ACPI_GHES_MAX_RAW_DATA_LENGTH) {
30
- error_report("Not enough memory to record new CPER!!!");
31
- g_array_free(block, true);
32
- return -1;
33
- }
34
+ assert((data_length + ACPI_GHES_GESB_SIZE) <=
35
+ ACPI_GHES_MAX_RAW_DATA_LENGTH);
36
37
/* Build the new generic error status block header */
38
acpi_ghes_generic_error_status(block, ACPI_GEBS_UNCORRECTABLE,
39
--
40
2.20.1
41
42
diff view generated by jsdifflib
New patch
[PULL 2/7] hw/misc/aspeed_sdmc: Fix incorrect memory size
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
2
3
The SDRAM Memory Controller has a 32-bit address bus, thus
4
supports up to 4 GiB of DRAM. There is a signed to unsigned
5
conversion error with the AST2600 maximum memory size:
6
7
(uint64_t)(2048 << 20) = (uint64_t)(-2147483648)
8
= 0xffffffff40000000
9
= 16 EiB - 2 GiB
10
11
Fix by using the IEC suffixes which are usually safer, and add
12
an assertion check to verify the memory is valid. This would have
13
caught this bug:
14
15
$ qemu-system-arm -M ast2600-evb
16
qemu-system-arm: hw/misc/aspeed_sdmc.c:258: aspeed_sdmc_realize: Assertion `asc->max_ram_size < 4 * GiB' failed.
17
Aborted (core dumped)
18
19
Fixes: 1550d72679 ("aspeed/sdmc: Add AST2600 support")
20
Reviewed-by: Cédric Le Goater <clg@kaod.org>
21
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
---
24
hw/misc/aspeed_sdmc.c | 7 ++++---
25
1 file changed, 4 insertions(+), 3 deletions(-)
26
27
diff --git a/hw/misc/aspeed_sdmc.c b/hw/misc/aspeed_sdmc.c
28
index XXXXXXX..XXXXXXX 100644
29
--- a/hw/misc/aspeed_sdmc.c
30
+++ b/hw/misc/aspeed_sdmc.c
31
@@ -XXX,XX +XXX,XX @@ static void aspeed_sdmc_realize(DeviceState *dev, Error **errp)
32
AspeedSDMCState *s = ASPEED_SDMC(dev);
33
AspeedSDMCClass *asc = ASPEED_SDMC_GET_CLASS(s);
34
35
+ assert(asc->max_ram_size < 4 * GiB); /* 32-bit address bus */
36
s->max_ram_size = asc->max_ram_size;
37
38
memory_region_init_io(&s->iomem, OBJECT(s), &aspeed_sdmc_ops, s,
39
@@ -XXX,XX +XXX,XX @@ static void aspeed_2400_sdmc_class_init(ObjectClass *klass, void *data)
40
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
41
42
dc->desc = "ASPEED 2400 SDRAM Memory Controller";
43
- asc->max_ram_size = 512 << 20;
44
+ asc->max_ram_size = 512 * MiB;
45
asc->compute_conf = aspeed_2400_sdmc_compute_conf;
46
asc->write = aspeed_2400_sdmc_write;
47
asc->valid_ram_sizes = aspeed_2400_ram_sizes;
48
@@ -XXX,XX +XXX,XX @@ static void aspeed_2500_sdmc_class_init(ObjectClass *klass, void *data)
49
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
50
51
dc->desc = "ASPEED 2500 SDRAM Memory Controller";
52
- asc->max_ram_size = 1024 << 20;
53
+ asc->max_ram_size = 1 * GiB;
54
asc->compute_conf = aspeed_2500_sdmc_compute_conf;
55
asc->write = aspeed_2500_sdmc_write;
56
asc->valid_ram_sizes = aspeed_2500_ram_sizes;
57
@@ -XXX,XX +XXX,XX @@ static void aspeed_2600_sdmc_class_init(ObjectClass *klass, void *data)
58
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
59
60
dc->desc = "ASPEED 2600 SDRAM Memory Controller";
61
- asc->max_ram_size = 2048 << 20;
62
+ asc->max_ram_size = 2 * GiB;
63
asc->compute_conf = aspeed_2600_sdmc_compute_conf;
64
asc->write = aspeed_2600_sdmc_write;
65
asc->valid_ram_sizes = aspeed_2600_ram_sizes;
66
--
67
2.20.1
68
69
diff view generated by jsdifflib
[PULL 3/4] target/arm: Fix ISR_EL1 tracking when executing at EL2
[PULL 3/7] target/arm: Always pass cacheattr in S1_ptw_translate
1
From: Marc Zyngier <maz@kernel.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
The ARMv8 ARM states when executing at EL2, EL3 or Secure EL1,
3
When we changed the interface of get_phys_addr_lpae to require
4
ISR_EL1 shows the pending status of the physical IRQ, FIQ, or
4
the cacheattr parameter, this spot was missed. The compiler is
5
SError interrupts.
