1
target-arm queue: nothing big, just a collection of minor things.
1
Nothing too exciting, but does include the last bits of v8.1M support work.
2
2
3
-- PMM
3
-- PMM
4
4
5
The following changes since commit ae3aa5da96f4ccf0c2a28851449d92db9fcfad71:
5
The following changes since commit e79de63ab1bd1f6550e7b915e433bec1ad1a870a:
6
6
7
Merge remote-tracking branch 'remotes/berrange/tags/socket-next-pull-request' into staging (2020-05-21 16:47:28 +0100)
7
Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210107' into staging (2021-01-07 20:34:05 +0000)
8
8
9
are available in the Git repository at:
9
are available in the Git repository at:
10
10
11
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200521
11
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210108
12
12
13
for you to fetch changes up to 17b5df7b65d0192c5d775b5e1581518580774c77:
13
for you to fetch changes up to c9f8511ea8d2b80723af0fea1f716d752c1b5208:
14
14
15
linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32 (2020-05-21 20:00:19 +0100)
15
docs/system: arm: Add sabrelite board description (2021-01-08 15:13:39 +0000)
16
16
17
----------------------------------------------------------------
17
----------------------------------------------------------------
18
target-arm queue:
18
target-arm queue:
19
* tests/acceptance: Add a test for the canon-a1100 machine
19
* intc/arm_gic: Fix gic_irq_signaling_enabled() for vCPUs
20
* docs/system: Document some of the Arm development boards
20
* target/arm: Fix MTE0_ACTIVE
21
* linux-user: make BKPT insn cause SIGTRAP, not be a syscall
21
* target/arm: Implement v8.1M and Cortex-M55 model
22
* target/arm: Remove unused GEN_NEON_INTEGER_OP macro
22
* hw/arm/highbank: Drop dead KVM support code
23
* fsl-imx25, fsl-imx31, fsl-imx6, fsl-imx6ul, fsl-imx7: implement watchdog
23
* util/qemu-timer: Make timer_free() imply timer_del()
24
* hw/arm: Use qemu_log_mask() instead of hw_error() in various places
24
* various devices: Use ptimer_free() in finalize function
25
* ARM: PL061: Introduce N_GPIOS
25
* docs/system: arm: Add sabrelite board description
26
* target/arm: Improve clear_vec_high() usage
26
* sabrelite: Minor fixes to allow booting U-Boot
27
* target/arm: Allow user-mode code to write CPSR.E via MSR
28
* linux-user/arm: Reset CPSR_E when entering a signal handler
29
* linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32
30
27
31
----------------------------------------------------------------
28
----------------------------------------------------------------
32
Amanieu d'Antras (1):
29
Andrew Jones (1):
33
linux-user/arm: Reset CPSR_E when entering a signal handler
30
hw/arm/virt: Remove virt machine state 'smp_cpus'
34
31
35
Geert Uytterhoeven (1):
32
Bin Meng (4):
36
ARM: PL061: Introduce N_GPIOS
33
hw/misc: imx6_ccm: Update PMU_MISC0 reset value
34
hw/msic: imx6_ccm: Correct register value for silicon type
35
hw/arm: sabrelite: Connect the Ethernet PHY at address 6
36
docs/system: arm: Add sabrelite board description
37
37
38
Guenter Roeck (8):
38
Edgar E. Iglesias (1):
39
hw: Move i.MX watchdog driver to hw/watchdog
39
intc/arm_gic: Fix gic_irq_signaling_enabled() for vCPUs
40
hw/watchdog: Implement full i.MX watchdog support
41
hw/arm/fsl-imx25: Wire up watchdog
42
hw/arm/fsl-imx31: Wire up watchdog
43
hw/arm/fsl-imx6: Connect watchdog interrupts
44
hw/arm/fsl-imx6ul: Connect watchdog interrupts
45
hw/arm/fsl-imx7: Instantiate various unimplemented devices
46
hw/arm/fsl-imx7: Connect watchdog interrupts
47
40
48
Peter Maydell (12):
41
Gan Qixin (7):
49
docs/system: Add 'Arm' to the Integrator/CP document title
42
digic-timer: Use ptimer_free() in the finalize function to avoid memleaks
50
docs/system: Sort Arm board index into alphabetical order
43
allwinner-a10-pit: Use ptimer_free() in the finalize function to avoid memleaks
51
docs/system: Document Arm Versatile Express boards
44
exynos4210_rtc: Use ptimer_free() in the finalize function to avoid memleaks
52
docs/system: Document the various MPS2 models
45
exynos4210_pwm: Use ptimer_free() in the finalize function to avoid memleaks
53
docs/system: Document Musca boards
46
mss-timer: Use ptimer_free() in the finalize function to avoid memleaks
54
linux-user/arm: BKPT should cause SIGTRAP, not be a syscall
47
musicpal: Use ptimer_free() in the finalize function to avoid memleaks
55
linux-user/arm: Remove bogus SVC 0xf0002 handling
48
exynos4210_mct: Use ptimer_free() in the finalize function to avoid memleaks
56
linux-user/arm: Handle invalid arm-specific syscalls correctly
57
linux-user/arm: Fix identification of syscall numbers
58
target/arm: Remove unused GEN_NEON_INTEGER_OP macro
59
target/arm: Allow user-mode code to write CPSR.E via MSR
60
linux-user/arm/signal.c: Drop TARGET_CONFIG_CPU_32
61
49
62
Philippe Mathieu-Daudé (4):
50
Peter Maydell (9):
63
hw/arm/integratorcp: Replace hw_error() by qemu_log_mask()
51
hw/intc/armv7m_nvic: Correct handling of CCR.BFHFNMIGN
64
hw/arm/pxa2xx: Replace hw_error() by qemu_log_mask()
52
target/arm: Correct store of FPSCR value via FPCXT_S
65
hw/char/xilinx_uartlite: Replace hw_error() by qemu_log_mask()
53
target/arm: Implement FPCXT_NS fp system register
66
hw/timer/exynos4210_mct: Replace hw_error() by qemu_log_mask()
54
target/arm: Implement Cortex-M55 model
55
hw/arm/highbank: Drop dead KVM support code
56
util/qemu-timer: Make timer_free() imply timer_del()
57
scripts/coccinelle: New script to remove unnecessary timer_del() calls
58
Remove superfluous timer_del() calls
59
target/arm: Remove timer_del()/timer_deinit() before timer_free()
67
60
68
Richard Henderson (2):
61
Richard Henderson (1):
69
target/arm: Use tcg_gen_gvec_mov for clear_vec_high
62
target/arm: Fix MTE0_ACTIVE
70
target/arm: Use clear_vec_high more effectively
71
63
72
Thomas Huth (1):
64
docs/system/arm/sabrelite.rst | 119 ++++++++++++++++++++++++++
73
tests/acceptance: Add a test for the canon-a1100 machine
65
docs/system/target-arm.rst | 1 +
66
scripts/coccinelle/timer-del-timer-free.cocci | 18 ++++
67
include/hw/arm/virt.h | 3 +-
68
include/qemu/timer.h | 24 +++---
69
block/iscsi.c | 2 -
70
block/nbd.c | 1 -
71
block/qcow2.c | 1 -
72
hw/arm/highbank.c | 14 +--
73
hw/arm/musicpal.c | 12 +++
74
hw/arm/sabrelite.c | 4 +
75
hw/arm/virt-acpi-build.c | 9 +-
76
hw/arm/virt.c | 21 +++--
77
hw/block/nvme.c | 2 -
78
hw/char/serial.c | 2 -
79
hw/char/virtio-serial-bus.c | 2 -
80
hw/ide/core.c | 1 -
81
hw/input/hid.c | 1 -
82
hw/intc/apic.c | 1 -
83
hw/intc/arm_gic.c | 4 +-
84
hw/intc/armv7m_nvic.c | 15 ++++
85
hw/intc/ioapic.c | 1 -
86
hw/ipmi/ipmi_bmc_extern.c | 1 -
87
hw/misc/imx6_ccm.c | 4 +-
88
hw/net/e1000.c | 3 -
89
hw/net/e1000e_core.c | 8 --
90
hw/net/pcnet-pci.c | 1 -
91
hw/net/rtl8139.c | 1 -
92
hw/net/spapr_llan.c | 1 -
93
hw/net/virtio-net.c | 2 -
94
hw/rtc/exynos4210_rtc.c | 9 ++
95
hw/s390x/s390-pci-inst.c | 1 -
96
hw/sd/sd.c | 1 -
97
hw/sd/sdhci.c | 2 -
98
hw/timer/allwinner-a10-pit.c | 11 +++
99
hw/timer/digic-timer.c | 8 ++
100
hw/timer/exynos4210_mct.c | 14 +++
101
hw/timer/exynos4210_pwm.c | 11 +++
102
hw/timer/mss-timer.c | 13 +++
103
hw/usb/dev-hub.c | 1 -
104
hw/usb/hcd-ehci.c | 1 -
105
hw/usb/hcd-ohci-pci.c | 1 -
106
hw/usb/hcd-uhci.c | 1 -
107
hw/usb/hcd-xhci.c | 1 -
108
hw/usb/redirect.c | 1 -
109
hw/vfio/display.c | 1 -
110
hw/virtio/vhost-vsock-common.c | 1 -
111
hw/virtio/virtio-balloon.c | 1 -
112
hw/virtio/virtio-rng.c | 1 -
113
hw/watchdog/wdt_diag288.c | 1 -
114
hw/watchdog/wdt_i6300esb.c | 1 -
115
migration/colo.c | 1 -
116
monitor/hmp-cmds.c | 1 -
117
net/announce.c | 1 -
118
net/colo-compare.c | 1 -
119
net/slirp.c | 1 -
120
replay/replay-debugging.c | 1 -
121
target/arm/cpu.c | 2 -
122
target/arm/cpu_tcg.c | 42 +++++++++
123
target/arm/helper.c | 2 +-
124
target/s390x/cpu.c | 2 -
125
ui/console.c | 1 -
126
ui/spice-core.c | 1 -
127
util/throttle.c | 1 -
128
target/arm/translate-vfp.c.inc | 114 ++++++++++++++++++++++--
129
65 files changed, 421 insertions(+), 111 deletions(-)
130
create mode 100644 docs/system/arm/sabrelite.rst
131
create mode 100644 scripts/coccinelle/timer-del-timer-free.cocci
74
132
75
docs/system/arm/integratorcp.rst | 4 +-
76
docs/system/arm/mps2.rst | 29 +++
77
docs/system/arm/musca.rst | 31 +++
78
docs/system/arm/vexpress.rst | 60 ++++++
79
docs/system/target-arm.rst | 20 +-
80
include/hw/arm/fsl-imx25.h | 5 +
81
include/hw/arm/fsl-imx31.h | 4 +
82
include/hw/arm/fsl-imx6.h | 2 +-
83
include/hw/arm/fsl-imx6ul.h | 2 +-
84
include/hw/arm/fsl-imx7.h | 23 ++-
85
include/hw/misc/imx2_wdt.h | 33 ----
86
include/hw/watchdog/wdt_imx2.h | 90 +++++++++
87
target/arm/cpu.h | 2 +-
88
hw/arm/fsl-imx25.c | 10 +
89
hw/arm/fsl-imx31.c | 6 +
90
hw/arm/fsl-imx6.c | 9 +
91
hw/arm/fsl-imx6ul.c | 10 +
92
hw/arm/fsl-imx7.c | 35 ++++
93
hw/arm/integratorcp.c | 23 ++-
94
hw/arm/pxa2xx_gpio.c | 7 +-
95
hw/char/xilinx_uartlite.c | 5 +-
96
hw/display/pxa2xx_lcd.c | 8 +-
97
hw/dma/pxa2xx_dma.c | 14 +-
98
hw/gpio/pl061.c | 12 +-
99
hw/misc/imx2_wdt.c | 90 ---------
100
hw/timer/exynos4210_mct.c | 12 +-
101
hw/watchdog/wdt_imx2.c | 303 +++++++++++++++++++++++++++++
102
linux-user/arm/cpu_loop.c | 145 ++++++++------
103
linux-user/arm/signal.c | 15 +-
104
target/arm/translate-a64.c | 63 +++---
105
target/arm/translate.c | 23 ---
106
MAINTAINERS | 6 +
107
hw/arm/Kconfig | 5 +
108
hw/misc/Makefile.objs | 1 -
109
hw/watchdog/Kconfig | 3 +
110
hw/watchdog/Makefile.objs | 1 +
111
tests/acceptance/machine_arm_canona1100.py | 35 ++++
112
37 files changed, 854 insertions(+), 292 deletions(-)
113
create mode 100644 docs/system/arm/mps2.rst
114
create mode 100644 docs/system/arm/musca.rst
115
create mode 100644 docs/system/arm/vexpress.rst
116
delete mode 100644 include/hw/misc/imx2_wdt.h
117
create mode 100644 include/hw/watchdog/wdt_imx2.h
118
delete mode 100644 hw/misc/imx2_wdt.c
119
create mode 100644 hw/watchdog/wdt_imx2.c
120
create mode 100644 tests/acceptance/machine_arm_canona1100.py
121
diff view generated by jsdifflib
Deleted patch
1
From: Thomas Huth <thuth@redhat.com>
2
1
3
The canon-a1100 machine can be used with the Barebox firmware. The
4
QEMU Advent Calendar 2018 features a pre-compiled image which we
5
can use for testing.
6
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
9
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
10
Tested-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
11
Signed-off-by: Thomas Huth <thuth@redhat.com>
12
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
13
Message-id: 20200514190422.23645-1-f4bug@amsat.org
14
Message-Id: <20200129090420.13954-1-thuth@redhat.com>
15
[PMD: Rebased MAINTAINERS]
16
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
---
19
MAINTAINERS | 1 +
20
tests/acceptance/machine_arm_canona1100.py | 35 ++++++++++++++++++++++
21
2 files changed, 36 insertions(+)
22
create mode 100644 tests/acceptance/machine_arm_canona1100.py
23
24
diff --git a/MAINTAINERS b/MAINTAINERS
25
index XXXXXXX..XXXXXXX 100644
26
--- a/MAINTAINERS
27
+++ b/MAINTAINERS
28
@@ -XXX,XX +XXX,XX @@ S: Odd Fixes
29
F: include/hw/arm/digic.h
30
F: hw/*/digic*
31
F: include/hw/*/digic*
32
+F: tests/acceptance/machine_arm_canona1100.py
33
34
Goldfish RTC
35
M: Anup Patel <anup.patel@wdc.com>
36
diff --git a/tests/acceptance/machine_arm_canona1100.py b/tests/acceptance/machine_arm_canona1100.py
37
new file mode 100644
38
index XXXXXXX..XXXXXXX
39
--- /dev/null
40
+++ b/tests/acceptance/machine_arm_canona1100.py
41
@@ -XXX,XX +XXX,XX @@
42
+# Functional test that boots the canon-a1100 machine with firmware
43
+#
44
+# Copyright (c) 2020 Red Hat, Inc.
45
+#
46
+# Author:
47
+# Thomas Huth <thuth@redhat.com>
48
+#
49
+# This work is licensed under the terms of the GNU GPL, version 2 or
50
+# later. See the COPYING file in the top-level directory.
51
+
52
+from avocado_qemu import Test
53
+from avocado_qemu import wait_for_console_pattern
54
+from avocado.utils import archive
55
+
56
+class CanonA1100Machine(Test):
57
+ """Boots the barebox firmware and checks that the console is operational"""
58
+
59
+ timeout = 90
60
+
61
+ def test_arm_canona1100(self):
62
+ """
63
+ :avocado: tags=arch:arm
64
+ :avocado: tags=machine:canon-a1100
65
+ :avocado: tags=device:pflash_cfi02
66
+ """
67
+ tar_url = ('https://www.qemu-advent-calendar.org'
68
+ '/2018/download/day18.tar.xz')
69
+ tar_hash = '068b5fc4242b29381acee94713509f8a876e9db6'
70
+ file_path = self.fetch_asset(tar_url, asset_hash=tar_hash)
71
+ archive.extract(file_path, self.workdir)
72
+ self.vm.set_console()
73
+ self.vm.add_args('-bios',
74
+ self.workdir + '/day18/barebox.canon-a1100.bin')
75
+ self.vm.launch()
76
+ wait_for_console_pattern(self, 'running /env/bin/init')
77
--
78
2.20.1
79
80
diff view generated by jsdifflib
1
From: Guenter Roeck <linux@roeck-us.net>
1
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
2
2
3
With this patch, the watchdog on i.MX31 emulations is fully operational.
3
Correct the indexing into s->cpu_ctlr for vCPUs.
4
4
5
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
6
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Message-id: 20200517162135.110364-5-linux@roeck-us.net
7
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
8
Message-id: 20201214222154.3480243-2-edgar.iglesias@gmail.com
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
---
10
include/hw/arm/fsl-imx31.h | 4 ++++
11
hw/intc/arm_gic.c | 4 +++-
11
hw/arm/fsl-imx31.c | 6 ++++++
12
1 file changed, 3 insertions(+), 1 deletion(-)
12
hw/arm/Kconfig | 1 +
13
3 files changed, 11 insertions(+)
14
13
15
diff --git a/include/hw/arm/fsl-imx31.h b/include/hw/arm/fsl-imx31.h
14
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
16
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
17
--- a/include/hw/arm/fsl-imx31.h
16
--- a/hw/intc/arm_gic.c
18
+++ b/include/hw/arm/fsl-imx31.h
17
+++ b/hw/intc/arm_gic.c
19
@@ -XXX,XX +XXX,XX @@
18
@@ -XXX,XX +XXX,XX @@ static inline void gic_get_best_virq(GICState *s, int cpu,
20
#include "hw/timer/imx_epit.h"
19
static inline bool gic_irq_signaling_enabled(GICState *s, int cpu, bool virt,
21
#include "hw/i2c/imx_i2c.h"
20
int group_mask)
22
#include "hw/gpio/imx_gpio.h"
21
{
23
+#include "hw/watchdog/wdt_imx2.h"
22
+ int cpu_iface = virt ? (cpu + GIC_NCPU) : cpu;
24
#include "exec/memory.h"
23
+
25
#include "target/arm/cpu.h"
24
if (!virt && !(s->ctlr & group_mask)) {
26
25
return false;
27
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX31State {
28
IMXEPITState epit[FSL_IMX31_NUM_EPITS];
29
IMXI2CState i2c[FSL_IMX31_NUM_I2CS];
30
IMXGPIOState gpio[FSL_IMX31_NUM_GPIOS];
31
+ IMX2WdtState wdt;
32
MemoryRegion secure_rom;
33
MemoryRegion rom;
34
MemoryRegion iram;
35
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX31State {
36
#define FSL_IMX31_GPIO1_SIZE 0x4000
37
#define FSL_IMX31_GPIO2_ADDR 0x53FD0000
38
#define FSL_IMX31_GPIO2_SIZE 0x4000
39
+#define FSL_IMX31_WDT_ADDR 0x53FDC000
40
+#define FSL_IMX31_WDT_SIZE 0x4000
41
#define FSL_IMX31_AVIC_ADDR 0x68000000
42
#define FSL_IMX31_AVIC_SIZE 0x100
43
#define FSL_IMX31_SDRAM0_ADDR 0x80000000
44
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
45
index XXXXXXX..XXXXXXX 100644
46
--- a/hw/arm/fsl-imx31.c
47
+++ b/hw/arm/fsl-imx31.c
48
@@ -XXX,XX +XXX,XX @@ static void fsl_imx31_init(Object *obj)
49
sysbus_init_child_obj(obj, "gpio[*]", &s->gpio[i], sizeof(s->gpio[i]),
50
TYPE_IMX_GPIO);
51
}
26
}
52
+
27
@@ -XXX,XX +XXX,XX @@ static inline bool gic_irq_signaling_enabled(GICState *s, int cpu, bool virt,
53
+ sysbus_init_child_obj(obj, "wdt", &s->wdt, sizeof(s->wdt), TYPE_IMX2_WDT);
28
return false;
54
}
55
56
static void fsl_imx31_realize(DeviceState *dev, Error **errp)
57
@@ -XXX,XX +XXX,XX @@ static void fsl_imx31_realize(DeviceState *dev, Error **errp)
58
gpio_table[i].irq));
59
}
29
}
60
30
61
+ /* Watchdog */
31
- if (!(s->cpu_ctlr[cpu] & group_mask)) {
62
+ object_property_set_bool(OBJECT(&s->wdt), true, "realized", &error_abort);
32
+ if (!(s->cpu_ctlr[cpu_iface] & group_mask)) {
63
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt), 0, FSL_IMX31_WDT_ADDR);
33
return false;
64
+
34
}
65
/* On a real system, the first 16k is a `secure boot rom' */
35
66
memory_region_init_rom(&s->secure_rom, OBJECT(dev), "imx31.secure_rom",
67
FSL_IMX31_SECURE_ROM_SIZE, &err);
68
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
69
index XXXXXXX..XXXXXXX 100644
70
--- a/hw/arm/Kconfig
71
+++ b/hw/arm/Kconfig
72
@@ -XXX,XX +XXX,XX @@ config FSL_IMX31
73
select SERIAL
74
select IMX
75
select IMX_I2C
76
+ select WDT_IMX2
77
select LAN9118
78
79
config FSL_IMX6
80
--
36
--
81
2.20.1
37
2.20.1
82
38
83
39
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Andrew Jones <drjones@redhat.com>
2
2
3
hw_error() calls exit(). This a bit overkill when we can log
3
virt machine's 'smp_cpus' and machine->smp.cpus must always have the
4
the accesses as unimplemented or guest error.
4
same value. And, anywhere we have virt machine state we have machine
5
state. So let's remove the redundancy. Also, to make it easier to see
6
that machine->smp is the true source for "smp_cpus" and "max_cpus",
7
avoid passing them in function parameters, preferring instead to get
8
them from the state.
5
9
6
When fuzzing the devices, we don't want the whole process to
10
No functional change intended.
7
exit. Replace some hw_error() calls by qemu_log_mask().
8
11
9
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
12
Signed-off-by: Andrew Jones <drjones@redhat.com>
10
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
13
Reviewed-by: David Edmondson <david.edmondson@oracle.com>
11
Message-id: 20200518140309.5220-3-f4bug@amsat.org
14
Reviewed-by: Ying Fang <fangying1@huawei.com>
15
Message-id: 20201215174815.51520-1-drjones@redhat.com
16
[PMM: minor formatting tweak to smp_cpus variable declaration]
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
18
---
14
hw/arm/pxa2xx_gpio.c | 7 ++++---
19
include/hw/arm/virt.h | 3 +--
15
hw/display/pxa2xx_lcd.c | 8 +++++---
20
hw/arm/virt-acpi-build.c | 9 +++++----
16
hw/dma/pxa2xx_dma.c | 14 +++++++++-----
21
hw/arm/virt.c | 21 ++++++++++-----------
17
3 files changed, 18 insertions(+), 11 deletions(-)
22
3 files changed, 16 insertions(+), 17 deletions(-)
18
23
19
diff --git a/hw/arm/pxa2xx_gpio.c b/hw/arm/pxa2xx_gpio.c
24
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
20
index XXXXXXX..XXXXXXX 100644
25
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/arm/pxa2xx_gpio.c
26
--- a/include/hw/arm/virt.h
22
+++ b/hw/arm/pxa2xx_gpio.c
27
+++ b/include/hw/arm/virt.h
28
@@ -XXX,XX +XXX,XX @@ struct VirtMachineState {
29
MemMapEntry *memmap;
30
char *pciehb_nodename;
31
const int *irqmap;
32
- int smp_cpus;
33
void *fdt;
34
int fdt_size;
35
uint32_t clock_phandle;
36
@@ -XXX,XX +XXX,XX @@ static inline int virt_gicv3_redist_region_count(VirtMachineState *vms)
37
38
assert(vms->gic_version == VIRT_GIC_VERSION_3);
39
40
- return vms->smp_cpus > redist0_capacity ? 2 : 1;
41
+ return MACHINE(vms)->smp.cpus > redist0_capacity ? 2 : 1;
42
}
43
44
#endif /* QEMU_ARM_VIRT_H */
45
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
46
index XXXXXXX..XXXXXXX 100644
47
--- a/hw/arm/virt-acpi-build.c
48
+++ b/hw/arm/virt-acpi-build.c
23
@@ -XXX,XX +XXX,XX @@
49
@@ -XXX,XX +XXX,XX @@
24
50
25
#include "qemu/osdep.h"
51
#define ACPI_BUILD_TABLE_SIZE 0x20000
26
#include "cpu.h"
52
27
-#include "hw/hw.h"
53
-static void acpi_dsdt_add_cpus(Aml *scope, int smp_cpus)
28
#include "hw/irq.h"
54
+static void acpi_dsdt_add_cpus(Aml *scope, VirtMachineState *vms)
29
#include "hw/qdev-properties.h"
55
{
30
#include "hw/sysbus.h"
56
+ MachineState *ms = MACHINE(vms);
31
@@ -XXX,XX +XXX,XX @@ static uint64_t pxa2xx_gpio_read(void *opaque, hwaddr offset,
57
uint16_t i;
32
return s->status[bank];
58
33
59
- for (i = 0; i < smp_cpus; i++) {
34
default:
60
+ for (i = 0; i < ms->smp.cpus; i++) {
35
- hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset);
61
Aml *dev = aml_device("C%.03X", i);
36
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
62
aml_append(dev, aml_name_decl("_HID", aml_string("ACPI0007")));
37
+ __func__, offset);
63
aml_append(dev, aml_name_decl("_UID", aml_int(i)));
64
@@ -XXX,XX +XXX,XX @@ build_madt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
65
gicd->base_address = cpu_to_le64(memmap[VIRT_GIC_DIST].base);
66
gicd->version = vms->gic_version;
67
68
- for (i = 0; i < vms->smp_cpus; i++) {
69
+ for (i = 0; i < MACHINE(vms)->smp.cpus; i++) {
70
AcpiMadtGenericCpuInterface *gicc = acpi_data_push(table_data,
71
sizeof(*gicc));
72
ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(i));
73
@@ -XXX,XX +XXX,XX @@ build_dsdt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
74
* the RTC ACPI device at all when using UEFI.
