[PULL 0/4] target-arm queue
[PULL 00/12] target-arm queue
1
Arm patches for rc3 : just a handful of bug fixes.
1
Hi; here's a relatively small target-arm queue, pretty much all
2
bug fixes. (There are a few non-arm patches that I've thrown in
3
there too for my convenience :-))
2
4
3
thanks
5
thanks
4
-- PMM
6
-- PMM
5
7
8
The following changes since commit 278238505d28d292927bff7683f39fb4fbca7fd1:
6
9
7
The following changes since commit 4ecc984210ca1bf508a96a550ec8a93a5f833f6c:
10
Merge tag 'pull-tcg-20230511-2' of https://gitlab.com/rth7680/qemu into staging (2023-05-11 11:44:23 +0100)
8
9
Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.2-rc3' into staging (2019-11-26 12:36:40 +0000)
10
11
11
are available in the Git repository at:
12
are available in the Git repository at:
12
13
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20191126
14
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230512
14
15
15
for you to fetch changes up to 6a4ef4e5d1084ce41fafa7d470a644b0fd3d9317:
16
for you to fetch changes up to 478dccbb99db0bf8f00537dd0b4d0de88d5cb537:
16
17
17
target/arm: Honor HCR_EL2.TID3 trapping requirements (2019-11-26 13:55:37 +0000)
18
target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check (2023-05-12 16:01:25 +0100)
18
19
19
----------------------------------------------------------------
20
----------------------------------------------------------------
20
target-arm queue:
21
target-arm queue:
21
* handle FTYPE flag correctly in v7M exception return
22
* More refactoring of files into tcg/
22
for v7M CPUs with an FPU (v8M CPUs were already correct)
23
* Don't allow stage 2 page table walks to downgrade to NS
23
* versal: Add the CRP as unimplemented
24
* Fix handling of SW and NSW bits for stage 2 walks
24
* Fix ISR_EL1 tracking when executing at EL2
25
* MAINTAINERS: Update Akihiko Odaki's email address
25
* Honor HCR_EL2.TID3 trapping requirements
26
* ui: Fix pixel colour channel order for PNG screenshots
27
* docs: Remove unused weirdly-named cross-reference targets
28
* hw/mips/malta: Fix minor dead code issue
29
* Fixes for the "allow CONFIG_TCG=n" changes
30
* tests/qtest: Don't run cdrom boot tests if no accelerator is present
31
* target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check
26
32
27
----------------------------------------------------------------
33
----------------------------------------------------------------
28
Edgar E. Iglesias (1):
34
Akihiko Odaki (1):
29
hw/arm: versal: Add the CRP as unimplemented
35
MAINTAINERS: Update Akihiko Odaki's email address
30
36
31
Jean-Hugues Deschênes (1):
37
Fabiano Rosas (3):
32
target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
38
target/arm: Select SEMIHOSTING when using TCG
39
target/arm: Select CONFIG_ARM_V7M when TCG is enabled
40
tests/qtest: Don't run cdrom boot tests if no accelerator is present
33
41
34
Marc Zyngier (2):
42
Peter Maydell (6):
35
target/arm: Fix ISR_EL1 tracking when executing at EL2
43
target/arm: Don't allow stage 2 page table walks to downgrade to NS
36
target/arm: Honor HCR_EL2.TID3 trapping requirements
44
target/arm: Fix handling of SW and NSW bits for stage 2 walks
45
ui: Fix pixel colour channel order for PNG screenshots
46
docs: Remove unused weirdly-named cross-reference targets
47
hw/mips/malta: Fix minor dead code issue
48
target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check
37
49
38
include/hw/arm/xlnx-versal.h | 3 ++
50
Richard Henderson (2):
39
hw/arm/xlnx-versal.c | 2 ++
51
target/arm: Move translate-a32.h, arm_ldst.h, sve_ldst_internal.h to tcg/
40
target/arm/helper.c | 83 ++++++++++++++++++++++++++++++++++++++++++--
52
target/arm: Move helper-{a64,mve,sme,sve}.h to tcg/
41
target/arm/m_helper.c | 7 ++--
42
4 files changed, 89 insertions(+), 6 deletions(-)
43
53
54
MAINTAINERS | 4 +-
55
docs/system/devices/igb.rst | 2 +-
56
docs/system/devices/ivshmem.rst | 2 -
57
docs/system/devices/net.rst | 2 +-
58
docs/system/devices/usb.rst | 2 -
59
docs/system/keys.rst | 2 +-
60
docs/system/linuxboot.rst | 2 +-
61
docs/system/target-i386.rst | 4 --
62
target/arm/helper.h | 8 +--
63
target/arm/internals.h | 12 +++-
64
target/arm/{ => tcg}/arm_ldst.h | 0
65
target/arm/{ => tcg}/helper-a64.h | 0
66
target/arm/{ => tcg}/helper-mve.h | 0
67
target/arm/{ => tcg}/helper-sme.h | 0
68
target/arm/{ => tcg}/helper-sve.h | 0
69
target/arm/{ => tcg}/sve_ldst_internal.h | 0
70
target/arm/{ => tcg}/translate-a32.h | 0
71
hw/mips/malta.c | 5 +-
72
target/arm/gdbstub64.c | 2 +-
73
target/arm/helper.c | 15 ++++-
74
target/arm/ptw.c | 95 +++++++++++++++++++-------------
75
target/arm/tcg/pauth_helper.c | 6 +-
76
tests/qtest/cdrom-test.c | 10 ++++
77
ui/console.c | 4 +-
78
target/arm/Kconfig | 9 +--
79
25 files changed, 109 insertions(+), 77 deletions(-)
80
rename target/arm/{ => tcg}/arm_ldst.h (100%)
81
rename target/arm/{ => tcg}/helper-a64.h (100%)
82
rename target/arm/{ => tcg}/helper-mve.h (100%)
83
rename target/arm/{ => tcg}/helper-sme.h (100%)
84
rename target/arm/{ => tcg}/helper-sve.h (100%)
85
rename target/arm/{ => tcg}/sve_ldst_internal.h (100%)
86
rename target/arm/{ => tcg}/translate-a32.h (100%)
diff view generated by jsdifflib
New patch
[PULL 01/12] target/arm: Move translate-a32.h, arm_ldst.h, sve_ldst_internal.h to tcg/
1
From: Richard Henderson <richard.henderson@linaro.org>
1
2
3
These files got missed when populating tcg/.
4
Because they are included with "", no change to the users required.
5
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Fabiano Rosas <farosas@suse.de>
8
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9
Message-id: 20230504110412.1892411-2-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
target/arm/{ => tcg}/arm_ldst.h | 0
13
target/arm/{ => tcg}/sve_ldst_internal.h | 0
14
target/arm/{ => tcg}/translate-a32.h | 0
15
3 files changed, 0 insertions(+), 0 deletions(-)
16
rename target/arm/{ => tcg}/arm_ldst.h (100%)
17
rename target/arm/{ => tcg}/sve_ldst_internal.h (100%)
18
rename target/arm/{ => tcg}/translate-a32.h (100%)
19
20
diff --git a/target/arm/arm_ldst.h b/target/arm/tcg/arm_ldst.h
21
similarity index 100%
22
rename from target/arm/arm_ldst.h
23
rename to target/arm/tcg/arm_ldst.h
24
diff --git a/target/arm/sve_ldst_internal.h b/target/arm/tcg/sve_ldst_internal.h
25
similarity index 100%
26
rename from target/arm/sve_ldst_internal.h
27
rename to target/arm/tcg/sve_ldst_internal.h
28
diff --git a/target/arm/translate-a32.h b/target/arm/tcg/translate-a32.h
29
similarity index 100%
30
rename from target/arm/translate-a32.h
31
rename to target/arm/tcg/translate-a32.h
32
--
33
2.34.1
34
35
diff view generated by jsdifflib
[PULL 2/4] hw/arm: versal: Add the CRP as unimplemented
[PULL 02/12] target/arm: Move helper-{a64,mve,sme,sve}.h to tcg/
1
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Add the CRP as unimplemented thus avoiding bus errors when
3
While we cannot move the main "helper.h" out of target/arm/,
4
guests access these registers.
4
due to usage by generic code, we can move the sub-includes.