5
unable to detect the use of NULL vs the nonnull attribute here.
6
6
7
Unfortunately, QEMU's implementation only considers the HCR_EL2
7
Fixes: 7e98e21c098
8
bits, and ignores the current exception level. This means a hypervisor
8
Reported-by: Jan Kiszka <jan.kiszka@siemens.com>
9
trying to look at its own interrupt state actually sees the guest
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
state, which is unexpected and breaks KVM as of Linux 5.3.
10
Tested-by: Jan Kiszka <jan.kiskza@siemens.com>
11
12
Instead, check for the running EL and return the physical bits
13
if not running in a virtualized context.
14
15
Fixes: 636540e9c40b
16
Cc: qemu-stable@nongnu.org
17
Reported-by: Quentin Perret <qperret@google.com>
18
Signed-off-by: Marc Zyngier <maz@kernel.org>
19
Message-id: 20191122135833.28953-1-maz@kernel.org
20
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
21
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
---
13
---
24
target/arm/helper.c | 7 +++++--
14
target/arm/helper.c | 19 ++++++-------------
25
1 file changed, 5 insertions(+), 2 deletions(-)
15
1 file changed, 6 insertions(+), 13 deletions(-)
26
16
27
diff --git a/target/arm/helper.c b/target/arm/helper.c
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
28
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
29
--- a/target/arm/helper.c
19
--- a/target/arm/helper.c
30
+++ b/target/arm/helper.c
20
+++ b/target/arm/helper.c
31
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
21
@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
32
CPUState *cs = env_cpu(env);
22
int s2prot;
33
uint64_t hcr_el2 = arm_hcr_el2_eff(env);
23
int ret;
34
uint64_t ret = 0;
24
ARMCacheAttrs cacheattrs = {};
35
+ bool allow_virt = (arm_current_el(env) == 1 &&
25
- ARMCacheAttrs *pcacheattrs = NULL;
36
+ (!arm_is_secure_below_el3(env) ||
26
-
37
+ (env->cp15.scr_el3 & SCR_EEL2)));
27
- if (env->cp15.hcr_el2 & HCR_PTW) {
38
28
- /*
39
- if (hcr_el2 & HCR_IMO) {
29
- * PTW means we must fault if this S1 walk touches S2 Device
40
+ if (allow_virt && (hcr_el2 & HCR_IMO)) {
30
- * memory; otherwise we don't care about the attributes and can
41
if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) {
31
- * save the S2 translation the effort of computing them.
42
ret |= CPSR_I;
32
- */
33
- pcacheattrs = &cacheattrs;
34
- }
35
36
ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, ARMMMUIdx_Stage2,
37
false,
38
&s2pa, &txattrs, &s2prot, &s2size, fi,
39
- pcacheattrs);
40
+ &cacheattrs);
41
if (ret) {
42
assert(fi->type != ARMFault_None);
43
fi->s2addr = addr;
44
@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
45
fi->s1ptw = true;
46
return ~0;
43
}
47
}
44
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
48
- if (pcacheattrs && (pcacheattrs->attrs & 0xf0) == 0) {
45
}
49
- /* Access was to Device memory: generate Permission fault */
46
}
50
+ if ((env->cp15.hcr_el2 & HCR_PTW) && (cacheattrs.attrs & 0xf0) == 0) {
47
51
+ /*
48
- if (hcr_el2 & HCR_FMO) {
52
+ * PTW set and S1 walk touched S2 Device memory:
49
+ if (allow_virt && (hcr_el2 & HCR_FMO)) {
53
+ * generate Permission fault.
50
if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) {
54
+ */
51
ret |= CPSR_F;
55
fi->type = ARMFault_Permission;
52
}
56
fi->s2addr = addr;
57
fi->stage2 = true;
53
--
58
--
54
2.20.1
59
2.20.1
55
60
56
61
diff view generated by jsdifflib
New patch
[PULL 4/7] docs/system/arm/virt: Document 'mte' machine option
1
Commit 6a0b7505f1fd6769c which added documentation of the virt board
2
crossed in the post with commit 6f4e1405b91da0d0 which added a new
3
'mte' machine option. Update the docs to include the new option.