75
*/
76
scope = aml_scope("\\_SB");
77
- acpi_dsdt_add_cpus(scope, vms->smp_cpus);
78
+ acpi_dsdt_add_cpus(scope, vms);
79
acpi_dsdt_add_uart(scope, &memmap[VIRT_UART],
80
(irqmap[VIRT_UART] + ARM_SPI_BASE));
81
if (vmc->acpi_expose_flash) {
82
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
83
index XXXXXXX..XXXXXXX 100644
84
--- a/hw/arm/virt.c
85
+++ b/hw/arm/virt.c
86
@@ -XXX,XX +XXX,XX @@ static void fdt_add_timer_nodes(const VirtMachineState *vms)
87
if (vms->gic_version == VIRT_GIC_VERSION_2) {
88
irqflags = deposit32(irqflags, GIC_FDT_IRQ_PPI_CPU_START,
89
GIC_FDT_IRQ_PPI_CPU_WIDTH,
90
- (1 << vms->smp_cpus) - 1);
91
+ (1 << MACHINE(vms)->smp.cpus) - 1);
38
}
92
}
39
93
40
return 0;
94
qemu_fdt_add_subnode(vms->fdt, "/timer");
41
@@ -XXX,XX +XXX,XX @@ static void pxa2xx_gpio_write(void *opaque, hwaddr offset,
95
@@ -XXX,XX +XXX,XX @@ static void fdt_add_cpu_nodes(const VirtMachineState *vms)
42
break;
96
int cpu;
43
97
int addr_cells = 1;
44
default:
98
const MachineState *ms = MACHINE(vms);
45
- hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset);
99
+ int smp_cpus = ms->smp.cpus;
46
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
100
47
+ __func__, offset);
101
/*
102
* From Documentation/devicetree/bindings/arm/cpus.txt
103
@@ -XXX,XX +XXX,XX @@ static void fdt_add_cpu_nodes(const VirtMachineState *vms)
104
* The simplest way to go is to examine affinity IDs of all our CPUs. If
105
* at least one of them has Aff3 populated, we set #address-cells to 2.
106
*/
107
- for (cpu = 0; cpu < vms->smp_cpus; cpu++) {
108
+ for (cpu = 0; cpu < smp_cpus; cpu++) {
109
ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));
110
111
if (armcpu->mp_affinity & ARM_AFF3_MASK) {
112
@@ -XXX,XX +XXX,XX @@ static void fdt_add_cpu_nodes(const VirtMachineState *vms)
113
qemu_fdt_setprop_cell(vms->fdt, "/cpus", "#address-cells", addr_cells);
114
qemu_fdt_setprop_cell(vms->fdt, "/cpus", "#size-cells", 0x0);
115
116
- for (cpu = vms->smp_cpus - 1; cpu >= 0; cpu--) {
117
+ for (cpu = smp_cpus - 1; cpu >= 0; cpu--) {
118
char *nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
119
ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));
120
CPUState *cs = CPU(armcpu);
121
@@ -XXX,XX +XXX,XX @@ static void fdt_add_cpu_nodes(const VirtMachineState *vms)
122
qemu_fdt_setprop_string(vms->fdt, nodename, "compatible",
123
armcpu->dtb_compatible);
124
125
- if (vms->psci_conduit != QEMU_PSCI_CONDUIT_DISABLED
126
- && vms->smp_cpus > 1) {
127
+ if (vms->psci_conduit != QEMU_PSCI_CONDUIT_DISABLED && smp_cpus > 1) {
128
qemu_fdt_setprop_string(vms->fdt, nodename,
129
"enable-method", "psci");
130
}
131
@@ -XXX,XX +XXX,XX @@ static void fdt_add_pmu_nodes(const VirtMachineState *vms)
132
if (vms->gic_version == VIRT_GIC_VERSION_2) {
133
irqflags = deposit32(irqflags, GIC_FDT_IRQ_PPI_CPU_START,
134
GIC_FDT_IRQ_PPI_CPU_WIDTH,
135
- (1 << vms->smp_cpus) - 1);
136
+ (1 << MACHINE(vms)->smp.cpus) - 1);
48
}
137
}
49
}
138
50
139
qemu_fdt_add_subnode(vms->fdt, "/pmu");
51
diff --git a/hw/display/pxa2xx_lcd.c b/hw/display/pxa2xx_lcd.c
140
@@ -XXX,XX +XXX,XX @@ static void finalize_gic_version(VirtMachineState *vms)
52
index XXXXXXX..XXXXXXX 100644
141
* virt_cpu_post_init() must be called after the CPUs have
53
--- a/hw/display/pxa2xx_lcd.c
142
* been realized and the GIC has been created.
54
+++ b/hw/display/pxa2xx_lcd.c
55
@@ -XXX,XX +XXX,XX @@
56
*/
143
*/
57
144
-static void virt_cpu_post_init(VirtMachineState *vms, int max_cpus,
58
#include "qemu/osdep.h"
145
- MemoryRegion *sysmem)
59
-#include "hw/hw.h"
146
+static void virt_cpu_post_init(VirtMachineState *vms, MemoryRegion *sysmem)
60
+#include "qemu/log.h"
147
{
61
#include "hw/irq.h"
148
+ int max_cpus = MACHINE(vms)->smp.max_cpus;
62
#include "migration/vmstate.h"
149
bool aarch64, pmu, steal_time;
63
#include "ui/console.h"
150
CPUState *cpu;
64
@@ -XXX,XX +XXX,XX @@ static uint64_t pxa2xx_lcdc_read(void *opaque, hwaddr offset,
151
65
152
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
66
default:
153
exit(1);
67
fail:
68
- hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset);
69
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
70
+ __func__, offset);
71
}
154
}
72
155
73
return 0;
156
- vms->smp_cpus = smp_cpus;
74
@@ -XXX,XX +XXX,XX @@ static void pxa2xx_lcdc_write(void *opaque, hwaddr offset,
75
76
default:
77
fail:
78
- hw_error("%s: Bad offset " REG_FMT "\n", __func__, offset);
79
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
80
+ __func__, offset);
81
}
82
}
83
84
diff --git a/hw/dma/pxa2xx_dma.c b/hw/dma/pxa2xx_dma.c
85
index XXXXXXX..XXXXXXX 100644
86
--- a/hw/dma/pxa2xx_dma.c
87
+++ b/hw/dma/pxa2xx_dma.c
88
@@ -XXX,XX +XXX,XX @@
89
*/
90
91
#include "qemu/osdep.h"
92
+#include "qemu/log.h"
93
#include "hw/hw.h"
94
#include "hw/irq.h"
95
#include "hw/qdev-properties.h"
96
@@ -XXX,XX +XXX,XX @@ static uint64_t pxa2xx_dma_read(void *opaque, hwaddr offset,
97
unsigned int channel;
98
99
if (size != 4) {
100
- hw_error("%s: Bad access width\n", __func__);
101
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad access width %u\n",
102
+ __func__, size);
103
return 5;
104
}
105
106
@@ -XXX,XX +XXX,XX @@ static uint64_t pxa2xx_dma_read(void *opaque, hwaddr offset,
107
return s->chan[channel].cmd;
108
}
109
}
110
-
157
-
111
- hw_error("%s: Bad offset 0x" TARGET_FMT_plx "\n", __func__, offset);
158
if (vms->virt && kvm_enabled()) {
112
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
159
error_report("mach-virt: KVM does not support providing "
113
+ __func__, offset);
160
"Virtualization extensions to the guest CPU");
114
return 7;
161
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
115
}
162
create_fdt(vms);
116
163
117
@@ -XXX,XX +XXX,XX @@ static void pxa2xx_dma_write(void *opaque, hwaddr offset,
164
possible_cpus = mc->possible_cpu_arch_ids(machine);
118
unsigned int channel;
165
+ assert(possible_cpus->len == max_cpus);
119
166
for (n = 0; n < possible_cpus->len; n++) {
120
if (size != 4) {
167
Object *cpuobj;
121
- hw_error("%s: Bad access width\n", __func__);
168
CPUState *cs;
122
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad access width %u\n",
169
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
123
+ __func__, size);
170
124
return;
171
create_gic(vms);
125
}
172
126
173
- virt_cpu_post_init(vms, possible_cpus->len, sysmem);
127
@@ -XXX,XX +XXX,XX @@ static void pxa2xx_dma_write(void *opaque, hwaddr offset,
174
+ virt_cpu_post_init(vms, sysmem);
128
break;
175
129
}
176
fdt_add_pmu_nodes(vms);
130
fail:
131
- hw_error("%s: Bad offset " TARGET_FMT_plx "\n", __func__, offset);
132
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
133
+ __func__, offset);
134
}
135
}
136
177
137
--
178
--
138
2.20.1
179
2.20.1
139
180
140
181
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Do not explicitly store zero to the NEON high part
3
In 50244cc76abc we updated mte_check_fail to match the ARM
4
when we can pass !is_q to clear_vec_high.
4
pseudocode, using the correct EL to select the TCF field.
5
But we failed to update MTE0_ACTIVE the same way, which led
6
to g_assert_not_reached().
5
7
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
8
Cc: qemu-stable@nongnu.org
9
Buglink: https://bugs.launchpad.net/bugs/1907137
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20200519212453.28494-3-richard.henderson@linaro.org
11
Message-id: 20201221204426.88514-1-richard.henderson@linaro.org
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
14
---
11
target/arm/translate-a64.c | 53 +++++++++++++++++++++++---------------
15
target/arm/helper.c | 2 +-
12
1 file changed, 32 insertions(+), 21 deletions(-)
16
1 file changed, 1 insertion(+), 1 deletion(-)
13
17
14
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
18
diff --git a/target/arm/helper.c b/target/arm/helper.c
15
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/translate-a64.c
20
--- a/target/arm/helper.c
17
+++ b/target/arm/translate-a64.c
21
+++ b/target/arm/helper.c
18
@@ -XXX,XX +XXX,XX @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size)
22
@@ -XXX,XX +XXX,XX @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
19
{
23
if (FIELD_EX32(flags, TBFLAG_A64, UNPRIV)
20
/* This always zero-extends and writes to a full 128 bit wide vector */
24
&& tbid
21
TCGv_i64 tmplo = tcg_temp_new_i64();
25
&& !(env->pstate & PSTATE_TCO)
22
- TCGv_i64 tmphi;
26
- && (sctlr & SCTLR_TCF0)
23
+ TCGv_i64 tmphi = NULL;
27
+ && (sctlr & SCTLR_TCF)
24
28
&& allocation_tag_access_enabled(env, 0, sctlr)) {
25
if (size < 4) {
29
flags = FIELD_DP32(flags, TBFLAG_A64, MTE0_ACTIVE, 1);
26
MemOp memop = s->be_data + size;
27
- tmphi = tcg_const_i64(0);
28
tcg_gen_qemu_ld_i64(tmplo, tcg_addr, get_mem_index(s), memop);
29
} else {
30
bool be = s->be_data == MO_BE;
31
@@ -XXX,XX +XXX,XX @@ static void do_fp_ld(DisasContext *s, int destidx, TCGv_i64 tcg_addr, int size)
32
}
33
34
tcg_gen_st_i64(tmplo, cpu_env, fp_reg_offset(s, destidx, MO_64));
35
- tcg_gen_st_i64(tmphi, cpu_env, fp_reg_hi_offset(s, destidx));
36
-
37
tcg_temp_free_i64(tmplo);
38
- tcg_temp_free_i64(tmphi);
39
40
- clear_vec_high(s, true, destidx);
41
+ if (tmphi) {
42
+ tcg_gen_st_i64(tmphi, cpu_env, fp_reg_hi_offset(s, destidx));
43
+ tcg_temp_free_i64(tmphi);
44
+ }
45
+ clear_vec_high(s, tmphi != NULL, destidx);
46
}
47
48
/*
49
@@ -XXX,XX +XXX,XX @@ static void disas_simd_ext(DisasContext *s, uint32_t insn)
50
read_vec_element(s, tcg_resh, rm, 0, MO_64);
51
do_ext64(s, tcg_resh, tcg_resl, pos);
52
}
30
}
53
- tcg_gen_movi_i64(tcg_resh, 0);
54
} else {
55
TCGv_i64 tcg_hh;
56
typedef struct {
57
@@ -XXX,XX +XXX,XX @@ static void disas_simd_ext(DisasContext *s, uint32_t insn)
58
59
write_vec_element(s, tcg_resl, rd, 0, MO_64);
60
tcg_temp_free_i64(tcg_resl);
61
- write_vec_element(s, tcg_resh, rd, 1, MO_64);
62
+ if (is_q) {
63
+ write_vec_element(s, tcg_resh, rd, 1, MO_64);
64
+ }
65
tcg_temp_free_i64(tcg_resh);
66
- clear_vec_high(s, true, rd);
67
+ clear_vec_high(s, is_q, rd);
68
}
69
70
/* TBL/TBX
71
@@ -XXX,XX +XXX,XX @@ static void disas_simd_tb(DisasContext *s, uint32_t insn)
72
* the input.
73
*/
74
tcg_resl = tcg_temp_new_i64();
75
- tcg_resh = tcg_temp_new_i64();
76
+ tcg_resh = NULL;
77
78
if (is_tblx) {
79
read_vec_element(s, tcg_resl, rd, 0, MO_64);
80
} else {
81
tcg_gen_movi_i64(tcg_resl, 0);
82
}
83
- if (is_tblx && is_q) {
84
- read_vec_element(s, tcg_resh, rd, 1, MO_64);
85
- } else {
86
- tcg_gen_movi_i64(tcg_resh, 0);
87
+
88
+ if (is_q) {
89
+ tcg_resh = tcg_temp_new_i64();
90
+ if (is_tblx) {
91
+ read_vec_element(s, tcg_resh, rd, 1, MO_64);
92
+ } else {
93
+ tcg_gen_movi_i64(tcg_resh, 0);
94
+ }
95
}
96
97
tcg_idx = tcg_temp_new_i64();
98
@@ -XXX,XX +XXX,XX @@ static void disas_simd_tb(DisasContext *s, uint32_t insn)
99
100
write_vec_element(s, tcg_resl, rd, 0, MO_64);
101
tcg_temp_free_i64(tcg_resl);
102
- write_vec_element(s, tcg_resh, rd, 1, MO_64);
103
- tcg_temp_free_i64(tcg_resh);
104
- clear_vec_high(s, true, rd);
105
+
106
+ if (is_q) {
107
+ write_vec_element(s, tcg_resh, rd, 1, MO_64);
108
+ tcg_temp_free_i64(tcg_resh);
109
+ }
110
+ clear_vec_high(s, is_q, rd);
111
}
112
113
/* ZIP/UZP/TRN
114
@@ -XXX,XX +XXX,XX @@ static void disas_simd_zip_trn(DisasContext *s, uint32_t insn)
115
}
116
117
tcg_resl = tcg_const_i64(0);
118
- tcg_resh = tcg_const_i64(0);
119
+ tcg_resh = is_q ? tcg_const_i64(0) : NULL;
120
tcg_res = tcg_temp_new_i64();
121
122
for (i = 0; i < elements; i++) {
123
@@ -XXX,XX +XXX,XX @@ static void disas_simd_zip_trn(DisasContext *s, uint32_t insn)
124
125
write_vec_element(s, tcg_resl, rd, 0, MO_64);
126
tcg_temp_free_i64(tcg_resl);
127
- write_vec_element(s, tcg_resh, rd, 1, MO_64);
128
- tcg_temp_free_i64(tcg_resh);
129
- clear_vec_high(s, true, rd);
130
+
131
+ if (is_q) {
132
+ write_vec_element(s, tcg_resh, rd, 1, MO_64);
133
+ tcg_temp_free_i64(tcg_resh);
134
+ }
135
+ clear_vec_high(s, is_q, rd);
136
}
137
138
/*
139
--
31
--
140
2.20.1
32
2.20.1
141
33
142
34
diff view generated by jsdifflib
1
The GEN_NEON_INTEGER_OP macro is no longer used; remove it.
1
The CCR is a register most of whose bits are banked between security
2
states but where BFHFNMIGN is not, and we keep it in the non-secure
3
entry of the v7m.ccr[] array. The logic which tries to handle this
4
bit fails to implement the "RAZ/WI from Nonsecure if AIRCR.BFHFNMINS
5
is zero" requirement; correct the omission.
2
6
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20201210201433.26262-2-peter.maydell@linaro.org
5
---
10
---
6
target/arm/translate.c | 23 -----------------------
11
hw/intc/armv7m_nvic.c | 15 +++++++++++++++
7
1 file changed, 23 deletions(-)
12
1 file changed, 15 insertions(+)
8
13
9
diff --git a/target/arm/translate.c b/target/arm/translate.c
14
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
10
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
11
--- a/target/arm/translate.c
16
--- a/hw/intc/armv7m_nvic.c
12
+++ b/target/arm/translate.c
17
+++ b/hw/intc/armv7m_nvic.c
13
@@ -XXX,XX +XXX,XX @@ static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
18
@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
14
default: return 1; \
19
*/
15
}} while (0)
20
val = cpu->env.v7m.ccr[attrs.secure];
16
21
val |= cpu->env.v7m.ccr[M_REG_NS] & R_V7M_CCR_BFHFNMIGN_MASK;
17
-#define GEN_NEON_INTEGER_OP(name) do { \
22
+ /* BFHFNMIGN is RAZ/WI from NS if AIRCR.BFHFNMINS is 0 */
18
- switch ((size << 1) | u) { \
23
+ if (!attrs.secure) {
19
- case 0: \
24
+ if (!(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
20
- gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
25
+ val &= ~R_V7M_CCR_BFHFNMIGN_MASK;
21
- break; \
26
+ }
22
- case 1: \
27
+ }
23
- gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
28
return val;
24
- break; \
29
case 0xd24: /* System Handler Control and State (SHCSR) */
25
- case 2: \
30
if (!arm_feature(&cpu->env, ARM_FEATURE_V7)) {
26
- gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
31
@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,
27
- break; \
32
(cpu->env.v7m.ccr[M_REG_NS] & ~R_V7M_CCR_BFHFNMIGN_MASK)
28
- case 3: \
33
| (value & R_V7M_CCR_BFHFNMIGN_MASK);
29
- gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
34
value &= ~R_V7M_CCR_BFHFNMIGN_MASK;
30
- break; \
35
+ } else {
31
- case 4: \
36
+ /*
32
- gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
37
+ * BFHFNMIGN is RAZ/WI from NS if AIRCR.BFHFNMINS is 0, so
33
- break; \
38
+ * preserve the state currently in the NS element of the array
34
- case 5: \
39
+ */
35
- gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
40
+ if (!(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) {
36
- break; \
41
+ value &= ~R_V7M_CCR_BFHFNMIGN_MASK;
37
- default: return 1; \
42
+ value |= cpu->env.v7m.ccr[M_REG_NS] & R_V7M_CCR_BFHFNMIGN_MASK;
38
- }} while (0)
43
+ }
39
-
44
}
40
static TCGv_i32 neon_load_scratch(int scratch)
45
41
{
46
cpu->env.v7m.ccr[attrs.secure] = value;
42
TCGv_i32 tmp = tcg_temp_new_i32();
43
--
47
--
44
2.20.1
48
2.20.1
45
49
46
50
diff view generated by jsdifflib
1
The Arm signal-handling code has some parts ifdeffed with a
1
In commit 64f863baeedc8659 we implemented the v8.1M FPCXT_S register,
2
TARGET_CONFIG_CPU_32, which is always defined. This is a leftover
2
but we got the write behaviour wrong. On read, this register reads
3
from when this code's structure was based on the Linux kernel
3
bits [27:0] of FPSCR plus the CONTROL.SFPA bit. On write, it doesn't
4
signal handling code, where it was intended to support 26-bit
4
just write back those bits -- it writes a value to the whole FPSCR,
5
Arm CPUs. The kernel dropped its CONFIG_CPU_32 in kernel commit
5
whose upper 4 bits are zeroes.
6
4da8b8208eded0ba21e3 in 2009.
7
6
8
QEMU has never had 26-bit CPU support and is unlikely to ever
7
We also incorrectly implemented the write-to-FPSCR as a simple store
9
add it; we certainly aren't going to support 26-bit Linux
8
to vfp.xregs; this skips the "update the softfloat flags" part of
10
binaries via linux-user mode. The ifdef is just unhelpful
9
the vfp_set_fpscr helper so the value would read back correctly but
11
noise, so remove it entirely.
10
not actually take effect.
11
12
Fix both of these things by doing a complete write to the FPSCR
13
using the helper function.
12
14
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
15
Message-id: 20200518143014.20689-1-peter.maydell@linaro.org
17
Message-id: 20201210201433.26262-3-peter.maydell@linaro.org
16
---
18
---
17
linux-user/arm/signal.c | 6 ------
19
target/arm/translate-vfp.c.inc | 12 ++++++------
18
1 file changed, 6 deletions(-)
20
1 file changed, 6 insertions(+), 6 deletions(-)
19
21
20
diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c
22
diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
21
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
22
--- a/linux-user/arm/signal.c
24
--- a/target/arm/translate-vfp.c.inc
23
+++ b/linux-user/arm/signal.c
25
+++ b/target/arm/translate-vfp.c.inc
24
@@ -XXX,XX +XXX,XX @@ struct rt_sigframe_v2
26
@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,
25
abi_ulong retcode[4];
27
}
26
};
28
case ARM_VFP_FPCXT_S:
27
29
{
28
-#define TARGET_CONFIG_CPU_32 1
30
- TCGv_i32 sfpa, control, fpscr;
29
-
31
- /* Set FPSCR[27:0] and CONTROL.SFPA from value */
30
/*
32
+ TCGv_i32 sfpa, control;
31
* For ARM syscalls, we encode the syscall number into the instruction.
33
+ /*
32
*/
34
+ * Set FPSCR and CONTROL.SFPA from value; the new FPSCR takes
33
@@ -XXX,XX +XXX,XX @@ setup_sigcontext(struct target_sigcontext *sc, /*struct _fpstate *fpstate,*/
35
+ * bits [27:0] from value and zeroes bits [31:28].
34
__put_user(env->regs[13], &sc->arm_sp);
36
+ */
35
__put_user(env->regs[14], &sc->arm_lr);
37
tmp = loadfn(s, opaque);
36
__put_user(env->regs[15], &sc->arm_pc);
38
sfpa = tcg_temp_new_i32();
37
-#ifdef TARGET_CONFIG_CPU_32
39
tcg_gen_shri_i32(sfpa, tmp, 31);
38
__put_user(cpsr_read(env), &sc->arm_cpsr);
40
@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,
39
-#endif
41
tcg_gen_deposit_i32(control, control, sfpa,
40
42
R_V7M_CONTROL_SFPA_SHIFT, 1);
41
__put_user(/* current->thread.trap_no */ 0, &sc->trap_no);
43
store_cpu_field(control, v7m.control[M_REG_S]);
42
__put_user(/* current->thread.error_code */ 0, &sc->error_code);
44
- fpscr = load_cpu_field(vfp.xregs[ARM_VFP_FPSCR]);
43
@@ -XXX,XX +XXX,XX @@ restore_sigcontext(CPUARMState *env, struct target_sigcontext *sc)
45
- tcg_gen_andi_i32(fpscr, fpscr, FPCR_NZCV_MASK);
44
__get_user(env->regs[13], &sc->arm_sp);
46
tcg_gen_andi_i32(tmp, tmp, ~FPCR_NZCV_MASK);
45
__get_user(env->regs[14], &sc->arm_lr);
47
- tcg_gen_or_i32(fpscr, fpscr, tmp);
46
__get_user(env->regs[15], &sc->arm_pc);
48
- store_cpu_field(fpscr, vfp.xregs[ARM_VFP_FPSCR]);
47
-#ifdef TARGET_CONFIG_CPU_32
49
+ gen_helper_vfp_set_fpscr(cpu_env, tmp);
48
__get_user(cpsr, &sc->arm_cpsr);
50
tcg_temp_free_i32(tmp);
49
cpsr_write(env, cpsr, CPSR_USER | CPSR_EXEC, CPSRWriteByInstr);
51
tcg_temp_free_i32(sfpa);
50
arm_rebuild_hflags(env);
52
break;
51
-#endif
52
53
err |= !valid_user_regs(env);
54
55
--
53
--
56
2.20.1
54
2.20.1
57
55
58
56
diff view generated by jsdifflib
1
Add 'Arm' to the Integrator/CP document title, for consistency with
1
Implement the v8.1M FPCXT_NS floating-point system register. This is
2
the titling of the other documentation of Arm devboard models
2
a little more complicated than FPCXT_S, because it has specific
3
(versatile, realview).
3
handling for "current FP state is inactive", and it only wants to do
4
PreserveFPState(), not the full set of actions done by
5
ExecuteFPCheck() which vfp_access_check() implements.
4
6
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
9
Message-id: 20201210201433.26262-4-peter.maydell@linaro.org
8
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
9
Message-id: 20200507151819.28444-2-peter.maydell@linaro.org
10
---
10
---
11
docs/system/arm/integratorcp.rst | 4 ++--
11
target/arm/translate-vfp.c.inc | 102 ++++++++++++++++++++++++++++++++-
12
1 file changed, 2 insertions(+), 2 deletions(-)
12
1 file changed, 99 insertions(+), 3 deletions(-)
13
13
14
diff --git a/docs/system/arm/integratorcp.rst b/docs/system/arm/integratorcp.rst
14
diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
15
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
16
--- a/docs/system/arm/integratorcp.rst
16
--- a/target/arm/translate-vfp.c.inc
17
+++ b/docs/system/arm/integratorcp.rst
17
+++ b/target/arm/translate-vfp.c.inc
18
@@ -XXX,XX +XXX,XX @@
18
@@ -XXX,XX +XXX,XX @@ static FPSysRegCheckResult fp_sysreg_checks(DisasContext *s, int regno)
19
-Integrator/CP (``integratorcp``)
19
}
20
-================================
20
break;
21
+Arm Integrator/CP (``integratorcp``)
21
case ARM_VFP_FPCXT_S:
22
+====================================
22
+ case ARM_VFP_FPCXT_NS:
23
23
if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) {
24
The Arm Integrator/CP board is emulated with the following devices:
24
return false;
25
}
26
@@ -XXX,XX +XXX,XX @@ static FPSysRegCheckResult fp_sysreg_checks(DisasContext *s, int regno)
27
return FPSysRegCheckFailed;
28
}
29
30
- if (!vfp_access_check(s)) {
31
+ /*
32
+ * FPCXT_NS is a special case: it has specific handling for
33
+ * "current FP state is inactive", and must do the PreserveFPState()
34
+ * but not the usual full set of actions done by ExecuteFPCheck().
35
+ * So we don't call vfp_access_check() and the callers must handle this.
36
+ */
37
+ if (regno != ARM_VFP_FPCXT_NS && !vfp_access_check(s)) {
38
return FPSysRegCheckDone;
39
}
40
-
41
return FPSysRegCheckContinue;
42
}
43
44
+static void gen_branch_fpInactive(DisasContext *s, TCGCond cond,
45
+ TCGLabel *label)
46
+{
47
+ /*
48
+ * FPCXT_NS is a special case: it has specific handling for
49
+ * "current FP state is inactive", and must do the PreserveFPState()
50
+ * but not the usual full set of actions done by ExecuteFPCheck().
51
+ * We don't have a TB flag that matches the fpInactive check, so we
52
+ * do it at runtime as we don't expect FPCXT_NS accesses to be frequent.