5
5
6
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
7
Reviewed-by: Fabiano Rosas <farosas@suse.de>
8
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
8
Message-id: 20230504110412.1892411-3-richard.henderson@linaro.org
9
Message-id: 20191115154734.26449-2-edgar.iglesias@gmail.com
9
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
11
---
12
include/hw/arm/xlnx-versal.h | 3 +++
12
target/arm/helper.h | 8 ++++----
13
hw/arm/xlnx-versal.c | 2 ++
13
target/arm/{ => tcg}/helper-a64.h | 0
14
2 files changed, 5 insertions(+)
14
target/arm/{ => tcg}/helper-mve.h | 0
15
target/arm/{ => tcg}/helper-sme.h | 0
16
target/arm/{ => tcg}/helper-sve.h | 0
17
5 files changed, 4 insertions(+), 4 deletions(-)
18
rename target/arm/{ => tcg}/helper-a64.h (100%)
19
rename target/arm/{ => tcg}/helper-mve.h (100%)
20
rename target/arm/{ => tcg}/helper-sme.h (100%)
21
rename target/arm/{ => tcg}/helper-sve.h (100%)
15
22
16
diff --git a/include/hw/arm/xlnx-versal.h b/include/hw/arm/xlnx-versal.h
23
diff --git a/target/arm/helper.h b/target/arm/helper.h
17
index XXXXXXX..XXXXXXX 100644
24
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/arm/xlnx-versal.h
25
--- a/target/arm/helper.h
19
+++ b/include/hw/arm/xlnx-versal.h
26
+++ b/target/arm/helper.h
20
@@ -XXX,XX +XXX,XX @@ typedef struct Versal {
27
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_5(gvec_uclamp_d, TCG_CALL_NO_RWG,
21
#define MM_IOU_SCNTRS_SIZE 0x10000
28
void, ptr, ptr, ptr, ptr, i32)
22
#define MM_FPD_CRF 0xfd1a0000U
29
23
#define MM_FPD_CRF_SIZE 0x140000
30
#ifdef TARGET_AARCH64
24
+
31
-#include "helper-a64.h"
25
+#define MM_PMC_CRP 0xf1260000U
32
-#include "helper-sve.h"
26
+#define MM_PMC_CRP_SIZE 0x10000
33
-#include "helper-sme.h"
34
+#include "tcg/helper-a64.h"
35
+#include "tcg/helper-sve.h"
36
+#include "tcg/helper-sme.h"
27
#endif
37
#endif
28
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
38
29
index XXXXXXX..XXXXXXX 100644
39
-#include "helper-mve.h"
30
--- a/hw/arm/xlnx-versal.c
40
+#include "tcg/helper-mve.h"
31
+++ b/hw/arm/xlnx-versal.c
41
diff --git a/target/arm/helper-a64.h b/target/arm/tcg/helper-a64.h
32
@@ -XXX,XX +XXX,XX @@ static void versal_unimp(Versal *s)
42
similarity index 100%
33
MM_CRL, MM_CRL_SIZE);
43
rename from target/arm/helper-a64.h
34
versal_unimp_area(s, "crf", &s->mr_ps,
44
rename to target/arm/tcg/helper-a64.h
35
MM_FPD_CRF, MM_FPD_CRF_SIZE);
45
diff --git a/target/arm/helper-mve.h b/target/arm/tcg/helper-mve.h
36
+ versal_unimp_area(s, "crp", &s->mr_ps,
46
similarity index 100%
37
+ MM_PMC_CRP, MM_PMC_CRP_SIZE);
47
rename from target/arm/helper-mve.h
38
versal_unimp_area(s, "iou-scntr", &s->mr_ps,
48
rename to target/arm/tcg/helper-mve.h
39
MM_IOU_SCNTR, MM_IOU_SCNTR_SIZE);
49
diff --git a/target/arm/helper-sme.h b/target/arm/tcg/helper-sme.h
40
versal_unimp_area(s, "iou-scntr-seucre", &s->mr_ps,
50
similarity index 100%
51
rename from target/arm/helper-sme.h
52
rename to target/arm/tcg/helper-sme.h
53
diff --git a/target/arm/helper-sve.h b/target/arm/tcg/helper-sve.h
54
similarity index 100%
55
rename from target/arm/helper-sve.h
56
rename to target/arm/tcg/helper-sve.h
41
--
57
--
42
2.20.1
58
2.34.1
43
59
44
60
diff view generated by jsdifflib
New patch
[PULL 03/12] target/arm: Don't allow stage 2 page table walks to downgrade to NS
1
Bit 63 in a Table descriptor is only the NSTable bit for stage 1
2
translations; in stage 2 it is RES0. We were incorrectly looking at
3
it all the time.
1
4
5
This causes problems if:
6
* the stage 2 table descriptor was incorrectly setting the RES0 bit
7
* we are doing a stage 2 translation in Secure address space for
8
a NonSecure stage 1 regime -- in this case we would incorrectly
9
do an immediate downgrade to NonSecure
10
11
A bug elsewhere in the code currently prevents us from getting
12
to the second situation, but when we fix that it will be possible.
13
14
Cc: qemu-stable@nongnu.org
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
18
Message-id: 20230504135425.2748672-2-peter.maydell@linaro.org
19
---
20
target/arm/ptw.c | 5 +++--
21
1 file changed, 3 insertions(+), 2 deletions(-)
22
23
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
24
index XXXXXXX..XXXXXXX 100644
25
--- a/target/arm/ptw.c
26
+++ b/target/arm/ptw.c
27
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
28
descaddrmask &= ~indexmask_grainsize;
29
30
/*
31
- * Secure accesses start with the page table in secure memory and
32
+ * Secure stage 1 accesses start with the page table in secure memory and
33
* can be downgraded to non-secure at any step. Non-secure accesses
34
* remain non-secure. We implement this by just ORing in the NSTable/NS
35
* bits at each step.
36
+ * Stage 2 never gets this kind of downgrade.
37
*/
38
tableattrs = is_secure ? 0 : (1 << 4);
39
40
next_level:
41
descaddr |= (address >> (stride * (4 - level))) & indexmask;
42
descaddr &= ~7ULL;
43
- nstable = extract32(tableattrs, 4, 1);
44
+ nstable = !regime_is_stage2(mmu_idx) && extract32(tableattrs, 4, 1);
45
if (nstable) {
46
/*
47
* Stage2_S -> Stage2 or Phys_S -> Phys_NS
48
--
49
2.34.1
50
51
diff view generated by jsdifflib
New patch
[PULL 04/12] target/arm: Fix handling of SW and NSW bits for stage 2 walks
1
We currently don't correctly handle the VSTCR_EL2.SW and VTCR_EL2.NSW
2
configuration bits. These allow configuration of whether the stage 2
3
page table walks for Secure IPA and NonSecure IPA should do their
4
descriptor reads from Secure or NonSecure physical addresses. (This
5
is separate from how the translation table base address and other
6
parameters are set: an NS IPA always uses VTTBR_EL2 and VTCR_EL2
7
for its base address and walk parameters, regardless of the NSW bit,
8
and similarly for Secure.)
1
9
10
Provide a new function ptw_idx_for_stage_2() which returns the
11
MMU index to use for descriptor reads, and use it to set up
12
the .in_ptw_idx wherever we call get_phys_addr_lpae().
13
14
For a stage 2 walk, wherever we call get_phys_addr_lpae():
15
* .in_ptw_idx should be ptw_idx_for_stage_2() of the .in_mmu_idx
16
* .in_secure should be true if .in_mmu_idx is Stage2_S
17
18
This allows us to correct S1_ptw_translate() so that it consistently
19
always sets its (out_secure, out_phys) to the result it gets from the
20
S2 walk (either by calling get_phys_addr_lpae() or by TLB lookup).
21
This makes better conceptual sense because the S2 walk should return
22
us an (address space, address) tuple, not an address that we then
23
randomly assign to S or NS.
24
25
Our previous handling of SW and NSW was broken, so guest code
26
trying to use these bits to put the s2 page tables in the "other"
27
address space wouldn't work correctly.
28
29
Cc: qemu-stable@nongnu.org
30
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1600
31
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
32
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
33
Message-id: 20230504135425.2748672-3-peter.maydell@linaro.org
34
---
35
target/arm/ptw.c | 76 ++++++++++++++++++++++++++++++++----------------
36
1 file changed, 51 insertions(+), 25 deletions(-)
37
38
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
39
index XXXXXXX..XXXXXXX 100644
40
--- a/target/arm/ptw.c
41
+++ b/target/arm/ptw.c
42
@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_stage1_mmu_idx(CPUARMState *env)
43
return stage_1_mmu_idx(arm_mmu_idx(env));
44
}
45
46
+/*
47
+ * Return where we should do ptw loads from for a stage 2 walk.
48
+ * This depends on whether the address we are looking up is a
49
+ * Secure IPA or a NonSecure IPA, which we know from whether this is
50
+ * Stage2 or Stage2_S.
