[PULL 0/4] target-arm queue
[PULL 0/6] target-arm queue
1
Arm patches for rc3 : just a handful of bug fixes.
1
Some small arm bug fixes for rc3.
2
2
3
thanks
4
-- PMM
3
-- PMM
5
4
5
The following changes since commit 9b617b1bb4056e60b39be4c33be20c10928a6a5c:
6
6
7
The following changes since commit 4ecc984210ca1bf508a96a550ec8a93a5f833f6c:
7
Merge tag 'trivial-branch-for-7.0-pull-request' of https://gitlab.com/laurent_vivier/qemu into staging (2022-04-01 10:23:27 +0100)
8
9
Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.2-rc3' into staging (2019-11-26 12:36:40 +0000)
10
8
11
are available in the Git repository at:
9
are available in the Git repository at:
12
10
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20191126
11
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220401
14
12
15
for you to fetch changes up to 6a4ef4e5d1084ce41fafa7d470a644b0fd3d9317:
13
for you to fetch changes up to a5b1e1ab662aa6dc42d5a913080fccbb8bf82e9b:
16
14
17
target/arm: Honor HCR_EL2.TID3 trapping requirements (2019-11-26 13:55:37 +0000)
15
target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen (2022-04-01 15:35:49 +0100)
18
16
19
----------------------------------------------------------------
17
----------------------------------------------------------------
20
target-arm queue:
18
target-arm queue:
21
* handle FTYPE flag correctly in v7M exception return
19
* target/arm: Fix some bugs in secure EL2 handling
22
for v7M CPUs with an FPU (v8M CPUs were already correct)
20
* target/arm: Fix assert when !HAVE_CMPXCHG128
23
* versal: Add the CRP as unimplemented
21
* MAINTAINERS: change Fred Konrad's email address
24
* Fix ISR_EL1 tracking when executing at EL2
25
* Honor HCR_EL2.TID3 trapping requirements
26
22
27
----------------------------------------------------------------
23
----------------------------------------------------------------
28
Edgar E. Iglesias (1):
24
Frederic Konrad (1):
29
hw/arm: versal: Add the CRP as unimplemented
25
MAINTAINERS: change Fred Konrad's email address
30
26
31
Jean-Hugues Deschênes (1):
27
Idan Horowitz (4):
32
target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
28
target/arm: Fix MTE access checks for disabled SEL2
29
target/arm: Check VSTCR.SW when assigning the stage 2 output PA space
30
target/arm: Take VSTCR.SW, VTCR.NSW into account in final stage 2 walk
31
target/arm: Determine final stage 2 output PA space based on original IPA
33
32
34
Marc Zyngier (2):
33
Peter Maydell (1):
35
target/arm: Fix ISR_EL1 tracking when executing at EL2
34
target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen
36
target/arm: Honor HCR_EL2.TID3 trapping requirements
37
35
38
include/hw/arm/xlnx-versal.h | 3 ++
36
target/arm/internals.h | 2 +-
39
hw/arm/xlnx-versal.c | 2 ++
37
target/arm/helper.c | 18 +++++++++++++++---
40
target/arm/helper.c | 83 ++++++++++++++++++++++++++++++++++++++++++--
38
target/arm/translate-a64.c | 7 ++++++-
41
target/arm/m_helper.c | 7 ++--
39
.mailmap | 3 ++-
42
4 files changed, 89 insertions(+), 6 deletions(-)
40
MAINTAINERS | 2 +-
43
41
5 files changed, 25 insertions(+), 7 deletions(-)
diff view generated by jsdifflib
New patch
[PULL 1/6] target/arm: Fix MTE access checks for disabled SEL2
1
From: Idan Horowitz <idan.horowitz@gmail.com>
1
2
3
While not mentioned anywhere in the actual specification text, the
4
HCR_EL2.ATA bit is treated as '1' when EL2 is disabled at the current
5
security state. This can be observed in the psuedo-code implementation
6
of AArch64.AllocationTagAccessIsEnabled().
