[PULL 00/12] target-arm queue
[PULL 0/7] target-arm queue
1
One last arm pullreq before I stop work for the end of the year...
1
Just some bugfixes this time around.
2
2
3
-- PMM
3
-- PMM
4
4
5
The following changes since commit 8e5943260a8f765216674ee87ce8588cc4e7463e:
5
The following changes since commit 4215d3413272ad6d1c6c9d0234450b602e46a74c:
6
6
7
Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-pull-request' into staging (2019-12-20 12:46:10 +0000)
7
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.1-20200727' into staging (2020-07-27 09:33:04 +0100)
8
8
9
are available in the Git repository at:
9
are available in the Git repository at:
10
10
11
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20191220
11
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200727
12
12
13
for you to fetch changes up to c8fa6079eb35888587f1be27c1590da4edcc5098:
13
for you to fetch changes up to d4f6dda182e19afa75706936805e18397cb95f07:
14
14
15
arm/arm-powerctl: rebuild hflags after setting CP15 bits in arm_set_cpu_on() (2019-12-20 14:03:00 +0000)
15
target/arm: Improve IMPDEF algorithm for IRG (2020-07-27 16:12:11 +0100)
16
16
17
----------------------------------------------------------------
17
----------------------------------------------------------------
18
target-arm queue:
18
target-arm queue:
19
* Support emulating the generic timers at frequencies other than 62.5MHz
19
* ACPI: Assert that we don't run out of the preallocated memory
20
* Various fixes for SMMUv3 emulation bugs
20
* hw/misc/aspeed_sdmc: Fix incorrect memory size
21
* Improve assert error message for hflags mismatches
21
* target/arm: Always pass cacheattr in S1_ptw_translate
22
* arm-powerctl: rebuild hflags after setting CP15 bits in arm_set_cpu_on()
22
* docs/system/arm/virt: Document 'mte' machine option
23
* hw/arm/boot: Fix PAUTH, MTE for EL3 direct kernel boot
24
* target/arm: Improve IMPDEF algorithm for IRG
23
25
24
----------------------------------------------------------------
26
----------------------------------------------------------------
25
Andrew Jeffery (4):
27
Dongjiu Geng (1):
26
target/arm: Remove redundant scaling of nexttick
28
ACPI: Assert that we don't run out of the preallocated memory
27
target/arm: Abstract the generic timer frequency
28
target/arm: Prepare generic timer for per-platform CNTFRQ
29
ast2600: Configure CNTFRQ at 1125MHz
30
29
31
Niek Linnenbank (1):
30
Peter Maydell (1):
32
arm/arm-powerctl: rebuild hflags after setting CP15 bits in arm_set_cpu_on()
31
docs/system/arm/virt: Document 'mte' machine option
33
32
34
Philippe Mathieu-Daudé (1):
33
Philippe Mathieu-Daudé (1):
35
target/arm: Display helpful message when hflags mismatch
34
hw/misc/aspeed_sdmc: Fix incorrect memory size
36
35
37
Simon Veith (6):
36
Richard Henderson (4):
38
hw/arm/smmuv3: Apply address mask to linear strtab base address
37
target/arm: Always pass cacheattr in S1_ptw_translate
39
hw/arm/smmuv3: Correct SMMU_BASE_ADDR_MASK value
38
hw/arm/boot: Fix PAUTH for EL3 direct kernel boot
40
hw/arm/smmuv3: Check stream IDs against actual table LOG2SIZE
39
hw/arm/boot: Fix MTE for EL3 direct kernel boot
41
hw/arm/smmuv3: Align stream table base address to table size
40
target/arm: Improve IMPDEF algorithm for IRG
42
hw/arm/smmuv3: Use correct bit positions in EVT_SET_ADDR2 macro
43
hw/arm/smmuv3: Report F_STE_FETCH fault address in correct word position
44
41
45
hw/arm/smmuv3-internal.h | 6 ++---
42
docs/system/arm/virt.rst | 4 ++++
46
target/arm/cpu.h | 5 ++++
43
hw/acpi/ghes.c | 12 ++++--------
47
hw/arm/aspeed_ast2600.c | 3 +++
44
hw/arm/boot.c | 6 ++++++
48
hw/arm/smmuv3.c | 28 +++++++++++++++-----
45
hw/misc/aspeed_sdmc.c | 7 ++++---
49
target/arm/arm-powerctl.c | 3 +++
46
target/arm/helper.c | 19 ++++++-------------
50
target/arm/cpu.c | 65 +++++++++++++++++++++++++++++++++++++++++------
47
target/arm/mte_helper.c | 37 ++++++++++++++++++++++++++++++-------
51
target/arm/helper.c | 42 +++++++++++++++++++++++-------
48
6 files changed, 54 insertions(+), 31 deletions(-)
52
7 files changed, 125 insertions(+), 27 deletions(-)
53
49
diff view generated by jsdifflib
[PULL 11/12] target/arm: Display helpful message when hflags mismatch
[PULL 1/7] ACPI: Assert that we don't run out of the preallocated memory
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: Dongjiu Geng <gengdongjiu@huawei.com>
2
2
3
Instead of crashing in a confuse way, give some hint to the user
3
data_length is a constant value, so we use assert instead of
4
about why we aborted. He might report the issue without having
4
condition check.
5
to use a debugger.