51
+ * If this is the Secure EL1&0 regime we need to check the NSW and SW bits.
52
+ */
53
+static ARMMMUIdx ptw_idx_for_stage_2(CPUARMState *env, ARMMMUIdx stage2idx)
54
+{
55
+ bool s2walk_secure;
56
+
57
+ /*
58
+ * We're OK to check the current state of the CPU here because
59
+ * (1) we always invalidate all TLBs when the SCR_EL3.NS bit changes
60
+ * (2) there's no way to do a lookup that cares about Stage 2 for a
61
+ * different security state to the current one for AArch64, and AArch32
62
+ * never has a secure EL2. (AArch32 ATS12NSO[UP][RW] allow EL3 to do
63
+ * an NS stage 1+2 lookup while the NS bit is 0.)
64
+ */
65
+ if (!arm_is_secure_below_el3(env) || !arm_el_is_aa64(env, 3)) {
66
+ return ARMMMUIdx_Phys_NS;
67
+ }
68
+ if (stage2idx == ARMMMUIdx_Stage2_S) {
69
+ s2walk_secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
70
+ } else {
71
+ s2walk_secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
72
+ }
73
+ return s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
74
+
75
+}
76
+
77
static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx)
78
{
79
return (regime_sctlr(env, mmu_idx) & SCTLR_EE) != 0;
80
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
81
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
82
ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
83
uint8_t pte_attrs;
84
- bool pte_secure;
85
86
ptw->out_virt = addr;
87
88
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
89
if (regime_is_stage2(s2_mmu_idx)) {
90
S1Translate s2ptw = {
91
.in_mmu_idx = s2_mmu_idx,
92
- .in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS,
93
- .in_secure = is_secure,
94
+ .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
95
+ .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
96
.in_debug = true,
97
};
98
GetPhysAddrResult s2 = { };
99
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
100
}
101
ptw->out_phys = s2.f.phys_addr;
102
pte_attrs = s2.cacheattrs.attrs;
103
- pte_secure = s2.f.attrs.secure;
104
+ ptw->out_secure = s2.f.attrs.secure;
105
} else {
106
/* Regime is physical. */
107
ptw->out_phys = addr;
108
pte_attrs = 0;
109
- pte_secure = is_secure;
110
+ ptw->out_secure = s2_mmu_idx == ARMMMUIdx_Phys_S;
111
}
112
ptw->out_host = NULL;
113
ptw->out_rw = false;
114
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
115
ptw->out_phys = full->phys_addr | (addr & ~TARGET_PAGE_MASK);
116
ptw->out_rw = full->prot & PAGE_WRITE;
117
pte_attrs = full->pte_attrs;
118
- pte_secure = full->attrs.secure;
119
+ ptw->out_secure = full->attrs.secure;
120
#else
121
g_assert_not_reached();
122
#endif
123
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
124
}
125
}
126
127
- /* Check if page table walk is to secure or non-secure PA space. */
128
- ptw->out_secure = (is_secure
129
- && !(pte_secure
130
- ? env->cp15.vstcr_el2 & VSTCR_SW
131
- : env->cp15.vtcr_el2 & VTCR_NSW));
132
ptw->out_be = regime_translation_big_endian(env, mmu_idx);
133
return true;
134
135
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
136
hwaddr ipa;
137
int s1_prot, s1_lgpgsz;
138
bool is_secure = ptw->in_secure;
139
- bool ret, ipa_secure, s2walk_secure;
140
+ bool ret, ipa_secure;
141
ARMCacheAttrs cacheattrs1;
142
bool is_el0;
143
uint64_t hcr;
144
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
145
146
ipa = result->f.phys_addr;
147
ipa_secure = result->f.attrs.secure;
148
- if (is_secure) {
149
- /* Select TCR based on the NS bit from the S1 walk. */
150
- s2walk_secure = !(ipa_secure
151
- ? env->cp15.vstcr_el2 & VSTCR_SW
152
- : env->cp15.vtcr_el2 & VTCR_NSW);
153
- } else {
154
- assert(!ipa_secure);
155
- s2walk_secure = false;
156
- }
157
158
is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
159
- ptw->in_mmu_idx = s2walk_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
160
- ptw->in_ptw_idx = s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
161
- ptw->in_secure = s2walk_secure;
162
+ ptw->in_mmu_idx = ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
163
+ ptw->in_secure = ipa_secure;
164
+ ptw->in_ptw_idx = ptw_idx_for_stage_2(env, ptw->in_mmu_idx);
165
166
/*
167
* S1 is done, now do S2 translation.
168
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
169
ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
170
break;
171
172
+ case ARMMMUIdx_Stage2:
173
+ case ARMMMUIdx_Stage2_S:
174
+ /*
175
+ * Second stage lookup uses physical for ptw; whether this is S or
176
+ * NS may depend on the SW/NSW bits if this is a stage 2 lookup for
177
+ * the Secure EL2&0 regime.
178
+ */
179
+ ptw->in_ptw_idx = ptw_idx_for_stage_2(env, mmu_idx);
180
+ break;
181
+
182
case ARMMMUIdx_E10_0:
183
s1_mmu_idx = ARMMMUIdx_Stage1_E0;
184
goto do_twostage;
185
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
186
/* fall through */
187
188
default:
189
- /* Single stage and second stage uses physical for ptw. */
190
+ /* Single stage uses physical for ptw. */
191
ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
192
break;
193
}
194
--
195
2.34.1
diff view generated by jsdifflib
[PULL 1/4] target/arm: Fix handling of cortex-m FTYPE flag in EXCRET
[PULL 05/12] MAINTAINERS: Update Akihiko Odaki's email address
1
From: Jean-Hugues Deschênes <Jean-Hugues.Deschenes@ossiaco.com>
1
From: Akihiko Odaki <akihiko.odaki@gmail.com>
2
2
3
According to the PushStack() pseudocode in the armv7m RM,
3
I am now employed by Daynix. Although my role as a reviewer of
4
bit 4 of the LR should be set to NOT(CONTROL.PFCA) when
4
macOS-related change is not very relevant to the employment, I decided
5
an FPU is present. Current implementation is doing it for
5
to use the company email address to avoid confusions from different
6
armv8, but not for armv7. This patch makes the existing
6
addresses.
7
logic applicable to both code paths.
8
7
9
Signed-off-by: Jean-Hugues Deschenes <jean-hugues.deschenes@ossiaco.com>
8
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
10
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
11
Message-id: 20230506072333.32510-1-akihiko.odaki@daynix.com
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
---
13
target/arm/m_helper.c | 7 +++----
14
MAINTAINERS | 4 ++--
14
1 file changed, 3 insertions(+), 4 deletions(-)
15
1 file changed, 2 insertions(+), 2 deletions(-)
15
16
16
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
17
diff --git a/MAINTAINERS b/MAINTAINERS
17
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/m_helper.c
19
--- a/MAINTAINERS
19
+++ b/target/arm/m_helper.c
20
+++ b/MAINTAINERS
20
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
21
@@ -XXX,XX +XXX,XX @@ Core Audio framework backend
21
if (env->v7m.secure) {
22
M: Gerd Hoffmann <kraxel@redhat.com>
22
lr |= R_V7M_EXCRET_S_MASK;
23
M: Philippe Mathieu-Daudé <philmd@linaro.org>
23
}
24
R: Christian Schoenebeck <qemu_oss@crudebyte.com>
24
- if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
25
-R: Akihiko Odaki <akihiko.odaki@gmail.com>
25
- lr |= R_V7M_EXCRET_FTYPE_MASK;
26
+R: Akihiko Odaki <akihiko.odaki@daynix.com>
26
- }
27
S: Odd Fixes
27
} else {
28
F: audio/coreaudio.c
28
lr = R_V7M_EXCRET_RES1_MASK |
29
29
R_V7M_EXCRET_S_MASK |
30
@@ -XXX,XX +XXX,XX @@ F: docs/devel/ui.rst
30
R_V7M_EXCRET_DCRS_MASK |
31
Cocoa graphics
31
- R_V7M_EXCRET_FTYPE_MASK |
32
M: Peter Maydell <peter.maydell@linaro.org>
32
R_V7M_EXCRET_ES_MASK;
33
M: Philippe Mathieu-Daudé <philmd@linaro.org>
33
if (env->v7m.control[M_REG_NS] & R_V7M_CONTROL_SPSEL_MASK) {
34
-R: Akihiko Odaki <akihiko.odaki@gmail.com>
34
lr |= R_V7M_EXCRET_SPSEL_MASK;
35
+R: Akihiko Odaki <akihiko.odaki@daynix.com>
35
}
36
S: Odd Fixes
36
}
37
F: ui/cocoa.m
37
+ if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) {
38
38
+ lr |= R_V7M_EXCRET_FTYPE_MASK;
39
+ }
40
if (!arm_v7m_is_handler_mode(env)) {
41
lr |= R_V7M_EXCRET_MODE_MASK;
42
}
43
--
39
--
44
2.20.1
40
2.34.1
45
41
46
42
diff view generated by jsdifflib
New patch
[PULL 06/12] ui: Fix pixel colour channel order for PNG screenshots
1
When we take a PNG screenshot the ordering of the colour channels in
2
the data is not correct, resulting in the image having weird
3
colouring compared to the actual display. (Specifically, on a
4
little-endian host the blue and red channels are swapped; on
5
big-endian everything is wrong.)