1
4
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
---
9
docs/system/arm/virt.rst | 4 ++++
10
1 file changed, 4 insertions(+)
11
12
diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
13
index XXXXXXX..XXXXXXX 100644
14
--- a/docs/system/arm/virt.rst
15
+++ b/docs/system/arm/virt.rst
16
@@ -XXX,XX +XXX,XX @@ virtualization
17
Set ``on``/``off`` to enable/disable emulating a guest CPU which implements the
18
Arm Virtualization Extensions. The default is ``off``.
19
20
+mte
21
+ Set ``on``/``off`` to enable/disable emulating a guest CPU which implements the
22
+ Arm Memory Tagging Extensions. The default is ``off``.
23
+
24
highmem
25
Set ``on``/``off`` to enable/disable placing devices and RAM in physical
26
address space above 32 bits. The default is ``on`` for machine types
27
--
28
2.20.1
29
30
diff view generated by jsdifflib
[PULL 4/4] target/arm: Honor HCR_EL2.TID3 trapping requirements
[PULL 5/7] hw/arm/boot: Fix PAUTH for EL3 direct kernel boot
1
From: Marc Zyngier <maz@kernel.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
HCR_EL2.TID3 mandates that access from EL1 to a long list of id
3
When booting an EL3 cpu with -kernel, we set up EL3 and then
4
registers traps to EL2, and QEMU has so far ignored this requirement.
4
drop down to EL2. We need to enable access to v8.3-PAuth
5
keys and instructions at EL3 before doing so.
5
6
6
This breaks (among other things) KVM guests that have PtrAuth enabled,
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
while the hypervisor doesn't want to expose the feature to its guest.
8
Message-id: 20200724163853.504655-2-richard.henderson@linaro.org
8
To achieve this, KVM traps the ID registers (ID_AA64ISAR1_EL1 in this
9
case), and masks out the unsupported feature.
10
11
QEMU not honoring the trap request means that the guest observes
12
that the feature is present in the HW, starts using it, and dies
13
a horrible death when KVM injects an UNDEF, because the feature
14
*really* isn't supported.
15
16
Do the right thing by trapping to EL2 if HCR_EL2.TID3 is set.
17
18
Note that this change does not include trapping of the MVFR
19
registers from AArch32 (they are accessed via the VMRS
20
instruction and need to be handled in a different way).
21
22
Reported-by: Will Deacon <will@kernel.org>
23
Signed-off-by: Marc Zyngier <maz@kernel.org>
24
Tested-by: Will Deacon <will@kernel.org>
25
Message-id: 20191123115618.29230-1-maz@kernel.org
26
[PMM: added missing accessfn line for ID_AA4PFR2_EL1_RESERVED;
27
changed names of access functions to include _tid3]
28
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
29
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
30
---
11
---
31
target/arm/helper.c | 76 +++++++++++++++++++++++++++++++++++++++++++++
12
hw/arm/boot.c | 3 +++
32
1 file changed, 76 insertions(+)
13
1 file changed, 3 insertions(+)
33
14
34
diff --git a/target/arm/helper.c b/target/arm/helper.c
15
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
35
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
36
--- a/target/arm/helper.c
17
--- a/hw/arm/boot.c
37
+++ b/target/arm/helper.c
18
+++ b/hw/arm/boot.c
38
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo predinv_reginfo[] = {
19
@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
39
REGINFO_SENTINEL
20
} else {
40
};
21
env->pstate = PSTATE_MODE_EL1h;
41
22
}
42
+static CPAccessResult access_aa64_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
23
+ if (cpu_isar_feature(aa64_pauth, cpu)) {
43
+ bool isread)
24
+ env->cp15.scr_el3 |= SCR_API | SCR_APK;
44
+{
25
+ }
45
+ if ((arm_current_el(env) < 2) && (arm_hcr_el2_eff(env) & HCR_TID3)) {
26
/* AArch64 kernels never boot in secure mode */
46
+ return CP_ACCESS_TRAP_EL2;
27
assert(!info->secure_boot);
47
+ }
28
/* This hook is only supported for AArch32 currently:
48
+
49
+ return CP_ACCESS_OK;
50
+}
51
+
52
+static CPAccessResult access_aa32_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
53
+ bool isread)
54
+{
55
+ if (arm_feature(env, ARM_FEATURE_V8)) {
56
+ return access_aa64_tid3(env, ri, isread);
57
+ }
58
+
59
+ return CP_ACCESS_OK;
60
+}
61
+
62
void register_cp_regs_for_features(ARMCPU *cpu)
63
{
64
/* Register all the coprocessor registers based on feature bits */
65
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
66
{ .name = "ID_PFR0", .state = ARM_CP_STATE_BOTH,
67
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 0,
68
.access = PL1_R, .type = ARM_CP_CONST,
69
+ .accessfn = access_aa32_tid3,
70
.resetvalue = cpu->id_pfr0 },
71
/* ID_PFR1 is not a plain ARM_CP_CONST because we don't know
72
* the value of the GIC field until after we define these regs.