53
+ *
54
+ * Emit code that checks fpInactive and does a conditional
55
+ * branch to label based on it:
56
+ * if cond is TCG_COND_NE then branch if fpInactive != 0 (ie if inactive)
57
+ * if cond is TCG_COND_EQ then branch if fpInactive == 0 (ie if active)
58
+ */
59
+ assert(cond == TCG_COND_EQ || cond == TCG_COND_NE);
60
+
61
+ /* fpInactive = FPCCR_NS.ASPEN == 1 && CONTROL.FPCA == 0 */
62
+ TCGv_i32 aspen, fpca;
63
+ aspen = load_cpu_field(v7m.fpccr[M_REG_NS]);
64
+ fpca = load_cpu_field(v7m.control[M_REG_S]);
65
+ tcg_gen_andi_i32(aspen, aspen, R_V7M_FPCCR_ASPEN_MASK);
66
+ tcg_gen_xori_i32(aspen, aspen, R_V7M_FPCCR_ASPEN_MASK);
67
+ tcg_gen_andi_i32(fpca, fpca, R_V7M_CONTROL_FPCA_MASK);
68
+ tcg_gen_or_i32(fpca, fpca, aspen);
69
+ tcg_gen_brcondi_i32(tcg_invert_cond(cond), fpca, 0, label);
70
+ tcg_temp_free_i32(aspen);
71
+ tcg_temp_free_i32(fpca);
72
+}
73
+
74
static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,
75
76
fp_sysreg_loadfn *loadfn,
77
@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,
78
{
79
/* Do a write to an M-profile floating point system register */
80
TCGv_i32 tmp;
81
+ TCGLabel *lab_end = NULL;
82
83
switch (fp_sysreg_checks(s, regno)) {
84
case FPSysRegCheckFailed:
85
@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,
86
tcg_temp_free_i32(tmp);
87
break;
88
}
89
+ case ARM_VFP_FPCXT_NS:
90
+ lab_end = gen_new_label();
91
+ /* fpInactive case: write is a NOP, so branch to end */
92
+ gen_branch_fpInactive(s, TCG_COND_NE, lab_end);
93
+ /* !fpInactive: PreserveFPState(), and reads same as FPCXT_S */
94
+ gen_preserve_fp_state(s);
95
+ /* fall through */
96
case ARM_VFP_FPCXT_S:
97
{
98
TCGv_i32 sfpa, control;
99
@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,
100
default:
101
g_assert_not_reached();
102
}
103
+ if (lab_end) {
104
+ gen_set_label(lab_end);
105
+ }
106
return true;
107
}
108
109
@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_read(DisasContext *s, int regno,
110
{
111
/* Do a read from an M-profile floating point system register */
112
TCGv_i32 tmp;
113
+ TCGLabel *lab_end = NULL;
114
+ bool lookup_tb = false;
115
116
switch (fp_sysreg_checks(s, regno)) {
117
case FPSysRegCheckFailed:
118
@@ -XXX,XX +XXX,XX @@ static bool gen_M_fp_sysreg_read(DisasContext *s, int regno,
119
fpscr = load_cpu_field(v7m.fpdscr[M_REG_NS]);
120
gen_helper_vfp_set_fpscr(cpu_env, fpscr);
121
tcg_temp_free_i32(fpscr);
122
- gen_lookup_tb(s);
123
+ lookup_tb = true;
124
+ break;
125
+ }
126
+ case ARM_VFP_FPCXT_NS:
127
+ {
128
+ TCGv_i32 control, sfpa, fpscr, fpdscr, zero;
129
+ TCGLabel *lab_active = gen_new_label();
130
+
131
+ lookup_tb = true;
132
+
133
+ gen_branch_fpInactive(s, TCG_COND_EQ, lab_active);
134
+ /* fpInactive case: reads as FPDSCR_NS */
135
+ TCGv_i32 tmp = load_cpu_field(v7m.fpdscr[M_REG_NS]);
136
+ storefn(s, opaque, tmp);
137
+ lab_end = gen_new_label();
138
+ tcg_gen_br(lab_end);
139
+
140
+ gen_set_label(lab_active);
141
+ /* !fpInactive: Reads the same as FPCXT_S, but side effects differ */
142
+ gen_preserve_fp_state(s);
143
+ tmp = tcg_temp_new_i32();
144
+ sfpa = tcg_temp_new_i32();
145
+ fpscr = tcg_temp_new_i32();
146
+ gen_helper_vfp_get_fpscr(fpscr, cpu_env);
147
+ tcg_gen_andi_i32(tmp, fpscr, ~FPCR_NZCV_MASK);
148
+ control = load_cpu_field(v7m.control[M_REG_S]);
149
+ tcg_gen_andi_i32(sfpa, control, R_V7M_CONTROL_SFPA_MASK);
150
+ tcg_gen_shli_i32(sfpa, sfpa, 31 - R_V7M_CONTROL_SFPA_SHIFT);
151
+ tcg_gen_or_i32(tmp, tmp, sfpa);
152
+ tcg_temp_free_i32(control);
153
+ /* Store result before updating FPSCR, in case it faults */
154
+ storefn(s, opaque, tmp);
155
+ /* If SFPA is zero then set FPSCR from FPDSCR_NS */
156
+ fpdscr = load_cpu_field(v7m.fpdscr[M_REG_NS]);
157
+ zero = tcg_const_i32(0);
158
+ tcg_gen_movcond_i32(TCG_COND_EQ, fpscr, sfpa, zero, fpdscr, fpscr);
159
+ gen_helper_vfp_set_fpscr(cpu_env, fpscr);
160
+ tcg_temp_free_i32(zero);
161
+ tcg_temp_free_i32(sfpa);
162
+ tcg_temp_free_i32(fpdscr);
163
+ tcg_temp_free_i32(fpscr);
164
break;
165
}
166
default:
167
g_assert_not_reached();
168
}
169
+
170
+ if (lab_end) {
171
+ gen_set_label(lab_end);
172
+ }
173
+ if (lookup_tb) {
174
+ gen_lookup_tb(s);
175
+ }
176
return true;
177
}
25
178
26
--
179
--
27
2.20.1
180
2.20.1
28
181
29
182
diff view generated by jsdifflib
1
Using the MSR instruction to write to CPSR.E is deprecated, but it is
1
Now that we have implemented all the features needed by the v8.1M
2
required to work from any mode including unprivileged code. We were
2
architecture, we can add the model of the Cortex-M55. This is the
3
incorrectly forbidding usermode code from writing it because
3
configuration without MVE support; we'll add MVE later.
4
CPSR_USER did not include the CPSR_E bit.
5
6
We use CPSR_USER in only three places:
7
* as the mask of what to allow userspace MSR to write to CPSR
8
* when deciding what bits a linux-user signal-return should be
9
able to write from the sigcontext structure
10
* in target_user_copy_regs() when we set up the initial
11
registers for the linux-user process
12
13
In the first two cases not being able to update CPSR.E is a bug, and
14
in the third case it doesn't matter because CPSR.E is always 0 there.
15
So we can fix both bugs by adding CPSR_E to CPSR_USER.
16
17
Because the cpsr_write() in restore_sigcontext() is now changing
18
a CPSR bit which is cached in hflags, we need to add an
19
arm_rebuild_hflags() call there; the callsite in
20
target_user_copy_regs() was already rebuilding hflags for other
21
reasons.
22
23
(The recommended way to change CPSR.E is to use the 'SETEND'
24
instruction, which we do correctly allow from usermode code.)
25
4
26
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
27
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
28
Message-id: 20200518142801.20503-1-peter.maydell@linaro.org
7
Message-id: 20201210201433.26262-5-peter.maydell@linaro.org
29
---
8
---
30
target/arm/cpu.h | 2 +-
9
target/arm/cpu_tcg.c | 42 ++++++++++++++++++++++++++++++++++++++++++
31
linux-user/arm/signal.c | 1 +
10
1 file changed, 42 insertions(+)
32
2 files changed, 2 insertions(+), 1 deletion(-)
33
11
34
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
12
diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
35
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
36
--- a/target/arm/cpu.h
14
--- a/target/arm/cpu_tcg.c
37
+++ b/target/arm/cpu.h
15
+++ b/target/arm/cpu_tcg.c
38
@@ -XXX,XX +XXX,XX @@ void pmu_init(ARMCPU *cpu);
16
@@ -XXX,XX +XXX,XX @@ static void cortex_m33_initfn(Object *obj)
39
#define CACHED_CPSR_BITS (CPSR_T | CPSR_AIF | CPSR_GE | CPSR_IT | CPSR_Q \
17
cpu->ctr = 0x8000c000;
40
| CPSR_NZCV)
18
}
41
/* Bits writable in user mode. */
19
42
-#define CPSR_USER (CPSR_NZCV | CPSR_Q | CPSR_GE)
20
+static void cortex_m55_initfn(Object *obj)
43
+#define CPSR_USER (CPSR_NZCV | CPSR_Q | CPSR_GE | CPSR_E)
21
+{
44
/* Execution state bits. MRS read as zero, MSR writes ignored. */
22
+ ARMCPU *cpu = ARM_CPU(obj);
45
#define CPSR_EXEC (CPSR_T | CPSR_IT | CPSR_J | CPSR_IL)
23
+
46
24
+ set_feature(&cpu->env, ARM_FEATURE_V8);
47
diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c
25
+ set_feature(&cpu->env, ARM_FEATURE_V8_1M);
48
index XXXXXXX..XXXXXXX 100644
26
+ set_feature(&cpu->env, ARM_FEATURE_M);
49
--- a/linux-user/arm/signal.c
27
+ set_feature(&cpu->env, ARM_FEATURE_M_MAIN);
50
+++ b/linux-user/arm/signal.c
28
+ set_feature(&cpu->env, ARM_FEATURE_M_SECURITY);
51
@@ -XXX,XX +XXX,XX @@ restore_sigcontext(CPUARMState *env, struct target_sigcontext *sc)
29
+ set_feature(&cpu->env, ARM_FEATURE_THUMB_DSP);
52
#ifdef TARGET_CONFIG_CPU_32
30
+ cpu->midr = 0x410fd221; /* r0p1 */
53
__get_user(cpsr, &sc->arm_cpsr);
31
+ cpu->revidr = 0;
54
cpsr_write(env, cpsr, CPSR_USER | CPSR_EXEC, CPSRWriteByInstr);
32
+ cpu->pmsav7_dregion = 16;
55
+ arm_rebuild_hflags(env);
33
+ cpu->sau_sregion = 8;
56
#endif
34
+ /*
57
35
+ * These are the MVFR* values for the FPU, no MVE configuration;
58
err |= !valid_user_regs(env);
36
+ * we will update them later when we implement MVE
37
+ */
38
+ cpu->isar.mvfr0 = 0x10110221;
39
+ cpu->isar.mvfr1 = 0x12100011;
40
+ cpu->isar.mvfr2 = 0x00000040;
41
+ cpu->isar.id_pfr0 = 0x20000030;
42
+ cpu->isar.id_pfr1 = 0x00000230;
43
+ cpu->isar.id_dfr0 = 0x10200000;
44
+ cpu->id_afr0 = 0x00000000;
45
+ cpu->isar.id_mmfr0 = 0x00111040;
46
+ cpu->isar.id_mmfr1 = 0x00000000;
47
+ cpu->isar.id_mmfr2 = 0x01000000;
48
+ cpu->isar.id_mmfr3 = 0x00000011;
49
+ cpu->isar.id_isar0 = 0x01103110;
50
+ cpu->isar.id_isar1 = 0x02212000;
51
+ cpu->isar.id_isar2 = 0x20232232;
52
+ cpu->isar.id_isar3 = 0x01111131;
53
+ cpu->isar.id_isar4 = 0x01310132;
54
+ cpu->isar.id_isar5 = 0x00000000;
55
+ cpu->isar.id_isar6 = 0x00000000;
56
+ cpu->clidr = 0x00000000; /* caches not implemented */
57
+ cpu->ctr = 0x8303c003;
58
+}
59
+
60
static const ARMCPRegInfo cortexr5_cp_reginfo[] = {
61
/* Dummy the TCM region regs for the moment */
62
{ .name = "ATCM", .cp = 15, .opc1 = 0, .crn = 9, .crm = 1, .opc2 = 0,
63
@@ -XXX,XX +XXX,XX @@ static const ARMCPUInfo arm_tcg_cpus[] = {
64
.class_init = arm_v7m_class_init },
65
{ .name = "cortex-m33", .initfn = cortex_m33_initfn,
66
.class_init = arm_v7m_class_init },
67
+ { .name = "cortex-m55", .initfn = cortex_m55_initfn,
68
+ .class_init = arm_v7m_class_init },
69
{ .name = "cortex-r5", .initfn = cortex_r5_initfn },
70
{ .name = "cortex-r5f", .initfn = cortex_r5f_initfn },
71
{ .name = "ti925t", .initfn = ti925t_initfn },
59
--
72
--
60
2.20.1
73
2.20.1
61
74
62
75
diff view generated by jsdifflib
1
From: Amanieu d'Antras <amanieu@gmail.com>
1
Support for running KVM on 32-bit Arm hosts was removed in commit
2
82bf7ae84ce739e. You can still run a 32-bit guest on a 64-bit Arm
3
host CPU, but because Arm KVM requires the host and guest CPU types
4
to match, it is not possible to run a guest that requires a Cortex-A9
5
or Cortex-A15 CPU there. That means that the code in the
6
highbank/midway board models to support KVM is no longer used, and we
7
can delete it.
2
8
3
This fixes signal handlers running with the wrong endianness if the
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
interrupted code used SETEND to dynamically switch endianness.
10
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
11
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
12
Message-id: 20201215144215.28482-1-peter.maydell@linaro.org
13
---
14
hw/arm/highbank.c | 14 ++++----------
15
1 file changed, 4 insertions(+), 10 deletions(-)
5
16
6
Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
17
diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Message-id: 20200511131117.2486486-1-amanieu@gmail.com
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
linux-user/arm/signal.c | 8 +++++++-
12
1 file changed, 7 insertions(+), 1 deletion(-)
13
14
diff --git a/linux-user/arm/signal.c b/linux-user/arm/signal.c
15
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
16
--- a/linux-user/arm/signal.c
19
--- a/hw/arm/highbank.c
17
+++ b/linux-user/arm/signal.c
20
+++ b/hw/arm/highbank.c
18
@@ -XXX,XX +XXX,XX @@ setup_return(CPUARMState *env, struct target_sigaction *ka,
21
@@ -XXX,XX +XXX,XX @@
19
} else {
22
#include "hw/arm/boot.h"
20
cpsr &= ~CPSR_T;
23
#include "hw/loader.h"
21
}
24
#include "net/net.h"
22
+ if (env->cp15.sctlr_el[1] & SCTLR_E0E) {
25
-#include "sysemu/kvm.h"
23
+ cpsr |= CPSR_E;
26
#include "sysemu/runstate.h"
24
+ } else {
27
#include "sysemu/sysemu.h"
25
+ cpsr &= ~CPSR_E;
28
#include "hw/boards.h"
26
+ }
29
@@ -XXX,XX +XXX,XX @@
27
30
#include "hw/cpu/a15mpcore.h"
28
if (ka->sa_flags & TARGET_SA_RESTORER) {
31
#include "qemu/log.h"
29
if (is_fdpic) {
32
#include "qom/object.h"
30
@@ -XXX,XX +XXX,XX @@ setup_return(CPUARMState *env, struct target_sigaction *ka,
33
+#include "cpu.h"
31
env->regs[13] = frame_addr;
34
32
env->regs[14] = retcode;
35
#define SMP_BOOT_ADDR 0x100
33
env->regs[15] = handler & (thumb ? ~1 : ~3);
36
#define SMP_BOOT_REG 0x40
34
- cpsr_write(env, cpsr, CPSR_IT | CPSR_T, CPSRWriteByInstr);
37
@@ -XXX,XX +XXX,XX @@ static void calxeda_init(MachineState *machine, enum cxmachines machine_id)
35
+ cpsr_write(env, cpsr, CPSR_IT | CPSR_T | CPSR_E, CPSRWriteByInstr);
38
highbank_binfo.loader_start = 0;
36
+ arm_rebuild_hflags(env);
39
highbank_binfo.write_secondary_boot = hb_write_secondary;
37
40
highbank_binfo.secondary_cpu_reset_hook = hb_reset_secondary;
38
return 0;
41
- if (!kvm_enabled()) {
42
- highbank_binfo.board_setup_addr = BOARD_SETUP_ADDR;
43
- highbank_binfo.write_board_setup = hb_write_board_setup;
44
- highbank_binfo.secure_board_setup = true;
45
- } else {
46
- warn_report("cannot load built-in Monitor support "
47
- "if KVM is enabled. Some guests (such as Linux) "
48
- "may not boot.");
49
- }
50
+ highbank_binfo.board_setup_addr = BOARD_SETUP_ADDR;
51
+ highbank_binfo.write_board_setup = hb_write_board_setup;
52
+ highbank_binfo.secure_board_setup = true;
53
54
arm_load_kernel(ARM_CPU(first_cpu), machine, &highbank_binfo);
39
}
55
}
40
--
56
--
41
2.20.1
57
2.20.1
42
58
43
59
diff view generated by jsdifflib
1
Provide a minimal documentation of the Musca boards.
1
Currently timer_free() is a simple wrapper for g_free(). This means
2
that the timer being freed must not be currently active, as otherwise
3
QEMU might crash later when the active list is processed and still
4
has a pointer to freed memory on it. As a result almost all calls to
5
timer_free() are preceded by a timer_del() call, as can be seen in
6
the output of
7
git grep -B1 '\<timer_free\>'
8
9
This is unfortunate API design as it makes it easy to accidentally
10
misuse (by forgetting the timer_del()), and the correct use is
11
annoyingly verbose.
12
13
Make timer_free() imply a timer_del().
2
14
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
16
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
17
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
18
Message-id: 20201215154107.3255-2-peter.maydell@linaro.org
7
Message-id: 20200507151819.28444-6-peter.maydell@linaro.org
8
---
19
---
9
docs/system/arm/musca.rst | 31 +++++++++++++++++++++++++++++++
20
include/qemu/timer.h | 24 +++++++++++++-----------
10
docs/system/target-arm.rst | 1 +
21
1 file changed, 13 insertions(+), 11 deletions(-)
11
MAINTAINERS | 1 +
12
3 files changed, 33 insertions(+)
13
create mode 100644 docs/system/arm/musca.rst
14
22
15
diff --git a/docs/system/arm/musca.rst b/docs/system/arm/musca.rst
23
diff --git a/include/qemu/timer.h b/include/qemu/timer.h
16
new file mode 100644
24
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX
25
--- a/include/qemu/timer.h
18
--- /dev/null
26
+++ b/include/qemu/timer.h
19
+++ b/docs/system/arm/musca.rst
27
@@ -XXX,XX +XXX,XX @@ static inline QEMUTimer *timer_new_ms(QEMUClockType type, QEMUTimerCB *cb,
20
@@ -XXX,XX +XXX,XX @@
28
*/
21
+Arm Musca boards (``musca-a``, ``musca-b1``)
29
void timer_deinit(QEMUTimer *ts);
22
+============================================
30
31
-/**
32
- * timer_free:
33
- * @ts: the timer
34
- *
35
- * Free a timer (it must not be on the active list)
36
- */
37
-static inline void timer_free(QEMUTimer *ts)
38
-{
39
- g_free(ts);
40
-}
41
-
42
/**
43
* timer_del:
44
* @ts: the timer
45
@@ -XXX,XX +XXX,XX @@ static inline void timer_free(QEMUTimer *ts)
46
*/
47
void timer_del(QEMUTimer *ts);
48
49
+/**
50
+ * timer_free:
51
+ * @ts: the timer
52
+ *
53
+ * Free a timer. This will call timer_del() for you to remove
54
+ * the timer from the active list if it was still active.
55
+ */
56
+static inline void timer_free(QEMUTimer *ts)
57
+{
58
+ timer_del(ts);
59
+ g_free(ts);
60
+}
23
+
61
+
24
+The Arm Musca development boards are a reference implementation
62
/**
25
+of a system using the SSE-200 Subsystem for Embedded. They are
63
* timer_mod_ns:
26
+dual Cortex-M33 systems.
64
* @ts: the timer
27
+
28
+QEMU provides models of the A and B1 variants of this board.
29
+
30
+Unimplemented devices:
31
+
32
+- SPI
33
+- |I2C|
34
+- |I2S|
35
+- PWM
36
+- QSPI
37
+- Timer
38
+- SCC
39
+- GPIO
40
+- eFlash
41
+- MHU
42
+- PVT
43
+- SDIO
44
+- CryptoCell
45
+
46
+Note that (like the real hardware) the Musca-A machine is
47
+asymmetric: CPU 0 does not have the FPU or DSP extensions,
48
+but CPU 1 does. Also like the real hardware, the memory maps
49
+for the A and B1 variants differ significantly, so guest
50
+software must be built for the right variant.
51
+
52
diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst
53
index XXXXXXX..XXXXXXX 100644
54
--- a/docs/system/target-arm.rst
55
+++ b/docs/system/target-arm.rst
56
@@ -XXX,XX +XXX,XX @@ undocumented; you can get a complete list by running
57
58
arm/integratorcp
59
arm/mps2
60
+ arm/musca
61
arm/realview
62
arm/versatile
63
arm/vexpress
64
diff --git a/MAINTAINERS b/MAINTAINERS
65
index XXXXXXX..XXXXXXX 100644
66
--- a/MAINTAINERS
67
+++ b/MAINTAINERS
68
@@ -XXX,XX +XXX,XX @@ M: Peter Maydell <peter.maydell@linaro.org>
69
L: qemu-arm@nongnu.org
70
S: Maintained
71
F: hw/arm/musca.c
72
+F: docs/system/arm/musca.rst
73
74
Musicpal
75
M: Jan Kiszka <jan.kiszka@web.de>
76
--
65
--
77
2.20.1
66
2.20.1
78
67
79
68
diff view generated by jsdifflib
1
Provide a minimal documentation of the Versatile Express boards
1
Now that timer_free() implicitly calls timer_del(), sequences
2
(vexpress-a9, vexpress-a15).
2
timer_del(mytimer);
3
timer_free(mytimer);
4
5
can be simplified to just
6
timer_free(mytimer);
7
8
Add a Coccinelle script to do this transformation.
3
9
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
5
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
12
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
13
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
14
Message-id: 20201215154107.3255-3-peter.maydell@linaro.org
8
Message-id: 20200507151819.28444-4-peter.maydell@linaro.org
9
---
15
---
10
docs/system/arm/vexpress.rst | 60 ++++++++++++++++++++++++++++++++++++
16
scripts/coccinelle/timer-del-timer-free.cocci | 18 ++++++++++++++++++
11
docs/system/target-arm.rst | 1 +
17
1 file changed, 18 insertions(+)
12
MAINTAINERS | 1 +
18
create mode 100644 scripts/coccinelle/timer-del-timer-free.cocci
13
3 files changed, 62 insertions(+)
14
create mode 100644 docs/system/arm/vexpress.rst
15
19
16
diff --git a/docs/system/arm/vexpress.rst b/docs/system/arm/vexpress.rst
20
diff --git a/scripts/coccinelle/timer-del-timer-free.cocci b/scripts/coccinelle/timer-del-timer-free.cocci
17
new file mode 100644
21
new file mode 100644
18
index XXXXXXX..XXXXXXX
22
index XXXXXXX..XXXXXXX
19
--- /dev/null
23
--- /dev/null
20
+++ b/docs/system/arm/vexpress.rst
24
+++ b/scripts/coccinelle/timer-del-timer-free.cocci
21
@@ -XXX,XX +XXX,XX @@
25
@@ -XXX,XX +XXX,XX @@
22
+Arm Versatile Express boards (``vexpress-a9``, ``vexpress-a15``)
26
+// Remove superfluous timer_del() calls
23
+================================================================
27
+//
28
+// Copyright Linaro Limited 2020
29
+// This work is licensed under the terms of the GNU GPLv2 or later.
30
+//
31
+// spatch --macro-file scripts/cocci-macro-file.h \
32
+// --sp-file scripts/coccinelle/timer-del-timer-free.cocci \
33
+// --in-place --dir .
34
+//
35
+// The timer_free() function now implicitly calls timer_del()
36
+// for you, so calls to timer_del() immediately before the
37
+// timer_free() of the same timer can be deleted.
24
+
38
+
25
+QEMU models two variants of the Arm Versatile Express development
39
+@@
26
+board family:
40
+expression T;
27
+
41
+@@
28
+- ``vexpress-a9`` models the combination of the Versatile Express
42
+-timer_del(T);
29
+ motherboard and the CoreTile Express A9x4 daughterboard
43
+ timer_free(T);
30
+- ``vexpress-a15`` models the combination of the Versatile Express
31
+ motherboard and the CoreTile Express A15x2 daughterboard
32
+
33
+Note that as this hardware does not have PCI, IDE or SCSI,
34
+the only available storage option is emulated SD card.
35
+
36
+Implemented devices:
37
+
38
+- PL041 audio
39
+- PL181 SD controller
40
+- PL050 keyboard and mouse
41
+- PL011 UARTs
42
+- SP804 timers
43
+- I2C controller
44
+- PL031 RTC
45
+- PL111 LCD display controller
46
+- Flash memory
47
+- LAN9118 ethernet
48
+
49
+Unimplemented devices:
50
+
51
+- SP810 system control block
52
+- PCI-express
53
+- USB controller (Philips ISP1761)
54
+- Local DAP ROM
55
+- CoreSight interfaces
56
+- PL301 AXI interconnect
57
+- SCC
58
+- System counter
59
+- HDLCD controller (``vexpress-a15``)
60
+- SP805 watchdog
61
+- PL341 dynamic memory controller
62
+- DMA330 DMA controller
63
+- PL354 static memory controller
64
+- BP147 TrustZone Protection Controller
65
+- TrustZone Address Space Controller
66
+
67
+Other differences between the hardware and the QEMU model:
68
+
69
+- QEMU will default to creating one CPU unless you pass a different
70
+ ``-smp`` argument
71
+- QEMU allows the amount of RAM provided to be specified with the
72
+ ``-m`` argument
73
+- QEMU defaults to providing a CPU which does not provide either
74
+ TrustZone or the Virtualization Extensions: if you want these you
75
+ must enable them with ``-machine secure=on`` and ``-machine
76
+ virtualization=on``
77
+- QEMU provides 4 virtio-mmio virtio transports; these start at
78
+ address ``0x10013000`` for ``vexpress-a9`` and at ``0x1c130000`` for
79
+ ``vexpress-a15``, and have IRQs from 40 upwards. If a dtb is
80
+ provided on the command line then QEMU will edit it to include
81
+ suitable entries describing these transports for the guest.
82
diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst
83
index XXXXXXX..XXXXXXX 100644
84
--- a/docs/system/target-arm.rst
85
+++ b/docs/system/target-arm.rst
86
@@ -XXX,XX +XXX,XX @@ undocumented; you can get a complete list by running
87
arm/integratorcp
88
arm/realview
89
arm/versatile
90
+ arm/vexpress
91
arm/musicpal
92
arm/nseries
93
arm/orangepi
94
diff --git a/MAINTAINERS b/MAINTAINERS
95
index XXXXXXX..XXXXXXX 100644
96
--- a/MAINTAINERS
97
+++ b/MAINTAINERS
98
@@ -XXX,XX +XXX,XX @@ M: Peter Maydell <peter.maydell@linaro.org>
99
L: qemu-arm@nongnu.org
100
S: Maintained
101
F: hw/arm/vexpress.c
102
+F: docs/system/arm/vexpress.rst
103
104
Versatile PB
105
M: Peter Maydell <peter.maydell@linaro.org>
106
--
44
--
107
2.20.1
45
2.20.1
108
46
109
47
diff view generated by jsdifflib
1
Our code to identify syscall numbers has some issues:
1
This commit is the result of running the timer-del-timer-free.cocci
2
* for Thumb mode, we never need the immediate value from the insn,
2
script on the whole source tree.