6
5
7
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6
Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>
8
Message-id: 20191209134552.27733-1-philmd@redhat.com
7
Message-id: 20200622113146.33421-1-gengdongjiu@huawei.com
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
10
Tested-by: Niek Linnenbank <nieklinnenbank@gmail.com>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
10
---
13
target/arm/helper.c | 18 +++++++++++++++---
11
hw/acpi/ghes.c | 12 ++++--------
14
1 file changed, 15 insertions(+), 3 deletions(-)
12
1 file changed, 4 insertions(+), 8 deletions(-)
15
13
16
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
diff --git a/hw/acpi/ghes.c b/hw/acpi/ghes.c
17
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/helper.c
16
--- a/hw/acpi/ghes.c
19
+++ b/target/arm/helper.c
17
+++ b/hw/acpi/ghes.c
20
@@ -XXX,XX +XXX,XX @@ void HELPER(rebuild_hflags_a64)(CPUARMState *env, int el)
18
@@ -XXX,XX +XXX,XX @@ static int acpi_ghes_record_mem_error(uint64_t error_block_address,
21
env->hflags = rebuild_hflags_a64(env, el, fp_el, mmu_idx);
19
22
}
20
/* This is the length if adding a new generic error data entry*/
23
21
data_length = ACPI_GHES_DATA_LENGTH + ACPI_GHES_MEM_CPER_LENGTH;
24
+static inline void assert_hflags_rebuild_correctly(CPUARMState *env)
22
-
25
+{
23
/*
26
+#ifdef CONFIG_DEBUG_TCG
24
- * Check whether it will run out of the preallocated memory if adding a new
27
+ uint32_t env_flags_current = env->hflags;
25
- * generic error data entry
28
+ uint32_t env_flags_rebuilt = rebuild_hflags_internal(env);
26
+ * It should not run out of the preallocated memory if adding a new generic
29
+
27
+ * error data entry
30
+ if (unlikely(env_flags_current != env_flags_rebuilt)) {
28
*/
31
+ fprintf(stderr, "TCG hflags mismatch (current:0x%08x rebuilt:0x%08x)\n",
29
- if ((data_length + ACPI_GHES_GESB_SIZE) > ACPI_GHES_MAX_RAW_DATA_LENGTH) {
32
+ env_flags_current, env_flags_rebuilt);
30
- error_report("Not enough memory to record new CPER!!!");
33
+ abort();
31
- g_array_free(block, true);
34
+ }
32
- return -1;
35
+#endif
33
- }
36
+}
34
+ assert((data_length + ACPI_GHES_GESB_SIZE) <=
37
+
35
+ ACPI_GHES_MAX_RAW_DATA_LENGTH);
38
void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
36
39
target_ulong *cs_base, uint32_t *pflags)
37
/* Build the new generic error status block header */
40
{
38
acpi_ghes_generic_error_status(block, ACPI_GEBS_UNCORRECTABLE,
41
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
42
uint32_t pstate_for_ss;
43
44
*cs_base = 0;
45
-#ifdef CONFIG_DEBUG_TCG
46
- assert(flags == rebuild_hflags_internal(env));
47
-#endif
48
+ assert_hflags_rebuild_correctly(env);
49
50
if (FIELD_EX32(flags, TBFLAG_ANY, AARCH64_STATE)) {
51
*pc = env->pc;
52
--
39
--
53
2.20.1
40
2.20.1
54
41
55
42
diff view generated by jsdifflib
[PULL 12/12] arm/arm-powerctl: rebuild hflags after setting CP15 bits in arm_set_cpu_on()
[PULL 2/7] hw/misc/aspeed_sdmc: Fix incorrect memory size
1
From: Niek Linnenbank <nieklinnenbank@gmail.com>
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
2
3
After setting CP15 bits in arm_set_cpu_on() the cached hflags must
3
The SDRAM Memory Controller has a 32-bit address bus, thus
4
be rebuild to reflect the changed processor state. Without rebuilding,
4
supports up to 4 GiB of DRAM. There is a signed to unsigned
5
the cached hflags would be inconsistent until the next call to
5
conversion error with the AST2600 maximum memory size:
6
arm_rebuild_hflags(). When QEMU is compiled with debugging enabled
7
(--enable-debug), this problem is captured shortly after the first
8
call to arm_set_cpu_on() for CPUs running in ARM 32-bit non-secure mode:
9
6
10
qemu-system-arm: target/arm/helper.c:11359: cpu_get_tb_cpu_state:
7
(uint64_t)(2048 << 20) = (uint64_t)(-2147483648)
11
Assertion `flags == rebuild_hflags_internal(env)' failed.
8
= 0xffffffff40000000
9
= 16 EiB - 2 GiB
10
11
Fix by using the IEC suffixes which are usually safer, and add
12
an assertion check to verify the memory is valid. This would have
13
caught this bug:
14
15
$ qemu-system-arm -M ast2600-evb
16
qemu-system-arm: hw/misc/aspeed_sdmc.c:258: aspeed_sdmc_realize: Assertion `asc->max_ram_size < 4 * GiB' failed.
12
Aborted (core dumped)
17
Aborted (core dumped)
13
18
14
Fixes: 0c7f8c43daf65
19
Fixes: 1550d72679 ("aspeed/sdmc: Add AST2600 support")
15
Cc: qemu-stable@nongnu.org
20
Reviewed-by: Cédric Le Goater <clg@kaod.org>
16
Signed-off-by: Niek Linnenbank <nieklinnenbank@gmail.com>
21
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
17
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
---
23
---
20
target/arm/arm-powerctl.c | 3 +++
24
hw/misc/aspeed_sdmc.c | 7 ++++---
21
1 file changed, 3 insertions(+)
25
1 file changed, 4 insertions(+), 3 deletions(-)
22
26
23
diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c
27
diff --git a/hw/misc/aspeed_sdmc.c b/hw/misc/aspeed_sdmc.c
24
index XXXXXXX..XXXXXXX 100644
28
index XXXXXXX..XXXXXXX 100644
25
--- a/target/arm/arm-powerctl.c
29
--- a/hw/misc/aspeed_sdmc.c
26
+++ b/target/arm/arm-powerctl.c
30
+++ b/hw/misc/aspeed_sdmc.c
27
@@ -XXX,XX +XXX,XX @@ static void arm_set_cpu_on_async_work(CPUState *target_cpu_state,
31
@@ -XXX,XX +XXX,XX @@ static void aspeed_sdmc_realize(DeviceState *dev, Error **errp)
28
target_cpu->env.regs[0] = info->context_id;
32
AspeedSDMCState *s = ASPEED_SDMC(dev);
29
}
33
AspeedSDMCClass *asc = ASPEED_SDMC_GET_CLASS(s);
30
34
31
+ /* CP15 update requires rebuilding hflags */
35
+ assert(asc->max_ram_size < 4 * GiB); /* 32-bit address bus */
32
+ arm_rebuild_hflags(&target_cpu->env);
36
s->max_ram_size = asc->max_ram_size;
33
+
37
34
/* Start the new CPU at the requested address */
38
memory_region_init_io(&s->iomem, OBJECT(s), &aspeed_sdmc_ops, s,
35
cpu_set_pc(target_cpu_state, info->entry);
39
@@ -XXX,XX +XXX,XX @@ static void aspeed_2400_sdmc_class_init(ObjectClass *klass, void *data)
36
40
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
41
42
dc->desc = "ASPEED 2400 SDRAM Memory Controller";
43
- asc->max_ram_size = 512 << 20;
44
+ asc->max_ram_size = 512 * MiB;
45
asc->compute_conf = aspeed_2400_sdmc_compute_conf;
46
asc->write = aspeed_2400_sdmc_write;
47
asc->valid_ram_sizes = aspeed_2400_ram_sizes;
48
@@ -XXX,XX +XXX,XX @@ static void aspeed_2500_sdmc_class_init(ObjectClass *klass, void *data)
49
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
50
51
dc->desc = "ASPEED 2500 SDRAM Memory Controller";
52
- asc->max_ram_size = 1024 << 20;
53
+ asc->max_ram_size = 1 * GiB;
54
asc->compute_conf = aspeed_2500_sdmc_compute_conf;
55
asc->write = aspeed_2500_sdmc_write;
56
asc->valid_ram_sizes = aspeed_2500_ram_sizes;
57
@@ -XXX,XX +XXX,XX @@ static void aspeed_2600_sdmc_class_init(ObjectClass *klass, void *data)
58
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
59
60
dc->desc = "ASPEED 2600 SDRAM Memory Controller";
61
- asc->max_ram_size = 2048 << 20;
62
+ asc->max_ram_size = 2 * GiB;
63
asc->compute_conf = aspeed_2600_sdmc_compute_conf;
64
asc->write = aspeed_2600_sdmc_write;
65
asc->valid_ram_sizes = aspeed_2600_ram_sizes;
37
--
66
--
38
2.20.1
67
2.20.1
39
68
40
69
diff view generated by jsdifflib
[PULL 01/12] target/arm: Remove redundant scaling of nexttick
[PULL 3/7] target/arm: Always pass cacheattr in S1_ptw_translate
1
From: Andrew Jeffery <andrew@aj.id.au>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
The corner-case codepath was adjusting nexttick such that overflow
3
When we changed the interface of get_phys_addr_lpae to require
4
wouldn't occur when timer_mod() scaled the value back up. Remove a use
4
the cacheattr parameter, this spot was missed. The compiler is
5
of GTIMER_SCALE and avoid unnecessary operations by calling
5
unable to detect the use of NULL vs the nonnull attribute here.
