1
The following changes since commit 4c41341af76cfc85b5a6c0f87de4838672ab9f89:
1
The following changes since commit 5767815218efd3cbfd409505ed824d5f356044ae:
2
2
3
Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20201020' into staging (2020-10-20 11:20:36 +0100)
3
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging (2024-02-14 15:45:52 +0000)
4
4
5
are available in the Git repository at:
5
are available in the Git repository at:
6
6
7
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201020
7
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20240215
8
8
9
for you to fetch changes up to 6358890cb939192f6169fdf7664d903bf9b1d338:
9
for you to fetch changes up to f780e63fe731b058fe52d43653600d8729a1b5f2:
10
10
11
tests/tcg/aarch64: Add bti smoke tests (2020-10-20 16:12:02 +0100)
11
docs: Add documentation for the mps3-an536 board (2024-02-15 14:32:39 +0000)
12
12
13
----------------------------------------------------------------
13
----------------------------------------------------------------
14
target-arm queue:
14
target-arm queue:
15
* Fix AArch32 SMLAD incorrect setting of Q bit
15
* hw/arm/xilinx_zynq: Wire FIQ between CPU <> GIC
16
* AArch32 VCVT fixed-point to float is always round-to-nearest
16
* linux-user/aarch64: Choose SYNC as the preferred MTE mode
17
* strongarm: Fix 'time to transmit a char' unit comment
17
* Fix some errors in SVE/SME handling of MTE tags
18
* Restrict APEI tables generation to the 'virt' machine
18
* hw/pci-host/raven.c: Mark raven_io_ops as implementing unaligned accesses
19
* bcm2835: minor code cleanups
19
* hw/block/tc58128: Don't emit deprecation warning under qtest
20
* correctly flush TLBs when TBI is enabled
20
* tests/qtest: Fix handling of npcm7xx and GMAC tests
21
* tests/qtest: Add npcm7xx timer test
21
* hw/arm/virt: Wire up non-secure EL2 virtual timer IRQ
22
* loads-stores.rst: add footnote that clarifies GETPC usage
22
* tests/qtest/npcm7xx_emc-test: Connect all NICs to a backend
23
* Fix reported EL for mte_check_fail
23
* Don't assert on vmload/vmsave of M-profile CPUs
24
* Ignore HCR_EL2.ATA when {E2H,TGE} != 11
24
* hw/arm/smmuv3: add support for stage 1 access fault
25
* microbit_i2c: Fix coredump when dump-vmstate
25
* hw/arm/stellaris: QOM cleanups
26
* nseries: Fix loading kernel image on n8x0 machines
26
* Use new CBAR encoding for all v8 CPUs, not all aarch64 CPUs
27
* Implement v8.1M low-overhead-loops
27
* Improve Cortex_R52 IMPDEF sysreg modelling
28
* linux-user: Support AArch64 BTI
28
* Allow access to SPSR_hyp from hyp mode
29
* New board model mps3-an536 (Cortex-R52)
29
30
30
----------------------------------------------------------------
31
----------------------------------------------------------------
31
Emanuele Giuseppe Esposito (1):
32
Luc Michel (1):
32
loads-stores.rst: add footnote that clarifies GETPC usage
33
hw/arm/smmuv3: add support for stage 1 access fault
33
34
34
Havard Skinnemoen (1):
35
Nabih Estefan (1):
35
tests/qtest: Add npcm7xx timer test
36
tests/qtest: Fix GMAC test to run on a machine in upstream QEMU
36
37
37
Peng Liang (1):
38
Peter Maydell (22):
38
microbit_i2c: Fix coredump when dump-vmstate
39
hw/pci-host/raven.c: Mark raven_io_ops as implementing unaligned accesses
40
hw/block/tc58128: Don't emit deprecation warning under qtest
41
tests/qtest/meson.build: Don't include qtests_npcm7xx in qtests_aarch64
42
tests/qtest/bios-tables-test: Allow changes to virt GTDT
43
hw/arm/virt: Wire up non-secure EL2 virtual timer IRQ
44
tests/qtest/bios-tables-tests: Update virt golden reference
45
hw/arm/npcm7xx: Call qemu_configure_nic_device() for GMAC modules
46
tests/qtest/npcm7xx_emc-test: Connect all NICs to a backend
47
target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU
48
target/arm: Use new CBAR encoding for all v8 CPUs, not all aarch64 CPUs
49
target/arm: The Cortex-R52 has a read-only CBAR
50
target/arm: Add Cortex-R52 IMPDEF sysregs
51
target/arm: Allow access to SPSR_hyp from hyp mode
52
hw/misc/mps2-scc: Fix condition for CFG3 register
53
hw/misc/mps2-scc: Factor out which-board conditionals
54
hw/misc/mps2-scc: Make changes needed for AN536 FPGA image
55
hw/arm/mps3r: Initial skeleton for mps3-an536 board
56
hw/arm/mps3r: Add CPUs, GIC, and per-CPU RAM
57
hw/arm/mps3r: Add UARTs
58
hw/arm/mps3r: Add GPIO, watchdog, dual-timer, I2C devices
59
hw/arm/mps3r: Add remaining devices
60
docs: Add documentation for the mps3-an536 board
39
61
40
Peter Maydell (12):
62
Philippe Mathieu-Daudé (5):
41
target/arm: Fix SMLAD incorrect setting of Q bit
63
hw/arm/xilinx_zynq: Wire FIQ between CPU <> GIC
42
target/arm: AArch32 VCVT fixed-point to float is always round-to-nearest
64
hw/arm/stellaris: Convert ADC controller to Resettable interface
43
decodetree: Fix codegen for non-overlapping group inside overlapping group
65
hw/arm/stellaris: Convert I2C controller to Resettable interface
44
target/arm: Implement v8.1M NOCP handling
66
hw/arm/stellaris: Add missing QOM 'machine' parent
45
target/arm: Implement v8.1M conditional-select insns
67
hw/arm/stellaris: Add missing QOM 'SoC' parent
46
target/arm: Make the t32 insn[25:23]=111 group non-overlapping
47
target/arm: Don't allow BLX imm for M-profile
48
target/arm: Implement v8.1M branch-future insns (as NOPs)
49
target/arm: Implement v8.1M low-overhead-loop instructions
50
target/arm: Fix has_vfp/has_neon ID reg squashing for M-profile
51
target/arm: Allow M-profile CPUs with FP16 to set FPSCR.FP16
52
target/arm: Implement FPSCR.LTPSIZE for M-profile LOB extension
53
68
54
Philippe Mathieu-Daudé (10):
69
Richard Henderson (6):
55
hw/arm/strongarm: Fix 'time to transmit a char' unit comment
70
linux-user/aarch64: Choose SYNC as the preferred MTE mode
56
hw/arm: Restrict APEI tables generation to the 'virt' machine
71
target/arm: Fix nregs computation in do_{ld,st}_zpa
57
hw/timer/bcm2835: Introduce BCM2835_SYSTIMER_COUNT definition
72
target/arm: Adjust and validate mtedesc sizem1
58
hw/timer/bcm2835: Rename variable holding CTRL_STATUS register
73
target/arm: Split out make_svemte_desc
59
hw/timer/bcm2835: Support the timer COMPARE registers
74
target/arm: Handle mte in do_ldrq, do_ldro
60
hw/arm/bcm2835_peripherals: Correctly wire the SYS_timer IRQs
75
target/arm: Fix SVE/SME gross MTE suppression checks
61
hw/intc/bcm2835_ic: Trace GPU/CPU IRQ handlers
62
hw/intc/bcm2836_control: Use IRQ definitions instead of magic numbers
63
hw/arm/nseries: Fix loading kernel image on n8x0 machines
64
linux-user/elfload: Avoid leaking interp_name using GLib memory API
65
76
66
Richard Henderson (16):
77
MAINTAINERS | 3 +-
67
accel/tcg: Add tlb_flush_page_bits_by_mmuidx*
78
docs/system/arm/mps2.rst | 37 +-
68
target/arm: Use tlb_flush_page_bits_by_mmuidx*
79
configs/devices/arm-softmmu/default.mak | 1 +
69
target/arm: Remove redundant mmu_idx lookup
80
hw/arm/smmuv3-internal.h | 1 +
70
target/arm: Fix reported EL for mte_check_fail
81
include/hw/arm/smmu-common.h | 1 +
71
target/arm: Ignore HCR_EL2.ATA when {E2H,TGE} != 11
82
include/hw/arm/virt.h | 2 +
72
linux-user/aarch64: Reset btype for signals
83
include/hw/misc/mps2-scc.h | 1 +
73
linux-user: Set PAGE_TARGET_1 for TARGET_PROT_BTI
84
linux-user/aarch64/target_prctl.h | 29 +-
74
include/elf: Add defines related to GNU property notes for AArch64
85
target/arm/internals.h | 2 +-
75
linux-user/elfload: Fix coding style in load_elf_image
86
target/arm/tcg/translate-a64.h | 2 +
76
linux-user/elfload: Adjust iteration over phdr
87
hw/arm/mps3r.c | 640 ++++++++++++++++++++++++++++++++
77
linux-user/elfload: Move PT_INTERP detection to first loop
88
hw/arm/npcm7xx.c | 1 +
78
linux-user/elfload: Use Error for load_elf_image
89
hw/arm/smmu-common.c | 11 +
79
linux-user/elfload: Use Error for load_elf_interp
90
hw/arm/smmuv3.c | 1 +
80
linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes
91
hw/arm/stellaris.c | 47 ++-
81
linux-user/elfload: Parse GNU_PROPERTY_AARCH64_FEATURE_1_AND
92
hw/arm/virt-acpi-build.c | 20 +-
82
tests/tcg/aarch64: Add bti smoke tests
93
hw/arm/virt.c | 60 ++-
94
hw/arm/xilinx_zynq.c | 2 +
95
hw/block/tc58128.c | 4 +-
96
hw/misc/mps2-scc.c | 138 ++++++-
97
hw/pci-host/raven.c | 1 +
98
target/arm/helper.c | 14 +-
99
target/arm/tcg/cpu32.c | 109 ++++++
100
target/arm/tcg/op_helper.c | 43 ++-
101
target/arm/tcg/sme_helper.c | 8 +-
102
target/arm/tcg/sve_helper.c | 12 +-
103
target/arm/tcg/translate-sme.c | 15 +-
104
target/arm/tcg/translate-sve.c | 83 +++--
105
target/arm/tcg/translate.c | 19 +-
106
tests/qtest/npcm7xx_emc-test.c | 5 +-
107
tests/qtest/npcm_gmac-test.c | 84 +----
108
hw/arm/Kconfig | 5 +
109
hw/arm/meson.build | 1 +
110
tests/data/acpi/virt/FACP | Bin 276 -> 276 bytes
111
tests/data/acpi/virt/GTDT | Bin 96 -> 104 bytes
112
tests/qtest/meson.build | 4 +-
113
36 files changed, 1184 insertions(+), 222 deletions(-)
114
create mode 100644 hw/arm/mps3r.c
83
115
84
docs/devel/loads-stores.rst | 8 +-
85
default-configs/devices/arm-softmmu.mak | 1 -
86
include/elf.h | 22 ++
87
include/exec/cpu-all.h | 2 +
88
include/exec/exec-all.h | 36 ++
89
include/hw/timer/bcm2835_systmr.h | 17 +-
90
linux-user/qemu.h | 4 +
91
linux-user/syscall_defs.h | 4 +
92
target/arm/cpu.h | 13 +
93
target/arm/helper.h | 13 +
94
target/arm/internals.h | 9 +-
95
target/arm/m-nocp.decode | 10 +-
96
target/arm/t32.decode | 50 ++-
97
accel/tcg/cputlb.c | 275 +++++++++++++++-
98
hw/arm/bcm2835_peripherals.c | 13 +-
99
hw/arm/nseries.c | 1 +
100
hw/arm/strongarm.c | 2 +-
101
hw/i2c/microbit_i2c.c | 1 +
102
hw/intc/bcm2835_ic.c | 4 +-
103
hw/intc/bcm2836_control.c | 8 +-
104
hw/timer/bcm2835_systmr.c | 57 ++--
105
linux-user/aarch64/signal.c | 10 +-
106
linux-user/elfload.c | 326 ++++++++++++++----
107
linux-user/mmap.c | 16 +
108
target/arm/cpu.c | 38 ++-
109
target/arm/helper.c | 55 +++-
110
target/arm/mte_helper.c | 13 +-
111
target/arm/translate-a64.c | 6 +-
112
target/arm/translate.c | 239 +++++++++++++-
113
target/arm/vfp_helper.c | 76 +++--
114
tests/qtest/npcm7xx_timer-test.c | 562 ++++++++++++++++++++++++++++++++
115
tests/tcg/aarch64/bti-1.c | 62 ++++
116
tests/tcg/aarch64/bti-2.c | 108 ++++++
117
tests/tcg/aarch64/bti-crt.inc.c | 51 +++
118
hw/arm/Kconfig | 1 +
119
hw/intc/trace-events | 4 +
120
hw/timer/trace-events | 6 +-
121
scripts/decodetree.py | 2 +-
122
target/arm/translate-vfp.c.inc | 41 ++-
123
tests/qtest/meson.build | 1 +
124
tests/tcg/aarch64/Makefile.target | 10 +
125
tests/tcg/configure.sh | 4 +
126
42 files changed, 1973 insertions(+), 208 deletions(-)
127
create mode 100644 tests/qtest/npcm7xx_timer-test.c
128
create mode 100644 tests/tcg/aarch64/bti-1.c
129
create mode 100644 tests/tcg/aarch64/bti-2.c
130
create mode 100644 tests/tcg/aarch64/bti-crt.inc.c
131
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Philippe Mathieu-Daudé <philmd@linaro.org>
2
2
3
Use the new generic support for NT_GNU_PROPERTY_TYPE_0.
3
Similarly to commits dadbb58f59..5ae79fe825 for other ARM boards,
4
connect FIQ output of the GIC CPU interfaces to the CPU.
4
5
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
6
Message-id: 20201016184207.786698-12-richard.henderson@linaro.org
7
Message-id: 20240130152548.17855-1-philmd@linaro.org
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
---
10
linux-user/elfload.c | 48 ++++++++++++++++++++++++++++++++++++++++++--
11
hw/arm/xilinx_zynq.c | 2 ++
11
1 file changed, 46 insertions(+), 2 deletions(-)
12
1 file changed, 2 insertions(+)
12
13
13
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
14
diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
14
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
15
--- a/linux-user/elfload.c
16
--- a/hw/arm/xilinx_zynq.c
16
+++ b/linux-user/elfload.c
17
+++ b/hw/arm/xilinx_zynq.c
17
@@ -XXX,XX +XXX,XX @@ static void elf_core_copy_regs(target_elf_gregset_t *regs,
18
@@ -XXX,XX +XXX,XX @@ static void zynq_init(MachineState *machine)
18
19
sysbus_mmio_map(busdev, 0, MPCORE_PERIPHBASE);
19
#include "elf.h"
20
sysbus_connect_irq(busdev, 0,
20
21
qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ));
21
+/* We must delay the following stanzas until after "elf.h". */
22
+ sysbus_connect_irq(busdev, 1,
22
+#if defined(TARGET_AARCH64)
23
+ qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_FIQ));
23
+
24
24
+static bool arch_parse_elf_property(uint32_t pr_type, uint32_t pr_datasz,
25
for (n = 0; n < 64; n++) {
25
+ const uint32_t *data,
26
pic[n] = qdev_get_gpio_in(dev, n);
26
+ struct image_info *info,
27
+ Error **errp)
28
+{
29
+ if (pr_type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) {
30
+ if (pr_datasz != sizeof(uint32_t)) {
31
+ error_setg(errp, "Ill-formed GNU_PROPERTY_AARCH64_FEATURE_1_AND");
32
+ return false;
33
+ }
34
+ /* We will extract GNU_PROPERTY_AARCH64_FEATURE_1_BTI later. */
35
+ info->note_flags = *data;
36
+ }
37
+ return true;
38
+}
39
+#define ARCH_USE_GNU_PROPERTY 1
40
+
41
+#else
42
+
43
static bool arch_parse_elf_property(uint32_t pr_type, uint32_t pr_datasz,
44
const uint32_t *data,
45
struct image_info *info,
46
@@ -XXX,XX +XXX,XX @@ static bool arch_parse_elf_property(uint32_t pr_type, uint32_t pr_datasz,
47
}
48
#define ARCH_USE_GNU_PROPERTY 0
49
50
+#endif
51
+
52
struct exec
53
{
54
unsigned int a_info; /* Use macros N_MAGIC, etc for access */
55
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
56
struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
57
struct elf_phdr *phdr;
58
abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
59
- int i, retval;
60
+ int i, retval, prot_exec;
61
Error *err = NULL;
62
63
/* First of all, some simple consistency checks */
64
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
65
info->brk = 0;
66
info->elf_flags = ehdr->e_flags;
67
68
+ prot_exec = PROT_EXEC;
69
+#ifdef TARGET_AARCH64
70
+ /*
71
+ * If the BTI feature is present, this indicates that the executable
72
+ * pages of the startup binary should be mapped with PROT_BTI, so that
73
+ * branch targets are enforced.
74
+ *
75
+ * The startup binary is either the interpreter or the static executable.
76
+ * The interpreter is responsible for all pages of a dynamic executable.
77
+ *
78
+ * Elf notes are backward compatible to older cpus.
79
+ * Do not enable BTI unless it is supported.
80
+ */
81
+ if ((info->note_flags & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)
82
+ && (pinterp_name == NULL || *pinterp_name == 0)
83
+ && cpu_isar_feature(aa64_bti, ARM_CPU(thread_cpu))) {
84
+ prot_exec |= TARGET_PROT_BTI;
85
+ }
86
+#endif
87
+
88
for (i = 0; i < ehdr->e_phnum; i++) {
89
struct elf_phdr *eppnt = phdr + i;
90
if (eppnt->p_type == PT_LOAD) {
91
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
92
elf_prot |= PROT_WRITE;
93
}
94
if (eppnt->p_flags & PF_X) {
95
- elf_prot |= PROT_EXEC;
96
+ elf_prot |= prot_exec;
97
}
98
99
vaddr = load_bias + eppnt->p_vaddr;
100
--
27
--
101
2.20.1
28
2.34.1
102
29
103
30
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
For BTI, we need to know if the executable is static or dynamic,
3
The API does not generate an error for setting ASYNC | SYNC; that merely
4
which means looking for PT_INTERP earlier.
4
constrains the selection vs the per-cpu default. For qemu linux-user,
5
choose SYNC as the default.
5
6
7
Cc: qemu-stable@nongnu.org
8
Reported-by: Gustavo Romero <gustavo.romero@linaro.org>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20201016184207.786698-8-richard.henderson@linaro.org
10
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Message-id: 20240207025210.8837-2-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
13
---
11
linux-user/elfload.c | 60 +++++++++++++++++++++++---------------------
14
linux-user/aarch64/target_prctl.h | 29 +++++++++++++++++------------
12
1 file changed, 31 insertions(+), 29 deletions(-)
15
1 file changed, 17 insertions(+), 12 deletions(-)
13
16
14
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
17
diff --git a/linux-user/aarch64/target_prctl.h b/linux-user/aarch64/target_prctl.h
15
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
16
--- a/linux-user/elfload.c
19
--- a/linux-user/aarch64/target_prctl.h
17
+++ b/linux-user/elfload.c
20
+++ b/linux-user/aarch64/target_prctl.h
18
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
21
@@ -XXX,XX +XXX,XX @@ static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchState *env, abi_long arg2)
19
22
env->tagged_addr_enable = arg2 & PR_TAGGED_ADDR_ENABLE;
20
mmap_lock();
23
21
24
if (cpu_isar_feature(aa64_mte, cpu)) {
22
- /* Find the maximum size of the image and allocate an appropriate
25
- switch (arg2 & PR_MTE_TCF_MASK) {
23
- amount of memory to handle that. */
26
- case PR_MTE_TCF_NONE:
24
+ /*
27
- case PR_MTE_TCF_SYNC:
25
+ * Find the maximum size of the image and allocate an appropriate
28
- case PR_MTE_TCF_ASYNC:
26
+ * amount of memory to handle that. Locate the interpreter, if any.
29
- break;
27
+ */
30
- default:
28
loaddr = -1, hiaddr = 0;
31
- return -EINVAL;
29
info->alignment = 0;
32
- }
30
for (i = 0; i < ehdr->e_phnum; ++i) {
31
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
32
}
33
++info->nsegs;
34
info->alignment |= eppnt->p_align;
35
+ } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
36
+ g_autofree char *interp_name = NULL;
37
+
38
+ if (*pinterp_name) {
39
+ errmsg = "Multiple PT_INTERP entries";
40
+ goto exit_errmsg;
41
+ }
42
+ interp_name = g_malloc(eppnt->p_filesz);
43
+ if (!interp_name) {
44
+ goto exit_perror;
45
+ }
46
+
47
+ if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
48
+ memcpy(interp_name, bprm_buf + eppnt->p_offset,
49
+ eppnt->p_filesz);
50
+ } else {
51
+ retval = pread(image_fd, interp_name, eppnt->p_filesz,
52
+ eppnt->p_offset);
53
+ if (retval != eppnt->p_filesz) {
54
+ goto exit_perror;
55
+ }
56
+ }
57
+ if (interp_name[eppnt->p_filesz - 1] != 0) {
58
+ errmsg = "Invalid PT_INTERP entry";
59
+ goto exit_errmsg;
60
+ }
61
+ *pinterp_name = g_steal_pointer(&interp_name);
62
}
63
}
64
65
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
66
if (vaddr_em > info->brk) {
67
info->brk = vaddr_em;
68
}
69
- } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
70
- g_autofree char *interp_name = NULL;
71
-
33
-
72
- if (*pinterp_name) {
34
/*
73
- errmsg = "Multiple PT_INTERP entries";
35
* Write PR_MTE_TCF to SCTLR_EL1[TCF0].
74
- goto exit_errmsg;
36
- * Note that the syscall values are consistent with hw.
75
- }
37
+ *
76
- interp_name = g_malloc(eppnt->p_filesz);
38
+ * The kernel has a per-cpu configuration for the sysadmin,
77
- if (!interp_name) {
39
+ * /sys/devices/system/cpu/cpu<N>/mte_tcf_preferred,
78
- goto exit_perror;
40
+ * which qemu does not implement.
79
- }
41
+ *
80
-
42
+ * Because there is no performance difference between the modes, and
81
- if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
43
+ * because SYNC is most useful for debugging MTE errors, choose SYNC
82
- memcpy(interp_name, bprm_buf + eppnt->p_offset,
44
+ * as the preferred mode. With this preference, and the way the API
83
- eppnt->p_filesz);
45
+ * uses only two bits, there is no way for the program to select
84
- } else {
46
+ * ASYMM mode.
85
- retval = pread(image_fd, interp_name, eppnt->p_filesz,
47
*/
86
- eppnt->p_offset);
48
- env->cp15.sctlr_el[1] =
87
- if (retval != eppnt->p_filesz) {
49
- deposit64(env->cp15.sctlr_el[1], 38, 2, arg2 >> PR_MTE_TCF_SHIFT);
88
- goto exit_perror;
50
+ unsigned tcf = 0;
89
- }
51
+ if (arg2 & PR_MTE_TCF_SYNC) {
90
- }
52
+ tcf = 1;
91
- if (interp_name[eppnt->p_filesz - 1] != 0) {
53
+ } else if (arg2 & PR_MTE_TCF_ASYNC) {
92
- errmsg = "Invalid PT_INTERP entry";
54
+ tcf = 2;
93
- goto exit_errmsg;
55
+ }
94
- }
56
+ env->cp15.sctlr_el[1] = deposit64(env->cp15.sctlr_el[1], 38, 2, tcf);
95
- *pinterp_name = g_steal_pointer(&interp_name);
57
96
#ifdef TARGET_MIPS
58
/*
97
} else if (eppnt->p_type == PT_MIPS_ABIFLAGS) {
59
* Write PR_MTE_TAG to GCR_EL1[Exclude].
98
Mips_elf_abiflags_v0 abiflags;
99
--
60
--
100
2.20.1
61
2.34.1
101
102
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Transform the prot bit to a qemu internal page bit, and save
3
The field is encoded as [0-3], which is convenient for
4
it in the page tables.
4
indexing our array of function pointers, but the true
5
value is [1-4]. Adjust before calling do_mem_zpa.
5
6
7
Add an assert, and move the comment re passing ZT to
8
the helper back next to the relevant code.
9
10
Cc: qemu-stable@nongnu.org
11
Fixes: 206adacfb8d ("target/arm: Add mte helpers for sve scalar + int loads")
12
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
13
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
14
Message-id: 20240207025210.8837-3-richard.henderson@linaro.org
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
15
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20201016184207.786698-3-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
17
---
11
include/exec/cpu-all.h | 2 ++
18
target/arm/tcg/translate-sve.c | 16 ++++++++--------
12
linux-user/syscall_defs.h | 4 ++++
19
1 file changed, 8 insertions(+), 8 deletions(-)
13
target/arm/cpu.h | 5 +++++
14
linux-user/mmap.c | 16 ++++++++++++++++
15
target/arm/translate-a64.c | 6 +++---
16
5 files changed, 30 insertions(+), 3 deletions(-)
17
20
18
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
21
diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
19
index XXXXXXX..XXXXXXX 100644
22
index XXXXXXX..XXXXXXX 100644
20
--- a/include/exec/cpu-all.h
23
--- a/target/arm/tcg/translate-sve.c
21
+++ b/include/exec/cpu-all.h
24
+++ b/target/arm/tcg/translate-sve.c
22
@@ -XXX,XX +XXX,XX @@ extern intptr_t qemu_host_page_mask;
25
@@ -XXX,XX +XXX,XX @@ static void do_mem_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,
23
/* FIXME: Code that sets/uses this is broken and needs to go away. */
26
TCGv_ptr t_pg;
24
#define PAGE_RESERVED 0x0020
27
int desc = 0;
25
#endif
28
26
+/* Target-specific bits that will be used via page_get_flags(). */
29
- /*
27
+#define PAGE_TARGET_1 0x0080
30
- * For e.g. LD4, there are not enough arguments to pass all 4
28
31
- * registers as pointers, so encode the regno into the data field.
29
#if defined(CONFIG_USER_ONLY)
32
- * For consistency, do this even for LD1.
30
void page_dump(FILE *f);
33
- */
31
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
34
+ assert(mte_n >= 1 && mte_n <= 4);
32
index XXXXXXX..XXXXXXX 100644
35
if (s->mte_active[0]) {
33
--- a/linux-user/syscall_defs.h
36
int msz = dtype_msz(dtype);
34
+++ b/linux-user/syscall_defs.h
37
35
@@ -XXX,XX +XXX,XX @@ struct target_winsize {
38
@@ -XXX,XX +XXX,XX @@ static void do_mem_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,
36
#define TARGET_PROT_SEM 0x08
39
addr = clean_data_tbi(s, addr);
37
#endif
40
}
38
41
39
+#ifdef TARGET_AARCH64
40
+#define TARGET_PROT_BTI 0x10
41
+#endif
42
+
43
/* Common */
44
#define TARGET_MAP_SHARED    0x01        /* Share changes */
45
#define TARGET_MAP_PRIVATE    0x02        /* Changes are private */
46
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
47
index XXXXXXX..XXXXXXX 100644
48
--- a/target/arm/cpu.h
49
+++ b/target/arm/cpu.h
50
@@ -XXX,XX +XXX,XX @@ static inline MemTxAttrs *typecheck_memtxattrs(MemTxAttrs *x)
51
#define arm_tlb_bti_gp(x) (typecheck_memtxattrs(x)->target_tlb_bit0)
52
#define arm_tlb_mte_tagged(x) (typecheck_memtxattrs(x)->target_tlb_bit1)
53
54
+/*
55
+ * AArch64 usage of the PAGE_TARGET_* bits for linux-user.
56
+ */
57
+#define PAGE_BTI PAGE_TARGET_1
58
+
59
/*
60
* Naming convention for isar_feature functions:
61
* Functions which test 32-bit ID registers should have _aa32_ in
62
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
63
index XXXXXXX..XXXXXXX 100644
64
--- a/linux-user/mmap.c
65
+++ b/linux-user/mmap.c
66
@@ -XXX,XX +XXX,XX @@ static int validate_prot_to_pageflags(int *host_prot, int prot)
67
*host_prot = (prot & (PROT_READ | PROT_WRITE))
68
| (prot & PROT_EXEC ? PROT_READ : 0);
69
70
+#ifdef TARGET_AARCH64
71
+ /*
42
+ /*
72
+ * The PROT_BTI bit is only accepted if the cpu supports the feature.
43
+ * For e.g. LD4, there are not enough arguments to pass all 4
73
+ * Since this is the unusual case, don't bother checking unless
44
+ * registers as pointers, so encode the regno into the data field.
74
+ * the bit has been requested. If set and valid, record the bit
45
+ * For consistency, do this even for LD1.
75
+ * within QEMU's page_flags.
76
+ */
46
+ */
77
+ if (prot & TARGET_PROT_BTI) {
47
desc = simd_desc(vsz, vsz, zt | desc);
78
+ ARMCPU *cpu = ARM_CPU(thread_cpu);
48
t_pg = tcg_temp_new_ptr();
79
+ if (cpu_isar_feature(aa64_bti, cpu)) {
49
80
+ valid |= TARGET_PROT_BTI;
50
@@ -XXX,XX +XXX,XX @@ static void do_ld_zpa(DisasContext *s, int zt, int pg,
81
+ page_flags |= PAGE_BTI;
51
* accessible via the instruction encoding.
82
+ }
52
*/
83
+ }
53
assert(fn != NULL);
84
+#endif
54
- do_mem_zpa(s, zt, pg, addr, dtype, nreg, false, fn);
85
+
55
+ do_mem_zpa(s, zt, pg, addr, dtype, nreg + 1, false, fn);
86
return prot & ~valid ? 0 : page_flags;
87
}
56
}
88
57
89
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
58
static bool trans_LD_zprr(DisasContext *s, arg_rprr_load *a)
90
index XXXXXXX..XXXXXXX 100644
59
@@ -XXX,XX +XXX,XX @@ static void do_st_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,
91
--- a/target/arm/translate-a64.c
60
if (nreg == 0) {
92
+++ b/target/arm/translate-a64.c
61
/* ST1 */
93
@@ -XXX,XX +XXX,XX @@ static void disas_data_proc_simd_fp(DisasContext *s, uint32_t insn)
62
fn = fn_single[s->mte_active[0]][be][msz][esz];
94
*/
63
- nreg = 1;
95
static bool is_guarded_page(CPUARMState *env, DisasContext *s)
64
} else {
96
{
65
/* ST2, ST3, ST4 -- msz == esz, enforced by encoding */
97
-#ifdef CONFIG_USER_ONLY
66
assert(msz == esz);
98
- return false; /* FIXME */
67
fn = fn_multiple[s->mte_active[0]][be][nreg - 1][msz];
99
-#else
68
}
100
uint64_t addr = s->base.pc_first;
69
assert(fn != NULL);
101
+#ifdef CONFIG_USER_ONLY
70
- do_mem_zpa(s, zt, pg, addr, msz_dtype(s, msz), nreg, true, fn);
102
+ return page_get_flags(addr) & PAGE_BTI;
71
+ do_mem_zpa(s, zt, pg, addr, msz_dtype(s, msz), nreg + 1, true, fn);
103
+#else
72
}
104
int mmu_idx = arm_to_core_mmu_idx(s->mmu_idx);
73
105
unsigned int index = tlb_index(env, mmu_idx, addr);
74
static bool trans_ST_zprr(DisasContext *s, arg_rprr_store *a)
106
CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
107
--
75
--
108
2.20.1
76
2.34.1
109
110
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Unlike many other bits in HCR_EL2, the description for this
3
When we added SVE_MTEDESC_SHIFT, we effectively limited the
4
bit does not contain the phrase "if ... this field behaves
4
maximum size of MTEDESC. Adjust SIZEM1 to consume the remaining
5
as 0 for all purposes other than", so do not squash the bit
5
bits (32 - 10 - 5 - 12 == 5). Assert that the data to be stored
6
in arm_hcr_el2_eff.
6
fits within the field (expecting 8 * 4 - 1 == 31, exact fit).
7
7
8
Instead, replicate the E2H+TGE test in the two places that
8
Cc: qemu-stable@nongnu.org
9
require it.
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
11
Reported-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
12
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
13
Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
11
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
14
Tested-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
12
Message-id: 20240207025210.8837-4-richard.henderson@linaro.org
15
Message-id: 20201008162155.161886-4-richard.henderson@linaro.org
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
---
14
---
18
target/arm/internals.h | 9 +++++----
15
target/arm/internals.h | 2 +-
19
target/arm/helper.c | 9 +++++----
16
target/arm/tcg/translate-sve.c | 7 ++++---
20
2 files changed, 10 insertions(+), 8 deletions(-)
17
2 files changed, 5 insertions(+), 4 deletions(-)
21
18
22
diff --git a/target/arm/internals.h b/target/arm/internals.h
19
diff --git a/target/arm/internals.h b/target/arm/internals.h
23
index XXXXXXX..XXXXXXX 100644
20
index XXXXXXX..XXXXXXX 100644
24
--- a/target/arm/internals.h
21
--- a/target/arm/internals.h
25
+++ b/target/arm/internals.h
22
+++ b/target/arm/internals.h
26
@@ -XXX,XX +XXX,XX @@ static inline bool allocation_tag_access_enabled(CPUARMState *env, int el,
23
@@ -XXX,XX +XXX,XX @@ FIELD(MTEDESC, TBI, 4, 2)
27
&& !(env->cp15.scr_el3 & SCR_ATA)) {
24
FIELD(MTEDESC, TCMA, 6, 2)
28
return false;
25
FIELD(MTEDESC, WRITE, 8, 1)
29
}
26
FIELD(MTEDESC, ALIGN, 9, 3)
30
- if (el < 2
27
-FIELD(MTEDESC, SIZEM1, 12, SIMD_DATA_BITS - 12) /* size - 1 */
31
- && arm_feature(env, ARM_FEATURE_EL2)
28
+FIELD(MTEDESC, SIZEM1, 12, SIMD_DATA_BITS - SVE_MTEDESC_SHIFT - 12) /* size - 1 */
32
- && !(arm_hcr_el2_eff(env) & HCR_ATA)) {
29
33
- return false;
30
bool mte_probe(CPUARMState *env, uint32_t desc, uint64_t ptr);
34
+ if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
31
uint64_t mte_check(CPUARMState *env, uint32_t desc, uint64_t ptr, uintptr_t ra);
35
+ uint64_t hcr = arm_hcr_el2_eff(env);
32
diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
36
+ if (!(hcr & HCR_ATA) && (!(hcr & HCR_E2H) || !(hcr & HCR_TGE))) {
37
+ return false;
38
+ }
39
}
40
sctlr &= (el == 0 ? SCTLR_ATA0 : SCTLR_ATA);
41
return sctlr != 0;
42
diff --git a/target/arm/helper.c b/target/arm/helper.c
43
index XXXXXXX..XXXXXXX 100644
33
index XXXXXXX..XXXXXXX 100644
44
--- a/target/arm/helper.c
34
--- a/target/arm/tcg/translate-sve.c
45
+++ b/target/arm/helper.c
35
+++ b/target/arm/tcg/translate-sve.c
46
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_mte(CPUARMState *env, const ARMCPRegInfo *ri,
36
@@ -XXX,XX +XXX,XX @@ static void do_mem_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,
47
{
37
{
48
int el = arm_current_el(env);
38
unsigned vsz = vec_full_reg_size(s);
49
39
TCGv_ptr t_pg;
50
- if (el < 2 &&
40
+ uint32_t sizem1;
51
- arm_feature(env, ARM_FEATURE_EL2) &&
41
int desc = 0;
52
- !(arm_hcr_el2_eff(env) & HCR_ATA)) {
42
53
- return CP_ACCESS_TRAP_EL2;
43
assert(mte_n >= 1 && mte_n <= 4);
54
+ if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
44
+ sizem1 = (mte_n << dtype_msz(dtype)) - 1;
55
+ uint64_t hcr = arm_hcr_el2_eff(env);
45
+ assert(sizem1 <= R_MTEDESC_SIZEM1_MASK >> R_MTEDESC_SIZEM1_SHIFT);
56
+ if (!(hcr & HCR_ATA) && (!(hcr & HCR_E2H) || !(hcr & HCR_TGE))) {
46
if (s->mte_active[0]) {
57
+ return CP_ACCESS_TRAP_EL2;
47
- int msz = dtype_msz(dtype);
58
+ }
48
-
59
}
49
desc = FIELD_DP32(desc, MTEDESC, MIDX, get_mem_index(s));
60
if (el < 3 &&
50
desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
61
arm_feature(env, ARM_FEATURE_EL3) &&
51
desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
52
desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
53
- desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (mte_n << msz) - 1);
54
+ desc = FIELD_DP32(desc, MTEDESC, SIZEM1, sizem1);
55
desc <<= SVE_MTEDESC_SHIFT;
56
} else {
57
addr = clean_data_tbi(s, addr);
62
--
58
--
63
2.20.1
59
2.34.1
64
65
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
This is a bit clearer than open-coding some of this
3
Share code that creates mtedesc and embeds within simd_desc.
4
with a bare c string.
5
4
5
Cc: qemu-stable@nongnu.org
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
8
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
8
Message-id: 20201016184207.786698-9-richard.henderson@linaro.org
9
Message-id: 20240207025210.8837-5-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
---
11
linux-user/elfload.c | 37 ++++++++++++++++++++-----------------
12
target/arm/tcg/translate-a64.h | 2 ++
12
1 file changed, 20 insertions(+), 17 deletions(-)
13
target/arm/tcg/translate-sme.c | 15 +++--------
14
target/arm/tcg/translate-sve.c | 47 ++++++++++++++++++----------------
15
3 files changed, 31 insertions(+), 33 deletions(-)
13
16
14
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
17
diff --git a/target/arm/tcg/translate-a64.h b/target/arm/tcg/translate-a64.h
15
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
16
--- a/linux-user/elfload.c
19
--- a/target/arm/tcg/translate-a64.h
17
+++ b/linux-user/elfload.c
20
+++ b/target/arm/tcg/translate-a64.h
18
@@ -XXX,XX +XXX,XX @@
21
@@ -XXX,XX +XXX,XX @@ bool logic_imm_decode_wmask(uint64_t *result, unsigned int immn,
19
#include "qemu/guest-random.h"
22
bool sve_access_check(DisasContext *s);
20
#include "qemu/units.h"
23
bool sme_enabled_check(DisasContext *s);
21
#include "qemu/selfmap.h"
24
bool sme_enabled_check_with_svcr(DisasContext *s, unsigned);
22
+#include "qapi/error.h"
25
+uint32_t make_svemte_desc(DisasContext *s, unsigned vsz, uint32_t nregs,
23
26
+ uint32_t msz, bool is_write, uint32_t data);
24
#ifdef _ARCH_PPC64
27
25
#undef ARCH_DLINFO
28
/* This function corresponds to CheckStreamingSVEEnabled. */
26
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
29
static inline bool sme_sm_enabled_check(DisasContext *s)
27
struct elf_phdr *phdr;
30
diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
28
abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
31
index XXXXXXX..XXXXXXX 100644
29
int i, retval;
32
--- a/target/arm/tcg/translate-sme.c
30
- const char *errmsg;
33
+++ b/target/arm/tcg/translate-sme.c
31
+ Error *err = NULL;
34
@@ -XXX,XX +XXX,XX @@ static bool trans_LDST1(DisasContext *s, arg_LDST1 *a)
32
35
33
/* First of all, some simple consistency checks */
36
TCGv_ptr t_za, t_pg;
34
- errmsg = "Invalid ELF image for this architecture";
37
TCGv_i64 addr;
35
if (!elf_check_ident(ehdr)) {
38
- int svl, desc = 0;
36
+ error_setg(&err, "Invalid ELF image for this architecture");
39
+ uint32_t desc;
37
goto exit_errmsg;
40
bool be = s->be_data == MO_BE;
41
bool mte = s->mte_active[0];
42
43
@@ -XXX,XX +XXX,XX @@ static bool trans_LDST1(DisasContext *s, arg_LDST1 *a)
44
tcg_gen_shli_i64(addr, cpu_reg(s, a->rm), a->esz);
45
tcg_gen_add_i64(addr, addr, cpu_reg_sp(s, a->rn));
46
47
- if (mte) {
48
- desc = FIELD_DP32(desc, MTEDESC, MIDX, get_mem_index(s));
49
- desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
50
- desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
51
- desc = FIELD_DP32(desc, MTEDESC, WRITE, a->st);
52
- desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (1 << a->esz) - 1);
53
- desc <<= SVE_MTEDESC_SHIFT;
54
- } else {
55
+ if (!mte) {
56
addr = clean_data_tbi(s, addr);
38
}
57
}
39
bswap_ehdr(ehdr);
58
- svl = streaming_vec_reg_size(s);
40
if (!elf_check_ehdr(ehdr)) {
59
- desc = simd_desc(svl, svl, desc);
41
+ error_setg(&err, "Invalid ELF image for this architecture");
60
+
42
goto exit_errmsg;
61
+ desc = make_svemte_desc(s, streaming_vec_reg_size(s), 1, a->esz, a->st, 0);
62
63
fns[a->esz][be][a->v][mte][a->st](tcg_env, t_za, t_pg, addr,
64
tcg_constant_i32(desc));
65
diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
66
index XXXXXXX..XXXXXXX 100644
67
--- a/target/arm/tcg/translate-sve.c
68
+++ b/target/arm/tcg/translate-sve.c
69
@@ -XXX,XX +XXX,XX @@ static const uint8_t dtype_esz[16] = {
70
3, 2, 1, 3
71
};
72
73
-static void do_mem_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,
74
- int dtype, uint32_t mte_n, bool is_write,
75
- gen_helper_gvec_mem *fn)
76
+uint32_t make_svemte_desc(DisasContext *s, unsigned vsz, uint32_t nregs,
77
+ uint32_t msz, bool is_write, uint32_t data)
78
{
79
- unsigned vsz = vec_full_reg_size(s);
80
- TCGv_ptr t_pg;
81
uint32_t sizem1;
82
- int desc = 0;
83
+ uint32_t desc = 0;
84
85
- assert(mte_n >= 1 && mte_n <= 4);
86
- sizem1 = (mte_n << dtype_msz(dtype)) - 1;
87
+ /* Assert all of the data fits, with or without MTE enabled. */
88
+ assert(nregs >= 1 && nregs <= 4);
89
+ sizem1 = (nregs << msz) - 1;
90
assert(sizem1 <= R_MTEDESC_SIZEM1_MASK >> R_MTEDESC_SIZEM1_SHIFT);
91
+ assert(data < 1u << SVE_MTEDESC_SHIFT);
92
+
93
if (s->mte_active[0]) {
94
desc = FIELD_DP32(desc, MTEDESC, MIDX, get_mem_index(s));
95
desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
96
@@ -XXX,XX +XXX,XX @@ static void do_mem_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,
97
desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
98
desc = FIELD_DP32(desc, MTEDESC, SIZEM1, sizem1);
99
desc <<= SVE_MTEDESC_SHIFT;
100
- } else {
101
+ }
102
+ return simd_desc(vsz, vsz, desc | data);
103
+}
104
+
105
+static void do_mem_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,
106
+ int dtype, uint32_t nregs, bool is_write,
107
+ gen_helper_gvec_mem *fn)
108
+{
109
+ TCGv_ptr t_pg;
110
+ uint32_t desc;
111
+
112
+ if (!s->mte_active[0]) {
113
addr = clean_data_tbi(s, addr);
43
}
114
}
44
115
45
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
116
@@ -XXX,XX +XXX,XX @@ static void do_mem_zpa(DisasContext *s, int zt, int pg, TCGv_i64 addr,
46
g_autofree char *interp_name = NULL;
117
* registers as pointers, so encode the regno into the data field.
47
118
* For consistency, do this even for LD1.