1
6
7
This happens because the pixman idea of the pixel data and the libpng
8
idea differ. PIXMAN_a8r8g8b8 defines that pixels are 32-bit values,
9
with A in bits 24-31, R in bits 16-23, G in bits 8-15 and B in bits
10
0-7. This means that on little-endian systems the bytes in memory
11
are
12
B G R A
13
and on big-endian systems they are
14
A R G B
15
16
libpng, on the other hand, thinks of pixels as being a series of
17
values for each channel, so its format PNG_COLOR_TYPE_RGB_ALPHA
18
always wants bytes in the order
19
R G B A
20
21
This isn't the same as the pixman order for either big or little
22
endian hosts.
23
24
The alpha channel is also unnecessary bulk in the output PNG file,
25
because there is no alpha information in a screenshot.
26
27
To handle the endianness issue, we already define in ui/qemu-pixman.h
28
various PIXMAN_BE_* and PIXMAN_LE_* values that give consistent
29
byte-order pixel channel formats. So we can use PIXMAN_BE_r8g8b8 and
30
PNG_COLOR_TYPE_RGB, which both have an in-memory byte order of
31
R G B
32
and 3 bytes per pixel.
33
34
(PPM format screenshots get this right; they already use the
35
PIXMAN_BE_r8g8b8 format.)
36
37
Cc: qemu-stable@nongnu.org
38
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1622
39
Fixes: 9a0a119a382867 ("Added parameter to take screenshot with screendump as PNG")
40
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
41
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
42
Message-id: 20230502135548.2451309-1-peter.maydell@linaro.org
43
---
44
ui/console.c | 4 ++--
45
1 file changed, 2 insertions(+), 2 deletions(-)
46
47
diff --git a/ui/console.c b/ui/console.c
48
index XXXXXXX..XXXXXXX 100644
49
--- a/ui/console.c
50
+++ b/ui/console.c
51
@@ -XXX,XX +XXX,XX @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
52
png_struct *png_ptr;
53
png_info *info_ptr;
54
g_autoptr(pixman_image_t) linebuf =
55
- qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width);
56
+ qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, width);
57
uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf);
58
FILE *f = fdopen(fd, "wb");
59
int y;
60
@@ -XXX,XX +XXX,XX @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
61
png_init_io(png_ptr, f);
62
63
png_set_IHDR(png_ptr, info_ptr, width, height, 8,
64
- PNG_COLOR_TYPE_RGB_ALPHA, PNG_INTERLACE_NONE,
65
+ PNG_COLOR_TYPE_RGB, PNG_INTERLACE_NONE,
66
PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE);
67
68
png_write_info(png_ptr, info_ptr);
69
--
70
2.34.1
71
72
diff view generated by jsdifflib
New patch
[PULL 07/12] docs: Remove unused weirdly-named cross-reference targets
1
In the doc sources, we have a few cross-reference targets with odd
2
names "pcsys_005fxyz". These are the legacy of the semi-automated
3
conversion of the old info docs to rST (the '005f' is because ASCII
4
0x5f is '_' and the old info link names had underscores in them).
1
5
6
Remove the targets which nothing links to, and rename the two targets
7
which are used to something a bit more descriptive.
8
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Message-id: 20230421163642.1151904-1-peter.maydell@linaro.org
11
Reviewed-by: Markus Armbruster <armbru@redhat.com>
12
---
13
docs/system/devices/igb.rst | 2 +-
14
docs/system/devices/ivshmem.rst | 2 --
15
docs/system/devices/net.rst | 2 +-
16
docs/system/devices/usb.rst | 2 --
17
docs/system/keys.rst | 2 +-
18
docs/system/linuxboot.rst | 2 +-
19
docs/system/target-i386.rst | 4 ----
20
7 files changed, 4 insertions(+), 12 deletions(-)
21
22
diff --git a/docs/system/devices/igb.rst b/docs/system/devices/igb.rst
23
index XXXXXXX..XXXXXXX 100644
24
--- a/docs/system/devices/igb.rst
25
+++ b/docs/system/devices/igb.rst
26
@@ -XXX,XX +XXX,XX @@ Using igb
27
=========
28
29
Using igb should be nothing different from using another network device. See
30
-:ref:`pcsys_005fnetwork` in general.
31
+:ref:`Network_emulation` in general.
32
33
However, you may also need to perform additional steps to activate SR-IOV
34
feature on your guest. For Linux, refer to [4]_.
35
diff --git a/docs/system/devices/ivshmem.rst b/docs/system/devices/ivshmem.rst
36
index XXXXXXX..XXXXXXX 100644
37
--- a/docs/system/devices/ivshmem.rst
38
+++ b/docs/system/devices/ivshmem.rst
39
@@ -XXX,XX +XXX,XX @@
40
-.. _pcsys_005fivshmem:
41
-
42
Inter-VM Shared Memory device
43
-----------------------------
44
45
diff --git a/docs/system/devices/net.rst b/docs/system/devices/net.rst
46
index XXXXXXX..XXXXXXX 100644
47
--- a/docs/system/devices/net.rst
48
+++ b/docs/system/devices/net.rst
49
@@ -XXX,XX +XXX,XX @@
50
-.. _pcsys_005fnetwork:
51
+.. _Network_Emulation:
52
53
Network emulation
54
-----------------
55
diff --git a/docs/system/devices/usb.rst b/docs/system/devices/usb.rst
56
index XXXXXXX..XXXXXXX 100644
57
--- a/docs/system/devices/usb.rst
58
+++ b/docs/system/devices/usb.rst
59
@@ -XXX,XX +XXX,XX @@
60
-.. _pcsys_005fusb:
61
-
62
USB emulation
63
-------------
64
65
diff --git a/docs/system/keys.rst b/docs/system/keys.rst
66
index XXXXXXX..XXXXXXX 100644
67
--- a/docs/system/keys.rst
68
+++ b/docs/system/keys.rst
69
@@ -XXX,XX +XXX,XX @@
70
-.. _pcsys_005fkeys:
71
+.. _GUI_keys:
72
73
Keys in the graphical frontends
74
-------------------------------
75
diff --git a/docs/system/linuxboot.rst b/docs/system/linuxboot.rst
76
index XXXXXXX..XXXXXXX 100644
77
--- a/docs/system/linuxboot.rst
78
+++ b/docs/system/linuxboot.rst
79
@@ -XXX,XX +XXX,XX @@ virtual serial port and the QEMU monitor to the console with the
80
-append "root=/dev/hda console=ttyS0" -nographic
81
82
Use Ctrl-a c to switch between the serial console and the monitor (see
83
-:ref:`pcsys_005fkeys`).
84
+:ref:`GUI_keys`).
85
diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst
86
index XXXXXXX..XXXXXXX 100644
87
--- a/docs/system/target-i386.rst
88
+++ b/docs/system/target-i386.rst
89
@@ -XXX,XX +XXX,XX @@
90
x86 System emulator
91
-------------------
92
93
-.. _pcsys_005fdevices:
94
-
95
Board-specific documentation
96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
97
98
@@ -XXX,XX +XXX,XX @@ Architectural features
99
i386/sgx
100
i386/amd-memory-encryption
101
102
-.. _pcsys_005freq:
103
-
104
OS requirements
105
~~~~~~~~~~~~~~~
106
107
--
108
2.34.1
diff view generated by jsdifflib
New patch
[PULL 08/12] hw/mips/malta: Fix minor dead code issue
1
Coverity points out (in CID 1508390) that write_bootloader has
2
some dead code, where we assign to 'p' and then in the following
3
line assign to it again. This happened as a result of the
4
refactoring in commit cd5066f8618b.
