[PULL 00/26] target-arm queue
[PULL 00/30] target-arm queue
1
Small pile of bug fixes for rc1. I've included my patches to get
1
Hi; this is the latest target-arm queue. Most of the patches
2
our docs building with Sphinx 3, just for convenience...
2
here are RTH's FEAT_HAFDBS finally landing. I've also included
3
the RNG-seed randomization patches from Jason, as well as a few
4
more minor things. The patches include a couple of regression
5
fixes:
6
* the resettable patch fixes a SCSI reset regression
7
* the 'do not re-randomize on snapshot load' patches fix
8
record-and-replay regressions
3
9
10
thanks
4
-- PMM
11
-- PMM
5
12
6
The following changes since commit b149dea55cce97cb226683d06af61984a1c11e96:
13
The following changes since commit e750a7ace492f0b450653d4ad368a77d6f660fb8:
7
14
8
Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20201102' into staging (2020-11-02 10:57:48 +0000)
15
Merge tag 'pull-9p-20221024' of https://github.com/cschoenebeck/qemu into staging (2022-10-24 14:27:12 -0400)
9
16
10
are available in the Git repository at:
17
are available in the Git repository at:
11
18
12
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201102
19
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20221025
13
20
14
for you to fetch changes up to ffb4fbf90a2f63c9cb33e4bb9f854c79bf04ca4a:
21
for you to fetch changes up to e2114f701c78f76246e4b1872639dad94a6bdd21:
15
22
16
tests/qtest/npcm7xx_rng-test: Disable randomness tests (2020-11-02 16:52:18 +0000)
23
rx: re-randomize rng-seed on reboot (2022-10-25 17:32:24 +0100)
17
24
18
----------------------------------------------------------------
25
----------------------------------------------------------------
19
target-arm queue:
26
target-arm queue:
20
* target/arm: Fix Neon emulation bugs on big-endian hosts
27
* Implement FEAT_E0PD
21
* target/arm: fix handling of HCR.FB
28
* Implement FEAT_HAFDBS
22
* target/arm: fix LORID_EL1 access check
29
* honor HCR_E2H and HCR_TGE in arm_excp_unmasked()
23
* disas/capstone: Fix monitor disassembly of >32 bytes
30
* hw/arm/virt: Fix devicetree warnings about the virtio-iommu node
24
* hw/arm/smmuv3: Fix potential integer overflow (CID 1432363)
31
* hw/core/resettable: fix reset level counting
25
* hw/arm/boot: fix SVE for EL3 direct kernel boot
32
* hw/hyperv/hyperv.c: Use device_cold_reset() instead of device_legacy_reset()
26
* hw/display/omap_lcdc: Fix potential NULL pointer dereference
33
* imx: reload cmp timer outside of the reload ptimer transaction
27
* hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
34
* x86: do not re-randomize RNG seed on snapshot load
28
* target/arm: Get correct MMU index for other-security-state
35
* m68k/virt: do not re-randomize RNG seed on snapshot load
29
* configure: Test that gio libs from pkg-config work
36
* m68k/q800: do not re-randomize RNG seed on snapshot load
30
* hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts work
37
* arm: re-randomize rng-seed on reboot
31
* docs: Fix building with Sphinx 3
38
* riscv: re-randomize rng-seed on reboot
32
* tests/qtest/npcm7xx_rng-test: Disable randomness tests
39
* mips/boston: re-randomize rng-seed on reboot
40
* openrisc: re-randomize rng-seed on reboot
41
* rx: re-randomize rng-seed on reboot
33
42
34
----------------------------------------------------------------
43
----------------------------------------------------------------
35
AlexChen (2):
44
Ake Koomsin (1):
36
hw/display/omap_lcdc: Fix potential NULL pointer dereference
45
target/arm: honor HCR_E2H and HCR_TGE in arm_excp_unmasked()
37
hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
38
46
39
Peter Maydell (9):
47
Axel Heider (1):
40
target/arm: Fix float16 pairwise Neon ops on big-endian hosts
48
target/imx: reload cmp timer outside of the reload ptimer transaction
41
target/arm: Fix VUDOT/VSDOT (scalar) on big-endian hosts
42
disas/capstone: Fix monitor disassembly of >32 bytes
43
target/arm: Get correct MMU index for other-security-state
44
configure: Test that gio libs from pkg-config work
45
hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts work
46
scripts/kerneldoc: For Sphinx 3 use c:macro for macros with arguments
47
qemu-option-trace.rst.inc: Don't use option:: markup
48
tests/qtest/npcm7xx_rng-test: Disable randomness tests
49
49
50
Philippe Mathieu-Daudé (1):
50
Damien Hedde (1):
51
hw/arm/smmuv3: Fix potential integer overflow (CID 1432363)
51
hw/core/resettable: fix reset level counting
52
52
53
Richard Henderson (11):
53
Jason A. Donenfeld (10):
54
target/arm: Introduce neon_full_reg_offset
54
reset: allow registering handlers that aren't called by snapshot loading
55
target/arm: Move neon_element_offset to translate.c
55
device-tree: add re-randomization helper function
56
target/arm: Use neon_element_offset in neon_load/store_reg
56
x86: do not re-randomize RNG seed on snapshot load
57
target/arm: Use neon_element_offset in vfp_reg_offset
57
arm: re-randomize rng-seed on reboot
58
target/arm: Add read/write_neon_element32
58
riscv: re-randomize rng-seed on reboot
59
target/arm: Expand read/write_neon_element32 to all MemOp
59
m68k/virt: do not re-randomize RNG seed on snapshot load
60
target/arm: Rename neon_load_reg32 to vfp_load_reg32
60
m68k/q800: do not re-randomize RNG seed on snapshot load
61
target/arm: Add read/write_neon_element64
61
mips/boston: re-randomize rng-seed on reboot
62
target/arm: Rename neon_load_reg64 to vfp_load_reg64
62
openrisc: re-randomize rng-seed on reboot
63
target/arm: Simplify do_long_3d and do_2scalar_long
63
rx: re-randomize rng-seed on reboot
64
target/arm: Improve do_prewiden_3d
65
64
66
Rémi Denis-Courmont (3):
65
Jean-Philippe Brucker (1):
67
target/arm: fix handling of HCR.FB
66
hw/arm/virt: Fix devicetree warnings about the virtio-iommu node
68
target/arm: fix LORID_EL1 access check
69
hw/arm/boot: fix SVE for EL3 direct kernel boot
70
67
71
docs/qemu-option-trace.rst.inc | 6 +-
68
Peter Maydell (2):
72
configure | 10 +-
69
target/arm: Implement FEAT_E0PD
73
include/hw/intc/arm_gicv3_common.h | 1 -
70
hw/hyperv/hyperv.c: Use device_cold_reset() instead of device_legacy_reset()
74
disas/capstone.c | 2 +-
75
hw/arm/boot.c | 3 +
76
hw/arm/smmuv3.c | 3 +-
77
hw/display/exynos4210_fimd.c | 4 +-
78
hw/display/omap_lcdc.c | 10 +-
79
hw/intc/arm_gicv3_cpuif.c | 5 +-
80
target/arm/helper.c | 24 +-
81
target/arm/m_helper.c | 3 +-
82
target/arm/translate.c | 153 +++++++++---
83
target/arm/vec_helper.c | 12 +-
84
tests/qtest/npcm7xx_rng-test.c | 14 +-
85
scripts/kernel-doc | 18 +-
86
target/arm/translate-neon.c.inc | 472 ++++++++++++++++++++-----------------
87
target/arm/translate-vfp.c.inc | 341 +++++++++++----------------
88
17 files changed, 588 insertions(+), 493 deletions(-)
89
71
72
Richard Henderson (14):
73
target/arm: Introduce regime_is_stage2
74
target/arm: Add ptw_idx to S1Translate
75
target/arm: Add isar predicates for FEAT_HAFDBS
76
target/arm: Extract HA and HD in aa64_va_parameters
77
target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw
78
target/arm: Add ARMFault_UnsuppAtomicUpdate
79
target/arm: Remove loop from get_phys_addr_lpae
80
target/arm: Fix fault reporting in get_phys_addr_lpae
81
target/arm: Don't shift attrs in get_phys_addr_lpae
82
target/arm: Consider GP an attribute in get_phys_addr_lpae
83
target/arm: Tidy merging of attributes from descriptor and table
84
target/arm: Implement FEAT_HAFDBS, access flag portion
85
target/arm: Implement FEAT_HAFDBS, dirty bit portion
86
target/arm: Use the max page size in a 2-stage ptw
87
88
docs/devel/reset.rst | 8 +-
89
docs/system/arm/emulation.rst | 2 +
90
qapi/run-state.json | 6 +-
91
include/hw/boards.h | 2 +-
92
include/sysemu/device_tree.h | 9 +
93
include/sysemu/reset.h | 5 +-
94
target/arm/cpu.h | 15 ++
95
target/arm/internals.h | 30 +++
96
hw/arm/aspeed.c | 4 +-
97
hw/arm/boot.c | 2 +
98
hw/arm/mps2-tz.c | 4 +-
99
hw/arm/virt.c | 5 +-
100
hw/core/reset.c | 17 +-
101
hw/core/resettable.c | 3 +-
102
hw/hppa/machine.c | 4 +-
103
hw/hyperv/hyperv.c | 2 +-
104
hw/i386/microvm.c | 4 +-
105
hw/i386/pc.c | 6 +-
106
hw/i386/x86.c | 2 +-
107
hw/m68k/q800.c | 33 ++-
108
hw/m68k/virt.c | 20 +-
109
hw/mips/boston.c | 3 +
110
hw/openrisc/boot.c | 3 +
111
hw/ppc/pegasos2.c | 4 +-
112
hw/ppc/pnv.c | 4 +-
113
hw/ppc/spapr.c | 4 +-
114
hw/riscv/boot.c | 3 +
115
hw/rx/rx-gdbsim.c | 3 +
116
hw/s390x/s390-virtio-ccw.c | 4 +-
117
hw/timer/imx_epit.c | 9 +-
118
migration/savevm.c | 2 +-
119
softmmu/device_tree.c | 21 ++
120
softmmu/runstate.c | 11 +-
121
target/arm/cpu.c | 24 +-
122
target/arm/cpu64.c | 2 +
123
target/arm/helper.c | 31 ++-
124
target/arm/ptw.c | 524 +++++++++++++++++++++++++++---------------
125
37 files changed, 572 insertions(+), 263 deletions(-)
diff view generated by jsdifflib
[PULL 15/26] target/arm: fix LORID_EL1 access check
[PULL 01/30] target/arm: Implement FEAT_E0PD
1
From: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
1
FEAT_E0PD adds new bits E0PD0 and E0PD1 to TCR_EL1, which allow the
2
OS to forbid EL0 access to half of the address space. Since this is
3
an EL0-specific variation on the existing TCR_ELx.{EPD0,EPD1}, we can
4
implement it entirely in aa64_va_parameters().
2
5
3
Secure mode is not exempted from checking SCR_EL3.TLOR, and in the
6
This requires moving the existing regime_is_user() to internals.h
4
future HCR_EL2.TLOR when S-EL2 is enabled.
7
so that the code in helper.c can get at it.
5
8
6
Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Message-id: 20221021160131.3531787-1-peter.maydell@linaro.org
9
---
12
---
10
target/arm/helper.c | 19 +++++--------------
13
docs/system/arm/emulation.rst | 1 +
11
1 file changed, 5 insertions(+), 14 deletions(-)
14
target/arm/cpu.h | 5 +++++
15
target/arm/internals.h | 19 +++++++++++++++++++
16
target/arm/cpu64.c | 1 +
17
target/arm/helper.c | 9 +++++++++
18
target/arm/ptw.c | 19 -------------------
19
6 files changed, 35 insertions(+), 19 deletions(-)
12
20
21
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
22
index XXXXXXX..XXXXXXX 100644
23
--- a/docs/system/arm/emulation.rst
24
+++ b/docs/system/arm/emulation.rst
25
@@ -XXX,XX +XXX,XX @@ the following architecture extensions:
26
- FEAT_Debugv8p4 (Debug changes for v8.4)
27
- FEAT_DotProd (Advanced SIMD dot product instructions)
28
- FEAT_DoubleFault (Double Fault Extension)
29
+- FEAT_E0PD (Preventing EL0 access to halves of address maps)
30
- FEAT_ETS (Enhanced Translation Synchronization)
31
- FEAT_FCMA (Floating-point complex number instructions)
32
- FEAT_FHM (Floating-point half-precision multiplication instructions)
33
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
34
index XXXXXXX..XXXXXXX 100644
35
--- a/target/arm/cpu.h
36
+++ b/target/arm/cpu.h
37
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_lva(const ARMISARegisters *id)
38
return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, VARANGE) != 0;
39
}
40
41
+static inline bool isar_feature_aa64_e0pd(const ARMISARegisters *id)
42
+{
43
+ return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, E0PD) != 0;
44
+}
45
+
46
static inline bool isar_feature_aa64_tts2uxn(const ARMISARegisters *id)
47
{
48
return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, XNX) != 0;
49
diff --git a/target/arm/internals.h b/target/arm/internals.h
50
index XXXXXXX..XXXXXXX 100644
51
--- a/target/arm/internals.h
52
+++ b/target/arm/internals.h
53
@@ -XXX,XX +XXX,XX @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
54
}
55
}
56
57
+static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
58
+{
59
+ switch (mmu_idx) {
60
+ case ARMMMUIdx_E20_0:
61
+ case ARMMMUIdx_Stage1_E0:
62
+ case ARMMMUIdx_MUser:
63
+ case ARMMMUIdx_MSUser:
64
+ case ARMMMUIdx_MUserNegPri:
65
+ case ARMMMUIdx_MSUserNegPri:
66
+ return true;
67
+ default:
68
+ return false;
69
+ case ARMMMUIdx_E10_0:
70
+ case ARMMMUIdx_E10_1:
71
+ case ARMMMUIdx_E10_1_PAN:
72
+ g_assert_not_reached();
73
+ }
74
+}
75
+
76
/* Return the SCTLR value which controls this address translation regime */
77
static inline uint64_t regime_sctlr(CPUARMState *env, ARMMMUIdx mmu_idx)
78
{
79
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
80
index XXXXXXX..XXXXXXX 100644
81
--- a/target/arm/cpu64.c
82
+++ b/target/arm/cpu64.c
83
@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
84
t = FIELD_DP64(t, ID_AA64MMFR2, FWB, 1); /* FEAT_S2FWB */
85
t = FIELD_DP64(t, ID_AA64MMFR2, TTL, 1); /* FEAT_TTL */
86
t = FIELD_DP64(t, ID_AA64MMFR2, BBM, 2); /* FEAT_BBM at level 2 */
87
+ t = FIELD_DP64(t, ID_AA64MMFR2, E0PD, 1); /* FEAT_E0PD */
88
cpu->isar.id_aa64mmfr2 = t;
89
90
t = cpu->isar.id_aa64zfr0;
13
diff --git a/target/arm/helper.c b/target/arm/helper.c
91
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
index XXXXXXX..XXXXXXX 100644
92
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/helper.c
93
--- a/target/arm/helper.c
16
+++ b/target/arm/helper.c
94
+++ b/target/arm/helper.c
17
@@ -XXX,XX +XXX,XX @@ static uint64_t id_aa64pfr0_read(CPUARMState *env, const ARMCPRegInfo *ri)
95
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
18
#endif
96
ps = extract32(tcr, 16, 3);
19
97
ds = extract64(tcr, 32, 1);
20
/* Shared logic between LORID and the rest of the LOR* registers.
98
} else {
21
- * Secure state has already been delt with.
99
+ bool e0pd;
22
+ * Secure state exclusion has already been dealt with.
100
+
23
*/
101
/*
24
-static CPAccessResult access_lor_ns(CPUARMState *env)
102
* Bit 55 is always between the two regions, and is canonical for
25
+static CPAccessResult access_lor_ns(CPUARMState *env,
103
* determining if address tagging is enabled.
26
+ const ARMCPRegInfo *ri, bool isread)
104
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
27
{
105
epd = extract32(tcr, 7, 1);
28
int el = arm_current_el(env);
106
sh = extract32(tcr, 12, 2);
29
107
hpd = extract64(tcr, 41, 1);
30
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_lor_ns(CPUARMState *env)
108
+ e0pd = extract64(tcr, 55, 1);
31
return CP_ACCESS_OK;
109
} else {
110
tsz = extract32(tcr, 16, 6);
111
gran = tg1_to_gran_size(extract32(tcr, 30, 2));
112
epd = extract32(tcr, 23, 1);
113
sh = extract32(tcr, 28, 2);
114
hpd = extract64(tcr, 42, 1);
115
+ e0pd = extract64(tcr, 56, 1);
116
}
117
ps = extract64(tcr, 32, 3);
118
ds = extract64(tcr, 59, 1);
119
+
120
+ if (e0pd && cpu_isar_feature(aa64_e0pd, cpu) &&
121
+ regime_is_user(env, mmu_idx)) {
122
+ epd = true;
123
+ }
124
}
125
126
gran = sanitize_gran_size(cpu, gran, stage2);
127
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
128
index XXXXXXX..XXXXXXX 100644
129
--- a/target/arm/ptw.c
130
+++ b/target/arm/ptw.c
131
@@ -XXX,XX +XXX,XX @@ static bool regime_translation_big_endian(CPUARMState *env, ARMMMUIdx mmu_idx)
132
return (regime_sctlr(env, mmu_idx) & SCTLR_EE) != 0;
32
}
133
}
33
134
34
-static CPAccessResult access_lorid(CPUARMState *env, const ARMCPRegInfo *ri,
135
-static bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
35
- bool isread)
36
-{
136
-{
37
- if (arm_is_secure_below_el3(env)) {
137
- switch (mmu_idx) {
38
- /* Access ok in secure mode. */
138
- case ARMMMUIdx_E20_0:
39
- return CP_ACCESS_OK;
139
- case ARMMMUIdx_Stage1_E0:
140
- case ARMMMUIdx_MUser:
141
- case ARMMMUIdx_MSUser:
142
- case ARMMMUIdx_MUserNegPri:
143
- case ARMMMUIdx_MSUserNegPri:
144
- return true;
145
- default:
146
- return false;
147
- case ARMMMUIdx_E10_0:
148
- case ARMMMUIdx_E10_1:
149
- case ARMMMUIdx_E10_1_PAN:
150
- g_assert_not_reached();
40
- }
151
- }
41
- return access_lor_ns(env);
42
-}
152
-}
43
-
153
-
44
static CPAccessResult access_lor_other(CPUARMState *env,
154
/* Return the TTBR associated with this translation regime */
45
const ARMCPRegInfo *ri, bool isread)
155
static uint64_t regime_ttbr(CPUARMState *env, ARMMMUIdx mmu_idx, int ttbrn)
46
{
156
{
47
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_lor_other(CPUARMState *env,
48
/* Access denied in secure mode. */
49
return CP_ACCESS_TRAP;
50
}
51
- return access_lor_ns(env);
52
+ return access_lor_ns(env, ri, isread);
53
}
54
55
/*
56
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo lor_reginfo[] = {
57
.type = ARM_CP_CONST, .resetvalue = 0 },
58
{ .name = "LORID_EL1", .state = ARM_CP_STATE_AA64,
59
.opc0 = 3, .opc1 = 0, .crn = 10, .crm = 4, .opc2 = 7,
60
- .access = PL1_R, .accessfn = access_lorid,
61
+ .access = PL1_R, .accessfn = access_lor_ns,
62
.type = ARM_CP_CONST, .resetvalue = 0 },
63
REGINFO_SENTINEL
64
};
65
--
157
--
66
2.20.1
158
2.25.1
67
68
diff view generated by jsdifflib
New patch
[PULL 02/30] hw/arm/virt: Fix devicetree warnings about the virtio-iommu node
1
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
1
2
3
The "PCI Bus Binding to: IEEE Std 1275-1994" defines the compatible
4
string for a PCIe bus or endpoint as "pci<vendorid>,<deviceid>" or
5
similar. Since the initial binding for PCI virtio-iommu didn't follow
6
this rule, it was modified to accept both strings and ensure backward
7
compatibility. Also, the unit-name for the node should be
8
"device,function".
9
10
Fix corresponding dt-validate and dtc warnings:
11
12
pcie@10000000: virtio_iommu@16:compatible: ['virtio,pci-iommu'] does not contain items matching the given schema
13
pcie@10000000: Unevaluated properties are not allowed (... 'virtio_iommu@16' were unexpected)
14
From schema: linux/Documentation/devicetree/bindings/pci/host-generic-pci.yaml
15
virtio_iommu@16: compatible: 'oneOf' conditional failed, one must be fixed:
16
['virtio,pci-iommu'] is too short
17
'pci1af4,1057' was expected
18
From schema: dtschema/schemas/pci/pci-bus.yaml
19
20
Warning (pci_device_reg): /pcie@10000000/virtio_iommu@16: PCI unit address format error, expected "2,0"
21
22
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
23
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
24
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
25
---
26
hw/arm/virt.c | 5 +++--
27
1 file changed, 3 insertions(+), 2 deletions(-)
28
29
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
30
index XXXXXXX..XXXXXXX 100644
31
--- a/hw/arm/virt.c
32
+++ b/hw/arm/virt.c
33
@@ -XXX,XX +XXX,XX @@ static void create_smmu(const VirtMachineState *vms,
34
35
static void create_virtio_iommu_dt_bindings(VirtMachineState *vms)
36
{
37
- const char compat[] = "virtio,pci-iommu";
38
+ const char compat[] = "virtio,pci-iommu\0pci1af4,1057";
39
uint16_t bdf = vms->virtio_iommu_bdf;
40
MachineState *ms = MACHINE(vms);
41
char *node;
42
43
vms->iommu_phandle = qemu_fdt_alloc_phandle(ms->fdt);
44
45
- node = g_strdup_printf("%s/virtio_iommu@%d", vms->pciehb_nodename, bdf);
46
+ node = g_strdup_printf("%s/virtio_iommu@%x,%x", vms->pciehb_nodename,
47
+ PCI_SLOT(bdf), PCI_FUNC(bdf));
48
qemu_fdt_add_subnode(ms->fdt, node);
49
qemu_fdt_setprop(ms->fdt, node, "compatible", compat, sizeof(compat));
50
qemu_fdt_setprop_sized_cells(ms->fdt, node, "reg",
51
--
52
2.25.1
diff view generated by jsdifflib
New patch
[PULL 03/30] target/arm: honor HCR_E2H and HCR_TGE in arm_excp_unmasked()
1
From: Ake Koomsin <ake@igel.co.jp>
1
2
3
An exception targeting EL2 from lower EL is actually maskable when
4
HCR_E2H and HCR_TGE are both set. This applies to both secure and
5
non-secure Security state.