48
if (*pinterp_name) {
119
*/
49
- errmsg = "Multiple PT_INTERP entries";
120
- desc = simd_desc(vsz, vsz, zt | desc);
50
+ error_setg(&err, "Multiple PT_INTERP entries");
121
+ desc = make_svemte_desc(s, vec_full_reg_size(s), nregs,
51
goto exit_errmsg;
122
+ dtype_msz(dtype), is_write, zt);
52
}
123
t_pg = tcg_temp_new_ptr();
124
125
tcg_gen_addi_ptr(t_pg, tcg_env, pred_full_reg_offset(s, pg));
126
@@ -XXX,XX +XXX,XX @@ static void do_mem_zpz(DisasContext *s, int zt, int pg, int zm,
127
int scale, TCGv_i64 scalar, int msz, bool is_write,
128
gen_helper_gvec_mem_scatter *fn)
129
{
130
- unsigned vsz = vec_full_reg_size(s);
131
TCGv_ptr t_zm = tcg_temp_new_ptr();
132
TCGv_ptr t_pg = tcg_temp_new_ptr();
133
TCGv_ptr t_zt = tcg_temp_new_ptr();
134
- int desc = 0;
135
-
136
- if (s->mte_active[0]) {
137
- desc = FIELD_DP32(desc, MTEDESC, MIDX, get_mem_index(s));
138
- desc = FIELD_DP32(desc, MTEDESC, TBI, s->tbid);
139
- desc = FIELD_DP32(desc, MTEDESC, TCMA, s->tcma);
140
- desc = FIELD_DP32(desc, MTEDESC, WRITE, is_write);
141
- desc = FIELD_DP32(desc, MTEDESC, SIZEM1, (1 << msz) - 1);
142
- desc <<= SVE_MTEDESC_SHIFT;
143
- }
144
- desc = simd_desc(vsz, vsz, desc | scale);
145
+ uint32_t desc;
146
147
tcg_gen_addi_ptr(t_pg, tcg_env, pred_full_reg_offset(s, pg));
148
tcg_gen_addi_ptr(t_zm, tcg_env, vec_full_reg_offset(s, zm));
149
tcg_gen_addi_ptr(t_zt, tcg_env, vec_full_reg_offset(s, zt));
53
+
150
+
54
interp_name = g_malloc(eppnt->p_filesz);
151
+ desc = make_svemte_desc(s, vec_full_reg_size(s), 1, msz, is_write, scale);
55
- if (!interp_name) {
152
fn(tcg_env, t_zt, t_pg, t_zm, scalar, tcg_constant_i32(desc));
56
- goto exit_perror;
57
- }
58
59
if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
60
memcpy(interp_name, bprm_buf + eppnt->p_offset,
61
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
62
retval = pread(image_fd, interp_name, eppnt->p_filesz,
63
eppnt->p_offset);
64
if (retval != eppnt->p_filesz) {
65
- goto exit_perror;
66
+ goto exit_read;
67
}
68
}
69
if (interp_name[eppnt->p_filesz - 1] != 0) {
70
- errmsg = "Invalid PT_INTERP entry";
71
+ error_setg(&err, "Invalid PT_INTERP entry");
72
goto exit_errmsg;
73
}
74
*pinterp_name = g_steal_pointer(&interp_name);
75
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
76
(ehdr->e_type == ET_EXEC ? MAP_FIXED : 0),
77
-1, 0);
78
if (load_addr == -1) {
79
- goto exit_perror;
80
+ goto exit_mmap;
81
}
82
load_bias = load_addr - loaddr;
83
84
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
85
image_fd, eppnt->p_offset - vaddr_po);
86
87
if (error == -1) {
88
- goto exit_perror;
89
+ goto exit_mmap;
90
}
91
}
92
93
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
94
} else if (eppnt->p_type == PT_MIPS_ABIFLAGS) {
95
Mips_elf_abiflags_v0 abiflags;
96
if (eppnt->p_filesz < sizeof(Mips_elf_abiflags_v0)) {
97
- errmsg = "Invalid PT_MIPS_ABIFLAGS entry";
98
+ error_setg(&err, "Invalid PT_MIPS_ABIFLAGS entry");
99
goto exit_errmsg;
100
}
101
if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
102
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
103
retval = pread(image_fd, &abiflags, sizeof(Mips_elf_abiflags_v0),
104
eppnt->p_offset);
105
if (retval != sizeof(Mips_elf_abiflags_v0)) {
106
- goto exit_perror;
107
+ goto exit_read;
108
}
109
}
110
bswap_mips_abiflags(&abiflags);
111
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
112
113
exit_read:
114
if (retval >= 0) {
115
- errmsg = "Incomplete read of file header";
116
- goto exit_errmsg;
117
+ error_setg(&err, "Incomplete read of file header");
118
+ } else {
119
+ error_setg_errno(&err, errno, "Error reading file header");
120
}
121
- exit_perror:
122
- errmsg = strerror(errno);
123
+ goto exit_errmsg;
124
+ exit_mmap:
125
+ error_setg_errno(&err, errno, "Error mapping file");
126
+ goto exit_errmsg;
127
exit_errmsg:
128
- fprintf(stderr, "%s: %s\n", image_name, errmsg);
129
+ error_reportf_err(err, "%s: ", image_name);
130
exit(-1);
131
}
153
}
132
154
133
--
155
--
134
2.20.1
156
2.34.1
135
136
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
The kernel sets btype for the signal handler as if for a call.
3
These functions "use the standard load helpers", but
4
fail to clean_data_tbi or populate mtedesc.
4
5
6
Cc: qemu-stable@nongnu.org
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20201016184207.786698-2-richard.henderson@linaro.org
9
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
10
Message-id: 20240207025210.8837-6-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
12
---
10
linux-user/aarch64/signal.c | 10 ++++++++--
13
target/arm/tcg/translate-sve.c | 15 +++++++++++++--
11
1 file changed, 8 insertions(+), 2 deletions(-)
14
1 file changed, 13 insertions(+), 2 deletions(-)
12
15
13
diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
16
diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
14
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
15
--- a/linux-user/aarch64/signal.c
18
--- a/target/arm/tcg/translate-sve.c
16
+++ b/linux-user/aarch64/signal.c
19
+++ b/target/arm/tcg/translate-sve.c
17
@@ -XXX,XX +XXX,XX @@ static void target_setup_frame(int usig, struct target_sigaction *ka,
20
@@ -XXX,XX +XXX,XX @@ static void do_ldrq(DisasContext *s, int zt, int pg, TCGv_i64 addr, int dtype)
18
+ offsetof(struct target_rt_frame_record, tramp);
21
unsigned vsz = vec_full_reg_size(s);
19
}
22
TCGv_ptr t_pg;
20
env->xregs[0] = usig;
23
int poff;
21
- env->xregs[31] = frame_addr;
24
+ uint32_t desc;
22
env->xregs[29] = frame_addr + fr_ofs;
25
23
- env->pc = ka->_sa_handler;
26
/* Load the first quadword using the normal predicated load helpers. */
24
env->xregs[30] = return_addr;
27
+ if (!s->mte_active[0]) {
25
+ env->xregs[31] = frame_addr;
28
+ addr = clean_data_tbi(s, addr);
26
+ env->pc = ka->_sa_handler;
27
+
28
+ /* Invoke the signal handler as if by indirect call. */
29
+ if (cpu_isar_feature(aa64_bti, env_archcpu(env))) {
30
+ env->btype = 2;
31
+ }
29
+ }
32
+
30
+
33
if (info) {
31
poff = pred_full_reg_offset(s, pg);
34
tswap_siginfo(&frame->info, info);
32
if (vsz > 16) {
35
env->xregs[1] = frame_addr + offsetof(struct target_rt_sigframe, info);
33
/*
34
@@ -XXX,XX +XXX,XX @@ static void do_ldrq(DisasContext *s, int zt, int pg, TCGv_i64 addr, int dtype)
35
36
gen_helper_gvec_mem *fn
37
= ldr_fns[s->mte_active[0]][s->be_data == MO_BE][dtype][0];
38
- fn(tcg_env, t_pg, addr, tcg_constant_i32(simd_desc(16, 16, zt)));
39
+ desc = make_svemte_desc(s, 16, 1, dtype_msz(dtype), false, zt);
40
+ fn(tcg_env, t_pg, addr, tcg_constant_i32(desc));
41
42
/* Replicate that first quadword. */
43
if (vsz > 16) {
44
@@ -XXX,XX +XXX,XX @@ static void do_ldro(DisasContext *s, int zt, int pg, TCGv_i64 addr, int dtype)
45
unsigned vsz_r32;
46
TCGv_ptr t_pg;
47
int poff, doff;
48
+ uint32_t desc;
49
50
if (vsz < 32) {
51
/*
52
@@ -XXX,XX +XXX,XX @@ static void do_ldro(DisasContext *s, int zt, int pg, TCGv_i64 addr, int dtype)
53
}
54
55
/* Load the first octaword using the normal predicated load helpers. */
56
+ if (!s->mte_active[0]) {
57
+ addr = clean_data_tbi(s, addr);
58
+ }
59
60
poff = pred_full_reg_offset(s, pg);
61
if (vsz > 32) {
62
@@ -XXX,XX +XXX,XX @@ static void do_ldro(DisasContext *s, int zt, int pg, TCGv_i64 addr, int dtype)
63
64
gen_helper_gvec_mem *fn
65
= ldr_fns[s->mte_active[0]][s->be_data == MO_BE][dtype][0];
66
- fn(tcg_env, t_pg, addr, tcg_constant_i32(simd_desc(32, 32, zt)));
67
+ desc = make_svemte_desc(s, 32, 1, dtype_msz(dtype), false, zt);
68
+ fn(tcg_env, t_pg, addr, tcg_constant_i32(desc));
69
70
/*
71
* Replicate that first octaword.
36
--
72
--
37
2.20.1
73
2.34.1
38
39
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
This is slightly clearer than just using strerror, though
3
The TBI and TCMA bits are located within mtedesc, not desc.
4
the different forms produced by error_setg_file_open and
5
error_setg_errno isn't entirely convenient.
6
4
5
Cc: qemu-stable@nongnu.org
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
8
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
9
Message-id: 20201016184207.786698-10-richard.henderson@linaro.org
9
Message-id: 20240207025210.8837-7-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
11
---
12
linux-user/elfload.c | 15 ++++++++-------
12
target/arm/tcg/sme_helper.c | 8 ++++----
13
1 file changed, 8 insertions(+), 7 deletions(-)
13
target/arm/tcg/sve_helper.c | 12 ++++++------
14
2 files changed, 10 insertions(+), 10 deletions(-)
14
15
15
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
16
diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
16
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
17
--- a/linux-user/elfload.c
18
--- a/target/arm/tcg/sme_helper.c
18
+++ b/linux-user/elfload.c
19
+++ b/target/arm/tcg/sme_helper.c
19
@@ -XXX,XX +XXX,XX @@ static void load_elf_interp(const char *filename, struct image_info *info,
20
@@ -XXX,XX +XXX,XX @@ void sme_ld1_mte(CPUARMState *env, void *za, uint64_t *vg,
20
char bprm_buf[BPRM_BUF_SIZE])
21
desc = extract32(desc, 0, SIMD_DATA_SHIFT + SVE_MTEDESC_SHIFT);
21
{
22
22
int fd, retval;
23
/* Perform gross MTE suppression early. */
23
+ Error *err = NULL;
24
- if (!tbi_check(desc, bit55) ||
24
25
- tcma_check(desc, bit55, allocation_tag_from_addr(addr))) {
25
fd = open(path(filename), O_RDONLY);
26
+ if (!tbi_check(mtedesc, bit55) ||
26
if (fd < 0) {
27
+ tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) {
27
- goto exit_perror;
28
mtedesc = 0;
28
+ error_setg_file_open(&err, errno, filename);
29
+ error_report_err(err);
30
+ exit(-1);
31
}
29
}
32
30
33
retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
31
@@ -XXX,XX +XXX,XX @@ void sme_st1_mte(CPUARMState *env, void *za, uint64_t *vg, target_ulong addr,
34
if (retval < 0) {
32
desc = extract32(desc, 0, SIMD_DATA_SHIFT + SVE_MTEDESC_SHIFT);
35
- goto exit_perror;
33
36
+ error_setg_errno(&err, errno, "Error reading file header");
34
/* Perform gross MTE suppression early. */
37
+ error_reportf_err(err, "%s: ", filename);
35
- if (!tbi_check(desc, bit55) ||
38
+ exit(-1);
36
- tcma_check(desc, bit55, allocation_tag_from_addr(addr))) {
37
+ if (!tbi_check(mtedesc, bit55) ||
38
+ tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) {
39
mtedesc = 0;
39
}
40
}
40
+
41
41
if (retval < BPRM_BUF_SIZE) {
42
diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c
42
memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
43
index XXXXXXX..XXXXXXX 100644
44
--- a/target/arm/tcg/sve_helper.c
45
+++ b/target/arm/tcg/sve_helper.c
46
@@ -XXX,XX +XXX,XX @@ void sve_ldN_r_mte(CPUARMState *env, uint64_t *vg, target_ulong addr,
47
desc = extract32(desc, 0, SIMD_DATA_SHIFT + SVE_MTEDESC_SHIFT);
48
49
/* Perform gross MTE suppression early. */
50
- if (!tbi_check(desc, bit55) ||
51
- tcma_check(desc, bit55, allocation_tag_from_addr(addr))) {
52
+ if (!tbi_check(mtedesc, bit55) ||
53
+ tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) {
54
mtedesc = 0;
43
}
55
}
44
56
45
load_elf_image(filename, fd, info, NULL, bprm_buf);
57
@@ -XXX,XX +XXX,XX @@ void sve_ldnfff1_r_mte(CPUARMState *env, void *vg, target_ulong addr,
46
- return;
58
desc = extract32(desc, 0, SIMD_DATA_SHIFT + SVE_MTEDESC_SHIFT);
47
-
59
48
- exit_perror:
60
/* Perform gross MTE suppression early. */
49
- fprintf(stderr, "%s: %s\n", filename, strerror(errno));
61
- if (!tbi_check(desc, bit55) ||
50
- exit(-1);
62
- tcma_check(desc, bit55, allocation_tag_from_addr(addr))) {
51
}
63
+ if (!tbi_check(mtedesc, bit55) ||
52
64
+ tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) {
53
static int symfind(const void *s0, const void *s1)
65
mtedesc = 0;
66
}
67
68
@@ -XXX,XX +XXX,XX @@ void sve_stN_r_mte(CPUARMState *env, uint64_t *vg, target_ulong addr,
69
desc = extract32(desc, 0, SIMD_DATA_SHIFT + SVE_MTEDESC_SHIFT);
70
71
/* Perform gross MTE suppression early. */
72
- if (!tbi_check(desc, bit55) ||
73
- tcma_check(desc, bit55, allocation_tag_from_addr(addr))) {
74
+ if (!tbi_check(mtedesc, bit55) ||
75
+ tcma_check(mtedesc, bit55, allocation_tag_from_addr(addr))) {
76
mtedesc = 0;
77
}
78
54
--
79
--
55
2.20.1
80
2.34.1
56
57
diff view generated by jsdifflib
1
From: Peng Liang <liangpeng10@huawei.com>
1
The raven_io_ops MemoryRegionOps is the only one in the source tree
2
which sets .valid.unaligned to indicate that it should support
3
unaligned accesses and which does not also set .impl.unaligned to
4
indicate that its read and write functions can do the unaligned
5
handling themselves. This is a problem, because at the moment the
6
core memory system does not implement the support for handling
7
unaligned accesses by doing a series of aligned accesses and
8
combining them (system/memory.c:access_with_adjusted_size() has a
9
TODO comment noting this).
2
10
3
VMStateDescription.fields should be end with VMSTATE_END_OF_LIST().
11
Fortunately raven_io_read() and raven_io_write() will correctly deal
4
However, microbit_i2c_vmstate doesn't follow it. Let's change it.
12
with the case of being passed an unaligned address, so we can fix the
13
missing unaligned access support by setting .impl.unaligned in the
14
MemoryRegionOps struct.
5
15
6
Fixes: 9d68bf564e ("arm: Stub out NRF51 TWI magnetometer/accelerometer detection")
16
Fixes: 9a1839164c9c8f06 ("raven: Implement non-contiguous I/O region")
7
Reported-by: Euler Robot <euler.robot@huawei.com>
8
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
9
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
10
Message-id: 20201019093401.2993833-1-liangpeng10@huawei.com
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Tested-by: Cédric Le Goater <clg@redhat.com>
19
Reviewed-by: Cédric Le Goater <clg@redhat.com>
20
Message-id: 20240112134640.1775041-1-peter.maydell@linaro.org
12
---
21
---
13
hw/i2c/microbit_i2c.c | 1 +
22
hw/pci-host/raven.c | 1 +
14
1 file changed, 1 insertion(+)
23
1 file changed, 1 insertion(+)
15
24
16
diff --git a/hw/i2c/microbit_i2c.c b/hw/i2c/microbit_i2c.c
25
diff --git a/hw/pci-host/raven.c b/hw/pci-host/raven.c
17
index XXXXXXX..XXXXXXX 100644
26
index XXXXXXX..XXXXXXX 100644
18
--- a/hw/i2c/microbit_i2c.c
27
--- a/hw/pci-host/raven.c
19
+++ b/hw/i2c/microbit_i2c.c
28
+++ b/hw/pci-host/raven.c
20
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription microbit_i2c_vmstate = {
29
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps raven_io_ops = {
21
.fields = (VMStateField[]) {
30
.write = raven_io_write,
22
VMSTATE_UINT32_ARRAY(regs, MicrobitI2CState, MICROBIT_I2C_NREGS),
31
.endianness = DEVICE_LITTLE_ENDIAN,
23
VMSTATE_UINT32(read_idx, MicrobitI2CState),
32
.impl.max_access_size = 4,
24
+ VMSTATE_END_OF_LIST()
33
+ .impl.unaligned = true,
25
},
34
.valid.unaligned = true,
26
};
35
};
27
36
28
--
37
--
29
2.20.1
38
2.34.1
30
39
31
40
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
Suppress the deprecation warning when we're running under qtest,
2
to avoid "make check" including warning messages in its output.
2
3
3
Fixing this now will clarify following patches.
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
6
Message-id: 20240206154151.155620-1-peter.maydell@linaro.org
7
---
8
hw/block/tc58128.c | 4 +++-
9
1 file changed, 3 insertions(+), 1 deletion(-)
4
10
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
diff --git a/hw/block/tc58128.c b/hw/block/tc58128.c
6
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Message-id: 20201016184207.786698-6-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
linux-user/elfload.c | 12 +++++++++---
11
1 file changed, 9 insertions(+), 3 deletions(-)
12
13
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
14
index XXXXXXX..XXXXXXX 100644
12
index XXXXXXX..XXXXXXX 100644
15
--- a/linux-user/elfload.c
13
--- a/hw/block/tc58128.c
16
+++ b/linux-user/elfload.c
14
+++ b/hw/block/tc58128.c
17
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
15
@@ -XXX,XX +XXX,XX @@ static sh7750_io_device tc58128 = {
18
abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em, vaddr_len;
16
19
int elf_prot = 0;
17
int tc58128_init(struct SH7750State *s, const char *zone1, const char *zone2)
20
18
{
21
- if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
19
- warn_report_once("The TC58128 flash device is deprecated");
22
- if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
20
+ if (!qtest_enabled()) {
23
- if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
21
+ warn_report_once("The TC58128 flash device is deprecated");
24
+ if (eppnt->p_flags & PF_R) {
22
+ }
25
+ elf_prot |= PROT_READ;
23
init_dev(&tc58128_devs[0], zone1);
26
+ }
24
init_dev(&tc58128_devs[1], zone2);
27
+ if (eppnt->p_flags & PF_W) {
25
return sh7750_register_io_device(s, &tc58128);
28
+ elf_prot |= PROT_WRITE;
29
+ }
30
+ if (eppnt->p_flags & PF_X) {
31
+ elf_prot |= PROT_EXEC;
32
+ }
33
34
vaddr = load_bias + eppnt->p_vaddr;
35
vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);
36
--
26
--
37
2.20.1
27
2.34.1
38
28
39
29
diff view generated by jsdifflib
1
From: Havard Skinnemoen <hskinnemoen@google.com>
1
We deliberately don't include qtests_npcm7xx in qtests_aarch64,
2
because we already get the coverage of those tests via qtests_arm,
3
and we don't want to use extra CI minutes testing them twice.
2
4
3
This test exercises the various modes of the npcm7xx timer. In
5
In commit 327b680877b79c4b we added it to qtests_aarch64; revert
4
particular, it triggers the bug found by the fuzzer, as reported here:
6
that change.
5
7
6
https://lists.gnu.org/archive/html/qemu-devel/2020-09/msg02992.html
8
Fixes: 327b680877b79c4b ("tests/qtest: Creating qtest for GMAC Module")
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
11
Message-id: 20240206163043.315535-1-peter.maydell@linaro.org
12
---
13
tests/qtest/meson.build | 1 -
14
1 file changed, 1 deletion(-)
7
15
8
It also found several other bugs, especially related to interrupt
9
handling.
10
11
The test exercises all the timers in all the timer modules, which
12
expands to 180 test cases in total.
13
14
Reviewed-by: Tyrone Ting <kfting@nuvoton.com>
15
Signed-off-by: Havard Skinnemoen <hskinnemoen@google.com>
16
Message-id: 20201008232154.94221-2-hskinnemoen@google.com
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
---
19
tests/qtest/npcm7xx_timer-test.c | 562 +++++++++++++++++++++++++++++++
20
tests/qtest/meson.build | 1 +
21
2 files changed, 563 insertions(+)
22
create mode 100644 tests/qtest/npcm7xx_timer-test.c
23
24
diff --git a/tests/qtest/npcm7xx_timer-test.c b/tests/qtest/npcm7xx_timer-test.c
25
new file mode 100644
26
index XXXXXXX..XXXXXXX
27
--- /dev/null
28
+++ b/tests/qtest/npcm7xx_timer-test.c
29
@@ -XXX,XX +XXX,XX @@
30
+/*
31
+ * QTest testcase for the Nuvoton NPCM7xx Timer
32
+ *
33
+ * Copyright 2020 Google LLC
34
+ *
35
+ * This program is free software; you can redistribute it and/or modify it
36
+ * under the terms of the GNU General Public License as published by the
37
+ * Free Software Foundation; either version 2 of the License, or
38
+ * (at your option) any later version.
39
+ *
40
+ * This program is distributed in the hope that it will be useful, but WITHOUT
41
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
42
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
43
+ * for more details.
44
+ */
45
+
46
+#include "qemu/osdep.h"
47
+#include "qemu/timer.h"
48
+#include "libqtest-single.h"
49
+
50
+#define TIM_REF_HZ (25000000)
51
+
52
+/* Bits in TCSRx */
53
+#define CEN BIT(30)
54
+#define IE BIT(29)
55
+#define MODE_ONESHOT (0 << 27)
56
+#define MODE_PERIODIC (1 << 27)
57
+#define CRST BIT(26)
58
+#define CACT BIT(25)
59
+#define PRESCALE(x) (x)
60
+
61
+/* Registers shared between all timers in a module. */
62
+#define TISR 0x18
63
+#define WTCR 0x1c
64
+# define WTCLK(x) ((x) << 10)
65
+
66
+/* Power-on default; used to re-initialize timers before each test. */
67
+#define TCSR_DEFAULT PRESCALE(5)
68
+
69
+/* Register offsets for a timer within a timer block. */
70
+typedef struct Timer {
71
+ unsigned int tcsr_offset;
72
+ unsigned int ticr_offset;
73
+ unsigned int tdr_offset;
74
+} Timer;
75
+
76
+/* A timer block containing 5 timers. */
77
+typedef struct TimerBlock {
78
+ int irq_base;
79
+ uint64_t base_addr;
80
+} TimerBlock;
81
+
82
+/* Testdata for testing a particular timer within a timer block. */
83
+typedef struct TestData {
84
+ const TimerBlock *tim;
85
+ const Timer *timer;
86
+} TestData;
87
+
88
+const TimerBlock timer_block[] = {
89
+ {
90
+ .irq_base = 32,
91
+ .base_addr = 0xf0008000,
92
+ },
93
+ {
94
+ .irq_base = 37,
95
+ .base_addr = 0xf0009000,
96
+ },
97
+ {
98
+ .irq_base = 42,
99
+ .base_addr = 0xf000a000,
100
+ },
101
+};
102
+
103
+const Timer timer[] = {
104
+ {
105
+ .tcsr_offset = 0x00,
106
+ .ticr_offset = 0x08,
107
+ .tdr_offset = 0x10,
108
+ }, {
109
+ .tcsr_offset = 0x04,
110
+ .ticr_offset = 0x0c,
111
+ .tdr_offset = 0x14,
112
+ }, {
113
+ .tcsr_offset = 0x20,
114
+ .ticr_offset = 0x28,
115
+ .tdr_offset = 0x30,
116
+ }, {
117
+ .tcsr_offset = 0x24,
118
+ .ticr_offset = 0x2c,
119
+ .tdr_offset = 0x34,
120
+ }, {
121
+ .tcsr_offset = 0x40,
122
+ .ticr_offset = 0x48,
123
+ .tdr_offset = 0x50,
124
+ },
125
+};
126
+
127
+/* Returns the index of the timer block. */
128
+static int tim_index(const TimerBlock *tim)
129
+{
130
+ ptrdiff_t diff = tim - timer_block;
131
+
132
+ g_assert(diff >= 0 && diff < ARRAY_SIZE(timer_block));
133
+
134
+ return diff;
135
+}
136
+
137
+/* Returns the index of a timer within a timer block. */
138
+static int timer_index(const Timer *t)
139
+{
140
+ ptrdiff_t diff = t - timer;
141
+
142
+ g_assert(diff >= 0 && diff < ARRAY_SIZE(timer));
143
+
144
+ return diff;
145
+}
146
+
147
+/* Returns the irq line for a given timer. */
148
+static int tim_timer_irq(const TestData *td)
149
+{
150
+ return td->tim->irq_base + timer_index(td->timer);
151
+}
152
+
153
+/* Register read/write accessors. */
154
+
155
+static void tim_write(const TestData *td,
156
+ unsigned int offset, uint32_t value)
157
+{
158
+ writel(td->tim->base_addr + offset, value);
159
+}
160
+
161
+static uint32_t tim_read(const TestData *td, unsigned int offset)
162
+{
163
+ return readl(td->tim->base_addr + offset);
164
+}
165
+
166
+static void tim_write_tcsr(const TestData *td, uint32_t value)
167
+{
168
+ tim_write(td, td->timer->tcsr_offset, value);
169
+}
170
+
171
+static uint32_t tim_read_tcsr(const TestData *td)
172
+{
173
+ return tim_read(td, td->timer->tcsr_offset);
174
+}
175
+
176
+static void tim_write_ticr(const TestData *td, uint32_t value)
177
+{
178
+ tim_write(td, td->timer->ticr_offset, value);
179
+}
180
+
181
+static uint32_t tim_read_ticr(const TestData *td)
182
+{
183
+ return tim_read(td, td->timer->ticr_offset);
184
+}
185
+
186
+static uint32_t tim_read_tdr(const TestData *td)
187
+{
188
+ return tim_read(td, td->timer->tdr_offset);
189
+}
190
+
191
+/* Returns the number of nanoseconds to count the given number of cycles. */
192
+static int64_t tim_calculate_step(uint32_t count, uint32_t prescale)
193
+{
194
+ return (1000000000LL / TIM_REF_HZ) * count * (prescale + 1);
195
+}
196
+
197
+/* Returns a bitmask corresponding to the timer under test. */
198
+static uint32_t tim_timer_bit(const TestData *td)
199
+{
200
+ return BIT(timer_index(td->timer));
201
+}
202
+
203
+/* Resets all timers to power-on defaults. */
204
+static void tim_reset(const TestData *td)
205
+{
206
+ int i, j;
207
+
208
+ /* Reset all the timers, in case a previous test left a timer running. */
209
+ for (i = 0; i < ARRAY_SIZE(timer_block); i++) {
210
+ for (j = 0; j < ARRAY_SIZE(timer); j++) {
211
+ writel(timer_block[i].base_addr + timer[j].tcsr_offset,
212
+ CRST | TCSR_DEFAULT);
213
+ }
214
+ writel(timer_block[i].base_addr + TISR, -1);
215
+ }
216
+}
217
+
218
+/* Verifies the reset state of a timer. */
219
+static void test_reset(gconstpointer test_data)
220
+{
221
+ const TestData *td = test_data;
222
+
223
+ tim_reset(td);
224
+
225
+ g_assert_cmphex(tim_read_tcsr(td), ==, TCSR_DEFAULT);
226
+ g_assert_cmphex(tim_read_ticr(td), ==, 0);
227
+ g_assert_cmphex(tim_read_tdr(td), ==, 0);
228
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
229
+ g_assert_cmphex(tim_read(td, WTCR), ==, WTCLK(1));
230
+}
231
+
232
+/* Verifies that CRST wins if both CEN and CRST are set. */
233
+static void test_reset_overrides_enable(gconstpointer test_data)
234
+{
235
+ const TestData *td = test_data;
236
+
237
+ tim_reset(td);
238
+
239
+ /* CRST should force CEN to 0 */
240
+ tim_write_tcsr(td, CEN | CRST | TCSR_DEFAULT);
241
+
242
+ g_assert_cmphex(tim_read_tcsr(td), ==, TCSR_DEFAULT);
243
+ g_assert_cmphex(tim_read_tdr(td), ==, 0);
244
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
245
+}
246
+
247
+/* Verifies the behavior when CEN is set and then cleared. */
248
+static void test_oneshot_enable_then_disable(gconstpointer test_data)
249
+{
250
+ const TestData *td = test_data;
251
+
252
+ tim_reset(td);
253
+
254
+ /* Enable the timer with zero initial count, then disable it again. */
255
+ tim_write_tcsr(td, CEN | TCSR_DEFAULT);
256
+ tim_write_tcsr(td, TCSR_DEFAULT);
257
+
258
+ g_assert_cmphex(tim_read_tcsr(td), ==, TCSR_DEFAULT);
259
+ g_assert_cmphex(tim_read_tdr(td), ==, 0);
260
+ /* Timer interrupt flag should be set, but interrupts are not enabled. */
261
+ g_assert_cmphex(tim_read(td, TISR), ==, tim_timer_bit(td));
262
+ g_assert_false(qtest_get_irq(global_qtest, tim_timer_irq(td)));
263
+}
264
+
265
+/* Verifies that a one-shot timer fires when expected with prescaler 5. */
266
+static void test_oneshot_ps5(gconstpointer test_data)
267
+{
268
+ const TestData *td = test_data;
269
+ unsigned int count = 256;
270
+ unsigned int ps = 5;
271
+
272
+ tim_reset(td);
273
+
274
+ tim_write_ticr(td, count);
275
+ tim_write_tcsr(td, CEN | PRESCALE(ps));
276
+ g_assert_cmphex(tim_read_tcsr(td), ==, CEN | CACT | PRESCALE(ps));
277
+ g_assert_cmpuint(tim_read_tdr(td), ==, count);
278
+
279
+ clock_step(tim_calculate_step(count, ps) - 1);
280
+
281
+ g_assert_cmphex(tim_read_tcsr(td), ==, CEN | CACT | PRESCALE(ps));
282
+ g_assert_cmpuint(tim_read_tdr(td), <, count);
283
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
284
+
285
+ clock_step(1);
286
+
287
+ g_assert_cmphex(tim_read_tcsr(td), ==, PRESCALE(ps));
288
+ g_assert_cmpuint(tim_read_tdr(td), ==, count);
289
+ g_assert_cmphex(tim_read(td, TISR), ==, tim_timer_bit(td));
290
+ g_assert_false(qtest_get_irq(global_qtest, tim_timer_irq(td)));
291
+
292
+ /* Clear the interrupt flag. */
293
+ tim_write(td, TISR, tim_timer_bit(td));
294
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
295
+ g_assert_false(qtest_get_irq(global_qtest, tim_timer_irq(td)));
296
+
297
+ /* Verify that this isn't a periodic timer. */
298
+ clock_step(2 * tim_calculate_step(count, ps));
299
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
300
+ g_assert_false(qtest_get_irq(global_qtest, tim_timer_irq(td)));
301
+}
302
+
303
+/* Verifies that a one-shot timer fires when expected with prescaler 0. */
304
+static void test_oneshot_ps0(gconstpointer test_data)
305
+{
306
+ const TestData *td = test_data;
307
+ unsigned int count = 1;
308
+ unsigned int ps = 0;
309
+
310
+ tim_reset(td);
311
+
312
+ tim_write_ticr(td, count);
313
+ tim_write_tcsr(td, CEN | PRESCALE(ps));
314
+ g_assert_cmphex(tim_read_tcsr(td), ==, CEN | CACT | PRESCALE(ps));
315
+ g_assert_cmpuint(tim_read_tdr(td), ==, count);
316
+
317
+ clock_step(tim_calculate_step(count, ps) - 1);
318
+
319
+ g_assert_cmphex(tim_read_tcsr(td), ==, CEN | CACT | PRESCALE(ps));
320
+ g_assert_cmpuint(tim_read_tdr(td), <, count);
321
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
322
+
323
+ clock_step(1);
324
+
325
+ g_assert_cmphex(tim_read_tcsr(td), ==, PRESCALE(ps));
326
+ g_assert_cmpuint(tim_read_tdr(td), ==, count);
327
+ g_assert_cmphex(tim_read(td, TISR), ==, tim_timer_bit(td));
328
+ g_assert_false(qtest_get_irq(global_qtest, tim_timer_irq(td)));
329
+}
330
+
331
+/* Verifies that a one-shot timer fires when expected with highest prescaler. */
332
+static void test_oneshot_ps255(gconstpointer test_data)
333
+{
334
+ const TestData *td = test_data;
335
+ unsigned int count = (1U << 24) - 1;
336
+ unsigned int ps = 255;
337
+
338
+ tim_reset(td);
339
+
340
+ tim_write_ticr(td, count);
341
+ tim_write_tcsr(td, CEN | PRESCALE(ps));
342
+ g_assert_cmphex(tim_read_tcsr(td), ==, CEN | CACT | PRESCALE(ps));
343
+ g_assert_cmpuint(tim_read_tdr(td), ==, count);
344
+
345
+ clock_step(tim_calculate_step(count, ps) - 1);
346
+
347
+ g_assert_cmphex(tim_read_tcsr(td), ==, CEN | CACT | PRESCALE(ps));
348
+ g_assert_cmpuint(tim_read_tdr(td), <, count);
349
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
350
+
351
+ clock_step(1);
352
+
353
+ g_assert_cmphex(tim_read_tcsr(td), ==, PRESCALE(ps));
354
+ g_assert_cmpuint(tim_read_tdr(td), ==, count);
355
+ g_assert_cmphex(tim_read(td, TISR), ==, tim_timer_bit(td));
356
+ g_assert_false(qtest_get_irq(global_qtest, tim_timer_irq(td)));
357
+}
358
+
359
+/* Verifies that a oneshot timer fires an interrupt when expected. */
360
+static void test_oneshot_interrupt(gconstpointer test_data)
361
+{
362
+ const TestData *td = test_data;
363
+ unsigned int count = 256;
364
+ unsigned int ps = 7;
365
+
366
+ tim_reset(td);
367
+
368
+ tim_write_ticr(td, count);
369
+ tim_write_tcsr(td, IE | CEN | MODE_ONESHOT | PRESCALE(ps));
370
+
371
+ clock_step_next();
372
+
373
+ g_assert_cmphex(tim_read(td, TISR), ==, tim_timer_bit(td));
374
+ g_assert_true(qtest_get_irq(global_qtest, tim_timer_irq(td)));
375
+}
376
+
377
+/*
378
+ * Verifies that the timer can be paused and later resumed, and it still fires
379
+ * at the right moment.
380
+ */
381
+static void test_pause_resume(gconstpointer test_data)
382
+{
383
+ const TestData *td = test_data;
384
+ unsigned int count = 256;
385
+ unsigned int ps = 1;
386
+
387
+ tim_reset(td);
388
+
389
+ tim_write_ticr(td, count);
390
+ tim_write_tcsr(td, IE | CEN | MODE_ONESHOT | PRESCALE(ps));
391
+
392
+ /* Pause the timer halfway to expiration. */
393
+ clock_step(tim_calculate_step(count / 2, ps));
394
+ tim_write_tcsr(td, IE | MODE_ONESHOT | PRESCALE(ps));
395
+ g_assert_cmpuint(tim_read_tdr(td), ==, count / 2);
396
+
397
+ /* Counter should not advance during the following step. */
398
+ clock_step(2 * tim_calculate_step(count, ps));
399
+ g_assert_cmpuint(tim_read_tdr(td), ==, count / 2);
400
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
401
+ g_assert_false(qtest_get_irq(global_qtest, tim_timer_irq(td)));
402
+
403
+ /* Resume the timer and run _almost_ to expiration. */
404
+ tim_write_tcsr(td, IE | CEN | MODE_ONESHOT | PRESCALE(ps));
405
+ clock_step(tim_calculate_step(count / 2, ps) - 1);
406
+ g_assert_cmpuint(tim_read_tdr(td), <, count);
407
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
408
+ g_assert_false(qtest_get_irq(global_qtest, tim_timer_irq(td)));
409
+
410
+ /* Now, run the rest of the way and verify that the interrupt fires. */
411
+ clock_step(1);
412
+ g_assert_cmphex(tim_read(td, TISR), ==, tim_timer_bit(td));
413
+ g_assert_true(qtest_get_irq(global_qtest, tim_timer_irq(td)));
414
+}
415
+
416
+/* Verifies that the prescaler can be changed while the timer is runnin. */
417
+static void test_prescaler_change(gconstpointer test_data)
418
+{
419
+ const TestData *td = test_data;
420
+ unsigned int count = 256;
421
+ unsigned int ps = 5;
422
+
423
+ tim_reset(td);
424
+
425
+ tim_write_ticr(td, count);
426
+ tim_write_tcsr(td, CEN | MODE_ONESHOT | PRESCALE(ps));
427
+
428
+ /* Run a quarter of the way, and change the prescaler. */
429
+ clock_step(tim_calculate_step(count / 4, ps));
430
+ g_assert_cmpuint(tim_read_tdr(td), ==, 3 * count / 4);
431
+ ps = 2;
432
+ tim_write_tcsr(td, CEN | MODE_ONESHOT | PRESCALE(ps));
433
+ /* The counter must not change. */
434
+ g_assert_cmpuint(tim_read_tdr(td), ==, 3 * count / 4);
435
+
436
+ /* Run another quarter of the way, and change the prescaler again. */
437
+ clock_step(tim_calculate_step(count / 4, ps));
438
+ g_assert_cmpuint(tim_read_tdr(td), ==, count / 2);
439
+ ps = 8;
440
+ tim_write_tcsr(td, CEN | MODE_ONESHOT | PRESCALE(ps));
441
+ /* The counter must not change. */
442
+ g_assert_cmpuint(tim_read_tdr(td), ==, count / 2);
443
+
444
+ /* Run another quarter of the way, and change the prescaler again. */
445
+ clock_step(tim_calculate_step(count / 4, ps));
446
+ g_assert_cmpuint(tim_read_tdr(td), ==, count / 4);
447
+ ps = 0;
448
+ tim_write_tcsr(td, CEN | MODE_ONESHOT | PRESCALE(ps));
449
+ /* The counter must not change. */
450
+ g_assert_cmpuint(tim_read_tdr(td), ==, count / 4);
451
+
452
+ /* Run almost to expiration, and verify the timer didn't fire yet. */
453
+ clock_step(tim_calculate_step(count / 4, ps) - 1);
454
+ g_assert_cmpuint(tim_read_tdr(td), <, count);
455
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
456
+
457
+ /* Now, run the rest of the way and verify that the timer fires. */
458
+ clock_step(1);
459
+ g_assert_cmphex(tim_read(td, TISR), ==, tim_timer_bit(td));
460
+}
461
+
462
+/* Verifies that a periodic timer automatically restarts after expiration. */
463
+static void test_periodic_no_interrupt(gconstpointer test_data)
464
+{
465
+ const TestData *td = test_data;
466
+ unsigned int count = 2;
467
+ unsigned int ps = 3;
468
+ int i;
469
+
470
+ tim_reset(td);
471
+
472
+ tim_write_ticr(td, count);
473
+ tim_write_tcsr(td, CEN | MODE_PERIODIC | PRESCALE(ps));
474
+
475
+ for (i = 0; i < 4; i++) {
476
+ clock_step_next();
477
+
478
+ g_assert_cmphex(tim_read(td, TISR), ==, tim_timer_bit(td));
479
+ g_assert_false(qtest_get_irq(global_qtest, tim_timer_irq(td)));
480
+
481
+ tim_write(td, TISR, tim_timer_bit(td));
482
+
483
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
484
+ g_assert_false(qtest_get_irq(global_qtest, tim_timer_irq(td)));
485
+ }
486
+}
487
+
488
+/* Verifies that a periodict timer fires an interrupt every time it expires. */
489
+static void test_periodic_interrupt(gconstpointer test_data)
490
+{
491
+ const TestData *td = test_data;
492
+ unsigned int count = 65535;
493
+ unsigned int ps = 2;
494
+ int i;
495
+
496
+ tim_reset(td);
497
+
498
+ tim_write_ticr(td, count);
499
+ tim_write_tcsr(td, CEN | IE | MODE_PERIODIC | PRESCALE(ps));
500
+
501
+ for (i = 0; i < 4; i++) {
502
+ clock_step_next();
503
+
504
+ g_assert_cmphex(tim_read(td, TISR), ==, tim_timer_bit(td));
505
+ g_assert_true(qtest_get_irq(global_qtest, tim_timer_irq(td)));
506
+
507
+ tim_write(td, TISR, tim_timer_bit(td));
508
+
509
+ g_assert_cmphex(tim_read(td, TISR), ==, 0);
510
+ g_assert_false(qtest_get_irq(global_qtest, tim_timer_irq(td)));
511
+ }
512
+}
513
+
514
+/*
515
+ * Verifies that the timer behaves correctly when disabled right before and
516
+ * exactly when it's supposed to expire.
517
+ */
518
+static void test_disable_on_expiration(gconstpointer test_data)
519
+{
520
+ const TestData *td = test_data;
521
+ unsigned int count = 8;
522
+ unsigned int ps = 255;
523
+
524
+ tim_reset(td);
525
+
526
+ tim_write_ticr(td, count);
527
+ tim_write_tcsr(td, CEN | MODE_ONESHOT | PRESCALE(ps));
528
+
529
+ clock_step(tim_calculate_step(count, ps) - 1);
530
+
531
+ tim_write_tcsr(td, MODE_ONESHOT | PRESCALE(ps));
532
+ tim_write_tcsr(td, CEN | MODE_ONESHOT | PRESCALE(ps));
533
+ clock_step(1);
534
+ tim_write_tcsr(td, MODE_ONESHOT | PRESCALE(ps));
535
+ g_assert_cmphex(tim_read(td, TISR), ==, tim_timer_bit(td));
536
+}
537
+
538
+/*
539
+ * Constructs a name that includes the timer block, timer and testcase name,
540
+ * and adds the test to the test suite.
541
+ */
542
+static void tim_add_test(const char *name, const TestData *td, GTestDataFunc fn)
543
+{
544
+ g_autofree char *full_name;
545
+
546
+ full_name = g_strdup_printf("npcm7xx_timer/tim[%d]/timer[%d]/%s",
547
+ tim_index(td->tim), timer_index(td->timer),
548
+ name);
549
+ qtest_add_data_func(full_name, td, fn);
550
+}
551
+
552
+/* Convenience macro for adding a test with a predictable function name. */
553
+#define add_test(name, td) tim_add_test(#name, td, test_##name)
554
+
555
+int main(int argc, char **argv)
556
+{
557
+ TestData testdata[ARRAY_SIZE(timer_block) * ARRAY_SIZE(timer)];
558
+ int ret;
559
+ int i, j;
560
+
561
+ g_test_init(&argc, &argv, NULL);
562
+ g_test_set_nonfatal_assertions();
563
+
564
+ for (i = 0; i < ARRAY_SIZE(timer_block); i++) {
565
+ for (j = 0; j < ARRAY_SIZE(timer); j++) {
566
+ TestData *td = &testdata[i * ARRAY_SIZE(timer) + j];
567
+ td->tim = &timer_block[i];
568
+ td->timer = &timer[j];
569
+
570
+ add_test(reset, td);
571
+ add_test(reset_overrides_enable, td);
572
+ add_test(oneshot_enable_then_disable, td);
573
+ add_test(oneshot_ps5, td);
574
+ add_test(oneshot_ps0, td);
575
+ add_test(oneshot_ps255, td);
576
+ add_test(oneshot_interrupt, td);
577
+ add_test(pause_resume, td);
578
+ add_test(prescaler_change, td);
579
+ add_test(periodic_no_interrupt, td);
580
+ add_test(periodic_interrupt, td);
581
+ add_test(disable_on_expiration, td);
582
+ }
583
+ }
584
+
585
+ qtest_start("-machine npcm750-evb");
586
+ qtest_irq_intercept_in(global_qtest, "/machine/soc/a9mpcore/gic");
587
+ ret = g_test_run();
588
+ qtest_end();
589
+
590
+ return ret;
591
+}
592
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
16
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
593
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
594
--- a/tests/qtest/meson.build
18
--- a/tests/qtest/meson.build
595
+++ b/tests/qtest/meson.build
19
+++ b/tests/qtest/meson.build
596
@@ -XXX,XX +XXX,XX @@ qtests_arm = \
20
@@ -XXX,XX +XXX,XX @@ qtests_aarch64 = \
21
(config_all_devices.has_key('CONFIG_RASPI') ? ['bcm2835-dma-test'] : []) + \
22
(config_all_accel.has_key('CONFIG_TCG') and \
23
config_all_devices.has_key('CONFIG_TPM_TIS_I2C') ? ['tpm-tis-i2c-test'] : []) + \
24
- (config_all_devices.has_key('CONFIG_NPCM7XX') ? qtests_npcm7xx : []) + \
597
['arm-cpu-features',
25
['arm-cpu-features',
598
'microbit-test',
26
'numa-test',
599
'm25p80-test',
600
+ 'npcm7xx_timer-test',
601
'test-arm-mptimer',
602
'boot-serial-test',
27
'boot-serial-test',
603
'hexloader-test']
604
--
28
--
605
2.20.1
29
2.34.1
606
30
607
31
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
Allow changes to the virt GTDT -- we are going to add the IRQ
2
entry for a new timer to it.