6
timer_mod_ns() directly.
7
6
8
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
7
Fixes: 7e98e21c098
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Reported-by: Jan Kiszka <jan.kiszka@siemens.com>
10
Reviewed-by: Cédric Le Goater <clg@kaod.org>
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Message-id: f8c680720e3abe55476e6d9cb604ad27fdbeb2e0.1576215453.git-series.andrew@aj.id.au
10
Tested-by: Jan Kiszka <jan.kiskza@siemens.com>
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
13
---
14
target/arm/helper.c | 5 +++--
14
target/arm/helper.c | 19 ++++++-------------
15
1 file changed, 3 insertions(+), 2 deletions(-)
15
1 file changed, 6 insertions(+), 13 deletions(-)
16
16
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
18
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/helper.c
19
--- a/target/arm/helper.c
20
+++ b/target/arm/helper.c
20
+++ b/target/arm/helper.c
21
@@ -XXX,XX +XXX,XX @@ static void gt_recalc_timer(ARMCPU *cpu, int timeridx)
21
@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
22
* timer expires we will reset the timer for any remaining period.
22
int s2prot;
23
*/
23
int ret;
24
if (nexttick > INT64_MAX / GTIMER_SCALE) {
24
ARMCacheAttrs cacheattrs = {};
25
- nexttick = INT64_MAX / GTIMER_SCALE;
25
- ARMCacheAttrs *pcacheattrs = NULL;
26
+ timer_mod_ns(cpu->gt_timer[timeridx], INT64_MAX);
26
-
27
+ } else {
27
- if (env->cp15.hcr_el2 & HCR_PTW) {
28
+ timer_mod(cpu->gt_timer[timeridx], nexttick);
28
- /*
29
- * PTW means we must fault if this S1 walk touches S2 Device
30
- * memory; otherwise we don't care about the attributes and can
31
- * save the S2 translation the effort of computing them.
32
- */
33
- pcacheattrs = &cacheattrs;
34
- }
35
36
ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, ARMMMUIdx_Stage2,
37
false,
38
&s2pa, &txattrs, &s2prot, &s2size, fi,
39
- pcacheattrs);
40
+ &cacheattrs);
41
if (ret) {
42
assert(fi->type != ARMFault_None);
43
fi->s2addr = addr;
44
@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
45
fi->s1ptw = true;
46
return ~0;
29
}
47
}
30
- timer_mod(cpu->gt_timer[timeridx], nexttick);
48
- if (pcacheattrs && (pcacheattrs->attrs & 0xf0) == 0) {
31
trace_arm_gt_recalc(timeridx, irqstate, nexttick);
49
- /* Access was to Device memory: generate Permission fault */
32
} else {
50
+ if ((env->cp15.hcr_el2 & HCR_PTW) && (cacheattrs.attrs & 0xf0) == 0) {
33
/* Timer disabled: ISTATUS and timer output always clear */
51
+ /*
52
+ * PTW set and S1 walk touched S2 Device memory:
53
+ * generate Permission fault.
54
+ */
55
fi->type = ARMFault_Permission;
56
fi->s2addr = addr;
57
fi->stage2 = true;
34
--
58
--
35
2.20.1
59
2.20.1
36
60
37
61
diff view generated by jsdifflib
[PULL 02/12] target/arm: Abstract the generic timer frequency
Deleted patch
1
From: Andrew Jeffery <andrew@aj.id.au>
2
1
3
Prepare for SoCs such as the ASPEED AST2600 whose firmware configures
4
CNTFRQ to values significantly larger than the static 62.5MHz value
5
currently derived from GTIMER_SCALE. As the OS potentially derives its
6
timer periods from the CNTFRQ value the lack of support for running
7
QEMUTimers at the appropriate rate leads to sticky behaviour in the
8
guest.
9
10
Substitute the GTIMER_SCALE constant with use of a helper to derive the
11
period from gt_cntfrq_hz stored in struct ARMCPU. Initially set
12
gt_cntfrq_hz to the frequency associated with GTIMER_SCALE so current
13
behaviour is maintained.
14
15
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
18
Message-id: 40bd8df043f66e1ccfb3e9482999d099ac72bb2e.1576215453.git-series.andrew@aj.id.au
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
---
21
target/arm/cpu.h | 5 +++++
22
target/arm/cpu.c | 8 ++++++++
23
target/arm/helper.c | 10 +++++++---
24
3 files changed, 20 insertions(+), 3 deletions(-)
25
26
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
27
index XXXXXXX..XXXXXXX 100644
28
--- a/target/arm/cpu.h
29
+++ b/target/arm/cpu.h
30
@@ -XXX,XX +XXX,XX @@ struct ARMCPU {
31
*/
32
DECLARE_BITMAP(sve_vq_map, ARM_MAX_VQ);
33
DECLARE_BITMAP(sve_vq_init, ARM_MAX_VQ);
34
+
35
+ /* Generic timer counter frequency, in Hz */
36
+ uint64_t gt_cntfrq_hz;
37
};
38
39
+unsigned int gt_cntfrq_period_ns(ARMCPU *cpu);
40
+
41
void arm_cpu_post_init(Object *obj);
42
43
uint64_t arm_cpu_mp_affinity(int idx, uint8_t clustersz);
44
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
45
index XXXXXXX..XXXXXXX 100644
46
--- a/target/arm/cpu.c
47
+++ b/target/arm/cpu.c
48
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_initfn(Object *obj)
49
if (tcg_enabled()) {
50
cpu->psci_version = 2; /* TCG implements PSCI 0.2 */
51
}
52
+
53
+ cpu->gt_cntfrq_hz = NANOSECONDS_PER_SECOND / GTIMER_SCALE;
54
}
55
56
static Property arm_cpu_reset_cbar_property =
57
@@ -XXX,XX +XXX,XX @@ static void arm_set_init_svtor(Object *obj, Visitor *v, const char *name,
58
visit_type_uint32(v, name, &cpu->init_svtor, errp);
59
}
60
61
+unsigned int gt_cntfrq_period_ns(ARMCPU *cpu)
62
+{
63
+ return NANOSECONDS_PER_SECOND > cpu->gt_cntfrq_hz ?