1
5
6
Fix the dead code by removing the 'void *v' variable entirely and
7
instead adding a cast when calling bl_setup_gt64120_jump_kernel(), as
8
we do at its other callsite in write_bootloader_nanomips().
9
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
12
---
13
hw/mips/malta.c | 5 +----
14
1 file changed, 1 insertion(+), 4 deletions(-)
15
16
diff --git a/hw/mips/malta.c b/hw/mips/malta.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/hw/mips/malta.c
19
+++ b/hw/mips/malta.c
20
@@ -XXX,XX +XXX,XX @@ static void write_bootloader(uint8_t *base, uint64_t run_addr,
21
uint64_t kernel_entry)
22
{
23
uint32_t *p;
24
- void *v;
25
26
/* Small bootloader */
27
p = (uint32_t *)base;
28
@@ -XXX,XX +XXX,XX @@ static void write_bootloader(uint8_t *base, uint64_t run_addr,
29
*
30
*/
31
32
- v = p;
33
- bl_setup_gt64120_jump_kernel(&v, run_addr, kernel_entry);
34
- p = v;
35
+ bl_setup_gt64120_jump_kernel((void **)&p, run_addr, kernel_entry);
36
37
/* YAMON subroutines */
38
p = (uint32_t *) (base + 0x800);
39
--
40
2.34.1
41
42
diff view generated by jsdifflib
New patch
[PULL 09/12] target/arm: Select SEMIHOSTING when using TCG
1
From: Fabiano Rosas <farosas@suse.de>
1
2
3
Semihosting has been made a 'default y' entry in Kconfig, which does
4
not work because when building --without-default-devices, the
5
semihosting code would not be available.
6
7
Make semihosting unconditional when TCG is present.
8
9
Fixes: 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a KVM-only build")
10
Signed-off-by: Fabiano Rosas <farosas@suse.de>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
Message-id: 20230508181611.2621-2-farosas@suse.de
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
15
target/arm/Kconfig | 8 +-------
16
1 file changed, 1 insertion(+), 7 deletions(-)
17
18
diff --git a/target/arm/Kconfig b/target/arm/Kconfig
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/Kconfig
21
+++ b/target/arm/Kconfig
22
@@ -XXX,XX +XXX,XX @@
23
config ARM
24
bool
25
+ select ARM_COMPATIBLE_SEMIHOSTING if TCG
26
27
config AARCH64
28
bool
29
select ARM
30
-
31
-# This config exists just so we can make SEMIHOSTING default when TCG
32
-# is selected without also changing it for other architectures.
33
-config ARM_SEMIHOSTING
34
- bool
35
- default y if TCG && ARM
36
- select ARM_COMPATIBLE_SEMIHOSTING
37
--
38
2.34.1
diff view generated by jsdifflib
New patch
[PULL 10/12] target/arm: Select CONFIG_ARM_V7M when TCG is enabled
1
From: Fabiano Rosas <farosas@suse.de>
1
2
3
We cannot allow this config to be disabled at the moment as not all of
4
the relevant code is protected by it.
5
6
Commit 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a
7
KVM-only build") moved the CONFIGs of several boards to Kconfig, so it
8
is now possible that nothing selects ARM_V7M (e.g. when doing a
9
--without-default-devices build).
10
11
Return the CONFIG_ARM_V7M entry to a state where it is always selected
12
whenever TCG is available.
13
14
Fixes: 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a KVM-only build")
15
Signed-off-by: Fabiano Rosas <farosas@suse.de>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Message-id: 20230508181611.2621-3-farosas@suse.de
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
---
20
target/arm/Kconfig | 1 +
21
1 file changed, 1 insertion(+)
22
23
diff --git a/target/arm/Kconfig b/target/arm/Kconfig
24
index XXXXXXX..XXXXXXX 100644
25
--- a/target/arm/Kconfig
26
+++ b/target/arm/Kconfig
27
@@ -XXX,XX +XXX,XX @@
28
config ARM
29
bool
30
select ARM_COMPATIBLE_SEMIHOSTING if TCG
31
+ select ARM_V7M if TCG
32
33
config AARCH64
34
bool
35
--
36
2.34.1
diff view generated by jsdifflib
[PULL 4/4] target/arm: Honor HCR_EL2.TID3 trapping requirements
[PULL 11/12] tests/qtest: Don't run cdrom boot tests if no accelerator is present
1
From: Marc Zyngier <maz@kernel.org>
1
From: Fabiano Rosas <farosas@suse.de>
2
2
3
HCR_EL2.TID3 mandates that access from EL1 to a long list of id
3
On a build configured with: --disable-tcg --enable-xen it is possible
4
registers traps to EL2, and QEMU has so far ignored this requirement.
4
to produce a QEMU binary with no TCG nor KVM support. Skip the cdrom
5
boot tests if that's the case.
5
6
6
This breaks (among other things) KVM guests that have PtrAuth enabled,
7
Fixes: 0c1ae3ff9d ("tests/qtest: Fix tests when no KVM or TCG are present")
7
while the hypervisor doesn't want to expose the feature to its guest.
8
Signed-off-by: Fabiano Rosas <farosas@suse.de>
8
To achieve this, KVM traps the ID registers (ID_AA64ISAR1_EL1 in this
9
Reviewed-by: Thomas Huth <thuth@redhat.com>
9
case), and masks out the unsupported feature.
10
Message-id: 20230508181611.2621-4-farosas@suse.de
10
11
QEMU not honoring the trap request means that the guest observes
12
that the feature is present in the HW, starts using it, and dies
13
a horrible death when KVM injects an UNDEF, because the feature
14
*really* isn't supported.
15
16
Do the right thing by trapping to EL2 if HCR_EL2.TID3 is set.
17
18
Note that this change does not include trapping of the MVFR
19
registers from AArch32 (they are accessed via the VMRS
20
instruction and need to be handled in a different way).
21
22
Reported-by: Will Deacon <will@kernel.org>
23
Signed-off-by: Marc Zyngier <maz@kernel.org>
24
Tested-by: Will Deacon <will@kernel.org>
25
Message-id: 20191123115618.29230-1-maz@kernel.org
26
[PMM: added missing accessfn line for ID_AA4PFR2_EL1_RESERVED;
27
changed names of access functions to include _tid3]
28
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
29
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
30
---
12
---
31
target/arm/helper.c | 76 +++++++++++++++++++++++++++++++++++++++++++++
13
tests/qtest/cdrom-test.c | 10 ++++++++++
32
1 file changed, 76 insertions(+)
14
1 file changed, 10 insertions(+)
33
15
34
diff --git a/target/arm/helper.c b/target/arm/helper.c
16
diff --git a/tests/qtest/cdrom-test.c b/tests/qtest/cdrom-test.c
35
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
36
--- a/target/arm/helper.c
18
--- a/tests/qtest/cdrom-test.c
37
+++ b/target/arm/helper.c
19
+++ b/tests/qtest/cdrom-test.c
38
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo predinv_reginfo[] = {
20
@@ -XXX,XX +XXX,XX @@ static void test_cdboot(gconstpointer data)
39
REGINFO_SENTINEL
21
40
};
22
static void add_x86_tests(void)
41
23
{
42
+static CPAccessResult access_aa64_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
24
+ if (!qtest_has_accel("tcg") && !qtest_has_accel("kvm")) {
43
+ bool isread)
25
+ g_test_skip("No KVM or TCG accelerator available, skipping boot tests");
44
+{
26
+ return;
45
+ if ((arm_current_el(env) < 2) && (arm_hcr_el2_eff(env) & HCR_TID3)) {
46
+ return CP_ACCESS_TRAP_EL2;
47
+ }
27
+ }
48
+
28
+
49
+ return CP_ACCESS_OK;
29
qtest_add_data_func("cdrom/boot/default", "-cdrom ", test_cdboot);
50
+}
30
qtest_add_data_func("cdrom/boot/virtio-scsi",
51
+
31
"-device virtio-scsi -device scsi-cd,drive=cdr "
52
+static CPAccessResult access_aa32_tid3(CPUARMState *env, const ARMCPRegInfo *ri,
32
@@ -XXX,XX +XXX,XX @@ static void add_x86_tests(void)
53
+ bool isread)
33
54
+{
34
static void add_s390x_tests(void)
55
+ if (arm_feature(env, ARM_FEATURE_V8)) {
35
{
56
+ return access_aa64_tid3(env, ri, isread);
36
+ if (!qtest_has_accel("tcg") && !qtest_has_accel("kvm")) {
37
+ g_test_skip("No KVM or TCG accelerator available, skipping boot tests");
38
+ return;
57
+ }
39
+ }
58
+
40
+
59
+ return CP_ACCESS_OK;
41
qtest_add_data_func("cdrom/boot/default", "-cdrom ", test_cdboot);
60
+}
42
qtest_add_data_func("cdrom/boot/virtio-scsi",
61
+
43
"-device virtio-scsi -device scsi-cd,drive=cdr "
62
void register_cp_regs_for_features(ARMCPU *cpu)
63
{
64
/* Register all the coprocessor registers based on feature bits */
65
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
66
{ .name = "ID_PFR0", .state = ARM_CP_STATE_BOTH,
67
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 0,
68
.access = PL1_R, .type = ARM_CP_CONST,
69
+ .accessfn = access_aa32_tid3,
70
.resetvalue = cpu->id_pfr0 },
71
/* ID_PFR1 is not a plain ARM_CP_CONST because we don't know
72
* the value of the GIC field until after we define these regs.