7
8
Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20220328173107.311267-1-idan.horowitz@gmail.com
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
target/arm/internals.h | 2 +-
14
target/arm/helper.c | 2 +-
15
2 files changed, 2 insertions(+), 2 deletions(-)
16
17
diff --git a/target/arm/internals.h b/target/arm/internals.h
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/internals.h
20
+++ b/target/arm/internals.h
21
@@ -XXX,XX +XXX,XX @@ static inline bool allocation_tag_access_enabled(CPUARMState *env, int el,
22
&& !(env->cp15.scr_el3 & SCR_ATA)) {
23
return false;
24
}
25
- if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
26
+ if (el < 2 && arm_is_el2_enabled(env)) {
27
uint64_t hcr = arm_hcr_el2_eff(env);
28
if (!(hcr & HCR_ATA) && (!(hcr & HCR_E2H) || !(hcr & HCR_TGE))) {
29
return false;
30
diff --git a/target/arm/helper.c b/target/arm/helper.c
31
index XXXXXXX..XXXXXXX 100644
32
--- a/target/arm/helper.c
33
+++ b/target/arm/helper.c
34
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_mte(CPUARMState *env, const ARMCPRegInfo *ri,
35
{
36
int el = arm_current_el(env);
37
38
- if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
39
+ if (el < 2 && arm_is_el2_enabled(env)) {
40
uint64_t hcr = arm_hcr_el2_eff(env);
41
if (!(hcr & HCR_ATA) && (!(hcr & HCR_E2H) || !(hcr & HCR_TGE))) {
42
return CP_ACCESS_TRAP_EL2;
43
--
44
2.25.1
diff view generated by jsdifflib
[PULL 4/4] target/arm: Honor HCR_EL2.TID3 trapping requirements
[PULL 2/6] target/arm: Check VSTCR.SW when assigning the stage 2 output PA space
1
From: Marc Zyngier <maz@kernel.org>
1
From: Idan Horowitz <idan.horowitz@gmail.com>
2
2
3
HCR_EL2.TID3 mandates that access from EL1 to a long list of id
3
As per the AArch64.SS2OutputPASpace() psuedo-code in the ARMv8 ARM when the
4
registers traps to EL2, and QEMU has so far ignored this requirement.
4
PA space of the IPA is non secure, the output PA space is secure if and only
5
if all of the bits VTCR.<NSW, NSA>, VSTCR.<SW, SA> are not set.
5
6
6
This breaks (among other things) KVM guests that have PtrAuth enabled,
7
Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
7
while the hypervisor doesn't want to expose the feature to its guest.
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
To achieve this, KVM traps the ID registers (ID_AA64ISAR1_EL1 in this
9
Message-id: 20220327093427.1548629-2-idan.horowitz@gmail.com
9
case), and masks out the unsupported feature.
10
11
QEMU not honoring the trap request means that the guest observes
12
that the feature is present in the HW, starts using it, and dies
13
a horrible death when KVM injects an UNDEF, because the feature
14
*really* isn't supported.
15
16
Do the right thing by trapping to EL2 if HCR_EL2.TID3 is set.
17
18
Note that this change does not include trapping of the MVFR
19
registers from AArch32 (they are accessed via the VMRS
20
instruction and need to be handled in a different way).
21
22
Reported-by: Will Deacon <will@kernel.org>
23
Signed-off-by: Marc Zyngier <maz@kernel.org>
24
Tested-by: Will Deacon <will@kernel.org>
25
Message-id: 20191123115618.29230-1-maz@kernel.org
26
[PMM: added missing accessfn line for ID_AA4PFR2_EL1_RESERVED;
27
changed names of access functions to include _tid3]
28
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
29
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
30
---
11
---
31
target/arm/helper.c | 76 +++++++++++++++++++++++++++++++++++++++++++++
12
target/arm/helper.c | 2 +-
32
1 file changed, 76 insertions(+)
13
1 file changed, 1 insertion(+), 1 deletion(-)
33
14
34
diff --git a/target/arm/helper.c b/target/arm/helper.c
15
diff --git a/target/arm/helper.c b/target/arm/helper.c
35
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
36
--- a/target/arm/helper.c
17
--- a/target/arm/helper.c
37
+++ b/target/arm/helper.c
18
+++ b/target/arm/helper.c
38
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo predinv_reginfo[] = {
19
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
39
REGINFO_SENTINEL
20
} else {
40
};
21
attrs->secure =
41
22
!((env->cp15.vtcr_el2.raw_tcr & (VTCR_NSA | VTCR_NSW))
42
+static CPAccessResult access_aa64_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
23
- || (env->cp15.vstcr_el2.raw_tcr & VSTCR_SA));
43
+ bool isread)
24
+ || (env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW)));
44
+{
25
}
45
+ if ((arm_current_el(env) < 2) && (arm_hcr_el2_eff(env) & HCR_TID3)) {
26
}
46
+ return CP_ACCESS_TRAP_EL2;
27
return 0;
47
+ }
48
+
49
+ return CP_ACCESS_OK;
50
+}
51
+
52
+static CPAccessResult access_aa32_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
53
+ bool isread)
54
+{
55
+ if (arm_feature(env, ARM_FEATURE_V8)) {
56
+ return access_aa64_tid3(env, ri, isread);
57
+ }
58
+
59
+ return CP_ACCESS_OK;
60
+}
61
+
62
void register_cp_regs_for_features(ARMCPU *cpu)
63
{
64
/* Register all the coprocessor registers based on feature bits */
65
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
66
{ .name = "ID_PFR0", .state = ARM_CP_STATE_BOTH,
67
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 0,
68
.access = PL1_R, .type = ARM_CP_CONST,
69
+ .accessfn = access_aa32_tid3,
70
.resetvalue = cpu->id_pfr0 },
71
/* ID_PFR1 is not a plain ARM_CP_CONST because we don't know
72
* the value of the GIC field until after we define these regs.