64
+ NANOSECONDS_PER_SECOND / cpu->gt_cntfrq_hz : 1;
65
+}
66
+
67
void arm_cpu_post_init(Object *obj)
68
{
69
ARMCPU *cpu = ARM_CPU(obj);
70
diff --git a/target/arm/helper.c b/target/arm/helper.c
71
index XXXXXXX..XXXXXXX 100644
72
--- a/target/arm/helper.c
73
+++ b/target/arm/helper.c
74
@@ -XXX,XX +XXX,XX @@ static CPAccessResult gt_stimer_access(CPUARMState *env,
75
76
static uint64_t gt_get_countervalue(CPUARMState *env)
77
{
78
- return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / GTIMER_SCALE;
79
+ ARMCPU *cpu = env_archcpu(env);
80
+
81
+ return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / gt_cntfrq_period_ns(cpu);
82
}
83
84
static void gt_recalc_timer(ARMCPU *cpu, int timeridx)
85
@@ -XXX,XX +XXX,XX @@ static void gt_recalc_timer(ARMCPU *cpu, int timeridx)
86
* set the timer for as far in the future as possible. When the
87
* timer expires we will reset the timer for any remaining period.
88
*/
89
- if (nexttick > INT64_MAX / GTIMER_SCALE) {
90
+ if (nexttick > INT64_MAX / gt_cntfrq_period_ns(cpu)) {
91
timer_mod_ns(cpu->gt_timer[timeridx], INT64_MAX);
92
} else {
93
timer_mod(cpu->gt_timer[timeridx], nexttick);
94
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
95
96
static uint64_t gt_virt_cnt_read(CPUARMState *env, const ARMCPRegInfo *ri)
97
{
98
+ ARMCPU *cpu = env_archcpu(env);
99
+
100
/* Currently we have no support for QEMUTimer in linux-user so we
101
* can't call gt_get_countervalue(env), instead we directly
102
* call the lower level functions.
103
*/
104
- return cpu_get_clock() / GTIMER_SCALE;
105
+ return cpu_get_clock() / gt_cntfrq_period_ns(cpu);
106
}
107
108
static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
109
--
110
2.20.1
111
112
diff view generated by jsdifflib
[PULL 03/12] target/arm: Prepare generic timer for per-platform CNTFRQ
Deleted patch
1
From: Andrew Jeffery <andrew@aj.id.au>
2
1
3
The ASPEED AST2600 clocks the generic timer at the rate of HPLL. On
4
recent firmwares this is at 1125MHz, which is considerably quicker than
5
the assumed 62.5MHz of the current generic timer implementation. The
6
delta between the value as read from CNTFRQ and the true rate of the
7
underlying QEMUTimer leads to sticky behaviour in AST2600 guests.
8
9
Add a feature-gated property exposing CNTFRQ for ARM CPUs providing the
10
generic timer. This allows platforms to configure CNTFRQ (and the
11
associated QEMUTimer) to the appropriate frequency prior to starting the
12
guest.
13
14
As the platform can now determine the rate of CNTFRQ we're exposed to
15
limitations of QEMUTimer that didn't previously materialise: In the
16
course of emulation we need to arbitrarily and accurately convert
17
between guest ticks and time, but we're constrained by QEMUTimer's use
18
of an integer scaling factor. The effect is QEMUTimer cannot exactly
19
capture the period of frequencies that do not cleanly divide
20
NANOSECONDS_PER_SECOND for scaling ticks to time. As such, provide an
21
equally inaccurate scaling factor for scaling time to ticks so at least
22
a self-consistent inverse relationship holds.
23
24
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
25
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
26
Message-id: a22db9325f96e39f76e3c2baddcb712149f46bf2.1576215453.git-series.andrew@aj.id.au
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
28
---
29
target/arm/cpu.c | 61 +++++++++++++++++++++++++++++++++++++--------
30
target/arm/helper.c | 9 ++++++-
31
2 files changed, 59 insertions(+), 11 deletions(-)
32
33
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
34
index XXXXXXX..XXXXXXX 100644
35
--- a/target/arm/cpu.c
36
+++ b/target/arm/cpu.c
37
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_initfn(Object *obj)
38
if (tcg_enabled()) {
39
cpu->psci_version = 2; /* TCG implements PSCI 0.2 */
40
}
41
-
42
- cpu->gt_cntfrq_hz = NANOSECONDS_PER_SECOND / GTIMER_SCALE;
43
}
44
45
+static Property arm_cpu_gt_cntfrq_property =
46
+ DEFINE_PROP_UINT64("cntfrq", ARMCPU, gt_cntfrq_hz,
47
+ NANOSECONDS_PER_SECOND / GTIMER_SCALE);
48
+
49
static Property arm_cpu_reset_cbar_property =
50
DEFINE_PROP_UINT64("reset-cbar", ARMCPU, reset_cbar, 0);
51
52
@@ -XXX,XX +XXX,XX @@ static void arm_set_init_svtor(Object *obj, Visitor *v, const char *name,
53
54
unsigned int gt_cntfrq_period_ns(ARMCPU *cpu)
55
{
56
+ /*
57
+ * The exact approach to calculating guest ticks is:
58
+ *
59
+ * muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), cpu->gt_cntfrq_hz,
60
+ * NANOSECONDS_PER_SECOND);
61
+ *
62
+ * We don't do that. Rather we intentionally use integer division
63
+ * truncation below and in the caller for the conversion of host monotonic
64
+ * time to guest ticks to provide the exact inverse for the semantics of
65
+ * the QEMUTimer scale factor. QEMUTimer's scale facter is an integer, so
66
+ * it loses precision when representing frequencies where
67
+ * `(NANOSECONDS_PER_SECOND % cpu->gt_cntfrq) > 0` holds. Failing to
68
+ * provide an exact inverse leads to scheduling timers with negative
69
+ * periods, which in turn leads to sticky behaviour in the guest.