73
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
74
{ .name = "ID_PFR1", .state = ARM_CP_STATE_BOTH,
75
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 1,
76
.access = PL1_R, .type = ARM_CP_NO_RAW,
77
+ .accessfn = access_aa32_tid3,
78
.readfn = id_pfr1_read,
79
.writefn = arm_cp_write_ignore },
80
{ .name = "ID_DFR0", .state = ARM_CP_STATE_BOTH,
81
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 2,
82
.access = PL1_R, .type = ARM_CP_CONST,
83
+ .accessfn = access_aa32_tid3,
84
.resetvalue = cpu->id_dfr0 },
85
{ .name = "ID_AFR0", .state = ARM_CP_STATE_BOTH,
86
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 3,
87
.access = PL1_R, .type = ARM_CP_CONST,
88
+ .accessfn = access_aa32_tid3,
89
.resetvalue = cpu->id_afr0 },
90
{ .name = "ID_MMFR0", .state = ARM_CP_STATE_BOTH,
91
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 4,
92
.access = PL1_R, .type = ARM_CP_CONST,
93
+ .accessfn = access_aa32_tid3,
94
.resetvalue = cpu->id_mmfr0 },
95
{ .name = "ID_MMFR1", .state = ARM_CP_STATE_BOTH,
96
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 5,
97
.access = PL1_R, .type = ARM_CP_CONST,
98
+ .accessfn = access_aa32_tid3,
99
.resetvalue = cpu->id_mmfr1 },
100
{ .name = "ID_MMFR2", .state = ARM_CP_STATE_BOTH,
101
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 6,
102
.access = PL1_R, .type = ARM_CP_CONST,
103
+ .accessfn = access_aa32_tid3,
104
.resetvalue = cpu->id_mmfr2 },
105
{ .name = "ID_MMFR3", .state = ARM_CP_STATE_BOTH,
106
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 7,
107
.access = PL1_R, .type = ARM_CP_CONST,
108
+ .accessfn = access_aa32_tid3,
109
.resetvalue = cpu->id_mmfr3 },
110
{ .name = "ID_ISAR0", .state = ARM_CP_STATE_BOTH,
111
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
112
.access = PL1_R, .type = ARM_CP_CONST,
113
+ .accessfn = access_aa32_tid3,
114
.resetvalue = cpu->isar.id_isar0 },
115
{ .name = "ID_ISAR1", .state = ARM_CP_STATE_BOTH,
116
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 1,
117
.access = PL1_R, .type = ARM_CP_CONST,
118
+ .accessfn = access_aa32_tid3,
119
.resetvalue = cpu->isar.id_isar1 },
120
{ .name = "ID_ISAR2", .state = ARM_CP_STATE_BOTH,
121
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
122
.access = PL1_R, .type = ARM_CP_CONST,
123
+ .accessfn = access_aa32_tid3,
124
.resetvalue = cpu->isar.id_isar2 },
125
{ .name = "ID_ISAR3", .state = ARM_CP_STATE_BOTH,
126
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 3,
127
.access = PL1_R, .type = ARM_CP_CONST,
128
+ .accessfn = access_aa32_tid3,
129
.resetvalue = cpu->isar.id_isar3 },
130
{ .name = "ID_ISAR4", .state = ARM_CP_STATE_BOTH,
131
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 4,
132
.access = PL1_R, .type = ARM_CP_CONST,
133
+ .accessfn = access_aa32_tid3,
134
.resetvalue = cpu->isar.id_isar4 },
135
{ .name = "ID_ISAR5", .state = ARM_CP_STATE_BOTH,
136
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 5,
137
.access = PL1_R, .type = ARM_CP_CONST,
138
+ .accessfn = access_aa32_tid3,
139
.resetvalue = cpu->isar.id_isar5 },
140
{ .name = "ID_MMFR4", .state = ARM_CP_STATE_BOTH,
141
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 6,
142
.access = PL1_R, .type = ARM_CP_CONST,
143
+ .accessfn = access_aa32_tid3,
144
.resetvalue = cpu->id_mmfr4 },
145
{ .name = "ID_ISAR6", .state = ARM_CP_STATE_BOTH,
146
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 7,
147
.access = PL1_R, .type = ARM_CP_CONST,
148
+ .accessfn = access_aa32_tid3,
149
.resetvalue = cpu->isar.id_isar6 },
150
REGINFO_SENTINEL
151
};
152
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
153
{ .name = "ID_AA64PFR0_EL1", .state = ARM_CP_STATE_AA64,
154
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 0,
155
.access = PL1_R, .type = ARM_CP_NO_RAW,
156
+ .accessfn = access_aa64_tid3,
157
.readfn = id_aa64pfr0_read,
158
.writefn = arm_cp_write_ignore },
159
{ .name = "ID_AA64PFR1_EL1", .state = ARM_CP_STATE_AA64,
160
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 1,
161
.access = PL1_R, .type = ARM_CP_CONST,
162
+ .accessfn = access_aa64_tid3,
163
.resetvalue = cpu->isar.id_aa64pfr1},
164
