[PULL 0/7] target-arm queue
[PULL 00/14] target-arm queue
1
Just some bugfixes this time around.
1
arm pullreq for rc1. All minor bugfixes, except for the sve-default-vector-length
2
patches, which are somewhere between a bugfix and a new feature.
2
3
4
thanks
3
-- PMM
5
-- PMM
4
6
5
The following changes since commit 4215d3413272ad6d1c6c9d0234450b602e46a74c:
7
The following changes since commit c08ccd1b53f488ac86c1f65cf7623dc91acc249a:
6
8
7
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.1-20200727' into staging (2020-07-27 09:33:04 +0100)
9
Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210726' into staging (2021-07-27 08:35:01 +0100)
8
10
9
are available in the Git repository at:
11
are available in the Git repository at:
10
12
11
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200727
13
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210727
12
14
13
for you to fetch changes up to d4f6dda182e19afa75706936805e18397cb95f07:
15
for you to fetch changes up to e229a179a503f2aee43a76888cf12fbdfe8a3749:
14
16
15
target/arm: Improve IMPDEF algorithm for IRG (2020-07-27 16:12:11 +0100)
17
hw: aspeed_gpio: Fix memory size (2021-07-27 11:00:00 +0100)
16
18
17
----------------------------------------------------------------
19
----------------------------------------------------------------
18
target-arm queue:
20
target-arm queue:
19
* ACPI: Assert that we don't run out of the preallocated memory
21
* hw/arm/smmuv3: Check 31st bit to see if CD is valid
20
* hw/misc/aspeed_sdmc: Fix incorrect memory size
22
* qemu-options.hx: Fix formatting of -machine memory-backend option
21
* target/arm: Always pass cacheattr in S1_ptw_translate
23
* hw: aspeed_gpio: Fix memory size
22
* docs/system/arm/virt: Document 'mte' machine option
24
* hw/arm/nseries: Display hexadecimal value with '0x' prefix
23
* hw/arm/boot: Fix PAUTH, MTE for EL3 direct kernel boot
25
* Add sve-default-vector-length cpu property
24
* target/arm: Improve IMPDEF algorithm for IRG
26
* docs: Update path that mentions deprecated.rst
27
* hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS
28
* hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING
29
* hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts
30
* target/arm: Report M-profile alignment faults correctly to the guest
31
* target/arm: Add missing 'return's after calling v7m_exception_taken()
32
* target/arm: Enforce that M-profile SP low 2 bits are always zero
25
33
26
----------------------------------------------------------------
34
----------------------------------------------------------------
27
Dongjiu Geng (1):
35
Joe Komlodi (1):
28
ACPI: Assert that we don't run out of the preallocated memory
36
hw/arm/smmuv3: Check 31st bit to see if CD is valid
29
37
30
Peter Maydell (1):
38
Joel Stanley (1):
31
docs/system/arm/virt: Document 'mte' machine option
39
hw: aspeed_gpio: Fix memory size
40
41
Mao Zhongyi (1):
42
docs: Update path that mentions deprecated.rst
43
44
Peter Maydell (7):
45
qemu-options.hx: Fix formatting of -machine memory-backend option
46
target/arm: Enforce that M-profile SP low 2 bits are always zero
47
target/arm: Add missing 'return's after calling v7m_exception_taken()
48
target/arm: Report M-profile alignment faults correctly to the guest
49
hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts
50
hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING
51
hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS
32
52
33
Philippe Mathieu-Daudé (1):
53
Philippe Mathieu-Daudé (1):
34
hw/misc/aspeed_sdmc: Fix incorrect memory size
54
hw/arm/nseries: Display hexadecimal value with '0x' prefix
35
55
36
Richard Henderson (4):
56
Richard Henderson (3):
37
target/arm: Always pass cacheattr in S1_ptw_translate
57
target/arm: Correctly bound length in sve_zcr_get_valid_len
38
hw/arm/boot: Fix PAUTH for EL3 direct kernel boot
58
target/arm: Export aarch64_sve_zcr_get_valid_len
39
hw/arm/boot: Fix MTE for EL3 direct kernel boot
59
target/arm: Add sve-default-vector-length cpu property
40
target/arm: Improve IMPDEF algorithm for IRG
41
60
42
docs/system/arm/virt.rst | 4 ++++
61
docs/system/arm/cpu-features.rst | 15 ++++++++++
43
hw/acpi/ghes.c | 12 ++++--------
62
configure | 2 +-
44
hw/arm/boot.c | 6 ++++++
63
hw/arm/smmuv3-internal.h | 2 +-
45
hw/misc/aspeed_sdmc.c | 7 ++++---
64
target/arm/cpu.h | 5 ++++
46
target/arm/helper.c | 19 ++++++-------------
65
target/arm/internals.h | 10 +++++++
47
target/arm/mte_helper.c | 37 ++++++++++++++++++++++++++++++-------
66
hw/arm/nseries.c | 2 +-
48
6 files changed, 54 insertions(+), 31 deletions(-)
67
hw/gpio/aspeed_gpio.c | 3 +-
68
hw/intc/armv7m_nvic.c | 40 +++++++++++++++++++--------
69
target/arm/cpu.c | 14 ++++++++--
70
target/arm/cpu64.c | 60 ++++++++++++++++++++++++++++++++++++++++
71
target/arm/gdbstub.c | 4 +++
72
target/arm/helper.c | 8 ++++--
73
target/arm/m_helper.c | 24 ++++++++++++----
74
target/arm/translate.c | 3 ++
75
target/i386/cpu.c | 2 +-
76
MAINTAINERS | 2 +-
77
qemu-options.hx | 30 +++++++++++---------
78
17 files changed, 183 insertions(+), 43 deletions(-)
49
79
diff view generated by jsdifflib
[PULL 6/7] hw/arm/boot: Fix MTE for EL3 direct kernel boot
[PULL 01/14] hw/arm/smmuv3: Check 31st bit to see if CD is valid
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Joe Komlodi <joe.komlodi@xilinx.com>
2
2
3
When booting an EL3 cpu with -kernel, we set up EL3 and then
3
The bit to see if a CD is valid is the last bit of the first word of the CD.
4
drop down to EL2. We need to enable access to v8.5-MemTag
5
tag allocation at EL3 before doing so.