70
+ *
71
+ * Finally, CNTFRQ is effectively capped at 1GHz to ensure our scale factor
72
+ * cannot become zero.
73
+ */
74
return NANOSECONDS_PER_SECOND > cpu->gt_cntfrq_hz ?
75
NANOSECONDS_PER_SECOND / cpu->gt_cntfrq_hz : 1;
76
}
77
@@ -XXX,XX +XXX,XX @@ void arm_cpu_post_init(Object *obj)
78
79
qdev_property_add_static(DEVICE(obj), &arm_cpu_cfgend_property,
80
&error_abort);
81
+
82
+ if (arm_feature(&cpu->env, ARM_FEATURE_GENERIC_TIMER)) {
83
+ qdev_property_add_static(DEVICE(cpu), &arm_cpu_gt_cntfrq_property,
84
+ &error_abort);
85
+ }
86
}
87
88
static void arm_cpu_finalizefn(Object *obj)
89
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
90
}
91
}
92
93
- cpu->gt_timer[GTIMER_PHYS] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
94
- arm_gt_ptimer_cb, cpu);
95
- cpu->gt_timer[GTIMER_VIRT] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
96
- arm_gt_vtimer_cb, cpu);
97
- cpu->gt_timer[GTIMER_HYP] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
98
- arm_gt_htimer_cb, cpu);
99
- cpu->gt_timer[GTIMER_SEC] = timer_new(QEMU_CLOCK_VIRTUAL, GTIMER_SCALE,
100
- arm_gt_stimer_cb, cpu);
101
+
102
+ {
103
+ uint64_t scale;
104
+
105
+ if (arm_feature(env, ARM_FEATURE_GENERIC_TIMER)) {
106
+ if (!cpu->gt_cntfrq_hz) {
107
+ error_setg(errp, "Invalid CNTFRQ: %"PRId64"Hz",
108
+ cpu->gt_cntfrq_hz);
109
+ return;
110
+ }
111
+ scale = gt_cntfrq_period_ns(cpu);
112
+ } else {
113
+ scale = GTIMER_SCALE;
114
+ }
115
+
116
+ cpu->gt_timer[GTIMER_PHYS] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
117
+ arm_gt_ptimer_cb, cpu);
118
+ cpu->gt_timer[GTIMER_VIRT] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
119
+ arm_gt_vtimer_cb, cpu);
120
+ cpu->gt_timer[GTIMER_HYP] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
121
+ arm_gt_htimer_cb, cpu);
122
+ cpu->gt_timer[GTIMER_SEC] = timer_new(QEMU_CLOCK_VIRTUAL, scale,
123
+ arm_gt_stimer_cb, cpu);
124
+ }
125
#endif
126
127
cpu_exec_realizefn(cs, &local_err);
128
diff --git a/target/arm/helper.c b/target/arm/helper.c
129
index XXXXXXX..XXXXXXX 100644
130
--- a/target/arm/helper.c
131
+++ b/target/arm/helper.c
132
@@ -XXX,XX +XXX,XX @@ void arm_gt_stimer_cb(void *opaque)
133
gt_recalc_timer(cpu, GTIMER_SEC);
134
}
135
136
+static void arm_gt_cntfrq_reset(CPUARMState *env, const ARMCPRegInfo *opaque)
137
+{
138
+ ARMCPU *cpu = env_archcpu(env);
139
+
140
+ cpu->env.cp15.c14_cntfrq = cpu->gt_cntfrq_hz;
141
+}
142
+
143
static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
144
/* Note that CNTFRQ is purely reads-as-written for the benefit
145
* of software; writing it doesn't actually change the timer frequency.
146
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
147
.opc0 = 3, .opc1 = 3, .crn = 14, .crm = 0, .opc2 = 0,
148
.access = PL1_RW | PL0_R, .accessfn = gt_cntfrq_access,
149
.fieldoffset = offsetof(CPUARMState, cp15.c14_cntfrq),
150
- .resetvalue = (1000 * 1000 * 1000) / GTIMER_SCALE,
151
+ .resetfn = arm_gt_cntfrq_reset,
152
},
153
/* overall control: mostly access permissions */
154
{ .name = "CNTKCTL", .state = ARM_CP_STATE_BOTH,
155
--
156
2.20.1
157
158
diff view generated by jsdifflib
[PULL 04/12] ast2600: Configure CNTFRQ at 1125MHz
Deleted patch
1
From: Andrew Jeffery <andrew@aj.id.au>
2
1
3
This matches the configuration set by u-boot on the AST2600.
4
5
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Cédric Le Goater <clg@kaod.org>
8
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
9
Message-id: 080ca1267a09381c43cf3c50d434fb6c186f2b6e.1576215453.git-series.andrew@aj.id.au
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
hw/arm/aspeed_ast2600.c | 3 +++
13
1 file changed, 3 insertions(+)
14
15
diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
16
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/arm/aspeed_ast2600.c
18
+++ b/hw/arm/aspeed_ast2600.c
19
@@ -XXX,XX +XXX,XX @@ static void aspeed_soc_ast2600_realize(DeviceState *dev, Error **errp)
20
object_property_set_int(OBJECT(&s->cpu[i]), aspeed_calc_affinity(i),
21
"mp-affinity", &error_abort);
22
23
+ object_property_set_int(OBJECT(&s->cpu[i]), 1125000000, "cntfrq",
24
+ &error_abort);
25
+
26
/*
27
* TODO: the secondary CPUs are started and a boot helper
28
* is needed when using -kernel
29
--
30
2.20.1
31
32
diff view generated by jsdifflib
[PULL 05/12] hw/arm/smmuv3: Apply address mask to linear strtab base address
Deleted patch
1
From: Simon Veith <sveith@amazon.de>
2
1
3
In the SMMU_STRTAB_BASE register, the stream table base address only
4
occupies bits [51:6]. Other bits, such as RA (bit [62]), must be masked
5
out to obtain the base address.
6
7
The branch for 2-level stream tables correctly applies this mask by way
8
of SMMU_BASE_ADDR_MASK, but the one for linear stream tables does not.
9
10
Apply the missing mask in that case as well so that the correct stream
11
base address is used by guests which configure a linear stream table.
12
13
Linux guests are unaffected by this change because they choose a 2-level
14
stream table layout for the QEMU SMMUv3, based on the size of its stream
15
ID space.
16
17
ref. ARM IHI 0070C, section 6.3.23.