{ .name = "ID_AA64PFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
165
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 2,
166
.access = PL1_R, .type = ARM_CP_CONST,
167
+ .accessfn = access_aa64_tid3,
168
.resetvalue = 0 },
169
{ .name = "ID_AA64PFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
170
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 3,
171
.access = PL1_R, .type = ARM_CP_CONST,
172
+ .accessfn = access_aa64_tid3,
173
.resetvalue = 0 },
174
{ .name = "ID_AA64ZFR0_EL1", .state = ARM_CP_STATE_AA64,
175
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 4,
176
.access = PL1_R, .type = ARM_CP_CONST,
177
+ .accessfn = access_aa64_tid3,
178
/* At present, only SVEver == 0 is defined anyway. */
179
.resetvalue = 0 },
180
{ .name = "ID_AA64PFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
181
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 5,
182
.access = PL1_R, .type = ARM_CP_CONST,
183
+ .accessfn = access_aa64_tid3,
184
.resetvalue = 0 },
185
{ .name = "ID_AA64PFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
186
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 6,
187
.access = PL1_R, .type = ARM_CP_CONST,
188
+ .accessfn = access_aa64_tid3,
189
.resetvalue = 0 },
190
{ .name = "ID_AA64PFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
191
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 7,
192
.access = PL1_R, .type = ARM_CP_CONST,
193
+ .accessfn = access_aa64_tid3,
194
.resetvalue = 0 },
195
{ .name = "ID_AA64DFR0_EL1", .state = ARM_CP_STATE_AA64,
196
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 0,
197
.access = PL1_R, .type = ARM_CP_CONST,
198
+ .accessfn = access_aa64_tid3,
199
.resetvalue = cpu->id_aa64dfr0 },
200
{ .name = "ID_AA64DFR1_EL1", .state = ARM_CP_STATE_AA64,
201
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 1,
202
.access = PL1_R, .type = ARM_CP_CONST,
203
+ .accessfn = access_aa64_tid3,
204
.resetvalue = cpu->id_aa64dfr1 },
205
{ .name = "ID_AA64DFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
206
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 2,
207
.access = PL1_R, .type = ARM_CP_CONST,
208
+ .accessfn = access_aa64_tid3,
209
.resetvalue = 0 },
210
{ .name = "ID_AA64DFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
211
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 3,
212
.access = PL1_R, .type = ARM_CP_CONST,
213
+ .accessfn = access_aa64_tid3,
214
.resetvalue = 0 },
215
{ .name = "ID_AA64AFR0_EL1", .state = ARM_CP_STATE_AA64,
216
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 4,
217
.access = PL1_R, .type = ARM_CP_CONST,
218
+ .accessfn = access_aa64_tid3,
219
.resetvalue = cpu->id_aa64afr0 },
220
{ .name = "ID_AA64AFR1_EL1", .state = ARM_CP_STATE_AA64,
221
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 5,
222
.access = PL1_R, .type = ARM_CP_CONST,
223
+ .accessfn = access_aa64_tid3,
224
.resetvalue = cpu->id_aa64afr1 },
225
{ .name = "ID_AA64AFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
226
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 6,
227
.access = PL1_R, .type = ARM_CP_CONST,
228
+ .accessfn = access_aa64_tid3,
229
.resetvalue = 0 },
230
{ .name = "ID_AA64AFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
231
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 7,
232
.access = PL1_R, .type = ARM_CP_CONST,
233
+ .accessfn = access_aa64_tid3,
234
.resetvalue = 0 },
235
{ .name = "ID_AA64ISAR0_EL1", .state = ARM_CP_STATE_AA64,
236
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 0,
237
.access = PL1_R, .type = ARM_CP_CONST,
238
+ .accessfn = access_aa64_tid3,
239
.resetvalue = cpu->isar.id_aa64isar0 },
240
{ .name = "ID_AA64ISAR1_EL1", .state = ARM_CP_STATE_AA64,
241
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 1,
242
.access = PL1_R, .type = ARM_CP_CONST,
243
+ .accessfn = access_aa64_tid3,
244
.resetvalue = cpu->isar.id_aa64isar1 },
245
{ .name = "ID_AA64ISAR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
246
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
247
.access = PL1_R, .type = ARM_CP_CONST,
248
+ .accessfn = access_aa64_tid3,
249
.resetvalue = 0 },
250