6
4
7
Reported-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Joe Komlodi <joe.komlodi@xilinx.com>
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Message-id: 1626728232-134665-2-git-send-email-joe.komlodi@xilinx.com
9
Message-id: 20200724163853.504655-3-richard.henderson@linaro.org
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
9
---
13
hw/arm/boot.c | 3 +++
10
hw/arm/smmuv3-internal.h | 2 +-
14
1 file changed, 3 insertions(+)
11
1 file changed, 1 insertion(+), 1 deletion(-)
15
12
16
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
13
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
17
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
18
--- a/hw/arm/boot.c
15
--- a/hw/arm/smmuv3-internal.h
19
+++ b/hw/arm/boot.c
16
+++ b/hw/arm/smmuv3-internal.h
20
@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
17
@@ -XXX,XX +XXX,XX @@ static inline int pa_range(STE *ste)
21
if (cpu_isar_feature(aa64_pauth, cpu)) {
18
22
env->cp15.scr_el3 |= SCR_API | SCR_APK;
19
/* CD fields */
23
}
20
24
+ if (cpu_isar_feature(aa64_mte, cpu)) {
21
-#define CD_VALID(x) extract32((x)->word[0], 30, 1)
25
+ env->cp15.scr_el3 |= SCR_ATA;
22
+#define CD_VALID(x) extract32((x)->word[0], 31, 1)
26
+ }
23
#define CD_ASID(x) extract32((x)->word[1], 16, 16)
27
/* AArch64 kernels never boot in secure mode */
24
#define CD_TTB(x, sel) \
28
assert(!info->secure_boot);
25
({ \
29
/* This hook is only supported for AArch32 currently:
30
--
26
--
31
2.20.1
27
2.20.1
32
28
33
29
diff view generated by jsdifflib
New patch
[PULL 02/14] qemu-options.hx: Fix formatting of -machine memory-backend option
1
The documentation of the -machine memory-backend has some minor
2
formatting errors:
3
* Misindentation of the initial line meant that the whole option
4
section is incorrectly indented in the HTML output compared to
5
the other -machine options
6
* The examples weren't indented, which meant that they were formatted
7
as plain run-on text including outputting the "::" as text.
8
* The a) b) list has no rst-format markup so it is rendered as
9
a single run-on paragraph
1
10
11
Fix the formatting.
12
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
15
Message-id: 20210719105257.3599-1-peter.maydell@linaro.org
16
---
17
qemu-options.hx | 30 +++++++++++++++++-------------
18
1 file changed, 17 insertions(+), 13 deletions(-)
19
20
diff --git a/qemu-options.hx b/qemu-options.hx
21
index XXXXXXX..XXXXXXX 100644
22
--- a/qemu-options.hx
23
+++ b/qemu-options.hx
24
@@ -XXX,XX +XXX,XX @@ SRST
25
Enables or disables ACPI Heterogeneous Memory Attribute Table
26
(HMAT) support. The default is off.
27
28
- ``memory-backend='id'``
29
+ ``memory-backend='id'``
30
An alternative to legacy ``-mem-path`` and ``mem-prealloc`` options.
31
Allows to use a memory backend as main RAM.
32
33
For example:
34
::
35
- -object memory-backend-file,id=pc.ram,size=512M,mem-path=/hugetlbfs,prealloc=on,share=on
36
- -machine memory-backend=pc.ram
37
- -m 512M
38
+
39
+ -object memory-backend-file,id=pc.ram,size=512M,mem-path=/hugetlbfs,prealloc=on,share=on
40
+ -machine memory-backend=pc.ram
41
+ -m 512M
42
43
Migration compatibility note:
44
- a) as backend id one shall use value of 'default-ram-id', advertised by
45
- machine type (available via ``query-machines`` QMP command), if migration
46
- to/from old QEMU (<5.0) is expected.
47
- b) for machine types 4.0 and older, user shall
48
- use ``x-use-canonical-path-for-ramblock-id=off`` backend option
49
- if migration to/from old QEMU (<5.0) is expected.
50
+
51
+ * as backend id one shall use value of 'default-ram-id', advertised by
52
+ machine type (available via ``query-machines`` QMP command), if migration
53
+ to/from old QEMU (<5.0) is expected.
54
+ * for machine types 4.0 and older, user shall
55
+ use ``x-use-canonical-path-for-ramblock-id=off`` backend option
56
+ if migration to/from old QEMU (<5.0) is expected.
57
+
58
For example:
59
::
60
- -object memory-backend-ram,id=pc.ram,size=512M,x-use-canonical-path-for-ramblock-id=off
61
- -machine memory-backend=pc.ram
62
- -m 512M
63
+
64
+ -object memory-backend-ram,id=pc.ram,size=512M,x-use-canonical-path-for-ramblock-id=off
65
+ -machine memory-backend=pc.ram
66
+ -m 512M
67
ERST
68
69
HXCOMM Deprecated by -machine
70
--
71
2.20.1
72
73
diff view generated by jsdifflib
New patch
[PULL 03/14] target/arm: Enforce that M-profile SP low 2 bits are always zero
1
For M-profile, unlike A-profile, the low 2 bits of SP are defined to be
2
RES0H, which is to say that they must be hardwired to zero so that
3
guest attempts to write non-zero values to them are ignored.
1
4
5
Implement this behaviour by masking out the low bits:
6
* for writes to r13 by the gdbstub
7
* for writes to any of the various flavours of SP via MSR
8
* for writes to r13 via store_reg() in generated code
9
10
Note that all the direct uses of cpu_R[] in translate.c are in places
11
where the register is definitely not r13 (usually because that has
12
been checked for as an UNDEFINED or UNPREDICTABLE case and handled as
13
UNDEF).