6
7
We can remove the conditions that try to suppress masking of
8
interrupts when we are Secure and the exception targets EL2 and
9
Secure EL2 is disabled. This is OK because in that situation
10
arm_phys_excp_target_el() will never return 2 as the target EL. The
11
'not if secure' check in this function was originally written before
12
arm_hcr_el2_eff(), and back then the target EL returned by
13
arm_phys_excp_target_el() could be 2 even if we were in Secure
14
EL0/EL1; but it is no longer needed.
15
16
Signed-off-by: Ake Koomsin <ake@igel.co.jp>
17
Message-id: 20221017092432.546881-1-ake@igel.co.jp
18
[PMM: Add commit message paragraph explaining why it's OK to
19
remove the checks on secure and SCR_EEL2]
20
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
21
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
---
23
target/arm/cpu.c | 24 +++++++++++++++++-------
24
1 file changed, 17 insertions(+), 7 deletions(-)
25
26
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
27
index XXXXXXX..XXXXXXX 100644
28
--- a/target/arm/cpu.c
29
+++ b/target/arm/cpu.c
30
@@ -XXX,XX +XXX,XX @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
31
if ((target_el > cur_el) && (target_el != 1)) {
32
/* Exceptions targeting a higher EL may not be maskable */
33
if (arm_feature(env, ARM_FEATURE_AARCH64)) {
34
- /*
35
- * 64-bit masking rules are simple: exceptions to EL3
36
- * can't be masked, and exceptions to EL2 can only be
37
- * masked from Secure state. The HCR and SCR settings
38
- * don't affect the masking logic, only the interrupt routing.
39
- */
40
- if (target_el == 3 || !secure || (env->cp15.scr_el3 & SCR_EEL2)) {
41
+ switch (target_el) {
42
+ case 2:
43
+ /*
44
+ * According to ARM DDI 0487H.a, an interrupt can be masked
45
+ * when HCR_E2H and HCR_TGE are both set regardless of the
46
+ * current Security state. Note that we need to revisit this
47
+ * part again once we need to support NMI.
48
+ */
49
+ if ((hcr_el2 & (HCR_E2H | HCR_TGE)) != (HCR_E2H | HCR_TGE)) {
50
+ unmasked = true;
51
+ }
52
+ break;
53
+ case 3:
54
+ /* Interrupt cannot be masked when the target EL is 3 */
55
unmasked = true;
56
+ break;
57
+ default:
58
+ g_assert_not_reached();
59
}
60
} else {
61
/*
62
--
63
2.25.1
diff view generated by jsdifflib
[PULL 26/26] tests/qtest/npcm7xx_rng-test: Disable randomness tests
[PULL 04/30] hw/core/resettable: fix reset level counting
1
The randomness tests in the NPCM7xx RNG test fail intermittently
1
From: Damien Hedde <damien.hedde@greensocs.com>
2
but fairly frequently. On my machine running the test in a loop:
3
while QTEST_QEMU_BINARY=./qemu-system-aarch64 ./tests/qtest/npcm7xx_rng-test; do true; done
4
2
5
will fail in less than a minute with an error like:
3
The code for handling the reset level count in the Resettable code
6
ERROR:../../tests/qtest/npcm7xx_rng-test.c:256:test_first_byte_runs:
4
has two issues:
7
assertion failed (calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE) > 0.01): (0.00286205989 > 0.01)
8
5
9
(Failures have been observed on all 4 of the randomness tests,
6
The reset count is only decremented for the 1->0 case. This means
10
not just first_byte_runs.)
7
that if there's ever a nested reset that takes the count to 2 then it
8
will never again be decremented. Eventually the count will exceed
9
the '50' limit in resettable_phase_enter() and QEMU will trip over
10
the assertion failure. The repro case in issue 1266 is an example of
11
this that happens now the SCSI subsystem uses three-phase reset.
11
12
12
It's not clear why these tests are failing like this, but intermittent
13
Secondly, the count is decremented only after the exit phase handler
13
failures make CI and merge testing awkward, so disable running them
14
is called. Moving the reset count decrement from "just after" to
14
unless a developer specifically sets QEMU_TEST_FLAKY_RNG_TESTS when
15
"just before" calling the exit phase handler allows
15
running the test suite, until we work out the cause.
16
resettable_is_in_reset() to return false during the handler
17
execution.
16
18
19
This simplifies reset handling in resettable devices. Typically, a
20
function that updates the device state will just need to read the
21
current reset state and not anymore treat the "in a reset-exit
22
transition" as a special case.
23
24
Note that the semantics change to the *_is_in_reset() functions
25
will have no effect on the current codebase, because only two
26
devices (hw/char/cadence_uart.c and hw/misc/zynq_sclr.c) currently
27
call those functions, and in neither case do they do it from the
28
device's exit phase methed.
29
30
Fixes: 4a5fc890 ("scsi: Use device_cold_reset() and bus_cold_reset()")
31
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1266
32
Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
33
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
34
Reported-by: Michael Peter <michael.peter@hensoldt-cyber.com>
19
Message-id: 20201102152454.8287-1-peter.maydell@linaro.org
35
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
20
Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
36
Message-id: 20221020142749.3357951-1-peter.maydell@linaro.org
37
Buglink: https://bugs.launchpad.net/qemu/+bug/1905297
38
Reported-by: Michael Peter <michael.peter@hensoldt-cyber.com>
39
[PMM: adjust the docs paragraph changed to get the name of the
40
'enter' phase right and to clarify exactly when the count is
41
adjusted; rewrite the commit message]
42
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
21
---
43
---
22
tests/qtest/npcm7xx_rng-test.c | 14 ++++++++++----
44
docs/devel/reset.rst | 8 +++++---
23
1 file changed, 10 insertions(+), 4 deletions(-)
45
hw/core/resettable.c | 3 +--
46
2 files changed, 6 insertions(+), 5 deletions(-)
24
47
25
diff --git a/tests/qtest/npcm7xx_rng-test.c b/tests/qtest/npcm7xx_rng-test.c
48
diff --git a/docs/devel/reset.rst b/docs/devel/reset.rst
26
index XXXXXXX..XXXXXXX 100644
49
index XXXXXXX..XXXXXXX 100644
27
--- a/tests/qtest/npcm7xx_rng-test.c
50
--- a/docs/devel/reset.rst
28
+++ b/tests/qtest/npcm7xx_rng-test.c
51
+++ b/docs/devel/reset.rst
29
@@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv)
52
@@ -XXX,XX +XXX,XX @@ Polling the reset state
30
53
Resettable interface provides the ``resettable_is_in_reset()`` function.
31
qtest_add_func("npcm7xx_rng/enable_disable", test_enable_disable);
54
This function returns true if the object parameter is currently under reset.
32
qtest_add_func("npcm7xx_rng/rosel", test_rosel);
55
33
- qtest_add_func("npcm7xx_rng/continuous/monobit", test_continuous_monobit);
56
-An object is under reset from the beginning of the *init* phase to the end of
34
- qtest_add_func("npcm7xx_rng/continuous/runs", test_continuous_runs);
57
-the *exit* phase. During all three phases, the function will return that the
35
- qtest_add_func("npcm7xx_rng/first_byte/monobit", test_first_byte_monobit);
58
-object is in reset.
36
- qtest_add_func("npcm7xx_rng/first_byte/runs", test_first_byte_runs);
59
+An object is under reset from the beginning of the *enter* phase (before
37
+ /*
60
+either its children or its own enter method is called) to the *exit*
38
+ * These tests fail intermittently; only run them on explicit
61
+phase. During *enter* and *hold* phase only, the function will return that the
39
+ * request until we figure out why.
62
+object is in reset. The state is changed after the *exit* is propagated to
40
+ */
63
+its children and just before calling the object's own *exit* method.
41
+ if (getenv("QEMU_TEST_FLAKY_RNG_TESTS")) {
64
42
+ qtest_add_func("npcm7xx_rng/continuous/monobit", test_continuous_monobit);
65
This function may be used if the object behavior has to be adapted
43
+ qtest_add_func("npcm7xx_rng/continuous/runs", test_continuous_runs);
66
while in reset state. For example if a device has an irq input,
44
+ qtest_add_func("npcm7xx_rng/first_byte/monobit", test_first_byte_monobit);
67
diff --git a/hw/core/resettable.c b/hw/core/resettable.c
45
+ qtest_add_func("npcm7xx_rng/first_byte/runs", test_first_byte_runs);
68
index XXXXXXX..XXXXXXX 100644
46
+ }
69
--- a/hw/core/resettable.c
47
70
+++ b/hw/core/resettable.c
48
qtest_start("-machine npcm750-evb");
71
@@ -XXX,XX +XXX,XX @@ static void resettable_phase_exit(Object *obj, void *opaque, ResetType type)
49
ret = g_test_run();
72
resettable_child_foreach(rc, obj, resettable_phase_exit, NULL, type);
73
74
assert(s->count > 0);
75
- if (s->count == 1) {
76
+ if (--s->count == 0) {
77
trace_resettable_phase_exit_exec(obj, obj_typename, !!rc->phases.exit);
78
if (rc->phases.exit && !resettable_get_tr_func(rc, obj)) {
79
rc->phases.exit(obj);
80
}
81
- s->count = 0;
82
}
83
s->exit_phase_in_progress = false;
84
trace_resettable_phase_exit_end(obj, obj_typename, s->count);
50
--
85
--
51
2.20.1
86
2.25.1
52
87
53
88
diff view generated by jsdifflib
[PULL 25/26] qemu-option-trace.rst.inc: Don't use option:: markup
[PULL 05/30] hw/hyperv/hyperv.c: Use device_cold_reset() instead of device_legacy_reset()
1
Sphinx 3.2 is pickier than earlier versions about the option:: markup,
1
The semantic difference between the deprecated device_legacy_reset()
2
and complains about our usage in qemu-option-trace.rst:
2
function and the newer device_cold_reset() function is that the new
3
3
function resets both the device itself and any qbuses it owns,
4
../../docs/qemu-option-trace.rst.inc:4:Malformed option description
4
whereas the legacy function resets just the device itself and nothing
5
'[enable=]PATTERN', should look like "opt", "-opt args", "--opt args",
5
else. In hyperv_synic_reset() we reset a SynICState, which has no
6
"/opt args" or "+opt args"
6
qbuses, so for this purpose the two functions behave identically and
7
7
we can stop using the deprecated one.
8
In this file, we're really trying to document the different parts of
9
the top-level --trace option, which qemu-nbd.rst and qemu-img.rst
10
have already introduced with an option:: markup. So it's not right
11
to use option:: here anyway. Switch to a different markup
12
(definition lists) which gives about the same formatted output.
13
14
(Unlike option::, this markup doesn't produce index entries; but
15
at the moment we don't do anything much with indexes anyway, and
16
in any case I think it doesn't make much sense to have individual
17
index entries for the sub-parts of the --trace option.)
18
8
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
10
Reviewed-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
21
Tested-by: Stefan Hajnoczi <stefanha@redhat.com>
11
Message-id: 20221013171817.1447562-1-peter.maydell@linaro.org
22
Message-id: 20201030174700.7204-3-peter.maydell@linaro.org
23
---
12
---
24
docs/qemu-option-trace.rst.inc | 6 +++---
13
hw/hyperv/hyperv.c | 2 +-
25
1 file changed, 3 insertions(+), 3 deletions(-)
14
1 file changed, 1 insertion(+), 1 deletion(-)
26
15
27
diff --git a/docs/qemu-option-trace.rst.inc b/docs/qemu-option-trace.rst.inc
16
diff --git a/hw/hyperv/hyperv.c b/hw/hyperv/hyperv.c
28
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
29
--- a/docs/qemu-option-trace.rst.inc
18
--- a/hw/hyperv/hyperv.c
30
+++ b/docs/qemu-option-trace.rst.inc
19
+++ b/hw/hyperv/hyperv.c
31
@@ -XXX,XX +XXX,XX @@
20
@@ -XXX,XX +XXX,XX @@ void hyperv_synic_reset(CPUState *cs)
32
21
SynICState *synic = get_synic(cs);
33
Specify tracing options.
22
34
23
if (synic) {
35
-.. option:: [enable=]PATTERN
24
- device_legacy_reset(DEVICE(synic));
36
+``[enable=]PATTERN``
25
+ device_cold_reset(DEVICE(synic));
37
26
}
38
Immediately enable events matching *PATTERN*
27
}
39
(either event name or a globbing pattern). This option is only
28
40
@@ -XXX,XX +XXX,XX @@ Specify tracing options.
41
42
Use :option:`-trace help` to print a list of names of trace points.
43
44
-.. option:: events=FILE
45
+``events=FILE``
46
47
Immediately enable events listed in *FILE*.
48
The file must contain one event name (as listed in the ``trace-events-all``
49
@@ -XXX,XX +XXX,XX @@ Specify tracing options.
50
available if QEMU has been compiled with the ``simple``, ``log`` or
51
``ftrace`` tracing backend.
52
53
-.. option:: file=FILE
54
+``file=FILE``
55
56
Log output traces to *FILE*.
57
This option is only available if QEMU has been compiled with
58
--
29
--
59
2.20.1
30
2.25.1
60
61
diff view generated by jsdifflib
New patch
[PULL 06/30] target/imx: reload cmp timer outside of the reload ptimer transaction
1
From: Axel Heider <axel.heider@hensoldt.net>
1
2
3
When running seL4 tests (https://docs.sel4.systems/projects/sel4test)
4
on the sabrelight platform, the timer tests fail. The arm/imx6 EPIT
5
timer interrupt does not fire properly, instead of a e.g. second in
6
can take up to a minute to finally see the interrupt.
7
8
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1263
9
10
Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
11
Message-id: 166663118138.13362.1229967229046092876-0@git.sr.ht
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
15
hw/timer/imx_epit.c | 9 +++++++--
16
1 file changed, 7 insertions(+), 2 deletions(-)
17
18
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
19
index XXXXXXX..XXXXXXX 100644
20
--- a/hw/timer/imx_epit.c
21
+++ b/hw/timer/imx_epit.c
22
@@ -XXX,XX +XXX,XX @@ static void imx_epit_write(void *opaque, hwaddr offset, uint64_t value,
23
/* If IOVW bit is set then set the timer value */
24
ptimer_set_count(s->timer_reload, s->lr);
25
}
26
-
27
+ /*
28
+ * Commit the change to s->timer_reload, so it can propagate. Otherwise
29
+ * the timer interrupt may not fire properly. The commit must happen
30
+ * before calling imx_epit_reload_compare_timer(), which reads
31
+ * s->timer_reload internally again.
32
+ */
33
+ ptimer_transaction_commit(s->timer_reload);
34
imx_epit_reload_compare_timer(s);
35
ptimer_transaction_commit(s->timer_cmp);
36
- ptimer_transaction_commit(s->timer_reload);
37
break;
38
39
case 3: /* CMP */
40
--
41
2.25.1
diff view generated by jsdifflib
[PULL 06/26] target/arm: Expand read/write_neon_element32 to all MemOp
[PULL 07/30] target/arm: Introduce regime_is_stage2
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
We can then use this to improve VMOV (scalar to gp) and
3
Reduce the amount of typing required for this check.
4
VMOV (gp to scalar) so that we simply perform the memory
5
operation that we wanted, rather than inserting or
6
extracting from a 32-bit quantity.
7
4
8
These were the last uses of neon_load/store_reg, so remove them.
5
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
9
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
10
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Message-id: 20201030022618.785675-7-richard.henderson@linaro.org
8
Message-id: 20221024051851.3074715-2-richard.henderson@linaro.org
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
10
---
15
target/arm/translate.c | 50 +++++++++++++-----------
11
target/arm/internals.h | 5 +++++
16
target/arm/translate-vfp.c.inc | 71 +++++-----------------------------
12
target/arm/helper.c | 14 +++++---------
17
2 files changed, 37 insertions(+), 84 deletions(-)
13
target/arm/ptw.c | 14 ++++++--------
14
3 files changed, 16 insertions(+), 17 deletions(-)
18
15
19
diff --git a/target/arm/translate.c b/target/arm/translate.c
16
diff --git a/target/arm/internals.h b/target/arm/internals.h
20
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
21
--- a/target/arm/translate.c
18
--- a/target/arm/internals.h
22
+++ b/target/arm/translate.c
19
+++ b/target/arm/internals.h
23
@@ -XXX,XX +XXX,XX @@ static long neon_full_reg_offset(unsigned reg)
20
@@ -XXX,XX +XXX,XX @@ static inline bool regime_is_pan(CPUARMState *env, ARMMMUIdx mmu_idx)
24
* Return the offset of a 2**SIZE piece of a NEON register, at index ELE,
25
* where 0 is the least significant end of the register.