{ .name = "ID_AA64ISAR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
251
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 3,
252
.access = PL1_R, .type = ARM_CP_CONST,
253
+ .accessfn = access_aa64_tid3,
254
.resetvalue = 0 },
255
{ .name = "ID_AA64ISAR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
256
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 4,
257
.access = PL1_R, .type = ARM_CP_CONST,
258
+ .accessfn = access_aa64_tid3,
259
.resetvalue = 0 },
260
{ .name = "ID_AA64ISAR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
261
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 5,
262
.access = PL1_R, .type = ARM_CP_CONST,
263
+ .accessfn = access_aa64_tid3,
264
.resetvalue = 0 },
265
{ .name = "ID_AA64ISAR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
266
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 6,
267
.access = PL1_R, .type = ARM_CP_CONST,
268
+ .accessfn = access_aa64_tid3,
269
.resetvalue = 0 },
270
{ .name = "ID_AA64ISAR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
271
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 7,
272
.access = PL1_R, .type = ARM_CP_CONST,
273
+ .accessfn = access_aa64_tid3,
274
.resetvalue = 0 },
275
{ .name = "ID_AA64MMFR0_EL1", .state = ARM_CP_STATE_AA64,
276
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
277
.access = PL1_R, .type = ARM_CP_CONST,
278
+ .accessfn = access_aa64_tid3,
279
.resetvalue = cpu->isar.id_aa64mmfr0 },
280
{ .name = "ID_AA64MMFR1_EL1", .state = ARM_CP_STATE_AA64,
281
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 1,
282
.access = PL1_R, .type = ARM_CP_CONST,
283
+ .accessfn = access_aa64_tid3,
284
.resetvalue = cpu->isar.id_aa64mmfr1 },
285
{ .name = "ID_AA64MMFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
286
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 2,
287
.access = PL1_R, .type = ARM_CP_CONST,
288
+ .accessfn = access_aa64_tid3,
289
.resetvalue = 0 },
290
{ .name = "ID_AA64MMFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
291
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 3,
292
.access = PL1_R, .type = ARM_CP_CONST,
293
+ .accessfn = access_aa64_tid3,
294
.resetvalue = 0 },
295
{ .name = "ID_AA64MMFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
296
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 4,
297
.access = PL1_R, .type = ARM_CP_CONST,
298
+ .accessfn = access_aa64_tid3,
299
.resetvalue = 0 },
300
{ .name = "ID_AA64MMFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
301
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 5,
302
.access = PL1_R, .type = ARM_CP_CONST,
303
+ .accessfn = access_aa64_tid3,
304
.resetvalue = 0 },
305
{ .name = "ID_AA64MMFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
306
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 6,
307
.access = PL1_R, .type = ARM_CP_CONST,
308
+ .accessfn = access_aa64_tid3,
309
.resetvalue = 0 },
310
{ .name = "ID_AA64MMFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
311
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 7,
312
.access = PL1_R, .type = ARM_CP_CONST,
313
+ .accessfn = access_aa64_tid3,
314
.resetvalue = 0 },
315
{ .name = "MVFR0_EL1", .state = ARM_CP_STATE_AA64,
316
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 0,
317
.access = PL1_R, .type = ARM_CP_CONST,
318
+ .accessfn = access_aa64_tid3,
319
.resetvalue = cpu->isar.mvfr0 },
320
{ .name = "MVFR1_EL1", .state = ARM_CP_STATE_AA64,
321
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 1,
322
.access = PL1_R, .type = ARM_CP_CONST,
323
+ .accessfn = access_aa64_tid3,
324
.resetvalue = cpu->isar.mvfr1 },
325
{ .name = "MVFR2_EL1", .state = ARM_CP_STATE_AA64,
326
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2,
327
.access = PL1_R, .type = ARM_CP_CONST,
328
+ .accessfn = access_aa64_tid3,
329
.resetvalue = cpu->isar.mvfr2 },
330
{ .name = "MVFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
331
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 3,
332
.access = PL1_R, .type = ARM_CP_CONST,
333
+ .accessfn = access_aa64_tid3,
334
.resetvalue = 0 },
335
{ .name = "MVFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
336