14
15
All the other writes to regs[13] in C code are either:
16
* A-profile only code
17
* writes of values we can guarantee to be aligned, such as
18
- writes of previous-SP-value plus or minus a 4-aligned constant
19
- writes of the value in an SP limit register (which we already
20
enforce to be aligned)
21
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
24
Message-id: 20210723162146.5167-2-peter.maydell@linaro.org
25
---
26
target/arm/gdbstub.c | 4 ++++
27
target/arm/m_helper.c | 14 ++++++++------
28
target/arm/translate.c | 3 +++
29
3 files changed, 15 insertions(+), 6 deletions(-)
30
31
diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
32
index XXXXXXX..XXXXXXX 100644
33
--- a/target/arm/gdbstub.c
34
+++ b/target/arm/gdbstub.c
35
@@ -XXX,XX +XXX,XX @@ int arm_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
36
37
if (n < 16) {
38
/* Core integer register. */
39
+ if (n == 13 && arm_feature(env, ARM_FEATURE_M)) {
40
+ /* M profile SP low bits are always 0 */
41
+ tmp &= ~3;
42
+ }
43
env->regs[n] = tmp;
44
return 4;
45
}
46
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
47
index XXXXXXX..XXXXXXX 100644
48
--- a/target/arm/m_helper.c
49
+++ b/target/arm/m_helper.c
50
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
51
if (!env->v7m.secure) {
52
return;
53
}
54
- env->v7m.other_ss_msp = val;
55
+ env->v7m.other_ss_msp = val & ~3;
56
return;
57
case 0x89: /* PSP_NS */
58
if (!env->v7m.secure) {
59
return;
60
}
61
- env->v7m.other_ss_psp = val;
62
+ env->v7m.other_ss_psp = val & ~3;
63
return;
64
case 0x8a: /* MSPLIM_NS */
65
if (!env->v7m.secure) {
66
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
67
68
limit = is_psp ? env->v7m.psplim[false] : env->v7m.msplim[false];
69
70
+ val &= ~0x3;
71
+
72
if (val < limit) {
73
raise_exception_ra(env, EXCP_STKOF, 0, 1, GETPC());
74
}
75
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
76
break;
77
case 8: /* MSP */
78
if (v7m_using_psp(env)) {
79
- env->v7m.other_sp = val;
80
+ env->v7m.other_sp = val & ~3;
81
} else {
82
- env->regs[13] = val;
83
+ env->regs[13] = val & ~3;
84
}
85
break;
86
case 9: /* PSP */
87
if (v7m_using_psp(env)) {
88
- env->regs[13] = val;
89
+ env->regs[13] = val & ~3;
90
} else {
91
- env->v7m.other_sp = val;
92
+ env->v7m.other_sp = val & ~3;
93
}
94
break;
95
case 10: /* MSPLIM */
96
diff --git a/target/arm/translate.c b/target/arm/translate.c
97
index XXXXXXX..XXXXXXX 100644
98
--- a/target/arm/translate.c
99
+++ b/target/arm/translate.c
100
@@ -XXX,XX +XXX,XX @@ void store_reg(DisasContext *s, int reg, TCGv_i32 var)
101
*/
102
tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3);
103
s->base.is_jmp = DISAS_JUMP;
104
+ } else if (reg == 13 && arm_dc_feature(s, ARM_FEATURE_M)) {
105
+ /* For M-profile SP bits [1:0] are always zero */
106
+ tcg_gen_andi_i32(var, var, ~3);
107
}
108
tcg_gen_mov_i32(cpu_R[reg], var);
109
tcg_temp_free_i32(var);
110
--
111
2.20.1
112
113
diff view generated by jsdifflib
New patch
[PULL 04/14] target/arm: Add missing 'return's after calling v7m_exception_taken()
1
In do_v7m_exception_exit(), we perform various checks as part of
2
performing the exception return. If one of these checks fails, the
3
architecture requires that we take an appropriate exception on the
4
existing stackframe. We implement this by calling
5
v7m_exception_taken() to set up to take the new exception, and then
6
immediately returning from do_v7m_exception_exit() without proceeding
7
any further with the unstack-and-exception-return process.
1
8
9
In a couple of checks that are new in v8.1M, we forgot the "return"
10
statement, with the effect that if bad code in the guest tripped over
11
these checks we would set up to take a UsageFault exception but then
12
blunder on trying to also unstack and return from the original
13
exception, with the probable result that the guest would crash.
14
15
Add the missing return statements.
16
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
19
Message-id: 20210723162146.5167-3-peter.maydell@linaro.org
20
---
21
target/arm/m_helper.c | 2 ++
22
1 file changed, 2 insertions(+)
23
24
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
25
index XXXXXXX..XXXXXXX 100644
26
--- a/target/arm/m_helper.c
27
+++ b/target/arm/m_helper.c
28
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
29
qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
30
"stackframe: NSACR prevents clearing FPU registers\n");
31
v7m_exception_taken(cpu, excret, true, false);
32
+ return;
33
} else if (!cpacr_pass) {
34
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,
35
exc_secure);
36
@@ -XXX,XX +XXX,XX @@ static void do_v7m_exception_exit(ARMCPU *cpu)
37
qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
38
"stackframe: CPACR prevents clearing FPU registers\n");
39
v7m_exception_taken(cpu, excret, true, false);
40
+ return;
41
}
42
}
43
/* Clear s0..s15, FPSCR and VPR */
44
--
45
2.20.1
46
47
diff view generated by jsdifflib
New patch
[PULL 05/14] target/arm: Report M-profile alignment faults correctly to the guest
1
For M-profile, we weren't reporting alignment faults triggered by the
2
generic TCG code correctly to the guest. These get passed into
3
arm_v7m_cpu_do_interrupt() as an EXCP_DATA_ABORT with an A-profile
4
style exception.fsr value of 1. We didn't check for this, and so
5
they fell through into the default of "assume this is an MPU fault"
6
and were reported to the guest as a data access violation MPU fault.
1
7
8
Report these alignment faults as UsageFaults which set the UNALIGNED
9
bit in the UFSR.
10
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
13
Message-id: 20210723162146.5167-4-peter.maydell@linaro.org
14
---
15
target/arm/m_helper.c | 8 ++++++++
16
1 file changed, 8 insertions(+)
17
18
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/m_helper.c
21
+++ b/target/arm/m_helper.c
22
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
23
env->v7m.sfsr |= R_V7M_SFSR_LSERR_MASK;
24
break;
25
case EXCP_UNALIGNED:
26
+ /* Unaligned faults reported by M-profile aware code */
27
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
28
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_UNALIGNED_MASK;
29
break;
30
@@ -XXX,XX +XXX,XX @@ void arm_v7m_cpu_do_interrupt(CPUState *cs)
31
}
32
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_BUS, false);
33
break;
34
+ case 0x1: /* Alignment fault reported by generic code */
35
+ qemu_log_mask(CPU_LOG_INT,
36
+ "...really UsageFault with UFSR.UNALIGNED\n");
37
+ env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_UNALIGNED_MASK;
38
+ armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE,
39
+ env->v7m.secure);
40
+ break;
41
default:
42
/*
43
* All other FSR values are either MPU faults or "can't happen
44
--
45
2.20.1
46
47
diff view generated by jsdifflib
New patch
[PULL 06/14] hw/intc/armv7m_nvic: ISCR.ISRPENDING is set for non-enabled pending interrupts
1
The ISCR.ISRPENDING bit is set when an external interrupt is pending.
2
This is true whether that external interrupt is enabled or not.
3
This means that we can't use 's->vectpending == 0' as a shortcut to
4
"ISRPENDING is zero", because s->vectpending indicates only the
5
highest priority pending enabled interrupt.
1
6
7
Remove the incorrect optimization so that if there is no pending
8
enabled interrupt we fall through to scanning through the whole
9
interrupt array.
10
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
13
Message-id: 20210723162146.5167-5-peter.maydell@linaro.org
14
---
15
hw/intc/armv7m_nvic.c | 9 ++++-----
16
1 file changed, 4 insertions(+), 5 deletions(-)
17
18
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
19
index XXXXXXX..XXXXXXX 100644
20
--- a/hw/intc/armv7m_nvic.c
21
+++ b/hw/intc/armv7m_nvic.c
22
@@ -XXX,XX +XXX,XX @@ static bool nvic_isrpending(NVICState *s)
23
{
24
int irq;
25
26
- /* We can shortcut if the highest priority pending interrupt
27
- * happens to be external or if there is nothing pending.
28
+ /*
29
+ * We can shortcut if the highest priority pending interrupt
30
+ * happens to be external; if not we need to check the whole
31
+ * vectors[] array.