26
*/
27
-static long neon_element_offset(int reg, int element, MemOp size)
28
+static long neon_element_offset(int reg, int element, MemOp memop)
29
{
30
- int element_size = 1 << size;
31
+ int element_size = 1 << (memop & MO_SIZE);
32
int ofs = element * element_size;
33
#ifdef HOST_WORDS_BIGENDIAN
34
/*
35
@@ -XXX,XX +XXX,XX @@ static long vfp_reg_offset(bool dp, unsigned reg)
36
}
21
}
37
}
22
}
38
23
39
-static TCGv_i32 neon_load_reg(int reg, int pass)
24
+static inline bool regime_is_stage2(ARMMMUIdx mmu_idx)
40
-{
25
+{
41
- TCGv_i32 tmp = tcg_temp_new_i32();
26
+ return mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S;
42
- tcg_gen_ld_i32(tmp, cpu_env, neon_element_offset(reg, pass, MO_32));
27
+}
43
- return tmp;
28
+
44
-}
29
/* Return the exception level which controls this address translation regime */
45
-
30
static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
46
-static void neon_store_reg(int reg, int pass, TCGv_i32 var)
47
-{
48
- tcg_gen_st_i32(var, cpu_env, neon_element_offset(reg, pass, MO_32));
49
- tcg_temp_free_i32(var);
50
-}
51
-
52
static inline void neon_load_reg64(TCGv_i64 var, int reg)
53
{
31
{
54
tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
32
diff --git a/target/arm/helper.c b/target/arm/helper.c
55
@@ -XXX,XX +XXX,XX @@ static inline void neon_store_reg32(TCGv_i32 var, int reg)
33
index XXXXXXX..XXXXXXX 100644
56
tcg_gen_st_i32(var, cpu_env, vfp_reg_offset(false, reg));
34
--- a/target/arm/helper.c
57
}
35
+++ b/target/arm/helper.c
58
36
@@ -XXX,XX +XXX,XX @@ int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx)
59
-static void read_neon_element32(TCGv_i32 dest, int reg, int ele, MemOp size)
60
+static void read_neon_element32(TCGv_i32 dest, int reg, int ele, MemOp memop)
61
{
37
{
62
- long off = neon_element_offset(reg, ele, size);
38
if (regime_has_2_ranges(mmu_idx)) {
63
+ long off = neon_element_offset(reg, ele, memop);
39
return extract64(tcr, 37, 2);
64
40
- } else if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
65
- switch (size) {
41
+ } else if (regime_is_stage2(mmu_idx)) {
66
- case MO_32:
42
return 0; /* VTCR_EL2 */
67
+ switch (memop) {
43
} else {
68
+ case MO_SB:
44
/* Replicate the single TBI bit so we always have 2 bits. */
69
+ tcg_gen_ld8s_i32(dest, cpu_env, off);
45
@@ -XXX,XX +XXX,XX @@ int aa64_va_parameter_tbid(uint64_t tcr, ARMMMUIdx mmu_idx)
70
+ break;
46
{
71
+ case MO_UB:
47
if (regime_has_2_ranges(mmu_idx)) {
72
+ tcg_gen_ld8u_i32(dest, cpu_env, off);
48
return extract64(tcr, 51, 2);
73
+ break;
49
- } else if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
74
+ case MO_SW:
50
+ } else if (regime_is_stage2(mmu_idx)) {
75
+ tcg_gen_ld16s_i32(dest, cpu_env, off);
51
return 0; /* VTCR_EL2 */
76
+ break;
52
} else {
77
+ case MO_UW:
53
/* Replicate the single TBID bit so we always have 2 bits. */
78
+ tcg_gen_ld16u_i32(dest, cpu_env, off);
54
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
79
+ break;
55
int select, tsz, tbi, max_tsz, min_tsz, ps, sh;
80
+ case MO_UL:
56
ARMGranuleSize gran;
81
+ case MO_SL:
57
ARMCPU *cpu = env_archcpu(env);
82
tcg_gen_ld_i32(dest, cpu_env, off);
58
- bool stage2 = mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S;
83
break;
59
+ bool stage2 = regime_is_stage2(mmu_idx);
84
default:
60
85
@@ -XXX,XX +XXX,XX @@ static void read_neon_element32(TCGv_i32 dest, int reg, int ele, MemOp size)
61
if (!regime_has_2_ranges(mmu_idx)) {
62
select = 0;
63
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
64
}
65
ds = false;
66
} else if (ds) {
67
- switch (mmu_idx) {
68
- case ARMMMUIdx_Stage2:
69
- case ARMMMUIdx_Stage2_S:
70
+ if (regime_is_stage2(mmu_idx)) {
71
if (gran == Gran16K) {
72
ds = cpu_isar_feature(aa64_tgran16_2_lpa2, cpu);
73
} else {
74
ds = cpu_isar_feature(aa64_tgran4_2_lpa2, cpu);
75
}
76
- break;
77
- default:
78
+ } else {
79
if (gran == Gran16K) {
80
ds = cpu_isar_feature(aa64_tgran16_lpa2, cpu);
81
} else {
82
ds = cpu_isar_feature(aa64_tgran4_lpa2, cpu);
83
}
84
- break;
85
}
86
if (ds) {
87
min_tsz = 12;
88
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
89
index XXXXXXX..XXXXXXX 100644
90
--- a/target/arm/ptw.c
91
+++ b/target/arm/ptw.c
92
@@ -XXX,XX +XXX,XX @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
93
bool have_wxn;
94
int wxn = 0;
95
96
- assert(mmu_idx != ARMMMUIdx_Stage2);
97
- assert(mmu_idx != ARMMMUIdx_Stage2_S);
98
+ assert(!regime_is_stage2(mmu_idx));
99
100
user_rw = simple_ap_to_rw_prot_is_user(ap, true);
101
if (is_user) {
102
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
103
goto do_fault;
86
}
104
}
87
}
105
88
106
- if (mmu_idx != ARMMMUIdx_Stage2 && mmu_idx != ARMMMUIdx_Stage2_S) {
89
-static void write_neon_element32(TCGv_i32 src, int reg, int ele, MemOp size)
107
+ if (!regime_is_stage2(mmu_idx)) {
90
+static void write_neon_element32(TCGv_i32 src, int reg, int ele, MemOp memop)
108
/*
91
{
109
* The starting level depends on the virtual address size (which can
92
- long off = neon_element_offset(reg, ele, size);
110
* be up to 48 bits) and the translation granule size. It indicates
93
+ long off = neon_element_offset(reg, ele, memop);
111
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
94
112
attrs = extract64(descriptor, 2, 10)
95
- switch (size) {
113
| (extract64(descriptor, 52, 12) << 10);
96
+ switch (memop) {
114
97
+ case MO_8:
115
- if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
98
+ tcg_gen_st8_i32(src, cpu_env, off);
116
+ if (regime_is_stage2(mmu_idx)) {
99
+ break;
117
/* Stage 2 table descriptors do not include any attribute fields */
100
+ case MO_16:
118
break;
101
+ tcg_gen_st16_i32(src, cpu_env, off);
119
}
102
+ break;
120
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
103
case MO_32:
121
104
tcg_gen_st_i32(src, cpu_env, off);
122
ap = extract32(attrs, 4, 2);
105
break;
123
106
diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
124
- if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
107
index XXXXXXX..XXXXXXX 100644
125
+ if (regime_is_stage2(mmu_idx)) {
108
--- a/target/arm/translate-vfp.c.inc
126
ns = mmu_idx == ARMMMUIdx_Stage2;
109
+++ b/target/arm/translate-vfp.c.inc
127
xn = extract32(attrs, 11, 2);
110
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_to_gp(DisasContext *s, arg_VMOV_to_gp *a)
128
result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
111
{
129
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
112
/* VMOV scalar to general purpose register */
130
result->f.guarded = guarded;
113
TCGv_i32 tmp;
114
- int pass;
115
- uint32_t offset;
116
117
- /* SIZE == 2 is a VFP instruction; otherwise NEON. */
118
- if (a->size == 2
119
+ /* SIZE == MO_32 is a VFP instruction; otherwise NEON. */
120
+ if (a->size == MO_32
121
? !dc_isar_feature(aa32_fpsp_v2, s)
122
: !arm_dc_feature(s, ARM_FEATURE_NEON)) {
123
return false;
124
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_to_gp(DisasContext *s, arg_VMOV_to_gp *a)
125
return false;
126
}
131
}
127
132
128
- offset = a->index << a->size;
133
- if (mmu_idx == ARMMMUIdx_Stage2 || mmu_idx == ARMMMUIdx_Stage2_S) {
129
- pass = extract32(offset, 2, 1);
134
+ if (regime_is_stage2(mmu_idx)) {
130
- offset = extract32(offset, 0, 2) * 8;
135
result->cacheattrs.is_s2_format = true;
131
-
136
result->cacheattrs.attrs = extract32(attrs, 0, 4);
132
if (!vfp_access_check(s)) {
137
} else {
133
return true;
138
@@ -XXX,XX +XXX,XX @@ do_fault:
134
}
139
fi->type = fault_type;
135
140
fi->level = level;
136
- tmp = neon_load_reg(a->vn, pass);
141
/* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */
137
- switch (a->size) {
142
- fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_Stage2 ||
138
- case 0:
143
- mmu_idx == ARMMMUIdx_Stage2_S);
139
- if (offset) {
144
+ fi->stage2 = fi->s1ptw || regime_is_stage2(mmu_idx);
140
- tcg_gen_shri_i32(tmp, tmp, offset);
145
fi->s1ns = mmu_idx == ARMMMUIdx_Stage2;
141
- }
142
- if (a->u) {
143
- gen_uxtb(tmp);
144
- } else {
145
- gen_sxtb(tmp);
146
- }
147
- break;
148
- case 1:
149
- if (a->u) {
150
- if (offset) {
151
- tcg_gen_shri_i32(tmp, tmp, 16);
152
- } else {
153
- gen_uxth(tmp);
154
- }
155
- } else {
156
- if (offset) {
157
- tcg_gen_sari_i32(tmp, tmp, 16);
158
- } else {
159
- gen_sxth(tmp);
160
- }
161
- }
162
- break;
163
- case 2:
164
- break;
165
- }
166
+ tmp = tcg_temp_new_i32();
167
+ read_neon_element32(tmp, a->vn, a->index, a->size | (a->u ? 0 : MO_SIGN));
168
store_reg(s, a->rt, tmp);
169
170
return true;
171
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_to_gp(DisasContext *s, arg_VMOV_to_gp *a)
172
static bool trans_VMOV_from_gp(DisasContext *s, arg_VMOV_from_gp *a)
173
{
174
/* VMOV general purpose register to scalar */
175
- TCGv_i32 tmp, tmp2;
176
- int pass;
177
- uint32_t offset;
178
+ TCGv_i32 tmp;
179
180
- /* SIZE == 2 is a VFP instruction; otherwise NEON. */
181
- if (a->size == 2
182
+ /* SIZE == MO_32 is a VFP instruction; otherwise NEON. */
183
+ if (a->size == MO_32
184
? !dc_isar_feature(aa32_fpsp_v2, s)
185
: !arm_dc_feature(s, ARM_FEATURE_NEON)) {
186
return false;
187
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_from_gp(DisasContext *s, arg_VMOV_from_gp *a)
188
return false;
189
}
190
191
- offset = a->index << a->size;
192
- pass = extract32(offset, 2, 1);
193
- offset = extract32(offset, 0, 2) * 8;
194
-
195
if (!vfp_access_check(s)) {
196
return true;
197
}
198
199
tmp = load_reg(s, a->rt);
200
- switch (a->size) {
201
- case 0:
202
- tmp2 = neon_load_reg(a->vn, pass);
203
- tcg_gen_deposit_i32(tmp, tmp2, tmp, offset, 8);
204
- tcg_temp_free_i32(tmp2);
205
- break;
206
- case 1:
207
- tmp2 = neon_load_reg(a->vn, pass);
208
- tcg_gen_deposit_i32(tmp, tmp2, tmp, offset, 16);
209
- tcg_temp_free_i32(tmp2);
210
- break;
211
- case 2:
212
- break;
213
- }
214
- neon_store_reg(a->vn, pass, tmp);
215
+ write_neon_element32(tmp, a->vn, a->index, a->size);
216
+ tcg_temp_free_i32(tmp);
217
218
return true;
146
return true;
219
}
147
}
220
--
148
--
221
2.20.1
149
2.25.1
222
150
223
151
diff view generated by jsdifflib
[PULL 10/26] target/arm: Simplify do_long_3d and do_2scalar_long
[PULL 08/30] target/arm: Add ptw_idx to S1Translate
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
In both cases, we can sink the write-back and perform
3
Hoist the computation of the mmu_idx for the ptw up to
4
the accumulate into the normal destination temps.
4
get_phys_addr_with_struct and get_phys_addr_twostage.
5
This removes the duplicate check for stage2 disabled
6
from the middle of the walk, performing it only once.
5
7
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20201030022618.785675-11-richard.henderson@linaro.org
9
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Tested-by: Alex Bennée <alex.bennee@linaro.org>
11
Message-id: 20221024051851.3074715-3-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
13
---
11
target/arm/translate-neon.c.inc | 23 +++++++++--------------
14
target/arm/ptw.c | 71 ++++++++++++++++++++++++++++++++++++------------
12
1 file changed, 9 insertions(+), 14 deletions(-)
15
1 file changed, 54 insertions(+), 17 deletions(-)
13
16
14
diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
17
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
15
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/translate-neon.c.inc
19
--- a/target/arm/ptw.c
17
+++ b/target/arm/translate-neon.c.inc
20
+++ b/target/arm/ptw.c
18
@@ -XXX,XX +XXX,XX @@ static bool do_long_3d(DisasContext *s, arg_3diff *a,
21
@@ -XXX,XX +XXX,XX @@
19
if (accfn) {
22
20
tmp = tcg_temp_new_i64();
23
typedef struct S1Translate {
21
read_neon_element64(tmp, a->vd, 0, MO_64);
24
ARMMMUIdx in_mmu_idx;
22
- accfn(tmp, tmp, rd0);
25
+ ARMMMUIdx in_ptw_idx;
23
- write_neon_element64(tmp, a->vd, 0, MO_64);
26
bool in_secure;
24
+ accfn(rd0, tmp, rd0);
27
bool in_debug;
25
read_neon_element64(tmp, a->vd, 1, MO_64);
28
bool out_secure;
26
- accfn(tmp, tmp, rd1);
29
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
27
- write_neon_element64(tmp, a->vd, 1, MO_64);
30
{
28
+ accfn(rd1, tmp, rd1);
31
bool is_secure = ptw->in_secure;
29
tcg_temp_free_i64(tmp);
32
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
30
- } else {
33
- ARMMMUIdx s2_mmu_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
31
- write_neon_element64(rd0, a->vd, 0, MO_64);
34
- bool s2_phys = false;
32
- write_neon_element64(rd1, a->vd, 1, MO_64);
35
+ ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
36
uint8_t pte_attrs;
37
bool pte_secure;
38
39
- if (!arm_mmu_idx_is_stage1_of_2(mmu_idx)
40
- || regime_translation_disabled(env, s2_mmu_idx, is_secure)) {
41
- s2_mmu_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
42
- s2_phys = true;
43
- }
44
-
45
if (unlikely(ptw->in_debug)) {
46
/*
47
* From gdbstub, do not use softmmu so that we don't modify the
48
* state of the cpu at all, including softmmu tlb contents.
49
*/
50
- if (s2_phys) {
51
- ptw->out_phys = addr;
52
- pte_attrs = 0;
53
- pte_secure = is_secure;
54
- } else {
55
+ if (regime_is_stage2(s2_mmu_idx)) {
56
S1Translate s2ptw = {
57
.in_mmu_idx = s2_mmu_idx,
58
+ .in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS,
59
.in_secure = is_secure,
60
.in_debug = true,
61
};
62
GetPhysAddrResult s2 = { };
63
+
64
if (!get_phys_addr_lpae(env, &s2ptw, addr, MMU_DATA_LOAD,
65
false, &s2, fi)) {
66
goto fail;
67
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
68
ptw->out_phys = s2.f.phys_addr;
69
pte_attrs = s2.cacheattrs.attrs;
70
pte_secure = s2.f.attrs.secure;
71
+ } else {
72
+ /* Regime is physical. */
73
+ ptw->out_phys = addr;
74
+ pte_attrs = 0;
75
+ pte_secure = is_secure;
76
}
77
ptw->out_host = NULL;
78
} else {
79
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
80
pte_secure = full->attrs.secure;
33
}
81
}
34
82
35
+ write_neon_element64(rd0, a->vd, 0, MO_64);
83
- if (!s2_phys) {
36
+ write_neon_element64(rd1, a->vd, 1, MO_64);
84
+ if (regime_is_stage2(s2_mmu_idx)) {
37
tcg_temp_free_i64(rd0);
85
uint64_t hcr = arm_hcr_el2_eff_secstate(env, is_secure);
38
tcg_temp_free_i64(rd1);
86
39
87
if ((hcr & HCR_PTW) && S2_attrs_are_device(hcr, pte_attrs)) {
40
@@ -XXX,XX +XXX,XX @@ static bool do_2scalar_long(DisasContext *s, arg_2scalar *a,
88
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
41
if (accfn) {
89
descaddr |= (address >> (stride * (4 - level))) & indexmask;
42
TCGv_i64 t64 = tcg_temp_new_i64();
90
descaddr &= ~7ULL;
43
read_neon_element64(t64, a->vd, 0, MO_64);
91
nstable = extract32(tableattrs, 4, 1);
44
- accfn(t64, t64, rn0_64);
92
- ptw->in_secure = !nstable;
45
- write_neon_element64(t64, a->vd, 0, MO_64);
93
+ if (!nstable) {
46
+ accfn(rn0_64, t64, rn0_64);
94
+ /*
47
read_neon_element64(t64, a->vd, 1, MO_64);
95
+ * Stage2_S -> Stage2 or Phys_S -> Phys_NS
48
- accfn(t64, t64, rn1_64);
96
+ * Assert that the non-secure idx are even, and relative order.
49
- write_neon_element64(t64, a->vd, 1, MO_64);
97
+ */
50
+ accfn(rn1_64, t64, rn1_64);
98
+ QEMU_BUILD_BUG_ON((ARMMMUIdx_Phys_NS & 1) != 0);
51
tcg_temp_free_i64(t64);
99
+ QEMU_BUILD_BUG_ON((ARMMMUIdx_Stage2 & 1) != 0);
52
- } else {
100
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_NS + 1 != ARMMMUIdx_Phys_S);
53
- write_neon_element64(rn0_64, a->vd, 0, MO_64);
101
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Stage2 + 1 != ARMMMUIdx_Stage2_S);
54
- write_neon_element64(rn1_64, a->vd, 1, MO_64);
102
+ ptw->in_ptw_idx &= ~1;
103
+ ptw->in_secure = false;
104
+ }
105
descriptor = arm_ldq_ptw(env, ptw, descaddr, fi);
106
if (fi->type != ARMFault_None) {
107
goto do_fault;
108
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
109
110
is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
111
ptw->in_mmu_idx = s2walk_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
112
+ ptw->in_ptw_idx = s2walk_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
113
ptw->in_secure = s2walk_secure;
114
115
/*
116
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
117
ARMMMUFaultInfo *fi)
118
{
119
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
120
- ARMMMUIdx s1_mmu_idx = stage_1_mmu_idx(mmu_idx);
121
bool is_secure = ptw->in_secure;
122
+ ARMMMUIdx s1_mmu_idx;
123
124
- if (mmu_idx != s1_mmu_idx) {
125
+ switch (mmu_idx) {
126
+ case ARMMMUIdx_Phys_S:
127
+ case ARMMMUIdx_Phys_NS:
128
+ /* Checking Phys early avoids special casing later vs regime_el. */
129
+ return get_phys_addr_disabled(env, address, access_type, mmu_idx,
130
+ is_secure, result, fi);
131
+
132
+ case ARMMMUIdx_Stage1_E0:
133
+ case ARMMMUIdx_Stage1_E1:
134
+ case ARMMMUIdx_Stage1_E1_PAN:
135
+ /* First stage lookup uses second stage for ptw. */
136
+ ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
137
+ break;
138
+
139
+ case ARMMMUIdx_E10_0:
140
+ s1_mmu_idx = ARMMMUIdx_Stage1_E0;
141
+ goto do_twostage;
142
+ case ARMMMUIdx_E10_1:
143
+ s1_mmu_idx = ARMMMUIdx_Stage1_E1;
144
+ goto do_twostage;
145
+ case ARMMMUIdx_E10_1_PAN:
146
+ s1_mmu_idx = ARMMMUIdx_Stage1_E1_PAN;
147
+ do_twostage:
148
/*
149
* Call ourselves recursively to do the stage 1 and then stage 2
150
* translations if mmu_idx is a two-stage regime, and EL2 present.
151
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
152
return get_phys_addr_twostage(env, ptw, address, access_type,
153
result, fi);
154
}
155
+ /* fall through */
156
+
157
+ default:
158
+ /* Single stage and second stage uses physical for ptw. */
159
+ ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
160
+ break;
55
}
161
}
56
+
162
57
+ write_neon_element64(rn0_64, a->vd, 0, MO_64);
163
/*
58
+ write_neon_element64(rn1_64, a->vd, 1, MO_64);
59
tcg_temp_free_i64(rn0_64);
60
tcg_temp_free_i64(rn1_64);
61
return true;
62
--
164
--
63
2.20.1
165
2.25.1
64
166
65
167
diff view generated by jsdifflib
[PULL 08/26] target/arm: Add read/write_neon_element64
[PULL 09/30] target/arm: Add isar predicates for FEAT_HAFDBS
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Replace all uses of neon_load/store_reg64 within translate-neon.c.inc.
3
The MMFR1 field may indicate support for hardware update of
4
access flag alone, or access flag and dirty bit.
4
5
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Message-id: 20201030022618.785675-9-richard.henderson@linaro.org
8
Message-id: 20221024051851.3074715-4-richard.henderson@linaro.org
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
---
10
target/arm/translate.c | 26 +++++++++
11
target/arm/cpu.h | 10 ++++++++++
11
target/arm/translate-neon.c.inc | 94 ++++++++++++++++-----------------
12
1 file changed, 10 insertions(+)
12
2 files changed, 73 insertions(+), 47 deletions(-)
13
13
14
diff --git a/target/arm/translate.c b/target/arm/translate.c
14
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
15
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/translate.c
16
--- a/target/arm/cpu.h
17
+++ b/target/arm/translate.c
17
+++ b/target/arm/cpu.h
18
@@ -XXX,XX +XXX,XX @@ static void read_neon_element32(TCGv_i32 dest, int reg, int ele, MemOp memop)
18
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_e0pd(const ARMISARegisters *id)
19
}
19
return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, E0PD) != 0;
20
}
20
}
21
21
22
+static void read_neon_element64(TCGv_i64 dest, int reg, int ele, MemOp memop)
22
+static inline bool isar_feature_aa64_hafs(const ARMISARegisters *id)
23
+{
23
+{
24
+ long off = neon_element_offset(reg, ele, memop);
24
+ return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, HAFDBS) != 0;
25
+
26
+ switch (memop) {
27
+ case MO_Q:
28
+ tcg_gen_ld_i64(dest, cpu_env, off);
29
+ break;
30
+ default:
31
+ g_assert_not_reached();
32
+ }
33
+}
25
+}
34
+
26
+
35
static void write_neon_element32(TCGv_i32 src, int reg, int ele, MemOp memop)
27
+static inline bool isar_feature_aa64_hdbs(const ARMISARegisters *id)
36
{
37
long off = neon_element_offset(reg, ele, memop);
38
@@ -XXX,XX +XXX,XX @@ static void write_neon_element32(TCGv_i32 src, int reg, int ele, MemOp memop)
39
}
40
}
41
42
+static void write_neon_element64(TCGv_i64 src, int reg, int ele, MemOp memop)
43
+{
28
+{
44
+ long off = neon_element_offset(reg, ele, memop);
29
+ return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, HAFDBS) >= 2;
45
+
46
+ switch (memop) {
47
+ case MO_64:
48
+ tcg_gen_st_i64(src, cpu_env, off);
49
+ break;
50
+ default:
51
+ g_assert_not_reached();
52
+ }
53
+}
30
+}
54
+
31
+
55
static TCGv_ptr vfp_reg_ptr(bool dp, int reg)
32
static inline bool isar_feature_aa64_tts2uxn(const ARMISARegisters *id)
56
{
33
{
57
TCGv_ptr ret = tcg_temp_new_ptr();
34
return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, XNX) != 0;
58
diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
59
index XXXXXXX..XXXXXXX 100644
60
--- a/target/arm/translate-neon.c.inc
61
+++ b/target/arm/translate-neon.c.inc
62
@@ -XXX,XX +XXX,XX @@ static bool do_2shift_env_64(DisasContext *s, arg_2reg_shift *a,
63
for (pass = 0; pass < a->q + 1; pass++) {
64
TCGv_i64 tmp = tcg_temp_new_i64();
65
66
- neon_load_reg64(tmp, a->vm + pass);
67
+ read_neon_element64(tmp, a->vm, pass, MO_64);
68
fn(tmp, cpu_env, tmp, constimm);
69
- neon_store_reg64(tmp, a->vd + pass);
70
+ write_neon_element64(tmp, a->vd, pass, MO_64);
71
tcg_temp_free_i64(tmp);
72
}
73
tcg_temp_free_i64(constimm);
74
@@ -XXX,XX +XXX,XX @@ static bool do_2shift_narrow_64(DisasContext *s, arg_2reg_shift *a,
75
rd = tcg_temp_new_i32();
76
77
/* Load both inputs first to avoid potential overwrite if rm == rd */
78
- neon_load_reg64(rm1, a->vm);
79
- neon_load_reg64(rm2, a->vm + 1);
80
+ read_neon_element64(rm1, a->vm, 0, MO_64);
81
+ read_neon_element64(rm2, a->vm, 1, MO_64);
82
83
shiftfn(rm1, rm1, constimm);
84
narrowfn(rd, cpu_env, rm1);
85
@@ -XXX,XX +XXX,XX @@ static bool do_vshll_2sh(DisasContext *s, arg_2reg_shift *a,
86
tcg_gen_shli_i64(tmp, tmp, a->shift);
87
tcg_gen_andi_i64(tmp, tmp, ~widen_mask);
88
}
89
- neon_store_reg64(tmp, a->vd);
90
+ write_neon_element64(tmp, a->vd, 0, MO_64);
91
92
widenfn(tmp, rm1);
93
tcg_temp_free_i32(rm1);
94
@@ -XXX,XX +XXX,XX @@ static bool do_vshll_2sh(DisasContext *s, arg_2reg_shift *a,
95
tcg_gen_shli_i64(tmp, tmp, a->shift);
96
tcg_gen_andi_i64(tmp, tmp, ~widen_mask);
97
}
98
- neon_store_reg64(tmp, a->vd + 1);
99
+ write_neon_element64(tmp, a->vd, 1, MO_64);
100
tcg_temp_free_i64(tmp);
101
return true;
102
}
103
@@ -XXX,XX +XXX,XX @@ static bool do_prewiden_3d(DisasContext *s, arg_3diff *a,
104
rm_64 = tcg_temp_new_i64();
105
106
if (src1_wide) {
107
- neon_load_reg64(rn0_64, a->vn);
108
+ read_neon_element64(rn0_64, a->vn, 0, MO_64);
109
} else {
110
TCGv_i32 tmp = tcg_temp_new_i32();
111
read_neon_element32(tmp, a->vn, 0, MO_32);
112
@@ -XXX,XX +XXX,XX @@ static bool do_prewiden_3d(DisasContext *s, arg_3diff *a,
113
* avoid incorrect results if a narrow input overlaps with the result.