73
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
74
{ .name = "ID_PFR1", .state = ARM_CP_STATE_BOTH,
75
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 1,
76
.access = PL1_R, .type = ARM_CP_NO_RAW,
77
+ .accessfn = access_aa32_tid3,
78
.readfn = id_pfr1_read,
79
.writefn = arm_cp_write_ignore },
80
{ .name = "ID_DFR0", .state = ARM_CP_STATE_BOTH,
81
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 2,
82
.access = PL1_R, .type = ARM_CP_CONST,
83
+ .accessfn = access_aa32_tid3,
84
.resetvalue = cpu->id_dfr0 },
85
{ .name = "ID_AFR0", .state = ARM_CP_STATE_BOTH,
86
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 3,
87
.access = PL1_R, .type = ARM_CP_CONST,
88
+ .accessfn = access_aa32_tid3,
89
.resetvalue = cpu->id_afr0 },
90
{ .name = "ID_MMFR0", .state = ARM_CP_STATE_BOTH,
91
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 4,
92
.access = PL1_R, .type = ARM_CP_CONST,
93
+ .accessfn = access_aa32_tid3,
94
.resetvalue = cpu->id_mmfr0 },
95
{ .name = "ID_MMFR1", .state = ARM_CP_STATE_BOTH,
96
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 5,
97
.access = PL1_R, .type = ARM_CP_CONST,
98
+ .accessfn = access_aa32_tid3,
99
.resetvalue = cpu->id_mmfr1 },
100
{ .name = "ID_MMFR2", .state = ARM_CP_STATE_BOTH,
101
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 6,
102
.access = PL1_R, .type = ARM_CP_CONST,
103
+ .accessfn = access_aa32_tid3,
104
.resetvalue = cpu->id_mmfr2 },
105
{ .name = "ID_MMFR3", .state = ARM_CP_STATE_BOTH,
106
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 7,
107
.access = PL1_R, .type = ARM_CP_CONST,
108
+ .accessfn = access_aa32_tid3,
109
.resetvalue = cpu->id_mmfr3 },
110
{ .name = "ID_ISAR0", .state = ARM_CP_STATE_BOTH,
111
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
112
.access = PL1_R, .type = ARM_CP_CONST,
113
+ .accessfn = access_aa32_tid3,
114
.resetvalue = cpu->isar.id_isar0 },
115
{ .name = "ID_ISAR1", .state = ARM_CP_STATE_BOTH,
116
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 1,
117
.access = PL1_R, .type = ARM_CP_CONST,
118
+ .accessfn = access_aa32_tid3,
119
.resetvalue = cpu->isar.id_isar1 },
120
{ .name = "ID_ISAR2", .state = ARM_CP_STATE_BOTH,
121
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
122
.access = PL1_R, .type = ARM_CP_CONST,
123
+ .accessfn = access_aa32_tid3,
124
.resetvalue = cpu->isar.id_isar2 },
125
{ .name = "ID_ISAR3", .state = ARM_CP_STATE_BOTH,
126
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 3,
127
.access = PL1_R, .type = ARM_CP_CONST,
128
+ .accessfn = access_aa32_tid3,
129
.resetvalue = cpu->isar.id_isar3 },
130
{ .name = "ID_ISAR4", .state = ARM_CP_STATE_BOTH,
131
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 4,
132
.access = PL1_R, .type = ARM_CP_CONST,
133
+ .accessfn = access_aa32_tid3,
134
.resetvalue = cpu->isar.id_isar4 },
135
{ .name = "ID_ISAR5", .state = ARM_CP_STATE_BOTH,
136
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 5,
137
.access = PL1_R, .type = ARM_CP_CONST,
138
+ .accessfn = access_aa32_tid3,
139
.resetvalue = cpu->isar.id_isar5 },
140
{ .name = "ID_MMFR4", .state = ARM_CP_STATE_BOTH,
141
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 6,
142
.access = PL1_R, .type = ARM_CP_CONST,
143
+ .accessfn = access_aa32_tid3,
144
.resetvalue = cpu->id_mmfr4 },
145
{ .name = "ID_ISAR6", .state = ARM_CP_STATE_BOTH,
146
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 7,
147
.access = PL1_R, .type = ARM_CP_CONST,
148
+ .accessfn = access_aa32_tid3,
149
.resetvalue = cpu->isar.id_isar6 },
150
REGINFO_SENTINEL
151
};
152
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
153
{ .name = "ID_AA64PFR0_EL1", .state = ARM_CP_STATE_AA64,
154
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 0,
155
.access = PL1_R, .type = ARM_CP_NO_RAW,
156
+ .accessfn = access_aa64_tid3,
157
.readfn = id_aa64pfr0_read,
158
.writefn = arm_cp_write_ignore },
159
{ .name = "ID_AA64PFR1_EL1", .state = ARM_CP_STATE_AA64,
160
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 1,
161
.access = PL1_R, .type = ARM_CP_CONST,
162
+ .accessfn = access_aa64_tid3,
163
.resetvalue = cpu->isar.id_aa64pfr1},
164
{ .name = "ID_AA64PFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
165
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 2,
166
.access = PL1_R, .type = ARM_CP_CONST,
167
+ .accessfn = access_aa64_tid3,
168
.resetvalue = 0 },
169
{ .name = "ID_AA64PFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
170
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 3,
171
.access = PL1_R, .type = ARM_CP_CONST,
172
+ .accessfn = access_aa64_tid3,
173
.resetvalue = 0 },
174
{ .name = "ID_AA64ZFR0_EL1", .state = ARM_CP_STATE_AA64,
175