3
but we always read it anyway
4
* bad immediate values in the svc insn should cause a SIGILL, but we
5
were abort()ing instead (via "goto error")
6
7
We can fix both these things by refactoring the code that identifies
8
the syscall number to more closely follow the kernel COMPAT_OABI code:
9
* for Thumb it is always r7
10
* for Arm, if the immediate value is 0, then this is an EABI call
11
with the syscall number in r7
12
* otherwise, we XOR the immediate value with 0x900000
13
(ARM_SYSCALL_BASE for QEMU; __NR_OABI_SYSCALL_BASE in the kernel),
14
which converts valid syscall immediates into the desired value,
15
and puts all invalid immediates in the range 0x100000 or above
16
* then we can just let the existing "value too large, deliver
17
SIGILL" case handle invalid numbers, and drop the 'goto error'
18
3
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
5
Acked-by: Corey Minyard <cminyard@mvista.com>
21
Message-id: 20200420212206.12776-5-peter.maydell@linaro.org
6
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20201215154107.3255-4-peter.maydell@linaro.org
22
---
10
---
23
linux-user/arm/cpu_loop.c | 143 ++++++++++++++++++++------------------
11
block/iscsi.c | 2 --
24
1 file changed, 77 insertions(+), 66 deletions(-)
12
block/nbd.c | 1 -
13
block/qcow2.c | 1 -
14
hw/block/nvme.c | 2 --
15
hw/char/serial.c | 2 --
16
hw/char/virtio-serial-bus.c | 2 --
17
hw/ide/core.c | 1 -
18
hw/input/hid.c | 1 -
19
hw/intc/apic.c | 1 -
20
hw/intc/ioapic.c | 1 -
21
hw/ipmi/ipmi_bmc_extern.c | 1 -
22
hw/net/e1000.c | 3 ---
23
hw/net/e1000e_core.c | 8 --------
24
hw/net/pcnet-pci.c | 1 -
25
hw/net/rtl8139.c | 1 -
26
hw/net/spapr_llan.c | 1 -
27
hw/net/virtio-net.c | 2 --
28
hw/s390x/s390-pci-inst.c | 1 -
29
hw/sd/sd.c | 1 -
30
hw/sd/sdhci.c | 2 --
31
hw/usb/dev-hub.c | 1 -
32
hw/usb/hcd-ehci.c | 1 -
33
hw/usb/hcd-ohci-pci.c | 1 -
34
hw/usb/hcd-uhci.c | 1 -
35
hw/usb/hcd-xhci.c | 1 -
36
hw/usb/redirect.c | 1 -
37
hw/vfio/display.c | 1 -
38
hw/virtio/vhost-vsock-common.c | 1 -
39
hw/virtio/virtio-balloon.c | 1 -
40
hw/virtio/virtio-rng.c | 1 -
41
hw/watchdog/wdt_diag288.c | 1 -
42
hw/watchdog/wdt_i6300esb.c | 1 -
43
migration/colo.c | 1 -
44
monitor/hmp-cmds.c | 1 -
45
net/announce.c | 1 -
46
net/colo-compare.c | 1 -
47
net/slirp.c | 1 -
48
replay/replay-debugging.c | 1 -
49
target/s390x/cpu.c | 2 --
50
ui/console.c | 1 -
51
ui/spice-core.c | 1 -
52
util/throttle.c | 1 -
53
42 files changed, 58 deletions(-)
25
54
26
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
55
diff --git a/block/iscsi.c b/block/iscsi.c
27
index XXXXXXX..XXXXXXX 100644
56
index XXXXXXX..XXXXXXX 100644
28
--- a/linux-user/arm/cpu_loop.c
57
--- a/block/iscsi.c
29
+++ b/linux-user/arm/cpu_loop.c
58
+++ b/block/iscsi.c
30
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
59
@@ -XXX,XX +XXX,XX @@ static void iscsi_detach_aio_context(BlockDriverState *bs)
31
env->eabi = 1;
60
iscsilun->events = 0;
32
/* system call */
61
33
if (env->thumb) {
62
if (iscsilun->nop_timer) {
34
- /* FIXME - what to do if get_user() fails? */
63
- timer_del(iscsilun->nop_timer);
35
- get_user_code_u16(insn, env->regs[15] - 2, env);
64
timer_free(iscsilun->nop_timer);
36
- n = insn & 0xff;
65
iscsilun->nop_timer = NULL;
37
+ /* Thumb is always EABI style with syscall number in r7 */
66
}
38
+ n = env->regs[7];
67
if (iscsilun->event_timer) {
39
} else {
68
- timer_del(iscsilun->event_timer);
40
+ /*
69
timer_free(iscsilun->event_timer);
41
+ * Equivalent of kernel CONFIG_OABI_COMPAT: read the
70
iscsilun->event_timer = NULL;
42
+ * Arm SVC insn to extract the immediate, which is the
71
}
43
+ * syscall number in OABI.
72
diff --git a/block/nbd.c b/block/nbd.c
44
+ */
73
index XXXXXXX..XXXXXXX 100644
45
/* FIXME - what to do if get_user() fails? */
74
--- a/block/nbd.c
46
get_user_code_u32(insn, env->regs[15] - 4, env);
75
+++ b/block/nbd.c
47
n = insn & 0xffffff;
76
@@ -XXX,XX +XXX,XX @@ static void nbd_recv_coroutines_wake_all(BDRVNBDState *s)
48
- }
77
static void reconnect_delay_timer_del(BDRVNBDState *s)
49
-
78
{
50
- if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
79
if (s->reconnect_delay_timer) {
51
- /* linux syscall */
80
- timer_del(s->reconnect_delay_timer);
52
- if (env->thumb || n == 0) {
81
timer_free(s->reconnect_delay_timer);
53
+ if (n == 0) {
82
s->reconnect_delay_timer = NULL;
54
+ /* zero immediate: EABI, syscall number in r7 */
83
}
55
n = env->regs[7];
84
diff --git a/block/qcow2.c b/block/qcow2.c
56
} else {
85
index XXXXXXX..XXXXXXX 100644
57
- n -= ARM_SYSCALL_BASE;
86
--- a/block/qcow2.c
58
+ /*
87
+++ b/block/qcow2.c
59
+ * This XOR matches the kernel code: an immediate
88
@@ -XXX,XX +XXX,XX @@ static void cache_clean_timer_del(BlockDriverState *bs)
60
+ * in the valid range (0x900000 .. 0x9fffff) is
89
{
61
+ * converted into the correct EABI-style syscall
90
BDRVQcow2State *s = bs->opaque;
62
+ * number; invalid immediates end up as values
91
if (s->cache_clean_timer) {
63
+ * > 0xfffff and are handled below as out-of-range.
92
- timer_del(s->cache_clean_timer);
64
+ */
93
timer_free(s->cache_clean_timer);
65
+ n ^= ARM_SYSCALL_BASE;
94
s->cache_clean_timer = NULL;
66
env->eabi = 0;
95
}
67
}
96
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
68
- if ( n > ARM_NR_BASE) {
97
index XXXXXXX..XXXXXXX 100644
69
- switch (n) {
98
--- a/hw/block/nvme.c
70
- case ARM_NR_cacheflush:
99
+++ b/hw/block/nvme.c
71
- /* nop */
100
@@ -XXX,XX +XXX,XX @@ static uint16_t nvme_io_cmd(NvmeCtrl *n, NvmeRequest *req)
72
- break;
101
static void nvme_free_sq(NvmeSQueue *sq, NvmeCtrl *n)
73
- case ARM_NR_set_tls:
102
{
74
- cpu_set_tls(env, env->regs[0]);
103
n->sq[sq->sqid] = NULL;
75
- env->regs[0] = 0;
104
- timer_del(sq->timer);
76
- break;
105
timer_free(sq->timer);
77
- case ARM_NR_breakpoint:
106
g_free(sq->io_req);
78
- env->regs[15] -= env->thumb ? 2 : 4;
107
if (sq->sqid) {
79
- goto excp_debug;
108
@@ -XXX,XX +XXX,XX @@ static uint16_t nvme_get_log(NvmeCtrl *n, NvmeRequest *req)
80
- case ARM_NR_get_tls:
109
static void nvme_free_cq(NvmeCQueue *cq, NvmeCtrl *n)
81
- env->regs[0] = cpu_get_tls(env);
110
{
82
- break;
111
n->cq[cq->cqid] = NULL;
83
- default:
112
- timer_del(cq->timer);
84
- if (n < 0xf0800) {
113
timer_free(cq->timer);
85
- /*
114
msix_vector_unuse(&n->parent_obj, cq->vector);
86
- * Syscalls 0xf0000..0xf07ff (or 0x9f0000..
115
if (cq->cqid) {
87
- * 0x9f07ff in OABI numbering) are defined
116
diff --git a/hw/char/serial.c b/hw/char/serial.c
88
- * to return -ENOSYS rather than raising
117
index XXXXXXX..XXXXXXX 100644
89
- * SIGILL. Note that we have already
118
--- a/hw/char/serial.c
90
- * removed the 0x900000 prefix.
119
+++ b/hw/char/serial.c
91
- */
120
@@ -XXX,XX +XXX,XX @@ static void serial_unrealize(DeviceState *dev)
92
- qemu_log_mask(LOG_UNIMP,
121
93
- "qemu: Unsupported ARM syscall: 0x%x\n",
122
qemu_chr_fe_deinit(&s->chr, false);
94
- n);
123
95
- env->regs[0] = -TARGET_ENOSYS;
124
- timer_del(s->modem_status_poll);
96
+ }
125
timer_free(s->modem_status_poll);
97
+
126
98
+ if (n > ARM_NR_BASE) {
127
- timer_del(s->fifo_timeout_timer);
99
+ switch (n) {
128
timer_free(s->fifo_timeout_timer);
100
+ case ARM_NR_cacheflush:
129
101
+ /* nop */
130
fifo8_destroy(&s->recv_fifo);
102
+ break;
131
diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
103
+ case ARM_NR_set_tls:
132
index XXXXXXX..XXXXXXX 100644
104
+ cpu_set_tls(env, env->regs[0]);
133
--- a/hw/char/virtio-serial-bus.c
105
+ env->regs[0] = 0;
134
+++ b/hw/char/virtio-serial-bus.c
106
+ break;
135
@@ -XXX,XX +XXX,XX @@ static void virtio_serial_post_load_timer_cb(void *opaque)
107
+ case ARM_NR_breakpoint:
136
}
108
+ env->regs[15] -= env->thumb ? 2 : 4;
137
}
109
+ goto excp_debug;
138
g_free(s->post_load->connected);
110
+ case ARM_NR_get_tls:
139
- timer_del(s->post_load->timer);
111
+ env->regs[0] = cpu_get_tls(env);
140
timer_free(s->post_load->timer);
112
+ break;
141
g_free(s->post_load);
113
+ default:
142
s->post_load = NULL;
114
+ if (n < 0xf0800) {
143
@@ -XXX,XX +XXX,XX @@ static void virtio_serial_device_unrealize(DeviceState *dev)
115
+ /*
144
g_free(vser->ports_map);
116
+ * Syscalls 0xf0000..0xf07ff (or 0x9f0000..
145
if (vser->post_load) {
117
+ * 0x9f07ff in OABI numbering) are defined
146
g_free(vser->post_load->connected);
118
+ * to return -ENOSYS rather than raising
147
- timer_del(vser->post_load->timer);
119
+ * SIGILL. Note that we have already
148
timer_free(vser->post_load->timer);
120
+ * removed the 0x900000 prefix.
149
g_free(vser->post_load);
121
+ */
150
}
122
+ qemu_log_mask(LOG_UNIMP,
151
diff --git a/hw/ide/core.c b/hw/ide/core.c
123
+ "qemu: Unsupported ARM syscall: 0x%x\n",
152
index XXXXXXX..XXXXXXX 100644
124
+ n);
153
--- a/hw/ide/core.c
125
+ env->regs[0] = -TARGET_ENOSYS;
154
+++ b/hw/ide/core.c
126
+ } else {
155
@@ -XXX,XX +XXX,XX @@ void ide_init2(IDEBus *bus, qemu_irq irq)
127
+ /*
156
128
+ * Otherwise SIGILL. This includes any SWI with
157
void ide_exit(IDEState *s)
129
+ * immediate not originally 0x9fxxxx, because
158
{
130
+ * of the earlier XOR.
159
- timer_del(s->sector_write_timer);
131
+ */
160
timer_free(s->sector_write_timer);
132
+ info.si_signo = TARGET_SIGILL;
161
qemu_vfree(s->smart_selftest_data);
133
+ info.si_errno = 0;
162
qemu_vfree(s->io_buffer);
134
+ info.si_code = TARGET_ILL_ILLTRP;
163
diff --git a/hw/input/hid.c b/hw/input/hid.c
135
+ info._sifields._sigfault._addr = env->regs[15];
164
index XXXXXXX..XXXXXXX 100644
136
+ if (env->thumb) {
165
--- a/hw/input/hid.c
137
+ info._sifields._sigfault._addr -= 2;
166
+++ b/hw/input/hid.c
138
} else {
167
@@ -XXX,XX +XXX,XX @@ static void hid_idle_timer(void *opaque)
139
- /* Otherwise SIGILL */
168
static void hid_del_idle_timer(HIDState *hs)
140
- info.si_signo = TARGET_SIGILL;
169
{
141
- info.si_errno = 0;
170
if (hs->idle_timer) {
142
- info.si_code = TARGET_ILL_ILLTRP;
171
- timer_del(hs->idle_timer);
143
- info._sifields._sigfault._addr = env->regs[15];
172
timer_free(hs->idle_timer);
144
- if (env->thumb) {
173
hs->idle_timer = NULL;
145
- info._sifields._sigfault._addr -= 2;
174
}
146
- } else {
175
diff --git a/hw/intc/apic.c b/hw/intc/apic.c
147
- info._sifields._sigfault._addr -= 4;
176
index XXXXXXX..XXXXXXX 100644
148
- }
177
--- a/hw/intc/apic.c
149
- queue_signal(env, info.si_signo,
178
+++ b/hw/intc/apic.c
150
- QEMU_SI_FAULT, &info);
179
@@ -XXX,XX +XXX,XX @@ static void apic_unrealize(DeviceState *dev)
151
+ info._sifields._sigfault._addr -= 4;
180
{
152
}
181
APICCommonState *s = APIC(dev);
153
- break;
182
154
- }
183
- timer_del(s->timer);
155
- } else {
184
timer_free(s->timer);
156
- ret = do_syscall(env,
185
local_apics[s->id] = NULL;
157
- n,
186
}
158
- env->regs[0],
187
diff --git a/hw/intc/ioapic.c b/hw/intc/ioapic.c
159
- env->regs[1],
188
index XXXXXXX..XXXXXXX 100644
160
- env->regs[2],
189
--- a/hw/intc/ioapic.c
161
- env->regs[3],
190
+++ b/hw/intc/ioapic.c
162
- env->regs[4],
191
@@ -XXX,XX +XXX,XX @@ static void ioapic_unrealize(DeviceState *dev)
163
- env->regs[5],
192
{
164
- 0, 0);
193
IOAPICCommonState *s = IOAPIC_COMMON(dev);
165
- if (ret == -TARGET_ERESTARTSYS) {
194
166
- env->regs[15] -= env->thumb ? 2 : 4;
195
- timer_del(s->delayed_ioapic_service_timer);
167
- } else if (ret != -TARGET_QEMU_ESIGRETURN) {
196
timer_free(s->delayed_ioapic_service_timer);
168
- env->regs[0] = ret;
197
}
169
+ queue_signal(env, info.si_signo,
198
170
+ QEMU_SI_FAULT, &info);
199
diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c
171
}
200
index XXXXXXX..XXXXXXX 100644
172
+ break;
201
--- a/hw/ipmi/ipmi_bmc_extern.c
173
}
202
+++ b/hw/ipmi/ipmi_bmc_extern.c
174
} else {
203
@@ -XXX,XX +XXX,XX @@ static void ipmi_bmc_extern_finalize(Object *obj)
175
- goto error;
204
{
176
+ ret = do_syscall(env,
205
IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj);
177
+ n,
206
178
+ env->regs[0],
207
- timer_del(ibe->extern_timer);
179
+ env->regs[1],
208
timer_free(ibe->extern_timer);
180
+ env->regs[2],
209
}
181
+ env->regs[3],
210
182
+ env->regs[4],
211
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
183
+ env->regs[5],
212
index XXXXXXX..XXXXXXX 100644
184
+ 0, 0);
213
--- a/hw/net/e1000.c
185
+ if (ret == -TARGET_ERESTARTSYS) {
214
+++ b/hw/net/e1000.c
186
+ env->regs[15] -= env->thumb ? 2 : 4;
215
@@ -XXX,XX +XXX,XX @@ pci_e1000_uninit(PCIDevice *dev)
187
+ } else if (ret != -TARGET_QEMU_ESIGRETURN) {
216
{
188
+ env->regs[0] = ret;
217
E1000State *d = E1000(dev);
189
+ }
218
190
}
219
- timer_del(d->autoneg_timer);
191
}
220
timer_free(d->autoneg_timer);
192
break;
221
- timer_del(d->mit_timer);
222
timer_free(d->mit_timer);
223
- timer_del(d->flush_queue_timer);
224
timer_free(d->flush_queue_timer);
225
qemu_del_nic(d->nic);
226
}
227
diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
228
index XXXXXXX..XXXXXXX 100644
229
--- a/hw/net/e1000e_core.c
230
+++ b/hw/net/e1000e_core.c
231
@@ -XXX,XX +XXX,XX @@ e1000e_intrmgr_pci_unint(E1000ECore *core)
232
{
233
int i;
234
235
- timer_del(core->radv.timer);
236
timer_free(core->radv.timer);
237
- timer_del(core->rdtr.timer);
238
timer_free(core->rdtr.timer);
239
- timer_del(core->raid.timer);
240
timer_free(core->raid.timer);
241
242
- timer_del(core->tadv.timer);
243
timer_free(core->tadv.timer);
244
- timer_del(core->tidv.timer);
245
timer_free(core->tidv.timer);
246
247
- timer_del(core->itr.timer);
248
timer_free(core->itr.timer);
249
250
for (i = 0; i < E1000E_MSIX_VEC_NUM; i++) {
251
- timer_del(core->eitr[i].timer);
252
timer_free(core->eitr[i].timer);
253
}
254
}
255
@@ -XXX,XX +XXX,XX @@ e1000e_core_pci_uninit(E1000ECore *core)
256
{
257
int i;
258
259
- timer_del(core->autoneg_timer);
260
timer_free(core->autoneg_timer);
261
262
e1000e_intrmgr_pci_unint(core);
263
diff --git a/hw/net/pcnet-pci.c b/hw/net/pcnet-pci.c
264
index XXXXXXX..XXXXXXX 100644
265
--- a/hw/net/pcnet-pci.c
266
+++ b/hw/net/pcnet-pci.c
267
@@ -XXX,XX +XXX,XX @@ static void pci_pcnet_uninit(PCIDevice *dev)
268
PCIPCNetState *d = PCI_PCNET(dev);
269
270
qemu_free_irq(d->state.irq);
271
- timer_del(d->state.poll_timer);
272
timer_free(d->state.poll_timer);
273
qemu_del_nic(d->state.nic);
274
}
275
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
276
index XXXXXXX..XXXXXXX 100644
277
--- a/hw/net/rtl8139.c
278
+++ b/hw/net/rtl8139.c
279
@@ -XXX,XX +XXX,XX @@ static void pci_rtl8139_uninit(PCIDevice *dev)
280
281
g_free(s->cplus_txbuffer);
282
s->cplus_txbuffer = NULL;
283
- timer_del(s->timer);
284
timer_free(s->timer);
285
qemu_del_nic(s->nic);
286
}
287
diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
288
index XXXXXXX..XXXXXXX 100644
289
--- a/hw/net/spapr_llan.c
290
+++ b/hw/net/spapr_llan.c
291
@@ -XXX,XX +XXX,XX @@ static void spapr_vlan_instance_finalize(Object *obj)
292
}
293
294
if (dev->rxp_timer) {
295
- timer_del(dev->rxp_timer);
296
timer_free(dev->rxp_timer);
297
}
298
}
299
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
300
index XXXXXXX..XXXXXXX 100644
301
--- a/hw/net/virtio-net.c
302
+++ b/hw/net/virtio-net.c
303
@@ -XXX,XX +XXX,XX @@ static void virtio_net_rsc_cleanup(VirtIONet *n)
304
g_free(seg);
305
}
306
307
- timer_del(chain->drain_timer);
308
timer_free(chain->drain_timer);
309
QTAILQ_REMOVE(&n->rsc_chains, chain, next);
310
g_free(chain);
311
@@ -XXX,XX +XXX,XX @@ static void virtio_net_del_queue(VirtIONet *n, int index)
312
313
virtio_del_queue(vdev, index * 2);
314
if (q->tx_timer) {
315
- timer_del(q->tx_timer);
316
timer_free(q->tx_timer);
317
q->tx_timer = NULL;
318
} else {
319
diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
320
index XXXXXXX..XXXXXXX 100644
321
--- a/hw/s390x/s390-pci-inst.c
322
+++ b/hw/s390x/s390-pci-inst.c
323
@@ -XXX,XX +XXX,XX @@ void pci_dereg_ioat(S390PCIIOMMU *iommu)
324
void fmb_timer_free(S390PCIBusDevice *pbdev)
325
{
326
if (pbdev->fmb_timer) {
327
- timer_del(pbdev->fmb_timer);
328
timer_free(pbdev->fmb_timer);
329
pbdev->fmb_timer = NULL;
330
}
331
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
332
index XXXXXXX..XXXXXXX 100644
333
--- a/hw/sd/sd.c
334
+++ b/hw/sd/sd.c
335
@@ -XXX,XX +XXX,XX @@ static void sd_instance_finalize(Object *obj)
336
{
337
SDState *sd = SD_CARD(obj);
338
339
- timer_del(sd->ocr_power_timer);
340
timer_free(sd->ocr_power_timer);
341
}
342
343
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
344
index XXXXXXX..XXXXXXX 100644
345
--- a/hw/sd/sdhci.c
346
+++ b/hw/sd/sdhci.c
347
@@ -XXX,XX +XXX,XX @@ void sdhci_initfn(SDHCIState *s)
348
349
void sdhci_uninitfn(SDHCIState *s)
350
{
351
- timer_del(s->insert_timer);
352
timer_free(s->insert_timer);
353
- timer_del(s->transfer_timer);
354
timer_free(s->transfer_timer);
355
356
g_free(s->fifo_buffer);
357
diff --git a/hw/usb/dev-hub.c b/hw/usb/dev-hub.c
358
index XXXXXXX..XXXXXXX 100644
359
--- a/hw/usb/dev-hub.c
360
+++ b/hw/usb/dev-hub.c
361
@@ -XXX,XX +XXX,XX @@ static void usb_hub_unrealize(USBDevice *dev)
362
&s->ports[i].port);
363
}
364
365
- timer_del(s->port_timer);
366
timer_free(s->port_timer);
367
}
368
369
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
370
index XXXXXXX..XXXXXXX 100644
371
--- a/hw/usb/hcd-ehci.c
372
+++ b/hw/usb/hcd-ehci.c
373
@@ -XXX,XX +XXX,XX @@ void usb_ehci_unrealize(EHCIState *s, DeviceState *dev)
374
trace_usb_ehci_unrealize();
375
376
if (s->frame_timer) {
377
- timer_del(s->frame_timer);
378
timer_free(s->frame_timer);
379
s->frame_timer = NULL;
380
}
381
diff --git a/hw/usb/hcd-ohci-pci.c b/hw/usb/hcd-ohci-pci.c
382
index XXXXXXX..XXXXXXX 100644
383
--- a/hw/usb/hcd-ohci-pci.c
384
+++ b/hw/usb/hcd-ohci-pci.c
385
@@ -XXX,XX +XXX,XX @@ static void usb_ohci_exit(PCIDevice *dev)
386
usb_bus_release(&s->bus);
387
}
388
389
- timer_del(s->eof_timer);
390
timer_free(s->eof_timer);
391
}
392
393
diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c
394
index XXXXXXX..XXXXXXX 100644
395
--- a/hw/usb/hcd-uhci.c
396
+++ b/hw/usb/hcd-uhci.c
397
@@ -XXX,XX +XXX,XX @@ static void usb_uhci_exit(PCIDevice *dev)
398
trace_usb_uhci_exit();
399
400
if (s->frame_timer) {
401
- timer_del(s->frame_timer);
402
timer_free(s->frame_timer);
403
s->frame_timer = NULL;
404
}
405
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
406
index XXXXXXX..XXXXXXX 100644
407
--- a/hw/usb/hcd-xhci.c
408
+++ b/hw/usb/hcd-xhci.c
409
@@ -XXX,XX +XXX,XX @@ static void usb_xhci_unrealize(DeviceState *dev)
410
}
411
412
if (xhci->mfwrap_timer) {
413
- timer_del(xhci->mfwrap_timer);
414
timer_free(xhci->mfwrap_timer);
415
xhci->mfwrap_timer = NULL;
416
}
417
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
418
index XXXXXXX..XXXXXXX 100644
419
--- a/hw/usb/redirect.c
420
+++ b/hw/usb/redirect.c
421
@@ -XXX,XX +XXX,XX @@ static void usbredir_unrealize(USBDevice *udev)
422
qemu_bh_delete(dev->chardev_close_bh);
423
qemu_bh_delete(dev->device_reject_bh);
424
425
- timer_del(dev->attach_timer);
426
timer_free(dev->attach_timer);
427
428
usbredir_cleanup_device_queues(dev);
429
diff --git a/hw/vfio/display.c b/hw/vfio/display.c
430
index XXXXXXX..XXXXXXX 100644
431
--- a/hw/vfio/display.c
432
+++ b/hw/vfio/display.c
433
@@ -XXX,XX +XXX,XX @@ static void vfio_display_edid_exit(VFIODisplay *dpy)
434
435
g_free(dpy->edid_regs);
436
g_free(dpy->edid_blob);
437
- timer_del(dpy->edid_link_timer);
438
timer_free(dpy->edid_link_timer);
439
}
440
441
diff --git a/hw/virtio/vhost-vsock-common.c b/hw/virtio/vhost-vsock-common.c
442
index XXXXXXX..XXXXXXX 100644
443
--- a/hw/virtio/vhost-vsock-common.c
444
+++ b/hw/virtio/vhost-vsock-common.c
445
@@ -XXX,XX +XXX,XX @@ static void vhost_vsock_common_post_load_timer_cleanup(VHostVSockCommon *vvc)
446
return;
447
}
448
449
- timer_del(vvc->post_load_timer);
450
timer_free(vvc->post_load_timer);
451
vvc->post_load_timer = NULL;
452
}
453
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
454
index XXXXXXX..XXXXXXX 100644
455
--- a/hw/virtio/virtio-balloon.c
456
+++ b/hw/virtio/virtio-balloon.c
457
@@ -XXX,XX +XXX,XX @@ static bool balloon_stats_enabled(const VirtIOBalloon *s)
458
static void balloon_stats_destroy_timer(VirtIOBalloon *s)
459
{
460
if (balloon_stats_enabled(s)) {
461
- timer_del(s->stats_timer);
462
timer_free(s->stats_timer);
463
s->stats_timer = NULL;
464
s->stats_poll_interval = 0;
465
diff --git a/hw/virtio/virtio-rng.c b/hw/virtio/virtio-rng.c
466
index XXXXXXX..XXXXXXX 100644
467
--- a/hw/virtio/virtio-rng.c
468
+++ b/hw/virtio/virtio-rng.c
469
@@ -XXX,XX +XXX,XX @@ static void virtio_rng_device_unrealize(DeviceState *dev)
470
VirtIORNG *vrng = VIRTIO_RNG(dev);
471
472
qemu_del_vm_change_state_handler(vrng->vmstate);
473
- timer_del(vrng->rate_limit_timer);
474
timer_free(vrng->rate_limit_timer);
475
virtio_del_queue(vdev, 0);
476
virtio_cleanup(vdev);
477
diff --git a/hw/watchdog/wdt_diag288.c b/hw/watchdog/wdt_diag288.c
478
index XXXXXXX..XXXXXXX 100644
479
--- a/hw/watchdog/wdt_diag288.c
480
+++ b/hw/watchdog/wdt_diag288.c
481
@@ -XXX,XX +XXX,XX @@ static void wdt_diag288_unrealize(DeviceState *dev)
482
{
483
DIAG288State *diag288 = DIAG288(dev);
484
485
- timer_del(diag288->timer);
486
timer_free(diag288->timer);
487
}
488
489
diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
490
index XXXXXXX..XXXXXXX 100644
491
--- a/hw/watchdog/wdt_i6300esb.c
492
+++ b/hw/watchdog/wdt_i6300esb.c
493
@@ -XXX,XX +XXX,XX @@ static void i6300esb_exit(PCIDevice *dev)
494
{
495
I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
496
497
- timer_del(d->timer);
498
timer_free(d->timer);
499
}
500
501
diff --git a/migration/colo.c b/migration/colo.c
502
index XXXXXXX..XXXXXXX 100644
503
--- a/migration/colo.c
504
+++ b/migration/colo.c
505
@@ -XXX,XX +XXX,XX @@ out:
506
* error.