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 4,
337
.access = PL1_R, .type = ARM_CP_CONST,
338
+ .accessfn = access_aa64_tid3,
339
.resetvalue = 0 },
340
{ .name = "MVFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
341
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 5,
342
.access = PL1_R, .type = ARM_CP_CONST,
343
+ .accessfn = access_aa64_tid3,
344
.resetvalue = 0 },
345
{ .name = "MVFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
346
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 6,
347
.access = PL1_R, .type = ARM_CP_CONST,
348
+ .accessfn = access_aa64_tid3,
349
.resetvalue = 0 },
350
{ .name = "MVFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
351
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 7,
352
.access = PL1_R, .type = ARM_CP_CONST,
353
+ .accessfn = access_aa64_tid3,
354
.resetvalue = 0 },
355
{ .name = "PMCEID0", .state = ARM_CP_STATE_AA32,
356
.cp = 15, .opc1 = 0, .crn = 9, .crm = 12, .opc2 = 6,
357
--
29
--
358
2.20.1
30
2.20.1
359
31
360
32
diff view generated by jsdifflib
[PULL 2/4] hw/arm: versal: Add the CRP as unimplemented
[PULL 6/7] hw/arm/boot: Fix MTE for EL3 direct kernel boot
1
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Add the CRP as unimplemented thus avoiding bus errors when
3
When booting an EL3 cpu with -kernel, we set up EL3 and then
4
guests access these registers.
4
drop down to EL2. We need to enable access to v8.5-MemTag
5
tag allocation at EL3 before doing so.
5
6
6
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
7
Reported-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
9
Message-id: 20200724163853.504655-3-richard.henderson@linaro.org
9
Message-id: 20191115154734.26449-2-edgar.iglesias@gmail.com
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
---
12
include/hw/arm/xlnx-versal.h | 3 +++
13
hw/arm/boot.c | 3 +++
13
hw/arm/xlnx-versal.c | 2 ++
14
1 file changed, 3 insertions(+)
14
2 files changed, 5 insertions(+)
15
15
16
diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h
16
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
17
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/arm/xlnx-versal.h
18
--- a/hw/arm/boot.c
19
+++ b/include/hw/arm/xlnx-versal.h
19
+++ b/hw/arm/boot.c
20
@@ -XXX,XX +XXX,XX @@ typedef struct Versal {
20
@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
21
#define MM_IOU_SCNTRS_SIZE 0x10000
21
if (cpu_isar_feature(aa64_pauth, cpu)) {
22
#define MM_FPD_CRF 0xfd1a0000U
22
env->cp15.scr_el3 |= SCR_API | SCR_APK;
23
#define MM_FPD_CRF_SIZE 0x140000
23
}
24
+
24
+ if (cpu_isar_feature(aa64_mte, cpu)) {
25
+#define MM_PMC_CRP 0xf1260000U
25
+ env->cp15.scr_el3 |= SCR_ATA;
26
+#define MM_PMC_CRP_SIZE 0x10000
26
+ }
27
#endif
27
/* AArch64 kernels never boot in secure mode */
28
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
28
assert(!info->secure_boot);
29
index XXXXXXX..XXXXXXX 100644
29
/* This hook is only supported for AArch32 currently:
30
--- a/hw/arm/xlnx-versal.c
31
+++ b/hw/arm/xlnx-versal.c
32
@@ -XXX,XX +XXX,XX @@ static void versal_unimp(Versal *s)
33
MM_CRL, MM_CRL_SIZE);
34
versal_unimp_area(s, "crf", &s->mr_ps,
35
MM_FPD_CRF, MM_FPD_CRF_SIZE);
36
+ versal_unimp_area(s, "crp", &s->mr_ps,
37
+ MM_PMC_CRP, MM_PMC_CRP_SIZE);
38
versal_unimp_area(s, "iou-scntr", &s->mr_ps,
39
MM_IOU_SCNTR, MM_IOU_SCNTR_SIZE);
40
versal_unimp_area(s, "iou-scntr-seucre", &s->mr_ps,
41
--
30
--
42
2.20.1
31
2.20.1
43
32
44
33
diff view generated by jsdifflib
[PULL 1/4] target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
[PULL 7/7] target/arm: Improve IMPDEF algorithm for IRG
1
From: Jean-Hugues Deschênes <Jean-Hugues.Deschenes@ossiaco.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
According to the PushStack() pseudocode in the armv7m RM,
3
When GCR_EL1.RRND==1, the choosing of the random value is IMPDEF,
4
bit 4 of the LR should be set to NOT(CONTROL.PFCA) when
4
and the kernel is not expected to have set RGSR_EL1. Force a
5
an FPU is present. Current implementation is doing it for
5
non-zero value into SEED, so that we do not continually return
6
armv8, but not for armv7. This patch makes the existing
6
the same tag.