32
*/
33
if (s->vectpending > NVIC_FIRST_IRQ) {
34
return true;
35
}
36
- if (s->vectpending == 0) {
37
- return false;
38
- }
39
40
for (irq = NVIC_FIRST_IRQ; irq < s->num_irq; irq++) {
41
if (s->vectors[irq].pending) {
42
--
43
2.20.1
44
45
diff view generated by jsdifflib
New patch
[PULL 07/14] hw/intc/armv7m_nvic: Correct size of ICSR.VECTPENDING
1
The VECTPENDING field in the ICSR is 9 bits wide, in bits [20:12] of
2
the register. We were incorrectly masking it to 8 bits, so it would
3
report the wrong value if the pending exception was greater than 256.
4
Fix the bug.
1
5
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20210723162146.5167-6-peter.maydell@linaro.org
9
---
10
hw/intc/armv7m_nvic.c | 2 +-
11
1 file changed, 1 insertion(+), 1 deletion(-)
12
13
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/hw/intc/armv7m_nvic.c
16
+++ b/hw/intc/armv7m_nvic.c
17
@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
18
/* VECTACTIVE */
19
val = cpu->env.v7m.exception;
20
/* VECTPENDING */
21
- val |= (s->vectpending & 0xff) << 12;
22
+ val |= (s->vectpending & 0x1ff) << 12;
23
/* ISRPENDING - set if any external IRQ is pending */
24
if (nvic_isrpending(s)) {
25
val |= (1 << 22);
26
--
27
2.20.1
28
29
diff view generated by jsdifflib
[PULL 4/7] docs/system/arm/virt: Document 'mte' machine option
[PULL 08/14] hw/intc/armv7m_nvic: for v8.1M VECTPENDING hides S exceptions from NS
1
Commit 6a0b7505f1fd6769c which added documentation of the virt board
1
In Arm v8.1M the VECTPENDING field in the ICSR has new behaviour: if
2
crossed in the post with commit 6f4e1405b91da0d0 which added a new
2
the register is accessed NonSecure and the highest priority pending
3
'mte' machine option. Update the docs to include the new option.
3
enabled exception (that would be returned in the VECTPENDING field)
4
targets Secure, then the VECTPENDING field must read 1 rather than
5
the exception number of the pending exception. Implement this.
4
6
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20210723162146.5167-7-peter.maydell@linaro.org
8
---
10
---
9
docs/system/arm/virt.rst | 4 ++++
11
hw/intc/armv7m_nvic.c | 31 ++++++++++++++++++++++++-------
10
1 file changed, 4 insertions(+)
12
1 file changed, 24 insertions(+), 7 deletions(-)
11
13
12
diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
14
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
13
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
14
--- a/docs/system/arm/virt.rst
16
--- a/hw/intc/armv7m_nvic.c
15
+++ b/docs/system/arm/virt.rst
17
+++ b/hw/intc/armv7m_nvic.c
16
@@ -XXX,XX +XXX,XX @@ virtualization
18
@@ -XXX,XX +XXX,XX @@ void armv7m_nvic_acknowledge_irq(void *opaque)
17
Set ``on``/``off`` to enable/disable emulating a guest CPU which implements the
19
nvic_irq_update(s);
18
Arm Virtualization Extensions. The default is ``off``.
20
}
19
21
20
+mte
22
+static bool vectpending_targets_secure(NVICState *s)
21
+ Set ``on``/``off`` to enable/disable emulating a guest CPU which implements the
23
+{
22
+ Arm Memory Tagging Extensions. The default is ``off``.
24
+ /* Return true if s->vectpending targets Secure state */
25
+ if (s->vectpending_is_s_banked) {
26
+ return true;
27
+ }
28
+ return !exc_is_banked(s->vectpending) &&
29
+ exc_targets_secure(s, s->vectpending);
30
+}
23
+
31
+
24
highmem
32
void armv7m_nvic_get_pending_irq_info(void *opaque,
25
Set ``on``/``off`` to enable/disable placing devices and RAM in physical
33
int *pirq, bool *ptargets_secure)
26
address space above 32 bits. The default is ``on`` for machine types
34
{
35
@@ -XXX,XX +XXX,XX @@ void armv7m_nvic_get_pending_irq_info(void *opaque,
36
37
assert(pending > ARMV7M_EXCP_RESET && pending < s->num_irq);
38
39
- if (s->vectpending_is_s_banked) {
40
- targets_secure = true;
41
- } else {
42
- targets_secure = !exc_is_banked(pending) &&
43
- exc_targets_secure(s, pending);
44
- }
45
+ targets_secure = vectpending_targets_secure(s);
46
47
trace_nvic_get_pending_irq_info(pending, targets_secure);
48
49
@@ -XXX,XX +XXX,XX @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs)
50
/* VECTACTIVE */
51
val = cpu->env.v7m.exception;
52
/* VECTPENDING */
53
- val |= (s->vectpending & 0x1ff) << 12;
54
+ if (s->vectpending) {
55
+ /*
56
+ * From v8.1M VECTPENDING must read as 1 if accessed as
57
+ * NonSecure and the highest priority pending and enabled
58
+ * exception targets Secure.
59
+ */
60
+ int vp = s->vectpending;
61
+ if (!attrs.secure && arm_feature(&cpu->env, ARM_FEATURE_V8_1M) &&
62
+ vectpending_targets_secure(s)) {
63
+ vp = 1;
64
+ }
65
+ val |= (vp & 0x1ff) << 12;
66
+ }
67
/* ISRPENDING - set if any external IRQ is pending */
68
if (nvic_isrpending(s)) {
69
val |= (1 << 22);
27
--
70
--
28
2.20.1
71
2.20.1
29
72
30
73
diff view generated by jsdifflib
New patch
[PULL 09/14] docs: Update path that mentions deprecated.rst
1
From: Mao Zhongyi <maozhongyi@cmss.chinamobile.com>
1
2
3
Missed in commit f3478392 "docs: Move deprecation, build
4
and license info out of system/"
5
6
Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Message-id: 20210723065828.1336760-1-maozhongyi@cmss.chinamobile.com
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
configure | 2 +-
12
target/i386/cpu.c | 2 +-
13
MAINTAINERS | 2 +-
14
3 files changed, 3 insertions(+), 3 deletions(-)
15
16
diff --git a/configure b/configure
17
index XXXXXXX..XXXXXXX 100755
18
--- a/configure
19
+++ b/configure
20
@@ -XXX,XX +XXX,XX @@ fi
21
22
if test -n "${deprecated_features}"; then
23
echo "Warning, deprecated features enabled."
24
- echo "Please see docs/system/deprecated.rst"
25
+ echo "Please see docs/about/deprecated.rst"
26
echo " features: ${deprecated_features}"
27
fi
28
29
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
30
index XXXXXXX..XXXXXXX 100644
31
--- a/target/i386/cpu.c
32
+++ b/target/i386/cpu.c
33
@@ -XXX,XX +XXX,XX @@ static const X86CPUDefinition builtin_x86_defs[] = {
34
* none", but this is just for compatibility while libvirt isn't
35
* adapted to resolve CPU model versions before creating VMs.
36
* See "Runnability guarantee of CPU models" at
37
- * docs/system/deprecated.rst.
