Handful of bugfixes for rc2. None of these are particularly critical

or exciting.

The following changes since commit 45a150aa2b3492acf6691c7bdbeb25a8545d8345:

Merge remote-tracking branch 'remotes/ericb/tags/pull-bitmaps-2020-08-03' into staging (2020-08-03 15:13:49 +0100)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200803

for you to fetch changes up to 13557fd392890cbd985bceba7f717e01efd674b8:

hw/timer/imx_epit: Avoid assertion when CR.SWR is written (2020-08-03 17:56:11 +0100)

* hw/timer/imx_epit: Avoid assertion when CR.SWR is written

* netduino2, netduinoplus2, microbit: set system_clock_scale so that

SysTick running on the CPU clock works

* target/arm: Avoid maybe-uninitialized warning with gcc 4.9

* target/arm: Fix AddPAC error indication

* Make AIRCR.SYSRESETREQ actually reset the system for the

microbit, mps2-*, musca-*, netduino* boards

Kaige Li (1):

target/arm: Avoid maybe-uninitialized warning with gcc 4.9

Peter Maydell (6):

hw/arm/netduino2, netduinoplus2: Set system_clock_scale

include/hw/irq.h: New function qemu_irq_is_connected()

hw/intc/armv7m_nvic: Provide default "reset the system" behaviour for SYSRESETREQ

msf2-soc, stellaris: Don't wire up SYSRESETREQ

hw/arm/nrf51_soc: Set system_clock_scale

hw/timer/imx_epit: Avoid assertion when CR.SWR is written

Richard Henderson (1):

target/arm: Fix AddPAC error indication

include/hw/arm/armv7m.h | 4 +++-

include/hw/irq.h | 18 ++++++++++++++++++

hw/arm/msf2-soc.c | 11 -----------

hw/arm/netduino2.c | 10 ++++++++++

hw/arm/netduinoplus2.c | 10 ++++++++++

hw/arm/nrf51_soc.c | 5 +++++

hw/arm/stellaris.c | 12 ------------

hw/intc/armv7m_nvic.c | 17 ++++++++++++++++-

hw/timer/imx_epit.c | 13 ++++++++++---

target/arm/pauth_helper.c | 6 +++++-

target/arm/translate-a64.c | 2 +-

tests/tcg/aarch64/pauth-5.c | 33 +++++++++++++++++++++++++++++++++

tests/tcg/aarch64/Makefile.target | 2 +-

13 files changed, 112 insertions(+), 31 deletions(-)

create mode 100644 tests/tcg/aarch64/pauth-5.c

From: Kaige Li <likaige@loongson.cn>

GCC version 4.9.4 isn't clever enough to figure out that all

execution paths in disas_ldst() that use 'fn' will have initialized

it first, and so it warns:

/home/LiKaige/qemu/target/arm/translate-a64.c: In function ‘disas_ldst’:

/home/LiKaige/qemu/target/arm/translate-a64.c:3392:5: error: ‘fn’ may be used uninitialized in this function [-Werror=maybe-uninitialized]

fn(cpu_reg(s, rt), clean_addr, tcg_rs, get_mem_index(s),

^

/home/LiKaige/qemu/target/arm/translate-a64.c:3318:22: note: ‘fn’ was declared here

AtomicThreeOpFn *fn;

^

Make it happy by initializing the variable to NULL.

Signed-off-by: Kaige Li <likaige@loongson.cn>

Message-id: 1596110248-7366-2-git-send-email-likaige@loongson.cn

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

[PMM: Clean up commit message and note which gcc version this was]

target/arm/translate-a64.c | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c

--- a/target/arm/translate-a64.c

+++ b/target/arm/translate-a64.c

@@ -XXX,XX +XXX,XX @@ static void disas_ldst_atomic(DisasContext *s, uint32_t insn,

bool r = extract32(insn, 22, 1);

bool a = extract32(insn, 23, 1);

TCGv_i64 tcg_rs, clean_addr;

- AtomicThreeOpFn *fn;

+ AtomicThreeOpFn *fn = NULL;

if (is_vector || !dc_isar_feature(aa64_atomics, s)) {

unallocated_encoding(s);

2.20.1

The nrf51 SoC model wasn't setting the system_clock_scale

global.which meant that if guest code used the systick timer in "use

the processor clock" mode it would hang because time never advances.