73
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
74
{ .name = "ID_PFR1", .state = ARM_CP_STATE_BOTH,
75
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 1,
76
.access = PL1_R, .type = ARM_CP_NO_RAW,
77
+ .accessfn = access_aa32_tid3,
78
.readfn = id_pfr1_read,
79
.writefn = arm_cp_write_ignore },
80
{ .name = "ID_DFR0", .state = ARM_CP_STATE_BOTH,
81
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 2,
82
.access = PL1_R, .type = ARM_CP_CONST,
83
+ .accessfn = access_aa32_tid3,
84
.resetvalue = cpu->id_dfr0 },
85
{ .name = "ID_AFR0", .state = ARM_CP_STATE_BOTH,
86
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 3,
87
.access = PL1_R, .type = ARM_CP_CONST,
88
+ .accessfn = access_aa32_tid3,
89
.resetvalue = cpu->id_afr0 },
90
{ .name = "ID_MMFR0", .state = ARM_CP_STATE_BOTH,
91
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 4,
92
.access = PL1_R, .type = ARM_CP_CONST,
93
+ .accessfn = access_aa32_tid3,
94
.resetvalue = cpu->id_mmfr0 },
95
{ .name = "ID_MMFR1", .state = ARM_CP_STATE_BOTH,
96
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 5,
97
.access = PL1_R, .type = ARM_CP_CONST,
98
+ .accessfn = access_aa32_tid3,
99
.resetvalue = cpu->id_mmfr1 },
100
{ .name = "ID_MMFR2", .state = ARM_CP_STATE_BOTH,
101
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 6,
102
.access = PL1_R, .type = ARM_CP_CONST,
103
+ .accessfn = access_aa32_tid3,
104
.resetvalue = cpu->id_mmfr2 },
105
{ .name = "ID_MMFR3", .state = ARM_CP_STATE_BOTH,
106
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 7,
107
.access = PL1_R, .type = ARM_CP_CONST,
108
+ .accessfn = access_aa32_tid3,
109
.resetvalue = cpu->id_mmfr3 },
110
{ .name = "ID_ISAR0", .state = ARM_CP_STATE_BOTH,
111
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
112
.access = PL1_R, .type = ARM_CP_CONST,
113
+ .accessfn = access_aa32_tid3,
114
.resetvalue = cpu->isar.id_isar0 },
115
{ .name = "ID_ISAR1", .state = ARM_CP_STATE_BOTH,
116
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 1,
117
.access = PL1_R, .type = ARM_CP_CONST,
118
+ .accessfn = access_aa32_tid3,
119
.resetvalue = cpu->isar.id_isar1 },
120
{ .name = "ID_ISAR2", .state = ARM_CP_STATE_BOTH,
121
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
122
.access = PL1_R, .type = ARM_CP_CONST,
123
+ .accessfn = access_aa32_tid3,
124
.resetvalue = cpu->isar.id_isar2 },
125
{ .name = "ID_ISAR3", .state = ARM_CP_STATE_BOTH,
126
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 3,
127
.access = PL1_R, .type = ARM_CP_CONST,
128
+ .accessfn = access_aa32_tid3,
129
.resetvalue = cpu->isar.id_isar3 },
130
{ .name = "ID_ISAR4", .state = ARM_CP_STATE_BOTH,
131
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 4,
132
.access = PL1_R, .type = ARM_CP_CONST,
133
+ .accessfn = access_aa32_tid3,
134
.resetvalue = cpu->isar.id_isar4 },
135
{ .name = "ID_ISAR5", .state = ARM_CP_STATE_BOTH,
136
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 5,
137
.access = PL1_R, .type = ARM_CP_CONST,
138
+ .accessfn = access_aa32_tid3,
139
.resetvalue = cpu->isar.id_isar5 },
140
{ .name = "ID_MMFR4", .state = ARM_CP_STATE_BOTH,
141
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 6,
142
.access = PL1_R, .type = ARM_CP_CONST,
143
+ .accessfn = access_aa32_tid3,
144
.resetvalue = cpu->id_mmfr4 },
145
{ .name = "ID_ISAR6", .state = ARM_CP_STATE_BOTH,
146
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 7,
147
.access = PL1_R, .type = ARM_CP_CONST,
148
+ .accessfn = access_aa32_tid3,
149
.resetvalue = cpu->isar.id_isar6 },
150
REGINFO_SENTINEL
151
};
152
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
153
{ .name = "ID_AA64PFR0_EL1", .state = ARM_CP_STATE_AA64,
154
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 0,
155
.access = PL1_R, .type = ARM_CP_NO_RAW,
156
+ .accessfn = access_aa64_tid3,
157
.readfn = id_aa64pfr0_read,
158
.writefn = arm_cp_write_ignore },
159
{ .name = "ID_AA64PFR1_EL1", .state = ARM_CP_STATE_AA64,
160
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 1,
161
.access = PL1_R, .type = ARM_CP_CONST,
162
+ .accessfn = access_aa64_tid3,
163
.resetvalue = cpu->isar.id_aa64pfr1},
164
{ .name = "ID_AA64PFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
165
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 2,
166
.access = PL1_R, .type = ARM_CP_CONST,
167
+ .accessfn = access_aa64_tid3,
168
.resetvalue = 0 },
169
{ .name = "ID_AA64PFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
170
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 3,
171
.access = PL1_R, .type = ARM_CP_CONST,
172
+ .accessfn = access_aa64_tid3,
173
.resetvalue = 0 },
174
{ .name = "ID_AA64ZFR0_EL1", .state = ARM_CP_STATE_AA64,
175
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 4,
176
.access = PL1_R, .type = ARM_CP_CONST,
177
+ .accessfn = access_aa64_tid3,
178
/* At present, only SVEver == 0 is defined anyway. */
179
.resetvalue = 0 },
180
{ .name = "ID_AA64PFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
181
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 5,
182
.access = PL1_R, .type = ARM_CP_CONST,
183
+ .accessfn = access_aa64_tid3,
184
.resetvalue = 0 },
185
{ .name = "ID_AA64PFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
186
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 6,
187
.access = PL1_R, .type = ARM_CP_CONST,
188
+ .accessfn = access_aa64_tid3,
189
.resetvalue = 0 },
190
{ .name = "ID_AA64PFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
191
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 4, .opc2 = 7,
192
.access = PL1_R, .type = ARM_CP_CONST,
193
+ .accessfn = access_aa64_tid3,
194
.resetvalue = 0 },
195
{ .name = "ID_AA64DFR0_EL1", .state = ARM_CP_STATE_AA64,
196
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 0,
197
.access = PL1_R, .type = ARM_CP_CONST,
198
+ .accessfn = access_aa64_tid3,
199
.resetvalue = cpu->id_aa64dfr0 },
200
{ .name = "ID_AA64DFR1_EL1", .state = ARM_CP_STATE_AA64,
201
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 1,
202
.access = PL1_R, .type = ARM_CP_CONST,
203
+ .accessfn = access_aa64_tid3,
204
.resetvalue = cpu->id_aa64dfr1 },
205
{ .name = "ID_AA64DFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
206
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 2,
207
.access = PL1_R, .type = ARM_CP_CONST,
208
+ .accessfn = access_aa64_tid3,
209
.resetvalue = 0 },
210
{ .name = "ID_AA64DFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
211
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 3,
212
.access = PL1_R, .type = ARM_CP_CONST,
213
+ .accessfn = access_aa64_tid3,
214
.resetvalue = 0 },
215
{ .name = "ID_AA64AFR0_EL1", .state = ARM_CP_STATE_AA64,
216
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 4,
217
.access = PL1_R, .type = ARM_CP_CONST,
218
+ .accessfn = access_aa64_tid3,
219
.resetvalue = cpu->id_aa64afr0 },
220
{ .name = "ID_AA64AFR1_EL1", .state = ARM_CP_STATE_AA64,
221
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 5,
222
.access = PL1_R, .type = ARM_CP_CONST,
223
+ .accessfn = access_aa64_tid3,
224
.resetvalue = cpu->id_aa64afr1 },
225
{ .name = "ID_AA64AFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
226
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 6,
227
.access = PL1_R, .type = ARM_CP_CONST,
228
+ .accessfn = access_aa64_tid3,
229
.resetvalue = 0 },
230
{ .name = "ID_AA64AFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
231
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 5, .opc2 = 7,
232
.access = PL1_R, .type = ARM_CP_CONST,
233
+ .accessfn = access_aa64_tid3,