38
+ * docs/about/deprecated.rst.
39
*/
40
X86CPUVersion default_cpu_version = 1;
41
42
diff --git a/MAINTAINERS b/MAINTAINERS
43
index XXXXXXX..XXXXXXX 100644
44
--- a/MAINTAINERS
45
+++ b/MAINTAINERS
46
@@ -XXX,XX +XXX,XX @@ F: contrib/gitdm/*
47
48
Incompatible changes
49
R: libvir-list@redhat.com
50
-F: docs/system/deprecated.rst
51
+F: docs/about/deprecated.rst
52
53
Build System
54
------------
55
--
56
2.20.1
57
58
diff view generated by jsdifflib
[PULL 3/7] target/arm: Always pass cacheattr in S1_ptw_translate
[PULL 10/14] target/arm: Correctly bound length in sve_zcr_get_valid_len
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
When we changed the interface of get_phys_addr_lpae to require
3
Currently, our only caller is sve_zcr_len_for_el, which has
4
the cacheattr parameter, this spot was missed. The compiler is
4
already masked the length extracted from ZCR_ELx, so the
5
unable to detect the use of NULL vs the nonnull attribute here.
5
masking done here is a nop. But we will shortly have uses
6
from other locations, where the length will be unmasked.
6
7
7
Fixes: 7e98e21c098
8
Saturate the length to ARM_MAX_VQ instead of truncating to
8
Reported-by: Jan Kiszka <jan.kiszka@siemens.com>
9
the low 4 bits.
10
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Tested-by: Jan Kiszka <jan.kiskza@siemens.com>
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Message-id: 20210723203344.968563-2-richard.henderson@linaro.org
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
15
---
14
target/arm/helper.c | 19 ++++++-------------
16
target/arm/helper.c | 4 +++-
15
1 file changed, 6 insertions(+), 13 deletions(-)
17
1 file changed, 3 insertions(+), 1 deletion(-)
16
18
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
19
diff --git a/target/arm/helper.c b/target/arm/helper.c
18
index XXXXXXX..XXXXXXX 100644
20
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/helper.c
21
--- a/target/arm/helper.c
20
+++ b/target/arm/helper.c
22
+++ b/target/arm/helper.c
21
@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
23
@@ -XXX,XX +XXX,XX @@ static uint32_t sve_zcr_get_valid_len(ARMCPU *cpu, uint32_t start_len)
22
int s2prot;
24
{
23
int ret;
25
uint32_t end_len;
24
ARMCacheAttrs cacheattrs = {};
26
25
- ARMCacheAttrs *pcacheattrs = NULL;
27
- end_len = start_len &= 0xf;
26
-
28
+ start_len = MIN(start_len, ARM_MAX_VQ - 1);
27
- if (env->cp15.hcr_el2 & HCR_PTW) {
29
+ end_len = start_len;
28
- /*
30
+
29
- * PTW means we must fault if this S1 walk touches S2 Device
31
if (!test_bit(start_len, cpu->sve_vq_map)) {
30
- * memory; otherwise we don't care about the attributes and can
32
end_len = find_last_bit(cpu->sve_vq_map, start_len);
31
- * save the S2 translation the effort of computing them.
33
assert(end_len < start_len);
32
- */
33
- pcacheattrs = &cacheattrs;
34
- }
35
36
ret = get_phys_addr_lpae(env, addr, MMU_DATA_LOAD, ARMMMUIdx_Stage2,
37
false,
38
&s2pa, &txattrs, &s2prot, &s2size, fi,
39
- pcacheattrs);
40
+ &cacheattrs);
41
if (ret) {
42
assert(fi->type != ARMFault_None);
43
fi->s2addr = addr;
44
@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
45
fi->s1ptw = true;
46
return ~0;
47
}
48
- if (pcacheattrs && (pcacheattrs->attrs & 0xf0) == 0) {
49
- /* Access was to Device memory: generate Permission fault */
50
+ if ((env->cp15.hcr_el2 & HCR_PTW) && (cacheattrs.attrs & 0xf0) == 0) {
51
+ /*
52
+ * PTW set and S1 walk touched S2 Device memory:
53
+ * generate Permission fault.
54
+ */
55
fi->type = ARMFault_Permission;
56
fi->s2addr = addr;
57
fi->stage2 = true;
58
--
34
--
59
2.20.1
35
2.20.1
60
36
61
37
diff view generated by jsdifflib
[PULL 5/7] hw/arm/boot: Fix PAUTH for EL3 direct kernel boot
[PULL 11/14] target/arm: Export aarch64_sve_zcr_get_valid_len
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
When booting an EL3 cpu with -kernel, we set up EL3 and then
3
Rename from sve_zcr_get_valid_len and make accessible
4
drop down to EL2. We need to enable access to v8.3-PAuth
4
from outside of helper.c.
5
keys and instructions at EL3 before doing so.
6
5
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20200724163853.504655-2-richard.henderson@linaro.org
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Message-id: 20210723203344.968563-3-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
10
---
12
hw/arm/boot.c | 3 +++
11
target/arm/internals.h | 10 ++++++++++
13
1 file changed, 3 insertions(+)
12
target/arm/helper.c | 4 ++--
13
2 files changed, 12 insertions(+), 2 deletions(-)
14
14
15
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
15
diff --git a/target/arm/internals.h b/target/arm/internals.h
16
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/arm/boot.c
17
--- a/target/arm/internals.h
18
+++ b/hw/arm/boot.c
18
+++ b/target/arm/internals.h
19
@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
19
@@ -XXX,XX +XXX,XX @@ void arm_translate_init(void);
20
} else {
20
void arm_cpu_synchronize_from_tb(CPUState *cs, const TranslationBlock *tb);
21
env->pstate = PSTATE_MODE_EL1h;
21
#endif /* CONFIG_TCG */
22
}
22
23
+ if (cpu_isar_feature(aa64_pauth, cpu)) {
23
+/**
24
+ env->cp15.scr_el3 |= SCR_API | SCR_APK;
24
+ * aarch64_sve_zcr_get_valid_len:
25
+ }
25
+ * @cpu: cpu context
26
/* AArch64 kernels never boot in secure mode */
26
+ * @start_len: maximum len to consider
27
assert(!info->secure_boot);
27
+ *
28
/* This hook is only supported for AArch32 currently:
28
+ * Return the maximum supported sve vector length <= @start_len.
29
+ * Note that both @start_len and the return value are in units
30
+ * of ZCR_ELx.LEN, so the vector bit length is (x + 1) * 128.