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 4,
176
.access = PL1_R, .type = ARM_CP_CONST,
177
+ .accessfn = access_aa64_tid3,
178
/* At present, only SVEver == 0 is defined anyway. */
179
.resetvalue = 0 },
180
{ .name = "ID_AA64PFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
181
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 5,
182
.access = PL1_R, .type = ARM_CP_CONST,
183
+ .accessfn = access_aa64_tid3,
184
.resetvalue = 0 },
185
{ .name = "ID_AA64PFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
186
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 6,
187
.access = PL1_R, .type = ARM_CP_CONST,
188
+ .accessfn = access_aa64_tid3,
189
.resetvalue = 0 },
190
{ .name = "ID_AA64PFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
191
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 7,
192
.access = PL1_R, .type = ARM_CP_CONST,
193
+ .accessfn = access_aa64_tid3,
194
.resetvalue = 0 },
195
{ .name = "ID_AA64DFR0_EL1", .state = ARM_CP_STATE_AA64,
196
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 0,
197
.access = PL1_R, .type = ARM_CP_CONST,
198
+ .accessfn = access_aa64_tid3,
199
.resetvalue = cpu->id_aa64dfr0 },
200
{ .name = "ID_AA64DFR1_EL1", .state = ARM_CP_STATE_AA64,
201
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 1,
202
.access = PL1_R, .type = ARM_CP_CONST,
203
+ .accessfn = access_aa64_tid3,
204
.resetvalue = cpu->id_aa64dfr1 },
205
{ .name = "ID_AA64DFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
206
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 2,
207
.access = PL1_R, .type = ARM_CP_CONST,
208
+ .accessfn = access_aa64_tid3,
209
.resetvalue = 0 },
210
{ .name = "ID_AA64DFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
211
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 3,
212
.access = PL1_R, .type = ARM_CP_CONST,
213
+ .accessfn = access_aa64_tid3,
214
.resetvalue = 0 },
215
{ .name = "ID_AA64AFR0_EL1", .state = ARM_CP_STATE_AA64,
216
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 4,
217
.access = PL1_R, .type = ARM_CP_CONST,
218
+ .accessfn = access_aa64_tid3,
219
.resetvalue = cpu->id_aa64afr0 },
220
{ .name = "ID_AA64AFR1_EL1", .state = ARM_CP_STATE_AA64,
221
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 5,
222
.access = PL1_R, .type = ARM_CP_CONST,
223
+ .accessfn = access_aa64_tid3,
224
.resetvalue = cpu->id_aa64afr1 },
225
{ .name = "ID_AA64AFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
226
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 6,
227
.access = PL1_R, .type = ARM_CP_CONST,
228
+ .accessfn = access_aa64_tid3,
229
.resetvalue = 0 },
230
{ .name = "ID_AA64AFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
231
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 7,
232
.access = PL1_R, .type = ARM_CP_CONST,
233
+ .accessfn = access_aa64_tid3,
234
.resetvalue = 0 },
235
{ .name = "ID_AA64ISAR0_EL1", .state = ARM_CP_STATE_AA64,
236
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 0,
237
.access = PL1_R, .type = ARM_CP_CONST,
238
+ .accessfn = access_aa64_tid3,
239
.resetvalue = cpu->isar.id_aa64isar0 },
240
{ .name = "ID_AA64ISAR1_EL1", .state = ARM_CP_STATE_AA64,
241
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 1,
242
.access = PL1_R, .type = ARM_CP_CONST,
243
+ .accessfn = access_aa64_tid3,
244
.resetvalue = cpu->isar.id_aa64isar1 },
245
{ .name = "ID_AA64ISAR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
246
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
247
.access = PL1_R, .type = ARM_CP_CONST,
248
+ .accessfn = access_aa64_tid3,
249
.resetvalue = 0 },
250
{ .name = "ID_AA64ISAR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
251
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 3,
252
.access = PL1_R, .type = ARM_CP_CONST,
253
+ .accessfn = access_aa64_tid3,
254
.resetvalue = 0 },
255
{ .name = "ID_AA64ISAR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
256
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 4,
257
.access = PL1_R, .type = ARM_CP_CONST,
258
+ .accessfn = access_aa64_tid3,
259
.resetvalue = 0 },
260
{ .name = "ID_AA64ISAR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
261
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 5,
262
.access = PL1_R, .type = ARM_CP_CONST,
263
+ .accessfn = access_aa64_tid3,
264
.resetvalue = 0 },
265
{ .name = "ID_AA64ISAR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
266
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 6,
267
.access = PL1_R, .type = ARM_CP_CONST,
268
+ .accessfn = access_aa64_tid3,
269
.resetvalue = 0 },
270
{ .name = "ID_AA64ISAR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
271