2
3
3
Fix an unlikely memory leak in load_elf_image().
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
6
Message-id: 20240122143537.233498-2-peter.maydell@linaro.org
7
---
8
tests/qtest/bios-tables-test-allowed-diff.h | 2 ++
9
1 file changed, 2 insertions(+)
4
10
5
Fixes: bf858897b7 ("linux-user: Re-use load_elf_image for the main binary.")
11
diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
6
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20201016184207.786698-5-richard.henderson@linaro.org
9
Message-Id: <20201003174944.1972444-1-f4bug@amsat.org>
10
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
14
linux-user/elfload.c | 8 ++++----
15
1 file changed, 4 insertions(+), 4 deletions(-)
16
17
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
18
index XXXXXXX..XXXXXXX 100644
12
index XXXXXXX..XXXXXXX 100644
19
--- a/linux-user/elfload.c
13
--- a/tests/qtest/bios-tables-test-allowed-diff.h
20
+++ b/linux-user/elfload.c
14
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
21
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
15
@@ -1 +1,3 @@
22
info->brk = vaddr_em;
16
/* List of comma-separated changed AML files to ignore */
23
}
17
+"tests/data/acpi/virt/FACP",
24
} else if (eppnt->p_type == PT_INTERP && pinterp_name) {
18
+"tests/data/acpi/virt/GTDT",
25
- char *interp_name;
26
+ g_autofree char *interp_name = NULL;
27
28
if (*pinterp_name) {
29
errmsg = "Multiple PT_INTERP entries";
30
goto exit_errmsg;
31
}
32
- interp_name = malloc(eppnt->p_filesz);
33
+ interp_name = g_malloc(eppnt->p_filesz);
34
if (!interp_name) {
35
goto exit_perror;
36
}
37
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
38
errmsg = "Invalid PT_INTERP entry";
39
goto exit_errmsg;
40
}
41
- *pinterp_name = interp_name;
42
+ *pinterp_name = g_steal_pointer(&interp_name);
43
#ifdef TARGET_MIPS
44
} else if (eppnt->p_type == PT_MIPS_ABIFLAGS) {
45
Mips_elf_abiflags_v0 abiflags;
46
@@ -XXX,XX +XXX,XX @@ int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)
47
if (elf_interpreter) {
48
info->load_bias = interp_info.load_bias;
49
info->entry = interp_info.entry;
50
- free(elf_interpreter);
51
+ g_free(elf_interpreter);
52
}
53
54
#ifdef USE_ELF_CORE_DUMP
55
--
19
--
56
2.20.1
20
2.34.1
57
58
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
Armv8.1+ CPUs have the Virtual Host Extension (VHE) which adds a
2
2
non-secure EL2 virtual timer. We implemented the timer itself in the
3
The reporting in AArch64.TagCheckFail only depends on PSTATE.EL,
3
CPU model, but never wired up its IRQ line to the GIC.
4
and not the AccType of the operation. There are two guest
4
5
visible problems that affect LDTR and STTR because of this:
5
Wire up the IRQ line (this is always safe whether the CPU has the
6
6
interrupt or not, since it always creates the outbound IRQ line).
7
(1) Selecting TCF0 vs TCF1 to decide on reporting,
7
Report it to the guest via dtb and ACPI if the CPU has the feature.
8
(2) Report "data abort same el" not "data abort lower el".
8
9
9
The DTB binding is documented in the kernel's
10
Reported-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
10
Documentation/devicetree/bindings/timer/arm\,arch_timer.yaml
11
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
and the ACPI table entries are documented in the ACPI specification
12
Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
12
version 6.3 or later.
13
Tested-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
13
14
Message-id: 20201008162155.161886-3-richard.henderson@linaro.org
14
Because the IRQ line ACPI binding is new in 6.3, we need to bump the
15
FADT table rev to show that we might be using 6.3 features.
16
17
Note that exposing this IRQ in the DTB will trigger a bug in EDK2
18
versions prior to edk2-stable202311, for users who use the virt board
19
with 'virtualization=on' to enable EL2 emulation and are booting an
20
EDK2 guest BIOS, if that EDK2 has assertions enabled. The effect is
21
that EDK2 will assert on bootup:
22
23
ASSERT [ArmTimerDxe] /home/kraxel/projects/qemu/roms/edk2/ArmVirtPkg/Library/ArmVirtTimerFdtClientLib/ArmVirtTimerFdtClientLib.c(72): PropSize == 36 || PropSize == 48
24
25
If you see that assertion you should do one of:
26
* update your EDK2 binaries to edk2-stable202311 or newer
27
* use the 'virt-8.2' versioned machine type
28
* not use 'virtualization=on'
29
30
(The versions shipped with QEMU itself have the fix.)
31
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
32
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
33
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
34
Message-id: 20240122143537.233498-3-peter.maydell@linaro.org
16
---
35
---
17
target/arm/mte_helper.c | 10 +++-------
36
include/hw/arm/virt.h | 2 ++
18
1 file changed, 3 insertions(+), 7 deletions(-)
37
hw/arm/virt-acpi-build.c | 20 ++++++++++----
19
38
hw/arm/virt.c | 60 ++++++++++++++++++++++++++++++++++------
20
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
39
3 files changed, 67 insertions(+), 15 deletions(-)
40
41
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
21
index XXXXXXX..XXXXXXX 100644
42
index XXXXXXX..XXXXXXX 100644
22
--- a/target/arm/mte_helper.c
43
--- a/include/hw/arm/virt.h
23
+++ b/target/arm/mte_helper.c
44
+++ b/include/hw/arm/virt.h
24
@@ -XXX,XX +XXX,XX @@ static void mte_check_fail(CPUARMState *env, uint32_t desc,
45
@@ -XXX,XX +XXX,XX @@ struct VirtMachineClass {
25
reg_el = regime_el(env, arm_mmu_idx);
46
/* Machines < 6.2 have no support for describing cpu topology to guest */
26
sctlr = env->cp15.sctlr_el[reg_el];
47
bool no_cpu_topology;
27
48
bool no_tcg_lpa2;
28
- switch (arm_mmu_idx) {
49
+ bool no_ns_el2_virt_timer_irq;
29
- case ARMMMUIdx_E10_0:
50
};
30
- case ARMMMUIdx_E20_0:
51
31
- el = 0;
52
struct VirtMachineState {
32
+ el = arm_current_el(env);
53
@@ -XXX,XX +XXX,XX @@ struct VirtMachineState {
33
+ if (el == 0) {
54
PCIBus *bus;
34
tcf = extract64(sctlr, 38, 2);
55
char *oem_id;
35
- break;
56
char *oem_table_id;
36
- default:
57
+ bool ns_el2_virt_timer_irq;
37
- el = reg_el;
58
};
59
60
#define VIRT_ECAM_ID(high) (high ? VIRT_HIGH_PCIE_ECAM : VIRT_PCIE_ECAM)
61
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
62
index XXXXXXX..XXXXXXX 100644
63
--- a/hw/arm/virt-acpi-build.c
64
+++ b/hw/arm/virt-acpi-build.c
65
@@ -XXX,XX +XXX,XX @@ build_srat(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
66
}
67
68
/*
69
- * ACPI spec, Revision 5.1
70
- * 5.2.24 Generic Timer Description Table (GTDT)
71
+ * ACPI spec, Revision 6.5
72
+ * 5.2.25 Generic Timer Description Table (GTDT)
73
*/
74
static void
75
build_gtdt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
76
@@ -XXX,XX +XXX,XX @@ build_gtdt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
77
uint32_t irqflags = vmc->claim_edge_triggered_timers ?
78
1 : /* Interrupt is Edge triggered */
79
0; /* Interrupt is Level triggered */
80
- AcpiTable table = { .sig = "GTDT", .rev = 2, .oem_id = vms->oem_id,
81
+ AcpiTable table = { .sig = "GTDT", .rev = 3, .oem_id = vms->oem_id,
82
.oem_table_id = vms->oem_table_id };
83
84
acpi_table_begin(&table, table_data);
85
@@ -XXX,XX +XXX,XX @@ build_gtdt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
86
build_append_int_noprefix(table_data, 0, 4);
87
/* Platform Timer Offset */
88
build_append_int_noprefix(table_data, 0, 4);
89
-
90
+ if (vms->ns_el2_virt_timer_irq) {
91
+ /* Virtual EL2 Timer GSIV */
92
+ build_append_int_noprefix(table_data, ARCH_TIMER_NS_EL2_VIRT_IRQ, 4);
93
+ /* Virtual EL2 Timer Flags */
94
+ build_append_int_noprefix(table_data, irqflags, 4);
38
+ } else {
95
+ } else {
39
tcf = extract64(sctlr, 40, 2);
96
+ build_append_int_noprefix(table_data, 0, 4);
97
+ build_append_int_noprefix(table_data, 0, 4);
98
+ }
99
acpi_table_end(linker, &table);
100
}
101
102
@@ -XXX,XX +XXX,XX @@ build_madt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
103
static void build_fadt_rev6(GArray *table_data, BIOSLinker *linker,
104
VirtMachineState *vms, unsigned dsdt_tbl_offset)
105
{
106
- /* ACPI v6.0 */
107
+ /* ACPI v6.3 */
108
AcpiFadtData fadt = {
109
.rev = 6,
110
- .minor_ver = 0,
111
+ .minor_ver = 3,
112
.flags = 1 << ACPI_FADT_F_HW_REDUCED_ACPI,
113
.xdsdt_tbl_offset = &dsdt_tbl_offset,
114
};
115
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
116
index XXXXXXX..XXXXXXX 100644
117
--- a/hw/arm/virt.c
118
+++ b/hw/arm/virt.c
119
@@ -XXX,XX +XXX,XX @@ static void create_randomness(MachineState *ms, const char *node)
120
qemu_fdt_setprop(ms->fdt, node, "rng-seed", seed.rng, sizeof(seed.rng));
121
}
122
123
+/*
124
+ * The CPU object always exposes the NS EL2 virt timer IRQ line,
125
+ * but we don't want to advertise it to the guest in the dtb or ACPI
126
+ * table unless it's really going to do something.
127
+ */
128
+static bool ns_el2_virt_timer_present(void)
129
+{
130
+ ARMCPU *cpu = ARM_CPU(qemu_get_cpu(0));
131
+ CPUARMState *env = &cpu->env;
132
+
133
+ return arm_feature(env, ARM_FEATURE_AARCH64) &&
134
+ arm_feature(env, ARM_FEATURE_EL2) && cpu_isar_feature(aa64_vh, cpu);
135
+}
136
+
137
static void create_fdt(VirtMachineState *vms)
138
{
139
MachineState *ms = MACHINE(vms);
140
@@ -XXX,XX +XXX,XX @@ static void fdt_add_timer_nodes(const VirtMachineState *vms)
141
"arm,armv7-timer");
40
}
142
}
143
qemu_fdt_setprop(ms->fdt, "/timer", "always-on", NULL, 0);
144
- qemu_fdt_setprop_cells(ms->fdt, "/timer", "interrupts",
145
- GIC_FDT_IRQ_TYPE_PPI,
146
- INTID_TO_PPI(ARCH_TIMER_S_EL1_IRQ), irqflags,
147
- GIC_FDT_IRQ_TYPE_PPI,
148
- INTID_TO_PPI(ARCH_TIMER_NS_EL1_IRQ), irqflags,
149
- GIC_FDT_IRQ_TYPE_PPI,
150
- INTID_TO_PPI(ARCH_TIMER_VIRT_IRQ), irqflags,
151
- GIC_FDT_IRQ_TYPE_PPI,
152
- INTID_TO_PPI(ARCH_TIMER_NS_EL2_IRQ), irqflags);
153
+ if (vms->ns_el2_virt_timer_irq) {
154
+ qemu_fdt_setprop_cells(ms->fdt, "/timer", "interrupts",
155
+ GIC_FDT_IRQ_TYPE_PPI,
156
+ INTID_TO_PPI(ARCH_TIMER_S_EL1_IRQ), irqflags,
157
+ GIC_FDT_IRQ_TYPE_PPI,
158
+ INTID_TO_PPI(ARCH_TIMER_NS_EL1_IRQ), irqflags,
159
+ GIC_FDT_IRQ_TYPE_PPI,
160
+ INTID_TO_PPI(ARCH_TIMER_VIRT_IRQ), irqflags,
161
+ GIC_FDT_IRQ_TYPE_PPI,
162
+ INTID_TO_PPI(ARCH_TIMER_NS_EL2_IRQ), irqflags,
163
+ GIC_FDT_IRQ_TYPE_PPI,
164
+ INTID_TO_PPI(ARCH_TIMER_NS_EL2_VIRT_IRQ), irqflags);
165
+ } else {
166
+ qemu_fdt_setprop_cells(ms->fdt, "/timer", "interrupts",
167
+ GIC_FDT_IRQ_TYPE_PPI,
168
+ INTID_TO_PPI(ARCH_TIMER_S_EL1_IRQ), irqflags,
169
+ GIC_FDT_IRQ_TYPE_PPI,
170
+ INTID_TO_PPI(ARCH_TIMER_NS_EL1_IRQ), irqflags,
171
+ GIC_FDT_IRQ_TYPE_PPI,
172
+ INTID_TO_PPI(ARCH_TIMER_VIRT_IRQ), irqflags,
173
+ GIC_FDT_IRQ_TYPE_PPI,
174
+ INTID_TO_PPI(ARCH_TIMER_NS_EL2_IRQ), irqflags);
175
+ }
176
}
177
178
static void fdt_add_cpu_nodes(const VirtMachineState *vms)
179
@@ -XXX,XX +XXX,XX @@ static void create_gic(VirtMachineState *vms, MemoryRegion *mem)
180
[GTIMER_VIRT] = ARCH_TIMER_VIRT_IRQ,
181
[GTIMER_HYP] = ARCH_TIMER_NS_EL2_IRQ,
182
[GTIMER_SEC] = ARCH_TIMER_S_EL1_IRQ,
183
+ [GTIMER_HYPVIRT] = ARCH_TIMER_NS_EL2_VIRT_IRQ,
184
};
185
186
for (unsigned irq = 0; irq < ARRAY_SIZE(timer_irq); irq++) {
187
@@ -XXX,XX +XXX,XX @@ static void machvirt_init(MachineState *machine)
188
qdev_realize(DEVICE(cpuobj), NULL, &error_fatal);
189
object_unref(cpuobj);
190
}
191
+
192
+ /* Now we've created the CPUs we can see if they have the hypvirt timer */
193
+ vms->ns_el2_virt_timer_irq = ns_el2_virt_timer_present() &&
194
+ !vmc->no_ns_el2_virt_timer_irq;
195
+
196
fdt_add_timer_nodes(vms);
197
fdt_add_cpu_nodes(vms);
198
199
@@ -XXX,XX +XXX,XX @@ DEFINE_VIRT_MACHINE_AS_LATEST(9, 0)
200
201
static void virt_machine_8_2_options(MachineClass *mc)
202
{
203
+ VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc));
204
+
205
virt_machine_9_0_options(mc);
206
compat_props_add(mc->compat_props, hw_compat_8_2, hw_compat_8_2_len);
207
+ /*
208
+ * Don't expose NS_EL2_VIRT timer IRQ in DTB on ACPI on 8.2 and
209
+ * earlier machines. (Exposing it tickles a bug in older EDK2
210
+ * guest BIOS binaries.)
211
+ */
212
+ vmc->no_ns_el2_virt_timer_irq = true;
213
}
214
DEFINE_VIRT_MACHINE(8, 2)
41
215
42
--
216
--
43
2.20.1
217
2.34.1
44
45
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
Update the virt golden reference files to say that the FACP is ACPI
2
2
v6.3, and the GTDT table is a revision 3 table with space for the
3
These are all of the defines required to parse
3
virtual EL2 timer.
4
GNU_PROPERTY_AARCH64_FEATURE_1_AND, copied from binutils.
4
5
Other missing defines related to other GNU program headers
5
Diffs from iasl:
6
and notes are elided for now.
6
7
7
@@ -XXX,XX +XXX,XX @@
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
/*
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
* Intel ACPI Component Architecture
10
Message-id: 20201016184207.786698-4-richard.henderson@linaro.org
10
* AML/ASL+ Disassembler version 20200925 (64-bit version)
11
* Copyright (c) 2000 - 2020 Intel Corporation
12
*
13
- * Disassembly of tests/data/acpi/virt/FACP, Mon Jan 22 13:48:40 2024
14
+ * Disassembly of /tmp/aml-W8RZH2, Mon Jan 22 13:48:40 2024
15
*
16
* ACPI Data Table [FACP]
17
*
18
* Format: [HexOffset DecimalOffset ByteLength] FieldName : FieldValue
19
*/
20
21
[000h 0000 4] Signature : "FACP" [Fixed ACPI Description Table (FADT)]
22
[004h 0004 4] Table Length : 00000114
23
[008h 0008 1] Revision : 06
24
-[009h 0009 1] Checksum : 15
25
+[009h 0009 1] Checksum : 12
26
[00Ah 0010 6] Oem ID : "BOCHS "
27
[010h 0016 8] Oem Table ID : "BXPC "
28
[018h 0024 4] Oem Revision : 00000001
29
[01Ch 0028 4] Asl Compiler ID : "BXPC"
30
[020h 0032 4] Asl Compiler Revision : 00000001
31
32
[024h 0036 4] FACS Address : 00000000
33
[028h 0040 4] DSDT Address : 00000000
34
[02Ch 0044 1] Model : 00
35
[02Dh 0045 1] PM Profile : 00 [Unspecified]
36
[02Eh 0046 2] SCI Interrupt : 0000
37
[030h 0048 4] SMI Command Port : 00000000
38
[034h 0052 1] ACPI Enable Value : 00
39
[035h 0053 1] ACPI Disable Value : 00
40
[036h 0054 1] S4BIOS Command : 00
41
[037h 0055 1] P-State Control : 00
42
@@ -XXX,XX +XXX,XX @@
43
Use APIC Physical Destination Mode (V4) : 0
44
Hardware Reduced (V5) : 1
45
Low Power S0 Idle (V5) : 0
46
47
[074h 0116 12] Reset Register : [Generic Address Structure]
48
[074h 0116 1] Space ID : 00 [SystemMemory]
49
[075h 0117 1] Bit Width : 00
50
[076h 0118 1] Bit Offset : 00
51
[077h 0119 1] Encoded Access Width : 00 [Undefined/Legacy]
52
[078h 0120 8] Address : 0000000000000000
53
54
[080h 0128 1] Value to cause reset : 00
55
[081h 0129 2] ARM Flags (decoded below) : 0003
56
PSCI Compliant : 1
57
Must use HVC for PSCI : 1
58
59
-[083h 0131 1] FADT Minor Revision : 00
60
+[083h 0131 1] FADT Minor Revision : 03
61
[084h 0132 8] FACS Address : 0000000000000000
62
[08Ch 0140 8] DSDT Address : 0000000000000000
63
[094h 0148 12] PM1A Event Block : [Generic Address Structure]
64
[094h 0148 1] Space ID : 00 [SystemMemory]
65
[095h 0149 1] Bit Width : 00
66
[096h 0150 1] Bit Offset : 00
67
[097h 0151 1] Encoded Access Width : 00 [Undefined/Legacy]
68
[098h 0152 8] Address : 0000000000000000
69
70
[0A0h 0160 12] PM1B Event Block : [Generic Address Structure]
71
[0A0h 0160 1] Space ID : 00 [SystemMemory]
72
[0A1h 0161 1] Bit Width : 00
73
[0A2h 0162 1] Bit Offset : 00
74
[0A3h 0163 1] Encoded Access Width : 00 [Undefined/Legacy]
75
[0A4h 0164 8] Address : 0000000000000000
76
77
@@ -XXX,XX +XXX,XX @@
78
[0F5h 0245 1] Bit Width : 00
79
[0F6h 0246 1] Bit Offset : 00
80
[0F7h 0247 1] Encoded Access Width : 00 [Undefined/Legacy]
81
[0F8h 0248 8] Address : 0000000000000000
82
83
[100h 0256 12] Sleep Status Register : [Generic Address Structure]
84
[100h 0256 1] Space ID : 00 [SystemMemory]
85
[101h 0257 1] Bit Width : 00
86
[102h 0258 1] Bit Offset : 00
87
[103h 0259 1] Encoded Access Width : 00 [Undefined/Legacy]
88
[104h 0260 8] Address : 0000000000000000
89
90
[10Ch 0268 8] Hypervisor ID : 00000000554D4551
91
92
Raw Table Data: Length 276 (0x114)
93
94
- 0000: 46 41 43 50 14 01 00 00 06 15 42 4F 43 48 53 20 // FACP......BOCHS
95
+ 0000: 46 41 43 50 14 01 00 00 06 12 42 4F 43 48 53 20 // FACP......BOCHS
96
0010: 42 58 50 43 20 20 20 20 01 00 00 00 42 58 50 43 // BXPC ....BXPC
97
0020: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
98
0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
99
0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
100
0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
101
0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
102
0070: 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
103
- 0080: 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
104
+ 0080: 00 03 00 03 00 00 00 00 00 00 00 00 00 00 00 00 // ................
105
0090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
106
00A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
107
00B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
108
00C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
109
00D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
110
00E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
111
00F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // ................
112
0100: 00 00 00 00 00 00 00 00 00 00 00 00 51 45 4D 55 // ............QEMU
113
0110: 00 00 00 00 // ....
114
115
@@ -XXX,XX +XXX,XX @@
116
/*
117
* Intel ACPI Component Architecture
118
* AML/ASL+ Disassembler version 20200925 (64-bit version)
119
* Copyright (c) 2000 - 2020 Intel Corporation
120
*
121
- * Disassembly of tests/data/acpi/virt/GTDT, Mon Jan 22 13:48:40 2024
122
+ * Disassembly of /tmp/aml-XDSZH2, Mon Jan 22 13:48:40 2024
123
*
124
* ACPI Data Table [GTDT]
125
*
126
* Format: [HexOffset DecimalOffset ByteLength] FieldName : FieldValue
127
*/
128
129
[000h 0000 4] Signature : "GTDT" [Generic Timer Description Table]
130
-[004h 0004 4] Table Length : 00000060
131
-[008h 0008 1] Revision : 02
132
-[009h 0009 1] Checksum : 9C
133
+[004h 0004 4] Table Length : 00000068
134
+[008h 0008 1] Revision : 03
135
+[009h 0009 1] Checksum : 93
136
[00Ah 0010 6] Oem ID : "BOCHS "
137
[010h 0016 8] Oem Table ID : "BXPC "
138
[018h 0024 4] Oem Revision : 00000001
139
[01Ch 0028 4] Asl Compiler ID : "BXPC"
140
[020h 0032 4] Asl Compiler Revision : 00000001
141
142
[024h 0036 8] Counter Block Address : FFFFFFFFFFFFFFFF
143
[02Ch 0044 4] Reserved : 00000000
144
145
[030h 0048 4] Secure EL1 Interrupt : 0000001D
146
[034h 0052 4] EL1 Flags (decoded below) : 00000000
147
Trigger Mode : 0
148
Polarity : 0
149
Always On : 0
150
151
[038h 0056 4] Non-Secure EL1 Interrupt : 0000001E
152
@@ -XXX,XX +XXX,XX @@
153
154
[040h 0064 4] Virtual Timer Interrupt : 0000001B
155
[044h 0068 4] VT Flags (decoded below) : 00000000
156
Trigger Mode : 0
157
Polarity : 0
158
Always On : 0
159
160
[048h 0072 4] Non-Secure EL2 Interrupt : 0000001A
161
[04Ch 0076 4] NEL2 Flags (decoded below) : 00000000
162
Trigger Mode : 0
163
Polarity : 0
164
Always On : 0
165
[050h 0080 8] Counter Read Block Address : FFFFFFFFFFFFFFFF
166
167
[058h 0088 4] Platform Timer Count : 00000000
168
[05Ch 0092 4] Platform Timer Offset : 00000000
169
+[060h 0096 4] Virtual EL2 Timer GSIV : 00000000
170
+[064h 0100 4] Virtual EL2 Timer Flags : 00000000
171
172
-Raw Table Data: Length 96 (0x60)
173
+Raw Table Data: Length 104 (0x68)
174
175
- 0000: 47 54 44 54 60 00 00 00 02 9C 42 4F 43 48 53 20 // GTDT`.....BOCHS
176
+ 0000: 47 54 44 54 68 00 00 00 03 93 42 4F 43 48 53 20 // GTDTh.....BOCHS
177
0010: 42 58 50 43 20 20 20 20 01 00 00 00 42 58 50 43 // BXPC ....BXPC
178
0020: 01 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 // ................
179
0030: 1D 00 00 00 00 00 00 00 1E 00 00 00 04 00 00 00 // ................
180
0040: 1B 00 00 00 00 00 00 00 1A 00 00 00 00 00 00 00 // ................
181
0050: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 // ................
182
+ 0060: 00 00 00 00 00 00 00 00 // ........
183
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
184
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
185
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
186
Message-id: 20240122143537.233498-4-peter.maydell@linaro.org
12
---
187
---
13
include/elf.h | 22 ++++++++++++++++++++++
188
tests/qtest/bios-tables-test-allowed-diff.h | 2 --
14
1 file changed, 22 insertions(+)
189
tests/data/acpi/virt/FACP | Bin 276 -> 276 bytes
15
190
tests/data/acpi/virt/GTDT | Bin 96 -> 104 bytes
16
diff --git a/include/elf.h b/include/elf.h
191
3 files changed, 2 deletions(-)
192
193
diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
17
index XXXXXXX..XXXXXXX 100644
194
index XXXXXXX..XXXXXXX 100644
18
--- a/include/elf.h
195
--- a/tests/qtest/bios-tables-test-allowed-diff.h
19
+++ b/include/elf.h
196
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
20
@@ -XXX,XX +XXX,XX @@ typedef int64_t Elf64_Sxword;
197
@@ -1,3 +1 @@
21
#define PT_NOTE 4
198
/* List of comma-separated changed AML files to ignore */
22
#define PT_SHLIB 5
199
-"tests/data/acpi/virt/FACP",
23
#define PT_PHDR 6
200
-"tests/data/acpi/virt/GTDT",
24
+#define PT_LOOS 0x60000000
201
diff --git a/tests/data/acpi/virt/FACP b/tests/data/acpi/virt/FACP
25
+#define PT_HIOS 0x6fffffff
202
index XXXXXXX..XXXXXXX 100644
26
#define PT_LOPROC 0x70000000
203
GIT binary patch
27
#define PT_HIPROC 0x7fffffff
204
delta 25
28
205
gcmbQjG=+)F&CxkPgpq-PO=u!l<;2F$$vli407<0<)c^nh
29
+#define PT_GNU_PROPERTY (PT_LOOS + 0x474e553)
206
30
+
207
delta 28
31
#define PT_MIPS_REGINFO 0x70000000
208
kcmbQjG=+)F&CxkPgpq-PO>`nx<-|!<6Akz$^DuG%0AAS!ssI20
32
#define PT_MIPS_RTPROC 0x70000001
209
33
#define PT_MIPS_OPTIONS 0x70000002
210
diff --git a/tests/data/acpi/virt/GTDT b/tests/data/acpi/virt/GTDT
34
@@ -XXX,XX +XXX,XX @@ typedef struct elf64_shdr {
211
index XXXXXXX..XXXXXXX 100644
35
#define NT_ARM_SYSTEM_CALL 0x404 /* ARM system call number */
212
GIT binary patch
36
#define NT_ARM_SVE 0x405 /* ARM Scalable Vector Extension regs */
213
delta 25
37
214
bcmYeu;BpUf3CUn!U|^m+kt>V?$N&QXMtB4L
38
+/* Defined note types for GNU systems. */
215
39
+
216
delta 16
40
+#define NT_GNU_PROPERTY_TYPE_0 5 /* Program property */
217
Xcmc~u;BpUf2}xjJU|^avkt+-UB60)u
41
+
218
42
+/* Values used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0). */
43
+
44
+#define GNU_PROPERTY_STACK_SIZE 1
45
+#define GNU_PROPERTY_NO_COPY_ON_PROTECTED 2
46
+
47
+#define GNU_PROPERTY_LOPROC 0xc0000000
48
+#define GNU_PROPERTY_HIPROC 0xdfffffff
49
+#define GNU_PROPERTY_LOUSER 0xe0000000
50
+#define GNU_PROPERTY_HIUSER 0xffffffff
51
+
52
+#define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc0000000
53
+#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1u << 0)
54
+#define GNU_PROPERTY_AARCH64_FEATURE_1_PAC (1u << 1)
55
+
56
/*
57
* Physical entry point into the kernel.
58
*
59
--
219
--
60
2.20.1
220
2.34.1
61
62
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
The patchset adding the GMAC ethernet to this SoC crossed in the
2
mail with the patchset cleaning up the NIC handling. When we
3
create the GMAC modules we must call qemu_configure_nic_device()
4
so that the user has the opportunity to use the -nic commandline
5
option to create a network backend and connect it to the GMACs.
2
6
3
Commit 7998beb9c2e removed the ram_size initialization in the
7
Add the missing call.
4
arm_boot_info structure, however it is used by arm_load_kernel().
5
8
6
Initialize the field to fix:
9
Fixes: 21e5326a7c ("hw/arm: Add GMAC devices to NPCM7XX SoC")
7
8
$ qemu-system-arm -M n800 -append 'console=ttyS1' \
9
-kernel meego-arm-n8x0-1.0.80.20100712.1431-vmlinuz-2.6.35~rc4-129.1-n8x0
10
qemu-system-arm: kernel 'meego-arm-n8x0-1.0.80.20100712.1431-vmlinuz-2.6.35~rc4-129.1-n8x0' is too large to fit in RAM (kernel size 1964608, RAM size 0)
11
12
Noticed while running the test introduced in commit 050a82f0c5b
13
("tests/acceptance: Add a test for the N800 and N810 arm machines").
14
15
Fixes: 7998beb9c2e ("arm/nseries: use memdev for RAM")
16
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
17
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
18
Tested-by: Thomas Huth <thuth@redhat.com>
19
Message-id: 20201019095148.1602119-1-f4bug@amsat.org
20
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: David Woodhouse <dwmw@amazon.co.uk>
12
Message-id: 20240206171231.396392-2-peter.maydell@linaro.org
21
---
13
---
22
hw/arm/nseries.c | 1 +
14
hw/arm/npcm7xx.c | 1 +
23
1 file changed, 1 insertion(+)
15
1 file changed, 1 insertion(+)
24
16
25
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
17
diff --git a/hw/arm/npcm7xx.c b/hw/arm/npcm7xx.c
26
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
27
--- a/hw/arm/nseries.c
19
--- a/hw/arm/npcm7xx.c
28
+++ b/hw/arm/nseries.c
20
+++ b/hw/arm/npcm7xx.c
29
@@ -XXX,XX +XXX,XX @@ static void n8x0_init(MachineState *machine,
21
@@ -XXX,XX +XXX,XX @@ static void npcm7xx_realize(DeviceState *dev, Error **errp)
30
g_free(sz);
22
for (i = 0; i < ARRAY_SIZE(s->gmac); i++) {
31
exit(EXIT_FAILURE);
23
SysBusDevice *sbd = SYS_BUS_DEVICE(&s->gmac[i]);
32
}
24
33
+ binfo->ram_size = machine->ram_size;
25
+ qemu_configure_nic_device(DEVICE(sbd), false, NULL);
34
26
/*
35
memory_region_add_subregion(get_system_memory(), OMAP2_Q2_BASE,
27
* The device exists regardless of whether it's connected to a QEMU
36
machine->ram);
28
* netdev backend. So always instantiate it even if there is no
37
--
29
--
38
2.20.1
30
2.34.1
39
40
diff view generated by jsdifflib
1
If the M-profile low-overhead-branch extension is implemented, FPSCR
1
Currently QEMU will warn if there is a NIC on the board that
2
bits [18:16] are a new field LTPSIZE. If MVE is not implemented
2
is not connected to a backend. By default the '-nic user' will
3
(currently always true for us) then this field always reads as 4 and
3
get used for all NICs, but if you manually connect a specific
4
ignores writes.
4
NIC to a specific backend, then the other NICs on the board
5
have no backend and will be warned about:
5
6
6
These bits used to be the vector-length field for the old
7
qemu-system-arm: warning: nic npcm7xx-emc.1 has no peer
7
short-vector extension, so we need to take care that they are not
8
qemu-system-arm: warning: nic npcm-gmac.0 has no peer
8
misinterpreted as setting vec_len. We do this with a rearrangement
9
qemu-system-arm: warning: nic npcm-gmac.1 has no peer
9
of the vfp_set_fpscr() code that deals with vec_len, vec_stride
10
and also the QC bit; this obviates the need for the M-profile
11
only masking step that we used to have at the start of the function.
12
10
13
We provide a new field in CPUState for LTPSIZE, even though this
11
So suppress those warnings by manually connecting every NIC
14
will always be 4, in preparation for MVE, so we don't have to
12
on the board to some backend.
15
come back later and split it out of the vfp.xregs[FPSCR] value.
16
(This state struct field will be saved and restored as part of
17
the FPSCR value via the vmstate_fpscr in machine.c.)
18
13
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
15
Reviewed-by: David Woodhouse <dwmw@amazon.co.uk>
21
Message-id: 20201019151301.2046-11-peter.maydell@linaro.org
16
Reviewed-by: Thomas Huth <thuth@redhat.com>
17
Message-id: 20240206171231.396392-3-peter.maydell@linaro.org
22
---
18
---
23
target/arm/cpu.h | 1 +
19
tests/qtest/npcm7xx_emc-test.c | 5 ++++-
24
target/arm/cpu.c | 9 +++++++++
20
1 file changed, 4 insertions(+), 1 deletion(-)
25
target/arm/vfp_helper.c | 6 ++++++
26
3 files changed, 16 insertions(+)
27
21
28
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
22
diff --git a/tests/qtest/npcm7xx_emc-test.c b/tests/qtest/npcm7xx_emc-test.c
29
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
30
--- a/target/arm/cpu.h
24
--- a/tests/qtest/npcm7xx_emc-test.c
31
+++ b/target/arm/cpu.h
25
+++ b/tests/qtest/npcm7xx_emc-test.c
32
@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
26
@@ -XXX,XX +XXX,XX @@ static int *packet_test_init(int module_num, GString *cmd_line)
33
uint32_t fpdscr[M_REG_NUM_BANKS];
27
* KISS and use -nic. The driver accepts 'emc0' and 'emc1' as aliases
34
uint32_t cpacr[M_REG_NUM_BANKS];
28
* in the 'model' field to specify the device to match.
35
uint32_t nsacr;
29
*/
36
+ int ltpsize;
30
- g_string_append_printf(cmd_line, " -nic socket,fd=%d,model=emc%d ",
37
} v7m;
31
+ g_string_append_printf(cmd_line, " -nic socket,fd=%d,model=emc%d "
38
32
+ "-nic user,model=npcm7xx-emc "
39
/* Information associated with an exception about to be taken:
33
+ "-nic user,model=npcm-gmac "
40
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
34
+ "-nic user,model=npcm-gmac",
41
index XXXXXXX..XXXXXXX 100644
35
test_sockets[1], module_num);
42
--- a/target/arm/cpu.c
36
43
+++ b/target/arm/cpu.c
37
g_test_queue_destroy(packet_test_clear, test_sockets);
44
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(DeviceState *dev)
45
uint8_t *rom;
46
uint32_t vecbase;
47
48
+ if (cpu_isar_feature(aa32_lob, cpu)) {
49
+ /*
50
+ * LTPSIZE is constant 4 if MVE not implemented, and resets
51
+ * to an UNKNOWN value if MVE is implemented. We choose to
52
+ * always reset to 4.
53
+ */
54
+ env->v7m.ltpsize = 4;
55
+ }
56
+
57
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
58
env->v7m.secure = true;
59
} else {
60
diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c
61
index XXXXXXX..XXXXXXX 100644
62
--- a/target/arm/vfp_helper.c
63
+++ b/target/arm/vfp_helper.c
64
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
65
| (env->vfp.vec_len << 16)
66
| (env->vfp.vec_stride << 20);
67
68
+ /*
69
+ * M-profile LTPSIZE overlaps A-profile Stride; whichever of the
70
+ * two is not applicable to this CPU will always be zero.
71
+ */
72
+ fpscr |= env->v7m.ltpsize << 16;
73
+
74
fpscr |= vfp_get_fpscr_from_host(env);
75
76
i = env->vfp.qc[0] | env->vfp.qc[1] | env->vfp.qc[2] | env->vfp.qc[3];
77
--
38
--
78
2.20.1
39
2.34.1
79
80
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
It doesn't make sense to read the value of MDCR_EL2 on a non-A-profile
2
CPU, and in fact if you try to do it we will assert:
2
3
3
When TBI is enabled in a given regime, 56 bits of the address
4
#6 0x00007ffff4b95e96 in __GI___assert_fail
4
are significant and we need to clear out any other matching
5
(assertion=0x5555565a8c70 "!arm_feature(env, ARM_FEATURE_M)", file=0x5555565a6e5c "../../target/arm/helper.c", line=12600, function=0x5555565a9560 <__PRETTY_FUNCTION__.0> "arm_security_space_below_el3") at ./assert/assert.c:101
5
virtual addresses with differing tags.
6
#7 0x0000555555ebf412 in arm_security_space_below_el3 (env=0x555557bc8190) at ../../target/arm/helper.c:12600
7
#8 0x0000555555ea6f89 in arm_is_el2_enabled (env=0x555557bc8190) at ../../target/arm/cpu.h:2595
8
#9 0x0000555555ea942f in arm_mdcr_el2_eff (env=0x555557bc8190) at ../../target/arm/internals.h:1512
6
9
7
The other uses of tlb_flush_page (without mmuidx) in this file
10
We might call pmu_counter_enabled() on an M-profile CPU (for example
8
are only used by aarch32 mode.
11
from the migration pre/post hooks in machine.c); this should always
12
return false because these CPUs don't set ARM_FEATURE_PMU.
9
13
10
Fixes: 38d931687fa1
14
Avoid the assertion by not calling arm_mdcr_el2_eff() before we
11
Reported-by: Jordan Frank <jordanfrank@fb.com>
15
have done the early return for "PMU not present".
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
16
13
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
17
This fixes an assertion failure if you try to do a loadvm or
14
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
18
savevm for an M-profile board.
15
Message-id: 20201016210754.818257-3-richard.henderson@linaro.org
19
20
Cc: qemu-stable@nongnu.org
21
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2155
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
23
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
24
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
25
Message-id: 20240208153346.970021-1-peter.maydell@linaro.org
17
---
26
---
18
target/arm/helper.c | 46 ++++++++++++++++++++++++++++++++++++++-------
27
target/arm/helper.c | 12 ++++++++++--
19
1 file changed, 39 insertions(+), 7 deletions(-)
28
1 file changed, 10 insertions(+), 2 deletions(-)
20
29
21
diff --git a/target/arm/helper.c b/target/arm/helper.c
30
diff --git a/target/arm/helper.c b/target/arm/helper.c
22
index XXXXXXX..XXXXXXX 100644
31
index XXXXXXX..XXXXXXX 100644
23
--- a/target/arm/helper.c
32
--- a/target/arm/helper.c
24
+++ b/target/arm/helper.c
33
+++ b/target/arm/helper.c
25
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
34
@@ -XXX,XX +XXX,XX @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)
26
#endif
35
bool enabled, prohibited = false, filtered;
27
36
bool secure = arm_is_secure(env);
28
static void switch_mode(CPUARMState *env, int mode);
37
int el = arm_current_el(env);
29
+static int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx);
38
- uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
30
39
- uint8_t hpmn = mdcr_el2 & MDCR_HPMN;
31
static int vfp_gdb_get_reg(CPUARMState *env, GByteArray *buf, int reg)
40
+ uint64_t mdcr_el2;
32
{
41
+ uint8_t hpmn;
33
@@ -XXX,XX +XXX,XX @@ static int vae1_tlbmask(CPUARMState *env)
42
43
+ /*
44
+ * We might be called for M-profile cores where MDCR_EL2 doesn't
45
+ * exist and arm_mdcr_el2_eff() will assert, so this early-exit check
46
+ * must be before we read that value.
47
+ */
48
if (!arm_feature(env, ARM_FEATURE_PMU)) {
49
return false;
34
}
50
}
35
}
51
36
52
+ mdcr_el2 = arm_mdcr_el2_eff(env);
37
+/* Return 56 if TBI is enabled, 64 otherwise. */
53
+ hpmn = mdcr_el2 & MDCR_HPMN;
38
+static int tlbbits_for_regime(CPUARMState *env, ARMMMUIdx mmu_idx,
39
+ uint64_t addr)
40
+{
41
+ uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
42
+ int tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
43
+ int select = extract64(addr, 55, 1);
44
+
54
+
45
+ return (tbi >> select) & 1 ? 56 : 64;
55
if (!arm_feature(env, ARM_FEATURE_EL2) ||
46
+}
56
(counter < hpmn || counter == 31)) {
47
+
57
e = env->cp15.c9_pmcr & PMCRE;
48
+static int vae1_tlbbits(CPUARMState *env, uint64_t addr)
49
+{
50
+ ARMMMUIdx mmu_idx;
51
+
52
+ /* Only the regime of the mmu_idx below is significant. */
53
+ if (arm_is_secure_below_el3(env)) {
54
+ mmu_idx = ARMMMUIdx_SE10_0;
55
+ } else if ((env->cp15.hcr_el2 & (HCR_E2H | HCR_TGE))
56
+ == (HCR_E2H | HCR_TGE)) {
57
+ mmu_idx = ARMMMUIdx_E20_0;
58
+ } else {
59
+ mmu_idx = ARMMMUIdx_E10_0;
60
+ }
61
+ return tlbbits_for_regime(env, mmu_idx, addr);
62
+}
63
+
64
static void tlbi_aa64_vmalle1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
65
uint64_t value)
66
{
67
@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_vae1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
68
CPUState *cs = env_cpu(env);
69
int mask = vae1_tlbmask(env);
70
uint64_t pageaddr = sextract64(value << 12, 0, 56);
71
+ int bits = vae1_tlbbits(env, pageaddr);
72
73
- tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr, mask);
74
+ tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr, mask, bits);
75
}
76
77
static void tlbi_aa64_vae1_write(CPUARMState *env, const ARMCPRegInfo *ri,
78
@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_vae1_write(CPUARMState *env, const ARMCPRegInfo *ri,
79
CPUState *cs = env_cpu(env);
80
int mask = vae1_tlbmask(env);
81
uint64_t pageaddr = sextract64(value << 12, 0, 56);
82
+ int bits = vae1_tlbbits(env, pageaddr);
83
84
if (tlb_force_broadcast(env)) {
85
- tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr, mask);
86
+ tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr, mask, bits);
87
} else {
88
- tlb_flush_page_by_mmuidx(cs, pageaddr, mask);
89
+ tlb_flush_page_bits_by_mmuidx(cs, pageaddr, mask, bits);
90
}
91
}
92
93
@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_vae2is_write(CPUARMState *env, const ARMCPRegInfo *ri,
94
{
95
CPUState *cs = env_cpu(env);
96
uint64_t pageaddr = sextract64(value << 12, 0, 56);
97
+ int bits = tlbbits_for_regime(env, ARMMMUIdx_E2, pageaddr);
98
99
- tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
100
- ARMMMUIdxBit_E2);
101
+ tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr,
102
+ ARMMMUIdxBit_E2, bits);
103
}
104
105
static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
106
@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_vae3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
107
{
108
CPUState *cs = env_cpu(env);
109
uint64_t pageaddr = sextract64(value << 12, 0, 56);
110
+ int bits = tlbbits_for_regime(env, ARMMMUIdx_SE3, pageaddr);
111
112
- tlb_flush_page_by_mmuidx_all_cpus_synced(cs, pageaddr,
113
- ARMMMUIdxBit_SE3);
114
+ tlb_flush_page_bits_by_mmuidx_all_cpus_synced(cs, pageaddr,
115
+ ARMMMUIdxBit_SE3, bits);
116
}
117
118
static CPAccessResult aa64_zva_access(CPUARMState *env, const ARMCPRegInfo *ri,
119
--
58
--
120
2.20.1
59
2.34.1
121
60
122
61
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Nabih Estefan <nabihestefan@google.com>
2
2
3
This peripheral has 1 free-running timer and 4 compare registers.
3
Fix the nocm_gmac-test.c file to run on a nuvoton 7xx machine instead
4
of 8xx. Also fix comments referencing this and values expecting 8xx.
4
5
5
Only the free-running timer is implemented. Add support the
6
Change-Id: Iabd0fba14910c3f1e883c4a9521350f3db9ffab8
6
COMPARE registers (each register is wired to an IRQ).
7
Signed-Off-By: Nabih Estefan <nabihestefan@google.com>
7
8
Reviewed-by: Tyrone Ting <kfting@nuvoton.com>
8
Reference: "BCM2835 ARM Peripherals" datasheet [*]
9
Message-id: 20240208194759.2858582-2-nabihestefan@google.com
9
chapter 12 "System Timer":
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
11
[PMM: commit message tweaks]
11
The System Timer peripheral provides four 32-bit timer channels
12
and a single 64-bit free running counter. Each channel has an
13
output compare register, which is compared against the 32 least
14
significant bits of the free running counter values. When the
15
two values match, the system timer peripheral generates a signal
16
to indicate a match for the appropriate channel. The match signal
17
is then fed into the interrupt controller.