114
*/
115
if (src1_wide) {
116
- neon_load_reg64(rn1_64, a->vn + 1);
117
+ read_neon_element64(rn1_64, a->vn, 1, MO_64);
118
} else {
119
TCGv_i32 tmp = tcg_temp_new_i32();
120
read_neon_element32(tmp, a->vn, 1, MO_32);
121
@@ -XXX,XX +XXX,XX @@ static bool do_prewiden_3d(DisasContext *s, arg_3diff *a,
122
rm = tcg_temp_new_i32();
123
read_neon_element32(rm, a->vm, 1, MO_32);
124
125
- neon_store_reg64(rn0_64, a->vd);
126
+ write_neon_element64(rn0_64, a->vd, 0, MO_64);
127
128
widenfn(rm_64, rm);
129
tcg_temp_free_i32(rm);
130
opfn(rn1_64, rn1_64, rm_64);
131
- neon_store_reg64(rn1_64, a->vd + 1);
132
+ write_neon_element64(rn1_64, a->vd, 1, MO_64);
133
134
tcg_temp_free_i64(rn0_64);
135
tcg_temp_free_i64(rn1_64);
136
@@ -XXX,XX +XXX,XX @@ static bool do_narrow_3d(DisasContext *s, arg_3diff *a,
137
rd0 = tcg_temp_new_i32();
138
rd1 = tcg_temp_new_i32();
139
140
- neon_load_reg64(rn_64, a->vn);
141
- neon_load_reg64(rm_64, a->vm);
142
+ read_neon_element64(rn_64, a->vn, 0, MO_64);
143
+ read_neon_element64(rm_64, a->vm, 0, MO_64);
144
145
opfn(rn_64, rn_64, rm_64);
146
147
narrowfn(rd0, rn_64);
148
149
- neon_load_reg64(rn_64, a->vn + 1);
150
- neon_load_reg64(rm_64, a->vm + 1);
151
+ read_neon_element64(rn_64, a->vn, 1, MO_64);
152
+ read_neon_element64(rm_64, a->vm, 1, MO_64);
153
154
opfn(rn_64, rn_64, rm_64);
155
156
@@ -XXX,XX +XXX,XX @@ static bool do_long_3d(DisasContext *s, arg_3diff *a,
157
/* Don't store results until after all loads: they might overlap */
158
if (accfn) {
159
tmp = tcg_temp_new_i64();
160
- neon_load_reg64(tmp, a->vd);
161
+ read_neon_element64(tmp, a->vd, 0, MO_64);
162
accfn(tmp, tmp, rd0);
163
- neon_store_reg64(tmp, a->vd);
164
- neon_load_reg64(tmp, a->vd + 1);
165
+ write_neon_element64(tmp, a->vd, 0, MO_64);
166
+ read_neon_element64(tmp, a->vd, 1, MO_64);
167
accfn(tmp, tmp, rd1);
168
- neon_store_reg64(tmp, a->vd + 1);
169
+ write_neon_element64(tmp, a->vd, 1, MO_64);
170
tcg_temp_free_i64(tmp);
171
} else {
172
- neon_store_reg64(rd0, a->vd);
173
- neon_store_reg64(rd1, a->vd + 1);
174
+ write_neon_element64(rd0, a->vd, 0, MO_64);
175
+ write_neon_element64(rd1, a->vd, 1, MO_64);
176
}
177
178
tcg_temp_free_i64(rd0);
179
@@ -XXX,XX +XXX,XX @@ static bool do_2scalar_long(DisasContext *s, arg_2scalar *a,
180
181
if (accfn) {
182
TCGv_i64 t64 = tcg_temp_new_i64();
183
- neon_load_reg64(t64, a->vd);
184
+ read_neon_element64(t64, a->vd, 0, MO_64);
185
accfn(t64, t64, rn0_64);
186
- neon_store_reg64(t64, a->vd);
187
- neon_load_reg64(t64, a->vd + 1);
188
+ write_neon_element64(t64, a->vd, 0, MO_64);
189
+ read_neon_element64(t64, a->vd, 1, MO_64);
190
accfn(t64, t64, rn1_64);
191
- neon_store_reg64(t64, a->vd + 1);
192
+ write_neon_element64(t64, a->vd, 1, MO_64);
193
tcg_temp_free_i64(t64);
194
} else {
195
- neon_store_reg64(rn0_64, a->vd);
196
- neon_store_reg64(rn1_64, a->vd + 1);
197
+ write_neon_element64(rn0_64, a->vd, 0, MO_64);
198
+ write_neon_element64(rn1_64, a->vd, 1, MO_64);
199
}
200
tcg_temp_free_i64(rn0_64);
201
tcg_temp_free_i64(rn1_64);
202
@@ -XXX,XX +XXX,XX @@ static bool trans_VEXT(DisasContext *s, arg_VEXT *a)
203
right = tcg_temp_new_i64();
204
dest = tcg_temp_new_i64();
205
206
- neon_load_reg64(right, a->vn);
207
- neon_load_reg64(left, a->vm);
208
+ read_neon_element64(right, a->vn, 0, MO_64);
209
+ read_neon_element64(left, a->vm, 0, MO_64);
210
tcg_gen_extract2_i64(dest, right, left, a->imm * 8);
211
- neon_store_reg64(dest, a->vd);
212
+ write_neon_element64(dest, a->vd, 0, MO_64);
213
214
tcg_temp_free_i64(left);
215
tcg_temp_free_i64(right);
216
@@ -XXX,XX +XXX,XX @@ static bool trans_VEXT(DisasContext *s, arg_VEXT *a)
217
destright = tcg_temp_new_i64();
218
219
if (a->imm < 8) {
220
- neon_load_reg64(right, a->vn);
221
- neon_load_reg64(middle, a->vn + 1);
222
+ read_neon_element64(right, a->vn, 0, MO_64);
223
+ read_neon_element64(middle, a->vn, 1, MO_64);
224
tcg_gen_extract2_i64(destright, right, middle, a->imm * 8);
225
- neon_load_reg64(left, a->vm);
226
+ read_neon_element64(left, a->vm, 0, MO_64);
227
tcg_gen_extract2_i64(destleft, middle, left, a->imm * 8);
228
} else {
229
- neon_load_reg64(right, a->vn + 1);
230
- neon_load_reg64(middle, a->vm);
231
+ read_neon_element64(right, a->vn, 1, MO_64);
232
+ read_neon_element64(middle, a->vm, 0, MO_64);
233
tcg_gen_extract2_i64(destright, right, middle, (a->imm - 8) * 8);
234
- neon_load_reg64(left, a->vm + 1);
235
+ read_neon_element64(left, a->vm, 1, MO_64);
236
tcg_gen_extract2_i64(destleft, middle, left, (a->imm - 8) * 8);
237
}
238
239
- neon_store_reg64(destright, a->vd);
240
- neon_store_reg64(destleft, a->vd + 1);
241
+ write_neon_element64(destright, a->vd, 0, MO_64);
242
+ write_neon_element64(destleft, a->vd, 1, MO_64);
243
244
tcg_temp_free_i64(destright);
245
tcg_temp_free_i64(destleft);
246
@@ -XXX,XX +XXX,XX @@ static bool do_2misc_pairwise(DisasContext *s, arg_2misc *a,
247
248
if (accfn) {
249
TCGv_i64 tmp64 = tcg_temp_new_i64();
250
- neon_load_reg64(tmp64, a->vd + pass);
251
+ read_neon_element64(tmp64, a->vd, pass, MO_64);
252
accfn(rd_64, tmp64, rd_64);
253
tcg_temp_free_i64(tmp64);
254
}
255
- neon_store_reg64(rd_64, a->vd + pass);
256
+ write_neon_element64(rd_64, a->vd, pass, MO_64);
257
tcg_temp_free_i64(rd_64);
258
}
259
return true;
260
@@ -XXX,XX +XXX,XX @@ static bool do_vmovn(DisasContext *s, arg_2misc *a,
261
rd0 = tcg_temp_new_i32();
262
rd1 = tcg_temp_new_i32();
263
264
- neon_load_reg64(rm, a->vm);
265
+ read_neon_element64(rm, a->vm, 0, MO_64);
266
narrowfn(rd0, cpu_env, rm);
267
- neon_load_reg64(rm, a->vm + 1);
268
+ read_neon_element64(rm, a->vm, 1, MO_64);
269
narrowfn(rd1, cpu_env, rm);
270
write_neon_element32(rd0, a->vd, 0, MO_32);
271
write_neon_element32(rd1, a->vd, 1, MO_32);
272
@@ -XXX,XX +XXX,XX @@ static bool trans_VSHLL(DisasContext *s, arg_2misc *a)
273
274
widenfn(rd, rm0);
275
tcg_gen_shli_i64(rd, rd, 8 << a->size);
276
- neon_store_reg64(rd, a->vd);
277
+ write_neon_element64(rd, a->vd, 0, MO_64);
278
widenfn(rd, rm1);
279
tcg_gen_shli_i64(rd, rd, 8 << a->size);
280
- neon_store_reg64(rd, a->vd + 1);
281
+ write_neon_element64(rd, a->vd, 1, MO_64);
282
283
tcg_temp_free_i64(rd);
284
tcg_temp_free_i32(rm0);
285
@@ -XXX,XX +XXX,XX @@ static bool trans_VSWP(DisasContext *s, arg_2misc *a)
286
rm = tcg_temp_new_i64();
287
rd = tcg_temp_new_i64();
288
for (pass = 0; pass < (a->q ? 2 : 1); pass++) {
289
- neon_load_reg64(rm, a->vm + pass);
290
- neon_load_reg64(rd, a->vd + pass);
291
- neon_store_reg64(rm, a->vd + pass);
292
- neon_store_reg64(rd, a->vm + pass);
293
+ read_neon_element64(rm, a->vm, pass, MO_64);
294
+ read_neon_element64(rd, a->vd, pass, MO_64);
295
+ write_neon_element64(rm, a->vd, pass, MO_64);
296
+ write_neon_element64(rd, a->vm, pass, MO_64);
297
}
298
tcg_temp_free_i64(rm);
299
tcg_temp_free_i64(rd);
300
--
35
--
301
2.20.1
36
2.25.1
302
303
diff view generated by jsdifflib
[PULL 14/26] target/arm: fix handling of HCR.FB
[PULL 10/30] target/arm: Extract HA and HD in aa64_va_parameters
1
From: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
HCR should be applied when NS is set, not when it is cleared.
4
5
Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
3
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
6
Message-id: 20221024051851.3074715-5-richard.henderson@linaro.org
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
8
---
9
target/arm/helper.c | 5 ++---
9
target/arm/internals.h | 2 ++
10
1 file changed, 2 insertions(+), 3 deletions(-)
10
target/arm/helper.c | 8 +++++++-
11
2 files changed, 9 insertions(+), 1 deletion(-)
11
12
13
diff --git a/target/arm/internals.h b/target/arm/internals.h
14
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/internals.h
16
+++ b/target/arm/internals.h
17
@@ -XXX,XX +XXX,XX @@ typedef struct ARMVAParameters {
18
bool hpd : 1;
19
bool tsz_oob : 1; /* tsz has been clamped to legal range */
20
bool ds : 1;
21
+ bool ha : 1;
22
+ bool hd : 1;
23
ARMGranuleSize gran : 2;
24
} ARMVAParameters;
25
12
diff --git a/target/arm/helper.c b/target/arm/helper.c
26
diff --git a/target/arm/helper.c b/target/arm/helper.c
13
index XXXXXXX..XXXXXXX 100644
27
index XXXXXXX..XXXXXXX 100644
14
--- a/target/arm/helper.c
28
--- a/target/arm/helper.c
15
+++ b/target/arm/helper.c
29
+++ b/target/arm/helper.c
16
@@ -XXX,XX +XXX,XX @@ static void tlbimvaa_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
30
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
17
31
ARMMMUIdx mmu_idx, bool data)
18
/*
19
* Non-IS variants of TLB operations are upgraded to
20
- * IS versions if we are at NS EL1 and HCR_EL2.FB is set to
21
+ * IS versions if we are at EL1 and HCR_EL2.FB is effectively set to
22
* force broadcast of these operations.
23
*/
24
static bool tlb_force_broadcast(CPUARMState *env)
25
{
32
{
26
- return (env->cp15.hcr_el2 & HCR_FB) &&
33
uint64_t tcr = regime_tcr(env, mmu_idx);
27
- arm_current_el(env) == 1 && arm_is_secure_below_el3(env);
34
- bool epd, hpd, tsz_oob, ds;
28
+ return arm_current_el(env) == 1 && (arm_hcr_el2_eff(env) & HCR_FB);
35
+ bool epd, hpd, tsz_oob, ds, ha, hd;
36
int select, tsz, tbi, max_tsz, min_tsz, ps, sh;
37
ARMGranuleSize gran;
38
ARMCPU *cpu = env_archcpu(env);
39
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
40
epd = false;
41
sh = extract32(tcr, 12, 2);
42
ps = extract32(tcr, 16, 3);
43
+ ha = extract32(tcr, 21, 1) && cpu_isar_feature(aa64_hafs, cpu);
44
+ hd = extract32(tcr, 22, 1) && cpu_isar_feature(aa64_hdbs, cpu);
45
ds = extract64(tcr, 32, 1);
46
} else {
47
bool e0pd;
48
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
49
e0pd = extract64(tcr, 56, 1);
50
}
51
ps = extract64(tcr, 32, 3);
52
+ ha = extract64(tcr, 39, 1) && cpu_isar_feature(aa64_hafs, cpu);
53
+ hd = extract64(tcr, 40, 1) && cpu_isar_feature(aa64_hdbs, cpu);
54
ds = extract64(tcr, 59, 1);
55
56
if (e0pd && cpu_isar_feature(aa64_e0pd, cpu) &&
57
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
58
.hpd = hpd,
59
.tsz_oob = tsz_oob,
60
.ds = ds,
61
+ .ha = ha,
62
+ .hd = ha && hd,
63
.gran = gran,
64
};
29
}
65
}
30
31
static void tlbiall_write(CPUARMState *env, const ARMCPRegInfo *ri,
32
--
66
--
33
2.20.1
67
2.25.1
34
68
35
69
diff view generated by jsdifflib
[PULL 23/26] hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts work
[PULL 11/30] target/arm: Move S1_ptw_translate outside arm_ld[lq]_ptw
1
In gicv3_init_cpuif() we copy the ARMCPU gicv3_maintenance_interrupt
1
From: Richard Henderson <richard.henderson@linaro.org>
2
into the GICv3CPUState struct's maintenance_irq field. This will
3
only work if the board happens to have already wired up the CPU
4
maintenance IRQ before the GIC was realized. Unfortunately this is
5
not the case for the 'virt' board, and so the value that gets copied
6
is NULL (since a qemu_irq is really a pointer to an IRQState struct
7
under the hood). The effect is that the CPU interface code never
8
actually raises the maintenance interrupt line.
9
2
10
Instead, since the GICv3CPUState has a pointer to the CPUState, make
3
Separate S1 translation from the actual lookup.
11
the dereference at the point where we want to raise the interrupt, to
4
Will enable lpae hardware updates.
12
avoid an implicit requirement on board code to wire things up in a
13
particular order.
14
5
15
Reported-by: Jose Martins <josemartins90@gmail.com>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20221024051851.3074715-6-richard.henderson@linaro.org
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
Message-id: 20201009153904.28529-1-peter.maydell@linaro.org
18
Reviewed-by: Luc Michel <luc@lmichel.fr>
19
---
10
---
20
include/hw/intc/arm_gicv3_common.h | 1 -
11
target/arm/ptw.c | 41 ++++++++++++++++++++++-------------------
21
hw/intc/arm_gicv3_cpuif.c | 5 ++---
12
1 file changed, 22 insertions(+), 19 deletions(-)
22
2 files changed, 2 insertions(+), 4 deletions(-)
23
13
24
diff --git a/include/hw/intc/arm_gicv3_common.h b/include/hw/intc/arm_gicv3_common.h
14
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
25
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
26
--- a/include/hw/intc/arm_gicv3_common.h
16
--- a/target/arm/ptw.c
27
+++ b/include/hw/intc/arm_gicv3_common.h
17
+++ b/target/arm/ptw.c
28
@@ -XXX,XX +XXX,XX @@ struct GICv3CPUState {
18
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
29
qemu_irq parent_fiq;
30
qemu_irq parent_virq;
31
qemu_irq parent_vfiq;
32
- qemu_irq maintenance_irq;
33
34
/* Redistributor */
35
uint32_t level; /* Current IRQ level */
36
diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
37
index XXXXXXX..XXXXXXX 100644
38
--- a/hw/intc/arm_gicv3_cpuif.c
39
+++ b/hw/intc/arm_gicv3_cpuif.c
40
@@ -XXX,XX +XXX,XX @@ static void gicv3_cpuif_virt_update(GICv3CPUState *cs)
41
int irqlevel = 0;
42
int fiqlevel = 0;
43
int maintlevel = 0;
44
+ ARMCPU *cpu = ARM_CPU(cs->cpu);
45
46
idx = hppvi_index(cs);
47
trace_gicv3_cpuif_virt_update(gicv3_redist_affid(cs), idx);
48
@@ -XXX,XX +XXX,XX @@ static void gicv3_cpuif_virt_update(GICv3CPUState *cs)
49
50
qemu_set_irq(cs->parent_vfiq, fiqlevel);
51
qemu_set_irq(cs->parent_virq, irqlevel);
52
- qemu_set_irq(cs->maintenance_irq, maintlevel);
53
+ qemu_set_irq(cpu->gicv3_maintenance_interrupt, maintlevel);
54
}
19
}
55
20
56
static uint64_t icv_ap_read(CPUARMState *env, const ARMCPRegInfo *ri)
21
/* All loads done in the course of a page table walk go through here. */
57
@@ -XXX,XX +XXX,XX @@ void gicv3_init_cpuif(GICv3State *s)
22
-static uint32_t arm_ldl_ptw(CPUARMState *env, S1Translate *ptw, hwaddr addr,
58
&& cpu->gic_num_lrs) {
23
+static uint32_t arm_ldl_ptw(CPUARMState *env, S1Translate *ptw,
59
int j;
24
ARMMMUFaultInfo *fi)
60
25
{
61
- cs->maintenance_irq = cpu->gicv3_maintenance_interrupt;
26
CPUState *cs = env_cpu(env);
27
uint32_t data;
28
29
- if (!S1_ptw_translate(env, ptw, addr, fi)) {
30
- /* Failure. */
31
- assert(fi->s1ptw);
32
- return 0;
33
- }
62
-
34
-
63
cs->num_list_regs = cpu->gic_num_lrs;
35
if (likely(ptw->out_host)) {
64
cs->vpribits = cpu->gic_vpribits;
36
/* Page tables are in RAM, and we have the host address. */
65
cs->vprebits = cpu->gic_vprebits;
37
if (ptw->out_be) {
38
@@ -XXX,XX +XXX,XX @@ static uint32_t arm_ldl_ptw(CPUARMState *env, S1Translate *ptw, hwaddr addr,
39
return data;
40
}
41
42
-static uint64_t arm_ldq_ptw(CPUARMState *env, S1Translate *ptw, hwaddr addr,
43
+static uint64_t arm_ldq_ptw(CPUARMState *env, S1Translate *ptw,
44
ARMMMUFaultInfo *fi)
45
{
46
CPUState *cs = env_cpu(env);
47
uint64_t data;
48
49
- if (!S1_ptw_translate(env, ptw, addr, fi)) {
50
- /* Failure. */
51
- assert(fi->s1ptw);
52
- return 0;
53
- }
54
-
55
if (likely(ptw->out_host)) {
56
/* Page tables are in RAM, and we have the host address. */
57
if (ptw->out_be) {
58
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v5(CPUARMState *env, S1Translate *ptw,
59
fi->type = ARMFault_Translation;
60
goto do_fault;
61
}
62
- desc = arm_ldl_ptw(env, ptw, table, fi);
63
+ if (!S1_ptw_translate(env, ptw, table, fi)) {
64
+ goto do_fault;
65
+ }
66
+ desc = arm_ldl_ptw(env, ptw, fi);
67
if (fi->type != ARMFault_None) {
68
goto do_fault;
69
}
70
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v5(CPUARMState *env, S1Translate *ptw,
71
/* Fine pagetable. */
72
table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
73
}
74
- desc = arm_ldl_ptw(env, ptw, table, fi);
75
+ if (!S1_ptw_translate(env, ptw, table, fi)) {
76
+ goto do_fault;
77
+ }
78
+ desc = arm_ldl_ptw(env, ptw, fi);
79
if (fi->type != ARMFault_None) {
80
goto do_fault;
81
}
82
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
83
fi->type = ARMFault_Translation;
84
goto do_fault;
85
}
86
- desc = arm_ldl_ptw(env, ptw, table, fi);
87
+ if (!S1_ptw_translate(env, ptw, table, fi)) {
88
+ goto do_fault;
89
+ }
90
+ desc = arm_ldl_ptw(env, ptw, fi);
91
if (fi->type != ARMFault_None) {
92
goto do_fault;
93
}
94
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
95
ns = extract32(desc, 3, 1);
96
/* Lookup l2 entry. */
97
table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
98
- desc = arm_ldl_ptw(env, ptw, table, fi);
99
+ if (!S1_ptw_translate(env, ptw, table, fi)) {
100
+ goto do_fault;
101
+ }
102
+ desc = arm_ldl_ptw(env, ptw, fi);
103
if (fi->type != ARMFault_None) {
104
goto do_fault;
105
}
106
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
107
ptw->in_ptw_idx &= ~1;
108
ptw->in_secure = false;
109
}
110
- descriptor = arm_ldq_ptw(env, ptw, descaddr, fi);
111
+ if (!S1_ptw_translate(env, ptw, descaddr, fi)) {
112
+ goto do_fault;
113
+ }
114
+ descriptor = arm_ldq_ptw(env, ptw, fi);
115
if (fi->type != ARMFault_None) {
116
goto do_fault;
117
}
66
--
118
--
67
2.20.1
119
2.25.1
68
69
diff view generated by jsdifflib
[PULL 24/26] scripts/kerneldoc: For Sphinx 3 use c:macro for macros with arguments
[PULL 12/30] target/arm: Add ARMFault_UnsuppAtomicUpdate
1
The kerneldoc script currently emits Sphinx markup for a macro with
1
From: Richard Henderson <richard.henderson@linaro.org>
2
arguments that uses the c:function directive. This is correct for
3
Sphinx versions earlier than Sphinx 3, where c:macro doesn't allow
4
documentation of macros with arguments and c:function is not picky
5
about the syntax of what it is passed. However, in Sphinx 3 the
6
c:macro directive was enhanced to support macros with arguments,
7
and c:function was made more picky about what syntax it accepted.