234
.resetvalue = 0 },
235
{ .name = "ID_AA64ISAR0_EL1", .state = ARM_CP_STATE_AA64,
236
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 0,
237
.access = PL1_R, .type = ARM_CP_CONST,
238
+ .accessfn = access_aa64_tid3,
239
.resetvalue = cpu->isar.id_aa64isar0 },
240
{ .name = "ID_AA64ISAR1_EL1", .state = ARM_CP_STATE_AA64,
241
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 1,
242
.access = PL1_R, .type = ARM_CP_CONST,
243
+ .accessfn = access_aa64_tid3,
244
.resetvalue = cpu->isar.id_aa64isar1 },
245
{ .name = "ID_AA64ISAR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
246
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
247
.access = PL1_R, .type = ARM_CP_CONST,
248
+ .accessfn = access_aa64_tid3,
249
.resetvalue = 0 },
250
{ .name = "ID_AA64ISAR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
251
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 3,
252
.access = PL1_R, .type = ARM_CP_CONST,
253
+ .accessfn = access_aa64_tid3,
254
.resetvalue = 0 },
255
{ .name = "ID_AA64ISAR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
256
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 4,
257
.access = PL1_R, .type = ARM_CP_CONST,
258
+ .accessfn = access_aa64_tid3,
259
.resetvalue = 0 },
260
{ .name = "ID_AA64ISAR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
261
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 5,
262
.access = PL1_R, .type = ARM_CP_CONST,
263
+ .accessfn = access_aa64_tid3,
264
.resetvalue = 0 },
265
{ .name = "ID_AA64ISAR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
266
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 6,
267
.access = PL1_R, .type = ARM_CP_CONST,
268
+ .accessfn = access_aa64_tid3,
269
.resetvalue = 0 },
270
{ .name = "ID_AA64ISAR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
271
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 7,
272
.access = PL1_R, .type = ARM_CP_CONST,
273
+ .accessfn = access_aa64_tid3,
274
.resetvalue = 0 },
275
{ .name = "ID_AA64MMFR0_EL1", .state = ARM_CP_STATE_AA64,
276
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
277
.access = PL1_R, .type = ARM_CP_CONST,
278
+ .accessfn = access_aa64_tid3,
279
.resetvalue = cpu->isar.id_aa64mmfr0 },
280
{ .name = "ID_AA64MMFR1_EL1", .state = ARM_CP_STATE_AA64,
281
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 1,
282
.access = PL1_R, .type = ARM_CP_CONST,
283
+ .accessfn = access_aa64_tid3,
284
.resetvalue = cpu->isar.id_aa64mmfr1 },
285
{ .name = "ID_AA64MMFR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
286
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 2,
287
.access = PL1_R, .type = ARM_CP_CONST,
288
+ .accessfn = access_aa64_tid3,
289
.resetvalue = 0 },
290
{ .name = "ID_AA64MMFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
291
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 3,
292
.access = PL1_R, .type = ARM_CP_CONST,
293
+ .accessfn = access_aa64_tid3,
294
.resetvalue = 0 },
295
{ .name = "ID_AA64MMFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
296
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 4,
297
.access = PL1_R, .type = ARM_CP_CONST,
298
+ .accessfn = access_aa64_tid3,
299
.resetvalue = 0 },
300
{ .name = "ID_AA64MMFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
301
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 5,
302
.access = PL1_R, .type = ARM_CP_CONST,
303
+ .accessfn = access_aa64_tid3,
304
.resetvalue = 0 },
305
{ .name = "ID_AA64MMFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
306
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 6,
307
.access = PL1_R, .type = ARM_CP_CONST,
308
+ .accessfn = access_aa64_tid3,
309
.resetvalue = 0 },
310
{ .name = "ID_AA64MMFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
311
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 7,
312
.access = PL1_R, .type = ARM_CP_CONST,
313
+ .accessfn = access_aa64_tid3,
314
.resetvalue = 0 },
315
{ .name = "MVFR0_EL1", .state = ARM_CP_STATE_AA64,
316
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 0,
317
.access = PL1_R, .type = ARM_CP_CONST,
318
+ .accessfn = access_aa64_tid3,
319
.resetvalue = cpu->isar.mvfr0 },
320
{ .name = "MVFR1_EL1", .state = ARM_CP_STATE_AA64,
321
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 1,
322
.access = PL1_R, .type = ARM_CP_CONST,
323
+ .accessfn = access_aa64_tid3,
324
.resetvalue = cpu->isar.mvfr1 },
325
{ .name = "MVFR2_EL1", .state = ARM_CP_STATE_AA64,
326
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 2,
327
.access = PL1_R, .type = ARM_CP_CONST,
328
+ .accessfn = access_aa64_tid3,
329
.resetvalue = cpu->isar.mvfr2 },
330
{ .name = "MVFR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
331
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 3,
332
.access = PL1_R, .type = ARM_CP_CONST,
333
+ .accessfn = access_aa64_tid3,
334
.resetvalue = 0 },
335
{ .name = "MVFR4_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
336
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 4,
337
.access = PL1_R, .type = ARM_CP_CONST,
338
+ .accessfn = access_aa64_tid3,
339
.resetvalue = 0 },
340
{ .name = "MVFR5_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
341
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 5,
342
.access = PL1_R, .type = ARM_CP_CONST,
343
+ .accessfn = access_aa64_tid3,
344
.resetvalue = 0 },
345
{ .name = "MVFR6_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
346
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 6,
347
.access = PL1_R, .type = ARM_CP_CONST,
348
+ .accessfn = access_aa64_tid3,
349
.resetvalue = 0 },
350
{ .name = "MVFR7_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
351
.opc0 = 3, .opc1 = 0, .crn = 0, .crm = 3, .opc2 = 7,
352
.access = PL1_R, .type = ARM_CP_CONST,
353
+ .accessfn = access_aa64_tid3,
354
.resetvalue = 0 },
355
{ .name = "PMCEID0", .state = ARM_CP_STATE_AA32,
356
.cp = 15, .opc1 = 0, .crn = 9, .crm = 12, .opc2 = 6,
357
--
44
--
358
2.20.1
45
2.34.1
359
360
diff view generated by jsdifflib
[PULL 3/4] target/arm: Fix ISR_EL1 tracking when executing at EL2
[PULL 12/12] target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size check
1
From: Marc Zyngier <maz@kernel.org>
1
In check_s2_mmu_setup() we have a check that is attempting to
2
implement the part of AArch64.S2MinTxSZ that is specific to when EL1
3
is AArch32:
2
4
3
The ARMv8 ARM states when executing at EL2, EL3 or Secure EL1,
5
if !s1aarch64 then
4
ISR_EL1 shows the pending status of the physical IRQ, FIQ, or
6
// EL1 is AArch32
5
SError interrupts.
7
min_txsz = Min(min_txsz, 24);
6
8
7
Unfortunately, QEMU's implementation only considers the HCR_EL2
9
Unfortunately we got this wrong in two ways:
8
bits, and ignores the current exception level. This means a hypervisor
9
trying to look at its own interrupt state actually sees the guest
10
state, which is unexpected and breaks KVM as of Linux 5.3.
11
10
12
Instead, check for the running EL and return the physical bits
11
(1) The minimum txsz corresponds to a maximum inputsize, but we got
13
if not running in a virtualized context.
12
the sense of the comparison wrong and were faulting for all
13
inputsizes less than 40 bits
14
14
15
Fixes: 636540e9c40b
15
(2) We try to implement this as an extra check that happens after
16
we've done the same txsz checks we would do for an AArch64 EL1, but
17
in fact the pseudocode is *loosening* the requirements, so that txsz
18
values that would fault for an AArch64 EL1 do not fault for AArch32
19
EL1, because it does Min(old_min, 24), not Max(old_min, 24).