18
19
Signed-off-by: Simon Veith <sveith@amazon.de>
20
Acked-by: Eric Auger <eric.auger@redhat.com>
21
Tested-by: Eric Auger <eric.auger@redhat.com>
22
Message-id: 1576509312-13083-2-git-send-email-sveith@amazon.de
23
Cc: Eric Auger <eric.auger@redhat.com>
24
Cc: qemu-devel@nongnu.org
25
Cc: qemu-arm@nongnu.org
26
Acked-by: Eric Auger <eric.auger@redhat.com>
27
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
28
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
29
---
30
hw/arm/smmuv3.c | 2 +-
31
1 file changed, 1 insertion(+), 1 deletion(-)
32
33
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
34
index XXXXXXX..XXXXXXX 100644
35
--- a/hw/arm/smmuv3.c
36
+++ b/hw/arm/smmuv3.c
37
@@ -XXX,XX +XXX,XX @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
38
}
39
addr = l2ptr + l2_ste_offset * sizeof(*ste);
40
} else {
41
- addr = s->strtab_base + sid * sizeof(*ste);
42
+ addr = (s->strtab_base & SMMU_BASE_ADDR_MASK) + sid * sizeof(*ste);
43
}
44
45
if (smmu_get_ste(s, addr, ste, event)) {
46
--
47
2.20.1
48
49
diff view generated by jsdifflib
[PULL 06/12] hw/arm/smmuv3: Correct SMMU_BASE_ADDR_MASK value
Deleted patch
1
From: Simon Veith <sveith@amazon.de>
2
1
3
There are two issues with the current value of SMMU_BASE_ADDR_MASK:
4
5
- At the lower end, we are clearing bits [4:0]. Per the SMMUv3 spec,
6
we should also be treating bit 5 as zero in the base address.
7
- At the upper end, we are clearing bits [63:48]. Per the SMMUv3 spec,
8
only bits [63:52] must be explicitly treated as zero.
9
10
Update the SMMU_BASE_ADDR_MASK value to mask out bits [63:52] and [5:0].
11
12
ref. ARM IHI 0070C, section 6.3.23.
13
14
Signed-off-by: Simon Veith <sveith@amazon.de>
15
Acked-by: Eric Auger <eric.auger@redhat.com>
16
Tested-by: Eric Auger <eric.auger@redhat.com>
17
Message-id: 1576509312-13083-3-git-send-email-sveith@amazon.de
18
Cc: Eric Auger <eric.auger@redhat.com>
19
Cc: qemu-devel@nongnu.org
20
Cc: qemu-arm@nongnu.org
21
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
---
24
hw/arm/smmuv3-internal.h | 2 +-
25
1 file changed, 1 insertion(+), 1 deletion(-)
26
27
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
28
index XXXXXXX..XXXXXXX 100644
29
--- a/hw/arm/smmuv3-internal.h
30
+++ b/hw/arm/smmuv3-internal.h
31
@@ -XXX,XX +XXX,XX @@ REG32(GERROR_IRQ_CFG2, 0x74)
32
33
#define A_STRTAB_BASE 0x80 /* 64b */
34
35
-#define SMMU_BASE_ADDR_MASK 0xffffffffffe0
36
+#define SMMU_BASE_ADDR_MASK 0xfffffffffffc0
37
38
REG32(STRTAB_BASE_CFG, 0x88)
39
FIELD(STRTAB_BASE_CFG, FMT, 16, 2)
40
--
41
2.20.1
42
43
diff view generated by jsdifflib
[PULL 10/12] hw/arm/smmuv3: Report F_STE_FETCH fault address in correct word position
[PULL 4/7] docs/system/arm/virt: Document 'mte' machine option
1
From: Simon Veith <sveith@amazon.de>
1
Commit 6a0b7505f1fd6769c which added documentation of the virt board
2
crossed in the post with commit 6f4e1405b91da0d0 which added a new
3
'mte' machine option. Update the docs to include the new option.
2
4
3
The smmuv3_record_event() function that generates the F_STE_FETCH error
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
uses the EVT_SET_ADDR macro to record the fetch address, placing it in
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
5
32-bit words 4 and 5.
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
---
9
docs/system/arm/virt.rst | 4 ++++
10
1 file changed, 4 insertions(+)
6
11
7
The correct position for this address is in words 6 and 7, per the
12
diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
8
SMMUv3 Architecture Specification.
9
10
Update the function to use the EVT_SET_ADDR2 macro instead, which is the
11
macro intended for writing to these words.
12
13
ref. ARM IHI 0070C, section 7.3.4.
14
15
Signed-off-by: Simon Veith <sveith@amazon.de>
16
Acked-by: Eric Auger <eric.auger@redhat.com>
17
Tested-by: Eric Auger <eric.auger@redhat.com>
18
Message-id: 1576509312-13083-7-git-send-email-sveith@amazon.de
19
Cc: Eric Auger <eric.auger@redhat.com>
20
Cc: qemu-devel@nongnu.org
21
Cc: qemu-arm@nongnu.org
22
Acked-by: Eric Auger <eric.auger@redhat.com>
23
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
24
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
25
---
26
hw/arm/smmuv3.c | 2 +-
27
1 file changed, 1 insertion(+), 1 deletion(-)
28
29
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
30
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
31
--- a/hw/arm/smmuv3.c
14
--- a/docs/system/arm/virt.rst
32
+++ b/hw/arm/smmuv3.c
15
+++ b/docs/system/arm/virt.rst
33
@@ -XXX,XX +XXX,XX @@ void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
16
@@ -XXX,XX +XXX,XX @@ virtualization
34
case SMMU_EVT_F_STE_FETCH:
17
Set ``on``/``off`` to enable/disable emulating a guest CPU which implements the
35
EVT_SET_SSID(&evt, info->u.f_ste_fetch.ssid);
18
Arm Virtualization Extensions. The default is ``off``.
36
EVT_SET_SSV(&evt, info->u.f_ste_fetch.ssv);
19
37
- EVT_SET_ADDR(&evt, info->u.f_ste_fetch.addr);
20
+mte
38
+ EVT_SET_ADDR2(&evt, info->u.f_ste_fetch.addr);
21
+ Set ``on``/``off`` to enable/disable emulating a guest CPU which implements the
39
break;
22
+ Arm Memory Tagging Extensions. The default is ``off``.