8
2
9
When kerneldoc is told that it needs to produce output for Sphinx
3
This fault type is to be used with FEAT_HAFDBS when
10
3 or later, make it emit c:function only for functions and c:macro
4
the guest enables hw updates, but places the tables
11
for macros with arguments. We assume that anything with a return
5
in memory where atomic updates are unsupported.
12
type is a function and anything without is a macro.
13
6
14
This fixes the Sphinx error:
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
10
Message-id: 20221024051851.3074715-7-richard.henderson@linaro.org
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
13
target/arm/internals.h | 4 ++++
14
1 file changed, 4 insertions(+)
15
15
16
/home/petmay01/linaro/qemu-from-laptop/qemu/docs/../include/qom/object.h:155:Error in declarator
16
diff --git a/target/arm/internals.h b/target/arm/internals.h
17
If declarator-id with parameters (e.g., 'void f(int arg)'):
17
index XXXXXXX..XXXXXXX 100644
18
Invalid C declaration: Expected identifier in nested name. [error at 25]
18
--- a/target/arm/internals.h
19
DECLARE_INSTANCE_CHECKER ( InstanceType, OBJ_NAME, TYPENAME)
19
+++ b/target/arm/internals.h
20
-------------------------^
20
@@ -XXX,XX +XXX,XX @@ typedef enum ARMFaultType {
21
If parenthesis in noptr-declarator (e.g., 'void (*f(int arg))(double)'):
21
ARMFault_AsyncExternal,
22
Error in declarator or parameters
22
ARMFault_Debug,
23
Invalid C declaration: Expecting "(" in parameters. [error at 39]
23
ARMFault_TLBConflict,
24
DECLARE_INSTANCE_CHECKER ( InstanceType, OBJ_NAME, TYPENAME)
24
+ ARMFault_UnsuppAtomicUpdate,
25
---------------------------------------^
25
ARMFault_Lockdown,
26
26
ARMFault_Exclusive,
27
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
27
ARMFault_ICacheMaint,
28
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
28
@@ -XXX,XX +XXX,XX @@ static inline uint32_t arm_fi_to_lfsc(ARMMMUFaultInfo *fi)
29
Tested-by: Stefan Hajnoczi <stefanha@redhat.com>
29
case ARMFault_TLBConflict:
30
Message-id: 20201030174700.7204-2-peter.maydell@linaro.org
30
fsc = 0x30;
31
---
31
break;
32
scripts/kernel-doc | 18 +++++++++++++++++-
32
+ case ARMFault_UnsuppAtomicUpdate:
33
1 file changed, 17 insertions(+), 1 deletion(-)
33
+ fsc = 0x31;
34
34
+ break;
35
diff --git a/scripts/kernel-doc b/scripts/kernel-doc
35
case ARMFault_Lockdown:
36
index XXXXXXX..XXXXXXX 100755
36
fsc = 0x34;
37
--- a/scripts/kernel-doc
37
break;
38
+++ b/scripts/kernel-doc
39
@@ -XXX,XX +XXX,XX @@ sub output_function_rst(%) {
40
    output_highlight_rst($args{'purpose'});
41
    $start = "\n\n**Syntax**\n\n ``";
42
} else {
43
-    print ".. c:function:: ";
44
+ if ((split(/\./, $sphinx_version))[0] >= 3) {
45
+ # Sphinx 3 and later distinguish macros and functions and
46
+ # complain if you use c:function with something that's not
47
+ # syntactically valid as a function declaration.
48
+ # We assume that anything with a return type is a function
49
+ # and anything without is a macro.
50
+ if ($args{'functiontype'} ne "") {
51
+ print ".. c:function:: ";
52
+ } else {
53
+ print ".. c:macro:: ";
54
+ }
55
+ } else {
56
+ # Older Sphinx don't support documenting macros that take
57
+ # arguments with c:macro, and don't complain about the use
58
+ # of c:function for this.
59
+ print ".. c:function:: ";
60
+ }
61
}
62
if ($args{'functiontype'} ne "") {
63
    $start .= $args{'functiontype'} . " " . $args{'function'} . " (";
64
--
38
--
65
2.20.1
39
2.25.1
66
40
67
41
diff view generated by jsdifflib
New patch
[PULL 13/30] target/arm: Remove loop from get_phys_addr_lpae
1
1
From: Richard Henderson <richard.henderson@linaro.org>
2
3
The unconditional loop was used both to iterate over levels
4
and to control parsing of attributes. Use an explicit goto
5
in both cases.
6
7
While this appears less clean for iterating over levels, we
8
will need to jump back into the middle of this loop for
9
atomic updates, which is even uglier.
10
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
13
Message-id: 20221024051851.3074715-8-richard.henderson@linaro.org
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
---
16
target/arm/ptw.c | 192 +++++++++++++++++++++++------------------------
17
1 file changed, 96 insertions(+), 96 deletions(-)
18
19
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/target/arm/ptw.c
22
+++ b/target/arm/ptw.c
23
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
24
uint64_t descaddrmask;
25
bool aarch64 = arm_el_is_aa64(env, el);
26
bool guarded = false;
27
+ uint64_t descriptor;
28
+ bool nstable;
29
30
/* TODO: This code does not support shareability levels. */
31
if (aarch64) {
32
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
33
* bits at each step.
34
*/
35
tableattrs = is_secure ? 0 : (1 << 4);
36
- for (;;) {
37
- uint64_t descriptor;
38
- bool nstable;
39
-
40
- descaddr |= (address >> (stride * (4 - level))) & indexmask;
41
- descaddr &= ~7ULL;
42
- nstable = extract32(tableattrs, 4, 1);
43
- if (!nstable) {
44
- /*
45
- * Stage2_S -> Stage2 or Phys_S -> Phys_NS
46
- * Assert that the non-secure idx are even, and relative order.
47
- */
48
- QEMU_BUILD_BUG_ON((ARMMMUIdx_Phys_NS & 1) != 0);
49
- QEMU_BUILD_BUG_ON((ARMMMUIdx_Stage2 & 1) != 0);
50
- QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_NS + 1 != ARMMMUIdx_Phys_S);
51
- QEMU_BUILD_BUG_ON(ARMMMUIdx_Stage2 + 1 != ARMMMUIdx_Stage2_S);
52
- ptw->in_ptw_idx &= ~1;
53
- ptw->in_secure = false;
54
- }
55
- if (!S1_ptw_translate(env, ptw, descaddr, fi)) {
56
- goto do_fault;
57
- }
58
- descriptor = arm_ldq_ptw(env, ptw, fi);
59
- if (fi->type != ARMFault_None) {
60
- goto do_fault;
61
- }
62
-
63
- if (!(descriptor & 1) ||
64
- (!(descriptor & 2) && (level == 3))) {
65
- /* Invalid, or the Reserved level 3 encoding */
66
- goto do_fault;
67
- }
68
-
69
- descaddr = descriptor & descaddrmask;
70
71
+ next_level:
72
+ descaddr |= (address >> (stride * (4 - level))) & indexmask;
73
+ descaddr &= ~7ULL;
74
+ nstable = extract32(tableattrs, 4, 1);
75
+ if (!nstable) {
76
/*
77
- * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [15:12]
78
- * of descriptor. For FEAT_LPA2 and effective DS, bits [51:50] of
79
- * descaddr are in [9:8]. Otherwise, if descaddr is out of range,
80
- * raise AddressSizeFault.
81
+ * Stage2_S -> Stage2 or Phys_S -> Phys_NS
82
+ * Assert that the non-secure idx are even, and relative order.
83
*/
84
- if (outputsize > 48) {
85
- if (param.ds) {
86
- descaddr |= extract64(descriptor, 8, 2) << 50;
87
- } else {
88
- descaddr |= extract64(descriptor, 12, 4) << 48;
89
- }
90
- } else if (descaddr >> outputsize) {
91
- fault_type = ARMFault_AddressSize;
92
- goto do_fault;
93
- }
94
-
95
- if ((descriptor & 2) && (level < 3)) {
96
- /*
97
- * Table entry. The top five bits are attributes which may
98
- * propagate down through lower levels of the table (and
99
- * which are all arranged so that 0 means "no effect", so
100
- * we can gather them up by ORing in the bits at each level).
101
- */
102
- tableattrs |= extract64(descriptor, 59, 5);
103
- level++;
104
- indexmask = indexmask_grainsize;
105
- continue;
106
- }
107
- /*
108
- * Block entry at level 1 or 2, or page entry at level 3.
109
- * These are basically the same thing, although the number
110
- * of bits we pull in from the vaddr varies. Note that although
111
- * descaddrmask masks enough of the low bits of the descriptor
112
- * to give a correct page or table address, the address field
113
- * in a block descriptor is smaller; so we need to explicitly
114
- * clear the lower bits here before ORing in the low vaddr bits.
115
- */
116
- page_size = (1ULL << ((stride * (4 - level)) + 3));
117
- descaddr &= ~(hwaddr)(page_size - 1);
118
- descaddr |= (address & (page_size - 1));
119
- /* Extract attributes from the descriptor */
120
- attrs = extract64(descriptor, 2, 10)
121
- | (extract64(descriptor, 52, 12) << 10);
122
-
123
- if (regime_is_stage2(mmu_idx)) {
124
- /* Stage 2 table descriptors do not include any attribute fields */
125
- break;
126
- }
127
- /* Merge in attributes from table descriptors */
128
- attrs |= nstable << 3; /* NS */
129
- guarded = extract64(descriptor, 50, 1); /* GP */
130
- if (param.hpd) {
131
- /* HPD disables all the table attributes except NSTable. */
132
- break;
133
- }
134
- attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
135
- /*
136
- * The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
137
- * means "force PL1 access only", which means forcing AP[1] to 0.
138
- */
139
- attrs &= ~(extract32(tableattrs, 2, 1) << 4); /* !APT[0] => AP[1] */
140
- attrs |= extract32(tableattrs, 3, 1) << 5; /* APT[1] => AP[2] */
141
- break;
142
+ QEMU_BUILD_BUG_ON((ARMMMUIdx_Phys_NS & 1) != 0);
143
+ QEMU_BUILD_BUG_ON((ARMMMUIdx_Stage2 & 1) != 0);
144
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_NS + 1 != ARMMMUIdx_Phys_S);
145
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Stage2 + 1 != ARMMMUIdx_Stage2_S);
146
+ ptw->in_ptw_idx &= ~1;
147
+ ptw->in_secure = false;
148
}
149
+ if (!S1_ptw_translate(env, ptw, descaddr, fi)) {
150
+ goto do_fault;
151
+ }
152
+ descriptor = arm_ldq_ptw(env, ptw, fi);
153
+ if (fi->type != ARMFault_None) {
154
+ goto do_fault;
155
+ }
156
+
157
+ if (!(descriptor & 1) || (!(descriptor & 2) && (level == 3))) {
158
+ /* Invalid, or the Reserved level 3 encoding */
159
+ goto do_fault;
160
+ }
161
+
162
+ descaddr = descriptor & descaddrmask;
163
+
164
+ /*
165
+ * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [15:12]
166
+ * of descriptor. For FEAT_LPA2 and effective DS, bits [51:50] of
167
+ * descaddr are in [9:8]. Otherwise, if descaddr is out of range,
168
+ * raise AddressSizeFault.
169
+ */
170
+ if (outputsize > 48) {
171
+ if (param.ds) {
172
+ descaddr |= extract64(descriptor, 8, 2) << 50;
173
+ } else {
174
+ descaddr |= extract64(descriptor, 12, 4) << 48;
175
+ }
176
+ } else if (descaddr >> outputsize) {
177
+ fault_type = ARMFault_AddressSize;
178
+ goto do_fault;
179
+ }
180
+
181
+ if ((descriptor & 2) && (level < 3)) {
182
+ /*
183
+ * Table entry. The top five bits are attributes which may
184
+ * propagate down through lower levels of the table (and
185
+ * which are all arranged so that 0 means "no effect", so
186
+ * we can gather them up by ORing in the bits at each level).
187
+ */
188
+ tableattrs |= extract64(descriptor, 59, 5);
189
+ level++;
190
+ indexmask = indexmask_grainsize;
191
+ goto next_level;
192
+ }
193
+
194
+ /*
195
+ * Block entry at level 1 or 2, or page entry at level 3.
196
+ * These are basically the same thing, although the number
197
+ * of bits we pull in from the vaddr varies. Note that although
198
+ * descaddrmask masks enough of the low bits of the descriptor
199
+ * to give a correct page or table address, the address field
200
+ * in a block descriptor is smaller; so we need to explicitly
201
+ * clear the lower bits here before ORing in the low vaddr bits.
202
+ */
203
+ page_size = (1ULL << ((stride * (4 - level)) + 3));
204
+ descaddr &= ~(hwaddr)(page_size - 1);
205
+ descaddr |= (address & (page_size - 1));
206
+ /* Extract attributes from the descriptor */
207
+ attrs = extract64(descriptor, 2, 10)
208
+ | (extract64(descriptor, 52, 12) << 10);
209
+
210
+ if (regime_is_stage2(mmu_idx)) {
211
+ /* Stage 2 table descriptors do not include any attribute fields */
212
+ goto skip_attrs;
213
+ }
214
+ /* Merge in attributes from table descriptors */
215
+ attrs |= nstable << 3; /* NS */
216
+ guarded = extract64(descriptor, 50, 1); /* GP */
217
+ if (param.hpd) {
218
+ /* HPD disables all the table attributes except NSTable. */
219
+ goto skip_attrs;
220
+ }
221
+ attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
222
+ /*
223
+ * The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
224
+ * means "force PL1 access only", which means forcing AP[1] to 0.
225
+ */
226
+ attrs &= ~(extract32(tableattrs, 2, 1) << 4); /* !APT[0] => AP[1] */
227
+ attrs |= extract32(tableattrs, 3, 1) << 5; /* APT[1] => AP[2] */
228
+ skip_attrs:
229
+
230
/*
231
* Here descaddr is the final physical address, and attributes
232
* are all in attrs.
233
--
234
2.25.1
diff view generated by jsdifflib
[PULL 09/26] target/arm: Rename neon_load_reg64 to vfp_load_reg64
[PULL 14/30] target/arm: Fix fault reporting in get_phys_addr_lpae
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
The only uses of this function are for loading VFP
3
Always overriding fi->type was incorrect, as we would not properly
4
double-precision values, and nothing to do with NEON.
4
propagate the fault type from S1_ptw_translate, or arm_ldq_ptw.
5
Simplify things by providing a new label for a translation fault.
6
For other faults, store into fi directly.
5
7
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20201030022618.785675-10-richard.henderson@linaro.org
10
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Message-id: 20221024051851.3074715-9-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
13
---
11
target/arm/translate.c | 8 ++--
14
target/arm/ptw.c | 31 +++++++++++++------------------
12
target/arm/translate-vfp.c.inc | 84 +++++++++++++++++-----------------
15
1 file changed, 13 insertions(+), 18 deletions(-)
13
2 files changed, 46 insertions(+), 46 deletions(-)
14
16
15
diff --git a/target/arm/translate.c b/target/arm/translate.c
17
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
16
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/translate.c
19
--- a/target/arm/ptw.c
18
+++ b/target/arm/translate.c
20
+++ b/target/arm/ptw.c
19
@@ -XXX,XX +XXX,XX @@ static long vfp_reg_offset(bool dp, unsigned reg)
21
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
20
}
22
ARMCPU *cpu = env_archcpu(env);
21
}
23
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
22
24
bool is_secure = ptw->in_secure;
23
-static inline void neon_load_reg64(TCGv_i64 var, int reg)
25
- /* Read an LPAE long-descriptor translation table. */
24
+static inline void vfp_load_reg64(TCGv_i64 var, int reg)
26
- ARMFaultType fault_type = ARMFault_Translation;
25
{
27
uint32_t level;
26
- tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
28
ARMVAParameters param;
27
+ tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(true, reg));
29
uint64_t ttbr;
28
}
30
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
29
31
* so our choice is to always raise the fault.
30
-static inline void neon_store_reg64(TCGv_i64 var, int reg)
32
*/
31
+static inline void vfp_store_reg64(TCGv_i64 var, int reg)
33
if (param.tsz_oob) {
32
{
34
- fault_type = ARMFault_Translation;
33
- tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
35
- goto do_fault;
34
+ tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(true, reg));
36
+ goto do_translation_fault;
35
}
36
37
static inline void vfp_load_reg32(TCGv_i32 var, int reg)
38
diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
39
index XXXXXXX..XXXXXXX 100644
40
--- a/target/arm/translate-vfp.c.inc
41
+++ b/target/arm/translate-vfp.c.inc
42
@@ -XXX,XX +XXX,XX @@ static bool trans_VSEL(DisasContext *s, arg_VSEL *a)
43
tcg_gen_ext_i32_i64(nf, cpu_NF);
44
tcg_gen_ext_i32_i64(vf, cpu_VF);
45
46
- neon_load_reg64(frn, rn);
47
- neon_load_reg64(frm, rm);
48
+ vfp_load_reg64(frn, rn);
49
+ vfp_load_reg64(frm, rm);
50
switch (a->cc) {
51
case 0: /* eq: Z */
52
tcg_gen_movcond_i64(TCG_COND_EQ, dest, zf, zero,
53
@@ -XXX,XX +XXX,XX @@ static bool trans_VSEL(DisasContext *s, arg_VSEL *a)
54
tcg_temp_free_i64(tmp);
55
break;
56
}
37
}
57
- neon_store_reg64(dest, rd);
38
58
+ vfp_store_reg64(dest, rd);
39
addrsize = 64 - 8 * param.tbi;
59
tcg_temp_free_i64(frn);
40
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
60
tcg_temp_free_i64(frm);
41
addrsize - inputsize);
61
tcg_temp_free_i64(dest);
42
if (-top_bits != param.select) {
62
@@ -XXX,XX +XXX,XX @@ static bool trans_VRINT(DisasContext *s, arg_VRINT *a)
43
/* The gap between the two regions is a Translation fault */
63
TCGv_i64 tcg_res;
44
- fault_type = ARMFault_Translation;
64
tcg_op = tcg_temp_new_i64();
45
- goto do_fault;
65
tcg_res = tcg_temp_new_i64();
46
+ goto do_translation_fault;
66
- neon_load_reg64(tcg_op, rm);
67
+ vfp_load_reg64(tcg_op, rm);
68
gen_helper_rintd(tcg_res, tcg_op, fpst);
69
- neon_store_reg64(tcg_res, rd);
70
+ vfp_store_reg64(tcg_res, rd);
71
tcg_temp_free_i64(tcg_op);
72
tcg_temp_free_i64(tcg_res);
73
} else {
74
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT(DisasContext *s, arg_VCVT *a)
75
tcg_double = tcg_temp_new_i64();
76
tcg_res = tcg_temp_new_i64();
77
tcg_tmp = tcg_temp_new_i32();
78
- neon_load_reg64(tcg_double, rm);
79
+ vfp_load_reg64(tcg_double, rm);
80
if (is_signed) {
81
gen_helper_vfp_tosld(tcg_res, tcg_double, tcg_shift, fpst);
82
} else {
83
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_dp(DisasContext *s, arg_VLDR_VSTR_dp *a)
84
tmp = tcg_temp_new_i64();
85
if (a->l) {
86
gen_aa32_ld64(s, tmp, addr, get_mem_index(s));
87
- neon_store_reg64(tmp, a->vd);
88
+ vfp_store_reg64(tmp, a->vd);
89
} else {
90
- neon_load_reg64(tmp, a->vd);
91
+ vfp_load_reg64(tmp, a->vd);
92
gen_aa32_st64(s, tmp, addr, get_mem_index(s));
93
}
94
tcg_temp_free_i64(tmp);
95
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDM_VSTM_dp(DisasContext *s, arg_VLDM_VSTM_dp *a)
96
if (a->l) {
97
/* load */
98
gen_aa32_ld64(s, tmp, addr, get_mem_index(s));
99
- neon_store_reg64(tmp, a->vd + i);
100
+ vfp_store_reg64(tmp, a->vd + i);
101
} else {
102
/* store */
103
- neon_load_reg64(tmp, a->vd + i);
104
+ vfp_load_reg64(tmp, a->vd + i);
105
gen_aa32_st64(s, tmp, addr, get_mem_index(s));
106
}
107
tcg_gen_addi_i32(addr, addr, offset);
108
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_3op_dp(DisasContext *s, VFPGen3OpDPFn *fn,
109
fd = tcg_temp_new_i64();
110
fpst = fpstatus_ptr(FPST_FPCR);
111
112
- neon_load_reg64(f0, vn);
113
- neon_load_reg64(f1, vm);
114
+ vfp_load_reg64(f0, vn);
115
+ vfp_load_reg64(f1, vm);
116
117
for (;;) {
118
if (reads_vd) {
119
- neon_load_reg64(fd, vd);
120
+ vfp_load_reg64(fd, vd);
121
}
122
fn(fd, f0, f1, fpst);
123
- neon_store_reg64(fd, vd);
124
+ vfp_store_reg64(fd, vd);
125
126
if (veclen == 0) {
127
break;
128
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_3op_dp(DisasContext *s, VFPGen3OpDPFn *fn,
129
veclen--;
130
vd = vfp_advance_dreg(vd, delta_d);
131
vn = vfp_advance_dreg(vn, delta_d);
132
- neon_load_reg64(f0, vn);
133
+ vfp_load_reg64(f0, vn);
134
if (delta_m) {
135
vm = vfp_advance_dreg(vm, delta_m);
136
- neon_load_reg64(f1, vm);
137
+ vfp_load_reg64(f1, vm);
138
}
47
}
139
}
48
}
140
49
141
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_2op_dp(DisasContext *s, VFPGen2OpDPFn *fn, int vd, int vm)
50
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
142
f0 = tcg_temp_new_i64();
51
* Translation table walk disabled => Translation fault on TLB miss
143
fd = tcg_temp_new_i64();
52
* Note: This is always 0 on 64-bit EL2 and EL3.