20
21
You can see this also in the text of the Arm ARM in table D8-8, which
22
shows that where the implemented PA size is less than 40 bits an
23
AArch32 EL1 is still OK with a configured stage2 T0SZ for a 40 bit
24
IPA, whereas if EL1 is AArch64 then the T0SZ must be big enough to
25
constrain the IPA to the implemented PA size.
26
27
Because of part (2), we can't do this as a separate check, but
28
have to integrate it into aa64_va_parameters(). Add a new argument
29
to that function to indicate that EL1 is 32-bit. All the existing
30
callsites except the one in get_phys_addr_lpae() can pass 'false',
31
because they are either doing a lookup for a stage 1 regime or
32
else they don't care about the tsz/tsz_oob fields.
33
16
Cc: qemu-stable@nongnu.org
34
Cc: qemu-stable@nongnu.org
17
Reported-by: Quentin Perret <qperret@google.com>
35
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1627
18
Signed-off-by: Marc Zyngier <maz@kernel.org>
19
Message-id: 20191122135833.28953-1-maz@kernel.org
20
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
21
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
36
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
37
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
38
Message-id: 20230509092059.3176487-1-peter.maydell@linaro.org
23
---
39
---
24
target/arm/helper.c | 7 +++++--
40
target/arm/internals.h | 12 +++++++++++-
25
1 file changed, 5 insertions(+), 2 deletions(-)
41
target/arm/gdbstub64.c | 2 +-
42
target/arm/helper.c | 15 +++++++++++++--
43
target/arm/ptw.c | 14 ++------------
44
target/arm/tcg/pauth_helper.c | 6 +++---
45
5 files changed, 30 insertions(+), 19 deletions(-)
26
46
47
diff --git a/target/arm/internals.h b/target/arm/internals.h
48
index XXXXXXX..XXXXXXX 100644
49
--- a/target/arm/internals.h
50
+++ b/target/arm/internals.h
51
@@ -XXX,XX +XXX,XX @@ typedef struct ARMVAParameters {
52
ARMGranuleSize gran : 2;
53
} ARMVAParameters;
54
55
+/**
56
+ * aa64_va_parameters: Return parameters for an AArch64 virtual address
57
+ * @env: CPU
58
+ * @va: virtual address to look up
59
+ * @mmu_idx: determines translation regime to use
60
+ * @data: true if this is a data access
61
+ * @el1_is_aa32: true if we are asking about stage 2 when EL1 is AArch32
62
+ * (ignored if @mmu_idx is for a stage 1 regime; only affects tsz/tsz_oob)
63
+ */
64
ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
65
- ARMMMUIdx mmu_idx, bool data);
66
+ ARMMMUIdx mmu_idx, bool data,
67
+ bool el1_is_aa32);
68
69
int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx);
70
int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx);
71
diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c
72
index XXXXXXX..XXXXXXX 100644
73
--- a/target/arm/gdbstub64.c
74
+++ b/target/arm/gdbstub64.c
75
@@ -XXX,XX +XXX,XX @@ int aarch64_gdb_get_pauth_reg(CPUARMState *env, GByteArray *buf, int reg)
76
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
77
ARMVAParameters param;
78
79
- param = aa64_va_parameters(env, -is_high, mmu_idx, is_data);
80
+ param = aa64_va_parameters(env, -is_high, mmu_idx, is_data, false);
81
return gdb_get_reg64(buf, pauth_ptr_mask(param));
82
}
83
default:
27
diff --git a/target/arm/helper.c b/target/arm/helper.c
84
diff --git a/target/arm/helper.c b/target/arm/helper.c
28
index XXXXXXX..XXXXXXX 100644
85
index XXXXXXX..XXXXXXX 100644
29
--- a/target/arm/helper.c
86
--- a/target/arm/helper.c
30
+++ b/target/arm/helper.c
87
+++ b/target/arm/helper.c
31
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
88
@@ -XXX,XX +XXX,XX @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx,
32
CPUState *cs = env_cpu(env);
89
unsigned int page_size_granule, page_shift, num, scale, exponent;
33
uint64_t hcr_el2 = arm_hcr_el2_eff(env);
90
/* Extract one bit to represent the va selector in use. */
34
uint64_t ret = 0;
91
uint64_t select = sextract64(value, 36, 1);
35
+ bool allow_virt = (arm_current_el(env) == 1 &&
92
- ARMVAParameters param = aa64_va_parameters(env, select, mmuidx, true);
36
+ (!arm_is_secure_below_el3(env) ||
93
+ ARMVAParameters param = aa64_va_parameters(env, select, mmuidx, true, false);
37
+ (env->cp15.scr_el3 & SCR_EEL2)));
94
TLBIRange ret = { };
38
95
ARMGranuleSize gran;
39
- if (hcr_el2 & HCR_IMO) {
96
40
+ if (allow_virt && (hcr_el2 & HCR_IMO)) {
97
@@ -XXX,XX +XXX,XX @@ static ARMGranuleSize sanitize_gran_size(ARMCPU *cpu, ARMGranuleSize gran,
41
if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) {
98
}
42
ret |= CPSR_I;
99
43
}
100
ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
44
@@ -XXX,XX +XXX,XX @@ static uint64_t isr_read(CPUARMState *env, const ARMCPRegInfo *ri)
101
- ARMMMUIdx mmu_idx, bool data)
102
+ ARMMMUIdx mmu_idx, bool data,
103
+ bool el1_is_aa32)
104
{
105
uint64_t tcr = regime_tcr(env, mmu_idx);
106
bool epd, hpd, tsz_oob, ds, ha, hd;
107
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
45
}
108
}
46
}
109
}
47
110
48
- if (hcr_el2 & HCR_FMO) {
111
+ if (stage2 && el1_is_aa32) {
49
+ if (allow_virt && (hcr_el2 & HCR_FMO)) {
112
+ /*
50
if (cs->interrupt_request & CPU_INTERRUPT_VFIQ) {
113
+ * For AArch32 EL1 the min txsz (and thus max IPA size) requirements
51
ret |= CPSR_F;
114
+ * are loosened: a configured IPA of 40 bits is permitted even if
52
}
115
+ * the implemented PA is less than that (and so a 40 bit IPA would
116
+ * fault for an AArch64 EL1). See R_DTLMN.
117
+ */
118
+ min_tsz = MIN(min_tsz, 24);
119
+ }
120
+
121
if (tsz > max_tsz) {
122
tsz = max_tsz;
123
tsz_oob = true;
124
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
125
index XXXXXXX..XXXXXXX 100644
126
--- a/target/arm/ptw.c
127
+++ b/target/arm/ptw.c
128
@@ -XXX,XX +XXX,XX @@ static int check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, uint64_t tcr,
129
130
sl0 = extract32(tcr, 6, 2);
131
if (is_aa64) {
132
- /*
133
- * AArch64.S2InvalidTxSZ: While we checked tsz_oob near the top of
134
- * get_phys_addr_lpae, that used aa64_va_parameters which apply
135
- * to aarch64. If Stage1 is aarch32, the min_txsz is larger.
136
- * See AArch64.S2MinTxSZ, where min_tsz is 24, translated to
137
- * inputsize is 64 - 24 = 40.
138
- */
139
- if (iasize < 40 && !arm_el_is_aa64(&cpu->env, 1)) {
140
- goto fail;
141
- }
142
-
143
/*
144
* AArch64.S2InvalidSL: Interpretation of SL depends on the page size,
145
* so interleave AArch64.S2StartLevel.
146
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
147
int ps;
148
149
param = aa64_va_parameters(env, address, mmu_idx,
150
- access_type != MMU_INST_FETCH);
151
+ access_type != MMU_INST_FETCH,
152
+ !arm_el_is_aa64(env, 1));
153
level = 0;
154
155
/*
156
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
157
index XXXXXXX..XXXXXXX 100644
158
--- a/target/arm/tcg/pauth_helper.c
159
+++ b/target/arm/tcg/pauth_helper.c
160
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
161
ARMPACKey *key, bool data)
162
{
163
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
164
- ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
165
+ ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
166
uint64_t pac, ext_ptr, ext, test;
167
int bot_bit, top_bit;
168
169
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
170
ARMPACKey *key, bool data, int keynumber)
171
{
172
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
173
- ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
174
+ ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
175
int bot_bit, top_bit;
176
uint64_t pac, orig_ptr, test;
177
178
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
179
static uint64_t pauth_strip(CPUARMState *env, uint64_t ptr, bool data)
180
{
181
ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
182
- ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
183
+ ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
184
185
return pauth_original_ptr(ptr, param);
186
}
53
--
187
--
54
2.20.1
188
2.34.1
55
56
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.