31
+ */
32
+uint32_t aarch64_sve_zcr_get_valid_len(ARMCPU *cpu, uint32_t start_len);
33
34
enum arm_fprounding {
35
FPROUNDING_TIEEVEN,
36
diff --git a/target/arm/helper.c b/target/arm/helper.c
37
index XXXXXXX..XXXXXXX 100644
38
--- a/target/arm/helper.c
39
+++ b/target/arm/helper.c
40
@@ -XXX,XX +XXX,XX @@ int sve_exception_el(CPUARMState *env, int el)
41
return 0;
42
}
43
44
-static uint32_t sve_zcr_get_valid_len(ARMCPU *cpu, uint32_t start_len)
45
+uint32_t aarch64_sve_zcr_get_valid_len(ARMCPU *cpu, uint32_t start_len)
46
{
47
uint32_t end_len;
48
49
@@ -XXX,XX +XXX,XX @@ uint32_t sve_zcr_len_for_el(CPUARMState *env, int el)
50
zcr_len = MIN(zcr_len, 0xf & (uint32_t)env->vfp.zcr_el[3]);
51
}
52
53
- return sve_zcr_get_valid_len(cpu, zcr_len);
54
+ return aarch64_sve_zcr_get_valid_len(cpu, zcr_len);
55
}
56
57
static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
29
--
58
--
30
2.20.1
59
2.20.1
31
60
32
61
diff view generated by jsdifflib
[PULL 7/7] target/arm: Improve IMPDEF algorithm for IRG
[PULL 12/14] target/arm: Add sve-default-vector-length cpu property
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
When GCR_EL1.RRND==1, the choosing of the random value is IMPDEF,
3
Mirror the behavour of /proc/sys/abi/sve_default_vector_length
4
and the kernel is not expected to have set RGSR_EL1. Force a
4
under the real linux kernel. We have no way of passing along
5
non-zero value into SEED, so that we do not continually return
5
a real default across exec like the kernel can, but this is a
6
the same tag.
6
decent way of adjusting the startup vector length of a process.
7
7
8
Reported-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
8
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/482
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20200724163853.504655-4-richard.henderson@linaro.org
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Message-id: 20210723203344.968563-4-richard.henderson@linaro.org
12
[PMM: tweaked docs formatting, document -1 special-case,
13
added fixup patch from RTH mentioning QEMU's maximum veclen.]
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
15
---
14
target/arm/mte_helper.c | 37 ++++++++++++++++++++++++++++++-------
16
docs/system/arm/cpu-features.rst | 15 ++++++++
15
1 file changed, 30 insertions(+), 7 deletions(-)
17
target/arm/cpu.h | 5 +++
18
target/arm/cpu.c | 14 ++++++--
19
target/arm/cpu64.c | 60 ++++++++++++++++++++++++++++++++
20
4 files changed, 92 insertions(+), 2 deletions(-)
16
21
17
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
22
diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
18
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/mte_helper.c
24
--- a/docs/system/arm/cpu-features.rst
20
+++ b/target/arm/mte_helper.c
25
+++ b/docs/system/arm/cpu-features.rst
21
@@ -XXX,XX +XXX,XX @@
26
@@ -XXX,XX +XXX,XX @@ verbose command lines. However, the recommended way to select vector
22
#include "exec/ram_addr.h"
27
lengths is to explicitly enable each desired length. Therefore only
23
#include "exec/cpu_ldst.h"
28
example's (1), (4), and (6) exhibit recommended uses of the properties.
24
#include "exec/helper-proto.h"
29
25
+#include "qapi/error.h"
30
+SVE User-mode Default Vector Length Property
26
+#include "qemu/guest-random.h"
31
+--------------------------------------------
27
32
+
28
33
+For qemu-aarch64, the cpu property ``sve-default-vector-length=N`` is
29
static int choose_nonexcluded_tag(int tag, int offset, uint16_t exclude)
34
+defined to mirror the Linux kernel parameter file
30
@@ -XXX,XX +XXX,XX @@ static uint8_t *allocation_tag_mem(CPUARMState *env, int ptr_mmu_idx,
35
+``/proc/sys/abi/sve_default_vector_length``. The default length, ``N``,
31
36
+is in units of bytes and must be between 16 and 8192.
32
uint64_t HELPER(irg)(CPUARMState *env, uint64_t rn, uint64_t rm)
37
+If not specified, the default vector length is 64.
33
{
38
+
34
- int rtag;
39
+If the default length is larger than the maximum vector length enabled,
35
-
40
+the actual vector length will be reduced. Note that the maximum vector
36
- /*
41
+length supported by QEMU is 256.
37
- * Our IMPDEF choice for GCR_EL1.RRND==1 is to behave as if
42
+
38
- * GCR_EL1.RRND==0, always producing deterministic results.
43
+If this property is set to ``-1`` then the default vector length
39
- */
44
+is set to the maximum possible length.
40
uint16_t exclude = extract32(rm | env->cp15.gcr_el1, 0, 16);
45
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
41
+ int rrnd = extract32(env->cp15.gcr_el1, 16, 1);
46
index XXXXXXX..XXXXXXX 100644
42
int start = extract32(env->cp15.rgsr_el1, 0, 4);
47
--- a/target/arm/cpu.h
43
int seed = extract32(env->cp15.rgsr_el1, 8, 16);
48
+++ b/target/arm/cpu.h
44
- int offset, i;
49
@@ -XXX,XX +XXX,XX @@ struct ARMCPU {
45
+ int offset, i, rtag;
50
/* Used to set the maximum vector length the cpu will support. */
51
uint32_t sve_max_vq;
52
53
+#ifdef CONFIG_USER_ONLY
54
+ /* Used to set the default vector length at process start. */
55
+ uint32_t sve_default_vq;
56
+#endif
57
+
58
/*
59
* In sve_vq_map each set bit is a supported vector length of
60
* (bit-number + 1) * 16 bytes, i.e. each bit number + 1 is the vector
61
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
62
index XXXXXXX..XXXXXXX 100644
63
--- a/target/arm/cpu.c
64
+++ b/target/arm/cpu.c
65
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(DeviceState *dev)
66
env->cp15.cpacr_el1 = deposit64(env->cp15.cpacr_el1, 16, 2, 3);
67
/* with reasonable vector length */
68
if (cpu_isar_feature(aa64_sve, cpu)) {
69
- env->vfp.zcr_el[1] = MIN(cpu->sve_max_vq - 1, 3);
70
+ env->vfp.zcr_el[1] =
71
+ aarch64_sve_zcr_get_valid_len(cpu, cpu->sve_default_vq - 1);
72
}
73
/*
74
* Enable TBI0 but not TBI1.
75
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_initfn(Object *obj)
76
QLIST_INIT(&cpu->pre_el_change_hooks);
77
QLIST_INIT(&cpu->el_change_hooks);
78
79
-#ifndef CONFIG_USER_ONLY
80
+#ifdef CONFIG_USER_ONLY
81
+# ifdef TARGET_AARCH64
82
+ /*
83
+ * The linux kernel defaults to 512-bit vectors, when sve is supported.
84
+ * See documentation for /proc/sys/abi/sve_default_vector_length, and
85
+ * our corresponding sve-default-vector-length cpu property.