144
53
*/
145
- neon_load_reg64(f0, vm);
54
- goto do_fault;
146
+ vfp_load_reg64(f0, vm);
55
+ goto do_translation_fault;
147
56
}
148
for (;;) {
57
149
fn(fd, f0);
58
if (!regime_is_stage2(mmu_idx)) {
150
- neon_store_reg64(fd, vd);
59
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
151
+ vfp_store_reg64(fd, vd);
60
if (param.ds && stride == 9 && sl2) {
152
61
if (sl0 != 0) {
153
if (veclen == 0) {
62
level = 0;
154
break;
63
- fault_type = ARMFault_Translation;
155
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_2op_dp(DisasContext *s, VFPGen2OpDPFn *fn, int vd, int vm)
64
- goto do_fault;
156
/* single source one-many */
65
+ goto do_translation_fault;
157
while (veclen--) {
158
vd = vfp_advance_dreg(vd, delta_d);
159
- neon_store_reg64(fd, vd);
160
+ vfp_store_reg64(fd, vd);
161
}
66
}
162
break;
67
startlevel = -1;
68
} else if (!aarch64 || stride == 9) {
69
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
70
ok = check_s2_mmu_setup(cpu, aarch64, startlevel,
71
inputsize, stride, outputsize);
72
if (!ok) {
73
- fault_type = ARMFault_Translation;
74
- goto do_fault;
75
+ goto do_translation_fault;
163
}
76
}
164
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_2op_dp(DisasContext *s, VFPGen2OpDPFn *fn, int vd, int vm)
77
level = startlevel;
165
veclen--;
166
vd = vfp_advance_dreg(vd, delta_d);
167
vd = vfp_advance_dreg(vm, delta_m);
168
- neon_load_reg64(f0, vm);
169
+ vfp_load_reg64(f0, vm);
170
}
78
}
171
79
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
172
tcg_temp_free_i64(f0);
80
descaddr |= extract64(ttbr, 2, 4) << 48;
173
@@ -XXX,XX +XXX,XX @@ static bool do_vfm_dp(DisasContext *s, arg_VFMA_dp *a, bool neg_n, bool neg_d)
81
} else if (descaddr >> outputsize) {
174
vm = tcg_temp_new_i64();
82
level = 0;
175
vd = tcg_temp_new_i64();
83
- fault_type = ARMFault_AddressSize;
176
84
+ fi->type = ARMFault_AddressSize;
177
- neon_load_reg64(vn, a->vn);
85
goto do_fault;
178
- neon_load_reg64(vm, a->vm);
179
+ vfp_load_reg64(vn, a->vn);
180
+ vfp_load_reg64(vm, a->vm);
181
if (neg_n) {
182
/* VFNMS, VFMS */
183
gen_helper_vfp_negd(vn, vn);
184
}
86
}
185
- neon_load_reg64(vd, a->vd);
87
186
+ vfp_load_reg64(vd, a->vd);
88
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
187
if (neg_d) {
89
188
/* VFNMA, VFNMS */
90
if (!(descriptor & 1) || (!(descriptor & 2) && (level == 3))) {
189
gen_helper_vfp_negd(vd, vd);
91
/* Invalid, or the Reserved level 3 encoding */
92
- goto do_fault;
93
+ goto do_translation_fault;
190
}
94
}
191
fpst = fpstatus_ptr(FPST_FPCR);
95
192
gen_helper_vfp_muladdd(vd, vn, vm, vd, fpst);
96
descaddr = descriptor & descaddrmask;
193
- neon_store_reg64(vd, a->vd);
97
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
194
+ vfp_store_reg64(vd, a->vd);
98
descaddr |= extract64(descriptor, 12, 4) << 48;
195
99
}
196
tcg_temp_free_ptr(fpst);
100
} else if (descaddr >> outputsize) {
197
tcg_temp_free_i64(vn);
101
- fault_type = ARMFault_AddressSize;
198
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_imm_dp(DisasContext *s, arg_VMOV_imm_dp *a)
102
+ fi->type = ARMFault_AddressSize;
199
fd = tcg_const_i64(vfp_expand_imm(MO_64, a->imm));
103
goto do_fault;
200
201
for (;;) {
202
- neon_store_reg64(fd, vd);
203
+ vfp_store_reg64(fd, vd);
204
205
if (veclen == 0) {
206
break;
207
@@ -XXX,XX +XXX,XX @@ static bool trans_VCMP_dp(DisasContext *s, arg_VCMP_dp *a)
208
vd = tcg_temp_new_i64();
209
vm = tcg_temp_new_i64();
210
211
- neon_load_reg64(vd, a->vd);
212
+ vfp_load_reg64(vd, a->vd);
213
if (a->z) {
214
tcg_gen_movi_i64(vm, 0);
215
} else {
216
- neon_load_reg64(vm, a->vm);
217
+ vfp_load_reg64(vm, a->vm);
218
}
104
}
219
105
220
if (a->e) {
106
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
221
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_f64_f16(DisasContext *s, arg_VCVT_f64_f16 *a)
107
* Here descaddr is the final physical address, and attributes
222
tcg_gen_ld16u_i32(tmp, cpu_env, vfp_f16_offset(a->vm, a->t));
108
* are all in attrs.
223
vd = tcg_temp_new_i64();
109
*/
224
gen_helper_vfp_fcvt_f16_to_f64(vd, tmp, fpst, ahp_mode);
110
- fault_type = ARMFault_AccessFlag;
225
- neon_store_reg64(vd, a->vd);
111
if ((attrs & (1 << 8)) == 0) {
226
+ vfp_store_reg64(vd, a->vd);
112
/* Access flag */
227
tcg_temp_free_i32(ahp_mode);
113
+ fi->type = ARMFault_AccessFlag;
228
tcg_temp_free_ptr(fpst);
114
goto do_fault;
229
tcg_temp_free_i32(tmp);
230
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_f16_f64(DisasContext *s, arg_VCVT_f16_f64 *a)
231
tmp = tcg_temp_new_i32();
232
vm = tcg_temp_new_i64();
233
234
- neon_load_reg64(vm, a->vm);
235
+ vfp_load_reg64(vm, a->vm);
236
gen_helper_vfp_fcvt_f64_to_f16(tmp, vm, fpst, ahp_mode);
237
tcg_temp_free_i64(vm);
238
tcg_gen_st16_i32(tmp, cpu_env, vfp_f16_offset(a->vd, a->t));
239
@@ -XXX,XX +XXX,XX @@ static bool trans_VRINTR_dp(DisasContext *s, arg_VRINTR_dp *a)
240
}
115
}
241
116
242
tmp = tcg_temp_new_i64();
117
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
243
- neon_load_reg64(tmp, a->vm);
118
result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
244
+ vfp_load_reg64(tmp, a->vm);
245
fpst = fpstatus_ptr(FPST_FPCR);
246
gen_helper_rintd(tmp, tmp, fpst);
247
- neon_store_reg64(tmp, a->vd);
248
+ vfp_store_reg64(tmp, a->vd);
249
tcg_temp_free_ptr(fpst);
250
tcg_temp_free_i64(tmp);
251
return true;
252
@@ -XXX,XX +XXX,XX @@ static bool trans_VRINTZ_dp(DisasContext *s, arg_VRINTZ_dp *a)
253
}
119
}
254
120
255
tmp = tcg_temp_new_i64();
121
- fault_type = ARMFault_Permission;
256
- neon_load_reg64(tmp, a->vm);
122
if (!(result->f.prot & (1 << access_type))) {
257
+ vfp_load_reg64(tmp, a->vm);
123
+ fi->type = ARMFault_Permission;
258
fpst = fpstatus_ptr(FPST_FPCR);
124
goto do_fault;
259
tcg_rmode = tcg_const_i32(float_round_to_zero);
260
gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
261
gen_helper_rintd(tmp, tmp, fpst);
262
gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
263
- neon_store_reg64(tmp, a->vd);
264
+ vfp_store_reg64(tmp, a->vd);
265
tcg_temp_free_ptr(fpst);
266
tcg_temp_free_i64(tmp);
267
tcg_temp_free_i32(tcg_rmode);
268
@@ -XXX,XX +XXX,XX @@ static bool trans_VRINTX_dp(DisasContext *s, arg_VRINTX_dp *a)
269
}
125
}
270
126
271
tmp = tcg_temp_new_i64();
127
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
272
- neon_load_reg64(tmp, a->vm);
128
result->f.lg_page_size = ctz64(page_size);
273
+ vfp_load_reg64(tmp, a->vm);
129
return false;
274
fpst = fpstatus_ptr(FPST_FPCR);
130
275
gen_helper_rintd_exact(tmp, tmp, fpst);
131
-do_fault:
276
- neon_store_reg64(tmp, a->vd);
132
- fi->type = fault_type;
277
+ vfp_store_reg64(tmp, a->vd);
133
+ do_translation_fault:
278
tcg_temp_free_ptr(fpst);
134
+ fi->type = ARMFault_Translation;
279
tcg_temp_free_i64(tmp);
135
+ do_fault:
280
return true;
136
fi->level = level;
281
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_sp(DisasContext *s, arg_VCVT_sp *a)
137
/* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */
282
vd = tcg_temp_new_i64();
138
fi->stage2 = fi->s1ptw || regime_is_stage2(mmu_idx);
283
vfp_load_reg32(vm, a->vm);
284
gen_helper_vfp_fcvtds(vd, vm, cpu_env);
285
- neon_store_reg64(vd, a->vd);
286
+ vfp_store_reg64(vd, a->vd);
287
tcg_temp_free_i32(vm);
288
tcg_temp_free_i64(vd);
289
return true;
290
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_dp(DisasContext *s, arg_VCVT_dp *a)
291
292
vd = tcg_temp_new_i32();
293
vm = tcg_temp_new_i64();
294
- neon_load_reg64(vm, a->vm);
295
+ vfp_load_reg64(vm, a->vm);
296
gen_helper_vfp_fcvtsd(vd, vm, cpu_env);
297
vfp_store_reg32(vd, a->vd);
298
tcg_temp_free_i32(vd);
299
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_int_dp(DisasContext *s, arg_VCVT_int_dp *a)
300
/* u32 -> f64 */
301
gen_helper_vfp_uitod(vd, vm, fpst);
302
}
303
- neon_store_reg64(vd, a->vd);
304
+ vfp_store_reg64(vd, a->vd);
305
tcg_temp_free_i32(vm);
306
tcg_temp_free_i64(vd);
307
tcg_temp_free_ptr(fpst);
308
@@ -XXX,XX +XXX,XX @@ static bool trans_VJCVT(DisasContext *s, arg_VJCVT *a)
309
310
vm = tcg_temp_new_i64();
311
vd = tcg_temp_new_i32();
312
- neon_load_reg64(vm, a->vm);
313
+ vfp_load_reg64(vm, a->vm);
314
gen_helper_vjcvt(vd, vm, cpu_env);
315
vfp_store_reg32(vd, a->vd);
316
tcg_temp_free_i64(vm);
317
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_fix_dp(DisasContext *s, arg_VCVT_fix_dp *a)
318
frac_bits = (a->opc & 1) ? (32 - a->imm) : (16 - a->imm);
319
320
vd = tcg_temp_new_i64();
321
- neon_load_reg64(vd, a->vd);
322
+ vfp_load_reg64(vd, a->vd);
323
324
fpst = fpstatus_ptr(FPST_FPCR);
325
shift = tcg_const_i32(frac_bits);
326
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_fix_dp(DisasContext *s, arg_VCVT_fix_dp *a)
327
g_assert_not_reached();
328
}
329
330
- neon_store_reg64(vd, a->vd);
331
+ vfp_store_reg64(vd, a->vd);
332
tcg_temp_free_i64(vd);
333
tcg_temp_free_i32(shift);
334
tcg_temp_free_ptr(fpst);
335
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_dp_int(DisasContext *s, arg_VCVT_dp_int *a)
336
fpst = fpstatus_ptr(FPST_FPCR);
337
vm = tcg_temp_new_i64();
338
vd = tcg_temp_new_i32();
339
- neon_load_reg64(vm, a->vm);
340
+ vfp_load_reg64(vm, a->vm);
341
342
if (a->s) {
343
if (a->rz) {
344
--
139
--
345
2.20.1
140
2.25.1
346
141
347
142
diff view generated by jsdifflib
[PULL 01/26] target/arm: Introduce neon_full_reg_offset
[PULL 15/30] target/arm: Don't shift attrs in get_phys_addr_lpae
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
This function makes it clear that we're talking about the whole
3
Leave the upper and lower attributes in the place they originate
4
register, and not the 32-bit piece at index 0. This fixes a bug
4
from in the descriptor. Shifting them around is confusing, since
5
when running on a big-endian host.
5
one cannot read the bit numbers out of the manual. Also, new
6
attributes have been added which would alter the shifts.
6
7
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20201030022618.785675-2-richard.henderson@linaro.org
10
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Message-id: 20221024051851.3074715-10-richard.henderson@linaro.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
13
---
12
target/arm/translate.c | 8 ++++++
14
target/arm/ptw.c | 31 +++++++++++++++----------------
13
target/arm/translate-neon.c.inc | 44 ++++++++++++++++-----------------
15
1 file changed, 15 insertions(+), 16 deletions(-)
14
target/arm/translate-vfp.c.inc | 2 +-
15
3 files changed, 31 insertions(+), 23 deletions(-)
16
16
17
diff --git a/target/arm/translate.c b/target/arm/translate.c
17
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
18
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/translate.c
19
--- a/target/arm/ptw.c
20
+++ b/target/arm/translate.c
20
+++ b/target/arm/ptw.c
21
@@ -XXX,XX +XXX,XX @@ static inline void gen_hlt(DisasContext *s, int imm)
21
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
22
unallocated_encoding(s);
22
hwaddr descaddr, indexmask, indexmask_grainsize;
23
}
23
uint32_t tableattrs;
24
24
target_ulong page_size;
25
+/*
25
- uint32_t attrs;
26
+ * Return the offset of a "full" NEON Dreg.
26
+ uint64_t attrs;
27
+ */
27
int32_t stride;
28
+static long neon_full_reg_offset(unsigned reg)
28
int addrsize, inputsize, outputsize;
29
+{
29
uint64_t tcr = regime_tcr(env, mmu_idx);
30
+ return offsetof(CPUARMState, vfp.zregs[reg >> 1].d[reg & 1]);
30
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
31
+}
31
descaddr &= ~(hwaddr)(page_size - 1);
32
+
32
descaddr |= (address & (page_size - 1));
33
static inline long vfp_reg_offset(bool dp, unsigned reg)
33
/* Extract attributes from the descriptor */
34
{
34
- attrs = extract64(descriptor, 2, 10)
35
if (dp) {
35
- | (extract64(descriptor, 52, 12) << 10);
36
diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
36
+ attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(52, 12));
37
index XXXXXXX..XXXXXXX 100644
37
38
--- a/target/arm/translate-neon.c.inc
38
if (regime_is_stage2(mmu_idx)) {
39
+++ b/target/arm/translate-neon.c.inc
39
/* Stage 2 table descriptors do not include any attribute fields */
40
@@ -XXX,XX +XXX,XX @@ neon_element_offset(int reg, int element, MemOp size)
40
goto skip_attrs;
41
ofs ^= 8 - element_size;
42
}
41
}
43
#endif
42
/* Merge in attributes from table descriptors */
44
- return neon_reg_offset(reg, 0) + ofs;
43
- attrs |= nstable << 3; /* NS */
45
+ return neon_full_reg_offset(reg) + ofs;
44
+ attrs |= nstable << 5; /* NS */
46
}
45
guarded = extract64(descriptor, 50, 1); /* GP */
47
46
if (param.hpd) {
48
static void neon_load_element(TCGv_i32 var, int reg, int ele, MemOp mop)
47
/* HPD disables all the table attributes except NSTable. */
49
@@ -XXX,XX +XXX,XX @@ static bool trans_VLD_all_lanes(DisasContext *s, arg_VLD_all_lanes *a)
48
goto skip_attrs;
50
* We cannot write 16 bytes at once because the
51
* destination is unaligned.
52
*/
53
- tcg_gen_gvec_dup_i32(size, neon_reg_offset(vd, 0),
54
+ tcg_gen_gvec_dup_i32(size, neon_full_reg_offset(vd),
55
8, 8, tmp);
56
- tcg_gen_gvec_mov(0, neon_reg_offset(vd + 1, 0),
57
- neon_reg_offset(vd, 0), 8, 8);
58
+ tcg_gen_gvec_mov(0, neon_full_reg_offset(vd + 1),
59
+ neon_full_reg_offset(vd), 8, 8);
60
} else {
61
- tcg_gen_gvec_dup_i32(size, neon_reg_offset(vd, 0),
62
+ tcg_gen_gvec_dup_i32(size, neon_full_reg_offset(vd),
63
vec_size, vec_size, tmp);
64
}
65
tcg_gen_addi_i32(addr, addr, 1 << size);
66
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDST_single(DisasContext *s, arg_VLDST_single *a)
67
static bool do_3same(DisasContext *s, arg_3same *a, GVecGen3Fn fn)
68
{
69
int vec_size = a->q ? 16 : 8;
70
- int rd_ofs = neon_reg_offset(a->vd, 0);
71
- int rn_ofs = neon_reg_offset(a->vn, 0);
72
- int rm_ofs = neon_reg_offset(a->vm, 0);
73
+ int rd_ofs = neon_full_reg_offset(a->vd);
74
+ int rn_ofs = neon_full_reg_offset(a->vn);
75
+ int rm_ofs = neon_full_reg_offset(a->vm);
76
77
if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
78
return false;
79
@@ -XXX,XX +XXX,XX @@ static bool do_vector_2sh(DisasContext *s, arg_2reg_shift *a, GVecGen2iFn *fn)
80
{
81
/* Handle a 2-reg-shift insn which can be vectorized. */
82
int vec_size = a->q ? 16 : 8;
83
- int rd_ofs = neon_reg_offset(a->vd, 0);
84
- int rm_ofs = neon_reg_offset(a->vm, 0);
85
+ int rd_ofs = neon_full_reg_offset(a->vd);
86
+ int rm_ofs = neon_full_reg_offset(a->vm);
87
88
if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
89
return false;
90
@@ -XXX,XX +XXX,XX @@ static bool do_fp_2sh(DisasContext *s, arg_2reg_shift *a,
91
{
92
/* FP operations in 2-reg-and-shift group */
93
int vec_size = a->q ? 16 : 8;
94
- int rd_ofs = neon_reg_offset(a->vd, 0);
95
- int rm_ofs = neon_reg_offset(a->vm, 0);
96
+ int rd_ofs = neon_full_reg_offset(a->vd);
97
+ int rm_ofs = neon_full_reg_offset(a->vm);
98
TCGv_ptr fpst;
99
100
if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
101
@@ -XXX,XX +XXX,XX @@ static bool do_1reg_imm(DisasContext *s, arg_1reg_imm *a,
102
return true;
103
}
49
}
104
50
- attrs |= extract32(tableattrs, 0, 2) << 11; /* XN, PXN */
105
- reg_ofs = neon_reg_offset(a->vd, 0);
51
+ attrs |= extract64(tableattrs, 0, 2) << 53; /* XN, PXN */
106
+ reg_ofs = neon_full_reg_offset(a->vd);
52
/*
107
vec_size = a->q ? 16 : 8;
53
* The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
108
imm = asimd_imm_const(a->imm, a->cmode, a->op);
54
* means "force PL1 access only", which means forcing AP[1] to 0.