507
*/
508
colo_compare_unregister_notifier(&packets_compare_notifier);
509
- timer_del(s->colo_delay_timer);
510
timer_free(s->colo_delay_timer);
511
qemu_event_destroy(&s->colo_checkpoint_event);
512
513
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
514
index XXXXXXX..XXXXXXX 100644
515
--- a/monitor/hmp-cmds.c
516
+++ b/monitor/hmp-cmds.c
517
@@ -XXX,XX +XXX,XX @@ static void hmp_migrate_status_cb(void *opaque)
518
error_report("%s", info->error_desc);
519
}
520
monitor_resume(status->mon);
521
- timer_del(status->timer);
522
timer_free(status->timer);
523
g_free(status);
524
}
525
diff --git a/net/announce.c b/net/announce.c
526
index XXXXXXX..XXXXXXX 100644
527
--- a/net/announce.c
528
+++ b/net/announce.c
529
@@ -XXX,XX +XXX,XX @@ void qemu_announce_timer_del(AnnounceTimer *timer, bool free_named)
530
{
531
bool free_timer = false;
532
if (timer->tm) {
533
- timer_del(timer->tm);
534
timer_free(timer->tm);
535
timer->tm = NULL;
536
}
537
diff --git a/net/colo-compare.c b/net/colo-compare.c
538
index XXXXXXX..XXXXXXX 100644
539
--- a/net/colo-compare.c
540
+++ b/net/colo-compare.c
541
@@ -XXX,XX +XXX,XX @@ static void colo_compare_timer_init(CompareState *s)
542
static void colo_compare_timer_del(CompareState *s)
543
{
544
if (s->packet_check_timer) {
545
- timer_del(s->packet_check_timer);
546
timer_free(s->packet_check_timer);
547
s->packet_check_timer = NULL;
548
}
549
diff --git a/net/slirp.c b/net/slirp.c
550
index XXXXXXX..XXXXXXX 100644
551
--- a/net/slirp.c
552
+++ b/net/slirp.c
553
@@ -XXX,XX +XXX,XX @@ static void *net_slirp_timer_new(SlirpTimerCb cb,
554
555
static void net_slirp_timer_free(void *timer, void *opaque)
556
{
557
- timer_del(timer);
558
timer_free(timer);
559
}
560
561
diff --git a/replay/replay-debugging.c b/replay/replay-debugging.c
562
index XXXXXXX..XXXXXXX 100644
563
--- a/replay/replay-debugging.c
564
+++ b/replay/replay-debugging.c
565
@@ -XXX,XX +XXX,XX @@ static void replay_delete_break(void)
566
assert(replay_mutex_locked());
567
568
if (replay_break_timer) {
569
- timer_del(replay_break_timer);
570
timer_free(replay_break_timer);
571
replay_break_timer = NULL;
572
}
573
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
574
index XXXXXXX..XXXXXXX 100644
575
--- a/target/s390x/cpu.c
576
+++ b/target/s390x/cpu.c
577
@@ -XXX,XX +XXX,XX @@ static void s390_cpu_finalize(Object *obj)
578
#if !defined(CONFIG_USER_ONLY)
579
S390CPU *cpu = S390_CPU(obj);
580
581
- timer_del(cpu->env.tod_timer);
582
timer_free(cpu->env.tod_timer);
583
- timer_del(cpu->env.cpu_timer);
584
timer_free(cpu->env.cpu_timer);
585
586
qemu_unregister_reset(s390_cpu_machine_reset_cb, cpu);
587
diff --git a/ui/console.c b/ui/console.c
588
index XXXXXXX..XXXXXXX 100644
589
--- a/ui/console.c
590
+++ b/ui/console.c
591
@@ -XXX,XX +XXX,XX @@ static void gui_setup_refresh(DisplayState *ds)
592
timer_mod(ds->gui_timer, qemu_clock_get_ms(QEMU_CLOCK_REALTIME));
593
}
594
if (!need_timer && ds->gui_timer != NULL) {
595
- timer_del(ds->gui_timer);
596
timer_free(ds->gui_timer);
597
ds->gui_timer = NULL;
598
}
599
diff --git a/ui/spice-core.c b/ui/spice-core.c
600
index XXXXXXX..XXXXXXX 100644
601
--- a/ui/spice-core.c
602
+++ b/ui/spice-core.c
603
@@ -XXX,XX +XXX,XX @@ static void timer_cancel(SpiceTimer *timer)
604
605
static void timer_remove(SpiceTimer *timer)
606
{
607
- timer_del(timer->timer);
608
timer_free(timer->timer);
609
g_free(timer);
610
}
611
diff --git a/util/throttle.c b/util/throttle.c
612
index XXXXXXX..XXXXXXX 100644
613
--- a/util/throttle.c
614
+++ b/util/throttle.c
615
@@ -XXX,XX +XXX,XX @@ static void throttle_timer_destroy(QEMUTimer **timer)
616
{
617
assert(*timer != NULL);
618
619
- timer_del(*timer);
620
timer_free(*timer);
621
*timer = NULL;
622
}
193
--
623
--
194
2.20.1
624
2.20.1
195
625
196
626
diff view generated by jsdifflib
1
Sort the board index into alphabetical order. (Note that we need to
1
The Arm CPU finalize function uses a sequence of timer_del(), timer_deinit(),
2
sort alphabetically by the title text of each file, which isn't the
2
timer_free() to free the timer. The timer_deinit() step in this was always
3
same ordering as sorting by the filename.)
3
unnecessary, and now the timer_del() is implied by timer_free(), so we can
4
collapse this down to simply calling timer_free().
4
5
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
9
Message-id: 20201215154107.3255-5-peter.maydell@linaro.org
9
Message-id: 20200507151819.28444-3-peter.maydell@linaro.org
10
---
10
---
11
docs/system/target-arm.rst | 17 +++++++++++------
11
target/arm/cpu.c | 2 --
12
1 file changed, 11 insertions(+), 6 deletions(-)
12
1 file changed, 2 deletions(-)
13
13
14
diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst
14
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
15
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
16
--- a/docs/system/target-arm.rst
16
--- a/target/arm/cpu.c
17
+++ b/docs/system/target-arm.rst
17
+++ b/target/arm/cpu.c
18
@@ -XXX,XX +XXX,XX @@ Unfortunately many of the Arm boards QEMU supports are currently
18
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_finalizefn(Object *obj)
19
undocumented; you can get a complete list by running
19
}
20
``qemu-system-aarch64 --machine help``.
20
#ifndef CONFIG_USER_ONLY
21
21
if (cpu->pmu_timer) {
22
+..
22
- timer_del(cpu->pmu_timer);
23
+ This table of contents should be kept sorted alphabetically
23
- timer_deinit(cpu->pmu_timer);
24
+ by the title text of each file, which isn't the same ordering
24
timer_free(cpu->pmu_timer);
25
+ as an alphabetical sort by filename.
25
}
26
+
26
#endif
27
.. toctree::
28
:maxdepth: 1
29
30
arm/integratorcp
31
- arm/versatile
32
arm/realview
33
- arm/xscale
34
- arm/palm
35
- arm/nseries
36
- arm/stellaris
37
+ arm/versatile
38
arm/musicpal
39
- arm/sx1
40
+ arm/nseries
41
arm/orangepi
42
+ arm/palm
43
+ arm/xscale
44
+ arm/sx1
45
+ arm/stellaris
46
47
Arm CPU features
48
================
49
--
27
--
50
2.20.1
28
2.20.1
51
29
52
30
diff view generated by jsdifflib
1
From: Geert Uytterhoeven <geert+renesas@glider.be>
1
From: Gan Qixin <ganqixin@huawei.com>
2
2
3
Add a definition for the number of GPIO lines controlled by a PL061
3
When running device-introspect-test, a memory leak occurred in the
4
instance, and use it instead of the hardcoded magic value 8.
4
digic_timer_init function, so use ptimer_free() in the finalize function to
5
avoid it.
5
6
6
Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
ASAN shows memory leak stack:
7
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
8
8
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
9
Indirect leak of 288 byte(s) in 3 object(s) allocated from:
9
Message-id: 20200519085143.1376-1-geert+renesas@glider.be
10
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
11
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
12
#2 0xaaabf555db78 in ptimer_init /qemu/hw/core/ptimer.c:432
13
#3 0xaaabf5b04084 in digic_timer_init /qemu/hw/timer/digic-timer.c:142
14
#4 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
15
#5 0xaaabf633ca04 in object_initialize_child_with_propsv /qemu/qom/object.c:564
16
#6 0xaaabf633cc08 in object_initialize_child_with_props /qemu/qom/object.c:547
17
#7 0xaaabf5b40e84 in digic_init /qemu/hw/arm/digic.c:46
18
#8 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
19
#9 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
20
#10 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
21
#11 0xaaabf653d8ec in qmp_marshal_device_list_properties /qemu/qapi/qapi-commands-qdev.c:59
22
#12 0xaaabf6587d08 in do_qmp_dispatch_bh /qemu/qapi/qmp-dispatch.c:110
23
24
Reported-by: Euler Robot <euler.robot@huawei.com>
25
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
26
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
28
---
12
hw/gpio/pl061.c | 12 +++++++-----
29
hw/timer/digic-timer.c | 8 ++++++++
13
1 file changed, 7 insertions(+), 5 deletions(-)
30
1 file changed, 8 insertions(+)
14
31
15
diff --git a/hw/gpio/pl061.c b/hw/gpio/pl061.c
32
diff --git a/hw/timer/digic-timer.c b/hw/timer/digic-timer.c
16
index XXXXXXX..XXXXXXX 100644
33
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/gpio/pl061.c
34
--- a/hw/timer/digic-timer.c
18
+++ b/hw/gpio/pl061.c
35
+++ b/hw/timer/digic-timer.c
19
@@ -XXX,XX +XXX,XX @@ static const uint8_t pl061_id_luminary[12] =
36
@@ -XXX,XX +XXX,XX @@ static void digic_timer_init(Object *obj)
20
#define TYPE_PL061 "pl061"
37
sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->iomem);
21
#define PL061(obj) OBJECT_CHECK(PL061State, (obj), TYPE_PL061)
38
}
22
39
23
+#define N_GPIOS 8
40
+static void digic_timer_finalize(Object *obj)
41
+{
42
+ DigicTimerState *s = DIGIC_TIMER(obj);
24
+
43
+
25
typedef struct PL061State {
44
+ ptimer_free(s->ptimer);
26
SysBusDevice parent_obj;
45
+}
27
46
+
28
@@ -XXX,XX +XXX,XX @@ typedef struct PL061State {
47
static void digic_timer_class_init(ObjectClass *klass, void *class_data)
29
uint32_t cr;
48
{
30
uint32_t amsel;
49
DeviceClass *dc = DEVICE_CLASS(klass);
31
qemu_irq irq;
50
@@ -XXX,XX +XXX,XX @@ static const TypeInfo digic_timer_info = {
32
- qemu_irq out[8];
51
.parent = TYPE_SYS_BUS_DEVICE,
33
+ qemu_irq out[N_GPIOS];
52
.instance_size = sizeof(DigicTimerState),
34
const unsigned char *id;
53
.instance_init = digic_timer_init,
35
uint32_t rsvd_start; /* reserved area: [rsvd_start, 0xfcc] */
54
+ .instance_finalize = digic_timer_finalize,
36
} PL061State;
55
.class_init = digic_timer_class_init,
37
@@ -XXX,XX +XXX,XX @@ static void pl061_update(PL061State *s)
56
};
38
changed = s->old_out_data ^ out;
57
39
if (changed) {
40
s->old_out_data = out;
41
- for (i = 0; i < 8; i++) {
42
+ for (i = 0; i < N_GPIOS; i++) {
43
mask = 1 << i;
44
if (changed & mask) {
45
DPRINTF("Set output %d = %d\n", i, (out & mask) != 0);
46
@@ -XXX,XX +XXX,XX @@ static void pl061_update(PL061State *s)
47
changed = (s->old_in_data ^ s->data) & ~s->dir;
48
if (changed) {
49
s->old_in_data = s->data;
50
- for (i = 0; i < 8; i++) {
51
+ for (i = 0; i < N_GPIOS; i++) {
52
mask = 1 << i;
53
if (changed & mask) {
54
DPRINTF("Changed input %d = %d\n", i, (s->data & mask) != 0);
55
@@ -XXX,XX +XXX,XX @@ static void pl061_init(Object *obj)
56
memory_region_init_io(&s->iomem, obj, &pl061_ops, s, "pl061", 0x1000);
57
sysbus_init_mmio(sbd, &s->iomem);
58
sysbus_init_irq(sbd, &s->irq);
59
- qdev_init_gpio_in(dev, pl061_set_irq, 8);
60
- qdev_init_gpio_out(dev, s->out, 8);
61
+ qdev_init_gpio_in(dev, pl061_set_irq, N_GPIOS);
62
+ qdev_init_gpio_out(dev, s->out, N_GPIOS);
63
}
64
65
static void pl061_class_init(ObjectClass *klass, void *data)
66
--
58
--
67
2.20.1
59
2.20.1
68
60
69
61
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Gan Qixin <ganqixin@huawei.com>
2
2
3
hw_error() calls exit(). This a bit overkill when we can log
3
When running device-introspect-test, a memory leak occurred in the a10_pit_init
4
the accesses as unimplemented or guest error.
4
function, so use ptimer_free() in the finalize function to avoid it.
5
5
6
When fuzzing the devices, we don't want the whole process to
6
ASAN shows memory leak stack:
7
exit. Replace some hw_error() calls by qemu_log_mask().
8
7
9
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
8
Indirect leak of 288 byte(s) in 6 object(s) allocated from:
10
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
9
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
11
Message-id: 20200518140309.5220-2-f4bug@amsat.org
10
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
11
#2 0xaaabf555db84 in timer_new_full /qemu/include/qemu/timer.h:523
12
#3 0xaaabf555db84 in timer_new /qemu/include/qemu/timer.h:544
13
#4 0xaaabf555db84 in timer_new_ns /qemu/include/qemu/timer.h:562
14
#5 0xaaabf555db84 in ptimer_init /qemu/hw/core/ptimer.c:433
15
#6 0xaaabf57415e8 in a10_pit_init /qemu/hw/timer/allwinner-a10-pit.c:278
16
#7 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
17
#8 0xaaabf633ca04 in object_initialize_child_with_propsv /qemu/qom/object.c:564
18
#9 0xaaabf633cc08 in object_initialize_child_with_props /qemu/qom/object.c:547
19
#10 0xaaabf5b94680 in aw_a10_init /qemu/hw/arm/allwinner-a10.c:49
20
#11 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
21
#12 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
22
23
Reported-by: Euler Robot <euler.robot@huawei.com>
24
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
25
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
26
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
27
---
14
hw/arm/integratorcp.c | 23 +++++++++++++++--------
28
hw/timer/allwinner-a10-pit.c | 11 +++++++++++
15
1 file changed, 15 insertions(+), 8 deletions(-)
29
1 file changed, 11 insertions(+)
16
30
17
diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
31
diff --git a/hw/timer/allwinner-a10-pit.c b/hw/timer/allwinner-a10-pit.c
18
index XXXXXXX..XXXXXXX 100644
32
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/arm/integratorcp.c
33
--- a/hw/timer/allwinner-a10-pit.c
20
+++ b/hw/arm/integratorcp.c
34
+++ b/hw/timer/allwinner-a10-pit.c
21
@@ -XXX,XX +XXX,XX @@
35
@@ -XXX,XX +XXX,XX @@ static void a10_pit_init(Object *obj)
22
#include "exec/address-spaces.h"
23
#include "sysemu/runstate.h"
24
#include "sysemu/sysemu.h"
25
+#include "qemu/log.h"
26
#include "qemu/error-report.h"
27
#include "hw/char/pl011.h"
28
#include "hw/hw.h"
29
@@ -XXX,XX +XXX,XX @@ static uint64_t integratorcm_read(void *opaque, hwaddr offset,
30
/* ??? Voltage control unimplemented. */
31
return 0;
32
default:
33
- hw_error("integratorcm_read: Unimplemented offset 0x%x\n",
34
- (int)offset);
35
+ qemu_log_mask(LOG_UNIMP,
36
+ "%s: Unimplemented offset 0x%" HWADDR_PRIX "\n",
37
+ __func__, offset);
38
return 0;
39
}
36
}
40
}
37
}
41
@@ -XXX,XX +XXX,XX @@ static void integratorcm_write(void *opaque, hwaddr offset,
38
42
/* ??? Voltage control unimplemented. */
39
+static void a10_pit_finalize(Object *obj)
43
break;
40
+{
44
default:
41
+ AwA10PITState *s = AW_A10_PIT(obj);
45
- hw_error("integratorcm_write: Unimplemented offset 0x%x\n",
42
+ int i;
46
- (int)offset);
43
+
47
+ qemu_log_mask(LOG_UNIMP,
44
+ for (i = 0; i < AW_A10_PIT_TIMER_NR; i++) {
48
+ "%s: Unimplemented offset 0x%" HWADDR_PRIX "\n",
45
+ ptimer_free(s->timer[i]);
49
+ __func__, offset);
46
+ }
50
break;
47
+}
51
}
48
+
52
}
49
static void a10_pit_class_init(ObjectClass *klass, void *data)
53
@@ -XXX,XX +XXX,XX @@ static uint64_t icp_pic_read(void *opaque, hwaddr offset,
50
{
54
case 5: /* INT_SOFTCLR */
51
DeviceClass *dc = DEVICE_CLASS(klass);
55
case 11: /* FRQ_ENABLECLR */
52
@@ -XXX,XX +XXX,XX @@ static const TypeInfo a10_pit_info = {
56
default:
53
.parent = TYPE_SYS_BUS_DEVICE,
57
- printf ("icp_pic_read: Bad register offset 0x%x\n", (int)offset);
54
.instance_size = sizeof(AwA10PITState),
58
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
55
.instance_init = a10_pit_init,
59
+ __func__, offset);
56
+ .instance_finalize = a10_pit_finalize,
60
return 0;
57
.class_init = a10_pit_class_init,
61
}
58
};
62
}
63
@@ -XXX,XX +XXX,XX @@ static void icp_pic_write(void *opaque, hwaddr offset,
64
case 8: /* FRQ_STATUS */
65
case 9: /* FRQ_RAWSTAT */
66
default:
67
- printf ("icp_pic_write: Bad register offset 0x%x\n", (int)offset);
68
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
69
+ __func__, offset);
70
return;
71
}
72
icp_pic_update(s);
73
@@ -XXX,XX +XXX,XX @@ static uint64_t icp_control_read(void *opaque, hwaddr offset,
74
case 3: /* CP_DECODE */
75
return 0x11;
76
default:
77
- hw_error("icp_control_read: Bad offset %x\n", (int)offset);
78
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
79
+ __func__, offset);
80
return 0;
81
}
82
}
83
@@ -XXX,XX +XXX,XX @@ static void icp_control_write(void *opaque, hwaddr offset,
84
/* Nothing interesting implemented yet. */
85
break;
86
default:
87
- hw_error("icp_control_write: Bad offset %x\n", (int)offset);
88
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
89
+ __func__, offset);
90
}
91
}
92
59
93
--
60
--
94
2.20.1
61
2.20.1
95
62
96
63
diff view generated by jsdifflib
1
From: Guenter Roeck <linux@roeck-us.net>
1
From: Gan Qixin <ganqixin@huawei.com>
2
2
3
With this patch applied, the watchdog in the sabrelite emulation
3
When running device-introspect-test, a memory leak occurred in the
4
is fully operational, including pretimeout support.
4
exynos4210_rtc_init function, so use ptimer_free() in the finalize function to
5
avoid it.
5
6
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
ASAN shows memory leak stack:
7
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
8
8
Message-id: 20200517162135.110364-6-linux@roeck-us.net
9
Indirect leak of 96 byte(s) in 1 object(s) allocated from:
10
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
11
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
12
#2 0xaaabf555db78 in ptimer_init /qemu/hw/core/ptimer.c:432
13
#3 0xaaabf57b3934 in exynos4210_rtc_init /qemu/hw/rtc/exynos4210_rtc.c:567
14
#4 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
15
#5 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
16
#6 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
17
#7 0xaaabf653d8ec in qmp_marshal_device_list_properties /qemu/qapi/qapi-commands-qdev.c:59
18
#8 0xaaabf6587d08 in do_qmp_dispatch_bh /qemu/qapi/qmp-dispatch.c:110
19
#9 0xaaabf6552708 in aio_bh_call /qemu/util/async.c:136
20
#10 0xaaabf6552708 in aio_bh_poll /qemu/util/async.c:164
21
#11 0xaaabf655f19c in aio_dispatch /qemu/util/aio-posix.c:381
22
#12 0xaaabf65523f4 in aio_ctx_dispatch /qemu/util/async.c:306
23
24
Reported-by: Euler Robot <euler.robot@huawei.com>
25
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
26
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
28
---
11
hw/arm/fsl-imx6.c | 9 +++++++++
29
hw/rtc/exynos4210_rtc.c | 9 +++++++++
12
1 file changed, 9 insertions(+)
30
1 file changed, 9 insertions(+)
13
31
14
diff --git a/hw/arm/fsl-imx6.c b/hw/arm/fsl-imx6.c
32
diff --git a/hw/rtc/exynos4210_rtc.c b/hw/rtc/exynos4210_rtc.c
15
index XXXXXXX..XXXXXXX 100644
33
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/arm/fsl-imx6.c
34
--- a/hw/rtc/exynos4210_rtc.c
17
+++ b/hw/arm/fsl-imx6.c
35
+++ b/hw/rtc/exynos4210_rtc.c
18
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6_realize(DeviceState *dev, Error **errp)
36
@@ -XXX,XX +XXX,XX @@ static void exynos4210_rtc_init(Object *obj)
19
FSL_IMX6_WDOG1_ADDR,
37
sysbus_init_mmio(dev, &s->iomem);
20
FSL_IMX6_WDOG2_ADDR,
38
}
21
};
39
22
+ static const int FSL_IMX6_WDOGn_IRQ[FSL_IMX6_NUM_WDTS] = {
40
+static void exynos4210_rtc_finalize(Object *obj)
23
+ FSL_IMX6_WDOG1_IRQ,
41
+{
24
+ FSL_IMX6_WDOG2_IRQ,
42
+ Exynos4210RTCState *s = EXYNOS4210_RTC(obj);
25
+ };
43
+
26
44
+ ptimer_free(s->ptimer);
27
+ object_property_set_bool(OBJECT(&s->wdt[i]), true, "pretimeout-support",
45
+ ptimer_free(s->ptimer_1Hz);
28
+ &error_abort);
46
+}
29
object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized",
47
+
30
&error_abort);
48
static void exynos4210_rtc_class_init(ObjectClass *klass, void *data)
31
49
{
32
sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt[i]), 0, FSL_IMX6_WDOGn_ADDR[i]);
50
DeviceClass *dc = DEVICE_CLASS(klass);
33
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt[i]), 0,
51
@@ -XXX,XX +XXX,XX @@ static const TypeInfo exynos4210_rtc_info = {
34
+ qdev_get_gpio_in(DEVICE(&s->a9mpcore),
52
.parent = TYPE_SYS_BUS_DEVICE,
35
+ FSL_IMX6_WDOGn_IRQ[i]));
53
.instance_size = sizeof(Exynos4210RTCState),
36
}
54
.instance_init = exynos4210_rtc_init,
37
55
+ .instance_finalize = exynos4210_rtc_finalize,
38
/* ROM memory */
56
.class_init = exynos4210_rtc_class_init,
57
};
58
39
--
59
--
40
2.20.1
60
2.20.1
41
61
42
62
diff view generated by jsdifflib
1
From: Guenter Roeck <linux@roeck-us.net>
1
From: Gan Qixin <ganqixin@huawei.com>
2
2
3
Implement full support for the watchdog in i.MX systems.
3
When running device-introspect-test, a memory leak occurred in the
4
Pretimeout support is optional because the watchdog hardware
4
exynos4210_pwm_init function, so use ptimer_free() in the finalize function to
5
on i.MX31 does not support pretimeouts.
5
avoid it.