7
logic applicable to both code paths.
8
7
9
Signed-off-by: Jean-Hugues Deschenes <jean-hugues.deschenes@ossiaco.com>
8
Reported-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20200724163853.504655-4-richard.henderson@linaro.org
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
---
13
target/arm/m_helper.c | 7 +++----
14
target/arm/mte_helper.c | 37 ++++++++++++++++++++++++++++++-------
14
1 file changed, 3 insertions(+), 4 deletions(-)
15
1 file changed, 30 insertions(+), 7 deletions(-)
15
16
16
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
17
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
17
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/m_helper.c
19
--- a/target/arm/mte_helper.c
19
+++ b/target/arm/m_helper.c
20
+++ b/target/arm/mte_helper.c
20
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
21
@@ -XXX,XX +XXX,XX @@
21
if (env->v7m.secure) {
22
#include "exec/ram_addr.h"
22
lr |= R_V7M_EXCRET_S_MASK;
23
#include "exec/cpu_ldst.h"
23
}
24
#include "exec/helper-proto.h"
24
- if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
25
+#include "qapi/error.h"
25
- lr |= R_V7M_EXCRET_FTYPE_MASK;
26
+#include "qemu/guest-random.h"
26
- }
27
27
} else {
28
28
lr = R_V7M_EXCRET_RES1_MASK |
29
static int choose_nonexcluded_tag(int tag, int offset, uint16_t exclude)
29
R_V7M_EXCRET_S_MASK |
30
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
30
R_V7M_EXCRET_DCRS_MASK |
31
31
- R_V7M_EXCRET_FTYPE_MASK |
32
uint64_t HELPER(irg)(CPUARMState *env, uint64_t rn, uint64_t rm)
32
R_V7M_EXCRET_ES_MASK;
33
{
33
if (env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK) {
34
- int rtag;
34
lr |= R_V7M_EXCRET_SPSEL_MASK;
35
-
35
}
36
- /*
36
}
37
- * Our IMPDEF choice for GCR_EL1.RRND==1 is to behave as if
37
+ if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
38
- * GCR_EL1.RRND==0, always producing deterministic results.
38
+ lr |= R_V7M_EXCRET_FTYPE_MASK;
39
- */
40
uint16_t exclude = extract32(rm | env->cp15.gcr_el1, 0, 16);
41
+ int rrnd = extract32(env->cp15.gcr_el1, 16, 1);
42
int start = extract32(env->cp15.rgsr_el1, 0, 4);
43
int seed = extract32(env->cp15.rgsr_el1, 8, 16);
44
- int offset, i;
45
+ int offset, i, rtag;
46
+
47
+ /*
48
+ * Our IMPDEF choice for GCR_EL1.RRND==1 is to continue to use the
49
+ * deterministic algorithm. Except that with RRND==1 the kernel is
50
+ * not required to have set RGSR_EL1.SEED != 0, which is required for
51
+ * the deterministic algorithm to function. So we force a non-zero
52
+ * SEED for that case.
53
+ */
54
+ if (unlikely(seed == 0) && rrnd) {
55
+ do {
56
+ Error *err = NULL;
57
+ uint16_t two;
58
+
59
+ if (qemu_guest_getrandom(&two, sizeof(two), &err) < 0) {
60
+ /*
61
+ * Failed, for unknown reasons in the crypto subsystem.
62
+ * Best we can do is log the reason and use a constant seed.
63
+ */
64
+ qemu_log_mask(LOG_UNIMP, "IRG: Crypto failure: %s\n",
65
+ error_get_pretty(err));
66
+ error_free(err);
67
+ two = 1;
68
+ }
69
+ seed = two;
70
+ } while (seed == 0);
39
+ }
71
+ }
40
if (!arm_v7m_is_handler_mode(env)) {
72
41
lr |= R_V7M_EXCRET_MODE_MASK;
73
/* RandomTag */
42
}
74
for (i = offset = 0; i < 4; ++i) {
43
--
75
--
44
2.20.1
76
2.20.1
45
77
46
78
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.