40
case SMMU_EVT_C_BAD_STE:
23
+
41
EVT_SET_SSID(&evt, info->u.c_bad_ste.ssid);
24
highmem
25
Set ``on``/``off`` to enable/disable placing devices and RAM in physical
26
address space above 32 bits. The default is ``on`` for machine types
42
--
27
--
43
2.20.1
28
2.20.1
44
29
45
30
diff view generated by jsdifflib
[PULL 09/12] hw/arm/smmuv3: Use correct bit positions in EVT_SET_ADDR2 macro
[PULL 5/7] hw/arm/boot: Fix PAUTH for EL3 direct kernel boot
1
From: Simon Veith <sveith@amazon.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
The bit offsets in the EVT_SET_ADDR2 macro do not match those specified
3
When booting an EL3 cpu with -kernel, we set up EL3 and then
4
in the ARM SMMUv3 Architecture Specification. In all events that use
4
drop down to EL2. We need to enable access to v8.3-PAuth
5
this macro, e.g. F_WALK_EABT, the faulting fetch address or IPA actually
5
keys and instructions at EL3 before doing so.
6
occupies the 32-bit words 6 and 7 in the event record contiguously, with
7
the upper and lower unused bits clear due to alignment or maximum
8
supported address bits. How many bits are clear depends on the
9
individual event type.
10
6
11
Update the macro to write to the correct words in the event record so
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
12
that guest drivers can obtain accurate address information on events.
8
Message-id: 20200724163853.504655-2-richard.henderson@linaro.org
13
14
ref. ARM IHI 0070C, sections 7.3.12 through 7.3.16.
15
16
Signed-off-by: Simon Veith <sveith@amazon.de>
17
Acked-by: Eric Auger <eric.auger@redhat.com>
18
Tested-by: Eric Auger <eric.auger@redhat.com>
19
Message-id: 1576509312-13083-6-git-send-email-sveith@amazon.de
20
Cc: Eric Auger <eric.auger@redhat.com>
21
Cc: qemu-devel@nongnu.org
22
Cc: qemu-arm@nongnu.org
23
Acked-by: Eric Auger <eric.auger@redhat.com>
24
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
25
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
26
---
11
---
27
hw/arm/smmuv3-internal.h | 4 ++--
12
hw/arm/boot.c | 3 +++
28
1 file changed, 2 insertions(+), 2 deletions(-)
13
1 file changed, 3 insertions(+)
29
14
30
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
15
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
31
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
32
--- a/hw/arm/smmuv3-internal.h
17
--- a/hw/arm/boot.c
33
+++ b/hw/arm/smmuv3-internal.h
18
+++ b/hw/arm/boot.c
34
@@ -XXX,XX +XXX,XX @@ typedef struct SMMUEventInfo {
19
@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
35
} while (0)
20
} else {
36
#define EVT_SET_ADDR2(x, addr) \
21
env->pstate = PSTATE_MODE_EL1h;
37
do { \
22
}
38
- (x)->word[7] = deposit32((x)->word[7], 3, 29, addr >> 16); \
23
+ if (cpu_isar_feature(aa64_pauth, cpu)) {
39
- (x)->word[7] = deposit32((x)->word[7], 0, 16, addr & 0xffff);\
24
+ env->cp15.scr_el3 |= SCR_API | SCR_APK;
40
+ (x)->word[7] = (uint32_t)(addr >> 32); \
25
+ }
41
+ (x)->word[6] = (uint32_t)(addr & 0xffffffff); \
26
/* AArch64 kernels never boot in secure mode */
42
} while (0)
27
assert(!info->secure_boot);
43
28
/* This hook is only supported for AArch32 currently:
44
void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *event);
45
--
29
--
46
2.20.1
30
2.20.1
47
31
48
32
diff view generated by jsdifflib
[PULL 08/12] hw/arm/smmuv3: Align stream table base address to table size
[PULL 6/7] hw/arm/boot: Fix MTE for EL3 direct kernel boot
1
From: Simon Veith <sveith@amazon.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Per the specification, and as observed in hardware, the SMMUv3 aligns
3
When booting an EL3 cpu with -kernel, we set up EL3 and then
4
the SMMU_STRTAB_BASE address to the size of the table by masking out the
4
drop down to EL2. We need to enable access to v8.5-MemTag
5
respective least significant bits in the ADDR field.
5
tag allocation at EL3 before doing so.
6
6
7
Apply this masking logic to our smmu_find_ste() lookup function per the
7
Reported-by: Peter Maydell <peter.maydell@linaro.org>
8
specification.
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
9
Message-id: 20200724163853.504655-3-richard.henderson@linaro.org
10
ref. ARM IHI 0070C, section 6.3.23.
11
12
Signed-off-by: Simon Veith <sveith@amazon.de>
13
Acked-by: Eric Auger <eric.auger@redhat.com>
14
Tested-by: Eric Auger <eric.auger@redhat.com>
15
Message-id: 1576509312-13083-5-git-send-email-sveith@amazon.de
16
Cc: Eric Auger <eric.auger@redhat.com>
17
Cc: qemu-devel@nongnu.org
18
Cc: qemu-arm@nongnu.org
19
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
20
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
21
---
12
---
22
hw/arm/smmuv3.c | 18 ++++++++++++++----
13
hw/arm/boot.c | 3 +++
23
1 file changed, 14 insertions(+), 4 deletions(-)
14
1 file changed, 3 insertions(+)
24
15
25
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
16
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
26
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
27
--- a/hw/arm/smmuv3.c
18
--- a/hw/arm/boot.c
28
+++ b/hw/arm/smmuv3.c
19
+++ b/hw/arm/boot.c
29
@@ -XXX,XX +XXX,XX @@ bad_ste:
20
@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
30
static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
21
if (cpu_isar_feature(aa64_pauth, cpu)) {
31
SMMUEventInfo *event)
22
env->cp15.scr_el3 |= SCR_API | SCR_APK;
32
{
23
}
33
- dma_addr_t addr;
24
+ if (cpu_isar_feature(aa64_mte, cpu)) {
34
+ dma_addr_t addr, strtab_base;
25
+ env->cp15.scr_el3 |= SCR_ATA;
35
uint32_t log2size;
26
+ }
36
+ int strtab_size_shift;
27
/* AArch64 kernels never boot in secure mode */
37
int ret;
28
assert(!info->secure_boot);
38
29
/* This hook is only supported for AArch32 currently:
39
trace_smmuv3_find_ste(sid, s->features, s->sid_split);
40
@@ -XXX,XX +XXX,XX @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
41
}
42
if (s->features & SMMU_FEATURE_2LVL_STE) {
43
int l1_ste_offset, l2_ste_offset, max_l2_ste, span;
44
- dma_addr_t strtab_base, l1ptr, l2ptr;
45
+ dma_addr_t l1ptr, l2ptr;
46
STEDesc l1std;
47
48
- strtab_base = s->strtab_base & SMMU_BASE_ADDR_MASK;
49
+ /*
50
+ * Align strtab base address to table size. For this purpose, assume it
51
+ * is not bounded by SMMU_IDR1_SIDSIZE.