109
55
*/
110
@@ -XXX,XX +XXX,XX @@ static bool trans_VMULL_P_3d(DisasContext *s, arg_3diff *a)
56
- attrs &= ~(extract32(tableattrs, 2, 1) << 4); /* !APT[0] => AP[1] */
111
return true;
57
- attrs |= extract32(tableattrs, 3, 1) << 5; /* APT[1] => AP[2] */
58
+ attrs &= ~(extract64(tableattrs, 2, 1) << 6); /* !APT[0] => AP[1] */
59
+ attrs |= extract32(tableattrs, 3, 1) << 7; /* APT[1] => AP[2] */
60
skip_attrs:
61
62
/*
63
* Here descaddr is the final physical address, and attributes
64
* are all in attrs.
65
*/
66
- if ((attrs & (1 << 8)) == 0) {
67
+ if ((attrs & (1 << 10)) == 0) {
68
/* Access flag */
69
fi->type = ARMFault_AccessFlag;
70
goto do_fault;
112
}
71
}
113
72
114
- tcg_gen_gvec_3_ool(neon_reg_offset(a->vd, 0),
73
- ap = extract32(attrs, 4, 2);
115
- neon_reg_offset(a->vn, 0),
74
+ ap = extract32(attrs, 6, 2);
116
- neon_reg_offset(a->vm, 0),
75
117
+ tcg_gen_gvec_3_ool(neon_full_reg_offset(a->vd),
76
if (regime_is_stage2(mmu_idx)) {
118
+ neon_full_reg_offset(a->vn),
77
ns = mmu_idx == ARMMMUIdx_Stage2;
119
+ neon_full_reg_offset(a->vm),
78
- xn = extract32(attrs, 11, 2);
120
16, 16, 0, fn_gvec);
79
+ xn = extract64(attrs, 53, 2);
121
return true;
80
result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
122
}
81
} else {
123
@@ -XXX,XX +XXX,XX @@ static bool do_2scalar_fp_vec(DisasContext *s, arg_2scalar *a,
82
- ns = extract32(attrs, 3, 1);
124
{
83
- xn = extract32(attrs, 12, 1);
125
/* Two registers and a scalar, using gvec */
84
- pxn = extract32(attrs, 11, 1);
126
int vec_size = a->q ? 16 : 8;
85
+ ns = extract32(attrs, 5, 1);
127
- int rd_ofs = neon_reg_offset(a->vd, 0);
86
+ xn = extract64(attrs, 54, 1);
128
- int rn_ofs = neon_reg_offset(a->vn, 0);
87
+ pxn = extract64(attrs, 53, 1);
129
+ int rd_ofs = neon_full_reg_offset(a->vd);
88
result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
130
+ int rn_ofs = neon_full_reg_offset(a->vn);
131
int rm_ofs;
132
int idx;
133
TCGv_ptr fpstatus;
134
@@ -XXX,XX +XXX,XX @@ static bool do_2scalar_fp_vec(DisasContext *s, arg_2scalar *a,
135
/* a->vm is M:Vm, which encodes both register and index */
136
idx = extract32(a->vm, a->size + 2, 2);
137
a->vm = extract32(a->vm, 0, a->size + 2);
138
- rm_ofs = neon_reg_offset(a->vm, 0);
139
+ rm_ofs = neon_full_reg_offset(a->vm);
140
141
fpstatus = fpstatus_ptr(a->size == 1 ? FPST_STD_F16 : FPST_STD);
142
tcg_gen_gvec_3_ptr(rd_ofs, rn_ofs, rm_ofs, fpstatus,
143
@@ -XXX,XX +XXX,XX @@ static bool trans_VDUP_scalar(DisasContext *s, arg_VDUP_scalar *a)
144
return true;
145
}
89
}
146
90
147
- tcg_gen_gvec_dup_mem(a->size, neon_reg_offset(a->vd, 0),
91
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
148
+ tcg_gen_gvec_dup_mem(a->size, neon_full_reg_offset(a->vd),
92
149
neon_element_offset(a->vm, a->index, a->size),
93
if (regime_is_stage2(mmu_idx)) {
150
a->q ? 16 : 8, a->q ? 16 : 8);
94
result->cacheattrs.is_s2_format = true;
151
return true;
95
- result->cacheattrs.attrs = extract32(attrs, 0, 4);
152
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_F32_F16(DisasContext *s, arg_2misc *a)
96
+ result->cacheattrs.attrs = extract32(attrs, 2, 4);
153
static bool do_2misc_vec(DisasContext *s, arg_2misc *a, GVecGen2Fn *fn)
97
} else {
154
{
98
/* Index into MAIR registers for cache attributes */
155
int vec_size = a->q ? 16 : 8;
99
- uint8_t attrindx = extract32(attrs, 0, 3);
156
- int rd_ofs = neon_reg_offset(a->vd, 0);
100
+ uint8_t attrindx = extract32(attrs, 2, 3);
157
- int rm_ofs = neon_reg_offset(a->vm, 0);
101
uint64_t mair = env->cp15.mair_el[regime_el(env, mmu_idx)];
158
+ int rd_ofs = neon_full_reg_offset(a->vd);
102
assert(attrindx <= 7);
159
+ int rm_ofs = neon_full_reg_offset(a->vm);
103
result->cacheattrs.is_s2_format = false;
160
104
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
161
if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
105
if (param.ds) {
162
return false;
106
result->cacheattrs.shareability = param.sh;
163
diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
107
} else {
164
index XXXXXXX..XXXXXXX 100644
108
- result->cacheattrs.shareability = extract32(attrs, 6, 2);
165
--- a/target/arm/translate-vfp.c.inc
109
+ result->cacheattrs.shareability = extract32(attrs, 8, 2);
166
+++ b/target/arm/translate-vfp.c.inc
167
@@ -XXX,XX +XXX,XX @@ static bool trans_VDUP(DisasContext *s, arg_VDUP *a)
168
}
110
}
169
111
170
tmp = load_reg(s, a->rt);
112
result->f.phys_addr = descaddr;
171
- tcg_gen_gvec_dup_i32(size, neon_reg_offset(a->vn, 0),
172
+ tcg_gen_gvec_dup_i32(size, neon_full_reg_offset(a->vn),
173
vec_size, vec_size, tmp);
174
tcg_temp_free_i32(tmp);
175
176
--
113
--
177
2.20.1
114
2.25.1
178
115
179
116
diff view generated by jsdifflib
[PULL 03/26] target/arm: Use neon_element_offset in neon_load/store_reg
[PULL 16/30] target/arm: Consider GP an attribute in get_phys_addr_lpae
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
These are the only users of neon_reg_offset, so remove that.
3
Both GP and DBM are in the upper attribute block.
4
Extend the computation of attrs to include them,
5
then simplify the setting of guarded.
4
6
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Message-id: 20201030022618.785675-4-richard.henderson@linaro.org
10
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Message-id: 20221024051851.3074715-11-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
13
---
10
target/arm/translate.c | 14 ++------------
14
target/arm/ptw.c | 6 ++----
11
1 file changed, 2 insertions(+), 12 deletions(-)
15
1 file changed, 2 insertions(+), 4 deletions(-)
12
16
13
diff --git a/target/arm/translate.c b/target/arm/translate.c
17
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
14
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/translate.c
19
--- a/target/arm/ptw.c
16
+++ b/target/arm/translate.c
20
+++ b/target/arm/ptw.c
17
@@ -XXX,XX +XXX,XX @@ static inline long vfp_reg_offset(bool dp, unsigned reg)
21
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
22
uint32_t el = regime_el(env, mmu_idx);
23
uint64_t descaddrmask;
24
bool aarch64 = arm_el_is_aa64(env, el);
25
- bool guarded = false;
26
uint64_t descriptor;
27
bool nstable;
28
29
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
30
descaddr &= ~(hwaddr)(page_size - 1);
31
descaddr |= (address & (page_size - 1));
32
/* Extract attributes from the descriptor */
33
- attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(52, 12));
34
+ attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(50, 14));
35
36
if (regime_is_stage2(mmu_idx)) {
37
/* Stage 2 table descriptors do not include any attribute fields */
38
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
18
}
39
}
19
}
40
/* Merge in attributes from table descriptors */
20
41
attrs |= nstable << 5; /* NS */
21
-/* Return the offset of a 32-bit piece of a NEON register.
42
- guarded = extract64(descriptor, 50, 1); /* GP */
22
- zero is the least significant end of the register. */
43
if (param.hpd) {
23
-static inline long
44
/* HPD disables all the table attributes except NSTable. */
24
-neon_reg_offset (int reg, int n)
45
goto skip_attrs;
25
-{
46
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
26
- int sreg;
47
27
- sreg = reg * 2 + n;
48
/* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */
28
- return vfp_reg_offset(0, sreg);
49
if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) {
29
-}
50
- result->f.guarded = guarded;
30
-
51
+ result->f.guarded = extract64(attrs, 50, 1); /* GP */
31
static TCGv_i32 neon_load_reg(int reg, int pass)
52
}
32
{
53
33
TCGv_i32 tmp = tcg_temp_new_i32();
54
if (regime_is_stage2(mmu_idx)) {
34
- tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
35
+ tcg_gen_ld_i32(tmp, cpu_env, neon_element_offset(reg, pass, MO_32));
36
return tmp;
37
}
38
39
static void neon_store_reg(int reg, int pass, TCGv_i32 var)
40
{
41
- tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
42
+ tcg_gen_st_i32(var, cpu_env, neon_element_offset(reg, pass, MO_32));
43
tcg_temp_free_i32(var);
44
}
45
46
--
55
--
47
2.20.1
56
2.25.1
48
57
49
58
diff view generated by jsdifflib
[PULL 11/26] target/arm: Improve do_prewiden_3d
[PULL 17/30] target/arm: Tidy merging of attributes from descriptor and table
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
We can use proper widening loads to extend 32-bit inputs,
3
Replace some gotos with some nested if statements.
4
and skip the "widenfn" step.
5
4
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20201030022618.785675-12-richard.henderson@linaro.org
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Message-id: 20221024051851.3074715-12-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
9
---
11
target/arm/translate.c | 6 +++
10
target/arm/ptw.c | 34 ++++++++++++++++------------------
12
target/arm/translate-neon.c.inc | 66 ++++++++++++++++++---------------
11
1 file changed, 16 insertions(+), 18 deletions(-)
13
2 files changed, 43 insertions(+), 29 deletions(-)
14
12
15
diff --git a/target/arm/translate.c b/target/arm/translate.c
13
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
16
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/translate.c
15
--- a/target/arm/ptw.c
18
+++ b/target/arm/translate.c
16
+++ b/target/arm/ptw.c
19
@@ -XXX,XX +XXX,XX @@ static void read_neon_element64(TCGv_i64 dest, int reg, int ele, MemOp memop)
17
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
20
long off = neon_element_offset(reg, ele, memop);
18
page_size = (1ULL << ((stride * (4 - level)) + 3));
21
19
descaddr &= ~(hwaddr)(page_size - 1);
22
switch (memop) {
20
descaddr |= (address & (page_size - 1));
23
+ case MO_SL:
21
- /* Extract attributes from the descriptor */
24
+ tcg_gen_ld32s_i64(dest, cpu_env, off);
22
- attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(50, 14));
25
+ break;
23
26
+ case MO_UL:
24
- if (regime_is_stage2(mmu_idx)) {
27
+ tcg_gen_ld32u_i64(dest, cpu_env, off);
25
- /* Stage 2 table descriptors do not include any attribute fields */
28
+ break;
26
- goto skip_attrs;
29
case MO_Q:
27
- }
30
tcg_gen_ld_i64(dest, cpu_env, off);
28
- /* Merge in attributes from table descriptors */
31
break;
29
- attrs |= nstable << 5; /* NS */
32
diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
30
- if (param.hpd) {
33
index XXXXXXX..XXXXXXX 100644
31
- /* HPD disables all the table attributes except NSTable. */
34
--- a/target/arm/translate-neon.c.inc
32
- goto skip_attrs;
35
+++ b/target/arm/translate-neon.c.inc
33
- }
36
@@ -XXX,XX +XXX,XX @@ static bool trans_Vimm_1r(DisasContext *s, arg_1reg_imm *a)
34
- attrs |= extract64(tableattrs, 0, 2) << 53; /* XN, PXN */
37
static bool do_prewiden_3d(DisasContext *s, arg_3diff *a,
35
/*
38
NeonGenWidenFn *widenfn,
36
- * The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
39
NeonGenTwo64OpFn *opfn,
37
- * means "force PL1 access only", which means forcing AP[1] to 0.
40
- bool src1_wide)
38
+ * Extract attributes from the descriptor, and apply table descriptors.
41
+ int src1_mop, int src2_mop)
39
+ * Stage 2 table descriptors do not include any attribute fields.
42
{
40
+ * HPD disables all the table attributes except NSTable.
43
/* 3-regs different lengths, prewidening case (VADDL/VSUBL/VAADW/VSUBW) */
41
*/
44
TCGv_i64 rn0_64, rn1_64, rm_64;
42
- attrs &= ~(extract64(tableattrs, 2, 1) << 6); /* !APT[0] => AP[1] */
45
- TCGv_i32 rm;
43
- attrs |= extract32(tableattrs, 3, 1) << 7; /* APT[1] => AP[2] */
46
44
- skip_attrs:
47
if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
45
+ attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(50, 14));
48
return false;
46
+ if (!regime_is_stage2(mmu_idx)) {
49
@@ -XXX,XX +XXX,XX @@ static bool do_prewiden_3d(DisasContext *s, arg_3diff *a,
47
+ attrs |= nstable << 5; /* NS */
50
return false;
48
+ if (!param.hpd) {
51
}
49
+ attrs |= extract64(tableattrs, 0, 2) << 53; /* XN, PXN */
52
50
+ /*
53
- if (!widenfn || !opfn) {
51
+ * The sense of AP[1] vs APTable[0] is reversed, as APTable[0] == 1
54
+ if (!opfn) {
52
+ * means "force PL1 access only", which means forcing AP[1] to 0.
55
/* size == 3 case, which is an entirely different insn group */
53
+ */
56
return false;
54
+ attrs &= ~(extract64(tableattrs, 2, 1) << 6); /* !APT[0] => AP[1] */
57
}
55
+ attrs |= extract32(tableattrs, 3, 1) << 7; /* APT[1] => AP[2] */
58
56
+ }
59
- if ((a->vd & 1) || (src1_wide && (a->vn & 1))) {
60
+ if ((a->vd & 1) || (src1_mop == MO_Q && (a->vn & 1))) {
61
return false;
62
}
63
64
@@ -XXX,XX +XXX,XX @@ static bool do_prewiden_3d(DisasContext *s, arg_3diff *a,
65
rn1_64 = tcg_temp_new_i64();
66
rm_64 = tcg_temp_new_i64();
67
68
- if (src1_wide) {
69
- read_neon_element64(rn0_64, a->vn, 0, MO_64);
70
+ if (src1_mop >= 0) {
71
+ read_neon_element64(rn0_64, a->vn, 0, src1_mop);
72
} else {
73
TCGv_i32 tmp = tcg_temp_new_i32();
74
read_neon_element32(tmp, a->vn, 0, MO_32);
75
widenfn(rn0_64, tmp);
76
tcg_temp_free_i32(tmp);
77
}
78
- rm = tcg_temp_new_i32();
79
- read_neon_element32(rm, a->vm, 0, MO_32);
80
+ if (src2_mop >= 0) {
81
+ read_neon_element64(rm_64, a->vm, 0, src2_mop);
82
+ } else {
83
+ TCGv_i32 tmp = tcg_temp_new_i32();
84
+ read_neon_element32(tmp, a->vm, 0, MO_32);
85
+ widenfn(rm_64, tmp);
86
+ tcg_temp_free_i32(tmp);
87
+ }
57
+ }
88
58
89
- widenfn(rm_64, rm);
90
- tcg_temp_free_i32(rm);
91
opfn(rn0_64, rn0_64, rm_64);
92
93
/*
59
/*
94
* Load second pass inputs before storing the first pass result, to
60
* Here descaddr is the final physical address, and attributes
95
* avoid incorrect results if a narrow input overlaps with the result.
96
*/
97
- if (src1_wide) {
98
- read_neon_element64(rn1_64, a->vn, 1, MO_64);
99
+ if (src1_mop >= 0) {
100
+ read_neon_element64(rn1_64, a->vn, 1, src1_mop);
101
} else {
102
TCGv_i32 tmp = tcg_temp_new_i32();
103
read_neon_element32(tmp, a->vn, 1, MO_32);
104
widenfn(rn1_64, tmp);
105
tcg_temp_free_i32(tmp);
106
}
107
- rm = tcg_temp_new_i32();
108
- read_neon_element32(rm, a->vm, 1, MO_32);
109
+ if (src2_mop >= 0) {
110
+ read_neon_element64(rm_64, a->vm, 1, src2_mop);
111
+ } else {
112
+ TCGv_i32 tmp = tcg_temp_new_i32();
113
+ read_neon_element32(tmp, a->vm, 1, MO_32);
114
+ widenfn(rm_64, tmp);
115
+ tcg_temp_free_i32(tmp);
116
+ }
117
118
write_neon_element64(rn0_64, a->vd, 0, MO_64);
119
120
- widenfn(rm_64, rm);
121
- tcg_temp_free_i32(rm);
122
opfn(rn1_64, rn1_64, rm_64);
123
write_neon_element64(rn1_64, a->vd, 1, MO_64);
124
125
@@ -XXX,XX +XXX,XX @@ static bool do_prewiden_3d(DisasContext *s, arg_3diff *a,
126
return true;
127
}
128
129
-#define DO_PREWIDEN(INSN, S, EXT, OP, SRC1WIDE) \
130
+#define DO_PREWIDEN(INSN, S, OP, SRC1WIDE, SIGN) \
131
static bool trans_##INSN##_3d(DisasContext *s, arg_3diff *a) \
132
{ \
133
static NeonGenWidenFn * const widenfn[] = { \
134
gen_helper_neon_widen_##S##8, \
135
gen_helper_neon_widen_##S##16, \
136
- tcg_gen_##EXT##_i32_i64, \
137
- NULL, \
138
+ NULL, NULL, \
139
}; \
140
static NeonGenTwo64OpFn * const addfn[] = { \
141
gen_helper_neon_##OP##l_u16, \
142
@@ -XXX,XX +XXX,XX @@ static bool do_prewiden_3d(DisasContext *s, arg_3diff *a,
143
tcg_gen_##OP##_i64, \
144
NULL, \
145
}; \
146
- return do_prewiden_3d(s, a, widenfn[a->size], \
147
- addfn[a->size], SRC1WIDE); \
148
+ int narrow_mop = a->size == MO_32 ? MO_32 | SIGN : -1; \
149
+ return do_prewiden_3d(s, a, widenfn[a->size], addfn[a->size], \
150
+ SRC1WIDE ? MO_Q : narrow_mop, \
151
+ narrow_mop); \
152
}
153
154
-DO_PREWIDEN(VADDL_S, s, ext, add, false)
155
-DO_PREWIDEN(VADDL_U, u, extu, add, false)
156
-DO_PREWIDEN(VSUBL_S, s, ext, sub, false)
157
-DO_PREWIDEN(VSUBL_U, u, extu, sub, false)
158
-DO_PREWIDEN(VADDW_S, s, ext, add, true)
159
-DO_PREWIDEN(VADDW_U, u, extu, add, true)
160
-DO_PREWIDEN(VSUBW_S, s, ext, sub, true)
161
-DO_PREWIDEN(VSUBW_U, u, extu, sub, true)
162
+DO_PREWIDEN(VADDL_S, s, add, false, MO_SIGN)
163
+DO_PREWIDEN(VADDL_U, u, add, false, 0)
164
+DO_PREWIDEN(VSUBL_S, s, sub, false, MO_SIGN)
165
+DO_PREWIDEN(VSUBL_U, u, sub, false, 0)
166
+DO_PREWIDEN(VADDW_S, s, add, true, MO_SIGN)
167
+DO_PREWIDEN(VADDW_U, u, add, true, 0)
168
+DO_PREWIDEN(VSUBW_S, s, sub, true, MO_SIGN)
169
+DO_PREWIDEN(VSUBW_U, u, sub, true, 0)
170
171
static bool do_narrow_3d(DisasContext *s, arg_3diff *a,
172
NeonGenTwo64OpFn *opfn, NeonGenNarrowFn *narrowfn)
173
--
61
--
174
2.20.1
62
2.25.1
175
63
176
64
diff view generated by jsdifflib
[PULL 05/26] target/arm: Add read/write_neon_element32
[PULL 18/30] target/arm: Implement FEAT_HAFDBS, access flag portion
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Model these off the aa64 read/write_vec_element functions.
3
Perform the atomic update for hardware management of the access flag.
4
Use it within translate-neon.c.inc. The new functions do
5
not allocate or free temps, so this rearranges the calling
6
code a bit.