Set the global to match the documented CPU clock speed for this SoC.

This SoC in fact doesn't have a SysTick timer (which is the only thing

currently that cares about the system_clock_scale), because it's

a configurable option in the Cortex-M0. However our Cortex-M0 and

thus our nrf51 and our micro:bit board do provide a SysTick, so

we ought to provide a functional one rather than a broken one.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 20200727193458.31250-1-peter.maydell@linaro.org

hw/arm/nrf51_soc.c | 5 +++++

1 file changed, 5 insertions(+)

diff --git a/hw/arm/nrf51_soc.c b/hw/arm/nrf51_soc.c

--- a/hw/arm/nrf51_soc.c

+++ b/hw/arm/nrf51_soc.c

@@ -XXX,XX +XXX,XX @@

#define BASE_TO_IRQ(base) ((base >> 12) & 0x1F)

+/* HCLK (the main CPU clock) on this SoC is always 16MHz */

+#define HCLK_FRQ 16000000

+

static uint64_t clock_read(void *opaque, hwaddr addr, unsigned int size)

{

qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " [%u]\n",

@@ -XXX,XX +XXX,XX @@ static void nrf51_soc_realize(DeviceState *dev_soc, Error **errp)

return;

}

+ system_clock_scale = NANOSECONDS_PER_SECOND / HCLK_FRQ;

+

object_property_set_link(OBJECT(&s->cpu), "memory", OBJECT(&s->container),

&error_abort);

if (!sysbus_realize(SYS_BUS_DEVICE(&s->cpu), errp)) {

2.20.1

The MSF2 SoC model and the Stellaris board code both wire

SYSRESETREQ up to a function that just invokes

qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);

This is now the default action that the NVIC does if the line is

not connected, so we can delete the handling code.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

Message-id: 20200728103744.6909-4-peter.maydell@linaro.org

hw/arm/msf2-soc.c | 11 -----------

hw/arm/stellaris.c | 12 ------------

2 files changed, 23 deletions(-)

diff --git a/hw/arm/msf2-soc.c b/hw/arm/msf2-soc.c

--- a/hw/arm/msf2-soc.c

+++ b/hw/arm/msf2-soc.c

#include "hw/irq.h"

#include "hw/arm/msf2-soc.h"

#include "hw/misc/unimp.h"

-#include "sysemu/runstate.h"

#include "sysemu/sysemu.h"

#define MSF2_TIMER_BASE 0x40004000

@@ -XXX,XX +XXX,XX @@ static const int spi_irq[MSF2_NUM_SPIS] = { 2, 3 };

static const int uart_irq[MSF2_NUM_UARTS] = { 10, 11 };

static const int timer_irq[MSF2_NUM_TIMERS] = { 14, 15 };

-static void do_sys_reset(void *opaque, int n, int level)

-{

- if (level) {

- qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);

- }

-}

-

static void m2sxxx_soc_initfn(Object *obj)

{

MSF2State *s = MSF2_SOC(obj);

@@ -XXX,XX +XXX,XX @@ static void m2sxxx_soc_realize(DeviceState *dev_soc, Error **errp)

return;

}

- qdev_connect_gpio_out_named(DEVICE(&s->armv7m.nvic), "SYSRESETREQ", 0,

- qemu_allocate_irq(&do_sys_reset, NULL, 0));

-

system_clock_scale = NANOSECONDS_PER_SECOND / s->m3clk;

for (i = 0; i < MSF2_NUM_UARTS; i++) {

diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/stellaris.c

+++ b/hw/arm/stellaris.c

@@ -XXX,XX +XXX,XX @@

#include "hw/boards.h"

#include "qemu/log.h"

#include "exec/address-spaces.h"

-#include "sysemu/runstate.h"