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 7,
272
.access = PL1_R, .type = ARM_CP_CONST,
273
+ .accessfn = access_aa64_tid3,
274
.resetvalue = 0 },
275
{ .name = "ID_AA64MMFR0_EL1", .state = ARM_CP_STATE_AA64,
276
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
277
.access = PL1_R, .type = ARM_CP_CONST,
278
+ .accessfn = access_aa64_tid3,
279
.resetvalue = cpu->isar.id_aa64mmfr0 },
280
{ .name = "ID_AA64MMFR1_EL1", .state = ARM_CP_STATE_AA64,
281
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 1,
282
.access = PL1_R, .type = ARM_CP_CONST,
283
+ .accessfn = access_aa64_tid3,
284
.resetvalue = cpu->isar.id_aa64mmfr1 },
285
{ .name = "ID_AA64MMFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
286
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 2,
287
.access = PL1_R, .type = ARM_CP_CONST,
288
+ .accessfn = access_aa64_tid3,
289
.resetvalue = 0 },
290
{ .name = "ID_AA64MMFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
291
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 3,
292
.access = PL1_R, .type = ARM_CP_CONST,
293
+ .accessfn = access_aa64_tid3,
294
.resetvalue = 0 },
295
{ .name = "ID_AA64MMFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
296
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 4,
297
.access = PL1_R, .type = ARM_CP_CONST,
298
+ .accessfn = access_aa64_tid3,
299
.resetvalue = 0 },
300
{ .name = "ID_AA64MMFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
301
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 5,
302
.access = PL1_R, .type = ARM_CP_CONST,
303
+ .accessfn = access_aa64_tid3,
304
.resetvalue = 0 },
305
{ .name = "ID_AA64MMFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
306
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 6,
307
.access = PL1_R, .type = ARM_CP_CONST,
308
+ .accessfn = access_aa64_tid3,
309
.resetvalue = 0 },
310
{ .name = "ID_AA64MMFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
311
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 7,
312
.access = PL1_R, .type = ARM_CP_CONST,
313
+ .accessfn = access_aa64_tid3,
314
.resetvalue = 0 },
315
{ .name = "MVFR0_EL1", .state = ARM_CP_STATE_AA64,
316
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 0,
317
.access = PL1_R, .type = ARM_CP_CONST,
318
+ .accessfn = access_aa64_tid3,
319
.resetvalue = cpu->isar.mvfr0 },
320
{ .name = "MVFR1_EL1", .state = ARM_CP_STATE_AA64,
321
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 1,
322
.access = PL1_R, .type = ARM_CP_CONST,
323
+ .accessfn = access_aa64_tid3,
324
.resetvalue = cpu->isar.mvfr1 },
325
{ .name = "MVFR2_EL1", .state = ARM_CP_STATE_AA64,
326
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2,
327
.access = PL1_R, .type = ARM_CP_CONST,
328
+ .accessfn = access_aa64_tid3,
329
.resetvalue = cpu->isar.mvfr2 },
330
{ .name = "MVFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
331
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 3,
332
.access = PL1_R, .type = ARM_CP_CONST,
333
+ .accessfn = access_aa64_tid3,
334
.resetvalue = 0 },
335
{ .name = "MVFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
336
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 4,
337
.access = PL1_R, .type = ARM_CP_CONST,
338
+ .accessfn = access_aa64_tid3,
339
.resetvalue = 0 },
340
{ .name = "MVFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
341
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 5,
342
.access = PL1_R, .type = ARM_CP_CONST,
343
+ .accessfn = access_aa64_tid3,
344
.resetvalue = 0 },
345
{ .name = "MVFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
346
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 6,
347
.access = PL1_R, .type = ARM_CP_CONST,
348
+ .accessfn = access_aa64_tid3,
349
.resetvalue = 0 },
350
{ .name = "MVFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
351
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 7,
352
.access = PL1_R, .type = ARM_CP_CONST,
353
+ .accessfn = access_aa64_tid3,
354
.resetvalue = 0 },
355
{ .name = "PMCEID0", .state = ARM_CP_STATE_AA32,
356
.cp = 15, .opc1 = 0, .crn = 9, .crm = 12, .opc2 = 6,
357
--
28
--
358
2.20.1
29
2.25.1
359
360
diff view generated by jsdifflib
[PULL 3/4] target/arm: Fix ISR_EL1 tracking when executing at EL2
[PULL 3/6] target/arm: Take VSTCR.SW, VTCR.NSW into account in final stage 2 walk
1
From: Marc Zyngier <maz@kernel.org>
1
From: Idan Horowitz <idan.horowitz@gmail.com>
2
2
3
The ARMv8 ARM states when executing at EL2, EL3 or Secure EL1,
3
As per the AArch64.SS2InitialTTWState() psuedo-code in the ARMv8 ARM the
4
ISR_EL1 shows the pending status of the physical IRQ, FIQ, or
4
initial PA space used for stage 2 table walks is assigned based on the SW
5
SError interrupts.