6
6
7
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
7
ASAN shows memory leak stack:
8
Message-id: 20200517162135.110364-3-linux@roeck-us.net
8
9
Indirect leak of 240 byte(s) in 5 object(s) allocated from:
10
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
11
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
12
#2 0xaaabf555db84 in timer_new_full /qemu/include/qemu/timer.h:523
13
#3 0xaaabf555db84 in timer_new /qemu/include/qemu/timer.h:544
14
#4 0xaaabf555db84 in timer_new_ns /qemu/include/qemu/timer.h:562
15
#5 0xaaabf555db84 in ptimer_init /qemu/hw/core/ptimer.c:433
16
#6 0xaaabf56a36cc in exynos4210_pwm_init /qemu/hw/timer/exynos4210_pwm.c:401
17
#7 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
18
#8 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
19
#9 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
20
#10 0xaaabf653d8ec in qmp_marshal_device_list_properties /qemu/qapi/qapi-commands-qdev.c:59
21
#11 0xaaabf6587d08 in do_qmp_dispatch_bh /qemu/qapi/qmp-dispatch.c:110
22
#12 0xaaabf6552708 in aio_bh_call /qemu/util/async.c:136
23
24
Reported-by: Euler Robot <euler.robot@huawei.com>
25
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
26
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
---
28
---
12
include/hw/watchdog/wdt_imx2.h | 61 ++++++++-
29
hw/timer/exynos4210_pwm.c | 11 +++++++++++
13
hw/watchdog/wdt_imx2.c | 239 +++++++++++++++++++++++++++++++--
30
1 file changed, 11 insertions(+)
14
2 files changed, 285 insertions(+), 15 deletions(-)
15
31
16
diff --git a/include/hw/watchdog/wdt_imx2.h b/include/hw/watchdog/wdt_imx2.h
32
diff --git a/hw/timer/exynos4210_pwm.c b/hw/timer/exynos4210_pwm.c
17
index XXXXXXX..XXXXXXX 100644
33
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/watchdog/wdt_imx2.h
34
--- a/hw/timer/exynos4210_pwm.c
19
+++ b/include/hw/watchdog/wdt_imx2.h
35
+++ b/hw/timer/exynos4210_pwm.c
20
@@ -XXX,XX +XXX,XX @@
36
@@ -XXX,XX +XXX,XX @@ static void exynos4210_pwm_init(Object *obj)
21
#ifndef IMX2_WDT_H
37
sysbus_init_mmio(dev, &s->iomem);
22
#define IMX2_WDT_H
38
}
23
39
24
+#include "qemu/bitops.h"
40
+static void exynos4210_pwm_finalize(Object *obj)
25
#include "hw/sysbus.h"
41
+{
26
+#include "hw/irq.h"
42
+ Exynos4210PWMState *s = EXYNOS4210_PWM(obj);
27
+#include "hw/ptimer.h"
43
+ int i;
28
29
#define TYPE_IMX2_WDT "imx2.wdt"
30
#define IMX2_WDT(obj) OBJECT_CHECK(IMX2WdtState, (obj), TYPE_IMX2_WDT)
31
32
enum IMX2WdtRegisters {
33
- IMX2_WDT_WCR = 0x0000,
34
- IMX2_WDT_REG_NUM = 0x0008 / sizeof(uint16_t) + 1,
35
+ IMX2_WDT_WCR = 0x0000, /* Control Register */
36
+ IMX2_WDT_WSR = 0x0002, /* Service Register */
37
+ IMX2_WDT_WRSR = 0x0004, /* Reset Status Register */
38
+ IMX2_WDT_WICR = 0x0006, /* Interrupt Control Register */
39
+ IMX2_WDT_WMCR = 0x0008, /* Misc Register */
40
};
41
42
+#define IMX2_WDT_MMIO_SIZE 0x000a
43
+
44
+
44
+/* Control Register definitions */
45
+ for (i = 0; i < EXYNOS4210_PWM_TIMERS_NUM; i++) {
45
+#define IMX2_WDT_WCR_WT (0xFF << 8) /* Watchdog Timeout Field */
46
+ ptimer_free(s->timer[i].ptimer);
46
+#define IMX2_WDT_WCR_WDW BIT(7) /* WDOG Disable for Wait */
47
+#define IMX2_WDT_WCR_WDA BIT(5) /* WDOG Assertion */
48
+#define IMX2_WDT_WCR_SRS BIT(4) /* Software Reset Signal */
49
+#define IMX2_WDT_WCR_WDT BIT(3) /* WDOG Timeout Assertion */
50
+#define IMX2_WDT_WCR_WDE BIT(2) /* Watchdog Enable */
51
+#define IMX2_WDT_WCR_WDBG BIT(1) /* Watchdog Debug Enable */
52
+#define IMX2_WDT_WCR_WDZST BIT(0) /* Watchdog Timer Suspend */
53
+
54
+#define IMX2_WDT_WCR_LOCK_MASK (IMX2_WDT_WCR_WDZST | IMX2_WDT_WCR_WDBG \
55
+ | IMX2_WDT_WCR_WDW)
56
+
57
+/* Service Register definitions */
58
+#define IMX2_WDT_SEQ1 0x5555 /* service sequence 1 */
59
+#define IMX2_WDT_SEQ2 0xAAAA /* service sequence 2 */
60
+
61
+/* Reset Status Register definitions */
62
+#define IMX2_WDT_WRSR_TOUT BIT(1) /* Reset due to Timeout */
63
+#define IMX2_WDT_WRSR_SFTW BIT(0) /* Reset due to software reset */
64
+
65
+/* Interrupt Control Register definitions */
66
+#define IMX2_WDT_WICR_WIE BIT(15) /* Interrupt Enable */
67
+#define IMX2_WDT_WICR_WTIS BIT(14) /* Interrupt Status */
68
+#define IMX2_WDT_WICR_WICT 0xff /* Interrupt Timeout */
69
+#define IMX2_WDT_WICR_WICT_DEF 0x04 /* Default interrupt timeout (2s) */
70
+
71
+#define IMX2_WDT_WICR_LOCK_MASK (IMX2_WDT_WICR_WIE | IMX2_WDT_WICR_WICT)
72
+
73
+/* Misc Control Register definitions */
74
+#define IMX2_WDT_WMCR_PDE BIT(0) /* Power-Down Enable */
75
76
typedef struct IMX2WdtState {
77
/* <private> */
78
SysBusDevice parent_obj;
79
80
+ /*< public >*/
81
MemoryRegion mmio;
82
+ qemu_irq irq;
83
+
84
+ struct ptimer_state *timer;
85
+ struct ptimer_state *itimer;
86
+
87
+ bool pretimeout_support;
88
+ bool wicr_locked;
89
+
90
+ uint16_t wcr;
91
+ uint16_t wsr;
92
+ uint16_t wrsr;
93
+ uint16_t wicr;
94
+ uint16_t wmcr;
95
+
96
+ bool wcr_locked; /* affects WDZST, WDBG, and WDW */
97
+ bool wcr_wde_locked; /* affects WDE */
98
+ bool wcr_wdt_locked; /* affects WDT (never cleared) */
99
} IMX2WdtState;
100
101
#endif /* IMX2_WDT_H */
102
diff --git a/hw/watchdog/wdt_imx2.c b/hw/watchdog/wdt_imx2.c
103
index XXXXXXX..XXXXXXX 100644
104
--- a/hw/watchdog/wdt_imx2.c
105
+++ b/hw/watchdog/wdt_imx2.c
106
@@ -XXX,XX +XXX,XX @@
107
#include "qemu/bitops.h"
108
#include "qemu/module.h"
109
#include "sysemu/watchdog.h"
110
+#include "migration/vmstate.h"
111
+#include "hw/qdev-properties.h"
112
113
#include "hw/watchdog/wdt_imx2.h"
114
115
-#define IMX2_WDT_WCR_WDA BIT(5) /* -> External Reset WDOG_B */
116
-#define IMX2_WDT_WCR_SRS BIT(4) /* -> Software Reset Signal */
117
-
118
-static uint64_t imx2_wdt_read(void *opaque, hwaddr addr,
119
- unsigned int size)
120
+static void imx2_wdt_interrupt(void *opaque)
121
{
122
+ IMX2WdtState *s = IMX2_WDT(opaque);
123
+
124
+ s->wicr |= IMX2_WDT_WICR_WTIS;
125
+ qemu_set_irq(s->irq, 1);
126
+}
127
+
128
+static void imx2_wdt_expired(void *opaque)
129
+{
130
+ IMX2WdtState *s = IMX2_WDT(opaque);
131
+
132
+ s->wrsr = IMX2_WDT_WRSR_TOUT;
133
+
134
+ /* Perform watchdog action if watchdog is enabled */
135
+ if (s->wcr & IMX2_WDT_WCR_WDE) {
136
+ s->wrsr = IMX2_WDT_WRSR_TOUT;
137
+ watchdog_perform_action();
138
+ }
47
+ }
139
+}
48
+}
140
+
49
+
141
+static void imx2_wdt_reset(DeviceState *dev)
50
static void exynos4210_pwm_class_init(ObjectClass *klass, void *data)
142
+{
143
+ IMX2WdtState *s = IMX2_WDT(dev);
144
+
145
+ ptimer_transaction_begin(s->timer);
146
+ ptimer_stop(s->timer);
147
+ ptimer_transaction_commit(s->timer);
148
+
149
+ if (s->pretimeout_support) {
150
+ ptimer_transaction_begin(s->itimer);
151
+ ptimer_stop(s->itimer);
152
+ ptimer_transaction_commit(s->itimer);
153
+ }
154
+
155
+ s->wicr_locked = false;
156
+ s->wcr_locked = false;
157
+ s->wcr_wde_locked = false;
158
+
159
+ s->wcr = IMX2_WDT_WCR_WDA | IMX2_WDT_WCR_SRS;
160
+ s->wsr = 0;
161
+ s->wrsr &= ~(IMX2_WDT_WRSR_TOUT | IMX2_WDT_WRSR_SFTW);
162
+ s->wicr = IMX2_WDT_WICR_WICT_DEF;
163
+ s->wmcr = IMX2_WDT_WMCR_PDE;
164
+}
165
+
166
+static uint64_t imx2_wdt_read(void *opaque, hwaddr addr, unsigned int size)
167
+{
168
+ IMX2WdtState *s = IMX2_WDT(opaque);
169
+
170
+ switch (addr) {
171
+ case IMX2_WDT_WCR:
172
+ return s->wcr;
173
+ case IMX2_WDT_WSR:
174
+ return s->wsr;
175
+ case IMX2_WDT_WRSR:
176
+ return s->wrsr;
177
+ case IMX2_WDT_WICR:
178
+ return s->wicr;
179
+ case IMX2_WDT_WMCR:
180
+ return s->wmcr;
181
+ }
182
return 0;
183
}
184
185
+static void imx_wdt2_update_itimer(IMX2WdtState *s, bool start)
186
+{
187
+ bool running = (s->wcr & IMX2_WDT_WCR_WDE) && (s->wcr & IMX2_WDT_WCR_WT);
188
+ bool enabled = s->wicr & IMX2_WDT_WICR_WIE;
189
+
190
+ ptimer_transaction_begin(s->itimer);
191
+ if (start || !enabled) {
192
+ ptimer_stop(s->itimer);
193
+ }
194
+ if (running && enabled) {
195
+ int count = ptimer_get_count(s->timer);
196
+ int pretimeout = s->wicr & IMX2_WDT_WICR_WICT;
197
+
198
+ /*
199
+ * Only (re-)start pretimeout timer if its counter value is larger
200
+ * than 0. Otherwise it will fire right away and we'll get an
201
+ * interrupt loop.
202
+ */
203
+ if (count > pretimeout) {
204
+ ptimer_set_count(s->itimer, count - pretimeout);
205
+ if (start) {
206
+ ptimer_run(s->itimer, 1);
207
+ }
208
+ }
209
+ }
210
+ ptimer_transaction_commit(s->itimer);
211
+}
212
+
213
+static void imx_wdt2_update_timer(IMX2WdtState *s, bool start)
214
+{
215
+ ptimer_transaction_begin(s->timer);
216
+ if (start) {
217
+ ptimer_stop(s->timer);
218
+ }
219
+ if ((s->wcr & IMX2_WDT_WCR_WDE) && (s->wcr & IMX2_WDT_WCR_WT)) {
220
+ int count = (s->wcr & IMX2_WDT_WCR_WT) >> 8;
221
+
222
+ /* A value of 0 reflects one period (0.5s). */
223
+ ptimer_set_count(s->timer, count + 1);
224
+ if (start) {
225
+ ptimer_run(s->timer, 1);
226
+ }
227
+ }
228
+ ptimer_transaction_commit(s->timer);
229
+ if (s->pretimeout_support) {
230
+ imx_wdt2_update_itimer(s, start);
231
+ }
232
+}
233
+
234
static void imx2_wdt_write(void *opaque, hwaddr addr,
235
uint64_t value, unsigned int size)
236
{
237
- if (addr == IMX2_WDT_WCR &&
238
- (~value & (IMX2_WDT_WCR_WDA | IMX2_WDT_WCR_SRS))) {
239
- watchdog_perform_action();
240
+ IMX2WdtState *s = IMX2_WDT(opaque);
241
+
242
+ switch (addr) {
243
+ case IMX2_WDT_WCR:
244
+ if (s->wcr_locked) {
245
+ value &= ~IMX2_WDT_WCR_LOCK_MASK;
246
+ value |= (s->wicr & IMX2_WDT_WCR_LOCK_MASK);
247
+ }
248
+ s->wcr_locked = true;
249
+ if (s->wcr_wde_locked) {
250
+ value &= ~IMX2_WDT_WCR_WDE;
251
+ value |= (s->wicr & ~IMX2_WDT_WCR_WDE);
252
+ } else if (value & IMX2_WDT_WCR_WDE) {
253
+ s->wcr_wde_locked = true;
254
+ }
255
+ if (s->wcr_wdt_locked) {
256
+ value &= ~IMX2_WDT_WCR_WDT;
257
+ value |= (s->wicr & ~IMX2_WDT_WCR_WDT);
258
+ } else if (value & IMX2_WDT_WCR_WDT) {
259
+ s->wcr_wdt_locked = true;
260
+ }
261
+
262
+ s->wcr = value;
263
+ if (!(value & IMX2_WDT_WCR_SRS)) {
264
+ s->wrsr = IMX2_WDT_WRSR_SFTW;
265
+ }
266
+ if (!(value & (IMX2_WDT_WCR_WDA | IMX2_WDT_WCR_SRS)) ||
267
+ (!(value & IMX2_WDT_WCR_WT) && (value & IMX2_WDT_WCR_WDE))) {
268
+ watchdog_perform_action();
269
+ }
270
+ s->wcr |= IMX2_WDT_WCR_SRS;
271
+ imx_wdt2_update_timer(s, true);
272
+ break;
273
+ case IMX2_WDT_WSR:
274
+ if (s->wsr == IMX2_WDT_SEQ1 && value == IMX2_WDT_SEQ2) {
275
+ imx_wdt2_update_timer(s, false);
276
+ }
277
+ s->wsr = value;
278
+ break;
279
+ case IMX2_WDT_WRSR:
280
+ break;
281
+ case IMX2_WDT_WICR:
282
+ if (!s->pretimeout_support) {
283
+ return;
284
+ }
285
+ value &= IMX2_WDT_WICR_LOCK_MASK | IMX2_WDT_WICR_WTIS;
286
+ if (s->wicr_locked) {
287
+ value &= IMX2_WDT_WICR_WTIS;
288
+ value |= (s->wicr & IMX2_WDT_WICR_LOCK_MASK);
289
+ }
290
+ s->wicr = value | (s->wicr & IMX2_WDT_WICR_WTIS);
291
+ if (value & IMX2_WDT_WICR_WTIS) {
292
+ s->wicr &= ~IMX2_WDT_WICR_WTIS;
293
+ qemu_set_irq(s->irq, 0);
294
+ }
295
+ imx_wdt2_update_itimer(s, true);
296
+ s->wicr_locked = true;
297
+ break;
298
+ case IMX2_WDT_WMCR:
299
+ s->wmcr = value & IMX2_WDT_WMCR_PDE;
300
+ break;
301
}
302
}
303
304
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps imx2_wdt_ops = {
305
* real device but in practice there is no reason for a guest
306
* to access this device unaligned.
307
*/
308
- .min_access_size = 4,
309
- .max_access_size = 4,
310
+ .min_access_size = 2,
311
+ .max_access_size = 2,
312
.unaligned = false,
313
},
314
};
315
316
+static const VMStateDescription vmstate_imx2_wdt = {
317
+ .name = "imx2.wdt",
318
+ .fields = (VMStateField[]) {
319
+ VMSTATE_PTIMER(timer, IMX2WdtState),
320
+ VMSTATE_PTIMER(itimer, IMX2WdtState),
321
+ VMSTATE_BOOL(wicr_locked, IMX2WdtState),
322
+ VMSTATE_BOOL(wcr_locked, IMX2WdtState),
323
+ VMSTATE_BOOL(wcr_wde_locked, IMX2WdtState),
324
+ VMSTATE_BOOL(wcr_wdt_locked, IMX2WdtState),
325
+ VMSTATE_UINT16(wcr, IMX2WdtState),
326
+ VMSTATE_UINT16(wsr, IMX2WdtState),
327
+ VMSTATE_UINT16(wrsr, IMX2WdtState),
328
+ VMSTATE_UINT16(wmcr, IMX2WdtState),
329
+ VMSTATE_UINT16(wicr, IMX2WdtState),
330
+ VMSTATE_END_OF_LIST()
331
+ }
332
+};
333
+
334
static void imx2_wdt_realize(DeviceState *dev, Error **errp)
335
{
336
IMX2WdtState *s = IMX2_WDT(dev);
337
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
338
339
memory_region_init_io(&s->mmio, OBJECT(dev),
340
&imx2_wdt_ops, s,
341
- TYPE_IMX2_WDT".mmio",
342
- IMX2_WDT_REG_NUM * sizeof(uint16_t));
343
- sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->mmio);
344
+ TYPE_IMX2_WDT,
345
+ IMX2_WDT_MMIO_SIZE);
346
+ sysbus_init_mmio(sbd, &s->mmio);
347
+ sysbus_init_irq(sbd, &s->irq);
348
+
349
+ s->timer = ptimer_init(imx2_wdt_expired, s,
350
+ PTIMER_POLICY_NO_IMMEDIATE_TRIGGER |
351
+ PTIMER_POLICY_NO_IMMEDIATE_RELOAD |
352
+ PTIMER_POLICY_NO_COUNTER_ROUND_DOWN);
353
+ ptimer_transaction_begin(s->timer);
354
+ ptimer_set_freq(s->timer, 2);
355
+ ptimer_set_limit(s->timer, 0xff, 1);
356
+ ptimer_transaction_commit(s->timer);
357
+ if (s->pretimeout_support) {
358
+ s->itimer = ptimer_init(imx2_wdt_interrupt, s,
359
+ PTIMER_POLICY_NO_IMMEDIATE_TRIGGER |
360
+ PTIMER_POLICY_NO_IMMEDIATE_RELOAD |
361
+ PTIMER_POLICY_NO_COUNTER_ROUND_DOWN);
362
+ ptimer_transaction_begin(s->itimer);
363
+ ptimer_set_freq(s->itimer, 2);
364
+ ptimer_set_limit(s->itimer, 0xff, 1);
365
+ ptimer_transaction_commit(s->itimer);
366
+ }
367
}
368
369
+static Property imx2_wdt_properties[] = {
370
+ DEFINE_PROP_BOOL("pretimeout-support", IMX2WdtState, pretimeout_support,
371
+ false),
372
+};
373
+
374
static void imx2_wdt_class_init(ObjectClass *klass, void *data)
375
{
51
{
376
DeviceClass *dc = DEVICE_CLASS(klass);
52
DeviceClass *dc = DEVICE_CLASS(klass);
377
53
@@ -XXX,XX +XXX,XX @@ static const TypeInfo exynos4210_pwm_info = {
378
+ device_class_set_props(dc, imx2_wdt_properties);
54
.parent = TYPE_SYS_BUS_DEVICE,
379
dc->realize = imx2_wdt_realize;
55
.instance_size = sizeof(Exynos4210PWMState),
380
+ dc->reset = imx2_wdt_reset;
56
.instance_init = exynos4210_pwm_init,
381
+ dc->vmsd = &vmstate_imx2_wdt;
57
+ .instance_finalize = exynos4210_pwm_finalize,
382
+ dc->desc = "i.MX watchdog timer";
58
.class_init = exynos4210_pwm_class_init,
383
set_bit(DEVICE_CATEGORY_MISC, dc->categories);
59
};
384
}
385
60
386
--
61
--
387
2.20.1
62
2.20.1
388
63
389
64
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Gan Qixin <ganqixin@huawei.com>
2
2
3
The 8-byte store for the end a !is_q operation can be
3
When running device-introspect-test, a memory leak occurred in the
4
merged with the other stores. Use a no-op vector move
4
mss_timer_init function, so use ptimer_free() in the finalize function to avoid
5
to trigger the expand_clr portion of tcg_gen_gvec_mov.
5
it.
6
6
7
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
7
ASAN shows memory leak stack:
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
9
Message-id: 20200519212453.28494-2-richard.henderson@linaro.org
9
Indirect leak of 192 byte(s) in 2 object(s) allocated from:
10
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
11
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
12
#2 0xaaabf555db78 in ptimer_init /qemu/hw/core/ptimer.c:432
13
#3 0xaaabf58a0010 in mss_timer_init /qemu/hw/timer/mss-timer.c:235
14
#4 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
15
#5 0xaaabf633ca04 in object_initialize_child_with_propsv /qemu/qom/object.c:564
16
#6 0xaaabf633cc08 in object_initialize_child_with_props /qemu/qom/object.c:547
17
#7 0xaaabf5b8316c in m2sxxx_soc_initfn /qemu/hw/arm/msf2-soc.c:70
18
#8 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
19
#9 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
20
#10 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
21
#11 0xaaabf653d8ec in qmp_marshal_device_list_properties /qemu/qapi/qapi-commands-qdev.c:59
22
#12 0xaaabf6587d08 in do_qmp_dispatch_bh /qemu/qapi/qmp-dispatch.c:110
23
24
Reported-by: Euler Robot <euler.robot@huawei.com>
25
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
26
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
28
---
12
target/arm/translate-a64.c | 10 ++--------
29
hw/timer/mss-timer.c | 13 +++++++++++++
13
1 file changed, 2 insertions(+), 8 deletions(-)
30
1 file changed, 13 insertions(+)
14
31
15
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
32
diff --git a/hw/timer/mss-timer.c b/hw/timer/mss-timer.c
16
index XXXXXXX..XXXXXXX 100644
33
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/translate-a64.c
34
--- a/hw/timer/mss-timer.c
18
+++ b/target/arm/translate-a64.c
35
+++ b/hw/timer/mss-timer.c
19
@@ -XXX,XX +XXX,XX @@ static void clear_vec_high(DisasContext *s, bool is_q, int rd)
36
@@ -XXX,XX +XXX,XX @@ static void mss_timer_init(Object *obj)
20
unsigned ofs = fp_reg_offset(s, rd, MO_64);
37
sysbus_init_mmio(SYS_BUS_DEVICE(obj), &t->mmio);
21
unsigned vsz = vec_full_reg_size(s);
22
23
- if (!is_q) {
24
- TCGv_i64 tcg_zero = tcg_const_i64(0);
25
- tcg_gen_st_i64(tcg_zero, cpu_env, ofs + 8);
26
- tcg_temp_free_i64(tcg_zero);
27
- }
28
- if (vsz > 16) {
29
- tcg_gen_gvec_dup_imm(MO_64, ofs + 16, vsz - 16, vsz - 16, 0);
30
- }
31
+ /* Nop move, with side effect of clearing the tail. */
32
+ tcg_gen_gvec_mov(MO_64, ofs, ofs, is_q ? 16 : 8, vsz);
33
}
38
}
34
39
35
void write_fp_dreg(DisasContext *s, int reg, TCGv_i64 v)
40
+static void mss_timer_finalize(Object *obj)
41
+{
42
+ MSSTimerState *t = MSS_TIMER(obj);
43
+ int i;
44
+
45
+ for (i = 0; i < NUM_TIMERS; i++) {
46
+ struct Msf2Timer *st = &t->timers[i];
47
+
48
+ ptimer_free(st->ptimer);
49
+ }
50
+}
51
+
52
static const VMStateDescription vmstate_timers = {
53
.name = "mss-timer-block",
54
.version_id = 1,
55
@@ -XXX,XX +XXX,XX @@ static const TypeInfo mss_timer_info = {
56
.parent = TYPE_SYS_BUS_DEVICE,
57
.instance_size = sizeof(MSSTimerState),
58
.instance_init = mss_timer_init,
59
+ .instance_finalize = mss_timer_finalize,
60
.class_init = mss_timer_class_init,
61
};
62
36
--
63
--
37
2.20.1
64
2.20.1
38
65
39
66
diff view generated by jsdifflib
1
From: Guenter Roeck <linux@roeck-us.net>
1
From: Gan Qixin <ganqixin@huawei.com>
2
2
3
With this commit, the watchdog on imx25-pdk is fully operational,
3
When running device-introspect-test, a memory leak occurred in the
4
including pretimeout support.
4
mv88w8618_pit_init function, so use ptimer_free() in the finalize function to
5
avoid it.