#include "sysemu/sysemu.h"

#include "hw/arm/armv7m.h"

#include "hw/char/pl011.h"

@@ -XXX,XX +XXX,XX @@ static void stellaris_adc_init(Object *obj)

qdev_init_gpio_in(dev, stellaris_adc_trigger, 1);

}

-static

-void do_sys_reset(void *opaque, int n, int level)

-{

- if (level) {

- qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);

- }

-}

-

/* Board init. */

static stellaris_board_info stellaris_boards[] = {

{ "LM3S811EVB",

@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)

/* This will exit with an error if the user passed us a bad cpu_type */

sysbus_realize_and_unref(SYS_BUS_DEVICE(nvic), &error_fatal);

- qdev_connect_gpio_out_named(nvic, "SYSRESETREQ", 0,

- qemu_allocate_irq(&do_sys_reset, NULL, 0));

-

if (board->dc1 & (1 << 16)) {

dev = sysbus_create_varargs(TYPE_STELLARIS_ADC, 0x40038000,

qdev_get_gpio_in(nvic, 14),

2.20.1

The NVIC provides an outbound qemu_irq "SYSRESETREQ" which it signals

when the guest sets the SYSRESETREQ bit in the AIRCR register. This

matches the hardware design (where the CPU has a signal of this name

and it is up to the SoC to connect that up to an actual reset

mechanism), but in QEMU it mostly results in duplicated code in SoC

objects and bugs where SoC model implementors forget to wire up the

SYSRESETREQ line.

Provide a default behaviour for the case where SYSRESETREQ is not

actually connected to anything: use qemu_system_reset_request() to

perform a system reset. This will allow us to remove the

implementations of SYSRESETREQ handling from the boards where that's

exactly what it does, and also fixes the bugs in the board models

which forgot to wire up the signal:

* microbit

* mps2-an385

* mps2-an505

* mps2-an511

* mps2-an521

* musca-a

* musca-b1

* netduino

* netduinoplus2

We still allow the board to wire up the signal if it needs to, in case

we need to model more complicated reset controller logic or to model

buggy SoC hardware which forgot to wire up the line itself. But

defaulting to "reset the system" is more often going to be correct

than defaulting to "do nothing".

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

Message-id: 20200728103744.6909-3-peter.maydell@linaro.org

---

include/hw/arm/armv7m.h | 4 +++-

hw/intc/armv7m_nvic.c | 17 ++++++++++++++++-

2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/include/hw/arm/armv7m.h b/include/hw/arm/armv7m.h

--- a/include/hw/arm/armv7m.h

+++ b/include/hw/arm/armv7m.h

@@ -XXX,XX +XXX,XX @@ typedef struct {

/* ARMv7M container object.

* + Unnamed GPIO input lines: external IRQ lines for the NVIC

- * + Named GPIO output SYSRESETREQ: signalled for guest AIRCR.SYSRESETREQ

+ * + Named GPIO output SYSRESETREQ: signalled for guest AIRCR.SYSRESETREQ.

+ * If this GPIO is not wired up then the NVIC will default to performing

+ * a qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET).

* + Property "cpu-type": CPU type to instantiate

* + Property "num-irq": number of external IRQ lines

* + Property "memory": MemoryRegion defining the physical address space

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/intc/armv7m_nvic.c

+++ b/hw/intc/armv7m_nvic.c

@@ -XXX,XX +XXX,XX @@

#include "hw/intc/armv7m_nvic.h"

#include "hw/irq.h"

#include "hw/qdev-properties.h"

+#include "sysemu/runstate.h"

#include "target/arm/cpu.h"

#include "exec/exec-all.h"

#include "exec/memop.h"

@@ -XXX,XX +XXX,XX @@ static const uint8_t nvic_id[] = {

0x00, 0xb0, 0x1b, 0x00, 0x0d, 0xe0, 0x05, 0xb1

};

+static void signal_sysresetreq(NVICState *s)

+ if (qemu_irq_is_connected(s->sysresetreq)) {

+ qemu_irq_pulse(s->sysresetreq);

+ /*

+ * Default behaviour if the SoC doesn't need to wire up

+ * SYSRESETREQ (eg to a system reset controller of some kind):

+ * perform a system reset via the usual QEMU API.