18
19
This peripheral is used since Linux 3.7, commit ee4af5696720
20
("ARM: bcm2835: add system timer").
21
22
[*] https://www.raspberrypi.org/app/uploads/2012/02/BCM2835-ARM-Peripherals.pdf
23
24
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
25
Reviewed-by: Luc Michel <luc@lmichel.fr>
26
Message-id: 20201010203709.3116542-4-f4bug@amsat.org
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
28
---
13
---
29
include/hw/timer/bcm2835_systmr.h | 11 +++++--
14
tests/qtest/npcm_gmac-test.c | 84 +-----------------------------------
30
hw/timer/bcm2835_systmr.c | 48 ++++++++++++++++++++-----------
15
tests/qtest/meson.build | 3 +-
31
hw/timer/trace-events | 6 ++--
16
2 files changed, 4 insertions(+), 83 deletions(-)
32
3 files changed, 44 insertions(+), 21 deletions(-)
33
17
34
diff --git a/include/hw/timer/bcm2835_systmr.h b/include/hw/timer/bcm2835_systmr.h
18
diff --git a/tests/qtest/npcm_gmac-test.c b/tests/qtest/npcm_gmac-test.c
35
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
36
--- a/include/hw/timer/bcm2835_systmr.h
20
--- a/tests/qtest/npcm_gmac-test.c
37
+++ b/include/hw/timer/bcm2835_systmr.h
21
+++ b/tests/qtest/npcm_gmac-test.c
38
@@ -XXX,XX +XXX,XX @@
22
@@ -XXX,XX +XXX,XX @@ typedef struct TestData {
39
23
const GMACModule *module;
40
#include "hw/sysbus.h"
24
} TestData;
41
#include "hw/irq.h"
25
42
+#include "qemu/timer.h"
26
-/* Values extracted from hw/arm/npcm8xx.c */
43
#include "qom/object.h"
27
+/* Values extracted from hw/arm/npcm7xx.c */
44
28
static const GMACModule gmac_module_list[] = {
45
#define TYPE_BCM2835_SYSTIMER "bcm2835-sys-timer"
29
{
46
@@ -XXX,XX +XXX,XX @@ OBJECT_DECLARE_SIMPLE_TYPE(BCM2835SystemTimerState, BCM2835_SYSTIMER)
30
.irq = 14,
47
31
@@ -XXX,XX +XXX,XX @@ static const GMACModule gmac_module_list[] = {
48
#define BCM2835_SYSTIMER_COUNT 4
32
.irq = 15,
49
33
.base_addr = 0xf0804000
50
+typedef struct {
34
},
51
+ unsigned id;
35
- {
52
+ QEMUTimer timer;
36
- .irq = 16,
53
+ qemu_irq irq;
37
- .base_addr = 0xf0806000
54
+ BCM2835SystemTimerState *state;
38
- },
55
+} BCM2835SystemTimerCompare;
39
- {
56
+
40
- .irq = 17,
57
struct BCM2835SystemTimerState {
41
- .base_addr = 0xf0808000
58
/*< private >*/
42
- }
59
SysBusDevice parent_obj;
60
61
/*< public >*/
62
MemoryRegion iomem;
63
- qemu_irq irq;
64
-
65
struct {
66
uint32_t ctrl_status;
67
uint32_t compare[BCM2835_SYSTIMER_COUNT];
68
} reg;
69
+ BCM2835SystemTimerCompare tmr[BCM2835_SYSTIMER_COUNT];
70
};
43
};
71
44
72
#endif
45
/* Returns the index of the GMAC module. */
73
diff --git a/hw/timer/bcm2835_systmr.c b/hw/timer/bcm2835_systmr.c
46
@@ -XXX,XX +XXX,XX @@ static uint32_t gmac_read(QTestState *qts, const GMACModule *mod,
74
index XXXXXXX..XXXXXXX 100644
47
return qtest_readl(qts, mod->base_addr + regno);
75
--- a/hw/timer/bcm2835_systmr.c
48
}
76
+++ b/hw/timer/bcm2835_systmr.c
49
77
@@ -XXX,XX +XXX,XX @@ REG32(COMPARE1, 0x10)
50
-static uint16_t pcs_read(QTestState *qts, const GMACModule *mod,
78
REG32(COMPARE2, 0x14)
51
- NPCMRegister regno)
79
REG32(COMPARE3, 0x18)
52
-{
80
53
- uint32_t write_value = (regno & 0x3ffe00) >> 9;
81
-static void bcm2835_systmr_update_irq(BCM2835SystemTimerState *s)
54
- qtest_writel(qts, PCS_BASE_ADDRESS + NPCM_PCS_IND_AC_BA, write_value);
82
+static void bcm2835_systmr_timer_expire(void *opaque)
55
- uint32_t read_offset = regno & 0x1ff;
83
{
56
- return qtest_readl(qts, PCS_BASE_ADDRESS + read_offset);
84
- bool enable = !!s->reg.ctrl_status;
85
+ BCM2835SystemTimerCompare *tmr = opaque;
86
87
- trace_bcm2835_systmr_irq(enable);
88
- qemu_set_irq(s->irq, enable);
89
-}
57
-}
90
-
58
-
91
-static void bcm2835_systmr_update_compare(BCM2835SystemTimerState *s,
59
/* Check that GMAC registers are reset to default value */
92
- unsigned timer_index)
60
static void test_init(gconstpointer test_data)
93
-{
61
{
94
- /* TODO fow now, since neither Linux nor U-boot use these timers. */
62
const TestData *td = test_data;
95
- qemu_log_mask(LOG_UNIMP, "COMPARE register %u not implemented\n",
63
const GMACModule *mod = td->module;
96
- timer_index);
64
- QTestState *qts = qtest_init("-machine npcm845-evb");
97
+ trace_bcm2835_systmr_timer_expired(tmr->id);
65
+ QTestState *qts = qtest_init("-machine npcm750-evb");
98
+ tmr->state->reg.ctrl_status |= 1 << tmr->id;
66
99
+ qemu_set_irq(tmr->irq, 1);
67
#define CHECK_REG32(regno, value) \
68
do { \
69
g_assert_cmphex(gmac_read(qts, mod, (regno)), ==, (value)); \
70
} while (0)
71
72
-#define CHECK_REG_PCS(regno, value) \
73
- do { \
74
- g_assert_cmphex(pcs_read(qts, mod, (regno)), ==, (value)); \
75
- } while (0)
76
-
77
CHECK_REG32(NPCM_DMA_BUS_MODE, 0x00020100);
78
CHECK_REG32(NPCM_DMA_XMT_POLL_DEMAND, 0);
79
CHECK_REG32(NPCM_DMA_RCV_POLL_DEMAND, 0);
80
@@ -XXX,XX +XXX,XX @@ static void test_init(gconstpointer test_data)
81
CHECK_REG32(NPCM_GMAC_PTP_TAR, 0);
82
CHECK_REG32(NPCM_GMAC_PTP_TTSR, 0);
83
84
- /* TODO Add registers PCS */
85
- if (mod->base_addr == 0xf0802000) {
86
- CHECK_REG_PCS(NPCM_PCS_SR_CTL_ID1, 0x699e);
87
- CHECK_REG_PCS(NPCM_PCS_SR_CTL_ID2, 0);
88
- CHECK_REG_PCS(NPCM_PCS_SR_CTL_STS, 0x8000);
89
-
90
- CHECK_REG_PCS(NPCM_PCS_SR_MII_CTRL, 0x1140);
91
- CHECK_REG_PCS(NPCM_PCS_SR_MII_STS, 0x0109);
92
- CHECK_REG_PCS(NPCM_PCS_SR_MII_DEV_ID1, 0x699e);
93
- CHECK_REG_PCS(NPCM_PCS_SR_MII_DEV_ID2, 0x0ced0);
94
- CHECK_REG_PCS(NPCM_PCS_SR_MII_AN_ADV, 0x0020);
95
- CHECK_REG_PCS(NPCM_PCS_SR_MII_LP_BABL, 0);
96
- CHECK_REG_PCS(NPCM_PCS_SR_MII_AN_EXPN, 0);
97
- CHECK_REG_PCS(NPCM_PCS_SR_MII_EXT_STS, 0xc000);
98
-
99
- CHECK_REG_PCS(NPCM_PCS_SR_TIM_SYNC_ABL, 0x0003);
100
- CHECK_REG_PCS(NPCM_PCS_SR_TIM_SYNC_TX_MAX_DLY_LWR, 0x0038);
101
- CHECK_REG_PCS(NPCM_PCS_SR_TIM_SYNC_TX_MAX_DLY_UPR, 0);
102
- CHECK_REG_PCS(NPCM_PCS_SR_TIM_SYNC_TX_MIN_DLY_LWR, 0x0038);
103
- CHECK_REG_PCS(NPCM_PCS_SR_TIM_SYNC_TX_MIN_DLY_UPR, 0);
104
- CHECK_REG_PCS(NPCM_PCS_SR_TIM_SYNC_RX_MAX_DLY_LWR, 0x0058);
105
- CHECK_REG_PCS(NPCM_PCS_SR_TIM_SYNC_RX_MAX_DLY_UPR, 0);
106
- CHECK_REG_PCS(NPCM_PCS_SR_TIM_SYNC_RX_MIN_DLY_LWR, 0x0048);
107
- CHECK_REG_PCS(NPCM_PCS_SR_TIM_SYNC_RX_MIN_DLY_UPR, 0);
108
-
109
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MMD_DIG_CTRL1, 0x2400);
110
- CHECK_REG_PCS(NPCM_PCS_VR_MII_AN_CTRL, 0);
111
- CHECK_REG_PCS(NPCM_PCS_VR_MII_AN_INTR_STS, 0x000a);
112
- CHECK_REG_PCS(NPCM_PCS_VR_MII_TC, 0);
113
- CHECK_REG_PCS(NPCM_PCS_VR_MII_DBG_CTRL, 0);
114
- CHECK_REG_PCS(NPCM_PCS_VR_MII_EEE_MCTRL0, 0x899c);
115
- CHECK_REG_PCS(NPCM_PCS_VR_MII_EEE_TXTIMER, 0);
116
- CHECK_REG_PCS(NPCM_PCS_VR_MII_EEE_RXTIMER, 0);
117
- CHECK_REG_PCS(NPCM_PCS_VR_MII_LINK_TIMER_CTRL, 0);
118
- CHECK_REG_PCS(NPCM_PCS_VR_MII_EEE_MCTRL1, 0);
119
- CHECK_REG_PCS(NPCM_PCS_VR_MII_DIG_STS, 0x0010);
120
- CHECK_REG_PCS(NPCM_PCS_VR_MII_ICG_ERRCNT1, 0);
121
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MISC_STS, 0);
122
- CHECK_REG_PCS(NPCM_PCS_VR_MII_RX_LSTS, 0);
123
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_TX_BSTCTRL0, 0x00a);
124
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_TX_LVLCTRL0, 0x007f);
125
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_TX_GENCTRL0, 0x0001);
126
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_TX_GENCTRL1, 0);
127
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_TX_STS, 0);
128
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_RX_GENCTRL0, 0x0100);
129
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_RX_GENCTRL1, 0x1100);
130
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_RX_LOS_CTRL0, 0x000e);
131
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_MPLL_CTRL0, 0x0100);
132
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_MPLL_CTRL1, 0x0032);
133
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_MPLL_STS, 0x0001);
134
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_MISC_CTRL2, 0);
135
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_LVL_CTRL, 0x0019);
136
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_MISC_CTRL0, 0);
137
- CHECK_REG_PCS(NPCM_PCS_VR_MII_MP_MISC_CTRL1, 0);
138
- CHECK_REG_PCS(NPCM_PCS_VR_MII_DIG_CTRL2, 0);
139
- CHECK_REG_PCS(NPCM_PCS_VR_MII_DIG_ERRCNT_SEL, 0);
140
- }
141
-
142
qtest_quit(qts);
100
}
143
}
101
144
102
static uint64_t bcm2835_systmr_read(void *opaque, hwaddr offset,
145
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
103
@@ -XXX,XX +XXX,XX @@ static uint64_t bcm2835_systmr_read(void *opaque, hwaddr offset,
104
}
105
106
static void bcm2835_systmr_write(void *opaque, hwaddr offset,
107
- uint64_t value, unsigned size)
108
+ uint64_t value64, unsigned size)
109
{
110
BCM2835SystemTimerState *s = BCM2835_SYSTIMER(opaque);
111
+ int index;
112
+ uint32_t value = value64;
113
+ uint32_t triggers_delay_us;
114
+ uint64_t now;
115
116
trace_bcm2835_systmr_write(offset, value);
117
switch (offset) {
118
case A_CTRL_STATUS:
119
s->reg.ctrl_status &= ~value; /* Ack */
120
- bcm2835_systmr_update_irq(s);
121
+ for (index = 0; index < ARRAY_SIZE(s->tmr); index++) {
122
+ if (extract32(value, index, 1)) {
123
+ trace_bcm2835_systmr_irq_ack(index);
124
+ qemu_set_irq(s->tmr[index].irq, 0);
125
+ }
126
+ }
127
break;
128
case A_COMPARE0 ... A_COMPARE3:
129
- s->reg.compare[(offset - A_COMPARE0) >> 2] = value;
130
- bcm2835_systmr_update_compare(s, (offset - A_COMPARE0) >> 2);
131
+ index = (offset - A_COMPARE0) >> 2;
132
+ s->reg.compare[index] = value;
133
+ now = qemu_clock_get_us(QEMU_CLOCK_VIRTUAL);
134
+ /* Compare lower 32-bits of the free-running counter. */
135
+ triggers_delay_us = value - now;
136
+ trace_bcm2835_systmr_run(index, triggers_delay_us);
137
+ timer_mod(&s->tmr[index].timer, now + triggers_delay_us);
138
break;
139
case A_COUNTER_LOW:
140
case A_COUNTER_HIGH:
141
@@ -XXX,XX +XXX,XX @@ static void bcm2835_systmr_realize(DeviceState *dev, Error **errp)
142
memory_region_init_io(&s->iomem, OBJECT(dev), &bcm2835_systmr_ops,
143
s, "bcm2835-sys-timer", 0x20);
144
sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->iomem);
145
- sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq);
146
+
147
+ for (size_t i = 0; i < ARRAY_SIZE(s->tmr); i++) {
148
+ s->tmr[i].id = i;
149
+ s->tmr[i].state = s;
150
+ sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->tmr[i].irq);
151
+ timer_init_us(&s->tmr[i].timer, QEMU_CLOCK_VIRTUAL,
152
+ bcm2835_systmr_timer_expire, &s->tmr[i]);
153
+ }
154
}
155
156
static const VMStateDescription bcm2835_systmr_vmstate = {
157
diff --git a/hw/timer/trace-events b/hw/timer/trace-events
158
index XXXXXXX..XXXXXXX 100644
146
index XXXXXXX..XXXXXXX 100644
159
--- a/hw/timer/trace-events
147
--- a/tests/qtest/meson.build
160
+++ b/hw/timer/trace-events
148
+++ b/tests/qtest/meson.build
161
@@ -XXX,XX +XXX,XX @@ nrf51_timer_write(uint8_t timer_id, uint64_t addr, uint32_t value, unsigned size
149
@@ -XXX,XX +XXX,XX @@ qtests_npcm7xx = \
162
nrf51_timer_set_count(uint8_t timer_id, uint8_t counter_id, uint32_t value) "timer %u counter %u count 0x%" PRIx32
150
'npcm7xx_sdhci-test',
163
151
'npcm7xx_smbus-test',
164
# bcm2835_systmr.c
152
'npcm7xx_timer-test',
165
-bcm2835_systmr_irq(bool enable) "timer irq state %u"
153
- 'npcm7xx_watchdog_timer-test'] + \
166
+bcm2835_systmr_timer_expired(unsigned id) "timer #%u expired"
154
+ 'npcm7xx_watchdog_timer-test',
167
+bcm2835_systmr_irq_ack(unsigned id) "timer #%u acked"
155
+ 'npcm_gmac-test'] + \
168
bcm2835_systmr_read(uint64_t offset, uint64_t data) "timer read: offset 0x%" PRIx64 " data 0x%" PRIx64
156
(slirp.found() ? ['npcm7xx_emc-test'] : [])
169
-bcm2835_systmr_write(uint64_t offset, uint64_t data) "timer write: offset 0x%" PRIx64 " data 0x%" PRIx64
157
qtests_aspeed = \
170
+bcm2835_systmr_write(uint64_t offset, uint32_t data) "timer write: offset 0x%" PRIx64 " data 0x%" PRIx32
158
['aspeed_hace-test',
171
+bcm2835_systmr_run(unsigned id, uint64_t delay_us) "timer #%u expiring in %"PRIu64" us"
172
173
# avr_timer16.c
174
avr_timer16_read(uint8_t addr, uint8_t value) "timer16 read addr:%u value:%u"
175
--
159
--
176
2.20.1
160
2.34.1
177
178
diff view generated by jsdifflib
1
From: Emanuele Giuseppe Esposito <e.emanuelegiuseppe@gmail.com>
1
From: Luc Michel <luc.michel@amd.com>
2
2
3
Current documentation is not too clear on the GETPC usage.
3
An access fault is raised when the Access Flag is not set in the
4
In particular, when used outside the top level helper function
4
looked-up PTE and the AFFD field is not set in the corresponding context
5
it causes unexpected behavior.
5
descriptor. This was already implemented for stage 2. Implement it for
6
stage 1 as well.
6
7
7
Signed-off-by: Emanuele Giuseppe Esposito <e.emanuelegiuseppe@gmail.com>
8
Signed-off-by: Luc Michel <luc.michel@amd.com>
8
Message-id: 20201015095147.1691-1-e.emanuelegiuseppe@gmail.com
9
Reviewed-by: Mostafa Saleh <smostafa@google.com>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Eric Auger <eric.auger@redhat.com>
11
Tested-by: Mostafa Saleh <smostafa@google.com>
12
Message-id: 20240213082211.3330400-1-luc.michel@amd.com
13
[PMM: tweaked comment text]
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
15
---
12
docs/devel/loads-stores.rst | 8 +++++++-
16
hw/arm/smmuv3-internal.h | 1 +
13
1 file changed, 7 insertions(+), 1 deletion(-)
17
include/hw/arm/smmu-common.h | 1 +
18
hw/arm/smmu-common.c | 11 +++++++++++
19
hw/arm/smmuv3.c | 1 +
20
4 files changed, 14 insertions(+)
14
21
15
diff --git a/docs/devel/loads-stores.rst b/docs/devel/loads-stores.rst
22
diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
16
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
17
--- a/docs/devel/loads-stores.rst
24
--- a/hw/arm/smmuv3-internal.h
18
+++ b/docs/devel/loads-stores.rst
25
+++ b/hw/arm/smmuv3-internal.h
19
@@ -XXX,XX +XXX,XX @@ guest CPU state in case of a guest CPU exception. This is passed
26
@@ -XXX,XX +XXX,XX @@ static inline int pa_range(STE *ste)
20
to ``cpu_restore_state()``. Therefore the value should either be 0,
27
#define CD_EPD(x, sel) extract32((x)->word[0], (16 * (sel)) + 14, 1)
21
to indicate that the guest CPU state is already synchronized, or
28
#define CD_ENDI(x) extract32((x)->word[0], 15, 1)
22
the result of ``GETPC()`` from the top level ``HELPER(foo)``
29
#define CD_IPS(x) extract32((x)->word[1], 0 , 3)
23
-function, which is a return address into the generated code.
30
+#define CD_AFFD(x) extract32((x)->word[1], 3 , 1)
24
+function, which is a return address into the generated code [#gpc]_.
31
#define CD_TBI(x) extract32((x)->word[1], 6 , 2)
32
#define CD_HD(x) extract32((x)->word[1], 10 , 1)
33
#define CD_HA(x) extract32((x)->word[1], 11 , 1)
34
diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
35
index XXXXXXX..XXXXXXX 100644
36
--- a/include/hw/arm/smmu-common.h
37
+++ b/include/hw/arm/smmu-common.h
38
@@ -XXX,XX +XXX,XX @@ typedef struct SMMUTransCfg {
39
bool disabled; /* smmu is disabled */
40
bool bypassed; /* translation is bypassed */
41
bool aborted; /* translation is aborted */
42
+ bool affd; /* AF fault disable */
43
uint32_t iotlb_hits; /* counts IOTLB hits */
44
uint32_t iotlb_misses; /* counts IOTLB misses*/
45
/* Used by stage-1 only. */
46
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
47
index XXXXXXX..XXXXXXX 100644
48
--- a/hw/arm/smmu-common.c
49
+++ b/hw/arm/smmu-common.c
50
@@ -XXX,XX +XXX,XX @@ static int smmu_ptw_64_s1(SMMUTransCfg *cfg,
51
pte_addr, pte, iova, gpa,
52
block_size >> 20);
53
}
25
+
54
+
26
+.. [#gpc] Note that ``GETPC()`` should be used with great care: calling
55
+ /*
27
+ it in other functions that are *not* the top level
56
+ * QEMU does not currently implement HTTU, so if AFFD and PTE.AF
28
+ ``HELPER(foo)`` will cause unexpected behavior. Instead, the
57
+ * are 0 we take an Access flag fault. (5.4. Context Descriptor)
29
+ value of ``GETPC()`` should be read from the helper and passed
58
+ * An Access flag fault takes priority over a Permission fault.
30
+ if needed to the functions that the helper calls.
59
+ */
31
60
+ if (!PTE_AF(pte) && !cfg->affd) {
32
Function names follow the pattern:
61
+ info->type = SMMU_PTW_ERR_ACCESS;
62
+ goto error;
63
+ }
64
+
65
ap = PTE_AP(pte);
66
if (is_permission_fault(ap, perm)) {
67
info->type = SMMU_PTW_ERR_PERMISSION;
68
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
69
index XXXXXXX..XXXXXXX 100644
70
--- a/hw/arm/smmuv3.c
71
+++ b/hw/arm/smmuv3.c
72
@@ -XXX,XX +XXX,XX @@ static int decode_cd(SMMUTransCfg *cfg, CD *cd, SMMUEventInfo *event)
73
cfg->oas = MIN(oas2bits(SMMU_IDR5_OAS), cfg->oas);
74
cfg->tbi = CD_TBI(cd);
75
cfg->asid = CD_ASID(cd);
76
+ cfg->affd = CD_AFFD(cd);
77
78
trace_smmuv3_decode_cd(cfg->oas);
33
79
34
--
80
--
35
2.20.1
81
2.34.1
36
37
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Philippe Mathieu-Daudé <philmd@linaro.org>
2
2
3
The IRQ values are defined few lines earlier, use them instead of
3
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
4
the magic numbers.
5
6
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Message-id: 20201017180731.1165871-3-f4bug@amsat.org
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
4
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
5
Message-id: 20240213155214.13619-2-philmd@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
7
---
11
hw/intc/bcm2836_control.c | 8 ++++----
8
hw/arm/stellaris.c | 6 ++++--
12
1 file changed, 4 insertions(+), 4 deletions(-)
9
1 file changed, 4 insertions(+), 2 deletions(-)
13
10
14
diff --git a/hw/intc/bcm2836_control.c b/hw/intc/bcm2836_control.c
11
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
15
index XXXXXXX..XXXXXXX 100644
12
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/intc/bcm2836_control.c
13
--- a/hw/arm/stellaris.c
17
+++ b/hw/intc/bcm2836_control.c
14
+++ b/hw/arm/stellaris.c
18
@@ -XXX,XX +XXX,XX @@ static void bcm2836_control_set_local_irq(void *opaque, int core, int local_irq,
15
@@ -XXX,XX +XXX,XX @@ static void stellaris_adc_trigger(void *opaque, int irq, int level)
19
16
}
20
static void bcm2836_control_set_local_irq0(void *opaque, int core, int level)
17
}
18
19
-static void stellaris_adc_reset(StellarisADCState *s)
20
+static void stellaris_adc_reset_hold(Object *obj)
21
{
21
{
22
- bcm2836_control_set_local_irq(opaque, core, 0, level);
22
+ StellarisADCState *s = STELLARIS_ADC(obj);
23
+ bcm2836_control_set_local_irq(opaque, core, IRQ_CNTPSIRQ, level);
23
int n;
24
25
for (n = 0; n < 4; n++) {
26
@@ -XXX,XX +XXX,XX @@ static void stellaris_adc_init(Object *obj)
27
memory_region_init_io(&s->iomem, obj, &stellaris_adc_ops, s,
28
"adc", 0x1000);
29
sysbus_init_mmio(sbd, &s->iomem);
30
- stellaris_adc_reset(s);
31
qdev_init_gpio_in(dev, stellaris_adc_trigger, 1);
24
}
32
}
25
33
26
static void bcm2836_control_set_local_irq1(void *opaque, int core, int level)
34
@@ -XXX,XX +XXX,XX @@ static const TypeInfo stellaris_i2c_info = {
35
static void stellaris_adc_class_init(ObjectClass *klass, void *data)
27
{
36
{
28
- bcm2836_control_set_local_irq(opaque, core, 1, level);
37
DeviceClass *dc = DEVICE_CLASS(klass);
29
+ bcm2836_control_set_local_irq(opaque, core, IRQ_CNTPNSIRQ, level);
38
+ ResettableClass *rc = RESETTABLE_CLASS(klass);
39
40
+ rc->phases.hold = stellaris_adc_reset_hold;
41
dc->vmsd = &vmstate_stellaris_adc;
30
}
42
}
31
43
32
static void bcm2836_control_set_local_irq2(void *opaque, int core, int level)
33
{
34
- bcm2836_control_set_local_irq(opaque, core, 2, level);
35
+ bcm2836_control_set_local_irq(opaque, core, IRQ_CNTHPIRQ, level);
36
}
37
38
static void bcm2836_control_set_local_irq3(void *opaque, int core, int level)
39
{
40
- bcm2836_control_set_local_irq(opaque, core, 3, level);
41
+ bcm2836_control_set_local_irq(opaque, core, IRQ_CNTVIRQ, level);
42
}
43
44
static void bcm2836_control_set_gpu_irq(void *opaque, int irq, int level)
45
--
44
--
46
2.20.1
45
2.34.1
47
46
48
47
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Philippe Mathieu-Daudé <philmd@linaro.org>
2
2
3
This is generic support, with the code disabled for all targets.
3
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
4
4
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Message-id: 20240213155214.13619-3-philmd@linaro.org
6
Message-id: 20201016184207.786698-11-richard.henderson@linaro.org
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
8
---
10
linux-user/qemu.h | 4 ++
9
hw/arm/stellaris.c | 26 ++++++++++++++++++++++----
11
linux-user/elfload.c | 157 +++++++++++++++++++++++++++++++++++++++++++
10
1 file changed, 22 insertions(+), 4 deletions(-)
12
2 files changed, 161 insertions(+)
13
11
14
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
12
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
15
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
16
--- a/linux-user/qemu.h
14
--- a/hw/arm/stellaris.c
17
+++ b/linux-user/qemu.h
15
+++ b/hw/arm/stellaris.c
18
@@ -XXX,XX +XXX,XX @@ struct image_info {
16
@@ -XXX,XX +XXX,XX @@ static void stellaris_sys_instance_init(Object *obj)
19
abi_ulong interpreter_loadmap_addr;
17
s->sysclk = qdev_init_clock_out(DEVICE(s), "SYSCLK");
20
abi_ulong interpreter_pt_dynamic_addr;
18
}
21
struct image_info *other_info;
19
20
-/* I2C controller. */
21
+/*
22
+ * I2C controller.
23
+ * ??? For now we only implement the master interface.
24
+ */
25
26
#define TYPE_STELLARIS_I2C "stellaris-i2c"
27
OBJECT_DECLARE_SIMPLE_TYPE(stellaris_i2c_state, STELLARIS_I2C)
28
@@ -XXX,XX +XXX,XX @@ static void stellaris_i2c_write(void *opaque, hwaddr offset,
29
stellaris_i2c_update(s);
30
}
31
32
-static void stellaris_i2c_reset(stellaris_i2c_state *s)
33
+static void stellaris_i2c_reset_enter(Object *obj, ResetType type)
34
{
35
+ stellaris_i2c_state *s = STELLARIS_I2C(obj);
22
+
36
+
23
+ /* For target-specific processing of NT_GNU_PROPERTY_TYPE_0. */
37
if (s->mcs & STELLARIS_I2C_MCS_BUSBSY)
24
+ uint32_t note_flags;
38
i2c_end_transfer(s->bus);
25
+
26
#ifdef TARGET_MIPS
27
int fp_abi;
28
int interp_fp_abi;
29
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
30
index XXXXXXX..XXXXXXX 100644
31
--- a/linux-user/elfload.c
32
+++ b/linux-user/elfload.c
33
@@ -XXX,XX +XXX,XX @@ static void elf_core_copy_regs(target_elf_gregset_t *regs,
34
35
#include "elf.h"
36
37
+static bool arch_parse_elf_property(uint32_t pr_type, uint32_t pr_datasz,
38
+ const uint32_t *data,
39
+ struct image_info *info,
40
+ Error **errp)
41
+{
42
+ g_assert_not_reached();
43
+}
44
+#define ARCH_USE_GNU_PROPERTY 0
45
+
46
struct exec
47
{
48
unsigned int a_info; /* Use macros N_MAGIC, etc for access */
49
@@ -XXX,XX +XXX,XX @@ void probe_guest_base(const char *image_name, abi_ulong guest_loaddr,
50
"@ 0x%" PRIx64 "\n", (uint64_t)guest_base);
51
}
52
53
+enum {
54
+ /* The string "GNU\0" as a magic number. */
55
+ GNU0_MAGIC = const_le32('G' | 'N' << 8 | 'U' << 16),
56
+ NOTE_DATA_SZ = 1 * KiB,
57
+ NOTE_NAME_SZ = 4,
58
+ ELF_GNU_PROPERTY_ALIGN = ELF_CLASS == ELFCLASS32 ? 4 : 8,
59
+};
60
+
61
+/*
62
+ * Process a single gnu_property entry.
63
+ * Return false for error.
64
+ */
65
+static bool parse_elf_property(const uint32_t *data, int *off, int datasz,
66
+ struct image_info *info, bool have_prev_type,
67
+ uint32_t *prev_type, Error **errp)
68
+{
69
+ uint32_t pr_type, pr_datasz, step;
70
+
71
+ if (*off > datasz || !QEMU_IS_ALIGNED(*off, ELF_GNU_PROPERTY_ALIGN)) {
72
+ goto error_data;
73
+ }
74
+ datasz -= *off;
75
+ data += *off / sizeof(uint32_t);
76
+
77
+ if (datasz < 2 * sizeof(uint32_t)) {
78
+ goto error_data;
79
+ }
80
+ pr_type = data[0];
81
+ pr_datasz = data[1];
82
+ data += 2;
83
+ datasz -= 2 * sizeof(uint32_t);
84
+ step = ROUND_UP(pr_datasz, ELF_GNU_PROPERTY_ALIGN);
85
+ if (step > datasz) {
86
+ goto error_data;
87
+ }
88
+
89
+ /* Properties are supposed to be unique and sorted on pr_type. */
90
+ if (have_prev_type && pr_type <= *prev_type) {
91
+ if (pr_type == *prev_type) {
92
+ error_setg(errp, "Duplicate property in PT_GNU_PROPERTY");
93
+ } else {
94
+ error_setg(errp, "Unsorted property in PT_GNU_PROPERTY");
95
+ }
96
+ return false;
97
+ }
98
+ *prev_type = pr_type;
99
+
100
+ if (!arch_parse_elf_property(pr_type, pr_datasz, data, info, errp)) {
101
+ return false;
102
+ }
103
+
104
+ *off += 2 * sizeof(uint32_t) + step;
105
+ return true;
106
+
107
+ error_data:
108
+ error_setg(errp, "Ill-formed property in PT_GNU_PROPERTY");
109
+ return false;
110
+}
39
+}
111
+
40
+
112
+/* Process NT_GNU_PROPERTY_TYPE_0. */
41
+static void stellaris_i2c_reset_hold(Object *obj)
113
+static bool parse_elf_properties(int image_fd,
114
+ struct image_info *info,
115
+ const struct elf_phdr *phdr,
116
+ char bprm_buf[BPRM_BUF_SIZE],
117
+ Error **errp)
118
+{
42
+{
119
+ union {
43
+ stellaris_i2c_state *s = STELLARIS_I2C(obj);
120
+ struct elf_note nhdr;
44
121
+ uint32_t data[NOTE_DATA_SZ / sizeof(uint32_t)];
45
s->msa = 0;
122
+ } note;
46
s->mcs = 0;
123
+
47
@@ -XXX,XX +XXX,XX @@ static void stellaris_i2c_reset(stellaris_i2c_state *s)
124
+ int n, off, datasz;
48
s->mimr = 0;
125
+ bool have_prev_type;
49
s->mris = 0;
126
+ uint32_t prev_type;
50
s->mcr = 0;
127
+
128
+ /* Unless the arch requires properties, ignore them. */
129
+ if (!ARCH_USE_GNU_PROPERTY) {
130
+ return true;
131
+ }
132
+
133
+ /* If the properties are crazy large, that's too bad. */
134
+ n = phdr->p_filesz;
135
+ if (n > sizeof(note)) {
136
+ error_setg(errp, "PT_GNU_PROPERTY too large");
137
+ return false;
138
+ }
139
+ if (n < sizeof(note.nhdr)) {
140
+ error_setg(errp, "PT_GNU_PROPERTY too small");
141
+ return false;
142
+ }
143
+
144
+ if (phdr->p_offset + n <= BPRM_BUF_SIZE) {
145
+ memcpy(&note, bprm_buf + phdr->p_offset, n);
146
+ } else {
147
+ ssize_t len = pread(image_fd, &note, n, phdr->p_offset);
148
+ if (len != n) {
149
+ error_setg_errno(errp, errno, "Error reading file header");
150
+ return false;
151
+ }
152
+ }
153
+
154
+ /*
155
+ * The contents of a valid PT_GNU_PROPERTY is a sequence
156
+ * of uint32_t -- swap them all now.
157
+ */
158
+#ifdef BSWAP_NEEDED
159
+ for (int i = 0; i < n / 4; i++) {
160
+ bswap32s(note.data + i);
161
+ }
162
+#endif
163
+
164
+ /*
165
+ * Note that nhdr is 3 words, and that the "name" described by namesz
166
+ * immediately follows nhdr and is thus at the 4th word. Further, all
167
+ * of the inputs to the kernel's round_up are multiples of 4.
168
+ */
169
+ if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 ||
170
+ note.nhdr.n_namesz != NOTE_NAME_SZ ||
171
+ note.data[3] != GNU0_MAGIC) {
172
+ error_setg(errp, "Invalid note in PT_GNU_PROPERTY");
173
+ return false;
174
+ }
175
+ off = sizeof(note.nhdr) + NOTE_NAME_SZ;
176
+
177
+ datasz = note.nhdr.n_descsz + off;
178
+ if (datasz > n) {
179
+ error_setg(errp, "Invalid note size in PT_GNU_PROPERTY");
180
+ return false;
181
+ }
182
+
183
+ have_prev_type = false;
184
+ prev_type = 0;
185
+ while (1) {
186
+ if (off == datasz) {
187
+ return true; /* end, exit ok */
188
+ }
189
+ if (!parse_elf_property(note.data, &off, datasz, info,
190
+ have_prev_type, &prev_type, errp)) {
191
+ return false;
192
+ }
193
+ have_prev_type = true;
194
+ }
195
+}
51
+}
196
+
52
+
197
/* Load an ELF image into the address space.
53
+static void stellaris_i2c_reset_exit(Object *obj)
198
54
+{
199
IMAGE_NAME is the filename of the image, to use in error messages.
55
+ stellaris_i2c_state *s = STELLARIS_I2C(obj);
200
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
56
+
201
goto exit_errmsg;
57
stellaris_i2c_update(s);
202
}
58
}
203
*pinterp_name = g_steal_pointer(&interp_name);
59
204
+ } else if (eppnt->p_type == PT_GNU_PROPERTY) {
60
@@ -XXX,XX +XXX,XX @@ static void stellaris_i2c_init(Object *obj)
205
+ if (!parse_elf_properties(image_fd, info, eppnt, bprm_buf, &err)) {
61
memory_region_init_io(&s->iomem, obj, &stellaris_i2c_ops, s,
206
+ goto exit_errmsg;
62
"i2c", 0x1000);
207
+ }
63
sysbus_init_mmio(sbd, &s->iomem);
208
}
64
- /* ??? For now we only implement the master interface. */
209
}
65
- stellaris_i2c_reset(s);
66
}
67
68
/* Analogue to Digital Converter. This is only partially implemented,
69
@@ -XXX,XX +XXX,XX @@ type_init(stellaris_machine_init)
70
static void stellaris_i2c_class_init(ObjectClass *klass, void *data)
71
{
72
DeviceClass *dc = DEVICE_CLASS(klass);
73
+ ResettableClass *rc = RESETTABLE_CLASS(klass);
74
75
+ rc->phases.enter = stellaris_i2c_reset_enter;
76
+ rc->phases.hold = stellaris_i2c_reset_hold;
77
+ rc->phases.exit = stellaris_i2c_reset_exit;
78
dc->vmsd = &vmstate_stellaris_i2c;
79
}
210
80
211
--
81
--
212
2.20.1
82
2.34.1
213
83
214
84
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Philippe Mathieu-Daudé <philmd@linaro.org>
2
2
3
We already have the full ARMMMUIdx as computed from the
3
QDev objects created with qdev_new() need to manually add
4
function parameter.
4
their parent relationship with object_property_add_child().
5
5
6
For the purpose of regime_has_2_ranges, we can ignore any
6
This commit plug the devices which aren't part of the SoC;
7
difference between AccType_Normal and AccType_Unpriv, which
7
they will be plugged into a SoC container in the next one.
8
would be the only difference between the passed mmu_idx
9
and arm_mmu_idx_el.
10
8
11
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
12
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
11
Message-id: 20240213155214.13619-4-philmd@linaro.org
14
Tested-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
15
Message-id: 20201008162155.161886-2-richard.henderson@linaro.org
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
---
13
---
18
target/arm/mte_helper.c | 3 +--
14
hw/arm/stellaris.c | 4 ++++
19
1 file changed, 1 insertion(+), 2 deletions(-)
15
1 file changed, 4 insertions(+)
20
16
21
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
17
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
22
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
23
--- a/target/arm/mte_helper.c
19
--- a/hw/arm/stellaris.c
24
+++ b/target/arm/mte_helper.c
20
+++ b/hw/arm/stellaris.c
25
@@ -XXX,XX +XXX,XX @@ static void mte_check_fail(CPUARMState *env, uint32_t desc,
21
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
26
22
&error_fatal);
27
case 2:
23
28
/* Tag check fail causes asynchronous flag set. */
24
ssddev = qdev_new("ssd0323");
29
- mmu_idx = arm_mmu_idx_el(env, el);
25
+ object_property_add_child(OBJECT(ms), "oled", OBJECT(ssddev));
30
- if (regime_has_2_ranges(mmu_idx)) {
26
qdev_prop_set_uint8(ssddev, "cs", 1);
31
+ if (regime_has_2_ranges(arm_mmu_idx)) {
27
qdev_realize_and_unref(ssddev, bus, &error_fatal);
32
select = extract64(dirty_ptr, 55, 1);
28
33
} else {
29
gpio_d_splitter = qdev_new(TYPE_SPLIT_IRQ);
34
select = 0;
30
+ object_property_add_child(OBJECT(ms), "splitter",
31
+ OBJECT(gpio_d_splitter));
32
qdev_prop_set_uint32(gpio_d_splitter, "num-lines", 2);
33
qdev_realize_and_unref(gpio_d_splitter, NULL, &error_fatal);
34
qdev_connect_gpio_out(
35
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
36
DeviceState *gpad;
37
38
gpad = qdev_new(TYPE_STELLARIS_GAMEPAD);
39
+ object_property_add_child(OBJECT(ms), "gamepad", OBJECT(gpad));
40
for (i = 0; i < ARRAY_SIZE(gpad_keycode); i++) {
41
qlist_append_int(gpad_keycode_list, gpad_keycode[i]);
42
}
35
--
43
--
36
2.20.1
44
2.34.1
37
45
38
46
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Philippe Mathieu-Daudé <philmd@linaro.org>
2
2
3
Add trace events for GPU and CPU IRQs.
3
QDev objects created with qdev_new() need to manually add
4
their parent relationship with object_property_add_child().
4
5
5
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
6
Since we don't model the SoC, just use a QOM container.
6
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
7
Message-id: 20201017180731.1165871-2-f4bug@amsat.org
8
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Message-id: 20240213155214.13619-5-philmd@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
12
---
10
hw/intc/bcm2835_ic.c | 4 +++-
13
hw/arm/stellaris.c | 11 ++++++++++-
11
hw/intc/trace-events | 4 ++++
14
1 file changed, 10 insertions(+), 1 deletion(-)
12
2 files changed, 7 insertions(+), 1 deletion(-)
13
15
14
diff --git a/hw/intc/bcm2835_ic.c b/hw/intc/bcm2835_ic.c
16
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
15
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/intc/bcm2835_ic.c
18
--- a/hw/arm/stellaris.c
17
+++ b/hw/intc/bcm2835_ic.c
19
+++ b/hw/arm/stellaris.c
18
@@ -XXX,XX +XXX,XX @@
20
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
19
#include "migration/vmstate.h"
21
* 400fe000 system control
20
#include "qemu/log.h"
22
*/
21
#include "qemu/module.h"
23
22
+#include "trace.h"
24
+ Object *soc_container;
23
25
DeviceState *gpio_dev[7], *nvic;
24
#define GPU_IRQS 64
26
qemu_irq gpio_in[7][8];
25
#define ARM_IRQS 8
27
qemu_irq gpio_out[7][8];
26
@@ -XXX,XX +XXX,XX @@ static void bcm2835_ic_update(BCM2835ICState *s)
28
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
27
set = (s->gpu_irq_level & s->gpu_irq_enable)
29
flash_size = (((board->dc0 & 0xffff) + 1) << 1) * 1024;
28
|| (s->arm_irq_level & s->arm_irq_enable);
30
sram_size = ((board->dc0 >> 18) + 1) * 1024;
29
qemu_set_irq(s->irq, set);
31
32
+ soc_container = object_new("container");
33
+ object_property_add_child(OBJECT(ms), "soc", soc_container);
34
+
35
/* Flash programming is done via the SCU, so pretend it is ROM. */
36
memory_region_init_rom(flash, NULL, "stellaris.flash", flash_size,
37
&error_fatal);
38
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
39
* need its sysclk output.
40
*/
41
ssys_dev = qdev_new(TYPE_STELLARIS_SYS);
42
+ object_property_add_child(soc_container, "sys", OBJECT(ssys_dev));
43
44
/*
45
* Most devices come preprogrammed with a MAC address in the user data.