5
6
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
ASAN shows memory leak stack:
7
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
8
8
Message-id: 20200517162135.110364-4-linux@roeck-us.net
9
Indirect leak of 192 byte(s) in 4 object(s) allocated from:
10
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
11
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
12
#2 0xaaabf555db84 in timer_new_full /qemu/include/qemu/timer.h:523
13
#3 0xaaabf555db84 in timer_new /qemu/include/qemu/timer.h:544
14
#4 0xaaabf555db84 in timer_new_ns /qemu/include/qemu/timer.h:562
15
#5 0xaaabf555db84 in ptimer_init /qemu/hw/core/ptimer.c:433
16
#6 0xaaabf5bb2290 in mv88w8618_timer_init /qemu/hw/arm/musicpal.c:862
17
#7 0xaaabf5bb2290 in mv88w8618_pit_init /qemu/hw/arm/musicpal.c:954
18
#8 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
19
#9 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
20
#10 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
21
#11 0xaaabf5a95540 in qdev_device_help /qemu/softmmu/qdev-monitor.c:283
22
#12 0xaaabf5a96940 in qmp_device_add /qemu/softmmu/qdev-monitor.c:801
23
24
Reported-by: Euler Robot <euler.robot@huawei.com>
25
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
26
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
28
---
11
include/hw/arm/fsl-imx25.h | 5 +++++
29
hw/arm/musicpal.c | 12 ++++++++++++
12
hw/arm/fsl-imx25.c | 10 ++++++++++
30
1 file changed, 12 insertions(+)
13
hw/arm/Kconfig | 1 +
14
3 files changed, 16 insertions(+)
15
31
16
diff --git a/include/hw/arm/fsl-imx25.h b/include/hw/arm/fsl-imx25.h
32
diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
17
index XXXXXXX..XXXXXXX 100644
33
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/arm/fsl-imx25.h
34
--- a/hw/arm/musicpal.c
19
+++ b/include/hw/arm/fsl-imx25.h
35
+++ b/hw/arm/musicpal.c
20
@@ -XXX,XX +XXX,XX @@
36
@@ -XXX,XX +XXX,XX @@ static void mv88w8618_pit_init(Object *obj)
21
#include "hw/gpio/imx_gpio.h"
37
sysbus_init_mmio(dev, &s->iomem);
22
#include "hw/sd/sdhci.h"
23
#include "hw/usb/chipidea.h"
24
+#include "hw/watchdog/wdt_imx2.h"
25
#include "exec/memory.h"
26
#include "target/arm/cpu.h"
27
28
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX25State {
29
IMXGPIOState gpio[FSL_IMX25_NUM_GPIOS];
30
SDHCIState esdhc[FSL_IMX25_NUM_ESDHCS];
31
ChipideaState usb[FSL_IMX25_NUM_USBS];
32
+ IMX2WdtState wdt;
33
MemoryRegion rom[2];
34
MemoryRegion iram;
35
MemoryRegion iram_alias;
36
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX25State {
37
#define FSL_IMX25_GPIO1_SIZE 0x4000
38
#define FSL_IMX25_GPIO2_ADDR 0x53FD0000
39
#define FSL_IMX25_GPIO2_SIZE 0x4000
40
+#define FSL_IMX25_WDT_ADDR 0x53FDC000
41
+#define FSL_IMX25_WDT_SIZE 0x4000
42
#define FSL_IMX25_USB1_ADDR 0x53FF4000
43
#define FSL_IMX25_USB1_SIZE 0x0200
44
#define FSL_IMX25_USB2_ADDR 0x53FF4400
45
@@ -XXX,XX +XXX,XX @@ typedef struct FslIMX25State {
46
#define FSL_IMX25_ESDHC2_IRQ 8
47
#define FSL_IMX25_USB1_IRQ 37
48
#define FSL_IMX25_USB2_IRQ 35
49
+#define FSL_IMX25_WDT_IRQ 55
50
51
#endif /* FSL_IMX25_H */
52
diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
53
index XXXXXXX..XXXXXXX 100644
54
--- a/hw/arm/fsl-imx25.c
55
+++ b/hw/arm/fsl-imx25.c
56
@@ -XXX,XX +XXX,XX @@ static void fsl_imx25_init(Object *obj)
57
TYPE_CHIPIDEA);
58
}
59
60
+ sysbus_init_child_obj(obj, "wdt", &s->wdt, sizeof(s->wdt), TYPE_IMX2_WDT);
61
}
38
}
62
39
63
static void fsl_imx25_realize(DeviceState *dev, Error **errp)
40
+static void mv88w8618_pit_finalize(Object *obj)
64
@@ -XXX,XX +XXX,XX @@ static void fsl_imx25_realize(DeviceState *dev, Error **errp)
41
+{
65
usb_table[i].irq));
42
+ SysBusDevice *dev = SYS_BUS_DEVICE(obj);
66
}
43
+ mv88w8618_pit_state *s = MV88W8618_PIT(dev);
67
44
+ int i;
68
+ /* Watchdog */
69
+ object_property_set_bool(OBJECT(&s->wdt), true, "pretimeout-support",
70
+ &error_abort);
71
+ object_property_set_bool(OBJECT(&s->wdt), true, "realized", &error_abort);
72
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt), 0, FSL_IMX25_WDT_ADDR);
73
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt), 0,
74
+ qdev_get_gpio_in(DEVICE(&s->avic),
75
+ FSL_IMX25_WDT_IRQ));
76
+
45
+
77
/* initialize 2 x 16 KB ROM */
46
+ for (i = 0; i < 4; i++) {
78
memory_region_init_rom(&s->rom[0], OBJECT(dev), "imx25.rom0",
47
+ ptimer_free(s->timer[i].ptimer);
79
FSL_IMX25_ROM0_SIZE, &err);
48
+ }
80
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
49
+}
81
index XXXXXXX..XXXXXXX 100644
50
+
82
--- a/hw/arm/Kconfig
51
static const VMStateDescription mv88w8618_timer_vmsd = {
83
+++ b/hw/arm/Kconfig
52
.name = "timer",
84
@@ -XXX,XX +XXX,XX @@ config FSL_IMX25
53
.version_id = 1,
85
select IMX
54
@@ -XXX,XX +XXX,XX @@ static const TypeInfo mv88w8618_pit_info = {
86
select IMX_FEC
55
.parent = TYPE_SYS_BUS_DEVICE,
87
select IMX_I2C
56
.instance_size = sizeof(mv88w8618_pit_state),
88
+ select WDT_IMX2
57
.instance_init = mv88w8618_pit_init,
89
select DS1338
58
+ .instance_finalize = mv88w8618_pit_finalize,
90
59
.class_init = mv88w8618_pit_class_init,
91
config FSL_IMX31
60
};
61
92
--
62
--
93
2.20.1
63
2.20.1
94
64
95
65
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Gan Qixin <ganqixin@huawei.com>
2
2
3
hw_error() calls exit(). This a bit overkill when we can log
3
When running device-introspect-test, a memory leak occurred in the
4
the accesses as unimplemented or guest error.
4
exynos4210_mct_init function, so use ptimer_free() in the finalize function to
5
avoid it.
5
6
6
When fuzzing the devices, we don't want the whole process to
7
ASAN shows memory leak stack:
7
exit. Replace some hw_error() calls by qemu_log_mask().
8
8
9
Per the datasheet "Exynos 4412 RISC Microprocessor Rev 1.00"
9
Indirect leak of 96 byte(s) in 1 object(s) allocated from:
10
Chapter 25 "Multi Core Timer (MCT)" figure 1 and table 4,
10
#0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
11
the default value on the APB bus is 0.
11
#1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
12
#2 0xaaabf555db78 in ptimer_init /qemu/hw/core/ptimer.c:432
13
#3 0xaaabf56b01a0 in exynos4210_mct_init /qemu/hw/timer/exynos4210_mct.c:1505
14
#4 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
15
#5 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
16
#6 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
17
#7 0xaaabf653d8ec in qmp_marshal_device_list_properties /qemu/qapi/qapi-commands-qdev.c:59
18
#8 0xaaabf6587d08 in do_qmp_dispatch_bh /qemu/qapi/qmp-dispatch.c:110
19
#9 0xaaabf6552708 in aio_bh_call /qemu/util/async.c:136
20
#10 0xaaabf6552708 in aio_bh_poll /qemu/util/async.c:164
21
#11 0xaaabf655f19c in aio_dispatch /qemu/util/aio-posix.c:381
22
#12 0xaaabf65523f4 in aio_ctx_dispatch /qemu/util/async.c:306
12
23
13
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
24
Reported-by: Euler Robot <euler.robot@huawei.com>
14
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
25
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
15
Message-id: 20200518140309.5220-5-f4bug@amsat.org
26
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
---
28
---
18
hw/timer/exynos4210_mct.c | 12 +++++-------
29
hw/timer/exynos4210_mct.c | 14 ++++++++++++++
19
1 file changed, 5 insertions(+), 7 deletions(-)
30
1 file changed, 14 insertions(+)
20
31
21
diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
32
diff --git a/hw/timer/exynos4210_mct.c b/hw/timer/exynos4210_mct.c
22
index XXXXXXX..XXXXXXX 100644
33
index XXXXXXX..XXXXXXX 100644
23
--- a/hw/timer/exynos4210_mct.c
34
--- a/hw/timer/exynos4210_mct.c
24
+++ b/hw/timer/exynos4210_mct.c
35
+++ b/hw/timer/exynos4210_mct.c
25
@@ -XXX,XX +XXX,XX @@
36
@@ -XXX,XX +XXX,XX @@ static void exynos4210_mct_init(Object *obj)
26
37
sysbus_init_mmio(dev, &s->iomem);
27
#include "qemu/osdep.h"
28
#include "qemu/log.h"
29
-#include "hw/hw.h"
30
#include "hw/sysbus.h"
31
#include "migration/vmstate.h"
32
#include "qemu/timer.h"
33
@@ -XXX,XX +XXX,XX @@
34
#include "hw/ptimer.h"
35
36
#include "hw/arm/exynos4210.h"
37
-#include "hw/hw.h"
38
#include "hw/irq.h"
39
40
//#define DEBUG_MCT
41
@@ -XXX,XX +XXX,XX @@ static uint64_t exynos4210_mct_read(void *opaque, hwaddr offset,
42
int index;
43
int shift;
44
uint64_t count;
45
- uint32_t value;
46
+ uint32_t value = 0;
47
int lt_i;
48
49
switch (offset) {
50
@@ -XXX,XX +XXX,XX @@ static uint64_t exynos4210_mct_read(void *opaque, hwaddr offset,
51
break;
52
53
default:
54
- hw_error("exynos4210.mct: bad read offset "
55
- TARGET_FMT_plx "\n", offset);
56
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
57
+ __func__, offset);
58
break;
59
}
60
return value;
61
@@ -XXX,XX +XXX,XX @@ static void exynos4210_mct_write(void *opaque, hwaddr offset,
62
break;
63
64
default:
65
- hw_error("exynos4210.mct: bad write offset "
66
- TARGET_FMT_plx "\n", offset);
67
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%" HWADDR_PRIX "\n",
68
+ __func__, offset);
69
break;
70
}
71
}
38
}
39
40
+static void exynos4210_mct_finalize(Object *obj)
41
+{
42
+ int i;
43
+ Exynos4210MCTState *s = EXYNOS4210_MCT(obj);
44
+
45
+ ptimer_free(s->g_timer.ptimer_frc);
46
+
47
+ for (i = 0; i < 2; i++) {
48
+ ptimer_free(s->l_timer[i].tick_timer.ptimer_tick);
49
+ ptimer_free(s->l_timer[i].ptimer_frc);
50
+ }
51
+}
52
+
53
static void exynos4210_mct_class_init(ObjectClass *klass, void *data)
54
{
55
DeviceClass *dc = DEVICE_CLASS(klass);
56
@@ -XXX,XX +XXX,XX @@ static const TypeInfo exynos4210_mct_info = {
57
.parent = TYPE_SYS_BUS_DEVICE,
58
.instance_size = sizeof(Exynos4210MCTState),
59
.instance_init = exynos4210_mct_init,
60
+ .instance_finalize = exynos4210_mct_finalize,
61
.class_init = exynos4210_mct_class_init,
62
};
63
72
--
64
--
73
2.20.1
65
2.20.1
74
66
75
67
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Bin Meng <bin.meng@windriver.com>
2
2
3
hw_error() calls exit(). This a bit overkill when we can log
3
U-Boot expects PMU_MISC0 register bit 7 is set (see init_bandgap()
4
the accesses as unimplemented or guest error.
4
in arch/arm/mach-imx/mx6/soc.c) during boot. This bit indicates the
5
bandgap has stabilized.
5
6
6
When fuzzing the devices, we don't want the whole process to
7
With this change, the latest upstream U-Boot (v2021.01-rc3) for imx6
7
exit. Replace some hw_error() calls by qemu_log_mask().
8
sabrelite board (mx6qsabrelite_defconfig), with a slight change made
9
by switching CONFIG_OF_SEPARATE to CONFIG_OF_EMBED, boots to U-Boot
10
shell on QEMU with the following command:
8
11
9
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
12
$ qemu-system-arm -M sabrelite -smp 4 -m 1G -kernel u-boot \
10
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
13
-display none -serial null -serial stdio
11
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
14
12
Message-id: 20200518140309.5220-4-f4bug@amsat.org
15
Boot log below:
16
17
U-Boot 2021.01-rc3 (Dec 12 2020 - 17:40:02 +0800)
18
19
CPU: Freescale i.MX?? rev1.0 at 792 MHz
20
Reset cause: POR
21
Model: Freescale i.MX6 Quad SABRE Lite Board
22
Board: SABRE Lite
23
I2C: ready
24
DRAM: 1 GiB
25
force_idle_bus: sda=0 scl=0 sda.gp=0x5c scl.gp=0x55
26
force_idle_bus: failed to clear bus, sda=0 scl=0
27
force_idle_bus: sda=0 scl=0 sda.gp=0x6d scl.gp=0x6c
28
force_idle_bus: failed to clear bus, sda=0 scl=0
29
force_idle_bus: sda=0 scl=0 sda.gp=0xcb scl.gp=0x5
30
force_idle_bus: failed to clear bus, sda=0 scl=0
31
MMC: FSL_SDHC: 0, FSL_SDHC: 1
32
Loading Environment from MMC... *** Warning - No block device, using default environment
33
34
In: serial
35
Out: serial
36
Err: serial
37
Net: Board Net Initialization Failed
38
No ethernet found.
39
starting USB...
40
Bus usb@2184000: usb dr_mode not found
41
USB EHCI 1.00
42
Bus usb@2184200: USB EHCI 1.00
43
scanning bus usb@2184000 for devices... 1 USB Device(s) found
44
scanning bus usb@2184200 for devices... 1 USB Device(s) found
45
scanning usb for storage devices... 0 Storage Device(s) found
46
scanning usb for ethernet devices... 0 Ethernet Device(s) found
47
Hit any key to stop autoboot: 0
48
=>
49
50
Signed-off-by: Bin Meng <bin.meng@windriver.com>
51
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
52
Message-id: 20210106063504.10841-2-bmeng.cn@gmail.com
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
53
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
54
---
15
hw/char/xilinx_uartlite.c | 5 +++--
55
hw/misc/imx6_ccm.c | 2 +-
16
1 file changed, 3 insertions(+), 2 deletions(-)
56
1 file changed, 1 insertion(+), 1 deletion(-)
17
57
18
diff --git a/hw/char/xilinx_uartlite.c b/hw/char/xilinx_uartlite.c
58
diff --git a/hw/misc/imx6_ccm.c b/hw/misc/imx6_ccm.c
19
index XXXXXXX..XXXXXXX 100644
59
index XXXXXXX..XXXXXXX 100644
20
--- a/hw/char/xilinx_uartlite.c
60
--- a/hw/misc/imx6_ccm.c
21
+++ b/hw/char/xilinx_uartlite.c
61
+++ b/hw/misc/imx6_ccm.c
22
@@ -XXX,XX +XXX,XX @@
62
@@ -XXX,XX +XXX,XX @@ static void imx6_ccm_reset(DeviceState *dev)
23
*/
63
s->analog[PMU_REG_3P0] = 0x00000F74;
24
64
s->analog[PMU_REG_2P5] = 0x00005071;
25
#include "qemu/osdep.h"
65
s->analog[PMU_REG_CORE] = 0x00402010;
26
-#include "hw/hw.h"
66
- s->analog[PMU_MISC0] = 0x04000000;
27
+#include "qemu/log.h"
67
+ s->analog[PMU_MISC0] = 0x04000080;
28
#include "hw/irq.h"
68
s->analog[PMU_MISC1] = 0x00000000;
29
#include "hw/qdev-properties.h"
69
s->analog[PMU_MISC2] = 0x00272727;
30
#include "hw/sysbus.h"
70
31
@@ -XXX,XX +XXX,XX @@ uart_write(void *opaque, hwaddr addr,
32
switch (addr)
33
{
34
case R_STATUS:
35
- hw_error("write to UART STATUS?\n");
36
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: write to UART STATUS\n",
37
+ __func__);
38
break;
39
40
case R_CTRL:
41
--
71
--
42
2.20.1
72
2.20.1
43
73
44
74
diff view generated by jsdifflib
1
From: Guenter Roeck <linux@roeck-us.net>
1
From: Bin Meng <bin.meng@windriver.com>
2
2
3
i.MX7 supports watchdog pretimeout interupts. With this commit,
3
Currently when U-Boot boots, it prints "??" for i.MX processor:
4
the watchdog in mcimx7d-sabre is fully operational, including
5
pretimeout support.
6
4
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
5
CPU: Freescale i.MX?? rev1.0 at 792 MHz
8
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
6
9
Message-id: 20200517162135.110364-9-linux@roeck-us.net
7
The register that was used to determine the silicon type is
8
undocumented in the latest IMX6DQRM (Rev. 6, 05/2020), but we
9
can refer to get_cpu_rev() in arch/arm/mach-imx/mx6/soc.c in
10
the U-Boot source codes that USB_ANALOG_DIGPROG is used.
11
12
Update its reset value to indicate i.MX6Q.
13
14
Signed-off-by: Bin Meng <bin.meng@windriver.com>
15
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
16
Message-id: 20210106063504.10841-3-bmeng.cn@gmail.com
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
18
---
12
include/hw/arm/fsl-imx7.h | 5 +++++
19
hw/misc/imx6_ccm.c | 2 +-
13
hw/arm/fsl-imx7.c | 11 +++++++++++
20
1 file changed, 1 insertion(+), 1 deletion(-)
14
2 files changed, 16 insertions(+)
15
21
16
diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h
22
diff --git a/hw/misc/imx6_ccm.c b/hw/misc/imx6_ccm.c
17
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/arm/fsl-imx7.h
24
--- a/hw/misc/imx6_ccm.c
19
+++ b/include/hw/arm/fsl-imx7.h
25
+++ b/hw/misc/imx6_ccm.c
20
@@ -XXX,XX +XXX,XX @@ enum FslIMX7IRQs {
26
@@ -XXX,XX +XXX,XX @@ static void imx6_ccm_reset(DeviceState *dev)
21
FSL_IMX7_USB2_IRQ = 42,
27
s->analog[USB_ANALOG_USB2_VBUS_DETECT] = 0x00000004;
22
FSL_IMX7_USB3_IRQ = 40,
28
s->analog[USB_ANALOG_USB2_CHRG_DETECT] = 0x00000000;
23
29
s->analog[USB_ANALOG_USB2_MISC] = 0x00000002;
24
+ FSL_IMX7_WDOG1_IRQ = 78,
30
- s->analog[USB_ANALOG_DIGPROG] = 0x00000000;
25
+ FSL_IMX7_WDOG2_IRQ = 79,
31
+ s->analog[USB_ANALOG_DIGPROG] = 0x00630000;
26
+ FSL_IMX7_WDOG3_IRQ = 10,
32
27
+ FSL_IMX7_WDOG4_IRQ = 109,
33
/* all PLLs need to be locked */
28
+
34
s->analog[CCM_ANALOG_PLL_ARM] |= CCM_ANALOG_PLL_LOCK;
29
FSL_IMX7_PCI_INTA_IRQ = 125,
30
FSL_IMX7_PCI_INTB_IRQ = 124,
31
FSL_IMX7_PCI_INTC_IRQ = 123,
32
diff --git a/hw/arm/fsl-imx7.c b/hw/arm/fsl-imx7.c
33
index XXXXXXX..XXXXXXX 100644
34
--- a/hw/arm/fsl-imx7.c
35
+++ b/hw/arm/fsl-imx7.c
36
@@ -XXX,XX +XXX,XX @@ static void fsl_imx7_realize(DeviceState *dev, Error **errp)
37
FSL_IMX7_WDOG3_ADDR,
38
FSL_IMX7_WDOG4_ADDR,
39
};
40
+ static const int FSL_IMX7_WDOGn_IRQ[FSL_IMX7_NUM_WDTS] = {
41
+ FSL_IMX7_WDOG1_IRQ,
42
+ FSL_IMX7_WDOG2_IRQ,
43
+ FSL_IMX7_WDOG3_IRQ,
44
+ FSL_IMX7_WDOG4_IRQ,
45
+ };
46
47
+ object_property_set_bool(OBJECT(&s->wdt[i]), true, "pretimeout-support",
48
+ &error_abort);
49
object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized",
50
&error_abort);
51
52
sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt[i]), 0, FSL_IMX7_WDOGn_ADDR[i]);
53
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt[i]), 0,
54
+ qdev_get_gpio_in(DEVICE(&s->a7mpcore),
55
+ FSL_IMX7_WDOGn_IRQ[i]));
56
}
57
58
/*
59
--
35
--
60
2.20.1
36
2.20.1
61
37
62
38
diff view generated by jsdifflib
1
From: Guenter Roeck <linux@roeck-us.net>
1
From: Bin Meng <bin.meng@windriver.com>
2
2
3
Instantiating PWM, CAN, CAAM, and OCOTP devices is necessary to avoid
3
At present, when booting U-Boot on QEMU sabrelite, we see:
4
crashes when booting mainline Linux.
5
4
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
5
Net: Board Net Initialization Failed
7
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
6
No ethernet found.
8
Message-id: 20200517162135.110364-8-linux@roeck-us.net
7
8
U-Boot scans PHY at address 4/5/6/7 (see board_eth_init() in the
9
U-Boot source: board/boundary/nitrogen6x/nitrogen6x.c). On the real
10
board, the Ethernet PHY is at address 6. Adjust this by updating the
11
"fec-phy-num" property of the fsl_imx6 SoC object.
12
13
With this change, U-Boot sees the PHY but complains MAC address:
14
15
Net: using phy at 6
16
FEC [PRIME]
17
Error: FEC address not set.
18
19
This is due to U-Boot tries to read the MAC address from the fuse,
20
which QEMU does not have any valid content filled in. However this
21
does not prevent the Ethernet from working in QEMU. We just need to
22
set up the MAC address later in the U-Boot command shell, by:
23
24
=> setenv ethaddr 00:11:22:33:44:55
25
26
Signed-off-by: Bin Meng <bin.meng@windriver.com>
27
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
28
Message-id: 20210106063504.10841-4-bmeng.cn@gmail.com
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
29
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
30
---
11
include/hw/arm/fsl-imx7.h | 16 ++++++++++++++++
31
hw/arm/sabrelite.c | 4 ++++
12
hw/arm/fsl-imx7.c | 24 ++++++++++++++++++++++++
32
1 file changed, 4 insertions(+)
13
2 files changed, 40 insertions(+)
14
33
15
diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h
34
diff --git a/hw/arm/sabrelite.c b/hw/arm/sabrelite.c
16
index XXXXXXX..XXXXXXX 100644
35
index XXXXXXX..XXXXXXX 100644
17
--- a/include/hw/arm/fsl-imx7.h
36
--- a/hw/arm/sabrelite.c
18
+++ b/include/hw/arm/fsl-imx7.h
37
+++ b/hw/arm/sabrelite.c
19
@@ -XXX,XX +XXX,XX @@ enum FslIMX7MemoryMap {
38
@@ -XXX,XX +XXX,XX @@ static void sabrelite_init(MachineState *machine)
20
FSL_IMX7_IOMUXC_GPR_ADDR = 0x30340000,
39
21
FSL_IMX7_IOMUXCn_SIZE = 0x1000,
40
s = FSL_IMX6(object_new(TYPE_FSL_IMX6));
22
41
object_property_add_child(OBJECT(machine), "soc", OBJECT(s));
23
+ FSL_IMX7_OCOTP_ADDR = 0x30350000,
24
+ FSL_IMX7_OCOTP_SIZE = 0x10000,
25
+
42
+
26
FSL_IMX7_ANALOG_ADDR = 0x30360000,
43
+ /* Ethernet PHY address is 6 */
27
FSL_IMX7_SNVS_ADDR = 0x30370000,
44
+ object_property_set_int(OBJECT(s), "fec-phy-num", 6, &error_fatal);
28
FSL_IMX7_CCM_ADDR = 0x30380000,
29
@@ -XXX,XX +XXX,XX @@ enum FslIMX7MemoryMap {
30
FSL_IMX7_ADC2_ADDR = 0x30620000,
31
FSL_IMX7_ADCn_SIZE = 0x1000,
32
33
+ FSL_IMX7_PWM1_ADDR = 0x30660000,
34
+ FSL_IMX7_PWM2_ADDR = 0x30670000,
35
+ FSL_IMX7_PWM3_ADDR = 0x30680000,
36
+ FSL_IMX7_PWM4_ADDR = 0x30690000,
37
+ FSL_IMX7_PWMn_SIZE = 0x10000,
38
+
45
+
39
FSL_IMX7_PCIE_PHY_ADDR = 0x306D0000,
46
qdev_realize(DEVICE(s), NULL, &error_fatal);
40
FSL_IMX7_PCIE_PHY_SIZE = 0x10000,
47
41
48
memory_region_add_subregion(get_system_memory(), FSL_IMX6_MMDC_ADDR,
42
FSL_IMX7_GPC_ADDR = 0x303A0000,
43
44
+ FSL_IMX7_CAAM_ADDR = 0x30900000,
45
+ FSL_IMX7_CAAM_SIZE = 0x40000,
46
+
47
+ FSL_IMX7_CAN1_ADDR = 0x30A00000,
48
+ FSL_IMX7_CAN2_ADDR = 0x30A10000,
49
+ FSL_IMX7_CANn_SIZE = 0x10000,
50
+
51
FSL_IMX7_I2C1_ADDR = 0x30A20000,
52
FSL_IMX7_I2C2_ADDR = 0x30A30000,
53
FSL_IMX7_I2C3_ADDR = 0x30A40000,
54
diff --git a/hw/arm/fsl-imx7.c b/hw/arm/fsl-imx7.c
55
index XXXXXXX..XXXXXXX 100644
56
--- a/hw/arm/fsl-imx7.c
57
+++ b/hw/arm/fsl-imx7.c
58
@@ -XXX,XX +XXX,XX @@ static void fsl_imx7_realize(DeviceState *dev, Error **errp)
59
*/
60
create_unimplemented_device("sdma", FSL_IMX7_SDMA_ADDR, FSL_IMX7_SDMA_SIZE);
61
62
+ /*
63
+ * CAAM
64
+ */
65
+ create_unimplemented_device("caam", FSL_IMX7_CAAM_ADDR, FSL_IMX7_CAAM_SIZE);
66
+
67
+ /*
68
+ * PWM
69
+ */
70
+ create_unimplemented_device("pwm1", FSL_IMX7_PWM1_ADDR, FSL_IMX7_PWMn_SIZE);
71
+ create_unimplemented_device("pwm2", FSL_IMX7_PWM2_ADDR, FSL_IMX7_PWMn_SIZE);
72
+ create_unimplemented_device("pwm3", FSL_IMX7_PWM3_ADDR, FSL_IMX7_PWMn_SIZE);
73
+ create_unimplemented_device("pwm4", FSL_IMX7_PWM4_ADDR, FSL_IMX7_PWMn_SIZE);
74
+
75
+ /*
76
+ * CAN
77
+ */
78
+ create_unimplemented_device("can1", FSL_IMX7_CAN1_ADDR, FSL_IMX7_CANn_SIZE);
79
+ create_unimplemented_device("can2", FSL_IMX7_CAN2_ADDR, FSL_IMX7_CANn_SIZE);
80
+
81
+ /*
82
+ * OCOTP
83
+ */
84
+ create_unimplemented_device("ocotp", FSL_IMX7_OCOTP_ADDR,
85
+ FSL_IMX7_OCOTP_SIZE);
86
87
object_property_set_bool(OBJECT(&s->gpr), true, "realized",
88
&error_abort);
89
--
49
--
90
2.20.1
50
2.20.1
91
51
92
52
diff view generated by jsdifflib
1
Add basic documentation of the MPS2 board models.