86
+ */
87
+ cpu->sve_default_vq = 4;
88
+# endif
89
+#else
90
/* Our inbound IRQ and FIQ lines */
91
if (kvm_enabled()) {
92
/* VIRQ and VFIQ are unused with KVM but we add them to maintain
93
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
94
index XXXXXXX..XXXXXXX 100644
95
--- a/target/arm/cpu64.c
96
+++ b/target/arm/cpu64.c
97
@@ -XXX,XX +XXX,XX @@ static void cpu_arm_set_sve(Object *obj, bool value, Error **errp)
98
cpu->isar.id_aa64pfr0 = t;
99
}
100
101
+#ifdef CONFIG_USER_ONLY
102
+/* Mirror linux /proc/sys/abi/sve_default_vector_length. */
103
+static void cpu_arm_set_sve_default_vec_len(Object *obj, Visitor *v,
104
+ const char *name, void *opaque,
105
+ Error **errp)
106
+{
107
+ ARMCPU *cpu = ARM_CPU(obj);
108
+ int32_t default_len, default_vq, remainder;
109
+
110
+ if (!visit_type_int32(v, name, &default_len, errp)) {
111
+ return;
112
+ }
113
+
114
+ /* Undocumented, but the kernel allows -1 to indicate "maximum". */
115
+ if (default_len == -1) {
116
+ cpu->sve_default_vq = ARM_MAX_VQ;
117
+ return;
118
+ }
119
+
120
+ default_vq = default_len / 16;
121
+ remainder = default_len % 16;
46
+
122
+
47
+ /*
123
+ /*
48
+ * Our IMPDEF choice for GCR_EL1.RRND==1 is to continue to use the
124
+ * Note that the 512 max comes from include/uapi/asm/sve_context.h
49
+ * deterministic algorithm. Except that with RRND==1 the kernel is
125
+ * and is the maximum architectural width of ZCR_ELx.LEN.
50
+ * not required to have set RGSR_EL1.SEED != 0, which is required for
51
+ * the deterministic algorithm to function. So we force a non-zero
52
+ * SEED for that case.
53
+ */
126
+ */
54
+ if (unlikely(seed == 0) && rrnd) {
127
+ if (remainder || default_vq < 1 || default_vq > 512) {
55
+ do {
128
+ error_setg(errp, "cannot set sve-default-vector-length");
56
+ Error *err = NULL;
129
+ if (remainder) {
57
+ uint16_t two;
130
+ error_append_hint(errp, "Vector length not a multiple of 16\n");
131
+ } else if (default_vq < 1) {
132
+ error_append_hint(errp, "Vector length smaller than 16\n");
133
+ } else {
134
+ error_append_hint(errp, "Vector length larger than %d\n",
135
+ 512 * 16);
136
+ }
137
+ return;
138
+ }
58
+
139
+
59
+ if (qemu_guest_getrandom(&two, sizeof(two), &err) < 0) {
140
+ cpu->sve_default_vq = default_vq;
60
+ /*
141
+}
61
+ * Failed, for unknown reasons in the crypto subsystem.
142
+
62
+ * Best we can do is log the reason and use a constant seed.
143
+static void cpu_arm_get_sve_default_vec_len(Object *obj, Visitor *v,
63
+ */
144
+ const char *name, void *opaque,
64
+ qemu_log_mask(LOG_UNIMP, "IRG: Crypto failure: %s\n",
145
+ Error **errp)
65
+ error_get_pretty(err));
146
+{
66
+ error_free(err);
147
+ ARMCPU *cpu = ARM_CPU(obj);
67
+ two = 1;
148
+ int32_t value = cpu->sve_default_vq * 16;
68
+ }
149
+
69
+ seed = two;
150
+ visit_type_int32(v, name, &value, errp);
70
+ } while (seed == 0);
151
+}
71
+ }
152
+#endif
72
153
+
73
/* RandomTag */
154
void aarch64_add_sve_properties(Object *obj)
74
for (i = offset = 0; i < 4; ++i) {
155
{
156
uint32_t vq;
157
@@ -XXX,XX +XXX,XX @@ void aarch64_add_sve_properties(Object *obj)
158
object_property_add(obj, name, "bool", cpu_arm_get_sve_vq,
159
cpu_arm_set_sve_vq, NULL, NULL);
160
}
161
+
162
+#ifdef CONFIG_USER_ONLY
163
+ /* Mirror linux /proc/sys/abi/sve_default_vector_length. */
164
+ object_property_add(obj, "sve-default-vector-length", "int32",
165
+ cpu_arm_get_sve_default_vec_len,
166
+ cpu_arm_set_sve_default_vec_len, NULL, NULL);
167
+#endif
168
}
169
170
void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
75
--
171
--
76
2.20.1
172
2.20.1
77
173
78
174
diff view generated by jsdifflib
[PULL 2/7] hw/misc/aspeed_sdmc: Fix incorrect memory size
[PULL 13/14] hw/arm/nseries: Display hexadecimal value with '0x' prefix
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
2
3
The SDRAM Memory Controller has a 32-bit address bus, thus
4
supports up to 4 GiB of DRAM. There is a signed to unsigned
5
conversion error with the AST2600 maximum memory size:
6
7
(uint64_t)(2048 << 20) = (uint64_t)(-2147483648)
8
= 0xffffffff40000000
9
= 16 EiB - 2 GiB
10
11
Fix by using the IEC suffixes which are usually safer, and add
12
an assertion check to verify the memory is valid. This would have
13
caught this bug:
14
15
$ qemu-system-arm -M ast2600-evb
16
qemu-system-arm: hw/misc/aspeed_sdmc.c:258: aspeed_sdmc_realize: Assertion `asc->max_ram_size < 4 * GiB' failed.