46
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
47
sysbus_realize_and_unref(SYS_BUS_DEVICE(ssys_dev), &error_fatal);
48
49
nvic = qdev_new(TYPE_ARMV7M);
50
+ object_property_add_child(soc_container, "v7m", OBJECT(nvic));
51
qdev_prop_set_uint32(nvic, "num-irq", NUM_IRQ_LINES);
52
qdev_prop_set_uint8(nvic, "num-prio-bits", NUM_PRIO_BITS);
53
qdev_prop_set_string(nvic, "cpu-type", ms->cpu_type);
54
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
55
56
dev = qdev_new(TYPE_STELLARIS_GPTM);
57
sbd = SYS_BUS_DEVICE(dev);
58
+ object_property_add_child(soc_container, "gptm[*]", OBJECT(dev));
59
qdev_connect_clock_in(dev, "clk",
60
qdev_get_clock_out(ssys_dev, "SYSCLK"));
61
sysbus_realize_and_unref(sbd, &error_fatal);
62
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
63
64
if (board->dc1 & (1 << 3)) { /* watchdog present */
65
dev = qdev_new(TYPE_LUMINARY_WATCHDOG);
30
-
66
-
31
}
67
+ object_property_add_child(soc_container, "wdg", OBJECT(dev));
32
68
qdev_connect_clock_in(dev, "WDOGCLK",
33
static void bcm2835_ic_set_gpu_irq(void *opaque, int irq, int level)
69
qdev_get_clock_out(ssys_dev, "SYSCLK"));
34
@@ -XXX,XX +XXX,XX @@ static void bcm2835_ic_set_gpu_irq(void *opaque, int irq, int level)
70
35
BCM2835ICState *s = opaque;
71
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
36
72
SysBusDevice *sbd;
37
assert(irq >= 0 && irq < 64);
73
38
+ trace_bcm2835_ic_set_gpu_irq(irq, level);
74
dev = qdev_new("pl011_luminary");
39
s->gpu_irq_level = deposit64(s->gpu_irq_level, irq, 1, level != 0);
75
+ object_property_add_child(soc_container, "uart[*]", OBJECT(dev));
40
bcm2835_ic_update(s);
76
sbd = SYS_BUS_DEVICE(dev);
41
}
77
qdev_prop_set_chr(dev, "chardev", serial_hd(i));
42
@@ -XXX,XX +XXX,XX @@ static void bcm2835_ic_set_arm_irq(void *opaque, int irq, int level)
78
sysbus_realize_and_unref(sbd, &error_fatal);
43
BCM2835ICState *s = opaque;
79
@@ -XXX,XX +XXX,XX @@ static void stellaris_init(MachineState *ms, stellaris_board_info *board)
44
80
DeviceState *enet;
45
assert(irq >= 0 && irq < 8);
81
46
+ trace_bcm2835_ic_set_cpu_irq(irq, level);
82
enet = qdev_new("stellaris_enet");
47
s->arm_irq_level = deposit32(s->arm_irq_level, irq, 1, level != 0);
83
+ object_property_add_child(soc_container, "enet", OBJECT(enet));
48
bcm2835_ic_update(s);
84
if (nd) {
49
}
85
qdev_set_nic_properties(enet, nd);
50
diff --git a/hw/intc/trace-events b/hw/intc/trace-events
86
} else {
51
index XXXXXXX..XXXXXXX 100644
52
--- a/hw/intc/trace-events
53
+++ b/hw/intc/trace-events
54
@@ -XXX,XX +XXX,XX @@ nvic_sysreg_write(uint64_t addr, uint32_t value, unsigned size) "NVIC sysreg wri
55
heathrow_write(uint64_t addr, unsigned int n, uint64_t value) "0x%"PRIx64" %u: 0x%"PRIx64
56
heathrow_read(uint64_t addr, unsigned int n, uint64_t value) "0x%"PRIx64" %u: 0x%"PRIx64
57
heathrow_set_irq(int num, int level) "set_irq: num=0x%02x level=%d"
58
+
59
+# bcm2835_ic.c
60
+bcm2835_ic_set_gpu_irq(int irq, int level) "GPU irq #%d level %d"
61
+bcm2835_ic_set_cpu_irq(int irq, int level) "CPU irq #%d level %d"
62
--
87
--
63
2.20.1
88
2.34.1
64
89
65
90
diff view generated by jsdifflib
1
M-profile CPUs with half-precision floating point support should
1
We support two different encodings for the AArch32 IMPDEF
2
be able to write to FPSCR.FZ16, but an M-profile specific masking
2
CBAR register -- older cores like the Cortex A9, A7, A15
3
of the value at the top of vfp_set_fpscr() currently prevents that.
3
have this at 4, c15, c0, 0; newer cores like the
4
This is not yet an active bug because we have no M-profile
4
Cortex A35, A53, A57 and A72 have it at 1 c15 c0 0.
5
FP16 CPUs, but needs to be fixed before we can add any.
6
5
7
The bits that the masking is effectively preventing from being
6
When we implemented this we picked which encoding to
8
set are the A-profile only short-vector Len and Stride fields,
7
use based on whether the CPU set ARM_FEATURE_AARCH64.
9
plus the Neon QC bit. Rearrange the order of the function so
8
However this isn't right for three cases:
10
that those fields are handled earlier and only under a suitable
9
* the qemu-system-arm 'max' CPU, which is supposed to be
11
guard; this allows us to drop the M-profile specific masking,
10
a variant on a Cortex-A57; it ought to use the same
12
making FZ16 writeable.
11
encoding the A57 does and which the AArch64 'max'
12
exposes to AArch32 guest code
13
* the Cortex-R52, which is AArch32-only but has the CBAR
14
at the newer encoding (and where we incorrectly are
15
not yet setting ARM_FEATURE_CBAR_RO anyway)
16
* any possible future support for other v8 AArch32
17
only CPUs, or for supporting "boot the CPU into
18
AArch32 mode" on our existing cores like the A57 etc
13
19
14
This change also makes the QC bit correctly RAZ/WI for older
20
Make the decision of the encoding be based on whether
15
no-Neon A-profile cores.
21
the CPU implements the ARM_FEATURE_V8 flag instead.
16
22
17
This refactoring also paves the way for the low-overhead-branch
23
This changes the behaviour only for the qemu-system-arm
18
LTPSIZE field, which uses some of the bits that are used for
24
'-cpu max'. We don't expect anybody to be relying on the
19
A-profile Stride and Len.
25
old behaviour because:
26
* it's not what the real hardware Cortex-A57 does
27
(and that's what our ID register claims we are)
28
* we don't implement the memory-mapped GICv3 support
29
which is the only thing that exists at the peripheral
30
base address pointed to by the register
20
31
21
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
32
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
33
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
23
Message-id: 20201019151301.2046-10-peter.maydell@linaro.org
34
Message-id: 20240206132931.38376-2-peter.maydell@linaro.org
24
---
35
---
25
target/arm/vfp_helper.c | 47 ++++++++++++++++++++++++-----------------
36
target/arm/helper.c | 2 +-
26
1 file changed, 28 insertions(+), 19 deletions(-)
37
1 file changed, 1 insertion(+), 1 deletion(-)
27
38
28
diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c
39
diff --git a/target/arm/helper.c b/target/arm/helper.c
29
index XXXXXXX..XXXXXXX 100644
40
index XXXXXXX..XXXXXXX 100644
30
--- a/target/arm/vfp_helper.c
41
--- a/target/arm/helper.c
31
+++ b/target/arm/vfp_helper.c
42
+++ b/target/arm/helper.c
32
@@ -XXX,XX +XXX,XX @@ void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
43
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
33
val &= ~FPCR_FZ16;
44
* AArch64 cores we might need to add a specific feature flag
34
}
45
* to indicate cores with "flavour 2" CBAR.
35
36
- if (arm_feature(env, ARM_FEATURE_M)) {
37
+ vfp_set_fpscr_to_host(env, val);
38
+
39
+ if (!arm_feature(env, ARM_FEATURE_M)) {
40
/*
41
- * M profile FPSCR is RES0 for the QC, STRIDE, FZ16, LEN bits
42
- * and also for the trapped-exception-handling bits IxE.
43
+ * Short-vector length and stride; on M-profile these bits
44
+ * are used for different purposes.
45
+ * We can't make this conditional be "if MVFR0.FPShVec != 0",
46
+ * because in v7A no-short-vector-support cores still had to
47
+ * allow Stride/Len to be written with the only effect that
48
+ * some insns are required to UNDEF if the guest sets them.
49
+ *
50
+ * TODO: if M-profile MVE implemented, set LTPSIZE.
51
*/
46
*/
52
- val &= 0xf7c0009f;
47
- if (arm_feature(env, ARM_FEATURE_AARCH64)) {
53
+ env->vfp.vec_len = extract32(val, 16, 3);
48
+ if (arm_feature(env, ARM_FEATURE_V8)) {
54
+ env->vfp.vec_stride = extract32(val, 20, 2);
49
/* 32 bit view is [31:18] 0...0 [43:32]. */
55
}
50
uint32_t cbar32 = (extract64(cpu->reset_cbar, 18, 14) << 18)
56
51
| extract64(cpu->reset_cbar, 32, 12);
57
- vfp_set_fpscr_to_host(env, val);
58
+ if (arm_feature(env, ARM_FEATURE_NEON)) {
59
+ /*
60
+ * The bit we set within fpscr_q is arbitrary; the register as a
61
+ * whole being zero/non-zero is what counts.
62
+ * TODO: M-profile MVE also has a QC bit.
63
+ */
64
+ env->vfp.qc[0] = val & FPCR_QC;
65
+ env->vfp.qc[1] = 0;
66
+ env->vfp.qc[2] = 0;
67
+ env->vfp.qc[3] = 0;
68
+ }
69
70
/*
71
* We don't implement trapped exception handling, so the
72
* trap enable bits, IDE|IXE|UFE|OFE|DZE|IOE are all RAZ/WI (not RES0!)
73
*
74
- * If we exclude the exception flags, IOC|DZC|OFC|UFC|IXC|IDC
75
- * (which are stored in fp_status), and the other RES0 bits
76
- * in between, then we clear all of the low 16 bits.
77
+ * The exception flags IOC|DZC|OFC|UFC|IXC|IDC are stored in
78
+ * fp_status; QC, Len and Stride are stored separately earlier.
79
+ * Clear out all of those and the RES0 bits: only NZCV, AHP, DN,
80
+ * FZ, RMode and FZ16 are kept in vfp.xregs[FPSCR].
81
*/
82
env->vfp.xregs[ARM_VFP_FPSCR] = val & 0xf7c80000;
83
- env->vfp.vec_len = (val >> 16) & 7;
84
- env->vfp.vec_stride = (val >> 20) & 3;
85
-
86
- /*
87
- * The bit we set within fpscr_q is arbitrary; the register as a
88
- * whole being zero/non-zero is what counts.
89
- */
90
- env->vfp.qc[0] = val & FPCR_QC;
91
- env->vfp.qc[1] = 0;
92
- env->vfp.qc[2] = 0;
93
- env->vfp.qc[3] = 0;
94
}
95
96
void vfp_set_fpscr(CPUARMState *env, uint32_t val)
97
--
52
--
98
2.20.1
53
2.34.1
99
100
diff view generated by jsdifflib
1
The SMLAD instruction is supposed to:
1
The Cortex-R52 implements the Configuration Base Address Register
2
* signed multiply Rn[15:0] * Rm[15:0]
2
(CBAR), as a read-only register. Add ARM_FEATURE_CBAR_RO to this CPU
3
* signed multiply Rn[31:16] * Rm[31:16]
3
type, so that our implementation provides the register and the
4
* perform a signed addition of the products and Ra
4
associated qdev property.
5
* set Rd to the low 32 bits of the theoretical
6
infinite-precision result
7
* set the Q flag if the sign-extension of Rd
8
would differ from the infinite-precision result
9
(ie on overflow)
10
11
Our current implementation doesn't quite do this, though: it performs
12
an addition of the products setting Q on overflow, and then it adds
13
Ra, again possibly setting Q. This sometimes incorrectly sets Q when
14
the architecturally mandated only-check-for-overflow-once algorithm
15
does not. For instance:
16
r1 = 0x80008000; r2 = 0x80008000; r3 = 0xffffffff
17
smlad r0, r1, r2, r3
18
This is (-32768 * -32768) + (-32768 * -32768) - 1
19
20
The products are both 0x4000_0000, so when added together as 32-bit
21
signed numbers they overflow (and QEMU sets Q), but because the
22
addition of Ra == -1 brings the total back down to 0x7fff_ffff
23
there is no overflow for the complete operation and setting Q is
24
incorrect.
25
26
Fix this edge case by resorting to 64-bit arithmetic for the
27
case where we need to add three values together.
28
5
29
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
30
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
31
Message-id: 20201009144712.11187-1-peter.maydell@linaro.org
8
Message-id: 20240206132931.38376-3-peter.maydell@linaro.org
32
---
9
---
33
target/arm/translate.c | 58 ++++++++++++++++++++++++++++++++++--------
10
target/arm/tcg/cpu32.c | 1 +
34
1 file changed, 48 insertions(+), 10 deletions(-)
11
1 file changed, 1 insertion(+)
35
12
36
diff --git a/target/arm/translate.c b/target/arm/translate.c
13
diff --git a/target/arm/tcg/cpu32.c b/target/arm/tcg/cpu32.c
37
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
38
--- a/target/arm/translate.c
15
--- a/target/arm/tcg/cpu32.c
39
+++ b/target/arm/translate.c
16
+++ b/target/arm/tcg/cpu32.c
40
@@ -XXX,XX +XXX,XX @@ static bool op_smlad(DisasContext *s, arg_rrrr *a, bool m_swap, bool sub)
17
@@ -XXX,XX +XXX,XX @@ static void cortex_r52_initfn(Object *obj)
41
gen_smul_dual(t1, t2);
18
set_feature(&cpu->env, ARM_FEATURE_PMSA);
42
19
set_feature(&cpu->env, ARM_FEATURE_NEON);
43
if (sub) {
20
set_feature(&cpu->env, ARM_FEATURE_GENERIC_TIMER);
44
- /* This subtraction cannot overflow. */
21
+ set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
45
+ /*
22
cpu->midr = 0x411fd133; /* r1p3 */
46
+ * This subtraction cannot overflow, so we can do a simple
23
cpu->revidr = 0x00000000;
47
+ * 32-bit subtraction and then a possible 32-bit saturating
24
cpu->reset_fpsid = 0x41034023;
48
+ * addition of Ra.
49
+ */
50
tcg_gen_sub_i32(t1, t1, t2);
51
+ tcg_temp_free_i32(t2);
52
+
53
+ if (a->ra != 15) {
54
+ t2 = load_reg(s, a->ra);
55
+ gen_helper_add_setq(t1, cpu_env, t1, t2);
56
+ tcg_temp_free_i32(t2);
57
+ }
58
+ } else if (a->ra == 15) {
59
+ /* Single saturation-checking addition */
60
+ gen_helper_add_setq(t1, cpu_env, t1, t2);
61
+ tcg_temp_free_i32(t2);
62
} else {
63
/*
64
- * This addition cannot overflow 32 bits; however it may
65
- * overflow considered as a signed operation, in which case
66
- * we must set the Q flag.
67
+ * We need to add the products and Ra together and then
68
+ * determine whether the final result overflowed. Doing
69
+ * this as two separate add-and-check-overflow steps incorrectly
70
+ * sets Q for cases like (-32768 * -32768) + (-32768 * -32768) + -1.
71
+ * Do all the arithmetic at 64-bits and then check for overflow.
72
*/
73
- gen_helper_add_setq(t1, cpu_env, t1, t2);
74
- }
75
- tcg_temp_free_i32(t2);
76
+ TCGv_i64 p64, q64;
77
+ TCGv_i32 t3, qf, one;
78
79
- if (a->ra != 15) {
80
- t2 = load_reg(s, a->ra);
81
- gen_helper_add_setq(t1, cpu_env, t1, t2);
82
+ p64 = tcg_temp_new_i64();
83
+ q64 = tcg_temp_new_i64();
84
+ tcg_gen_ext_i32_i64(p64, t1);
85
+ tcg_gen_ext_i32_i64(q64, t2);
86
+ tcg_gen_add_i64(p64, p64, q64);
87
+ load_reg_var(s, t2, a->ra);
88
+ tcg_gen_ext_i32_i64(q64, t2);
89
+ tcg_gen_add_i64(p64, p64, q64);
90
+ tcg_temp_free_i64(q64);
91
+
92
+ tcg_gen_extr_i64_i32(t1, t2, p64);
93
+ tcg_temp_free_i64(p64);
94
+ /*
95
+ * t1 is the low half of the result which goes into Rd.
96
+ * We have overflow and must set Q if the high half (t2)
97
+ * is different from the sign-extension of t1.
98
+ */
99
+ t3 = tcg_temp_new_i32();
100
+ tcg_gen_sari_i32(t3, t1, 31);
101
+ qf = load_cpu_field(QF);
102
+ one = tcg_const_i32(1);
103
+ tcg_gen_movcond_i32(TCG_COND_NE, qf, t2, t3, one, qf);
104
+ store_cpu_field(qf, QF);
105
+ tcg_temp_free_i32(one);
106
+ tcg_temp_free_i32(t3);
107
tcg_temp_free_i32(t2);
108
}
109
store_reg(s, a->rd, t1);
110
--
25
--
111
2.20.1
26
2.34.1
112
113
diff view generated by jsdifflib
1
For AArch32, unlike the VCVT of integer to float, which honours the
1
Add the Cortex-R52 IMPDEF sysregs, by defining them here and
2
rounding mode specified by the FPSCR, VCVT of fixed-point to float is
2
also by enabling the AUXCR feature which defines the ACTLR
3
always round-to-nearest. (AArch64 fixed-point-to-float conversions
3
and HACTLR registers. As is our usual practice, we make these
4
always honour the FPCR rounding mode.)
4
simple reads-as-zero stubs for now.
5
6
Implement this by providing _round_to_nearest versions of the
7
relevant helpers which set the rounding mode temporarily when making
8
the call to the underlying softfloat function.
9
10
We only need to change the VFP VCVT instructions, because the
11
standard- FPSCR value used by the Neon VCVT is always set to
12
round-to-nearest, so we don't need to do the extra work of saving
13
and restoring the rounding mode.
14
5
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Message-id: 20201013103532.13391-1-peter.maydell@linaro.org
8
Message-id: 20240206132931.38376-4-peter.maydell@linaro.org
18
---
9
---
19
target/arm/helper.h | 13 +++++++++++++
10
target/arm/tcg/cpu32.c | 108 +++++++++++++++++++++++++++++++++++++++++
20
target/arm/vfp_helper.c | 23 ++++++++++++++++++++++-
11
1 file changed, 108 insertions(+)
21
target/arm/translate-vfp.c.inc | 24 ++++++++++++------------
22
3 files changed, 47 insertions(+), 13 deletions(-)
23
12
24
diff --git a/target/arm/helper.h b/target/arm/helper.h
13
diff --git a/target/arm/tcg/cpu32.c b/target/arm/tcg/cpu32.c
25
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
26
--- a/target/arm/helper.h
15
--- a/target/arm/tcg/cpu32.c
27
+++ b/target/arm/helper.h
16
+++ b/target/arm/tcg/cpu32.c
28
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_3(vfp_ultoh, f16, i32, i32, ptr)
17
@@ -XXX,XX +XXX,XX @@ static void cortex_r5_initfn(Object *obj)
29
DEF_HELPER_3(vfp_sqtoh, f16, i64, i32, ptr)
18
define_arm_cp_regs(cpu, cortexr5_cp_reginfo);
30
DEF_HELPER_3(vfp_uqtoh, f16, i64, i32, ptr)
19
}
31
20
32
+DEF_HELPER_3(vfp_shtos_round_to_nearest, f32, i32, i32, ptr)
21
+static const ARMCPRegInfo cortex_r52_cp_reginfo[] = {
33
+DEF_HELPER_3(vfp_sltos_round_to_nearest, f32, i32, i32, ptr)
22
+ { .name = "CPUACTLR", .cp = 15, .opc1 = 0, .crm = 15,
34
+DEF_HELPER_3(vfp_uhtos_round_to_nearest, f32, i32, i32, ptr)
23
+ .access = PL1_RW, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
35
+DEF_HELPER_3(vfp_ultos_round_to_nearest, f32, i32, i32, ptr)
24
+ { .name = "IMP_ATCMREGIONR",
36
+DEF_HELPER_3(vfp_shtod_round_to_nearest, f64, i64, i32, ptr)
25
+ .cp = 15, .opc1 = 0, .crn = 9, .crm = 1, .opc2 = 0,
37
+DEF_HELPER_3(vfp_sltod_round_to_nearest, f64, i64, i32, ptr)
26
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
38
+DEF_HELPER_3(vfp_uhtod_round_to_nearest, f64, i64, i32, ptr)
27
+ { .name = "IMP_BTCMREGIONR",
39
+DEF_HELPER_3(vfp_ultod_round_to_nearest, f64, i64, i32, ptr)
28
+ .cp = 15, .opc1 = 0, .crn = 9, .crm = 1, .opc2 = 1,
40
+DEF_HELPER_3(vfp_shtoh_round_to_nearest, f16, i32, i32, ptr)
29
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
41
+DEF_HELPER_3(vfp_uhtoh_round_to_nearest, f16, i32, i32, ptr)
30
+ { .name = "IMP_CTCMREGIONR",
42
+DEF_HELPER_3(vfp_sltoh_round_to_nearest, f16, i32, i32, ptr)
31
+ .cp = 15, .opc1 = 0, .crn = 9, .crm = 1, .opc2 = 2,
43
+DEF_HELPER_3(vfp_ultoh_round_to_nearest, f16, i32, i32, ptr)
32
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
33
+ { .name = "IMP_CSCTLR",
34
+ .cp = 15, .opc1 = 1, .crn = 9, .crm = 1, .opc2 = 0,
35
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
36
+ { .name = "IMP_BPCTLR",
37
+ .cp = 15, .opc1 = 1, .crn = 9, .crm = 1, .opc2 = 1,
38
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
39
+ { .name = "IMP_MEMPROTCLR",
40
+ .cp = 15, .opc1 = 1, .crn = 9, .crm = 1, .opc2 = 2,
41
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
42
+ { .name = "IMP_SLAVEPCTLR",
43
+ .cp = 15, .opc1 = 0, .crn = 11, .crm = 0, .opc2 = 0,
44
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
45
+ { .name = "IMP_PERIPHREGIONR",
46
+ .cp = 15, .opc1 = 0, .crn = 15, .crm = 0, .opc2 = 0,
47
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
48
+ { .name = "IMP_FLASHIFREGIONR",
49
+ .cp = 15, .opc1 = 0, .crn = 15, .crm = 0, .opc2 = 1,
50
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
51
+ { .name = "IMP_BUILDOPTR",
52
+ .cp = 15, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 0,
53
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
54
+ { .name = "IMP_PINOPTR",
55
+ .cp = 15, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 7,
56
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
57
+ { .name = "IMP_QOSR",
58
+ .cp = 15, .opc1 = 1, .crn = 15, .crm = 3, .opc2 = 1,
59
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
60
+ { .name = "IMP_BUSTIMEOUTR",
61
+ .cp = 15, .opc1 = 1, .crn = 15, .crm = 3, .opc2 = 2,
62
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
63
+ { .name = "IMP_INTMONR",
64
+ .cp = 15, .opc1 = 1, .crn = 15, .crm = 3, .opc2 = 4,
65
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
66
+ { .name = "IMP_ICERR0",
67
+ .cp = 15, .opc1 = 2, .crn = 15, .crm = 0, .opc2 = 0,
68
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
69
+ { .name = "IMP_ICERR1",
70
+ .cp = 15, .opc1 = 2, .crn = 15, .crm = 0, .opc2 = 1,
71
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
72
+ { .name = "IMP_DCERR0",
73
+ .cp = 15, .opc1 = 2, .crn = 15, .crm = 1, .opc2 = 0,
74
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
75
+ { .name = "IMP_DCERR1",
76
+ .cp = 15, .opc1 = 2, .crn = 15, .crm = 1, .opc2 = 1,
77
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
78
+ { .name = "IMP_TCMERR0",
79
+ .cp = 15, .opc1 = 2, .crn = 15, .crm = 2, .opc2 = 0,
80
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
81
+ { .name = "IMP_TCMERR1",
82
+ .cp = 15, .opc1 = 2, .crn = 15, .crm = 2, .opc2 = 1,
83
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
84
+ { .name = "IMP_TCMSYNDR0",
85
+ .cp = 15, .opc1 = 2, .crn = 15, .crm = 2, .opc2 = 2,
86
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
87
+ { .name = "IMP_TCMSYNDR1",
88
+ .cp = 15, .opc1 = 2, .crn = 15, .crm = 2, .opc2 = 3,
89
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
90
+ { .name = "IMP_FLASHERR0",
91
+ .cp = 15, .opc1 = 2, .crn = 15, .crm = 3, .opc2 = 0,
92
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
93
+ { .name = "IMP_FLASHERR1",
94
+ .cp = 15, .opc1 = 2, .crn = 15, .crm = 3, .opc2 = 1,
95
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
96
+ { .name = "IMP_CDBGDR0",
97
+ .cp = 15, .opc1 = 3, .crn = 15, .crm = 0, .opc2 = 0,
98
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
99
+ { .name = "IMP_CBDGBR1",
100
+ .cp = 15, .opc1 = 3, .crn = 15, .crm = 0, .opc2 = 1,
101
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
102
+ { .name = "IMP_TESTR0",
103
+ .cp = 15, .opc1 = 4, .crn = 15, .crm = 0, .opc2 = 0,
104
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 0 },
105
+ { .name = "IMP_TESTR1",
106
+ .cp = 15, .opc1 = 4, .crn = 15, .crm = 0, .opc2 = 1,
107
+ .access = PL1_W, .type = ARM_CP_NOP, .resetvalue = 0 },
108
+ { .name = "IMP_CDBGDCI",
109
+ .cp = 15, .opc1 = 0, .crn = 15, .crm = 15, .opc2 = 0,
110
+ .access = PL1_W, .type = ARM_CP_NOP, .resetvalue = 0 },
111
+ { .name = "IMP_CDBGDCT",
112
+ .cp = 15, .opc1 = 3, .crn = 15, .crm = 2, .opc2 = 0,
113
+ .access = PL1_W, .type = ARM_CP_NOP, .resetvalue = 0 },
114
+ { .name = "IMP_CDBGICT",
115
+ .cp = 15, .opc1 = 3, .crn = 15, .crm = 2, .opc2 = 1,
116
+ .access = PL1_W, .type = ARM_CP_NOP, .resetvalue = 0 },
117
+ { .name = "IMP_CDBGDCD",
118
+ .cp = 15, .opc1 = 3, .crn = 15, .crm = 4, .opc2 = 0,
119
+ .access = PL1_W, .type = ARM_CP_NOP, .resetvalue = 0 },
120
+ { .name = "IMP_CDBGICD",
121
+ .cp = 15, .opc1 = 3, .crn = 15, .crm = 4, .opc2 = 1,
122
+ .access = PL1_W, .type = ARM_CP_NOP, .resetvalue = 0 },
123
+};
44
+
124
+
45
DEF_HELPER_FLAGS_2(set_rmode, TCG_CALL_NO_RWG, i32, i32, ptr)
125
+
46
126
static void cortex_r52_initfn(Object *obj)
47
DEF_HELPER_FLAGS_3(vfp_fcvt_f16_to_f32, TCG_CALL_NO_RWG, f32, f16, ptr, i32)
127
{
48
diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c
128
ARMCPU *cpu = ARM_CPU(obj);
49
index XXXXXXX..XXXXXXX 100644
129
@@ -XXX,XX +XXX,XX @@ static void cortex_r52_initfn(Object *obj)
50
--- a/target/arm/vfp_helper.c
130
set_feature(&cpu->env, ARM_FEATURE_NEON);
51
+++ b/target/arm/vfp_helper.c
131
set_feature(&cpu->env, ARM_FEATURE_GENERIC_TIMER);
52
@@ -XXX,XX +XXX,XX @@ float32 VFP_HELPER(fcvts, d)(float64 x, CPUARMState *env)
132
set_feature(&cpu->env, ARM_FEATURE_CBAR_RO);
53
return float64_to_float32(x, &env->vfp.fp_status);
133
+ set_feature(&cpu->env, ARM_FEATURE_AUXCR);
134
cpu->midr = 0x411fd133; /* r1p3 */
135
cpu->revidr = 0x00000000;
136
cpu->reset_fpsid = 0x41034023;
137
@@ -XXX,XX +XXX,XX @@ static void cortex_r52_initfn(Object *obj)
138
139
cpu->pmsav7_dregion = 16;
140
cpu->pmsav8r_hdregion = 16;
141
+
142
+ define_arm_cp_regs(cpu, cortex_r52_cp_reginfo);
54
}
143
}
55
144
56
-/* VFP3 fixed point conversion. */
145
static void cortex_r5f_initfn(Object *obj)
57
+/*
58
+ * VFP3 fixed point conversion. The AArch32 versions of fix-to-float
59
+ * must always round-to-nearest; the AArch64 ones honour the FPSCR
60
+ * rounding mode. (For AArch32 Neon the standard-FPSCR is set to
61
+ * round-to-nearest so either helper will work.) AArch32 float-to-fix
62
+ * must round-to-zero.
63
+ */
64
#define VFP_CONV_FIX_FLOAT(name, p, fsz, ftype, isz, itype) \
65
ftype HELPER(vfp_##name##to##p)(uint##isz##_t x, uint32_t shift, \
66
void *fpstp) \
67
{ return itype##_to_##float##fsz##_scalbn(x, -shift, fpstp); }
68
69
+#define VFP_CONV_FIX_FLOAT_ROUND(name, p, fsz, ftype, isz, itype) \
70
+ ftype HELPER(vfp_##name##to##p##_round_to_nearest)(uint##isz##_t x, \
71
+ uint32_t shift, \
72
+ void *fpstp) \
73
+ { \
74
+ ftype ret; \
75
+ float_status *fpst = fpstp; \
76
+ FloatRoundMode oldmode = fpst->float_rounding_mode; \
77
+ fpst->float_rounding_mode = float_round_nearest_even; \
78
+ ret = itype##_to_##float##fsz##_scalbn(x, -shift, fpstp); \
79
+ fpst->float_rounding_mode = oldmode; \
80
+ return ret; \
81
+ }
82
+
83
#define VFP_CONV_FLOAT_FIX_ROUND(name, p, fsz, ftype, isz, itype, ROUND, suff) \
84
uint##isz##_t HELPER(vfp_to##name##p##suff)(ftype x, uint32_t shift, \
85
void *fpst) \
86
@@ -XXX,XX +XXX,XX @@ uint##isz##_t HELPER(vfp_to##name##p##suff)(ftype x, uint32_t shift, \
87
88
#define VFP_CONV_FIX(name, p, fsz, ftype, isz, itype) \
89
VFP_CONV_FIX_FLOAT(name, p, fsz, ftype, isz, itype) \
90
+VFP_CONV_FIX_FLOAT_ROUND(name, p, fsz, ftype, isz, itype) \
91
VFP_CONV_FLOAT_FIX_ROUND(name, p, fsz, ftype, isz, itype, \
92
float_round_to_zero, _round_to_zero) \
93
VFP_CONV_FLOAT_FIX_ROUND(name, p, fsz, ftype, isz, itype, \
94
diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
95
index XXXXXXX..XXXXXXX 100644
96
--- a/target/arm/translate-vfp.c.inc
97
+++ b/target/arm/translate-vfp.c.inc
98
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_fix_hp(DisasContext *s, arg_VCVT_fix_sp *a)
99
/* Switch on op:U:sx bits */
100
switch (a->opc) {
101
case 0:
102
- gen_helper_vfp_shtoh(vd, vd, shift, fpst);
103
+ gen_helper_vfp_shtoh_round_to_nearest(vd, vd, shift, fpst);
104
break;
105
case 1:
106
- gen_helper_vfp_sltoh(vd, vd, shift, fpst);
107
+ gen_helper_vfp_sltoh_round_to_nearest(vd, vd, shift, fpst);
108
break;
109
case 2:
110
- gen_helper_vfp_uhtoh(vd, vd, shift, fpst);
111
+ gen_helper_vfp_uhtoh_round_to_nearest(vd, vd, shift, fpst);
112
break;
113
case 3:
114
- gen_helper_vfp_ultoh(vd, vd, shift, fpst);
115
+ gen_helper_vfp_ultoh_round_to_nearest(vd, vd, shift, fpst);
116
break;
117
case 4:
118
gen_helper_vfp_toshh_round_to_zero(vd, vd, shift, fpst);
119
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_fix_sp(DisasContext *s, arg_VCVT_fix_sp *a)
120
/* Switch on op:U:sx bits */
121
switch (a->opc) {
122
case 0:
123
- gen_helper_vfp_shtos(vd, vd, shift, fpst);
124
+ gen_helper_vfp_shtos_round_to_nearest(vd, vd, shift, fpst);
125
break;
126
case 1:
127
- gen_helper_vfp_sltos(vd, vd, shift, fpst);
128
+ gen_helper_vfp_sltos_round_to_nearest(vd, vd, shift, fpst);
129
break;
130
case 2:
131
- gen_helper_vfp_uhtos(vd, vd, shift, fpst);
132
+ gen_helper_vfp_uhtos_round_to_nearest(vd, vd, shift, fpst);
133
break;
134
case 3:
135
- gen_helper_vfp_ultos(vd, vd, shift, fpst);
136
+ gen_helper_vfp_ultos_round_to_nearest(vd, vd, shift, fpst);
137
break;
138
case 4:
139
gen_helper_vfp_toshs_round_to_zero(vd, vd, shift, fpst);
140
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_fix_dp(DisasContext *s, arg_VCVT_fix_dp *a)
141
/* Switch on op:U:sx bits */
142
switch (a->opc) {
143
case 0:
144
- gen_helper_vfp_shtod(vd, vd, shift, fpst);
145
+ gen_helper_vfp_shtod_round_to_nearest(vd, vd, shift, fpst);
146
break;
147
case 1:
148
- gen_helper_vfp_sltod(vd, vd, shift, fpst);
149
+ gen_helper_vfp_sltod_round_to_nearest(vd, vd, shift, fpst);
150
break;
151
case 2:
152
- gen_helper_vfp_uhtod(vd, vd, shift, fpst);
153
+ gen_helper_vfp_uhtod_round_to_nearest(vd, vd, shift, fpst);
154
break;
155
case 3:
156
- gen_helper_vfp_ultod(vd, vd, shift, fpst);
157
+ gen_helper_vfp_ultod_round_to_nearest(vd, vd, shift, fpst);
158
break;
159
case 4:
160
gen_helper_vfp_toshd_round_to_zero(vd, vd, shift, fpst);
161
--
146
--
162
2.20.1
147
2.34.1
163
164
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
1
3
The time to transmit a char is expressed in nanoseconds, not in ticks.
4
5
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
6
Message-id: 20201014213601.205222-1-f4bug@amsat.org
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
hw/arm/strongarm.c | 2 +-
11
1 file changed, 1 insertion(+), 1 deletion(-)
12
13
diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
14
index XXXXXXX..XXXXXXX 100644
15
--- a/hw/arm/strongarm.c
16
+++ b/hw/arm/strongarm.c
17
@@ -XXX,XX +XXX,XX @@ struct StrongARMUARTState {
18
uint8_t rx_start;
19
uint8_t rx_len;
20
21
- uint64_t char_transmit_time; /* time to transmit a char in ticks*/
22
+ uint64_t char_transmit_time; /* time to transmit a char in nanoseconds */
23
bool wait_break_end;
24
QEMUTimer *rx_timeout_timer;
25
QEMUTimer *tx_timer;
26
--
27
2.20.1
28
29
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
2
1
3
While APEI is a generic ACPI feature (usable by X86 and ARM64), only
4
the 'virt' machine uses it, by enabling the RAS Virtualization. See
5
commit 2afa8c8519: "hw/arm/virt: Introduce a RAS machine option").
6
7
Restrict the APEI tables generation code to the single user: the virt
8
machine. If another machine wants to use it, it simply has to 'select
9
ACPI_APEI' in its Kconfig.
10
11
Fixes: aa16508f1d ("ACPI: Build related register address fields via hardware error fw_cfg blob")
12
Acked-by: Michael S. Tsirkin <mst@redhat.com>
13
Reviewed-by: Dongjiu Geng <gengdongjiu@huawei.com>
14
Acked-by: Laszlo Ersek <lersek@redhat.com>
15
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
16
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
17
Message-id: 20201008161414.2672569-1-philmd@redhat.com
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
---
20
default-configs/devices/arm-softmmu.mak | 1 -
21
hw/arm/Kconfig | 1 +
22
2 files changed, 1 insertion(+), 1 deletion(-)
23
24
diff --git a/default-configs/devices/arm-softmmu.mak b/default-configs/devices/arm-softmmu.mak
25
index XXXXXXX..XXXXXXX 100644
26
--- a/default-configs/devices/arm-softmmu.mak
27
+++ b/default-configs/devices/arm-softmmu.mak
28
@@ -XXX,XX +XXX,XX @@ CONFIG_FSL_IMX7=y
29
CONFIG_FSL_IMX6UL=y
30
CONFIG_SEMIHOSTING=y
31
CONFIG_ALLWINNER_H3=y
32
-CONFIG_ACPI_APEI=y
33
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
34
index XXXXXXX..XXXXXXX 100644
35
--- a/hw/arm/Kconfig
36
+++ b/hw/arm/Kconfig
37
@@ -XXX,XX +XXX,XX @@ config ARM_VIRT
38
select ACPI_MEMORY_HOTPLUG
39
select ACPI_HW_REDUCED
40
select ACPI_NVDIMM
41
+ select ACPI_APEI
42
43
config CHEETAH
44
bool
45
--
46
2.20.1
47
48
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
Architecturally, the AArch32 MSR/MRS to/from banked register
2
instructions are UNPREDICTABLE for attempts to access a banked
3
register that the guest could access in a more direct way (e.g.
4
using this insn to access r8_fiq when already in FIQ mode). QEMU has
5
chosen to UNDEF on all of these.
2
6
3
The second loop uses a loop induction variable, and the first
7
However, for the case of accessing SPSR_hyp from hyp mode, it turns
4
does not. Transform the first to match the second, to simplify
8
out that real hardware permits this, with the same effect as if the
5
a following patch moving code between them.
9
guest had directly written to SPSR. Further, there is some
10
guest code out there that assumes it can do this, because it
11
happens to work on hardware: an example Cortex-R52 startup code
12
fragment uses this, and it got copied into various other places,
13
including Zephyr. Zephyr was fixed to not use this:
14
https://github.com/zephyrproject-rtos/zephyr/issues/47330
15
but other examples are still out there, like the selftest
16
binary for the MPS3-AN536.
6
17
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
18
For convenience of being able to run guest code, permit
8
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
19
this UNPREDICTABLE access instead of UNDEFing it.
9
Message-id: 20201016184207.786698-7-richard.henderson@linaro.org
20
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
21
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
23
Message-id: 20240206132931.38376-5-peter.maydell@linaro.org
11
---
24
---
12
linux-user/elfload.c | 9 +++++----
25
target/arm/tcg/op_helper.c | 43 ++++++++++++++++++++++++++------------
13
1 file changed, 5 insertions(+), 4 deletions(-)
26
target/arm/tcg/translate.c | 19 +++++++++++------
27
2 files changed, 43 insertions(+), 19 deletions(-)
14
28
15
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
29
diff --git a/target/arm/tcg/op_helper.c b/target/arm/tcg/op_helper.c
16
index XXXXXXX..XXXXXXX 100644
30
index XXXXXXX..XXXXXXX 100644
17
--- a/linux-user/elfload.c
31
--- a/target/arm/tcg/op_helper.c
18
+++ b/linux-user/elfload.c
32
+++ b/target/arm/tcg/op_helper.c
19
@@ -XXX,XX +XXX,XX @@ static void load_elf_image(const char *image_name, int image_fd,
33
@@ -XXX,XX +XXX,XX @@ static void msr_mrs_banked_exc_checks(CPUARMState *env, uint32_t tgtmode,
20
loaddr = -1, hiaddr = 0;
34
*/
21
info->alignment = 0;
35
int curmode = env->uncached_cpsr & CPSR_M;
22
for (i = 0; i < ehdr->e_phnum; ++i) {
36
23
- if (phdr[i].p_type == PT_LOAD) {
37
- if (regno == 17) {
24
- abi_ulong a = phdr[i].p_vaddr - phdr[i].p_offset;
38
- /* ELR_Hyp: a special case because access from tgtmode is OK */
25
+ struct elf_phdr *eppnt = phdr + i;
39
- if (curmode != ARM_CPU_MODE_HYP && curmode != ARM_CPU_MODE_MON) {
26
+ if (eppnt->p_type == PT_LOAD) {
40
- goto undef;
27
+ abi_ulong a = eppnt->p_vaddr - eppnt->p_offset;
41
+ if (tgtmode == ARM_CPU_MODE_HYP) {
28
if (a < loaddr) {
42
+ /*
29
loaddr = a;
43
+ * Handle Hyp target regs first because some are special cases
30
}
44
+ * which don't want the usual "not accessible from tgtmode" check.
31
- a = phdr[i].p_vaddr + phdr[i].p_memsz;
45
+ */
32
+ a = eppnt->p_vaddr + eppnt->p_memsz;
46
+ switch (regno) {
33
if (a > hiaddr) {
47
+ case 16 ... 17: /* ELR_Hyp, SPSR_Hyp */
34
hiaddr = a;
48
+ if (curmode != ARM_CPU_MODE_HYP && curmode != ARM_CPU_MODE_MON) {
35
}
49
+ goto undef;
36
++info->nsegs;
50
+ }
37
- info->alignment |= phdr[i].p_align;
51
+ break;
38
+ info->alignment |= eppnt->p_align;
52
+ case 13:
53
+ if (curmode != ARM_CPU_MODE_MON) {
54
+ goto undef;
55
+ }
56
+ break;
57
+ default:
58
+ g_assert_not_reached();
59
}
60
return;
61
}
62
@@ -XXX,XX +XXX,XX @@ static void msr_mrs_banked_exc_checks(CPUARMState *env, uint32_t tgtmode,
39
}
63
}
40
}
64
}
41
65
66
- if (tgtmode == ARM_CPU_MODE_HYP) {
67
- /* SPSR_Hyp, r13_hyp: accessible from Monitor mode only */
68
- if (curmode != ARM_CPU_MODE_MON) {
69
- goto undef;
70
- }
71
- }
72
-
73
return;
74
75
undef:
76
@@ -XXX,XX +XXX,XX @@ void HELPER(msr_banked)(CPUARMState *env, uint32_t value, uint32_t tgtmode,
77
78
switch (regno) {
79
case 16: /* SPSRs */
80
- env->banked_spsr[bank_number(tgtmode)] = value;
81
+ if (tgtmode == (env->uncached_cpsr & CPSR_M)) {
82
+ /* Only happens for SPSR_Hyp access in Hyp mode */
83
+ env->spsr = value;
84
+ } else {
85
+ env->banked_spsr[bank_number(tgtmode)] = value;
86
+ }
87
break;
88
case 17: /* ELR_Hyp */
89
env->elr_el[2] = value;
90
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(mrs_banked)(CPUARMState *env, uint32_t tgtmode, uint32_t regno)
91
92
switch (regno) {
93
case 16: /* SPSRs */
94
- return env->banked_spsr[bank_number(tgtmode)];
95
+ if (tgtmode == (env->uncached_cpsr & CPSR_M)) {
96
+ /* Only happens for SPSR_Hyp access in Hyp mode */
97
+ return env->spsr;
98
+ } else {
99
+ return env->banked_spsr[bank_number(tgtmode)];
100
+ }
101
case 17: /* ELR_Hyp */
102
return env->elr_el[2];
103
case 13:
104
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
105
index XXXXXXX..XXXXXXX 100644
106
--- a/target/arm/tcg/translate.c
107
+++ b/target/arm/tcg/translate.c
108
@@ -XXX,XX +XXX,XX @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
109
break;
110
case ARM_CPU_MODE_HYP:
111
/*
112
- * SPSR_hyp and r13_hyp can only be accessed from Monitor mode
113
- * (and so we can forbid accesses from EL2 or below). elr_hyp
114
- * can be accessed also from Hyp mode, so forbid accesses from
115
- * EL0 or EL1.
116
+ * r13_hyp can only be accessed from Monitor mode, and so we
117
+ * can forbid accesses from EL2 or below.
118
+ * elr_hyp can be accessed also from Hyp mode, so forbid
119
+ * accesses from EL0 or EL1.
120
+ * SPSR_hyp is supposed to be in the same category as r13_hyp
121
+ * and UNPREDICTABLE if accessed from anything except Monitor
122
+ * mode. However there is some real-world code that will do
123
+ * it because at least some hardware happens to permit the
124
+ * access. (Notably a standard Cortex-R52 startup code fragment
125
+ * does this.) So we permit SPSR_hyp from Hyp mode also, to allow
126
+ * this (incorrect) guest code to run.
127
*/
128
- if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 ||
129
- (s->current_el < 3 && *regno != 17)) {
130
+ if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2
131
+ || (s->current_el < 3 && *regno != 16 && *regno != 17)) {
132
goto undef;
133
}
134
break;
42
--
135
--
43
2.20.1
136
2.34.1
44
45
diff view generated by jsdifflib
1
For nested groups like:
1
We currently guard the CFG3 register read with
2
(scc_partno(s) == 0x524 && scc_partno(s) == 0x547)
3
which is clearly wrong as it is never true.
2
4
3
{
5
This register is present on all board types except AN524
4
[
6
and AN527; correct the condition.
5
pattern 1
6
pattern 2
7
]
8
pattern 3
9
}
10
7
11
the intended behaviour is that patterns 1 and 2 must not
8
Fixes: 6ac80818941829c0 ("hw/misc/mps2-scc: Implement changes for AN547")
12
overlap with each other; if the insn matches neither then
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
we fall through to pattern 3 as the next thing in the
10
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
14
outer overlapping group.
15
16
Currently we generate incorrect code for this situation,
17
because in the code path for a failed match inside the
18
inner non-overlapping group we generate a "return" statement,
19
which causes decode to stop entirely rather than continuing
20
to the next thing in the outer group.
21
22
Generate a "break" instead, so that decode flow behaves
23
as required for this nested group case.
24
25
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
26
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
11
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Message-id: 20240206132931.38376-6-peter.maydell@linaro.org
28
Message-id: 20201019151301.2046-2-peter.maydell@linaro.org
29
---
13
---
30
scripts/decodetree.py | 2 +-
14
hw/misc/mps2-scc.c | 2 +-
31
1 file changed, 1 insertion(+), 1 deletion(-)
15
1 file changed, 1 insertion(+), 1 deletion(-)
32
16
33
diff --git a/scripts/decodetree.py b/scripts/decodetree.py
17
diff --git a/hw/misc/mps2-scc.c b/hw/misc/mps2-scc.c
34
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
35
--- a/scripts/decodetree.py
19
--- a/hw/misc/mps2-scc.c
36
+++ b/scripts/decodetree.py
20
+++ b/hw/misc/mps2-scc.c
37
@@ -XXX,XX +XXX,XX @@ class Tree:
21
@@ -XXX,XX +XXX,XX @@ static uint64_t mps2_scc_read(void *opaque, hwaddr offset, unsigned size)
38
output(ind, ' /* ',
22
r = s->cfg2;
39
str_match_bits(innerbits, innermask), ' */\n')
23
break;
40
s.output_code(i + 4, extracted, innerbits, innermask)
24
case A_CFG3:
41
- output(ind, ' return false;\n')
25
- if (scc_partno(s) == 0x524 && scc_partno(s) == 0x547) {
42
+ output(ind, ' break;\n')
26
+ if (scc_partno(s) == 0x524 || scc_partno(s) == 0x547) {
43
output(ind, '}\n')
27
/* CFG3 reserved on AN524 */
44
# end Tree
28
goto bad_offset;
45
29
}
46
--
30
--
47
2.20.1
31
2.34.1
48
32
49
33
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
The MPS SCC device has a lot of different flavours for the various
2
different MPS FPGA images, which look mostly similar but have
3
differences in how particular registers are handled. Currently we
4
deal with this with a lot of open-coded checks on scc_partno(), but
5
as we add more board types this is getting a bit hard to read.