+ */

+ qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);

static int nvic_pending_prio(NVICState *s)

/* return the group priority of the current pending interrupt,

@@ -XXX,XX +XXX,XX @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value,

if (value & R_V7M_AIRCR_SYSRESETREQ_MASK) {

if (attrs.secure ||

!(cpu->env.v7m.aircr & R_V7M_AIRCR_SYSRESETREQS_MASK)) {

- qemu_irq_pulse(s->sysresetreq);

+ signal_sysresetreq(s);

}

}

if (value & R_V7M_AIRCR_VECTCLRACTIVE_MASK) {

2.20.1

Mostly devices don't need to care whether one of their output

qemu_irq lines is connected, because functions like qemu_set_irq()

silently do nothing if there is nothing on the other end. However

sometimes a device might want to implement default behaviour for the

case where the machine hasn't wired the line up to anywhere.

Provide a function qemu_irq_is_connected() that devices can use for

this purpose. (The test is trivial but encapsulating it in a

function makes it easier to see where we're doing it in case we need

to change the implementation later.)

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>

Message-id: 20200728103744.6909-2-peter.maydell@linaro.org

include/hw/irq.h | 18 ++++++++++++++++++

1 file changed, 18 insertions(+)

diff --git a/include/hw/irq.h b/include/hw/irq.h

--- a/include/hw/irq.h

+++ b/include/hw/irq.h

@@ -XXX,XX +XXX,XX @@ qemu_irq qemu_irq_split(qemu_irq irq1, qemu_irq irq2);

on an existing vector of qemu_irq. */

void qemu_irq_intercept_in(qemu_irq *gpio_in, qemu_irq_handler handler, int n);

+/**

+ * qemu_irq_is_connected: Return true if IRQ line is wired up

+ *

+ * If a qemu_irq has a device on the other (receiving) end of it,

+ * return true; otherwise return false.

+ *

+ * Usually device models don't need to care whether the machine model

+ * has wired up their outbound qemu_irq lines, because functions like

+ * qemu_set_irq() silently do nothing if there is nothing on the other

+ * end of the line. However occasionally a device model will want to

+ * provide default behaviour if its output is left floating, and

+ * it can use this function to identify when that is the case.

+ */

+static inline bool qemu_irq_is_connected(qemu_irq irq)

+{

+ return irq != NULL;

+}

+

#endif

2.20.1

The imx_epit device has a software-controllable reset triggered by

setting the SWR bit in the CR register. An error in commit cc2722ec83ad9

means that we will end up assert()ing if the guest does this, because

the code in imx_epit_write() starts ptimer transactions, and then

imx_epit_reset() also starts ptimer transactions, triggering

"ptimer_transaction_begin: Assertion `!s->in_transaction' failed".

The cleanest way to avoid this double-transaction is to move the

start-transaction for the CR write handling down below the check of

the SWR bit.

Fixes: https://bugs.launchpad.net/qemu/+bug/1880424

Fixes: cc2722ec83ad944505fe

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Message-id: 20200727154550.3409-1-peter.maydell@linaro.org

hw/timer/imx_epit.c | 13 ++++++++++---

1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c

--- a/hw/timer/imx_epit.c

+++ b/hw/timer/imx_epit.c

@@ -XXX,XX +XXX,XX @@ static void imx_epit_write(void *opaque, hwaddr offset, uint64_t value,

switch (offset >> 2) {

case 0: /* CR */

- ptimer_transaction_begin(s->timer_cmp);

- ptimer_transaction_begin(s->timer_reload);

oldcr = s->cr;

s->cr = value & 0x03ffffff;

if (s->cr & CR_SWR) {

/* handle the reset */

imx_epit_reset(DEVICE(s));

- } else {

+ /*

+ * TODO: could we 'break' here? following operations appear

+ * to duplicate the work imx_epit_reset() already did.