17
Aborted (core dumped)
18
19
Fixes: 1550d72679 ("aspeed/sdmc: Add AST2600 support")
20
Reviewed-by: Cédric Le Goater <clg@kaod.org>
21
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
3
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
4
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20210726150953.1218690-1-f4bug@amsat.org
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
---
7
---
24
hw/misc/aspeed_sdmc.c | 7 ++++---
8
hw/arm/nseries.c | 2 +-
25
1 file changed, 4 insertions(+), 3 deletions(-)
9
1 file changed, 1 insertion(+), 1 deletion(-)
26
10
27
diff --git a/hw/misc/aspeed_sdmc.c b/hw/misc/aspeed_sdmc.c
11
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
28
index XXXXXXX..XXXXXXX 100644
12
index XXXXXXX..XXXXXXX 100644
29
--- a/hw/misc/aspeed_sdmc.c
13
--- a/hw/arm/nseries.c
30
+++ b/hw/misc/aspeed_sdmc.c
14
+++ b/hw/arm/nseries.c
31
@@ -XXX,XX +XXX,XX @@ static void aspeed_sdmc_realize(DeviceState *dev, Error **errp)
15
@@ -XXX,XX +XXX,XX @@ static uint32_t mipid_txrx(void *opaque, uint32_t cmd, int len)
32
AspeedSDMCState *s = ASPEED_SDMC(dev);
16
default:
33
AspeedSDMCClass *asc = ASPEED_SDMC_GET_CLASS(s);
17
bad_cmd:
34
18
qemu_log_mask(LOG_GUEST_ERROR,
35
+ assert(asc->max_ram_size < 4 * GiB); /* 32-bit address bus */
19
- "%s: unknown command %02x\n", __func__, s->cmd);
36
s->max_ram_size = asc->max_ram_size;
20
+ "%s: unknown command 0x%02x\n", __func__, s->cmd);
37
21
break;
38
memory_region_init_io(&s->iomem, OBJECT(s), &aspeed_sdmc_ops, s,
22
}
39
@@ -XXX,XX +XXX,XX @@ static void aspeed_2400_sdmc_class_init(ObjectClass *klass, void *data)
23
40
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
41
42
dc->desc = "ASPEED 2400 SDRAM Memory Controller";
43
- asc->max_ram_size = 512 << 20;
44
+ asc->max_ram_size = 512 * MiB;
45
asc->compute_conf = aspeed_2400_sdmc_compute_conf;
46
asc->write = aspeed_2400_sdmc_write;
47
asc->valid_ram_sizes = aspeed_2400_ram_sizes;
48
@@ -XXX,XX +XXX,XX @@ static void aspeed_2500_sdmc_class_init(ObjectClass *klass, void *data)
49
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
50
51
dc->desc = "ASPEED 2500 SDRAM Memory Controller";
52
- asc->max_ram_size = 1024 << 20;
53
+ asc->max_ram_size = 1 * GiB;
54
asc->compute_conf = aspeed_2500_sdmc_compute_conf;
55
asc->write = aspeed_2500_sdmc_write;
56
asc->valid_ram_sizes = aspeed_2500_ram_sizes;
57
@@ -XXX,XX +XXX,XX @@ static void aspeed_2600_sdmc_class_init(ObjectClass *klass, void *data)
58
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
59
60
dc->desc = "ASPEED 2600 SDRAM Memory Controller";
61
- asc->max_ram_size = 2048 << 20;
62
+ asc->max_ram_size = 2 * GiB;
63
asc->compute_conf = aspeed_2600_sdmc_compute_conf;
64
asc->write = aspeed_2600_sdmc_write;
65
asc->valid_ram_sizes = aspeed_2600_ram_sizes;
66
--
24
--
67
2.20.1
25
2.20.1
68
26
69
27
diff view generated by jsdifflib
[PULL 1/7] ACPI: Assert that we don't run out of the preallocated memory
[PULL 14/14] hw: aspeed_gpio: Fix memory size
1
From: Dongjiu Geng <gengdongjiu@huawei.com>
1
From: Joel Stanley <joel@jms.id.au>
2
2
3
data_length is a constant value, so we use assert instead of
3
The macro used to calculate the maximum memory size of the MMIO region
4
condition check.
4
had a mistake, causing all GPIO models to create a mapping of 0x9D8.
5
The intent was to have it be 0x9D8 - 0x800.
5
6
6
Signed-off-by: Dongjiu Geng <gengdongjiu@huawei.com>
7
This extra size doesn't matter on ast2400 and ast2500, which have a 4KB
7
Message-id: 20200622113146.33421-1-gengdongjiu@huawei.com
8
region set aside for the GPIO controller.
8
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
9
10
On the ast2600 the 3.3V and 1.8V GPIO controllers are 2KB apart, so the
11
regions would overlap. Worse was the 1.8V controller would map over the
12
top of the following peripheral, which happens to be the RTC.
13
14
The mmio region used by each device is a maximum of 2KB, so avoid the
15
calculations and hard code this as the maximum.
16
17
Fixes: 36d737ee82b2 ("hw/gpio: Add in AST2600 specific implementation")
18
Signed-off-by: Joel Stanley <joel@jms.id.au>
19
Reviewed-by: Rashmica Gupta <rashmica.g@gmail.com>
20
Reviewed-by: Cédric Le Goater <clg@kaod.org>
21
Message-id: 20210713065854.134634-2-joel@jms.id.au
22
[PMM: fix autocorrect error in commit message]
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
24
---
11
hw/acpi/ghes.c | 12 ++++--------
25
hw/gpio/aspeed_gpio.c | 3 +--
12
1 file changed, 4 insertions(+), 8 deletions(-)
26
1 file changed, 1 insertion(+), 2 deletions(-)
13
27
14
diff --git a/hw/acpi/ghes.c b/hw/acpi/ghes.c
28
diff --git a/hw/gpio/aspeed_gpio.c b/hw/gpio/aspeed_gpio.c
15
index XXXXXXX..XXXXXXX 100644
29
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/acpi/ghes.c
30
--- a/hw/gpio/aspeed_gpio.c
17
+++ b/hw/acpi/ghes.c
31
+++ b/hw/gpio/aspeed_gpio.c
18
@@ -XXX,XX +XXX,XX @@ static int acpi_ghes_record_mem_error(uint64_t error_block_address,
32
@@ -XXX,XX +XXX,XX @@
19
33
#define GPIO_1_8V_MEM_SIZE 0x9D8
20
/* This is the length if adding a new generic error data entry*/
34
#define GPIO_1_8V_REG_ARRAY_SIZE ((GPIO_1_8V_MEM_SIZE - \
21
data_length = ACPI_GHES_DATA_LENGTH + ACPI_GHES_MEM_CPER_LENGTH;
35
GPIO_1_8V_REG_OFFSET) >> 2)
22
-
36
-#define GPIO_MAX_MEM_SIZE MAX(GPIO_3_6V_MEM_SIZE, GPIO_1_8V_MEM_SIZE)
23
/*
37
24
- * Check whether it will run out of the preallocated memory if adding a new
38
static int aspeed_evaluate_irq(GPIOSets *regs, int gpio_prev_high, int gpio)
25
- * generic error data entry
39
{
26
+ * It should not run out of the preallocated memory if adding a new generic
40
@@ -XXX,XX +XXX,XX @@ static void aspeed_gpio_realize(DeviceState *dev, Error **errp)
27
+ * error data entry
41
}
28
*/
42
29
- if ((data_length + ACPI_GHES_GESB_SIZE) > ACPI_GHES_MAX_RAW_DATA_LENGTH) {
43
memory_region_init_io(&s->iomem, OBJECT(s), &aspeed_gpio_ops, s,
30
- error_report("Not enough memory to record new CPER!!!");
44
- TYPE_ASPEED_GPIO, GPIO_MAX_MEM_SIZE);
31
- g_array_free(block, true);
45
+ TYPE_ASPEED_GPIO, 0x800);
32
- return -1;
46
33
- }
47
sysbus_init_mmio(sbd, &s->iomem);
34
+ assert((data_length + ACPI_GHES_GESB_SIZE) <=
48
}
35
+ ACPI_GHES_MAX_RAW_DATA_LENGTH);
36
37
/* Build the new generic error status block header */
38
acpi_ghes_generic_error_status(block, ACPI_GEBS_UNCORRECTABLE,
39
--
49
--
40
2.20.1
50
2.20.1
41
51
42
52
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.