5
and NSW bits of the VSTCR and VTCR registers.
6
This was already implemented for the recursive stage 2 page table walks
7
in S1_ptw_translate(), but was missing for the final stage 2 walk.
6
8
7
Unfortunately, QEMU's implementation only considers the HCR_EL2
9
Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
8
bits, and ignores the current exception level. This means a hypervisor
10
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
trying to look at its own interrupt state actually sees the guest
11
Message-id: 20220327093427.1548629-3-idan.horowitz@gmail.com
10
state, which is unexpected and breaks KVM as of Linux 5.3.
11
12
Instead, check for the running EL and return the physical bits
13
if not running in a virtualized context.
14
15
Fixes: 636540e9c40b
16
Cc: qemu-stable@nongnu.org
17
Reported-by: Quentin Perret <qperret@google.com>
18
Signed-off-by: Marc Zyngier <maz@kernel.org>
19
Message-id: 20191122135833.28953-1-maz@kernel.org
20
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
21
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
---
13
---
24
target/arm/helper.c | 7 +++++--
14
target/arm/helper.c | 10 ++++++++++
25
1 file changed, 5 insertions(+), 2 deletions(-)
15
1 file changed, 10 insertions(+)
26
16
27
diff --git a/target/arm/helper.c b/target/arm/helper.c
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
28
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
29
--- a/target/arm/helper.c
19
--- a/target/arm/helper.c
30
+++ b/target/arm/helper.c
20
+++ b/target/arm/helper.c
31
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
21
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
32
CPUState *cs = env_cpu(env);
22
return ret;
33
uint64_t hcr_el2 = arm_hcr_el2_eff(env);
23
}
34
uint64_t ret = 0;
24
35
+ bool allow_virt = (arm_current_el(env) == 1 &&
25
+ if (arm_is_secure_below_el3(env)) {
36
+ (!arm_is_secure_below_el3(env) ||
26
+ if (attrs->secure) {
37
+ (env->cp15.scr_el3 & SCR_EEL2)));
27
+ attrs->secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
38
28
+ } else {
39
- if (hcr_el2 & HCR_IMO) {
29
+ attrs->secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
40
+ if (allow_virt && (hcr_el2 & HCR_IMO)) {
30
+ }
41
if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) {
31
+ } else {
42
ret |= CPSR_I;
32
+ assert(!attrs->secure);
43
}
33
+ }
44
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
34
+
45
}
35
s2_mmu_idx = attrs->secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
46
}
36
is_el0 = mmu_idx == ARMMMUIdx_E10_0 || mmu_idx == ARMMMUIdx_SE10_0;
47
37
48
- if (hcr_el2 & HCR_FMO) {
49
+ if (allow_virt && (hcr_el2 & HCR_FMO)) {
50
if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) {
51
ret |= CPSR_F;
52
}
53
--
38
--
54
2.20.1
39
2.25.1
55
56
diff view generated by jsdifflib
[PULL 2/4] hw/arm: versal: Add the CRP as unimplemented
[PULL 4/6] target/arm: Determine final stage 2 output PA space based on original IPA
1
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
1
From: Idan Horowitz <idan.horowitz@gmail.com>
2
2
3
Add the CRP as unimplemented thus avoiding bus errors when
3
As per the AArch64.S2Walk() pseudo-code in the ARMv8 ARM, the final
4
guests access these registers.
4
decision as to the output address's PA space based on the SA/SW/NSA/NSW
5
bits needs to take the input IPA's PA space into account, and not the
6
PA space of the result of the stage 2 walk itself.