+ */

+ }

+

+ ptimer_transaction_begin(s->timer_cmp);

+ ptimer_transaction_begin(s->timer_reload);

+

+ if (!(s->cr & CR_SWR)) {

imx_epit_set_freq(s);

2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The definition of top_bit used in this function is one higher

than that used in the Arm ARM psuedo-code, which put the error

indication at top_bit - 1 at the wrong place, which meant that

it wasn't visible to Auth.

Fixing the definition of top_bit requires more changes, because

its most common use is for the count of bits in top_bit:bot_bit,

which would then need to be computed as top_bit - bot_bit + 1.

For now, prefer the minimal fix to the error indication alone.

Fixes: 63ff0ca94cb

Reported-by: Derrick McKee <derrick.mckee@gmail.com>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Message-id: 20200728195706.11087-1-richard.henderson@linaro.org

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

[PMM: added comment about the divergence from the pseudocode]

target/arm/pauth_helper.c | 6 +++++-

tests/tcg/aarch64/pauth-5.c | 33 +++++++++++++++++++++++++++++++

tests/tcg/aarch64/Makefile.target | 2 +-

3 files changed, 39 insertions(+), 2 deletions(-)

create mode 100644 tests/tcg/aarch64/pauth-5.c

diff --git a/target/arm/pauth_helper.c b/target/arm/pauth_helper.c

--- a/target/arm/pauth_helper.c

+++ b/target/arm/pauth_helper.c

@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,

*/

test = sextract64(ptr, bot_bit, top_bit - bot_bit);

if (test != 0 && test != -1) {

- pac ^= MAKE_64BIT_MASK(top_bit - 1, 1);

+ /*

+ * Note that our top_bit is one greater than the pseudocode's

+ * version, hence "- 2" here.

+ */

+ pac ^= MAKE_64BIT_MASK(top_bit - 2, 1);

/*

diff --git a/tests/tcg/aarch64/pauth-5.c b/tests/tcg/aarch64/pauth-5.c

new file mode 100644

index XXXXXXX..XXXXXXX

--- /dev/null

+++ b/tests/tcg/aarch64/pauth-5.c

@@ -XXX,XX +XXX,XX @@

+#include <assert.h>

+

+static int x;

+

+int main()

+{

+ int *p0 = &x, *p1, *p2, *p3;

+ unsigned long salt = 0;

+

+ /*

+ * With TBI enabled and a 48-bit VA, there are 7 bits of auth, and so

+ * a 1/128 chance of auth = pac(ptr,key,salt) producing zero.

+ * Find a salt that creates auth != 0.

+ */

+ do {

+ salt++;

+ asm("pacda %0, %1" : "=r"(p1) : "r"(salt), "0"(p0));

+ } while (p0 == p1);

+

+ /*

+ * This pac must fail, because the input pointer bears an encryption,

+ * and so is not properly extended within bits [55:47]. This will

+ * toggle bit 54 in the output...

+ */

+ asm("pacda %0, %1" : "=r"(p2) : "r"(salt), "0"(p1));

+

+ /* ... so that the aut must fail, setting bit 53 in the output ... */

+ asm("autda %0, %1" : "=r"(p3) : "r"(salt), "0"(p2));

+

+ /* ... which means this equality must not hold. */

+ assert(p3 != p0);

+ return 0;

+}

diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target

index XXXXXXX..XXXXXXX 100644

--- a/tests/tcg/aarch64/Makefile.target

+++ b/tests/tcg/aarch64/Makefile.target

@@ -XXX,XX +XXX,XX @@ run-fcvt: fcvt

# Pauth Tests

ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_ARMV8_3),)

-AARCH64_TESTS += pauth-1 pauth-2 pauth-4

+AARCH64_TESTS += pauth-1 pauth-2 pauth-4 pauth-5

pauth-%: CFLAGS += -march=armv8.3-a

run-pauth-%: QEMU_OPTS += -cpu max

run-plugin-pauth-%: QEMU_OPTS += -cpu max

2.20.1