2
6
3
On ARM, the Top Byte Ignore feature means that only 56 bits of
7
Factor out the conditions into some functions which we can
4
the address are significant in the virtual address. We are
8
give more descriptive names to.
5
required to give the entire 64-bit address to FAR_ELx on fault,
6
which means that we do not "clean" the top byte early in TCG.
7
9
8
This new interface allows us to flush all 256 possible aliases
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
for a given page, currently missed by tlb_flush_page*.
11
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
12
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
13
Message-id: 20240206132931.38376-7-peter.maydell@linaro.org
14
---
15
hw/misc/mps2-scc.c | 45 +++++++++++++++++++++++++++++++--------------
16
1 file changed, 31 insertions(+), 14 deletions(-)
10
17
11
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
18
diff --git a/hw/misc/mps2-scc.c b/hw/misc/mps2-scc.c
12
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
13
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
14
Message-id: 20201016210754.818257-2-richard.henderson@linaro.org
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
---
17
include/exec/exec-all.h | 36 ++++++
18
accel/tcg/cputlb.c | 275 ++++++++++++++++++++++++++++++++++++++--
19
2 files changed, 302 insertions(+), 9 deletions(-)
20
21
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
22
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
23
--- a/include/exec/exec-all.h
20
--- a/hw/misc/mps2-scc.c
24
+++ b/include/exec/exec-all.h
21
+++ b/hw/misc/mps2-scc.c
25
@@ -XXX,XX +XXX,XX @@ void tlb_flush_by_mmuidx_all_cpus(CPUState *cpu, uint16_t idxmap);
22
@@ -XXX,XX +XXX,XX @@ static int scc_partno(MPS2SCC *s)
26
* depend on when the guests translation ends the TB.
23
return extract32(s->id, 4, 8);
27
*/
28
void tlb_flush_by_mmuidx_all_cpus_synced(CPUState *cpu, uint16_t idxmap);
29
+
30
+/**
31
+ * tlb_flush_page_bits_by_mmuidx
32
+ * @cpu: CPU whose TLB should be flushed
33
+ * @addr: virtual address of page to be flushed
34
+ * @idxmap: bitmap of mmu indexes to flush
35
+ * @bits: number of significant bits in address
36
+ *
37
+ * Similar to tlb_flush_page_mask, but with a bitmap of indexes.
38
+ */
39
+void tlb_flush_page_bits_by_mmuidx(CPUState *cpu, target_ulong addr,
40
+ uint16_t idxmap, unsigned bits);
41
+
42
+/* Similarly, with broadcast and syncing. */
43
+void tlb_flush_page_bits_by_mmuidx_all_cpus(CPUState *cpu, target_ulong addr,
44
+ uint16_t idxmap, unsigned bits);
45
+void tlb_flush_page_bits_by_mmuidx_all_cpus_synced
46
+ (CPUState *cpu, target_ulong addr, uint16_t idxmap, unsigned bits);
47
+
48
/**
49
* tlb_set_page_with_attrs:
50
* @cpu: CPU to add this TLB entry for
51
@@ -XXX,XX +XXX,XX @@ static inline void tlb_flush_by_mmuidx_all_cpus_synced(CPUState *cpu,
52
uint16_t idxmap)
53
{
54
}
24
}
55
+static inline void tlb_flush_page_bits_by_mmuidx(CPUState *cpu,
25
56
+ target_ulong addr,
26
+/* Is CFG_REG2 present? */
57
+ uint16_t idxmap,
27
+static bool have_cfg2(MPS2SCC *s)
58
+ unsigned bits)
59
+{
28
+{
60
+}
29
+ return scc_partno(s) == 0x524 || scc_partno(s) == 0x547;
61
+static inline void tlb_flush_page_bits_by_mmuidx_all_cpus(CPUState *cpu,
62
+ target_ulong addr,
63
+ uint16_t idxmap,
64
+ unsigned bits)
65
+{
66
+}
67
+static inline void
68
+tlb_flush_page_bits_by_mmuidx_all_cpus_synced(CPUState *cpu, target_ulong addr,
69
+ uint16_t idxmap, unsigned bits)
70
+{
71
+}
72
#endif
73
/**
74
* probe_access:
75
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
76
index XXXXXXX..XXXXXXX 100644
77
--- a/accel/tcg/cputlb.c
78
+++ b/accel/tcg/cputlb.c
79
@@ -XXX,XX +XXX,XX @@ void tlb_flush_all_cpus_synced(CPUState *src_cpu)
80
tlb_flush_by_mmuidx_all_cpus_synced(src_cpu, ALL_MMUIDX_BITS);
81
}
82
83
+static bool tlb_hit_page_mask_anyprot(CPUTLBEntry *tlb_entry,
84
+ target_ulong page, target_ulong mask)
85
+{
86
+ page &= mask;
87
+ mask &= TARGET_PAGE_MASK | TLB_INVALID_MASK;
88
+
89
+ return (page == (tlb_entry->addr_read & mask) ||
90
+ page == (tlb_addr_write(tlb_entry) & mask) ||
91
+ page == (tlb_entry->addr_code & mask));
92
+}
30
+}
93
+
31
+
94
static inline bool tlb_hit_page_anyprot(CPUTLBEntry *tlb_entry,
32
+/* Is CFG_REG3 present? */
95
target_ulong page)
33
+static bool have_cfg3(MPS2SCC *s)
96
{
97
- return tlb_hit_page(tlb_entry->addr_read, page) ||
98
- tlb_hit_page(tlb_addr_write(tlb_entry), page) ||
99
- tlb_hit_page(tlb_entry->addr_code, page);
100
+ return tlb_hit_page_mask_anyprot(tlb_entry, page, -1);
101
}
102
103
/**
104
@@ -XXX,XX +XXX,XX @@ static inline bool tlb_entry_is_empty(const CPUTLBEntry *te)
105
}
106
107
/* Called with tlb_c.lock held */
108
-static inline bool tlb_flush_entry_locked(CPUTLBEntry *tlb_entry,
109
- target_ulong page)
110
+static bool tlb_flush_entry_mask_locked(CPUTLBEntry *tlb_entry,
111
+ target_ulong page,
112
+ target_ulong mask)
113
{
114
- if (tlb_hit_page_anyprot(tlb_entry, page)) {
115
+ if (tlb_hit_page_mask_anyprot(tlb_entry, page, mask)) {
116
memset(tlb_entry, -1, sizeof(*tlb_entry));
117
return true;
118
}
119
return false;
120
}
121
122
+static inline bool tlb_flush_entry_locked(CPUTLBEntry *tlb_entry,
123
+ target_ulong page)
124
+{
34
+{
125
+ return tlb_flush_entry_mask_locked(tlb_entry, page, -1);
35
+ return scc_partno(s) != 0x524 && scc_partno(s) != 0x547;
126
+}
36
+}
127
+
37
+
128
/* Called with tlb_c.lock held */
38
+/* Is CFG_REG5 present? */
129
-static inline void tlb_flush_vtlb_page_locked(CPUArchState *env, int mmu_idx,
39
+static bool have_cfg5(MPS2SCC *s)
130
- target_ulong page)
131
+static void tlb_flush_vtlb_page_mask_locked(CPUArchState *env, int mmu_idx,
132
+ target_ulong page,
133
+ target_ulong mask)
134
{
135
CPUTLBDesc *d = &env_tlb(env)->d[mmu_idx];
136
int k;
137
138
assert_cpu_is_self(env_cpu(env));
139
for (k = 0; k < CPU_VTLB_SIZE; k++) {
140
- if (tlb_flush_entry_locked(&d->vtable[k], page)) {
141
+ if (tlb_flush_entry_mask_locked(&d->vtable[k], page, mask)) {
142
tlb_n_used_entries_dec(env, mmu_idx);
143
}
144
}
145
}
146
147
+static inline void tlb_flush_vtlb_page_locked(CPUArchState *env, int mmu_idx,
148
+ target_ulong page)
149
+{
40
+{
150
+ tlb_flush_vtlb_page_mask_locked(env, mmu_idx, page, -1);
41
+ return scc_partno(s) == 0x524 || scc_partno(s) == 0x547;
151
+}
42
+}
152
+
43
+
153
static void tlb_flush_page_locked(CPUArchState *env, int midx,
44
+/* Is CFG_REG6 present? */
154
target_ulong page)
45
+static bool have_cfg6(MPS2SCC *s)
155
{
156
@@ -XXX,XX +XXX,XX @@ void tlb_flush_page_all_cpus_synced(CPUState *src, target_ulong addr)
157
tlb_flush_page_by_mmuidx_all_cpus_synced(src, addr, ALL_MMUIDX_BITS);
158
}
159
160
+static void tlb_flush_page_bits_locked(CPUArchState *env, int midx,
161
+ target_ulong page, unsigned bits)
162
+{
46
+{
163
+ CPUTLBDesc *d = &env_tlb(env)->d[midx];
47
+ return scc_partno(s) == 0x524;
164
+ CPUTLBDescFast *f = &env_tlb(env)->f[midx];
165
+ target_ulong mask = MAKE_64BIT_MASK(0, bits);
166
+
167
+ /*
168
+ * If @bits is smaller than the tlb size, there may be multiple entries
169
+ * within the TLB; otherwise all addresses that match under @mask hit
170
+ * the same TLB entry.
171
+ *
172
+ * TODO: Perhaps allow bits to be a few bits less than the size.
173
+ * For now, just flush the entire TLB.
174
+ */
175
+ if (mask < f->mask) {
176
+ tlb_debug("forcing full flush midx %d ("
177
+ TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
178
+ midx, page, mask);
179
+ tlb_flush_one_mmuidx_locked(env, midx, get_clock_realtime());
180
+ return;
181
+ }
182
+
183
+ /* Check if we need to flush due to large pages. */
184
+ if ((page & d->large_page_mask) == d->large_page_addr) {
185
+ tlb_debug("forcing full flush midx %d ("
186
+ TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
187
+ midx, d->large_page_addr, d->large_page_mask);
188
+ tlb_flush_one_mmuidx_locked(env, midx, get_clock_realtime());
189
+ return;
190
+ }
191
+
192
+ if (tlb_flush_entry_mask_locked(tlb_entry(env, midx, page), page, mask)) {
193
+ tlb_n_used_entries_dec(env, midx);
194
+ }
195
+ tlb_flush_vtlb_page_mask_locked(env, midx, page, mask);
196
+}
48
+}
197
+
49
+
198
+typedef struct {
50
/* Handle a write via the SYS_CFG channel to the specified function/device.
199
+ target_ulong addr;
51
* Return false on error (reported to guest via SYS_CFGCTRL ERROR bit).
200
+ uint16_t idxmap;
52
*/
201
+ uint16_t bits;
53
@@ -XXX,XX +XXX,XX @@ static uint64_t mps2_scc_read(void *opaque, hwaddr offset, unsigned size)
202
+} TLBFlushPageBitsByMMUIdxData;
54
r = s->cfg1;
203
+
55
break;
204
+static void
56
case A_CFG2:
205
+tlb_flush_page_bits_by_mmuidx_async_0(CPUState *cpu,
57
- if (scc_partno(s) != 0x524 && scc_partno(s) != 0x547) {
206
+ TLBFlushPageBitsByMMUIdxData d)
58
- /* CFG2 reserved on other boards */
207
+{
59
+ if (!have_cfg2(s)) {
208
+ CPUArchState *env = cpu->env_ptr;
60
goto bad_offset;
209
+ int mmu_idx;
61
}
210
+
62
r = s->cfg2;
211
+ assert_cpu_is_self(cpu);
63
break;
212
+
64
case A_CFG3:
213
+ tlb_debug("page addr:" TARGET_FMT_lx "/%u mmu_map:0x%x\n",
65
- if (scc_partno(s) == 0x524 || scc_partno(s) == 0x547) {
214
+ d.addr, d.bits, d.idxmap);
66
- /* CFG3 reserved on AN524 */
215
+
67
+ if (!have_cfg3(s)) {
216
+ qemu_spin_lock(&env_tlb(env)->c.lock);
68
goto bad_offset;
217
+ for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
69
}
218
+ if ((d.idxmap >> mmu_idx) & 1) {
70
/* These are user-settable DIP switches on the board. We don't
219
+ tlb_flush_page_bits_locked(env, mmu_idx, d.addr, d.bits);
71
@@ -XXX,XX +XXX,XX @@ static uint64_t mps2_scc_read(void *opaque, hwaddr offset, unsigned size)
220
+ }
72
r = s->cfg4;
221
+ }
73
break;
222
+ qemu_spin_unlock(&env_tlb(env)->c.lock);
74
case A_CFG5:
223
+
75
- if (scc_partno(s) != 0x524 && scc_partno(s) != 0x547) {
224
+ tb_flush_jmp_cache(cpu, d.addr);
76
- /* CFG5 reserved on other boards */
225
+}
77
+ if (!have_cfg5(s)) {
226
+
78
goto bad_offset;
227
+static bool encode_pbm_to_runon(run_on_cpu_data *out,
79
}
228
+ TLBFlushPageBitsByMMUIdxData d)
80
r = s->cfg5;
229
+{
81
break;
230
+ /* We need 6 bits to hold to hold @bits up to 63. */
82
case A_CFG6:
231
+ if (d.idxmap <= MAKE_64BIT_MASK(0, TARGET_PAGE_BITS - 6)) {
83
- if (scc_partno(s) != 0x524) {
232
+ *out = RUN_ON_CPU_TARGET_PTR(d.addr | (d.idxmap << 6) | d.bits);
84
- /* CFG6 reserved on other boards */
233
+ return true;
85
+ if (!have_cfg6(s)) {
234
+ }
86
goto bad_offset;
235
+ return false;
87
}
236
+}
88
r = s->cfg6;
237
+
89
@@ -XXX,XX +XXX,XX @@ static void mps2_scc_write(void *opaque, hwaddr offset, uint64_t value,
238
+static TLBFlushPageBitsByMMUIdxData
90
}
239
+decode_runon_to_pbm(run_on_cpu_data data)
91
break;
240
+{
92
case A_CFG2:
241
+ target_ulong addr_map_bits = (target_ulong) data.target_ptr;
93
- if (scc_partno(s) != 0x524 && scc_partno(s) != 0x547) {
242
+ return (TLBFlushPageBitsByMMUIdxData){
94
- /* CFG2 reserved on other boards */
243
+ .addr = addr_map_bits & TARGET_PAGE_MASK,
95
+ if (!have_cfg2(s)) {
244
+ .idxmap = (addr_map_bits & ~TARGET_PAGE_MASK) >> 6,
96
goto bad_offset;
245
+ .bits = addr_map_bits & 0x3f
97
}
246
+ };
98
/* AN524: QSPI Select signal */
247
+}
99
s->cfg2 = value;
248
+
100
break;
249
+static void tlb_flush_page_bits_by_mmuidx_async_1(CPUState *cpu,
101
case A_CFG5:
250
+ run_on_cpu_data runon)
102
- if (scc_partno(s) != 0x524 && scc_partno(s) != 0x547) {
251
+{
103
- /* CFG5 reserved on other boards */
252
+ tlb_flush_page_bits_by_mmuidx_async_0(cpu, decode_runon_to_pbm(runon));
104
+ if (!have_cfg5(s)) {
253
+}
105
goto bad_offset;
254
+
106
}
255
+static void tlb_flush_page_bits_by_mmuidx_async_2(CPUState *cpu,
107
/* AN524: ACLK frequency in Hz */
256
+ run_on_cpu_data data)
108
s->cfg5 = value;
257
+{
109
break;
258
+ TLBFlushPageBitsByMMUIdxData *d = data.host_ptr;
110
case A_CFG6:
259
+ tlb_flush_page_bits_by_mmuidx_async_0(cpu, *d);
111
- if (scc_partno(s) != 0x524) {
260
+ g_free(d);
112
- /* CFG6 reserved on other boards */
261
+}
113
+ if (!have_cfg6(s)) {
262
+
114
goto bad_offset;
263
+void tlb_flush_page_bits_by_mmuidx(CPUState *cpu, target_ulong addr,
115
}
264
+ uint16_t idxmap, unsigned bits)
116
/* AN524: Clock divider for BRAM */
265
+{
266
+ TLBFlushPageBitsByMMUIdxData d;
267
+ run_on_cpu_data runon;
268
+
269
+ /* If all bits are significant, this devolves to tlb_flush_page. */
270
+ if (bits >= TARGET_LONG_BITS) {
271
+ tlb_flush_page_by_mmuidx(cpu, addr, idxmap);
272
+ return;
273
+ }
274
+ /* If no page bits are significant, this devolves to tlb_flush. */
275
+ if (bits < TARGET_PAGE_BITS) {
276
+ tlb_flush_by_mmuidx(cpu, idxmap);
277
+ return;
278
+ }
279
+
280
+ /* This should already be page aligned */
281
+ d.addr = addr & TARGET_PAGE_MASK;
282
+ d.idxmap = idxmap;
283
+ d.bits = bits;
284
+
285
+ if (qemu_cpu_is_self(cpu)) {
286
+ tlb_flush_page_bits_by_mmuidx_async_0(cpu, d);
287
+ } else if (encode_pbm_to_runon(&runon, d)) {
288
+ async_run_on_cpu(cpu, tlb_flush_page_bits_by_mmuidx_async_1, runon);
289
+ } else {
290
+ TLBFlushPageBitsByMMUIdxData *p
291
+ = g_new(TLBFlushPageBitsByMMUIdxData, 1);
292
+
293
+ /* Otherwise allocate a structure, freed by the worker. */
294
+ *p = d;
295
+ async_run_on_cpu(cpu, tlb_flush_page_bits_by_mmuidx_async_2,
296
+ RUN_ON_CPU_HOST_PTR(p));
297
+ }
298
+}
299
+
300
+void tlb_flush_page_bits_by_mmuidx_all_cpus(CPUState *src_cpu,
301
+ target_ulong addr,
302
+ uint16_t idxmap,
303
+ unsigned bits)
304
+{
305
+ TLBFlushPageBitsByMMUIdxData d;
306
+ run_on_cpu_data runon;
307
+
308
+ /* If all bits are significant, this devolves to tlb_flush_page. */
309
+ if (bits >= TARGET_LONG_BITS) {
310
+ tlb_flush_page_by_mmuidx_all_cpus(src_cpu, addr, idxmap);
311
+ return;
312
+ }
313
+ /* If no page bits are significant, this devolves to tlb_flush. */
314
+ if (bits < TARGET_PAGE_BITS) {
315
+ tlb_flush_by_mmuidx_all_cpus(src_cpu, idxmap);
316
+ return;
317
+ }
318
+
319
+ /* This should already be page aligned */
320
+ d.addr = addr & TARGET_PAGE_MASK;
321
+ d.idxmap = idxmap;
322
+ d.bits = bits;
323
+
324
+ if (encode_pbm_to_runon(&runon, d)) {
325
+ flush_all_helper(src_cpu, tlb_flush_page_bits_by_mmuidx_async_1, runon);
326
+ } else {
327
+ CPUState *dst_cpu;
328
+ TLBFlushPageBitsByMMUIdxData *p;
329
+
330
+ /* Allocate a separate data block for each destination cpu. */
331
+ CPU_FOREACH(dst_cpu) {
332
+ if (dst_cpu != src_cpu) {
333
+ p = g_new(TLBFlushPageBitsByMMUIdxData, 1);
334
+ *p = d;
335
+ async_run_on_cpu(dst_cpu,
336
+ tlb_flush_page_bits_by_mmuidx_async_2,
337
+ RUN_ON_CPU_HOST_PTR(p));
338
+ }
339
+ }
340
+ }
341
+
342
+ tlb_flush_page_bits_by_mmuidx_async_0(src_cpu, d);
343
+}
344
+
345
+void tlb_flush_page_bits_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
346
+ target_ulong addr,
347
+ uint16_t idxmap,
348
+ unsigned bits)
349
+{
350
+ TLBFlushPageBitsByMMUIdxData d;
351
+ run_on_cpu_data runon;
352
+
353
+ /* If all bits are significant, this devolves to tlb_flush_page. */
354
+ if (bits >= TARGET_LONG_BITS) {
355
+ tlb_flush_page_by_mmuidx_all_cpus_synced(src_cpu, addr, idxmap);
356
+ return;
357
+ }
358
+ /* If no page bits are significant, this devolves to tlb_flush. */
359
+ if (bits < TARGET_PAGE_BITS) {
360
+ tlb_flush_by_mmuidx_all_cpus_synced(src_cpu, idxmap);
361
+ return;
362
+ }
363
+
364
+ /* This should already be page aligned */
365
+ d.addr = addr & TARGET_PAGE_MASK;
366
+ d.idxmap = idxmap;
367
+ d.bits = bits;
368
+
369
+ if (encode_pbm_to_runon(&runon, d)) {
370
+ flush_all_helper(src_cpu, tlb_flush_page_bits_by_mmuidx_async_1, runon);
371
+ async_safe_run_on_cpu(src_cpu, tlb_flush_page_bits_by_mmuidx_async_1,
372
+ runon);
373
+ } else {
374
+ CPUState *dst_cpu;
375
+ TLBFlushPageBitsByMMUIdxData *p;
376
+
377
+ /* Allocate a separate data block for each destination cpu. */
378
+ CPU_FOREACH(dst_cpu) {
379
+ if (dst_cpu != src_cpu) {
380
+ p = g_new(TLBFlushPageBitsByMMUIdxData, 1);
381
+ *p = d;
382
+ async_run_on_cpu(dst_cpu, tlb_flush_page_bits_by_mmuidx_async_2,
383
+ RUN_ON_CPU_HOST_PTR(p));
384
+ }
385
+ }
386
+
387
+ p = g_new(TLBFlushPageBitsByMMUIdxData, 1);
388
+ *p = d;
389
+ async_safe_run_on_cpu(src_cpu, tlb_flush_page_bits_by_mmuidx_async_2,
390
+ RUN_ON_CPU_HOST_PTR(p));
391
+ }
392
+}
393
+
394
/* update the TLBs so that writes to code in the virtual page 'addr'
395
can be detected */
396
void tlb_protect_code(ram_addr_t ram_addr)
397
--
117
--
398
2.20.1
118
2.34.1
399
119
400
120
diff view generated by jsdifflib
1
From v8.1M, disabled-coprocessor handling changes slightly:
1
The MPS2 SCC device is broadly the same for all FPGA images, but has
2
* coprocessors 8, 9, 14 and 15 are also governed by the
2
minor differences in the behaviour of the CFG registers depending on
3
cp10 enable bit, like cp11
3
the image. In many cases we don't really care about the functionality
4
* an extra range of instruction patterns is considered
4
controlled by these registers and a reads-as-written or similar
5
to be inside the coprocessor space
5
behaviour is sufficient for the moment.
6
6
7
We previously marked these up with TODO comments; implement the
7
For the AN536 the required behaviour is:
8
correct behaviour.
8
9
9
* A_CFG0 has CPU reset and halt bits
10
Unfortunately there is no ID register field which indicates this
10
- implement as reads-as-written for the moment
11
behaviour. We could in theory test an unrelated ID register which
11
* A_CFG1 has flash or ATCM address 0 remap handling
12
indicates guaranteed-to-be-in-v8.1M behaviour like ID_ISAR0.CmpBranch
12
- QEMU doesn't model this; implement as reads-as-written
13
>= 3 (low-overhead-loops), but it seems better to simply define a new
13
* A_CFG2 has QSPI select (like AN524)
14
ARM_FEATURE_V8_1M feature flag and use it for this and other
14
- implemented (no behaviour, as with AN524)
15
new-in-v8.1M behaviour that isn't identifiable from the ID registers.
15
* A_CFG3 is MCC_MSB_ADDR "additional MCC addressing bits"
16
- QEMU doesn't care about these, so use the existing
17
RAZ behaviour for convenience
18
* A_CFG4 is board rev (like all other images)
19
- no change needed
20
* A_CFG5 is ACLK frq in hz (like AN524)
21
- implemented as reads-as-written, as for other boards
22
* A_CFG6 is core 0 vector table base address
23
- implemented as reads-as-written for the moment
24
* A_CFG7 is core 1 vector table base address
25
- implemented as reads-as-written for the moment
26
27
Make the changes necessary for this; leave TODO comments where
28
appropriate to indicate where we might want to come back and
29
implement things like CPU reset.
30
31
The other aspects of the device specific to this FPGA image (like the
32
values of the board ID and similar registers) will be set via the
33
device's qdev properties.
16
34
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
35
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
36
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
19
Message-id: 20201019151301.2046-3-peter.maydell@linaro.org
37
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
38
Message-id: 20240206132931.38376-8-peter.maydell@linaro.org
20
---
39
---
21
target/arm/cpu.h | 1 +
40
include/hw/misc/mps2-scc.h | 1 +
22
target/arm/m-nocp.decode | 10 ++++++----
41
hw/misc/mps2-scc.c | 101 +++++++++++++++++++++++++++++++++----
23
target/arm/translate-vfp.c.inc | 17 +++++++++++++++--
42
2 files changed, 92 insertions(+), 10 deletions(-)
24
3 files changed, 22 insertions(+), 6 deletions(-)
43
25
44
diff --git a/include/hw/misc/mps2-scc.h b/include/hw/misc/mps2-scc.h
26
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
27
index XXXXXXX..XXXXXXX 100644
45
index XXXXXXX..XXXXXXX 100644
28
--- a/target/arm/cpu.h
46
--- a/include/hw/misc/mps2-scc.h
29
+++ b/target/arm/cpu.h
47
+++ b/include/hw/misc/mps2-scc.h
30
@@ -XXX,XX +XXX,XX @@ enum arm_features {
48
@@ -XXX,XX +XXX,XX @@ struct MPS2SCC {
31
ARM_FEATURE_VBAR, /* has cp15 VBAR */
49
uint32_t cfg4;
32
ARM_FEATURE_M_SECURITY, /* M profile Security Extension */
50
uint32_t cfg5;
33
ARM_FEATURE_M_MAIN, /* M profile Main Extension */
51
uint32_t cfg6;
34
+ ARM_FEATURE_V8_1M, /* M profile extras only in v8.1M and later */
52
+ uint32_t cfg7;
53
uint32_t cfgdata_rtn;
54
uint32_t cfgdata_out;
55
uint32_t cfgctrl;
56
diff --git a/hw/misc/mps2-scc.c b/hw/misc/mps2-scc.c
57
index XXXXXXX..XXXXXXX 100644
58
--- a/hw/misc/mps2-scc.c
59
+++ b/hw/misc/mps2-scc.c
60
@@ -XXX,XX +XXX,XX @@ REG32(CFG3, 0xc)
61
REG32(CFG4, 0x10)
62
REG32(CFG5, 0x14)
63
REG32(CFG6, 0x18)
64
+REG32(CFG7, 0x1c)
65
REG32(CFGDATA_RTN, 0xa0)
66
REG32(CFGDATA_OUT, 0xa4)
67
REG32(CFGCTRL, 0xa8)
68
@@ -XXX,XX +XXX,XX @@ static int scc_partno(MPS2SCC *s)
69
/* Is CFG_REG2 present? */
70
static bool have_cfg2(MPS2SCC *s)
71
{
72
- return scc_partno(s) == 0x524 || scc_partno(s) == 0x547;
73
+ return scc_partno(s) == 0x524 || scc_partno(s) == 0x547 ||
74
+ scc_partno(s) == 0x536;
75
}
76
77
/* Is CFG_REG3 present? */
78
static bool have_cfg3(MPS2SCC *s)
79
{
80
- return scc_partno(s) != 0x524 && scc_partno(s) != 0x547;
81
+ return scc_partno(s) != 0x524 && scc_partno(s) != 0x547 &&
82
+ scc_partno(s) != 0x536;
83
}
84
85
/* Is CFG_REG5 present? */
86
static bool have_cfg5(MPS2SCC *s)
87
{
88
- return scc_partno(s) == 0x524 || scc_partno(s) == 0x547;
89
+ return scc_partno(s) == 0x524 || scc_partno(s) == 0x547 ||
90
+ scc_partno(s) == 0x536;
91
}
92
93
/* Is CFG_REG6 present? */
94
static bool have_cfg6(MPS2SCC *s)
95
{
96
- return scc_partno(s) == 0x524;
97
+ return scc_partno(s) == 0x524 || scc_partno(s) == 0x536;
98
+}
99
+
100
+/* Is CFG_REG7 present? */
101
+static bool have_cfg7(MPS2SCC *s)
102
+{
103
+ return scc_partno(s) == 0x536;
104
+}
105
+
106
+/* Does CFG_REG0 drive the 'remap' GPIO output? */
107
+static bool cfg0_is_remap(MPS2SCC *s)
108
+{
109
+ return scc_partno(s) != 0x536;
110
+}
111
+
112
+/* Is CFG_REG1 driving a set of LEDs? */
113
+static bool cfg1_is_leds(MPS2SCC *s)
114
+{
115
+ return scc_partno(s) != 0x536;
116
}
117
118
/* Handle a write via the SYS_CFG channel to the specified function/device.
119
@@ -XXX,XX +XXX,XX @@ static uint64_t mps2_scc_read(void *opaque, hwaddr offset, unsigned size)
120
if (!have_cfg3(s)) {
121
goto bad_offset;
122
}
123
- /* These are user-settable DIP switches on the board. We don't
124
+ /*
125
+ * These are user-settable DIP switches on the board. We don't
126
* model that, so just return zeroes.
127
+ *
128
+ * TODO: for AN536 this is MCC_MSB_ADDR "additional MCC addressing
129
+ * bits". These change which part of the DDR4 the motherboard
130
+ * configuration controller can see in its memory map (see the
131
+ * appnote section 2.4). QEMU doesn't model the MCC at all, so these
132
+ * bits are not interesting to us; read-as-zero is as good as anything
133
+ * else.
134
*/
135
r = 0;
136
break;
137
@@ -XXX,XX +XXX,XX @@ static uint64_t mps2_scc_read(void *opaque, hwaddr offset, unsigned size)
138
}
139
r = s->cfg6;
140
break;
141
+ case A_CFG7:
142
+ if (!have_cfg7(s)) {
143
+ goto bad_offset;
144
+ }
145
+ r = s->cfg7;
146
+ break;
147
case A_CFGDATA_RTN:
148
r = s->cfgdata_rtn;
149
break;
150
@@ -XXX,XX +XXX,XX @@ static void mps2_scc_write(void *opaque, hwaddr offset, uint64_t value,
151
* we always reflect bit 0 in the 'remap' GPIO output line,
152
* and let the board wire it up or not as it chooses.
153
* TODO on some boards bit 1 is CPU_WAIT.
154
+ *
155
+ * TODO: on the AN536 this register controls reset and halt
156
+ * for both CPUs. For the moment we don't implement this, so the
157
+ * register just reads as written.
158
*/
159
s->cfg0 = value;
160
- qemu_set_irq(s->remap, s->cfg0 & 1);
161
+ if (cfg0_is_remap(s)) {
162
+ qemu_set_irq(s->remap, s->cfg0 & 1);
163
+ }
164
break;
165
case A_CFG1:
166
s->cfg1 = value;
167
- for (size_t i = 0; i < ARRAY_SIZE(s->led); i++) {
168
- led_set_state(s->led[i], extract32(value, i, 1));
169
+ /*
170
+ * On most boards this register drives LEDs.
171
+ *
172
+ * TODO: for AN536 this controls whether flash and ATCM are
173
+ * enabled or disabled on reset. QEMU doesn't model this, and
174
+ * always wires up RAM in the ATCM area and ROM in the flash area.
175
+ */
176
+ if (cfg1_is_leds(s)) {
177
+ for (size_t i = 0; i < ARRAY_SIZE(s->led); i++) {
178
+ led_set_state(s->led[i], extract32(value, i, 1));
179
+ }
180
}
181
break;
182
case A_CFG2:
183
if (!have_cfg2(s)) {
184
goto bad_offset;
185
}
186
- /* AN524: QSPI Select signal */
187
+ /* AN524, AN536: QSPI Select signal */
188
s->cfg2 = value;
189
break;
190
case A_CFG5:
191
if (!have_cfg5(s)) {
192
goto bad_offset;
193
}
194
- /* AN524: ACLK frequency in Hz */
195
+ /* AN524, AN536: ACLK frequency in Hz */
196
s->cfg5 = value;
197
break;
198
case A_CFG6:
199
@@ -XXX,XX +XXX,XX @@ static void mps2_scc_write(void *opaque, hwaddr offset, uint64_t value,
200
goto bad_offset;
201
}
202
/* AN524: Clock divider for BRAM */
203
+ /* AN536: Core 0 vector table base address */
204
+ s->cfg6 = value;
205
+ break;
206
+ case A_CFG7:
207
+ if (!have_cfg7(s)) {
208
+ goto bad_offset;
209
+ }
210
+ /* AN536: Core 1 vector table base address */
211
s->cfg6 = value;
212
break;
213
case A_CFGDATA_OUT:
214
@@ -XXX,XX +XXX,XX @@ static void mps2_scc_finalize(Object *obj)
215
g_free(s->oscclk_reset);
216
}
217
218
+static bool cfg7_needed(void *opaque)
219
+{
220
+ MPS2SCC *s = opaque;
221
+
222
+ return have_cfg7(s);
223
+}
224
+
225
+static const VMStateDescription vmstate_cfg7 = {
226
+ .name = "mps2-scc/cfg7",
227
+ .version_id = 1,
228
+ .minimum_version_id = 1,
229
+ .needed = cfg7_needed,
230
+ .fields = (const VMStateField[]) {
231
+ VMSTATE_UINT32(cfg7, MPS2SCC),
232
+ VMSTATE_END_OF_LIST()
233
+ }
234
+};
235
+
236
static const VMStateDescription mps2_scc_vmstate = {
237
.name = "mps2-scc",
238
.version_id = 3,
239
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription mps2_scc_vmstate = {
240
VMSTATE_VARRAY_UINT32(oscclk, MPS2SCC, num_oscclk,
241
0, vmstate_info_uint32, uint32_t),
242
VMSTATE_END_OF_LIST()
243
+ },
244
+ .subsections = (const VMStateDescription * const []) {
245
+ &vmstate_cfg7,
246
+ NULL
247
}
35
};
248
};
36
249
37
static inline int arm_feature(CPUARMState *env, int feature)
38
diff --git a/target/arm/m-nocp.decode b/target/arm/m-nocp.decode
39
index XXXXXXX..XXXXXXX 100644
40
--- a/target/arm/m-nocp.decode
41
+++ b/target/arm/m-nocp.decode
42
@@ -XXX,XX +XXX,XX @@
43
# If the coprocessor is not present or disabled then we will generate
44
# the NOCP exception; otherwise we let the insn through to the main decode.
45
46
+&nocp cp
47
+
48
{
49
# Special cases which do not take an early NOCP: VLLDM and VLSTM
50
VLLDM_VLSTM 1110 1100 001 l:1 rn:4 0000 1010 0000 0000
51
# TODO: VSCCLRM (new in v8.1M) is similar:
52
#VSCCLRM 1110 1100 1-01 1111 ---- 1011 ---- ---0
53
54
- NOCP 111- 1110 ---- ---- ---- cp:4 ---- ----
55
- NOCP 111- 110- ---- ---- ---- cp:4 ---- ----
56
- # TODO: From v8.1M onwards we will also want this range to NOCP
57
- #NOCP_8_1 111- 1111 ---- ---- ---- ---- ---- ---- cp=10
58
+ NOCP 111- 1110 ---- ---- ---- cp:4 ---- ---- &nocp
59
+ NOCP 111- 110- ---- ---- ---- cp:4 ---- ---- &nocp
60
+ # From v8.1M onwards this range will also NOCP:
61
+ NOCP_8_1 111- 1111 ---- ---- ---- ---- ---- ---- &nocp cp=10
62
}
63
diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
64
index XXXXXXX..XXXXXXX 100644
65
--- a/target/arm/translate-vfp.c.inc
66
+++ b/target/arm/translate-vfp.c.inc
67
@@ -XXX,XX +XXX,XX @@ static bool trans_VLLDM_VLSTM(DisasContext *s, arg_VLLDM_VLSTM *a)
68
return true;
69
}
70
71
-static bool trans_NOCP(DisasContext *s, arg_NOCP *a)
72
+static bool trans_NOCP(DisasContext *s, arg_nocp *a)
73
{
74
/*
75
* Handle M-profile early check for disabled coprocessor:
76
@@ -XXX,XX +XXX,XX @@ static bool trans_NOCP(DisasContext *s, arg_NOCP *a)
77
if (a->cp == 11) {
78
a->cp = 10;
79
}
80
- /* TODO: in v8.1M cp 8, 9, 14, 15 also are governed by the cp10 enable */
81
+ if (arm_dc_feature(s, ARM_FEATURE_V8_1M) &&
82
+ (a->cp == 8 || a->cp == 9 || a->cp == 14 || a->cp == 15)) {
83
+ /* in v8.1M cp 8, 9, 14, 15 also are governed by the cp10 enable */
84
+ a->cp = 10;
85
+ }
86
87
if (a->cp != 10) {
88
gen_exception_insn(s, s->pc_curr, EXCP_NOCP,
89
@@ -XXX,XX +XXX,XX @@ static bool trans_NOCP(DisasContext *s, arg_NOCP *a)
90
return false;
91
}
92
93
+static bool trans_NOCP_8_1(DisasContext *s, arg_nocp *a)
94
+{
95
+ /* This range needs a coprocessor check for v8.1M and later only */
96
+ if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) {
97
+ return false;
98
+ }
99
+ return trans_NOCP(s, a);
100
+}
101
+
102
static bool trans_VINS(DisasContext *s, arg_VINS *a)
103
{
104
TCGv_i32 rd, rm;
105
--
250
--
106
2.20.1
251
2.34.1
107
252
108
253
diff view generated by jsdifflib
1
From: Richard Henderson <richard.henderson@linaro.org>
1
The AN536 is another FPGA image for the MPS3 development board. Unlike
2
2
the existing FPGA images we already model, this board uses a Cortex-R
3
The note test requires gcc 10 for -mbranch-protection=standard.
3
family CPU, and it does not use any equivalent to the M-profile
4
The mmap test uses PROT_BTI and does not require special compiler support.
4
"Subsystem for Embedded" SoC-equivalent that we model in hw/arm/armsse.c.
5
5
It's therefore more convenient for us to model it as a completely
6
Acked-by: Alex Bennée <alex.bennee@linaro.org>
6
separate C file.
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
This commit adds the basic skeleton of the board model, and the
9
Message-id: 20201016184207.786698-13-richard.henderson@linaro.org
9
code to create all the RAM and ROM. We assume that we're probably
10
going to want to add more images in future, so use the same
11
base class/subclass setup that mps2-tz.c uses, even though at
12
the moment there's only a single subclass.
13
14
Following commits will add the CPUs and the peripherals.
15
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
18
Message-id: 20240206132931.38376-9-peter.maydell@linaro.org
11
---
19
---
12
tests/tcg/aarch64/bti-1.c | 62 +++++++++++++++++
20
MAINTAINERS | 3 +-
13
tests/tcg/aarch64/bti-2.c | 108 ++++++++++++++++++++++++++++++
21
configs/devices/arm-softmmu/default.mak | 1 +
14
tests/tcg/aarch64/bti-crt.inc.c | 51 ++++++++++++++
22
hw/arm/mps3r.c | 239 ++++++++++++++++++++++++
15
tests/tcg/aarch64/Makefile.target | 10 +++
23
hw/arm/Kconfig | 5 +
16
tests/tcg/configure.sh | 4 ++
24
hw/arm/meson.build | 1 +
17
5 files changed, 235 insertions(+)
25
5 files changed, 248 insertions(+), 1 deletion(-)
18
create mode 100644 tests/tcg/aarch64/bti-1.c
26
create mode 100644 hw/arm/mps3r.c
19
create mode 100644 tests/tcg/aarch64/bti-2.c
27
20
create mode 100644 tests/tcg/aarch64/bti-crt.inc.c
28
diff --git a/MAINTAINERS b/MAINTAINERS
21
29
index XXXXXXX..XXXXXXX 100644
22
diff --git a/tests/tcg/aarch64/bti-1.c b/tests/tcg/aarch64/bti-1.c
30
--- a/MAINTAINERS
31
+++ b/MAINTAINERS
32
@@ -XXX,XX +XXX,XX @@ F: include/hw/misc/imx7_*.h
33
F: hw/pci-host/designware.c
34
F: include/hw/pci-host/designware.h
35
36
-MPS2
37
+MPS2 / MPS3
38
M: Peter Maydell <peter.maydell@linaro.org>
39
L: qemu-arm@nongnu.org
40
S: Maintained
41
F: hw/arm/mps2.c
42
F: hw/arm/mps2-tz.c
43
+F: hw/arm/mps3r.c
44
F: hw/misc/mps2-*.c
45
F: include/hw/misc/mps2-*.h
46
F: hw/arm/armsse.c
47
diff --git a/configs/devices/arm-softmmu/default.mak b/configs/devices/arm-softmmu/default.mak
48
index XXXXXXX..XXXXXXX 100644
49
--- a/configs/devices/arm-softmmu/default.mak
50
+++ b/configs/devices/arm-softmmu/default.mak
51
@@ -XXX,XX +XXX,XX @@ CONFIG_ARM_VIRT=y
52
# CONFIG_INTEGRATOR=n
53
# CONFIG_FSL_IMX31=n
54
# CONFIG_MUSICPAL=n
55
+# CONFIG_MPS3R=n
56
# CONFIG_MUSCA=n
57
# CONFIG_CHEETAH=n
58
# CONFIG_SX1=n
59
diff --git a/hw/arm/mps3r.c b/hw/arm/mps3r.c
23
new file mode 100644
60
new file mode 100644
24
index XXXXXXX..XXXXXXX
61
index XXXXXXX..XXXXXXX
25
--- /dev/null
62
--- /dev/null
26
+++ b/tests/tcg/aarch64/bti-1.c
63
+++ b/hw/arm/mps3r.c
27
@@ -XXX,XX +XXX,XX @@
64
@@ -XXX,XX +XXX,XX @@
28
+/*
65
+/*
29
+ * Branch target identification, basic notskip cases.
66
+ * Arm MPS3 board emulation for Cortex-R-based FPGA images.
67
+ * (For M-profile images see mps2.c and mps2tz.c.)
68
+ *
69
+ * Copyright (c) 2017 Linaro Limited
70
+ * Written by Peter Maydell
71
+ *
72
+ * This program is free software; you can redistribute it and/or modify
73
+ * it under the terms of the GNU General Public License version 2 or
74
+ * (at your option) any later version.
30
+ */
75
+ */
31
+
76
+
32
+#include "bti-crt.inc.c"
33
+
34
+static void skip2_sigill(int sig, siginfo_t *info, ucontext_t *uc)
35
+{
36
+ uc->uc_mcontext.pc += 8;
37
+ uc->uc_mcontext.pstate = 1;
38
+}
39
+
40
+#define NOP "nop"
41
+#define BTI_N "hint #32"
42
+#define BTI_C "hint #34"
43
+#define BTI_J "hint #36"
44
+#define BTI_JC "hint #38"
45
+
46
+#define BTYPE_1(DEST) \
47
+ asm("mov %0,#1; adr x16, 1f; br x16; 1: " DEST "; mov %0,#0" \
48
+ : "=r"(skipped) : : "x16")
49
+
50
+#define BTYPE_2(DEST) \
51
+ asm("mov %0,#1; adr x16, 1f; blr x16; 1: " DEST "; mov %0,#0" \
52
+ : "=r"(skipped) : : "x16", "x30")
53
+
54
+#define BTYPE_3(DEST) \
55
+ asm("mov %0,#1; adr x15, 1f; br x15; 1: " DEST "; mov %0,#0" \
56
+ : "=r"(skipped) : : "x15")
57
+
58
+#define TEST(WHICH, DEST, EXPECT) \
59
+ do { WHICH(DEST); fail += skipped ^ EXPECT; } while (0)
60
+
61
+
62
+int main()
63
+{
64
+ int fail = 0;
65
+ int skipped;
66
+
67
+ /* Signal-like with SA_SIGINFO. */
68
+ signal_info(SIGILL, skip2_sigill);
69
+
70
+ TEST(BTYPE_1, NOP, 1);
71
+ TEST(BTYPE_1, BTI_N, 1);
72
+ TEST(BTYPE_1, BTI_C, 0);
73
+ TEST(BTYPE_1, BTI_J, 0);
74
+ TEST(BTYPE_1, BTI_JC, 0);
75
+
76
+ TEST(BTYPE_2, NOP, 1);
77
+ TEST(BTYPE_2, BTI_N, 1);
78
+ TEST(BTYPE_2, BTI_C, 0);
79
+ TEST(BTYPE_2, BTI_J, 1);
80
+ TEST(BTYPE_2, BTI_JC, 0);
81
+
82
+ TEST(BTYPE_3, NOP, 1);
83
+ TEST(BTYPE_3, BTI_N, 1);
84
+ TEST(BTYPE_3, BTI_C, 1);
85
+ TEST(BTYPE_3, BTI_J, 0);
86
+ TEST(BTYPE_3, BTI_JC, 0);
87
+
88
+ return fail;
89
+}
90
diff --git a/tests/tcg/aarch64/bti-2.c b/tests/tcg/aarch64/bti-2.c
91
new file mode 100644
92
index XXXXXXX..XXXXXXX
93
--- /dev/null
94
+++ b/tests/tcg/aarch64/bti-2.c
95
@@ -XXX,XX +XXX,XX @@
96
+/*
77
+/*
97
+ * Branch target identification, basic notskip cases.