52
+ */
53
+ strtab_size_shift = MAX(5, (int)log2size - s->sid_split - 1 + 3);
54
+ strtab_base = s->strtab_base & SMMU_BASE_ADDR_MASK &
55
+ ~MAKE_64BIT_MASK(0, strtab_size_shift);
56
l1_ste_offset = sid >> s->sid_split;
57
l2_ste_offset = sid & ((1 << s->sid_split) - 1);
58
l1ptr = (dma_addr_t)(strtab_base + l1_ste_offset * sizeof(l1std));
59
@@ -XXX,XX +XXX,XX @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
60
}
61
addr = l2ptr + l2_ste_offset * sizeof(*ste);
62
} else {
63
- addr = (s->strtab_base & SMMU_BASE_ADDR_MASK) + sid * sizeof(*ste);
64
+ strtab_size_shift = log2size + 5;
65
+ strtab_base = s->strtab_base & SMMU_BASE_ADDR_MASK &
66
+ ~MAKE_64BIT_MASK(0, strtab_size_shift);
67
+ addr = strtab_base + sid * sizeof(*ste);
68
}
69
70
if (smmu_get_ste(s, addr, ste, event)) {
71
--
30
--
72
2.20.1
31
2.20.1
73
32
74
33
diff view generated by jsdifflib
[PULL 07/12] hw/arm/smmuv3: Check stream IDs against actual table LOG2SIZE
[PULL 7/7] target/arm: Improve IMPDEF algorithm for IRG
1
From: Simon Veith <sveith@amazon.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
When checking whether a stream ID is in range of the stream table, we
3
When GCR_EL1.RRND==1, the choosing of the random value is IMPDEF,
4
have so far been only checking it against our implementation limit
4
and the kernel is not expected to have set RGSR_EL1. Force a
5
(SMMU_IDR1_SIDSIZE). However, the guest can program the
5
non-zero value into SEED, so that we do not continually return
6
STRTAB_BASE_CFG.LOG2SIZE field to a size that is smaller than this
6
the same tag.
7
limit.
8
7
9
Check the stream ID against this limit as well to match the hardware
8
Reported-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
10
behavior of raising C_BAD_STREAMID events in case the limit is exceeded.
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Also, ensure that we do not go one entry beyond the end of the table by
10
Message-id: 20200724163853.504655-4-richard.henderson@linaro.org
12
checking that its index is strictly smaller than the table size.
13
14
ref. ARM IHI 0070C, section 6.3.24.
15
16
Signed-off-by: Simon Veith <sveith@amazon.de>
17
Acked-by: Eric Auger <eric.auger@redhat.com>
18
Tested-by: Eric Auger <eric.auger@redhat.com>
19
Message-id: 1576509312-13083-4-git-send-email-sveith@amazon.de
20
Cc: Eric Auger <eric.auger@redhat.com>
21
Cc: qemu-devel@nongnu.org
22
Cc: qemu-arm@nongnu.org
23
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
24
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
25
---
13
---
26
hw/arm/smmuv3.c | 8 ++++++--
14
target/arm/mte_helper.c | 37 ++++++++++++++++++++++++++++++-------
27
1 file changed, 6 insertions(+), 2 deletions(-)
15
1 file changed, 30 insertions(+), 7 deletions(-)
28
16
29
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
17
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
30
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
31
--- a/hw/arm/smmuv3.c
19
--- a/target/arm/mte_helper.c
32
+++ b/hw/arm/smmuv3.c
20
+++ b/target/arm/mte_helper.c
33
@@ -XXX,XX +XXX,XX @@ static int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste,
21
@@ -XXX,XX +XXX,XX @@
34
SMMUEventInfo *event)
22
#include "exec/ram_addr.h"
23
#include "exec/cpu_ldst.h"
24
#include "exec/helper-proto.h"
25
+#include "qapi/error.h"
26
+#include "qemu/guest-random.h"
27
28
29
static int choose_nonexcluded_tag(int tag, int offset, uint16_t exclude)
30
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
31
32
uint64_t HELPER(irg)(CPUARMState *env, uint64_t rn, uint64_t rm)
35
{
33
{
36
dma_addr_t addr;
34
- int rtag;
37
+ uint32_t log2size;
35
-
38
int ret;
36
- /*
39
37
- * Our IMPDEF choice for GCR_EL1.RRND==1 is to behave as if
40
trace_smmuv3_find_ste(sid, s->features, s->sid_split);
38
- * GCR_EL1.RRND==0, always producing deterministic results.
41
- /* Check SID range */
39
- */
42
- if (sid > (1 << SMMU_IDR1_SIDSIZE)) {
40
uint16_t exclude = extract32(rm | env->cp15.gcr_el1, 0, 16);
43
+ log2size = FIELD_EX32(s->strtab_base_cfg, STRTAB_BASE_CFG, LOG2SIZE);
41
+ int rrnd = extract32(env->cp15.gcr_el1, 16, 1);
42
int start = extract32(env->cp15.rgsr_el1, 0, 4);
43
int seed = extract32(env->cp15.rgsr_el1, 8, 16);
44
- int offset, i;
45
+ int offset, i, rtag;
46
+
44
+ /*
47
+ /*
45
+ * Check SID range against both guest-configured and implementation limits
48
+ * Our IMPDEF choice for GCR_EL1.RRND==1 is to continue to use the
49
+ * deterministic algorithm. Except that with RRND==1 the kernel is
50
+ * not required to have set RGSR_EL1.SEED != 0, which is required for
51
+ * the deterministic algorithm to function. So we force a non-zero
52
+ * SEED for that case.
46
+ */
53
+ */
47
+ if (sid >= (1 << MIN(log2size, SMMU_IDR1_SIDSIZE))) {
54
+ if (unlikely(seed == 0) && rrnd) {
48
event->type = SMMU_EVT_C_BAD_STREAMID;
55
+ do {
49
return -EINVAL;
56
+ Error *err = NULL;
50
}
57
+ uint16_t two;
58
+
59
+ if (qemu_guest_getrandom(&two, sizeof(two), &err) < 0) {
60
+ /*
61
+ * Failed, for unknown reasons in the crypto subsystem.
62
+ * Best we can do is log the reason and use a constant seed.
63
+ */
64
+ qemu_log_mask(LOG_UNIMP, "IRG: Crypto failure: %s\n",
65
+ error_get_pretty(err));
66
+ error_free(err);
67
+ two = 1;
68
+ }
69
+ seed = two;
70
+ } while (seed == 0);
71
+ }
72
73
/* RandomTag */
74
for (i = offset = 0; i < 4; ++i) {
51
--
75
--
52
2.20.1
76
2.20.1
53
77
54
78
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.