1
From: Bin Meng <bin.meng@windriver.com>
2
2
3
This adds the target guide for SABRE Lite board, and documents how
4
to boot a Linux kernel and U-Boot bootloader.
5
6
Signed-off-by: Bin Meng <bin.meng@windriver.com>
7
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
8
Message-id: 20210106063504.10841-5-bmeng.cn@gmail.com
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
5
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
7
Message-id: 20200507151819.28444-5-peter.maydell@linaro.org
8
---
10
---
9
docs/system/arm/mps2.rst | 29 +++++++++++++++++++++++++++++
11
docs/system/arm/sabrelite.rst | 119 ++++++++++++++++++++++++++++++++++
10
docs/system/target-arm.rst | 1 +
12
docs/system/target-arm.rst | 1 +
11
MAINTAINERS | 1 +
13
2 files changed, 120 insertions(+)
12
3 files changed, 31 insertions(+)
14
create mode 100644 docs/system/arm/sabrelite.rst
13
create mode 100644 docs/system/arm/mps2.rst
14
15
15
diff --git a/docs/system/arm/mps2.rst b/docs/system/arm/mps2.rst
16
diff --git a/docs/system/arm/sabrelite.rst b/docs/system/arm/sabrelite.rst
16
new file mode 100644
17
new file mode 100644
17
index XXXXXXX..XXXXXXX
18
index XXXXXXX..XXXXXXX
18
--- /dev/null
19
--- /dev/null
19
+++ b/docs/system/arm/mps2.rst
20
+++ b/docs/system/arm/sabrelite.rst
20
@@ -XXX,XX +XXX,XX @@
21
@@ -XXX,XX +XXX,XX @@
21
+Arm MPS2 boards (``mps2-an385``, ``mps2-an505``, ``mps2-an511``, ``mps2-an521``)
22
+Boundary Devices SABRE Lite (``sabrelite``)
22
+================================================================================
23
+===========================================
23
+
24
+
24
+These board models all use Arm M-profile CPUs.
25
+Boundary Devices SABRE Lite i.MX6 Development Board is a low-cost development
26
+platform featuring the powerful Freescale / NXP Semiconductor's i.MX 6 Quad
27
+Applications Processor.
25
+
28
+
26
+The Arm MPS2 and MPS2+ dev boards are FPGA based (the 2+ has a bigger
29
+Supported devices
27
+FPGA but is otherwise the same as the 2). Since the CPU itself
30
+-----------------
28
+and most of the devices are in the FPGA, the details of the board
29
+as seen by the guest depend significantly on the FPGA image.
30
+
31
+
31
+QEMU models the following FPGA images:
32
+The SABRE Lite machine supports the following devices:
32
+
33
+
33
+``mps2-an385``
34
+ * Up to 4 Cortex A9 cores
34
+ Cortex-M3 as documented in ARM Application Note AN385
35
+ * Generic Interrupt Controller
35
+``mps2-an511``
36
+ * 1 Clock Controller Module
36
+ Cortex-M3 'DesignStart' as documented in AN511
37
+ * 1 System Reset Controller
37
+``mps2-an505``
38
+ * 5 UARTs
38
+ Cortex-M33 as documented in ARM Application Note AN505
39
+ * 2 EPIC timers
39
+``mps2-an521``
40
+ * 1 GPT timer
40
+ Dual Cortex-M33 as documented in Application Note AN521
41
+ * 2 Watchdog timers
42
+ * 1 FEC Ethernet controller
43
+ * 3 I2C controllers
44
+ * 7 GPIO controllers
45
+ * 4 SDHC storage controllers
46
+ * 4 USB 2.0 host controllers
47
+ * 5 ECSPI controllers
48
+ * 1 SST 25VF016B flash
41
+
49
+
42
+Differences between QEMU and real hardware:
50
+Please note above list is a complete superset the QEMU SABRE Lite machine can
51
+support. For a normal use case, a device tree blob that represents a real world
52
+SABRE Lite board, only exposes a subset of devices to the guest software.
43
+
53
+
44
+- AN385 remapping of low 16K of memory to either ZBT SSRAM1 or to
54
+Boot options
45
+ block RAM is unimplemented (QEMU always maps this to ZBT SSRAM1, as
55
+------------
46
+ if zbt_boot_ctrl is always zero)
56
+
47
+- QEMU provides a LAN9118 ethernet rather than LAN9220; the only guest
57
+The SABRE Lite machine can start using the standard -kernel functionality
48
+ visible difference is that the LAN9118 doesn't support checksum
58
+for loading a Linux kernel, U-Boot bootloader or ELF executable.
49
+ offloading
59
+
60
+Running Linux kernel
61
+--------------------
62
+
63
+Linux mainline v5.10 release is tested at the time of writing. To build a Linux
64
+mainline kernel that can be booted by the SABRE Lite machine, simply configure
65
+the kernel using the imx_v6_v7_defconfig configuration:
66
+
67
+.. code-block:: bash
68
+
69
+ $ export ARCH=arm
70
+ $ export CROSS_COMPILE=arm-linux-gnueabihf-
71
+ $ make imx_v6_v7_defconfig
72
+ $ make
73
+
74
+To boot the newly built Linux kernel in QEMU with the SABRE Lite machine, use:
75
+
76
+.. code-block:: bash
77
+
78
+ $ qemu-system-arm -M sabrelite -smp 4 -m 1G \
79
+ -display none -serial null -serial stdio \
80
+ -kernel arch/arm/boot/zImage \
81
+ -dtb arch/arm/boot/dts/imx6q-sabrelite.dtb \
82
+ -initrd /path/to/rootfs.ext4 \
83
+ -append "root=/dev/ram"
84
+
85
+Running U-Boot
86
+--------------
87
+
88
+U-Boot mainline v2020.10 release is tested at the time of writing. To build a
89
+U-Boot mainline bootloader that can be booted by the SABRE Lite machine, use
90
+the mx6qsabrelite_defconfig with similar commands as described above for Linux:
91
+
92
+.. code-block:: bash
93
+
94
+ $ export CROSS_COMPILE=arm-linux-gnueabihf-
95
+ $ make mx6qsabrelite_defconfig
96
+
97
+Note we need to adjust settings by:
98
+
99
+.. code-block:: bash
100
+
101
+ $ make menuconfig
102
+
103
+then manually select the following configuration in U-Boot:
104
+
105
+ Device Tree Control > Provider of DTB for DT Control > Embedded DTB
106
+
107
+To start U-Boot using the SABRE Lite machine, provide the u-boot binary to
108
+the -kernel argument, along with an SD card image with rootfs:
109
+
110
+.. code-block:: bash
111
+
112
+ $ qemu-system-arm -M sabrelite -smp 4 -m 1G \
113
+ -display none -serial null -serial stdio \
114
+ -kernel u-boot
115
+
116
+The following example shows booting Linux kernel from dhcp, and uses the
117
+rootfs on an SD card. This requires some additional command line parameters
118
+for QEMU:
119
+
120
+.. code-block:: none
121
+
122
+ -nic user,tftp=/path/to/kernel/zImage \
123
+ -drive file=sdcard.img,id=rootfs -device sd-card,drive=rootfs
124
+
125
+The directory for the built-in TFTP server should also contain the device tree
126
+blob of the SABRE Lite board. The sample SD card image was populated with the
127
+root file system with one single partition. You may adjust the kernel "root="
128
+boot parameter accordingly.
129
+
130
+After U-Boot boots, type the following commands in the U-Boot command shell to
131
+boot the Linux kernel:
132
+
133
+.. code-block:: none
134
+
135
+ => setenv ethaddr 00:11:22:33:44:55
136
+ => setenv bootfile zImage
137
+ => dhcp
138
+ => tftpboot 14000000 imx6q-sabrelite.dtb
139
+ => setenv bootargs root=/dev/mmcblk3p1
140
+ => bootz 12000000 - 14000000
50
diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst
141
diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst
51
index XXXXXXX..XXXXXXX 100644
142
index XXXXXXX..XXXXXXX 100644
52
--- a/docs/system/target-arm.rst
143
--- a/docs/system/target-arm.rst
53
+++ b/docs/system/target-arm.rst
144
+++ b/docs/system/target-arm.rst
54
@@ -XXX,XX +XXX,XX @@ undocumented; you can get a complete list by running
145
@@ -XXX,XX +XXX,XX @@ undocumented; you can get a complete list by running
55
:maxdepth: 1
56
57
arm/integratorcp
58
+ arm/mps2
59
arm/realview
60
arm/versatile
146
arm/versatile
61
arm/vexpress
147
arm/vexpress
62
diff --git a/MAINTAINERS b/MAINTAINERS
148
arm/aspeed
63
index XXXXXXX..XXXXXXX 100644
149
+ arm/sabrelite
64
--- a/MAINTAINERS
150
arm/digic
65
+++ b/MAINTAINERS
151
arm/musicpal
66
@@ -XXX,XX +XXX,XX @@ F: hw/misc/armsse-cpuid.c
152
arm/gumstix
67
F: include/hw/misc/armsse-cpuid.h
68
F: hw/misc/armsse-mhu.c
69
F: include/hw/misc/armsse-mhu.h
70
+F: docs/system/arm/mps2.rst
71
72
Musca
73
M: Peter Maydell <peter.maydell@linaro.org>
74
--
153
--
75
2.20.1
154
2.20.1
76
155
77
156
diff view generated by jsdifflib
Deleted patch
1
In linux-user/arm/cpu-loop.c we incorrectly treat EXCP_BKPT similarly
2
to EXCP_SWI, which means that if the guest executes a BKPT insn then
3
QEMU will perform a syscall for it (which syscall depends on what
4
value happens to be in r7...). The correct behaviour is that the
5
guest process should take a SIGTRAP.
6
1
7
This code has been like this (more or less) since commit
8
06c949e62a098f in 2006 which added BKPT in the first place. This is
9
probably because at the time the same code path was used to handle
10
both Linux syscalls and semihosting calls, and (on M profile) BKPT
11
with a suitable magic number is used for semihosting calls. But
12
these days we've moved handling of semihosting out to an entirely
13
different codepath, so we can fix this bug by simply removing this
14
handling of EXCP_BKPT and instead making it deliver a SIGTRAP like
15
EXCP_DEBUG (as we do already on aarch64).
16
17
Reported-by: <omerg681@gmail.com>
18
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
19
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
20
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
21
Message-id: 20200420212206.12776-2-peter.maydell@linaro.org
22
Fixes: https://bugs.launchpad.net/qemu/+bug/1873898
23
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
24
---
25
linux-user/arm/cpu_loop.c | 30 ++++++++----------------------
26
1 file changed, 8 insertions(+), 22 deletions(-)
27
28
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
29
index XXXXXXX..XXXXXXX 100644
30
--- a/linux-user/arm/cpu_loop.c
31
+++ b/linux-user/arm/cpu_loop.c
32
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
33
}
34
break;
35
case EXCP_SWI:
36
- case EXCP_BKPT:
37
{
38
env->eabi = 1;
39
/* system call */
40
- if (trapnr == EXCP_BKPT) {
41
- if (env->thumb) {
42
- /* FIXME - what to do if get_user() fails? */
43
- get_user_code_u16(insn, env->regs[15], env);
44
- n = insn & 0xff;
45
- env->regs[15] += 2;
46
- } else {
47
- /* FIXME - what to do if get_user() fails? */
48
- get_user_code_u32(insn, env->regs[15], env);
49
- n = (insn & 0xf) | ((insn >> 4) & 0xff0);
50
- env->regs[15] += 4;
51
- }
52
+ if (env->thumb) {
53
+ /* FIXME - what to do if get_user() fails? */
54
+ get_user_code_u16(insn, env->regs[15] - 2, env);
55
+ n = insn & 0xff;
56
} else {
57
- if (env->thumb) {
58
- /* FIXME - what to do if get_user() fails? */
59
- get_user_code_u16(insn, env->regs[15] - 2, env);
60
- n = insn & 0xff;
61
- } else {
62
- /* FIXME - what to do if get_user() fails? */
63
- get_user_code_u32(insn, env->regs[15] - 4, env);
64
- n = insn & 0xffffff;
65
- }
66
+ /* FIXME - what to do if get_user() fails? */
67
+ get_user_code_u32(insn, env->regs[15] - 4, env);
68
+ n = insn & 0xffffff;
69
}
70
71
if (n == ARM_NR_cacheflush) {
72
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
73
}
74
break;
75
case EXCP_DEBUG:
76
+ case EXCP_BKPT:
77
excp_debug:
78
info.si_signo = TARGET_SIGTRAP;
79
info.si_errno = 0;
80
--
81
2.20.1
82
83
diff view generated by jsdifflib
Deleted patch
1
We incorrectly treat SVC 0xf0002 as a cacheflush request (which is a
2
NOP for QEMU). This is the wrong syscall number, because in the
3
svc-immediate OABI syscall numbers are all offset by the
4
ARM_SYSCALL_BASE value and so the correct insn is SVC 0x9f0002.
5
(This is handled further down in the code with the other Arm-specific
6
syscalls like NR_breakpoint.)
7
1
8
When this code was initially added in commit 6f1f31c069b20611 in
9
2004, ARM_NR_cacheflush was defined as (ARM_SYSCALL_BASE + 0xf0000 + 2)
10
so the value in the comparison took account of the extra 0x900000
11
offset. In commit fbb4a2e371f2fa7 in 2008, the ARM_SYSCALL_BASE
12
was removed from the definition of ARM_NR_cacheflush and handling
13
for this group of syscalls was added below the point where we subtract
14
ARM_SYSCALL_BASE from the SVC immediate value. However that commit
15
forgot to remove the now-obsolete earlier handling code.
16
17
Remove the spurious ARM_NR_cacheflush condition.
18
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
21
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
22
Message-id: 20200420212206.12776-3-peter.maydell@linaro.org
23
---
24
linux-user/arm/cpu_loop.c | 4 +---
25
1 file changed, 1 insertion(+), 3 deletions(-)
26
27
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
28
index XXXXXXX..XXXXXXX 100644
29
--- a/linux-user/arm/cpu_loop.c
30
+++ b/linux-user/arm/cpu_loop.c
31
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
32
n = insn & 0xffffff;
33
}
34
35
- if (n == ARM_NR_cacheflush) {
36
- /* nop */
37
- } else if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
38
+ if (n == 0 || n >= ARM_SYSCALL_BASE || env->thumb) {
39
/* linux syscall */
40
if (env->thumb || n == 0) {
41
n = env->regs[7];
42
--
43
2.20.1
44
45
diff view generated by jsdifflib
Deleted patch
1
The kernel has different handling for syscalls with invalid
2
numbers that are in the "arm-specific" range 0x9f0000 and up:
3
* 0x9f0000..0x9f07ff return -ENOSYS if not implemented
4
* other out of range syscalls cause a SIGILL
5
(see the kernel's arch/arm/kernel/traps.c:arm_syscall())
6
1
7
Implement this distinction. (Note that our code doesn't look
8
quite like the kernel's, because we have removed the
9
0x900000 prefix by this point, whereas the kernel retains
10
it in arm_syscall().)
11
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
14
Message-id: 20200420212206.12776-4-peter.maydell@linaro.org
15
---
16
linux-user/arm/cpu_loop.c | 30 ++++++++++++++++++++++++++----
17
1 file changed, 26 insertions(+), 4 deletions(-)
18
19
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/linux-user/arm/cpu_loop.c
22
+++ b/linux-user/arm/cpu_loop.c
23
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
24
env->regs[0] = cpu_get_tls(env);
25
break;
26
default:
27
- qemu_log_mask(LOG_UNIMP,
28
- "qemu: Unsupported ARM syscall: 0x%x\n",
29
- n);
30
- env->regs[0] = -TARGET_ENOSYS;
31
+ if (n < 0xf0800) {
32
+ /*
33
+ * Syscalls 0xf0000..0xf07ff (or 0x9f0000..
34
+ * 0x9f07ff in OABI numbering) are defined
35
+ * to return -ENOSYS rather than raising
36
+ * SIGILL. Note that we have already
37
+ * removed the 0x900000 prefix.
38
+ */
39
+ qemu_log_mask(LOG_UNIMP,
40
+ "qemu: Unsupported ARM syscall: 0x%x\n",
41
+ n);
42
+ env->regs[0] = -TARGET_ENOSYS;
43
+ } else {
44
+ /* Otherwise SIGILL */
45
+ info.si_signo = TARGET_SIGILL;
46
+ info.si_errno = 0;
47
+ info.si_code = TARGET_ILL_ILLTRP;
48
+ info._sifields._sigfault._addr = env->regs[15];
49
+ if (env->thumb) {
50
+ info._sifields._sigfault._addr -= 2;
51
+ } else {
52
+ info._sifields._sigfault._addr -= 4;
53
+ }
54
+ queue_signal(env, info.si_signo,
55
+ QEMU_SI_FAULT, &info);
56
+ }
57
break;
58
}
59
} else {
60
--
61
2.20.1
62
63
diff view generated by jsdifflib
Deleted patch
1
From: Guenter Roeck <linux@roeck-us.net>
2
1
3
In preparation for a full implementation, move i.MX watchdog driver
4
from hw/misc to hw/watchdog. While at it, add the watchdog files
5
to MAINTAINERS.
6
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
8
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
9
Message-id: 20200517162135.110364-2-linux@roeck-us.net
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
include/hw/arm/fsl-imx6.h | 2 +-
13
include/hw/arm/fsl-imx6ul.h | 2 +-
14
include/hw/arm/fsl-imx7.h | 2 +-
15
include/hw/{misc/imx2_wdt.h => watchdog/wdt_imx2.h} | 0
16
hw/{misc/imx2_wdt.c => watchdog/wdt_imx2.c} | 2 +-
17
MAINTAINERS | 2 ++
18
hw/arm/Kconfig | 3 +++
19
hw/misc/Makefile.objs | 1 -
20
hw/watchdog/Kconfig | 3 +++
21
hw/watchdog/Makefile.objs | 1 +
22
10 files changed, 13 insertions(+), 5 deletions(-)
23
rename include/hw/{misc/imx2_wdt.h => watchdog/wdt_imx2.h} (100%)
24
rename hw/{misc/imx2_wdt.c => watchdog/wdt_imx2.c} (98%)
25
26
diff --git a/include/hw/arm/fsl-imx6.h b/include/hw/arm/fsl-imx6.h
27
index XXXXXXX..XXXXXXX 100644
28
--- a/include/hw/arm/fsl-imx6.h
29
+++ b/include/hw/arm/fsl-imx6.h
30
@@ -XXX,XX +XXX,XX @@
31
#include "hw/cpu/a9mpcore.h"
32
#include "hw/misc/imx6_ccm.h"
33
#include "hw/misc/imx6_src.h"
34
-#include "hw/misc/imx2_wdt.h"
35
+#include "hw/watchdog/wdt_imx2.h"
36
#include "hw/char/imx_serial.h"
37
#include "hw/timer/imx_gpt.h"
38
#include "hw/timer/imx_epit.h"
39
diff --git a/include/hw/arm/fsl-imx6ul.h b/include/hw/arm/fsl-imx6ul.h
40
index XXXXXXX..XXXXXXX 100644
41
--- a/include/hw/arm/fsl-imx6ul.h
42
+++ b/include/hw/arm/fsl-imx6ul.h
43
@@ -XXX,XX +XXX,XX @@
44
#include "hw/misc/imx7_snvs.h"
45
#include "hw/misc/imx7_gpr.h"
46
#include "hw/intc/imx_gpcv2.h"
47
-#include "hw/misc/imx2_wdt.h"
48
+#include "hw/watchdog/wdt_imx2.h"
49
#include "hw/gpio/imx_gpio.h"
50
#include "hw/char/imx_serial.h"
51
#include "hw/timer/imx_gpt.h"
52
diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h
53
index XXXXXXX..XXXXXXX 100644
54
--- a/include/hw/arm/fsl-imx7.h
55
+++ b/include/hw/arm/fsl-imx7.h
56
@@ -XXX,XX +XXX,XX @@
57
#include "hw/misc/imx7_snvs.h"
58
#include "hw/misc/imx7_gpr.h"
59
#include "hw/misc/imx6_src.h"
60
-#include "hw/misc/imx2_wdt.h"
61
+#include "hw/watchdog/wdt_imx2.h"
62
#include "hw/gpio/imx_gpio.h"
63
#include "hw/char/imx_serial.h"
64
#include "hw/timer/imx_gpt.h"
65
diff --git a/include/hw/misc/imx2_wdt.h b/include/hw/watchdog/wdt_imx2.h
66
similarity index 100%
67
rename from include/hw/misc/imx2_wdt.h
68
rename to include/hw/watchdog/wdt_imx2.h
69
diff --git a/hw/misc/imx2_wdt.c b/hw/watchdog/wdt_imx2.c
70
similarity index 98%
71
rename from hw/misc/imx2_wdt.c
72
rename to hw/watchdog/wdt_imx2.c
73
index XXXXXXX..XXXXXXX 100644
74
--- a/hw/misc/imx2_wdt.c
75
+++ b/hw/watchdog/wdt_imx2.c
76
@@ -XXX,XX +XXX,XX @@
77
#include "qemu/module.h"
78
#include "sysemu/watchdog.h"
79
80
-#include "hw/misc/imx2_wdt.h"
81
+#include "hw/watchdog/wdt_imx2.h"
82
83
#define IMX2_WDT_WCR_WDA BIT(5) /* -> External Reset WDOG_B */
84
#define IMX2_WDT_WCR_SRS BIT(4) /* -> Software Reset Signal */
85
diff --git a/MAINTAINERS b/MAINTAINERS
86
index XXXXXXX..XXXXXXX 100644
87
--- a/MAINTAINERS
88
+++ b/MAINTAINERS
89
@@ -XXX,XX +XXX,XX @@ S: Odd Fixes
90
F: hw/arm/fsl-imx25.c
91
F: hw/arm/imx25_pdk.c
92
F: hw/misc/imx25_ccm.c
93
+F: hw/watchdog/wdt_imx2.c
94
F: include/hw/arm/fsl-imx25.h
95
F: include/hw/misc/imx25_ccm.h
96
+F: include/hw/watchdog/wdt_imx2.h
97
98
i.MX31 (kzm)
99
M: Peter Chubb <peter.chubb@nicta.com.au>
100
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
101
index XXXXXXX..XXXXXXX 100644
102
--- a/hw/arm/Kconfig
103
+++ b/hw/arm/Kconfig
104
@@ -XXX,XX +XXX,XX @@ config FSL_IMX6
105
select IMX_FEC
106
select IMX_I2C
107
select IMX_USBPHY
108
+ select WDT_IMX2
109
select SDHCI
110
111
config ASPEED_SOC
112
@@ -XXX,XX +XXX,XX @@ config FSL_IMX7
113
select IMX
114
select IMX_FEC
115
select IMX_I2C
116
+ select WDT_IMX2
117
select PCI_EXPRESS_DESIGNWARE
118
select SDHCI
119
select UNIMP
120
@@ -XXX,XX +XXX,XX @@ config FSL_IMX6UL
121
select IMX
122
select IMX_FEC
123
select IMX_I2C
124
+ select WDT_IMX2
125
select SDHCI
126
select UNIMP
127
128
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
129
index XXXXXXX..XXXXXXX 100644
130
--- a/hw/misc/Makefile.objs
131
+++ b/hw/misc/Makefile.objs
132
@@ -XXX,XX +XXX,XX @@ common-obj-$(CONFIG_IMX) += imx6_ccm.o
133
common-obj-$(CONFIG_IMX) += imx6ul_ccm.o
134
obj-$(CONFIG_IMX) += imx6_src.o
135
common-obj-$(CONFIG_IMX) += imx7_ccm.o
136
-common-obj-$(CONFIG_IMX) += imx2_wdt.o
137
common-obj-$(CONFIG_IMX) += imx7_snvs.o
138
common-obj-$(CONFIG_IMX) += imx7_gpr.o
139
common-obj-$(CONFIG_IMX) += imx_rngc.o
140
diff --git a/hw/watchdog/Kconfig b/hw/watchdog/Kconfig
141
index XXXXXXX..XXXXXXX 100644
142
--- a/hw/watchdog/Kconfig
143
+++ b/hw/watchdog/Kconfig
144
@@ -XXX,XX +XXX,XX @@ config WDT_IB700
145
146
config WDT_DIAG288
147
bool
148
+
149
+config WDT_IMX2
150
+ bool
151
diff --git a/hw/watchdog/Makefile.objs b/hw/watchdog/Makefile.objs
152
index XXXXXXX..XXXXXXX 100644
153
--- a/hw/watchdog/Makefile.objs
154
+++ b/hw/watchdog/Makefile.objs
155
@@ -XXX,XX +XXX,XX @@ common-obj-$(CONFIG_WDT_IB6300ESB) += wdt_i6300esb.o
156
common-obj-$(CONFIG_WDT_IB700) += wdt_ib700.o
157
common-obj-$(CONFIG_WDT_DIAG288) += wdt_diag288.o
158
common-obj-$(CONFIG_ASPEED_SOC) += wdt_aspeed.o
159
+common-obj-$(CONFIG_WDT_IMX2) += wdt_imx2.o
160
--
161
2.20.1
162
163
diff view generated by jsdifflib
Deleted patch
1
From: Guenter Roeck <linux@roeck-us.net>
2
1
3
With this commit, the watchdog on mcimx6ul-evk is fully operational,
4
including pretimeout support.
5
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
8
Message-id: 20200517162135.110364-7-linux@roeck-us.net
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
hw/arm/fsl-imx6ul.c | 10 ++++++++++
12
1 file changed, 10 insertions(+)
13
14
diff --git a/hw/arm/fsl-imx6ul.c b/hw/arm/fsl-imx6ul.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/arm/fsl-imx6ul.c
17
+++ b/hw/arm/fsl-imx6ul.c
18
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_realize(DeviceState *dev, Error **errp)
19
FSL_IMX6UL_WDOG2_ADDR,
20
FSL_IMX6UL_WDOG3_ADDR,
21
};
22
+ static const int FSL_IMX6UL_WDOGn_IRQ[FSL_IMX6UL_NUM_WDTS] = {
23
+ FSL_IMX6UL_WDOG1_IRQ,
24
+ FSL_IMX6UL_WDOG2_IRQ,
25
+ FSL_IMX6UL_WDOG3_IRQ,
26
+ };
27
28
+ object_property_set_bool(OBJECT(&s->wdt[i]), true, "pretimeout-support",
29
+ &error_abort);
30
object_property_set_bool(OBJECT(&s->wdt[i]), true, "realized",
31
&error_abort);
32
33
sysbus_mmio_map(SYS_BUS_DEVICE(&s->wdt[i]), 0,
34
FSL_IMX6UL_WDOGn_ADDR[i]);
35
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->wdt[i]), 0,
36
+ qdev_get_gpio_in(DEVICE(&s->a7mpcore),
37
+ FSL_IMX6UL_WDOGn_IRQ[i]));
38
}
39
40
/*
41
--
42
2.20.1
43
44
diff view generated by jsdifflib