78
+ * The MPS3 is an FPGA based dev board. This file handles FPGA images
79
+ * which use the Cortex-R CPUs. We model these separately from the
80
+ * M-profile images, because on M-profile the FPGA image is based on
81
+ * a "Subsystem for Embedded" which is similar to an SoC, whereas
82
+ * the R-profile FPGA images don't have that abstraction layer.
83
+ *
84
+ * We model the following FPGA images here:
85
+ * "mps3-an536" -- dual Cortex-R52 as documented in Arm Application Note AN536
86
+ *
87
+ * Application Note AN536:
88
+ * https://developer.arm.com/documentation/dai0536/latest/
98
+ */
89
+ */
99
+
90
+
100
+#include <stdio.h>
91
+#include "qemu/osdep.h"
101
+#include <signal.h>
92
+#include "qemu/units.h"
102
+#include <string.h>
93
+#include "qapi/error.h"
103
+#include <unistd.h>
94
+#include "exec/address-spaces.h"
104
+#include <sys/mman.h>
95
+#include "cpu.h"
105
+
96
+#include "hw/boards.h"
106
+#ifndef PROT_BTI
97
+#include "hw/arm/boot.h"
107
+#define PROT_BTI 0x10
98
+
99
+/* Define the layout of RAM and ROM in a board */
100
+typedef struct RAMInfo {
101
+ const char *name;
102
+ hwaddr base;
103
+ hwaddr size;
104
+ int mrindex; /* index into rams[]; -1 for the system RAM block */
105
+ int flags;
106
+} RAMInfo;
107
+
108
+/*
109
+ * The MPS3 DDR is 3GiB, but on a 32-bit host QEMU doesn't permit
110
+ * emulation of that much guest RAM, so artificially make it smaller.
111
+ */
112
+#if HOST_LONG_BITS == 32
113
+#define MPS3_DDR_SIZE (1 * GiB)
114
+#else
115
+#define MPS3_DDR_SIZE (3 * GiB)
108
+#endif
116
+#endif
109
+
117
+
110
+static void skip2_sigill(int sig, siginfo_t *info, void *vuc)
111
+{
112
+ ucontext_t *uc = vuc;
113
+ uc->uc_mcontext.pc += 8;
114
+ uc->uc_mcontext.pstate = 1;
115
+}
116
+
117
+#define NOP "nop"
118
+#define BTI_N "hint #32"
119
+#define BTI_C "hint #34"
120
+#define BTI_J "hint #36"
121
+#define BTI_JC "hint #38"
122
+
123
+#define BTYPE_1(DEST) \
124
+ "mov x1, #1\n\t" \
125
+ "adr x16, 1f\n\t" \
126
+ "br x16\n" \
127
+"1: " DEST "\n\t" \
128
+ "mov x1, #0"
129
+
130
+#define BTYPE_2(DEST) \
131
+ "mov x1, #1\n\t" \
132
+ "adr x16, 1f\n\t" \
133
+ "blr x16\n" \
134
+"1: " DEST "\n\t" \
135
+ "mov x1, #0"
136
+
137
+#define BTYPE_3(DEST) \
138
+ "mov x1, #1\n\t" \
139
+ "adr x15, 1f\n\t" \
140
+ "br x15\n" \
141
+"1: " DEST "\n\t" \
142
+ "mov x1, #0"
143
+
144
+#define TEST(WHICH, DEST, EXPECT) \
145
+ WHICH(DEST) "\n" \
146
+ ".if " #EXPECT "\n\t" \
147
+ "eor x1, x1," #EXPECT "\n" \
148
+ ".endif\n\t" \
149
+ "add x0, x0, x1\n\t"
150
+
151
+extern char test_begin[], test_end[];
152
+
153
+asm("\n"
154
+"test_begin:\n\t"
155
+ BTI_C "\n\t"
156
+ "mov x2, x30\n\t"
157
+ "mov x0, #0\n\t"
158
+
159
+ TEST(BTYPE_1, NOP, 1)
160
+ TEST(BTYPE_1, BTI_N, 1)
161
+ TEST(BTYPE_1, BTI_C, 0)
162
+ TEST(BTYPE_1, BTI_J, 0)
163
+ TEST(BTYPE_1, BTI_JC, 0)
164
+
165
+ TEST(BTYPE_2, NOP, 1)
166
+ TEST(BTYPE_2, BTI_N, 1)
167
+ TEST(BTYPE_2, BTI_C, 0)
168
+ TEST(BTYPE_2, BTI_J, 1)
169
+ TEST(BTYPE_2, BTI_JC, 0)
170
+
171
+ TEST(BTYPE_3, NOP, 1)
172
+ TEST(BTYPE_3, BTI_N, 1)
173
+ TEST(BTYPE_3, BTI_C, 1)
174
+ TEST(BTYPE_3, BTI_J, 0)
175
+ TEST(BTYPE_3, BTI_JC, 0)
176
+
177
+ "ret x2\n"
178
+"test_end:"
179
+);
180
+
181
+int main()
182
+{
183
+ struct sigaction sa;
184
+
185
+ void *p = mmap(0, getpagesize(),
186
+ PROT_EXEC | PROT_READ | PROT_WRITE | PROT_BTI,
187
+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
188
+ if (p == MAP_FAILED) {
189
+ perror("mmap");
190
+ return 1;
191
+ }
192
+
193
+ memset(&sa, 0, sizeof(sa));
194
+ sa.sa_sigaction = skip2_sigill;
195
+ sa.sa_flags = SA_SIGINFO;
196
+ if (sigaction(SIGILL, &sa, NULL) < 0) {
197
+ perror("sigaction");
198
+ return 1;
199
+ }
200
+
201
+ memcpy(p, test_begin, test_end - test_begin);
202
+ return ((int (*)(void))p)();
203
+}
204
diff --git a/tests/tcg/aarch64/bti-crt.inc.c b/tests/tcg/aarch64/bti-crt.inc.c
205
new file mode 100644
206
index XXXXXXX..XXXXXXX
207
--- /dev/null
208
+++ b/tests/tcg/aarch64/bti-crt.inc.c
209
@@ -XXX,XX +XXX,XX @@
210
+/*
118
+/*
211
+ * Minimal user-environment for testing BTI.
119
+ * Flag values:
212
+ *
120
+ * IS_MAIN: this is the main machine RAM
213
+ * Normal libc is not (yet) built with BTI support enabled,
121
+ * IS_ROM: this area is read-only
214
+ * and so could generate a BTI TRAP before ever reaching main.
215
+ */
122
+ */
216
+
123
+#define IS_MAIN 1
217
+#include <stdlib.h>
124
+#define IS_ROM 2
218
+#include <signal.h>
125
+
219
+#include <ucontext.h>
126
+#define MPS3R_RAM_MAX 9
220
+#include <asm/unistd.h>
127
+
221
+
128
+typedef enum MPS3RFPGAType {
222
+int main(void);
129
+ FPGA_AN536,
223
+
130
+} MPS3RFPGAType;
224
+void _start(void)
131
+
225
+{
132
+struct MPS3RMachineClass {
226
+ exit(main());
133
+ MachineClass parent;
227
+}
134
+ MPS3RFPGAType fpga_type;
228
+
135
+ const RAMInfo *raminfo;
229
+void exit(int ret)
136
+};
230
+{
137
+
231
+ register int x0 __asm__("x0") = ret;
138
+struct MPS3RMachineState {
232
+ register int x8 __asm__("x8") = __NR_exit;
139
+ MachineState parent;
233
+
140
+ MemoryRegion ram[MPS3R_RAM_MAX];
234
+ asm volatile("svc #0" : : "r"(x0), "r"(x8));
141
+};
235
+ __builtin_unreachable();
142
+
236
+}
143
+#define TYPE_MPS3R_MACHINE "mps3r"
237
+
144
+#define TYPE_MPS3R_AN536_MACHINE MACHINE_TYPE_NAME("mps3-an536")
238
+/*
145
+
239
+ * Irritatingly, the user API struct sigaction does not match the
146
+OBJECT_DECLARE_TYPE(MPS3RMachineState, MPS3RMachineClass, MPS3R_MACHINE)
240
+ * kernel API struct sigaction. So for simplicity, isolate the
147
+
241
+ * kernel ABI here, and make this act like signal.
148
+static const RAMInfo an536_raminfo[] = {
242
+ */
149
+ {
243
+void signal_info(int sig, void (*fn)(int, siginfo_t *, ucontext_t *))
150
+ .name = "ATCM",
244
+{
151
+ .base = 0x00000000,
245
+ struct kernel_sigaction {
152
+ .size = 0x00008000,
246
+ void (*handler)(int, siginfo_t *, ucontext_t *);
153
+ .mrindex = 0,
247
+ unsigned long flags;
154
+ }, {
248
+ unsigned long restorer;
155
+ /* We model the QSPI flash as simple ROM for now */
249
+ unsigned long mask;
156
+ .name = "QSPI",
250
+ } sa = { fn, SA_SIGINFO, 0, 0 };
157
+ .base = 0x08000000,
251
+
158
+ .size = 0x00800000,
252
+ register int x0 __asm__("x0") = sig;
159
+ .flags = IS_ROM,
253
+ register void *x1 __asm__("x1") = &sa;
160
+ .mrindex = 1,
254
+ register void *x2 __asm__("x2") = 0;
161
+ }, {
255
+ register int x3 __asm__("x3") = sizeof(unsigned long);
162
+ .name = "BRAM",
256
+ register int x8 __asm__("x8") = __NR_rt_sigaction;
163
+ .base = 0x10000000,
257
+
164
+ .size = 0x00080000,
258
+ asm volatile("svc #0"
165
+ .mrindex = 2,
259
+ : : "r"(x0), "r"(x1), "r"(x2), "r"(x3), "r"(x8) : "memory");
166
+ }, {
260
+}
167
+ .name = "DDR",
261
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
168
+ .base = 0x20000000,
169
+ .size = MPS3_DDR_SIZE,
170
+ .mrindex = -1,
171
+ }, {
172
+ .name = "ATCM0",
173
+ .base = 0xee000000,
174
+ .size = 0x00008000,
175
+ .mrindex = 3,
176
+ }, {
177
+ .name = "BTCM0",
178
+ .base = 0xee100000,
179
+ .size = 0x00008000,
180
+ .mrindex = 4,
181
+ }, {
182
+ .name = "CTCM0",
183
+ .base = 0xee200000,
184
+ .size = 0x00008000,
185
+ .mrindex = 5,
186
+ }, {
187
+ .name = "ATCM1",
188
+ .base = 0xee400000,
189
+ .size = 0x00008000,
190
+ .mrindex = 6,
191
+ }, {
192
+ .name = "BTCM1",
193
+ .base = 0xee500000,
194
+ .size = 0x00008000,
195
+ .mrindex = 7,
196
+ }, {
197
+ .name = "CTCM1",
198
+ .base = 0xee600000,
199
+ .size = 0x00008000,
200
+ .mrindex = 8,
201
+ }, {
202
+ .name = NULL,
203
+ }
204
+};
205
+
206
+static MemoryRegion *mr_for_raminfo(MPS3RMachineState *mms,
207
+ const RAMInfo *raminfo)
208
+{
209
+ /* Return an initialized MemoryRegion for the RAMInfo. */
210
+ MemoryRegion *ram;
211
+
212
+ if (raminfo->mrindex < 0) {
213
+ /* Means this RAMInfo is for QEMU's "system memory" */
214
+ MachineState *machine = MACHINE(mms);
215
+ assert(!(raminfo->flags & IS_ROM));
216
+ return machine->ram;
217
+ }
218
+
219
+ assert(raminfo->mrindex < MPS3R_RAM_MAX);
220
+ ram = &mms->ram[raminfo->mrindex];
221
+
222
+ memory_region_init_ram(ram, NULL, raminfo->name,
223
+ raminfo->size, &error_fatal);
224
+ if (raminfo->flags & IS_ROM) {
225
+ memory_region_set_readonly(ram, true);
226
+ }
227
+ return ram;
228
+}
229
+
230
+static void mps3r_common_init(MachineState *machine)
231
+{
232
+ MPS3RMachineState *mms = MPS3R_MACHINE(machine);
233
+ MPS3RMachineClass *mmc = MPS3R_MACHINE_GET_CLASS(mms);
234
+ MemoryRegion *sysmem = get_system_memory();
235
+
236
+ for (const RAMInfo *ri = mmc->raminfo; ri->name; ri++) {
237
+ MemoryRegion *mr = mr_for_raminfo(mms, ri);
238
+ memory_region_add_subregion(sysmem, ri->base, mr);
239
+ }
240
+}
241
+
242
+static void mps3r_set_default_ram_info(MPS3RMachineClass *mmc)
243
+{
244
+ /*
245
+ * Set mc->default_ram_size and default_ram_id from the
246
+ * information in mmc->raminfo.
247
+ */
248
+ MachineClass *mc = MACHINE_CLASS(mmc);
249
+ const RAMInfo *p;
250
+
251
+ for (p = mmc->raminfo; p->name; p++) {
252
+ if (p->mrindex < 0) {
253
+ /* Found the entry for "system memory" */
254
+ mc->default_ram_size = p->size;
255
+ mc->default_ram_id = p->name;
256
+ return;
257
+ }
258
+ }
259
+ g_assert_not_reached();
260
+}
261
+
262
+static void mps3r_class_init(ObjectClass *oc, void *data)
263
+{
264
+ MachineClass *mc = MACHINE_CLASS(oc);
265
+
266
+ mc->init = mps3r_common_init;
267
+}
268
+
269
+static void mps3r_an536_class_init(ObjectClass *oc, void *data)
270
+{
271
+ MachineClass *mc = MACHINE_CLASS(oc);
272
+ MPS3RMachineClass *mmc = MPS3R_MACHINE_CLASS(oc);
273
+ static const char * const valid_cpu_types[] = {
274
+ ARM_CPU_TYPE_NAME("cortex-r52"),
275
+ NULL
276
+ };
277
+
278
+ mc->desc = "ARM MPS3 with AN536 FPGA image for Cortex-R52";
279
+ mc->default_cpus = 2;
280
+ mc->min_cpus = mc->default_cpus;
281
+ mc->max_cpus = mc->default_cpus;
282
+ mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-r52");
283
+ mc->valid_cpu_types = valid_cpu_types;
284
+ mmc->raminfo = an536_raminfo;
285
+ mps3r_set_default_ram_info(mmc);
286
+}
287
+
288
+static const TypeInfo mps3r_machine_types[] = {
289
+ {
290
+ .name = TYPE_MPS3R_MACHINE,
291
+ .parent = TYPE_MACHINE,
292
+ .abstract = true,
293
+ .instance_size = sizeof(MPS3RMachineState),
294
+ .class_size = sizeof(MPS3RMachineClass),
295
+ .class_init = mps3r_class_init,
296
+ }, {
297
+ .name = TYPE_MPS3R_AN536_MACHINE,
298
+ .parent = TYPE_MPS3R_MACHINE,
299
+ .class_init = mps3r_an536_class_init,
300
+ },
301
+};
302
+
303
+DEFINE_TYPES(mps3r_machine_types);
304
diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
262
index XXXXXXX..XXXXXXX 100644
305
index XXXXXXX..XXXXXXX 100644
263
--- a/tests/tcg/aarch64/Makefile.target
306
--- a/hw/arm/Kconfig
264
+++ b/tests/tcg/aarch64/Makefile.target
307
+++ b/hw/arm/Kconfig
265
@@ -XXX,XX +XXX,XX @@ run-pauth-%: QEMU_OPTS += -cpu max
308
@@ -XXX,XX +XXX,XX @@ config MAINSTONE
266
run-plugin-pauth-%: QEMU_OPTS += -cpu max
309
select PFLASH_CFI01
267
endif
310
select SMC91C111
268
311
269
+# BTI Tests
312
+config MPS3R
270
+# bti-1 tests the elf notes, so we require special compiler support.
313
+ bool
271
+ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_ARMV8_BTI),)
314
+ default y
272
+AARCH64_TESTS += bti-1
315
+ depends on TCG && ARM
273
+bti-1: CFLAGS += -mbranch-protection=standard
316
+
274
+bti-1: LDFLAGS += -nostdlib
317
config MUSCA
275
+endif
318
bool
276
+# bti-2 tests PROT_BTI, so no special compiler support required.
319
default y
277
+AARCH64_TESTS += bti-2
320
diff --git a/hw/arm/meson.build b/hw/arm/meson.build
278
+
321
index XXXXXXX..XXXXXXX 100644
279
# Semihosting smoke test for linux-user
322
--- a/hw/arm/meson.build
280
AARCH64_TESTS += semihosting
323
+++ b/hw/arm/meson.build
281
run-semihosting: semihosting
324
@@ -XXX,XX +XXX,XX @@ arm_ss.add(when: 'CONFIG_HIGHBANK', if_true: files('highbank.c'))
282
diff --git a/tests/tcg/configure.sh b/tests/tcg/configure.sh
325
arm_ss.add(when: 'CONFIG_INTEGRATOR', if_true: files('integratorcp.c'))
283
index XXXXXXX..XXXXXXX 100755
326
arm_ss.add(when: 'CONFIG_MAINSTONE', if_true: files('mainstone.c'))
284
--- a/tests/tcg/configure.sh
327
arm_ss.add(when: 'CONFIG_MICROBIT', if_true: files('microbit.c'))
285
+++ b/tests/tcg/configure.sh
328
+arm_ss.add(when: 'CONFIG_MPS3R', if_true: files('mps3r.c'))
286
@@ -XXX,XX +XXX,XX @@ for target in $target_list; do
329
arm_ss.add(when: 'CONFIG_MUSICPAL', if_true: files('musicpal.c'))
287
-march=armv8.3-a -o $TMPE $TMPC; then
330
arm_ss.add(when: 'CONFIG_NETDUINOPLUS2', if_true: files('netduinoplus2.c'))
288
echo "CROSS_CC_HAS_ARMV8_3=y" >> $config_target_mak
331
arm_ss.add(when: 'CONFIG_OLIMEX_STM32_H405', if_true: files('olimex-stm32-h405.c'))
289
fi
290
+ if do_compiler "$target_compiler" $target_compiler_cflags \
291
+ -mbranch-protection=standard -o $TMPE $TMPC; then
292
+ echo "CROSS_CC_HAS_ARMV8_BTI=y" >> $config_target_mak
293
+ fi
294
;;
295
esac
296
297
--
332
--
298
2.20.1
333
2.34.1
299
334
300
335
diff view generated by jsdifflib
1
v8.1M implements a new 'branch future' feature, which is a
1
Create the CPUs, the GIC, and the per-CPU RAM block for
2
set of instructions that request the CPU to perform a branch
2
the mps3-an536 board.
3
"in the future", when it reaches a particular execution address.
4
In hardware, the expected implementation is that the information
5
about the branch location and destination is cached and then
6
acted upon when execution reaches the specified address.
7
However the architecture permits an implementation to discard
8
this cached information at any point, and so guest code must
9
always include a normal branch insn at the branch point as
10
a fallback. In particular, an implementation is specifically
11
permitted to treat all BF insns as NOPs (which is equivalent
12
to discarding the cached information immediately).
13
3
14
For QEMU, implementing this caching of branch information
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
would be complicated and would not improve the speed of
5
Message-id: 20240206132931.38376-10-peter.maydell@linaro.org
16
execution at all, so we make the IMPDEF choice to implement
6
---
17
all BF insns as NOPs.
7
hw/arm/mps3r.c | 180 ++++++++++++++++++++++++++++++++++++++++++++++++-
8
1 file changed, 177 insertions(+), 3 deletions(-)
18
9
19
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
diff --git a/hw/arm/mps3r.c b/hw/arm/mps3r.c
20
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
21
Message-id: 20201019151301.2046-7-peter.maydell@linaro.org
22
---
23
target/arm/cpu.h | 6 ++++++
24
target/arm/t32.decode | 13 ++++++++++++-
25
target/arm/translate.c | 20 ++++++++++++++++++++
26
3 files changed, 38 insertions(+), 1 deletion(-)
27
28
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
29
index XXXXXXX..XXXXXXX 100644
11
index XXXXXXX..XXXXXXX 100644
30
--- a/target/arm/cpu.h
12
--- a/hw/arm/mps3r.c
31
+++ b/target/arm/cpu.h
13
+++ b/hw/arm/mps3r.c
32
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa32_arm_div(const ARMISARegisters *id)
14
@@ -XXX,XX +XXX,XX @@
33
return FIELD_EX32(id->id_isar0, ID_ISAR0, DIVIDE) > 1;
15
#include "qemu/osdep.h"
16
#include "qemu/units.h"
17
#include "qapi/error.h"
18
+#include "qapi/qmp/qlist.h"
19
#include "exec/address-spaces.h"
20
#include "cpu.h"
21
#include "hw/boards.h"
22
+#include "hw/qdev-properties.h"
23
#include "hw/arm/boot.h"
24
+#include "hw/arm/bsa.h"
25
+#include "hw/intc/arm_gicv3.h"
26
27
/* Define the layout of RAM and ROM in a board */
28
typedef struct RAMInfo {
29
@@ -XXX,XX +XXX,XX @@ typedef struct RAMInfo {
30
#define IS_ROM 2
31
32
#define MPS3R_RAM_MAX 9
33
+#define MPS3R_CPU_MAX 2
34
+
35
+#define PERIPHBASE 0xf0000000
36
+#define NUM_SPIS 96
37
38
typedef enum MPS3RFPGAType {
39
FPGA_AN536,
40
@@ -XXX,XX +XXX,XX @@ struct MPS3RMachineClass {
41
MachineClass parent;
42
MPS3RFPGAType fpga_type;
43
const RAMInfo *raminfo;
44
+ hwaddr loader_start;
45
};
46
47
struct MPS3RMachineState {
48
MachineState parent;
49
+ struct arm_boot_info bootinfo;
50
MemoryRegion ram[MPS3R_RAM_MAX];
51
+ Object *cpu[MPS3R_CPU_MAX];
52
+ MemoryRegion cpu_sysmem[MPS3R_CPU_MAX];
53
+ MemoryRegion sysmem_alias[MPS3R_CPU_MAX];
54
+ MemoryRegion cpu_ram[MPS3R_CPU_MAX];
55
+ GICv3State gic;
56
};
57
58
#define TYPE_MPS3R_MACHINE "mps3r"
59
@@ -XXX,XX +XXX,XX @@ static MemoryRegion *mr_for_raminfo(MPS3RMachineState *mms,
60
return ram;
34
}
61
}
35
62
36
+static inline bool isar_feature_aa32_lob(const ARMISARegisters *id)
63
+/*
37
+{
64
+ * There is no defined secondary boot protocol for Linux for the AN536,
38
+ /* (M-profile) low-overhead loops and branch future */
65
+ * because real hardware has a restriction that atomic operations between
39
+ return FIELD_EX32(id->id_isar0, ID_ISAR0, CMPBRANCH) >= 3;
66
+ * the two CPUs do not function correctly, and so true SMP is not
40
+}
67
+ * possible. Therefore for cases where the user is directly booting
41
+
68
+ * a kernel, we treat the system as essentially uniprocessor, and
42
static inline bool isar_feature_aa32_jazelle(const ARMISARegisters *id)
69
+ * put the secondary CPU into power-off state (as if the user on the
43
{
70
+ * real hardware had configured the secondary to be halted via the
44
return FIELD_EX32(id->id_isar1, ID_ISAR1, JAZELLE) != 0;
71
+ * SCC config registers).
45
diff --git a/target/arm/t32.decode b/target/arm/t32.decode
72
+ *
46
index XXXXXXX..XXXXXXX 100644
73
+ * Note that the default secondary boot code would not work here anyway
47
--- a/target/arm/t32.decode
74
+ * as it assumes a GICv2, and we have a GICv3.
48
+++ b/target/arm/t32.decode
75
+ */
49
@@ -XXX,XX +XXX,XX @@ MRC 1110 1110 ... 1 .... .... .... ... 1 .... @mcr
76
+static void mps3r_write_secondary_boot(ARMCPU *cpu,
50
77
+ const struct arm_boot_info *info)
51
B 1111 0. .......... 10.1 ............ @branch24
52
BL 1111 0. .......... 11.1 ............ @branch24
53
-BLX_i 1111 0. .......... 11.0 ............ @branch24
54
+{
55
+ # BLX_i is non-M-profile only
56
+ BLX_i 1111 0. .......... 11.0 ............ @branch24
57
+ # M-profile only: loop and branch insns
58
+ [
59
+ # All these BF insns have boff != 0b0000; we NOP them all
60
+ BF 1111 0 boff:4 ------- 1100 - ---------- 1 # BFL
61
+ BF 1111 0 boff:4 0 ------ 1110 - ---------- 1 # BFCSEL
62
+ BF 1111 0 boff:4 10 ----- 1110 - ---------- 1 # BF
63
+ BF 1111 0 boff:4 11 ----- 1110 0 0000000000 1 # BFX, BFLX
64
+ ]
65
+}
66
diff --git a/target/arm/translate.c b/target/arm/translate.c
67
index XXXXXXX..XXXXXXX 100644
68
--- a/target/arm/translate.c
69
+++ b/target/arm/translate.c
70
@@ -XXX,XX +XXX,XX @@ static bool trans_BLX_suffix(DisasContext *s, arg_BLX_suffix *a)
71
return true;
72
}
73
74
+static bool trans_BF(DisasContext *s, arg_BF *a)
75
+{
78
+{
76
+ /*
79
+ /*
77
+ * M-profile branch future insns. The architecture permits an
80
+ * Power the secondary CPU off. This means we don't need to write any
78
+ * implementation to implement these as NOPs (equivalent to
81
+ * boot code into guest memory. Note that the 'cpu' argument to this
79
+ * discarding the LO_BRANCH_INFO cache immediately), and we
82
+ * function is the primary CPU we passed to arm_load_kernel(), not
80
+ * take that IMPDEF option because for QEMU a "real" implementation
83
+ * the secondary. Loop around all the other CPUs, as the boot.c
81
+ * would be complicated and wouldn't execute any faster.
84
+ * code does for the "disable secondaries if PSCI is enabled" case.
82
+ */
85
+ */
83
+ if (!dc_isar_feature(aa32_lob, s)) {
86
+ for (CPUState *cs = first_cpu; cs; cs = CPU_NEXT(cs)) {
84
+ return false;
87
+ if (cs != first_cpu) {
88
+ object_property_set_bool(OBJECT(cs), "start-powered-off", true,
89
+ &error_abort);
90
+ }
85
+ }
91
+ }
86
+ if (a->boff == 0) {
92
+}
87
+ /* SEE "Related encodings" (loop insns) */
93
+
88
+ return false;
94
+static void mps3r_secondary_cpu_reset(ARMCPU *cpu,
95
+ const struct arm_boot_info *info)
96
+{
97
+ /* We don't need to do anything here because the CPU will be off */
98
+}
99
+
100
+static void create_gic(MPS3RMachineState *mms, MemoryRegion *sysmem)
101
+{
102
+ MachineState *machine = MACHINE(mms);
103
+ DeviceState *gicdev;
104
+ QList *redist_region_count;
105
+
106
+ object_initialize_child(OBJECT(mms), "gic", &mms->gic, TYPE_ARM_GICV3);
107
+ gicdev = DEVICE(&mms->gic);
108
+ qdev_prop_set_uint32(gicdev, "num-cpu", machine->smp.cpus);
109
+ qdev_prop_set_uint32(gicdev, "num-irq", NUM_SPIS + GIC_INTERNAL);
110
+ redist_region_count = qlist_new();
111
+ qlist_append_int(redist_region_count, machine->smp.cpus);
112
+ qdev_prop_set_array(gicdev, "redist-region-count", redist_region_count);
113
+ object_property_set_link(OBJECT(&mms->gic), "sysmem",
114
+ OBJECT(sysmem), &error_fatal);
115
+ sysbus_realize(SYS_BUS_DEVICE(&mms->gic), &error_fatal);
116
+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->gic), 0, PERIPHBASE);
117
+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->gic), 1, PERIPHBASE + 0x100000);
118
+ /*
119
+ * Wire the outputs from each CPU's generic timer and the GICv3
120
+ * maintenance interrupt signal to the appropriate GIC PPI inputs,
121
+ * and the GIC's IRQ/FIQ/VIRQ/VFIQ interrupt outputs to the CPU's inputs.
122
+ */
123
+ for (int i = 0; i < machine->smp.cpus; i++) {
124
+ DeviceState *cpudev = DEVICE(mms->cpu[i]);
125
+ SysBusDevice *gicsbd = SYS_BUS_DEVICE(&mms->gic);
126
+ int intidbase = NUM_SPIS + i * GIC_INTERNAL;
127
+ int irq;
128
+ /*
129
+ * Mapping from the output timer irq lines from the CPU to the
130
+ * GIC PPI inputs used for this board. This isn't a BSA board,
131
+ * but it uses the standard convention for the PPI numbers.
132
+ */
133
+ const int timer_irq[] = {
134
+ [GTIMER_PHYS] = ARCH_TIMER_NS_EL1_IRQ,
135
+ [GTIMER_VIRT] = ARCH_TIMER_VIRT_IRQ,
136
+ [GTIMER_HYP] = ARCH_TIMER_NS_EL2_IRQ,
137
+ };
138
+
139
+ for (irq = 0; irq < ARRAY_SIZE(timer_irq); irq++) {
140
+ qdev_connect_gpio_out(cpudev, irq,
141
+ qdev_get_gpio_in(gicdev,
142
+ intidbase + timer_irq[irq]));
143
+ }
144
+
145
+ qdev_connect_gpio_out_named(cpudev, "gicv3-maintenance-interrupt", 0,
146
+ qdev_get_gpio_in(gicdev,
147
+ intidbase + ARCH_GIC_MAINT_IRQ));
148
+
149
+ qdev_connect_gpio_out_named(cpudev, "pmu-interrupt", 0,
150
+ qdev_get_gpio_in(gicdev,
151
+ intidbase + VIRTUAL_PMU_IRQ));
152
+
153
+ sysbus_connect_irq(gicsbd, i,
154
+ qdev_get_gpio_in(cpudev, ARM_CPU_IRQ));
155
+ sysbus_connect_irq(gicsbd, i + machine->smp.cpus,
156
+ qdev_get_gpio_in(cpudev, ARM_CPU_FIQ));
157
+ sysbus_connect_irq(gicsbd, i + 2 * machine->smp.cpus,
158
+ qdev_get_gpio_in(cpudev, ARM_CPU_VIRQ));
159
+ sysbus_connect_irq(gicsbd, i + 3 * machine->smp.cpus,
160
+ qdev_get_gpio_in(cpudev, ARM_CPU_VFIQ));
89
+ }
161
+ }
90
+ /* Handle as NOP */
91
+ return true;
92
+}
162
+}
93
+
163
+
94
static bool op_tbranch(DisasContext *s, arg_tbranch *a, bool half)
164
static void mps3r_common_init(MachineState *machine)
95
{
165
{
96
TCGv_i32 addr, tmp;
166
MPS3RMachineState *mms = MPS3R_MACHINE(machine);
167
@@ -XXX,XX +XXX,XX @@ static void mps3r_common_init(MachineState *machine)
168
MemoryRegion *mr = mr_for_raminfo(mms, ri);
169
memory_region_add_subregion(sysmem, ri->base, mr);
170
}
171
+
172
+ assert(machine->smp.cpus <= MPS3R_CPU_MAX);
173
+ for (int i = 0; i < machine->smp.cpus; i++) {
174
+ g_autofree char *sysmem_name = g_strdup_printf("cpu-%d-memory", i);
175
+ g_autofree char *ramname = g_strdup_printf("cpu-%d-memory", i);
176
+ g_autofree char *alias_name = g_strdup_printf("sysmem-alias-%d", i);
177
+
178
+ /*
179
+ * Each CPU has some private RAM/peripherals, so create the container
180
+ * which will house those, with the whole-machine system memory being
181
+ * used where there's no CPU-specific device. Note that we need the
182
+ * sysmem_alias aliases because we can't put one MR (the original
183
+ * 'sysmem') into more than one other MR.
184
+ */
185
+ memory_region_init(&mms->cpu_sysmem[i], OBJECT(machine),
186
+ sysmem_name, UINT64_MAX);
187
+ memory_region_init_alias(&mms->sysmem_alias[i], OBJECT(machine),
188
+ alias_name, sysmem, 0, UINT64_MAX);
189
+ memory_region_add_subregion_overlap(&mms->cpu_sysmem[i], 0,
190
+ &mms->sysmem_alias[i], -1);
191
+
192
+ mms->cpu[i] = object_new(machine->cpu_type);
193
+ object_property_set_link(mms->cpu[i], "memory",
194
+ OBJECT(&mms->cpu_sysmem[i]), &error_abort);
195
+ object_property_set_int(mms->cpu[i], "reset-cbar",
196
+ PERIPHBASE, &error_abort);
197
+ qdev_realize(DEVICE(mms->cpu[i]), NULL, &error_fatal);
198
+ object_unref(mms->cpu[i]);
199
+
200
+ /* Per-CPU RAM */
201
+ memory_region_init_ram(&mms->cpu_ram[i], NULL, ramname,
202
+ 0x1000, &error_fatal);
203
+ memory_region_add_subregion(&mms->cpu_sysmem[i], 0xe7c01000,
204
+ &mms->cpu_ram[i]);
205
+ }
206
+
207
+ create_gic(mms, sysmem);
208
+
209
+ mms->bootinfo.ram_size = machine->ram_size;
210
+ mms->bootinfo.board_id = -1;
211
+ mms->bootinfo.loader_start = mmc->loader_start;
212
+ mms->bootinfo.write_secondary_boot = mps3r_write_secondary_boot;
213
+ mms->bootinfo.secondary_cpu_reset_hook = mps3r_secondary_cpu_reset;
214
+ arm_load_kernel(ARM_CPU(mms->cpu[0]), machine, &mms->bootinfo);
215
}
216
217
static void mps3r_set_default_ram_info(MPS3RMachineClass *mmc)
218
@@ -XXX,XX +XXX,XX @@ static void mps3r_set_default_ram_info(MPS3RMachineClass *mmc)
219
/* Found the entry for "system memory" */
220
mc->default_ram_size = p->size;
221
mc->default_ram_id = p->name;
222
+ mmc->loader_start = p->base;
223
return;
224
}
225
}
226
@@ -XXX,XX +XXX,XX @@ static void mps3r_an536_class_init(ObjectClass *oc, void *data)
227
};
228
229
mc->desc = "ARM MPS3 with AN536 FPGA image for Cortex-R52";
230
- mc->default_cpus = 2;
231
- mc->min_cpus = mc->default_cpus;
232
- mc->max_cpus = mc->default_cpus;
233
+ /*
234
+ * In the real FPGA image there are always two cores, but the standard
235
+ * initial setting for the SCC SYSCON 0x000 register is 0x21, meaning
236
+ * that the second core is held in reset and halted. Many images built for
237
+ * the board do not expect the second core to run at startup (especially
238
+ * since on the real FPGA image it is not possible to use LDREX/STREX
239
+ * in RAM between the two cores, so a true SMP setup isn't supported).
240
+ *
241
+ * As QEMU's equivalent of this, we support both -smp 1 and -smp 2,
242
+ * with the default being -smp 1. This seems a more intuitive UI for
243
+ * QEMU users than, for instance, having a machine property to allow
244
+ * the user to set the initial value of the SYSCON 0x000 register.
245
+ */
246
+ mc->default_cpus = 1;
247
+ mc->min_cpus = 1;
248
+ mc->max_cpus = 2;
249
mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-r52");
250
mc->valid_cpu_types = valid_cpu_types;
251
mmc->raminfo = an536_raminfo;
97
--
252
--
98
2.20.1
253
2.34.1
99
100
diff view generated by jsdifflib
1
v8.1M's "low-overhead-loop" extension has three instructions
1
This board has a lot of UARTs: there is one UART per CPU in the
2
for looping:
2
per-CPU peripheral part of the address map, whose interrupts are
3
* DLS (start of a do-loop)
3
connected as per-CPU interrupt lines. Then there are 4 UARTs in the
4
* WLS (start of a while-loop)
4
normal part of the peripheral space, whose interrupts are shared
5
* LE (end of a loop)
5
peripheral interrupts.
6
6
7
The loop-start instructions are both simple operations to start a
7
Connect and wire them all up; this involves some OR gates where
8
loop whose iteration count (if any) is in LR. The loop-end
8
multiple overflow interrupts are wired into one GIC input.
9
instruction handles "decrement iteration count and jump back to loop
10
start"; it also caches the information about the branch back to the
11
start of the loop to improve performance of the branch on subsequent
12
iterations.
13
14
As with the branch-future instructions, the architecture permits an
15
implementation to discard the LO_BRANCH_INFO cache at any time, and
16
QEMU takes the IMPDEF option to never set it in the first place
17
(equivalent to discarding it immediately), because for us a "real"
18
implementation would be unnecessary complexity.
19
20
(This implementation only provides the simple looping constructs; the
21
vector extension MVE (Helium) adds some extra variants to handle
22
looping across vectors. We'll add those later when we implement
23
MVE.)
24
9
25
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
26
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
11
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
27
Message-id: 20201019151301.2046-8-peter.maydell@linaro.org
12
Message-id: 20240206132931.38376-11-peter.maydell@linaro.org
28
---
13
---
29
target/arm/t32.decode | 8 ++++
14
hw/arm/mps3r.c | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++
30
target/arm/translate.c | 93 +++++++++++++++++++++++++++++++++++++++++-
15
1 file changed, 94 insertions(+)
31
2 files changed, 99 insertions(+), 2 deletions(-)
32
16
33
diff --git a/target/arm/t32.decode b/target/arm/t32.decode
17
diff --git a/hw/arm/mps3r.c b/hw/arm/mps3r.c
34
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
35
--- a/target/arm/t32.decode
19
--- a/hw/arm/mps3r.c
36
+++ b/target/arm/t32.decode
20
+++ b/hw/arm/mps3r.c
37
@@ -XXX,XX +XXX,XX @@ BL 1111 0. .......... 11.1 ............ @branch24
21
@@ -XXX,XX +XXX,XX @@
38
BF 1111 0 boff:4 10 ----- 1110 - ---------- 1 # BF
22
#include "qapi/qmp/qlist.h"
39
BF 1111 0 boff:4 11 ----- 1110 0 0000000000 1 # BFX, BFLX
23
#include "exec/address-spaces.h"
40
]
24
#include "cpu.h"
41
+ [
25
+#include "sysemu/sysemu.h"
42
+ # LE and WLS immediate
26
#include "hw/boards.h"
43
+ %lob_imm 1:10 11:1 !function=times_2
27
+#include "hw/or-irq.h"
28
#include "hw/qdev-properties.h"
29
#include "hw/arm/boot.h"
30
#include "hw/arm/bsa.h"
31
+#include "hw/char/cmsdk-apb-uart.h"
32
#include "hw/intc/arm_gicv3.h"
33
34
/* Define the layout of RAM and ROM in a board */
35
@@ -XXX,XX +XXX,XX @@ typedef struct RAMInfo {
36
37
#define MPS3R_RAM_MAX 9
38
#define MPS3R_CPU_MAX 2
39
+#define MPS3R_UART_MAX 4 /* shared UART count */
40
41
#define PERIPHBASE 0xf0000000
42
#define NUM_SPIS 96
43
@@ -XXX,XX +XXX,XX @@ struct MPS3RMachineState {
44
MemoryRegion sysmem_alias[MPS3R_CPU_MAX];
45
MemoryRegion cpu_ram[MPS3R_CPU_MAX];
46
GICv3State gic;
47
+ /* per-CPU UARTs followed by the shared UARTs */
48
+ CMSDKAPBUART uart[MPS3R_CPU_MAX + MPS3R_UART_MAX];
49
+ OrIRQState cpu_uart_oflow[MPS3R_CPU_MAX];
50
+ OrIRQState uart_oflow;
51
};
52
53
#define TYPE_MPS3R_MACHINE "mps3r"
54
@@ -XXX,XX +XXX,XX @@ struct MPS3RMachineState {
55
56
OBJECT_DECLARE_TYPE(MPS3RMachineState, MPS3RMachineClass, MPS3R_MACHINE)
57
58
+/*
59
+ * Main clock frequency CLK in Hz (50MHz). In the image there are also
60
+ * ACLK, MCLK, GPUCLK and PERIPHCLK at the same frequency; for our
61
+ * model we just roll them all into one.
62
+ */
63
+#define CLK_FRQ 50000000
44
+
64
+
45
+ DLS 1111 0 0000 100 rn:4 1110 0000 0000 0001
65
static const RAMInfo an536_raminfo[] = {
46
+ WLS 1111 0 0000 100 rn:4 1100 . .......... 1 imm=%lob_imm
66
{
47
+ LE 1111 0 0000 0 f:1 0 1111 1100 . .......... 1 imm=%lob_imm
67
.name = "ATCM",
48
+ ]
68
@@ -XXX,XX +XXX,XX @@ static void create_gic(MPS3RMachineState *mms, MemoryRegion *sysmem)
49
}
50
diff --git a/target/arm/translate.c b/target/arm/translate.c
51
index XXXXXXX..XXXXXXX 100644
52
--- a/target/arm/translate.c
53
+++ b/target/arm/translate.c
54
@@ -XXX,XX +XXX,XX @@ static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
55
s->base.is_jmp = DISAS_NORETURN;
56
}
57
58
-static inline void gen_jmp (DisasContext *s, uint32_t dest)
59
+/* Jump, specifying which TB number to use if we gen_goto_tb() */
60
+static inline void gen_jmp_tb(DisasContext *s, uint32_t dest, int tbno)
61
{
62
if (unlikely(is_singlestepping(s))) {
63
/* An indirect jump so that we still trigger the debug exception. */
64
gen_set_pc_im(s, dest);
65
s->base.is_jmp = DISAS_JUMP;
66
} else {
67
- gen_goto_tb(s, 0, dest);
68
+ gen_goto_tb(s, tbno, dest);
69
}
69
}
70
}
70
}
71
71
72
+static inline void gen_jmp(DisasContext *s, uint32_t dest)
72
+/*
73
+ * Create UART uartno, and map it into the MemoryRegion mem at address baseaddr.
74
+ * The qemu_irq arguments are where we connect the various IRQs from the UART.