5
7
6
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
8
Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com>
7
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
10
Message-id: 20220327093427.1548629-4-idan.horowitz@gmail.com
9
Message-id: 20191115154734.26449-2-edgar.iglesias@gmail.com
11
[PMM: fixed commit message typo]
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
13
---
12
include/hw/arm/xlnx-versal.h | 3 +++
14
target/arm/helper.c | 8 +++++---
13
hw/arm/xlnx-versal.c | 2 ++
15
1 file changed, 5 insertions(+), 3 deletions(-)
14
2 files changed, 5 insertions(+)
15
16
16
diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
17
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/arm/xlnx-versal.h
19
--- a/target/arm/helper.c
19
+++ b/include/hw/arm/xlnx-versal.h
20
+++ b/target/arm/helper.c
20
@@ -XXX,XX +XXX,XX @@ typedef struct Versal {
21
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
21
#define MM_IOU_SCNTRS_SIZE 0x10000
22
hwaddr ipa;
22
#define MM_FPD_CRF 0xfd1a0000U
23
int s2_prot;
23
#define MM_FPD_CRF_SIZE 0x140000
24
int ret;
24
+
25
+ bool ipa_secure;
25
+#define MM_PMC_CRP 0xf1260000U
26
ARMCacheAttrs cacheattrs2 = {};
26
+#define MM_PMC_CRP_SIZE 0x10000
27
ARMMMUIdx s2_mmu_idx;
27
#endif
28
bool is_el0;
28
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
29
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
29
index XXXXXXX..XXXXXXX 100644
30
return ret;
30
--- a/hw/arm/xlnx-versal.c
31
}
31
+++ b/hw/arm/xlnx-versal.c
32
32
@@ -XXX,XX +XXX,XX @@ static void versal_unimp(Versal *s)
33
+ ipa_secure = attrs->secure;
33
MM_CRL, MM_CRL_SIZE);
34
if (arm_is_secure_below_el3(env)) {
34
versal_unimp_area(s, "crf", &s->mr_ps,
35
- if (attrs->secure) {
35
MM_FPD_CRF, MM_FPD_CRF_SIZE);
36
+ if (ipa_secure) {
36
+ versal_unimp_area(s, "crp", &s->mr_ps,
37
attrs->secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
37
+ MM_PMC_CRP, MM_PMC_CRP_SIZE);
38
} else {
38
versal_unimp_area(s, "iou-scntr", &s->mr_ps,
39
attrs->secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
39
MM_IOU_SCNTR, MM_IOU_SCNTR_SIZE);
40
}
40
versal_unimp_area(s, "iou-scntr-seucre", &s->mr_ps,
41
} else {
42
- assert(!attrs->secure);
43
+ assert(!ipa_secure);
44
}
45
46
s2_mmu_idx = attrs->secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
47
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
48
49
/* Check if IPA translates to secure or non-secure PA space. */
50
if (arm_is_secure_below_el3(env)) {
51
- if (attrs->secure) {
52
+ if (ipa_secure) {
53
attrs->secure =
54
!(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW));
55
} else {
41
--
56
--
42
2.20.1
57
2.25.1
43
44
diff view generated by jsdifflib
[PULL 1/4] target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
[PULL 5/6] MAINTAINERS: change Fred Konrad's email address
1
From: Jean-Hugues Deschênes <Jean-Hugues.Deschenes@ossiaco.com>
1
From: Frederic Konrad <konrad@adacore.com>
2
2
3
According to the PushStack() pseudocode in the armv7m RM,
3
frederic.konrad@adacore.com and konrad@adacore.com will stop working starting
4
bit 4 of the LR should be set to NOT(CONTROL.PFCA) when
4
2022-04-01.
5
an FPU is present. Current implementation is doing it for
6
armv8, but not for armv7. This patch makes the existing
7
logic applicable to both code paths.
8
5
9
Signed-off-by: Jean-Hugues Deschenes <jean-hugues.deschenes@ossiaco.com>
6
Use my personal email instead.