75
+ */
76
+static void create_uart(MPS3RMachineState *mms, int uartno, MemoryRegion *mem,
77
+ hwaddr baseaddr, qemu_irq txirq, qemu_irq rxirq,
78
+ qemu_irq txoverirq, qemu_irq rxoverirq,
79
+ qemu_irq combirq)
73
+{
80
+{
74
+ gen_jmp_tb(s, dest, 0);
81
+ g_autofree char *s = g_strdup_printf("uart%d", uartno);
82
+ SysBusDevice *sbd;
83
+
84
+ assert(uartno < ARRAY_SIZE(mms->uart));
85
+ object_initialize_child(OBJECT(mms), s, &mms->uart[uartno],
86
+ TYPE_CMSDK_APB_UART);
87
+ qdev_prop_set_uint32(DEVICE(&mms->uart[uartno]), "pclk-frq", CLK_FRQ);
88
+ qdev_prop_set_chr(DEVICE(&mms->uart[uartno]), "chardev", serial_hd(uartno));
89
+ sbd = SYS_BUS_DEVICE(&mms->uart[uartno]);
90
+ sysbus_realize(sbd, &error_fatal);
91
+ memory_region_add_subregion(mem, baseaddr,
92
+ sysbus_mmio_get_region(sbd, 0));
93
+ sysbus_connect_irq(sbd, 0, txirq);
94
+ sysbus_connect_irq(sbd, 1, rxirq);
95
+ sysbus_connect_irq(sbd, 2, txoverirq);
96
+ sysbus_connect_irq(sbd, 3, rxoverirq);
97
+ sysbus_connect_irq(sbd, 4, combirq);
75
+}
98
+}
76
+
99
+
77
static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y)
100
static void mps3r_common_init(MachineState *machine)
78
{
101
{
79
if (x)
102
MPS3RMachineState *mms = MPS3R_MACHINE(machine);
80
@@ -XXX,XX +XXX,XX @@ static bool trans_BF(DisasContext *s, arg_BF *a)
103
MPS3RMachineClass *mmc = MPS3R_MACHINE_GET_CLASS(mms);
81
return true;
104
MemoryRegion *sysmem = get_system_memory();
82
}
105
+ DeviceState *gicdev;
83
106
84
+static bool trans_DLS(DisasContext *s, arg_DLS *a)
107
for (const RAMInfo *ri = mmc->raminfo; ri->name; ri++) {
85
+{
108
MemoryRegion *mr = mr_for_raminfo(mms, ri);
86
+ /* M-profile low-overhead loop start */
109
@@ -XXX,XX +XXX,XX @@ static void mps3r_common_init(MachineState *machine)
87
+ TCGv_i32 tmp;
110
}
111
112
create_gic(mms, sysmem);
113
+ gicdev = DEVICE(&mms->gic);
88
+
114
+
89
+ if (!dc_isar_feature(aa32_lob, s)) {
115
+ /*
90
+ return false;
116
+ * UARTs 0 and 1 are per-CPU; their interrupts are wired to
117
+ * the relevant CPU's PPI 0..3, aka INTID 16..19
118
+ */
119
+ for (int i = 0; i < machine->smp.cpus; i++) {
120
+ int intidbase = NUM_SPIS + i * GIC_INTERNAL;
121
+ g_autofree char *s = g_strdup_printf("cpu-uart-oflow-orgate%d", i);
122
+ DeviceState *orgate;
123
+
124
+ /* The two overflow IRQs from the UART are ORed together into PPI 3 */
125
+ object_initialize_child(OBJECT(mms), s, &mms->cpu_uart_oflow[i],
126
+ TYPE_OR_IRQ);
127
+ orgate = DEVICE(&mms->cpu_uart_oflow[i]);
128
+ qdev_prop_set_uint32(orgate, "num-lines", 2);
129
+ qdev_realize(orgate, NULL, &error_fatal);
130
+ qdev_connect_gpio_out(orgate, 0,
131
+ qdev_get_gpio_in(gicdev, intidbase + 19));
132
+
133
+ create_uart(mms, i, &mms->cpu_sysmem[i], 0xe7c00000,
134
+ qdev_get_gpio_in(gicdev, intidbase + 17), /* tx */
135
+ qdev_get_gpio_in(gicdev, intidbase + 16), /* rx */
136
+ qdev_get_gpio_in(orgate, 0), /* txover */
137
+ qdev_get_gpio_in(orgate, 1), /* rxover */
138
+ qdev_get_gpio_in(gicdev, intidbase + 18) /* combined */);
91
+ }
139
+ }
92
+ if (a->rn == 13 || a->rn == 15) {
140
+ /*
93
+ /* CONSTRAINED UNPREDICTABLE: we choose to UNDEF */
141
+ * UARTs 2 to 5 are whole-system; all overflow IRQs are ORed
94
+ return false;
142
+ * together into IRQ 17
143
+ */
144
+ object_initialize_child(OBJECT(mms), "uart-oflow-orgate",
145
+ &mms->uart_oflow, TYPE_OR_IRQ);
146
+ qdev_prop_set_uint32(DEVICE(&mms->uart_oflow), "num-lines",
147
+ MPS3R_UART_MAX * 2);
148
+ qdev_realize(DEVICE(&mms->uart_oflow), NULL, &error_fatal);
149
+ qdev_connect_gpio_out(DEVICE(&mms->uart_oflow), 0,
150
+ qdev_get_gpio_in(gicdev, 17));
151
+
152
+ for (int i = 0; i < MPS3R_UART_MAX; i++) {
153
+ hwaddr baseaddr = 0xe0205000 + i * 0x1000;
154
+ int rxirq = 5 + i * 2, txirq = 6 + i * 2, combirq = 13 + i;
155
+
156
+ create_uart(mms, i + MPS3R_CPU_MAX, sysmem, baseaddr,
157
+ qdev_get_gpio_in(gicdev, txirq),
158
+ qdev_get_gpio_in(gicdev, rxirq),
159
+ qdev_get_gpio_in(DEVICE(&mms->uart_oflow), i * 2),
160
+ qdev_get_gpio_in(DEVICE(&mms->uart_oflow), i * 2 + 1),
161
+ qdev_get_gpio_in(gicdev, combirq));
95
+ }
162
+ }
96
+
163
97
+ /* Not a while loop, no tail predication: just set LR to the count */
164
mms->bootinfo.ram_size = machine->ram_size;
98
+ tmp = load_reg(s, a->rn);
165
mms->bootinfo.board_id = -1;
99
+ store_reg(s, 14, tmp);
100
+ return true;
101
+}
102
+
103
+static bool trans_WLS(DisasContext *s, arg_WLS *a)
104
+{
105
+ /* M-profile low-overhead while-loop start */
106
+ TCGv_i32 tmp;
107
+ TCGLabel *nextlabel;
108
+
109
+ if (!dc_isar_feature(aa32_lob, s)) {
110
+ return false;
111
+ }
112
+ if (a->rn == 13 || a->rn == 15) {
113
+ /* CONSTRAINED UNPREDICTABLE: we choose to UNDEF */
114
+ return false;
115
+ }
116
+ if (s->condexec_mask) {
117
+ /*
118
+ * WLS in an IT block is CONSTRAINED UNPREDICTABLE;
119
+ * we choose to UNDEF, because otherwise our use of
120
+ * gen_goto_tb(1) would clash with the use of TB exit 1
121
+ * in the dc->condjmp condition-failed codepath in
122
+ * arm_tr_tb_stop() and we'd get an assertion.
123
+ */
124
+ return false;
125
+ }
126
+ nextlabel = gen_new_label();
127
+ tcg_gen_brcondi_i32(TCG_COND_EQ, cpu_R[a->rn], 0, nextlabel);
128
+ tmp = load_reg(s, a->rn);
129
+ store_reg(s, 14, tmp);
130
+ gen_jmp_tb(s, s->base.pc_next, 1);
131
+
132
+ gen_set_label(nextlabel);
133
+ gen_jmp(s, read_pc(s) + a->imm);
134
+ return true;
135
+}
136
+
137
+static bool trans_LE(DisasContext *s, arg_LE *a)
138
+{
139
+ /*
140
+ * M-profile low-overhead loop end. The architecture permits an
141
+ * implementation to discard the LO_BRANCH_INFO cache at any time,
142
+ * and we take the IMPDEF option to never set it in the first place
143
+ * (equivalent to always discarding it immediately), because for QEMU
144
+ * a "real" implementation would be complicated and wouldn't execute
145
+ * any faster.
146
+ */
147
+ TCGv_i32 tmp;
148
+
149
+ if (!dc_isar_feature(aa32_lob, s)) {
150
+ return false;
151
+ }
152
+
153
+ if (!a->f) {
154
+ /* Not loop-forever. If LR <= 1 this is the last loop: do nothing. */
155
+ arm_gen_condlabel(s);
156
+ tcg_gen_brcondi_i32(TCG_COND_LEU, cpu_R[14], 1, s->condlabel);
157
+ /* Decrement LR */
158
+ tmp = load_reg(s, 14);
159
+ tcg_gen_addi_i32(tmp, tmp, -1);
160
+ store_reg(s, 14, tmp);
161
+ }
162
+ /* Jump back to the loop start */
163
+ gen_jmp(s, read_pc(s) - a->imm);
164
+ return true;
165
+}
166
+
167
static bool op_tbranch(DisasContext *s, arg_tbranch *a, bool half)
168
{
169
TCGv_i32 addr, tmp;
170
--
166
--
171
2.20.1
167
2.34.1
172
168
173
169
diff view generated by jsdifflib
1
v8.1M brings four new insns to M-profile:
1
Add the GPIO, watchdog, dual-timer and I2C devices to the mps3-an536
2
* CSEL : Rd = cond ? Rn : Rm
2
board. These are all simple devices that just need to be created and
3
* CSINC : Rd = cond ? Rn : Rm+1
3
wired up.
4
* CSINV : Rd = cond ? Rn : ~Rm
5
* CSNEG : Rd = cond ? Rn : -Rm
6
4
7
Implement these.
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
7
Message-id: 20240206132931.38376-12-peter.maydell@linaro.org
8
---
9
hw/arm/mps3r.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++
10
1 file changed, 59 insertions(+)
8
11
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
12
diff --git a/hw/arm/mps3r.c b/hw/arm/mps3r.c
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Message-id: 20201019151301.2046-4-peter.maydell@linaro.org
12
---
13
target/arm/t32.decode | 3 +++
14
target/arm/translate.c | 60 ++++++++++++++++++++++++++++++++++++++++++
15
2 files changed, 63 insertions(+)
16
17
diff --git a/target/arm/t32.decode b/target/arm/t32.decode
18
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/t32.decode
14
--- a/hw/arm/mps3r.c
20
+++ b/target/arm/t32.decode
15
+++ b/hw/arm/mps3r.c
21
@@ -XXX,XX +XXX,XX @@ SBC_rrri 1110101 1011 . .... 0 ... .... .... .... @s_rrr_shi
16
@@ -XXX,XX +XXX,XX @@
22
}
17
#include "sysemu/sysemu.h"
23
RSB_rrri 1110101 1110 . .... 0 ... .... .... .... @s_rrr_shi
18
#include "hw/boards.h"
24
19
#include "hw/or-irq.h"
25
+# v8.1M CSEL and friends
20
+#include "hw/qdev-clock.h"
26
+CSEL 1110101 0010 1 rn:4 10 op:2 rd:4 fcond:4 rm:4
21
#include "hw/qdev-properties.h"
22
#include "hw/arm/boot.h"
23
#include "hw/arm/bsa.h"
24
#include "hw/char/cmsdk-apb-uart.h"
25
+#include "hw/i2c/arm_sbcon_i2c.h"
26
#include "hw/intc/arm_gicv3.h"
27
+#include "hw/misc/unimp.h"
28
+#include "hw/timer/cmsdk-apb-dualtimer.h"
29
+#include "hw/watchdog/cmsdk-apb-watchdog.h"
30
31
/* Define the layout of RAM and ROM in a board */
32
typedef struct RAMInfo {
33
@@ -XXX,XX +XXX,XX @@ struct MPS3RMachineState {
34
CMSDKAPBUART uart[MPS3R_CPU_MAX + MPS3R_UART_MAX];
35
OrIRQState cpu_uart_oflow[MPS3R_CPU_MAX];
36
OrIRQState uart_oflow;
37
+ CMSDKAPBWatchdog watchdog;
38
+ CMSDKAPBDualTimer dualtimer;
39
+ ArmSbconI2CState i2c[5];
40
+ Clock *clk;
41
};
42
43
#define TYPE_MPS3R_MACHINE "mps3r"
44
@@ -XXX,XX +XXX,XX @@ static void mps3r_common_init(MachineState *machine)
45
MemoryRegion *sysmem = get_system_memory();
46
DeviceState *gicdev;
47
48
+ mms->clk = clock_new(OBJECT(machine), "CLK");
49
+ clock_set_hz(mms->clk, CLK_FRQ);
27
+
50
+
28
# Data-processing (register-shifted register)
51
for (const RAMInfo *ri = mmc->raminfo; ri->name; ri++) {
29
52
MemoryRegion *mr = mr_for_raminfo(mms, ri);
30
MOV_rxrr 1111 1010 0 shty:2 s:1 rm:4 1111 rd:4 0000 rs:4 \
53
memory_region_add_subregion(sysmem, ri->base, mr);
31
diff --git a/target/arm/translate.c b/target/arm/translate.c
54
@@ -XXX,XX +XXX,XX @@ static void mps3r_common_init(MachineState *machine)
32
index XXXXXXX..XXXXXXX 100644
55
qdev_get_gpio_in(gicdev, combirq));
33
--- a/target/arm/translate.c
56
}
34
+++ b/target/arm/translate.c
57
35
@@ -XXX,XX +XXX,XX @@ static bool trans_IT(DisasContext *s, arg_IT *a)
58
+ for (int i = 0; i < 4; i++) {
36
return true;
59
+ /* CMSDK GPIO controllers */
37
}
60
+ g_autofree char *s = g_strdup_printf("gpio%d", i);
38
61
+ create_unimplemented_device(s, 0xe0000000 + i * 0x1000, 0x1000);
39
+/* v8.1M CSEL/CSINC/CSNEG/CSINV */
40
+static bool trans_CSEL(DisasContext *s, arg_CSEL *a)
41
+{
42
+ TCGv_i32 rn, rm, zero;
43
+ DisasCompare c;
44
+
45
+ if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) {
46
+ return false;
47
+ }
62
+ }
48
+
63
+
49
+ if (a->rm == 13) {
64
+ object_initialize_child(OBJECT(mms), "watchdog", &mms->watchdog,
50
+ /* SEE "Related encodings" (MVE shifts) */
65
+ TYPE_CMSDK_APB_WATCHDOG);
51
+ return false;
66
+ qdev_connect_clock_in(DEVICE(&mms->watchdog), "WDOGCLK", mms->clk);
67
+ sysbus_realize(SYS_BUS_DEVICE(&mms->watchdog), &error_fatal);
68
+ sysbus_connect_irq(SYS_BUS_DEVICE(&mms->watchdog), 0,
69
+ qdev_get_gpio_in(gicdev, 0));
70
+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->watchdog), 0, 0xe0100000);
71
+
72
+ object_initialize_child(OBJECT(mms), "dualtimer", &mms->dualtimer,
73
+ TYPE_CMSDK_APB_DUALTIMER);
74
+ qdev_connect_clock_in(DEVICE(&mms->dualtimer), "TIMCLK", mms->clk);
75
+ sysbus_realize(SYS_BUS_DEVICE(&mms->dualtimer), &error_fatal);
76
+ sysbus_connect_irq(SYS_BUS_DEVICE(&mms->dualtimer), 0,
77
+ qdev_get_gpio_in(gicdev, 3));
78
+ sysbus_connect_irq(SYS_BUS_DEVICE(&mms->dualtimer), 1,
79
+ qdev_get_gpio_in(gicdev, 1));
80
+ sysbus_connect_irq(SYS_BUS_DEVICE(&mms->dualtimer), 2,
81
+ qdev_get_gpio_in(gicdev, 2));
82
+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->dualtimer), 0, 0xe0101000);
83
+
84
+ for (int i = 0; i < ARRAY_SIZE(mms->i2c); i++) {
85
+ static const hwaddr i2cbase[] = {0xe0102000, /* Touch */
86
+ 0xe0103000, /* Audio */
87
+ 0xe0107000, /* Shield0 */
88
+ 0xe0108000, /* Shield1 */
89
+ 0xe0109000}; /* DDR4 EEPROM */
90
+ g_autofree char *s = g_strdup_printf("i2c%d", i);
91
+
92
+ object_initialize_child(OBJECT(mms), s, &mms->i2c[i],
93
+ TYPE_ARM_SBCON_I2C);
94
+ sysbus_realize(SYS_BUS_DEVICE(&mms->i2c[i]), &error_fatal);
95
+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->i2c[i]), 0, i2cbase[i]);
96
+ if (i != 2 && i != 3) {
97
+ /*
98
+ * internal-only bus: mark it full to avoid user-created
99
+ * i2c devices being plugged into it.
100
+ */
101
+ qbus_mark_full(qdev_get_child_bus(DEVICE(&mms->i2c[i]), "i2c"));
102
+ }
52
+ }
103
+ }
53
+
104
+
54
+ if (a->rd == 13 || a->rd == 15 || a->rn == 13 || a->fcond >= 14) {
105
mms->bootinfo.ram_size = machine->ram_size;
55
+ /* CONSTRAINED UNPREDICTABLE: we choose to UNDEF */
106
mms->bootinfo.board_id = -1;
56
+ return false;
107
mms->bootinfo.loader_start = mmc->loader_start;
57
+ }
58
+
59
+ /* In this insn input reg fields of 0b1111 mean "zero", not "PC" */
60
+ if (a->rn == 15) {
61
+ rn = tcg_const_i32(0);
62
+ } else {
63
+ rn = load_reg(s, a->rn);
64
+ }
65
+ if (a->rm == 15) {
66
+ rm = tcg_const_i32(0);
67
+ } else {
68
+ rm = load_reg(s, a->rm);
69
+ }
70
+
71
+ switch (a->op) {
72
+ case 0: /* CSEL */
73
+ break;
74
+ case 1: /* CSINC */
75
+ tcg_gen_addi_i32(rm, rm, 1);
76
+ break;
77
+ case 2: /* CSINV */
78
+ tcg_gen_not_i32(rm, rm);
79
+ break;
80
+ case 3: /* CSNEG */
81
+ tcg_gen_neg_i32(rm, rm);
82
+ break;
83
+ default:
84
+ g_assert_not_reached();
85
+ }
86
+
87
+ arm_test_cc(&c, a->fcond);
88
+ zero = tcg_const_i32(0);
89
+ tcg_gen_movcond_i32(c.cond, rn, c.value, zero, rn, rm);
90
+ arm_free_cc(&c);
91
+ tcg_temp_free_i32(zero);
92
+
93
+ store_reg(s, a->rd, rn);
94
+ tcg_temp_free_i32(rm);
95
+
96
+ return true;
97
+}
98
+
99
/*
100
* Legacy decoder.
101
*/
102
--
108
--
103
2.20.1
109
2.34.1
104
110
105
111
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
Add the remaining devices (or unimplemented-device stubs) for
2
this board: SPI controllers, SCC, FPGAIO, I2S, RTC, the
3
QSPI write-config block, and ethernet.
2
4
3
Use the BCM2835_SYSTIMER_COUNT definition instead of the
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
magic '4' value.
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
7
Message-id: 20240206132931.38376-13-peter.maydell@linaro.org
8
---
9
hw/arm/mps3r.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++
10
1 file changed, 74 insertions(+)
5
11
6
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
12
diff --git a/hw/arm/mps3r.c b/hw/arm/mps3r.c
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
9
Message-id: 20201010203709.3116542-2-f4bug@amsat.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
include/hw/timer/bcm2835_systmr.h | 4 +++-
13
hw/timer/bcm2835_systmr.c | 3 ++-
14
2 files changed, 5 insertions(+), 2 deletions(-)
15
16
diff --git a/include/hw/timer/bcm2835_systmr.h b/include/hw/timer/bcm2835_systmr.h
17
index XXXXXXX..XXXXXXX 100644
13
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/timer/bcm2835_systmr.h
14
--- a/hw/arm/mps3r.c
19
+++ b/include/hw/timer/bcm2835_systmr.h
15
+++ b/hw/arm/mps3r.c
20
@@ -XXX,XX +XXX,XX @@
16
@@ -XXX,XX +XXX,XX @@
21
#define TYPE_BCM2835_SYSTIMER "bcm2835-sys-timer"
17
#include "hw/char/cmsdk-apb-uart.h"
22
OBJECT_DECLARE_SIMPLE_TYPE(BCM2835SystemTimerState, BCM2835_SYSTIMER)
18
#include "hw/i2c/arm_sbcon_i2c.h"
23
19
#include "hw/intc/arm_gicv3.h"
24
+#define BCM2835_SYSTIMER_COUNT 4
20
+#include "hw/misc/mps2-scc.h"
25
+
21
+#include "hw/misc/mps2-fpgaio.h"
26
struct BCM2835SystemTimerState {
22
#include "hw/misc/unimp.h"
27
/*< private >*/
23
+#include "hw/net/lan9118.h"
28
SysBusDevice parent_obj;
24
+#include "hw/rtc/pl031.h"
29
@@ -XXX,XX +XXX,XX @@ struct BCM2835SystemTimerState {
25
+#include "hw/ssi/pl022.h"
30
26
#include "hw/timer/cmsdk-apb-dualtimer.h"
31
struct {
27
#include "hw/watchdog/cmsdk-apb-watchdog.h"
32
uint32_t status;
28
33
- uint32_t compare[4];
29
@@ -XXX,XX +XXX,XX @@ struct MPS3RMachineState {
34
+ uint32_t compare[BCM2835_SYSTIMER_COUNT];
30
CMSDKAPBWatchdog watchdog;
35
} reg;
31
CMSDKAPBDualTimer dualtimer;
32
ArmSbconI2CState i2c[5];
33
+ PL022State spi[3];
34
+ MPS2SCC scc;
35
+ MPS2FPGAIO fpgaio;
36
+ UnimplementedDeviceState i2s_audio;
37
+ PL031State rtc;
38
Clock *clk;
36
};
39
};
37
40
38
diff --git a/hw/timer/bcm2835_systmr.c b/hw/timer/bcm2835_systmr.c
41
@@ -XXX,XX +XXX,XX @@ static const RAMInfo an536_raminfo[] = {
39
index XXXXXXX..XXXXXXX 100644
40
--- a/hw/timer/bcm2835_systmr.c
41
+++ b/hw/timer/bcm2835_systmr.c
42
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription bcm2835_systmr_vmstate = {
43
.minimum_version_id = 1,
44
.fields = (VMStateField[]) {
45
VMSTATE_UINT32(reg.status, BCM2835SystemTimerState),
46
- VMSTATE_UINT32_ARRAY(reg.compare, BCM2835SystemTimerState, 4),
47
+ VMSTATE_UINT32_ARRAY(reg.compare, BCM2835SystemTimerState,
48
+ BCM2835_SYSTIMER_COUNT),
49
VMSTATE_END_OF_LIST()
50
}
42
}
51
};
43
};
44
45
+static const int an536_oscclk[] = {
46
+ 24000000, /* 24MHz reference for RTC and timers */
47
+ 50000000, /* 50MHz ACLK */
48
+ 50000000, /* 50MHz MCLK */
49
+ 50000000, /* 50MHz GPUCLK */
50
+ 24576000, /* 24.576MHz AUDCLK */
51
+ 23750000, /* 23.75MHz HDLCDCLK */
52
+ 100000000, /* 100MHz DDR4_REF_CLK */
53
+};
54
+
55
static MemoryRegion *mr_for_raminfo(MPS3RMachineState *mms,
56
const RAMInfo *raminfo)
57
{
58
@@ -XXX,XX +XXX,XX @@ static void mps3r_common_init(MachineState *machine)
59
MPS3RMachineClass *mmc = MPS3R_MACHINE_GET_CLASS(mms);
60
MemoryRegion *sysmem = get_system_memory();
61
DeviceState *gicdev;
62
+ QList *oscclk;
63
64
mms->clk = clock_new(OBJECT(machine), "CLK");
65
clock_set_hz(mms->clk, CLK_FRQ);
66
@@ -XXX,XX +XXX,XX @@ static void mps3r_common_init(MachineState *machine)
67
}
68
}
69
70
+ for (int i = 0; i < ARRAY_SIZE(mms->spi); i++) {
71
+ g_autofree char *s = g_strdup_printf("spi%d", i);
72
+ hwaddr baseaddr = 0xe0104000 + i * 0x1000;
73
+
74
+ object_initialize_child(OBJECT(mms), s, &mms->spi[i], TYPE_PL022);
75
+ sysbus_realize(SYS_BUS_DEVICE(&mms->spi[i]), &error_fatal);
76
+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->spi[i]), 0, baseaddr);
77
+ sysbus_connect_irq(SYS_BUS_DEVICE(&mms->spi[i]), 0,
78
+ qdev_get_gpio_in(gicdev, 22 + i));
79
+ }
80
+
81
+ object_initialize_child(OBJECT(mms), "scc", &mms->scc, TYPE_MPS2_SCC);
82
+ qdev_prop_set_uint32(DEVICE(&mms->scc), "scc-cfg0", 0);
83
+ qdev_prop_set_uint32(DEVICE(&mms->scc), "scc-cfg4", 0x2);
84
+ qdev_prop_set_uint32(DEVICE(&mms->scc), "scc-aid", 0x00200008);
85
+ qdev_prop_set_uint32(DEVICE(&mms->scc), "scc-id", 0x41055360);
86
+ oscclk = qlist_new();
87
+ for (int i = 0; i < ARRAY_SIZE(an536_oscclk); i++) {
88
+ qlist_append_int(oscclk, an536_oscclk[i]);
89
+ }
90
+ qdev_prop_set_array(DEVICE(&mms->scc), "oscclk", oscclk);
91
+ sysbus_realize(SYS_BUS_DEVICE(&mms->scc), &error_fatal);
92
+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->scc), 0, 0xe0200000);
93
+
94
+ create_unimplemented_device("i2s-audio", 0xe0201000, 0x1000);
95
+
96
+ object_initialize_child(OBJECT(mms), "fpgaio", &mms->fpgaio,
97
+ TYPE_MPS2_FPGAIO);
98
+ qdev_prop_set_uint32(DEVICE(&mms->fpgaio), "prescale-clk", an536_oscclk[1]);
99
+ qdev_prop_set_uint32(DEVICE(&mms->fpgaio), "num-leds", 10);
100
+ qdev_prop_set_bit(DEVICE(&mms->fpgaio), "has-switches", true);
101
+ qdev_prop_set_bit(DEVICE(&mms->fpgaio), "has-dbgctrl", false);
102
+ sysbus_realize(SYS_BUS_DEVICE(&mms->fpgaio), &error_fatal);
103
+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->fpgaio), 0, 0xe0202000);
104
+
105
+ create_unimplemented_device("clcd", 0xe0209000, 0x1000);
106
+
107
+ object_initialize_child(OBJECT(mms), "rtc", &mms->rtc, TYPE_PL031);
108
+ sysbus_realize(SYS_BUS_DEVICE(&mms->rtc), &error_fatal);
109
+ sysbus_mmio_map(SYS_BUS_DEVICE(&mms->rtc), 0, 0xe020a000);
110
+ sysbus_connect_irq(SYS_BUS_DEVICE(&mms->rtc), 0,
111
+ qdev_get_gpio_in(gicdev, 4));
112
+
113
+ /*
114
+ * In hardware this is a LAN9220; the LAN9118 is software compatible
115
+ * except that it doesn't support the checksum-offload feature.
116
+ */
117
+ lan9118_init(0xe0300000,
118
+ qdev_get_gpio_in(gicdev, 18));
119
+
120
+ create_unimplemented_device("usb", 0xe0301000, 0x1000);
121
+ create_unimplemented_device("qspi-write-config", 0xe0600000, 0x1000);
122
+
123
mms->bootinfo.ram_size = machine->ram_size;
124
mms->bootinfo.board_id = -1;
125
mms->bootinfo.loader_start = mmc->loader_start;
52
--
126
--
53
2.20.1
127
2.34.1
54
128
55
129
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
1
3
The variable holding the CTRL_STATUS register is misnamed
4
'status'. Rename it 'ctrl_status' to make it more obvious
5
this register is also used to control the peripheral.
6
7
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
Message-id: 20201010203709.3116542-3-f4bug@amsat.org
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
include/hw/timer/bcm2835_systmr.h | 2 +-
14
hw/timer/bcm2835_systmr.c | 8 ++++----
15
2 files changed, 5 insertions(+), 5 deletions(-)
16
17
diff --git a/include/hw/timer/bcm2835_systmr.h b/include/hw/timer/bcm2835_systmr.h
18
index XXXXXXX..XXXXXXX 100644
19
--- a/include/hw/timer/bcm2835_systmr.h
20
+++ b/include/hw/timer/bcm2835_systmr.h
21
@@ -XXX,XX +XXX,XX @@ struct BCM2835SystemTimerState {
22
qemu_irq irq;
23
24
struct {
25
- uint32_t status;
26
+ uint32_t ctrl_status;
27
uint32_t compare[BCM2835_SYSTIMER_COUNT];
28
} reg;
29
};
30
diff --git a/hw/timer/bcm2835_systmr.c b/hw/timer/bcm2835_systmr.c
31
index XXXXXXX..XXXXXXX 100644
32
--- a/hw/timer/bcm2835_systmr.c
33
+++ b/hw/timer/bcm2835_systmr.c
34
@@ -XXX,XX +XXX,XX @@ REG32(COMPARE3, 0x18)
35
36
static void bcm2835_systmr_update_irq(BCM2835SystemTimerState *s)
37
{
38
- bool enable = !!s->reg.status;
39
+ bool enable = !!s->reg.ctrl_status;
40
41
trace_bcm2835_systmr_irq(enable);
42
qemu_set_irq(s->irq, enable);
43
@@ -XXX,XX +XXX,XX @@ static uint64_t bcm2835_systmr_read(void *opaque, hwaddr offset,
44
45
switch (offset) {
46
case A_CTRL_STATUS:
47
- r = s->reg.status;
48
+ r = s->reg.ctrl_status;
49
break;
50
case A_COMPARE0 ... A_COMPARE3:
51
r = s->reg.compare[(offset - A_COMPARE0) >> 2];
52
@@ -XXX,XX +XXX,XX @@ static void bcm2835_systmr_write(void *opaque, hwaddr offset,
53
trace_bcm2835_systmr_write(offset, value);
54
switch (offset) {
55
case A_CTRL_STATUS:
56
- s->reg.status &= ~value; /* Ack */
57
+ s->reg.ctrl_status &= ~value; /* Ack */
58
bcm2835_systmr_update_irq(s);
59
break;
60
case A_COMPARE0 ... A_COMPARE3:
61
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription bcm2835_systmr_vmstate = {
62
.version_id = 1,
63
.minimum_version_id = 1,
64
.fields = (VMStateField[]) {
65
- VMSTATE_UINT32(reg.status, BCM2835SystemTimerState),
66
+ VMSTATE_UINT32(reg.ctrl_status, BCM2835SystemTimerState),
67
VMSTATE_UINT32_ARRAY(reg.compare, BCM2835SystemTimerState,
68
BCM2835_SYSTIMER_COUNT),
69
VMSTATE_END_OF_LIST()
70
--
71
2.20.1
72
73
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
1
3
The SYS_timer is not directly wired to the ARM core, but to the
4
SoC (peripheral) interrupt controller.
5
6
Fixes: 0e5bbd74064 ("hw/arm/bcm2835_peripherals: Use the SYS_timer")
7
Reviewed-by: Luc Michel <luc.michel@greensocs.com>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
Message-id: 20201010203709.3116542-5-f4bug@amsat.org
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
hw/arm/bcm2835_peripherals.c | 13 +++++++++++--
14
1 file changed, 11 insertions(+), 2 deletions(-)
15
16
diff --git a/hw/arm/bcm2835_peripherals.c b/hw/arm/bcm2835_peripherals.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/hw/arm/bcm2835_peripherals.c
19
+++ b/hw/arm/bcm2835_peripherals.c
20
@@ -XXX,XX +XXX,XX @@ static void bcm2835_peripherals_realize(DeviceState *dev, Error **errp)
21
memory_region_add_subregion(&s->peri_mr, ST_OFFSET,
22
sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->systmr), 0));
23
sysbus_connect_irq(SYS_BUS_DEVICE(&s->systmr), 0,
24
- qdev_get_gpio_in_named(DEVICE(&s->ic), BCM2835_IC_ARM_IRQ,
25
- INTERRUPT_ARM_TIMER));
26
+ qdev_get_gpio_in_named(DEVICE(&s->ic), BCM2835_IC_GPU_IRQ,
27
+ INTERRUPT_TIMER0));
28
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->systmr), 1,
29
+ qdev_get_gpio_in_named(DEVICE(&s->ic), BCM2835_IC_GPU_IRQ,
30
+ INTERRUPT_TIMER1));
31
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->systmr), 2,
32
+ qdev_get_gpio_in_named(DEVICE(&s->ic), BCM2835_IC_GPU_IRQ,
33
+ INTERRUPT_TIMER2));
34
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->systmr), 3,
35
+ qdev_get_gpio_in_named(DEVICE(&s->ic), BCM2835_IC_GPU_IRQ,
36
+ INTERRUPT_TIMER3));
37
38
/* UART0 */
39
qdev_prop_set_chr(DEVICE(&s->uart0), "chardev", serial_hd(0));
40
--
41
2.20.1
42
43
diff view generated by jsdifflib
Deleted patch
1
The t32 decode has a group which represents a set of insns
2
which overlap with B_cond_thumb because they have [25:23]=111
3
(which is an invalid condition code field for the branch insn).
4
This group is currently defined using the {} overlap-OK syntax,
5
but it is almost entirely non-overlapping patterns. Switch
6
it over to use a non-overlapping group.
7
1
8
For this to be valid syntactically, CPS must move into the same
9
overlapping-group as the hint insns (CPS vs hints was the
10
only actual use of the overlap facility for the group).
11
12
The non-overlapping subgroup for CLREX/DSB/DMB/ISB/SB is no longer
13
necessary and so we can remove it (promoting those insns to
14
be members of the parent group).
15
16
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Message-id: 20201019151301.2046-5-peter.maydell@linaro.org
19
---
20
target/arm/t32.decode | 26 ++++++++++++--------------
21
1 file changed, 12 insertions(+), 14 deletions(-)
22
23
diff --git a/target/arm/t32.decode b/target/arm/t32.decode
24
index XXXXXXX..XXXXXXX 100644
25
--- a/target/arm/t32.decode
26
+++ b/target/arm/t32.decode
27
@@ -XXX,XX +XXX,XX @@ CLZ 1111 1010 1011 ---- 1111 .... 1000 .... @rdm
28
{
29
# Group insn[25:23] = 111, which is cond=111x for the branch below,
30
# or unconditional, which would be illegal for the branch.
31
- {
32
- # Hints
33
+ [
34
+ # Hints, and CPS
35
{
36
YIELD 1111 0011 1010 1111 1000 0000 0000 0001
37
WFE 1111 0011 1010 1111 1000 0000 0000 0010
38
@@ -XXX,XX +XXX,XX @@ CLZ 1111 1010 1011 ---- 1111 .... 1000 .... @rdm
39
# The canonical nop ends in 0000 0000, but the whole rest
40
# of the space is "reserved hint, behaves as nop".
41
NOP 1111 0011 1010 1111 1000 0000 ---- ----
42
+
43
+ # If imod == '00' && M == '0' then SEE "Hint instructions", above.
44
+ CPS 1111 0011 1010 1111 1000 0 imod:2 M:1 A:1 I:1 F:1 mode:5 \
45
+ &cps
46
}
47
48
- # If imod == '00' && M == '0' then SEE "Hint instructions", above.
49
- CPS 1111 0011 1010 1111 1000 0 imod:2 M:1 A:1 I:1 F:1 mode:5 \
50
- &cps
51
-
52
# Miscellaneous control
53
- [
54
- CLREX 1111 0011 1011 1111 1000 1111 0010 1111
55
- DSB 1111 0011 1011 1111 1000 1111 0100 ----
56
- DMB 1111 0011 1011 1111 1000 1111 0101 ----
57
- ISB 1111 0011 1011 1111 1000 1111 0110 ----
58
- SB 1111 0011 1011 1111 1000 1111 0111 0000
59
- ]
60
+ CLREX 1111 0011 1011 1111 1000 1111 0010 1111
61
+ DSB 1111 0011 1011 1111 1000 1111 0100 ----
62
+ DMB 1111 0011 1011 1111 1000 1111 0101 ----
63
+ ISB 1111 0011 1011 1111 1000 1111 0110 ----
64
+ SB 1111 0011 1011 1111 1000 1111 0111 0000
65
66
# Note that the v7m insn overlaps both the normal and banked insn.
67
{
68
@@ -XXX,XX +XXX,XX @@ CLZ 1111 1010 1011 ---- 1111 .... 1000 .... @rdm
69
HVC 1111 0111 1110 .... 1000 .... .... .... \
70
&i imm=%imm16_16_0
71
UDF 1111 0111 1111 ---- 1010 ---- ---- ----
72
- }
73
+ ]
74
B_cond_thumb 1111 0. cond:4 ...... 10.0 ............ &ci imm=%imm21
75
}
76
77
--
78
2.20.1
79
80
diff view generated by jsdifflib
Deleted patch
1
The BLX immediate insn in the Thumb encoding always performs
2
a switch from Thumb to Arm state. This would be totally useless
3
in M-profile which has no Arm decoder, and so the instruction
4
does not exist at all there. Make the encoding UNDEF for M-profile.
5
1
6
(This part of the encoding space is used for the branch-future
7
and low-overhead-loop insns in v8.1M.)
8
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Message-id: 20201019151301.2046-6-peter.maydell@linaro.org
12
---
13
target/arm/translate.c | 8 ++++++++
14
1 file changed, 8 insertions(+)
15
16
diff --git a/target/arm/translate.c b/target/arm/translate.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/translate.c
19
+++ b/target/arm/translate.c
20
@@ -XXX,XX +XXX,XX @@ static bool trans_BLX_i(DisasContext *s, arg_BLX_i *a)
21
{
22
TCGv_i32 tmp;
23
24
+ /*
25
+ * BLX <imm> would be useless on M-profile; the encoding space
26
+ * is used for other insns from v8.1M onward, and UNDEFs before that.
27
+ */
28
+ if (arm_dc_feature(s, ARM_FEATURE_M)) {
29
+ return false;
30
+ }
31
+
32
/* For A32, ARM_FEATURE_V5 is checked near the start of the uncond block. */
33
if (s->thumb && (a->imm & 2)) {
34
return false;
35
--
36
2.20.1
37
38
diff view generated by jsdifflib
1
In arm_cpu_realizefn(), if the CPU has VFP or Neon disabled then we
1
Add documentation for the mps3-an536 board type.
2
squash the ID register fields so that we don't advertise it to the
3
guest. This code was written for A-profile and needs some tweaks to
4
work correctly on M-profile:
5
2
6
* A-profile only fields should not be zeroed on M-profile:
3
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
- MVFR0.FPSHVEC,FPTRAP
4
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
8
- MVFR1.SIMDLS,SIMDINT,SIMDSP,SIMDHP
5
Message-id: 20240206132931.38376-14-peter.maydell@linaro.org
9
- MVFR2.SIMDMISC
6
---
10
* M-profile only fields should be zeroed on M-profile:
7
docs/system/arm/mps2.rst | 37 ++++++++++++++++++++++++++++++++++---
11
- MVFR1.FP16
8
1 file changed, 34 insertions(+), 3 deletions(-)
12
9
13
In particular, because MVFR1.SIMDHP on A-profile is the same field as
10
diff --git a/docs/system/arm/mps2.rst b/docs/system/arm/mps2.rst
14
MVFR1.FP16 on M-profile this code was incorrectly disabling FP16
15
support on an M-profile CPU (where has_neon is always false). This
16
isn't a visible bug yet because we don't have any M-profile CPUs with
17
FP16 support, but the change is necessary before we introduce any.
18
19
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
20
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
21
Message-id: 20201019151301.2046-9-peter.maydell@linaro.org
22
---
23
target/arm/cpu.c | 29 ++++++++++++++++++-----------
24
1 file changed, 18 insertions(+), 11 deletions(-)
25
26
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
27
index XXXXXXX..XXXXXXX 100644
11
index XXXXXXX..XXXXXXX 100644
28
--- a/target/arm/cpu.c
12
--- a/docs/system/arm/mps2.rst
29
+++ b/target/arm/cpu.c
13
+++ b/docs/system/arm/mps2.rst
30
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
14
@@ -XXX,XX +XXX,XX @@
31
u = cpu->isar.mvfr0;
15
-Arm MPS2 and MPS3 boards (``mps2-an385``, ``mps2-an386``, ``mps2-an500``, ``mps2-an505``, ``mps2-an511``, ``mps2-an521``, ``mps3-an524``, ``mps3-an547``)
32
u = FIELD_DP32(u, MVFR0, FPSP, 0);
16
-=========================================================================================================================================================
33
u = FIELD_DP32(u, MVFR0, FPDP, 0);
17
+Arm MPS2 and MPS3 boards (``mps2-an385``, ``mps2-an386``, ``mps2-an500``, ``mps2-an505``, ``mps2-an511``, ``mps2-an521``, ``mps3-an524``, ``mps3-an536``, ``mps3-an547``)
34
- u = FIELD_DP32(u, MVFR0, FPTRAP, 0);
18
+=========================================================================================================================================================================
35
u = FIELD_DP32(u, MVFR0, FPDIVIDE, 0);
19
36
u = FIELD_DP32(u, MVFR0, FPSQRT, 0);
20
-These board models all use Arm M-profile CPUs.
37
- u = FIELD_DP32(u, MVFR0, FPSHVEC, 0);
21
+These board models use Arm M-profile or R-profile CPUs.
38
u = FIELD_DP32(u, MVFR0, FPROUND, 0);
22
39
+ if (!arm_feature(env, ARM_FEATURE_M)) {
23
The Arm MPS2, MPS2+ and MPS3 dev boards are FPGA based (the 2+ has a
40
+ u = FIELD_DP32(u, MVFR0, FPTRAP, 0);
24
bigger FPGA but is otherwise the same as the 2; the 3 has a bigger
41
+ u = FIELD_DP32(u, MVFR0, FPSHVEC, 0);
25
@@ -XXX,XX +XXX,XX @@ FPGA image.
42
+ }
26
43
cpu->isar.mvfr0 = u;
27
QEMU models the following FPGA images:
44
28
45
u = cpu->isar.mvfr1;
29
+FPGA images using M-profile CPUs:
46
u = FIELD_DP32(u, MVFR1, FPFTZ, 0);
30
+
47
u = FIELD_DP32(u, MVFR1, FPDNAN, 0);
31
``mps2-an385``
48
u = FIELD_DP32(u, MVFR1, FPHP, 0);
32
Cortex-M3 as documented in Arm Application Note AN385
49
+ if (arm_feature(env, ARM_FEATURE_M)) {
33
``mps2-an386``
50
+ u = FIELD_DP32(u, MVFR1, FP16, 0);
34
@@ -XXX,XX +XXX,XX @@ QEMU models the following FPGA images:
51
+ }
35
``mps3-an547``
52
cpu->isar.mvfr1 = u;
36
Cortex-M55 on an MPS3, as documented in Arm Application Note AN547
53
37
54
u = cpu->isar.mvfr2;
38
+FPGA images using R-profile CPUs:
55
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
39
+
56
u = FIELD_DP32(u, ID_ISAR6, FHM, 0);
40
+``mps3-an536``
57
cpu->isar.id_isar6 = u;
41
+ Dual Cortex-R52 on an MPS3, as documented in Arm Application Note AN536
58
42
+
59
- u = cpu->isar.mvfr1;
43
Differences between QEMU and real hardware:
60
- u = FIELD_DP32(u, MVFR1, SIMDLS, 0);
44
61
- u = FIELD_DP32(u, MVFR1, SIMDINT, 0);
45
- AN385/AN386 remapping of low 16K of memory to either ZBT SSRAM1 or to
62
- u = FIELD_DP32(u, MVFR1, SIMDSP, 0);
46
@@ -XXX,XX +XXX,XX @@ Differences between QEMU and real hardware:
63
- u = FIELD_DP32(u, MVFR1, SIMDHP, 0);
47
flash, but only as simple ROM, so attempting to rewrite the flash
64
- cpu->isar.mvfr1 = u;
48
from the guest will fail
65
+ if (!arm_feature(env, ARM_FEATURE_M)) {
49
- QEMU does not model the USB controller in MPS3 boards
66
+ u = cpu->isar.mvfr1;
50
+- AN536 does not support runtime control of CPU reset and halt via
67
+ u = FIELD_DP32(u, MVFR1, SIMDLS, 0);
51
+ the SCC CFG_REG0 register.
68
+ u = FIELD_DP32(u, MVFR1, SIMDINT, 0);
52
+- AN536 does not support enabling or disabling the flash and ATCM
69
+ u = FIELD_DP32(u, MVFR1, SIMDSP, 0);
53
+ interfaces via the SCC CFG_REG1 register.
70
+ u = FIELD_DP32(u, MVFR1, SIMDHP, 0);
54
+- AN536 does not support setting of the initial vector table
71
+ cpu->isar.mvfr1 = u;
55
+ base address via the SCC CFG_REG6 and CFG_REG7 register config,
72
56
+ and does not provide a mechanism for specifying these values at
73
- u = cpu->isar.mvfr2;
57
+ startup, so all guest images must be built to start from TCM
74
- u = FIELD_DP32(u, MVFR2, SIMDMISC, 0);
58
+ (i.e. to expect the interrupt vector base at 0 from reset).
75
- cpu->isar.mvfr2 = u;
59
+- AN536 defaults to only creating a single CPU; this is the equivalent
76
+ u = cpu->isar.mvfr2;
60
+ of the way the real FPGA image usually runs with the second Cortex-R52
77
+ u = FIELD_DP32(u, MVFR2, SIMDMISC, 0);
61
+ held in halt via the initial SCC CFG_REG0 register setting. You can
78
+ cpu->isar.mvfr2 = u;
62
+ create the second CPU with ``-smp 2``; both CPUs will then start
79
+ }
63
+ execution immediately on startup.
80
}
64
+
81
65
+Note that for the AN536 the first UART is accessible only by
82
if (!cpu->has_neon && !cpu->has_vfp) {
66
+CPU0, and the second UART is accessible only by CPU1. The
67
+first UART accessible shared between both CPUs is the third
68
+UART. Guest software might therefore be built to use either
69
+the first UART or the third UART; if you don't see any output
70
+from the UART you are looking at, try one of the others.
71
+(Even if the AN536 machine is started with a single CPU and so
72
+no "CPU1-only UART", the UART numbering remains the same,
73
+with the third UART being the first of the shared ones.)
74
75
Machine-specific options
76
""""""""""""""""""""""""
83
--
77
--
84
2.20.1
78
2.34.1
85
79
86
80
diff view generated by jsdifflib