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
8
Signed-off-by: Frederic Konrad <frederic.konrad@adacore.com>
9
Reviewed-by: Fabien Chouteau <chouteau@adacore.com <clg@kaod.org>>
10
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
11
Message-id: 1648643217-15811-1-git-send-email-frederic.konrad@adacore.com
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
---
13
target/arm/m_helper.c | 7 +++----
14
.mailmap | 3 ++-
14
1 file changed, 3 insertions(+), 4 deletions(-)
15
MAINTAINERS | 2 +-
16
2 files changed, 3 insertions(+), 2 deletions(-)
15
17
16
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
18
diff --git a/.mailmap b/.mailmap
17
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/m_helper.c
20
--- a/.mailmap
19
+++ b/target/arm/m_helper.c
21
+++ b/.mailmap
20
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
22
@@ -XXX,XX +XXX,XX @@ Alexander Graf <agraf@csgraf.de> <agraf@suse.de>
21
if (env->v7m.secure) {
23
Anthony Liguori <anthony@codemonkey.ws> Anthony Liguori <aliguori@us.ibm.com>
22
lr |= R_V7M_EXCRET_S_MASK;
24
Christian Borntraeger <borntraeger@linux.ibm.com> <borntraeger@de.ibm.com>
23
}
25
Filip Bozuta <filip.bozuta@syrmia.com> <filip.bozuta@rt-rk.com.com>
24
- if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
26
-Frederic Konrad <konrad@adacore.com> <fred.konrad@greensocs.com>
25
- lr |= R_V7M_EXCRET_FTYPE_MASK;
27
+Frederic Konrad <konrad.frederic@yahoo.fr> <fred.konrad@greensocs.com>
26
- }
28
+Frederic Konrad <konrad.frederic@yahoo.fr> <konrad@adacore.com>
27
} else {
29
Greg Kurz <groug@kaod.org> <gkurz@linux.vnet.ibm.com>
28
lr = R_V7M_EXCRET_RES1_MASK |
30
Huacai Chen <chenhuacai@kernel.org> <chenhc@lemote.com>
29
R_V7M_EXCRET_S_MASK |
31
Huacai Chen <chenhuacai@kernel.org> <chenhuacai@loongson.cn>
30
R_V7M_EXCRET_DCRS_MASK |
32
diff --git a/MAINTAINERS b/MAINTAINERS
31
- R_V7M_EXCRET_FTYPE_MASK |
33
index XXXXXXX..XXXXXXX 100644
32
R_V7M_EXCRET_ES_MASK;
34
--- a/MAINTAINERS
33
if (env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK) {
35
+++ b/MAINTAINERS
34
lr |= R_V7M_EXCRET_SPSEL_MASK;
36
@@ -XXX,XX +XXX,XX @@ F: include/hw/rtc/sun4v-rtc.h
35
}
37
36
}
38
Leon3
37
+ if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
39
M: Fabien Chouteau <chouteau@adacore.com>
38
+ lr |= R_V7M_EXCRET_FTYPE_MASK;
40
-M: KONRAD Frederic <frederic.konrad@adacore.com>
39
+ }
41
+M: Frederic Konrad <konrad.frederic@yahoo.fr>
40
if (!arm_v7m_is_handler_mode(env)) {
42
S: Maintained
41
lr |= R_V7M_EXCRET_MODE_MASK;
43
F: hw/sparc/leon3.c
42
}
44
F: hw/*/grlib*
43
--
45
--
44
2.20.1
46
2.25.1
45
47
46
48
diff view generated by jsdifflib
New patch
[PULL 6/6] target/arm: Don't use DISAS_NORETURN in STXP !HAVE_CMPXCHG128 codegen
1
In gen_store_exclusive(), if the host does not have a cmpxchg128
2
primitive then we generate bad code for STXP for storing two 64-bit
3
values. We generate a call to the exit_atomic helper, which never
4
returns, and set is_jmp to DISAS_NORETURN. However, this is
5
forgetting that we have already emitted a brcond that jumps over this
6
call for the case where we don't hold the exclusive. The effect is
7
that we don't generate any code to end the TB for the
8
exclusive-not-held execution path, which falls into the "exit with
9
TB_EXIT_REQUESTED" code that gen_tb_end() emits. This then causes an
10
assert at runtime when cpu_loop_exec_tb() sees an EXIT_REQUESTED TB
11
return that wasn't for an interrupt or icount.
1
12
13
In particular, you can hit this case when using the clang sanitizers
14
and trying to run the xlnx-versal-virt acceptance test in 'make
15
check-acceptance'. This bug was masked until commit 848126d11e93ff
16
("meson: move int128 checks from configure") because we used to set
17
CONFIG_CMPXCHG128=1 and avoid the buggy codepath, but after that we
18
do not.
19
20
Fix the bug by not setting is_jmp. The code after the exit_atomic
21
call up to the fail_label is dead, but TCG is smart enough to
22
eliminate it. We do need to set 'tmp' to some valid value, though
23
(in the same way the exit_atomic-using code in tcg/tcg-op.c does).
24
25
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/953
26
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
27
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
28
Message-id: 20220331150858.96348-1-peter.maydell@linaro.org
29
---
30
target/arm/translate-a64.c | 7 ++++++-
31
1 file changed, 6 insertions(+), 1 deletion(-)
32
33
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
34
index XXXXXXX..XXXXXXX 100644
35
--- a/target/arm/translate-a64.c
36
+++ b/target/arm/translate-a64.c
37
@@ -XXX,XX +XXX,XX @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
38
} else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
39
if (!HAVE_CMPXCHG128) {
40
gen_helper_exit_atomic(cpu_env);
41
- s->base.is_jmp = DISAS_NORETURN;
42
+ /*
43
+ * Produce a result so we have a well-formed opcode
44
+ * stream when the following (dead) code uses 'tmp'.
45
+ * TCG will remove the dead ops for us.
46
+ */
47
+ tcg_gen_movi_i64(tmp, 0);
48
} else if (s->be_data == MO_LE) {
49
gen_helper_paired_cmpxchg64_le_parallel(tmp, cpu_env,
50
cpu_exclusive_addr,
51
--
52
2.25.1
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.