7
4
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20201030022618.785675-6-richard.henderson@linaro.org
7
Message-id: 20221024051851.3074715-13-richard.henderson@linaro.org
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
9
---
13
target/arm/translate.c | 26 ++++
10
docs/system/arm/emulation.rst | 1 +
14
target/arm/translate-neon.c.inc | 256 ++++++++++++++++++++------------
11
target/arm/cpu64.c | 1 +
15
2 files changed, 183 insertions(+), 99 deletions(-)
12
target/arm/ptw.c | 176 +++++++++++++++++++++++++++++-----
13
3 files changed, 156 insertions(+), 22 deletions(-)
16
14
17
diff --git a/target/arm/translate.c b/target/arm/translate.c
15
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
18
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/translate.c
17
--- a/docs/system/arm/emulation.rst
20
+++ b/target/arm/translate.c
18
+++ b/docs/system/arm/emulation.rst
21
@@ -XXX,XX +XXX,XX @@ static inline void neon_store_reg32(TCGv_i32 var, int reg)
19
@@ -XXX,XX +XXX,XX @@ the following architecture extensions:
22
tcg_gen_st_i32(var, cpu_env, vfp_reg_offset(false, reg));
20
- FEAT_FlagM (Flag manipulation instructions v2)
21
- FEAT_FlagM2 (Enhancements to flag manipulation instructions)
22
- FEAT_GTG (Guest translation granule size)
23
+- FEAT_HAFDBS (Hardware management of the access flag and dirty bit state)
24
- FEAT_HCX (Support for the HCRX_EL2 register)
25
- FEAT_HPDS (Hierarchical permission disables)
26
- FEAT_I8MM (AArch64 Int8 matrix multiplication instructions)
27
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
28
index XXXXXXX..XXXXXXX 100644
29
--- a/target/arm/cpu64.c
30
+++ b/target/arm/cpu64.c
31
@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
32
cpu->isar.id_aa64mmfr0 = t;
33
34
t = cpu->isar.id_aa64mmfr1;
35
+ t = FIELD_DP64(t, ID_AA64MMFR1, HAFDBS, 1); /* FEAT_HAFDBS, AF only */
36
t = FIELD_DP64(t, ID_AA64MMFR1, VMIDBITS, 2); /* FEAT_VMID16 */
37
t = FIELD_DP64(t, ID_AA64MMFR1, VH, 1); /* FEAT_VHE */
38
t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* FEAT_HPDS */
39
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
40
index XXXXXXX..XXXXXXX 100644
41
--- a/target/arm/ptw.c
42
+++ b/target/arm/ptw.c
43
@@ -XXX,XX +XXX,XX @@ typedef struct S1Translate {
44
bool in_secure;
45
bool in_debug;
46
bool out_secure;
47
+ bool out_rw;
48
bool out_be;
49
+ hwaddr out_virt;
50
hwaddr out_phys;
51
void *out_host;
52
} S1Translate;
53
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
54
uint8_t pte_attrs;
55
bool pte_secure;
56
57
+ ptw->out_virt = addr;
58
+
59
if (unlikely(ptw->in_debug)) {
60
/*
61
* From gdbstub, do not use softmmu so that we don't modify the
62
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
63
pte_secure = is_secure;
64
}
65
ptw->out_host = NULL;
66
+ ptw->out_rw = false;
67
} else {
68
CPUTLBEntryFull *full;
69
int flags;
70
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
71
goto fail;
72
}
73
ptw->out_phys = full->phys_addr;
74
+ ptw->out_rw = full->prot & PROT_WRITE;
75
pte_attrs = full->pte_attrs;
76
pte_secure = full->attrs.secure;
77
}
78
@@ -XXX,XX +XXX,XX @@ static uint32_t arm_ldl_ptw(CPUARMState *env, S1Translate *ptw,
79
ARMMMUFaultInfo *fi)
80
{
81
CPUState *cs = env_cpu(env);
82
+ void *host = ptw->out_host;
83
uint32_t data;
84
85
- if (likely(ptw->out_host)) {
86
+ if (likely(host)) {
87
/* Page tables are in RAM, and we have the host address. */
88
+ data = qatomic_read((uint32_t *)host);
89
if (ptw->out_be) {
90
- data = ldl_be_p(ptw->out_host);
91
+ data = be32_to_cpu(data);
92
} else {
93
- data = ldl_le_p(ptw->out_host);
94
+ data = le32_to_cpu(data);
95
}
96
} else {
97
/* Page tables are in MMIO. */
98
@@ -XXX,XX +XXX,XX @@ static uint64_t arm_ldq_ptw(CPUARMState *env, S1Translate *ptw,
99
ARMMMUFaultInfo *fi)
100
{
101
CPUState *cs = env_cpu(env);
102
+ void *host = ptw->out_host;
103
uint64_t data;
104
105
- if (likely(ptw->out_host)) {
106
+ if (likely(host)) {
107
/* Page tables are in RAM, and we have the host address. */
108
+#ifdef CONFIG_ATOMIC64
109
+ data = qatomic_read__nocheck((uint64_t *)host);
110
if (ptw->out_be) {
111
- data = ldq_be_p(ptw->out_host);
112
+ data = be64_to_cpu(data);
113
} else {
114
- data = ldq_le_p(ptw->out_host);
115
+ data = le64_to_cpu(data);
116
}
117
+#else
118
+ if (ptw->out_be) {
119
+ data = ldq_be_p(host);
120
+ } else {
121
+ data = ldq_le_p(host);
122
+ }
123
+#endif
124
} else {
125
/* Page tables are in MMIO. */
126
MemTxAttrs attrs = { .secure = ptw->out_secure };
127
@@ -XXX,XX +XXX,XX @@ static uint64_t arm_ldq_ptw(CPUARMState *env, S1Translate *ptw,
128
return data;
23
}
129
}
24
130
25
+static void read_neon_element32(TCGv_i32 dest, int reg, int ele, MemOp size)
131
+static uint64_t arm_casq_ptw(CPUARMState *env, uint64_t old_val,
132
+ uint64_t new_val, S1Translate *ptw,
133
+ ARMMMUFaultInfo *fi)
26
+{
134
+{
27
+ long off = neon_element_offset(reg, ele, size);
135
+ uint64_t cur_val;
28
+
136
+ void *host = ptw->out_host;
29
+ switch (size) {
137
+
30
+ case MO_32:
138
+ if (unlikely(!host)) {
31
+ tcg_gen_ld_i32(dest, cpu_env, off);
139
+ fi->type = ARMFault_UnsuppAtomicUpdate;
32
+ break;
140
+ fi->s1ptw = true;
33
+ default:
141
+ return 0;
34
+ g_assert_not_reached();
142
+ }
35
+ }
143
+
144
+ /*
145
+ * Raising a stage2 Protection fault for an atomic update to a read-only
146
+ * page is delayed until it is certain that there is a change to make.
147
+ */
148
+ if (unlikely(!ptw->out_rw)) {
149
+ int flags;
150
+ void *discard;
151
+
152
+ env->tlb_fi = fi;
153
+ flags = probe_access_flags(env, ptw->out_virt, MMU_DATA_STORE,
154
+ arm_to_core_mmu_idx(ptw->in_ptw_idx),
155
+ true, &discard, 0);
156
+ env->tlb_fi = NULL;
157
+
158
+ if (unlikely(flags & TLB_INVALID_MASK)) {
159
+ assert(fi->type != ARMFault_None);
160
+ fi->s2addr = ptw->out_virt;
161
+ fi->stage2 = true;
162
+ fi->s1ptw = true;
163
+ fi->s1ns = !ptw->in_secure;
164
+ return 0;
165
+ }
166
+
167
+ /* In case CAS mismatches and we loop, remember writability. */
168
+ ptw->out_rw = true;
169
+ }
170
+
171
+#ifdef CONFIG_ATOMIC64
172
+ if (ptw->out_be) {
173
+ old_val = cpu_to_be64(old_val);
174
+ new_val = cpu_to_be64(new_val);
175
+ cur_val = qatomic_cmpxchg__nocheck((uint64_t *)host, old_val, new_val);
176
+ cur_val = be64_to_cpu(cur_val);
177
+ } else {
178
+ old_val = cpu_to_le64(old_val);
179
+ new_val = cpu_to_le64(new_val);
180
+ cur_val = qatomic_cmpxchg__nocheck((uint64_t *)host, old_val, new_val);
181
+ cur_val = le64_to_cpu(cur_val);
182
+ }
183
+#else
184
+ /*
185
+ * We can't support the full 64-bit atomic cmpxchg on the host.
186
+ * Because this is only used for FEAT_HAFDBS, which is only for AA64,
187
+ * we know that TCG_OVERSIZED_GUEST is set, which means that we are
188
+ * running in round-robin mode and could only race with dma i/o.
189
+ */
190
+#ifndef TCG_OVERSIZED_GUEST
191
+# error "Unexpected configuration"
192
+#endif
193
+ bool locked = qemu_mutex_iothread_locked();
194
+ if (!locked) {
195
+ qemu_mutex_lock_iothread();
196
+ }
197
+ if (ptw->out_be) {
198
+ cur_val = ldq_be_p(host);
199
+ if (cur_val == old_val) {
200
+ stq_be_p(host, new_val);
201
+ }
202
+ } else {
203
+ cur_val = ldq_le_p(host);
204
+ if (cur_val == old_val) {
205
+ stq_le_p(host, new_val);
206
+ }
207
+ }
208
+ if (!locked) {
209
+ qemu_mutex_unlock_iothread();
210
+ }
211
+#endif
212
+
213
+ return cur_val;
36
+}
214
+}
37
+
215
+
38
+static void write_neon_element32(TCGv_i32 src, int reg, int ele, MemOp size)
216
static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx,
39
+{
217
uint32_t *table, uint32_t address)
40
+ long off = neon_element_offset(reg, ele, size);
41
+
42
+ switch (size) {
43
+ case MO_32:
44
+ tcg_gen_st_i32(src, cpu_env, off);
45
+ break;
46
+ default:
47
+ g_assert_not_reached();
48
+ }
49
+}
50
+
51
static TCGv_ptr vfp_reg_ptr(bool dp, int reg)
52
{
218
{
53
TCGv_ptr ret = tcg_temp_new_ptr();
219
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
54
diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
220
uint32_t el = regime_el(env, mmu_idx);
55
index XXXXXXX..XXXXXXX 100644
221
uint64_t descaddrmask;
56
--- a/target/arm/translate-neon.c.inc
222
bool aarch64 = arm_el_is_aa64(env, el);
57
+++ b/target/arm/translate-neon.c.inc
223
- uint64_t descriptor;
58
@@ -XXX,XX +XXX,XX @@ static bool do_3same_pair(DisasContext *s, arg_3same *a, NeonGenTwoOpFn *fn)
224
+ uint64_t descriptor, new_descriptor;
59
* early. Since Q is 0 there are always just two passes, so instead
225
bool nstable;
60
* of a complicated loop over each pass we just unroll.
226
227
/* TODO: This code does not support shareability levels. */
228
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
229
if (fi->type != ARMFault_None) {
230
goto do_fault;
231
}
232
+ new_descriptor = descriptor;
233
234
+ restart_atomic_update:
235
if (!(descriptor & 1) || (!(descriptor & 2) && (level == 3))) {
236
/* Invalid, or the Reserved level 3 encoding */
237
goto do_translation_fault;
238
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
239
* to give a correct page or table address, the address field
240
* in a block descriptor is smaller; so we need to explicitly
241
* clear the lower bits here before ORing in the low vaddr bits.
242
+ *
243
+ * Afterward, descaddr is the final physical address.
61
*/
244
*/
62
- tmp = neon_load_reg(a->vn, 0);
245
page_size = (1ULL << ((stride * (4 - level)) + 3));
63
- tmp2 = neon_load_reg(a->vn, 1);
246
descaddr &= ~(hwaddr)(page_size - 1);
64
+ tmp = tcg_temp_new_i32();
247
descaddr |= (address & (page_size - 1));
65
+ tmp2 = tcg_temp_new_i32();
248
66
+ tmp3 = tcg_temp_new_i32();
249
+ if (likely(!ptw->in_debug)) {
67
+
250
+ /*
68
+ read_neon_element32(tmp, a->vn, 0, MO_32);
251
+ * Access flag.
69
+ read_neon_element32(tmp2, a->vn, 1, MO_32);
252
+ * If HA is enabled, prepare to update the descriptor below.
70
fn(tmp, tmp, tmp2);
253
+ * Otherwise, pass the access fault on to software.
71
- tcg_temp_free_i32(tmp2);
254
+ */
72
255
+ if (!(descriptor & (1 << 10))) {
73
- tmp3 = neon_load_reg(a->vm, 0);
256
+ if (param.ha) {
74
- tmp2 = neon_load_reg(a->vm, 1);
257
+ new_descriptor |= 1 << 10; /* AF */
75
+ read_neon_element32(tmp3, a->vm, 0, MO_32);
258
+ } else {
76
+ read_neon_element32(tmp2, a->vm, 1, MO_32);
259
+ fi->type = ARMFault_AccessFlag;
77
fn(tmp3, tmp3, tmp2);
260
+ goto do_fault;
78
- tcg_temp_free_i32(tmp2);
261
+ }
79
262
+ }
80
- neon_store_reg(a->vd, 0, tmp);
263
+ }
81
- neon_store_reg(a->vd, 1, tmp3);
264
+
82
+ write_neon_element32(tmp, a->vd, 0, MO_32);
265
/*
83
+ write_neon_element32(tmp3, a->vd, 1, MO_32);
266
- * Extract attributes from the descriptor, and apply table descriptors.
84
+
267
- * Stage 2 table descriptors do not include any attribute fields.
85
+ tcg_temp_free_i32(tmp);
268
- * HPD disables all the table attributes except NSTable.
86
+ tcg_temp_free_i32(tmp2);
269
+ * Extract attributes from the (modified) descriptor, and apply
87
+ tcg_temp_free_i32(tmp3);
270
+ * table descriptors. Stage 2 table descriptors do not include
88
return true;
271
+ * any attribute fields. HPD disables all the table attributes
89
}
272
+ * except NSTable.
90
91
@@ -XXX,XX +XXX,XX @@ static bool do_2shift_env_32(DisasContext *s, arg_2reg_shift *a,
92
* 2-reg-and-shift operations, size < 3 case, where the
93
* helper needs to be passed cpu_env.
94
*/
273
*/
95
- TCGv_i32 constimm;
274
- attrs = descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(50, 14));
96
+ TCGv_i32 constimm, tmp;
275
+ attrs = new_descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(50, 14));
97
int pass;
276
if (!regime_is_stage2(mmu_idx)) {
98
277
attrs |= nstable << 5; /* NS */
99
if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
278
if (!param.hpd) {
100
@@ -XXX,XX +XXX,XX @@ static bool do_2shift_env_32(DisasContext *s, arg_2reg_shift *a,
279
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
101
* by immediate using the variable shift operations.
280
}
102
*/
103
constimm = tcg_const_i32(dup_const(a->size, a->shift));
104
+ tmp = tcg_temp_new_i32();
105
106
for (pass = 0; pass < (a->q ? 4 : 2); pass++) {
107
- TCGv_i32 tmp = neon_load_reg(a->vm, pass);
108
+ read_neon_element32(tmp, a->vm, pass, MO_32);
109
fn(tmp, cpu_env, tmp, constimm);
110
- neon_store_reg(a->vd, pass, tmp);
111
+ write_neon_element32(tmp, a->vd, pass, MO_32);
112
}
281
}
113
+ tcg_temp_free_i32(tmp);
282
114
tcg_temp_free_i32(constimm);
283
- /*
115
return true;
284
- * Here descaddr is the final physical address, and attributes
116
}
285
- * are all in attrs.
117
@@ -XXX,XX +XXX,XX @@ static bool do_2shift_narrow_64(DisasContext *s, arg_2reg_shift *a,
286
- */
118
constimm = tcg_const_i64(-a->shift);
287
- if ((attrs & (1 << 10)) == 0) {
119
rm1 = tcg_temp_new_i64();
288
- /* Access flag */
120
rm2 = tcg_temp_new_i64();
289
- fi->type = ARMFault_AccessFlag;
121
+ rd = tcg_temp_new_i32();
290
- goto do_fault;
122
291
- }
123
/* Load both inputs first to avoid potential overwrite if rm == rd */
292
-
124
neon_load_reg64(rm1, a->vm);
293
ap = extract32(attrs, 6, 2);
125
neon_load_reg64(rm2, a->vm + 1);
294
-
126
295
if (regime_is_stage2(mmu_idx)) {
127
shiftfn(rm1, rm1, constimm);
296
ns = mmu_idx == ARMMMUIdx_Stage2;
128
- rd = tcg_temp_new_i32();
297
xn = extract64(attrs, 53, 2);
129
narrowfn(rd, cpu_env, rm1);
298
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
130
- neon_store_reg(a->vd, 0, rd);
299
goto do_fault;
131
+ write_neon_element32(rd, a->vd, 0, MO_32);
132
133
shiftfn(rm2, rm2, constimm);
134
- rd = tcg_temp_new_i32();
135
narrowfn(rd, cpu_env, rm2);
136
- neon_store_reg(a->vd, 1, rd);
137
+ write_neon_element32(rd, a->vd, 1, MO_32);
138
139
+ tcg_temp_free_i32(rd);
140
tcg_temp_free_i64(rm1);
141
tcg_temp_free_i64(rm2);
142
tcg_temp_free_i64(constimm);
143
@@ -XXX,XX +XXX,XX @@ static bool do_2shift_narrow_32(DisasContext *s, arg_2reg_shift *a,
144
constimm = tcg_const_i32(imm);
145
146
/* Load all inputs first to avoid potential overwrite */
147
- rm1 = neon_load_reg(a->vm, 0);
148
- rm2 = neon_load_reg(a->vm, 1);
149
- rm3 = neon_load_reg(a->vm + 1, 0);
150
- rm4 = neon_load_reg(a->vm + 1, 1);
151
+ rm1 = tcg_temp_new_i32();
152
+ rm2 = tcg_temp_new_i32();
153
+ rm3 = tcg_temp_new_i32();
154
+ rm4 = tcg_temp_new_i32();
155
+ read_neon_element32(rm1, a->vm, 0, MO_32);
156
+ read_neon_element32(rm2, a->vm, 1, MO_32);
157
+ read_neon_element32(rm3, a->vm, 2, MO_32);
158
+ read_neon_element32(rm4, a->vm, 3, MO_32);
159
rtmp = tcg_temp_new_i64();
160
161
shiftfn(rm1, rm1, constimm);
162
@@ -XXX,XX +XXX,XX @@ static bool do_2shift_narrow_32(DisasContext *s, arg_2reg_shift *a,
163
tcg_temp_free_i32(rm2);
164
165
narrowfn(rm1, cpu_env, rtmp);
166
- neon_store_reg(a->vd, 0, rm1);
167
+ write_neon_element32(rm1, a->vd, 0, MO_32);
168
+ tcg_temp_free_i32(rm1);
169
170
shiftfn(rm3, rm3, constimm);
171
shiftfn(rm4, rm4, constimm);
172
@@ -XXX,XX +XXX,XX @@ static bool do_2shift_narrow_32(DisasContext *s, arg_2reg_shift *a,
173
174
narrowfn(rm3, cpu_env, rtmp);
175
tcg_temp_free_i64(rtmp);
176
- neon_store_reg(a->vd, 1, rm3);
177
+ write_neon_element32(rm3, a->vd, 1, MO_32);
178
+ tcg_temp_free_i32(rm3);
179
return true;
180
}
181
182
@@ -XXX,XX +XXX,XX @@ static bool do_vshll_2sh(DisasContext *s, arg_2reg_shift *a,
183
widen_mask = dup_const(a->size + 1, widen_mask);
184
}
300
}
185
301
186
- rm0 = neon_load_reg(a->vm, 0);
302
+ /* If FEAT_HAFDBS has made changes, update the PTE. */
187
- rm1 = neon_load_reg(a->vm, 1);
303
+ if (new_descriptor != descriptor) {
188
+ rm0 = tcg_temp_new_i32();
304
+ new_descriptor = arm_casq_ptw(env, descriptor, new_descriptor, ptw, fi);
189
+ rm1 = tcg_temp_new_i32();
305
+ if (fi->type != ARMFault_None) {
190
+ read_neon_element32(rm0, a->vm, 0, MO_32);
306
+ goto do_fault;
191
+ read_neon_element32(rm1, a->vm, 1, MO_32);
307
+ }
192
tmp = tcg_temp_new_i64();
308
+ /*
193
309
+ * I_YZSVV says that if the in-memory descriptor has changed,
194
widenfn(tmp, rm0);
310
+ * then we must use the information in that new value
195
@@ -XXX,XX +XXX,XX @@ static bool do_prewiden_3d(DisasContext *s, arg_3diff *a,
311
+ * (which might include a different output address, different
196
if (src1_wide) {
312
+ * attributes, or generate a fault).
197
neon_load_reg64(rn0_64, a->vn);
313
+ * Restart the handling of the descriptor value from scratch.
198
} else {
314
+ */
199
- TCGv_i32 tmp = neon_load_reg(a->vn, 0);
315
+ if (new_descriptor != descriptor) {
200
+ TCGv_i32 tmp = tcg_temp_new_i32();
316
+ descriptor = new_descriptor;
201
+ read_neon_element32(tmp, a->vn, 0, MO_32);
317
+ goto restart_atomic_update;
202
widenfn(rn0_64, tmp);
318
+ }
203
tcg_temp_free_i32(tmp);
319
+ }
204
}
320
+
205
- rm = neon_load_reg(a->vm, 0);
321
if (ns) {
206
+ rm = tcg_temp_new_i32();
322
/*
207
+ read_neon_element32(rm, a->vm, 0, MO_32);
323
* The NS bit will (as required by the architecture) have no effect if
208
209
widenfn(rm_64, rm);
210
tcg_temp_free_i32(rm);
211
@@ -XXX,XX +XXX,XX @@ static bool do_prewiden_3d(DisasContext *s, arg_3diff *a,
212
if (src1_wide) {
213
neon_load_reg64(rn1_64, a->vn + 1);
214
} else {
215
- TCGv_i32 tmp = neon_load_reg(a->vn, 1);
216
+ TCGv_i32 tmp = tcg_temp_new_i32();
217
+ read_neon_element32(tmp, a->vn, 1, MO_32);
218
widenfn(rn1_64, tmp);
219
tcg_temp_free_i32(tmp);
220
}
221
- rm = neon_load_reg(a->vm, 1);
222
+ rm = tcg_temp_new_i32();
223
+ read_neon_element32(rm, a->vm, 1, MO_32);
224
225
neon_store_reg64(rn0_64, a->vd);
226
227
@@ -XXX,XX +XXX,XX @@ static bool do_narrow_3d(DisasContext *s, arg_3diff *a,
228
229
narrowfn(rd1, rn_64);
230
231
- neon_store_reg(a->vd, 0, rd0);
232
- neon_store_reg(a->vd, 1, rd1);
233
+ write_neon_element32(rd0, a->vd, 0, MO_32);
234
+ write_neon_element32(rd1, a->vd, 1, MO_32);
235
236
+ tcg_temp_free_i32(rd0);
237
+ tcg_temp_free_i32(rd1);
238
tcg_temp_free_i64(rn_64);
239
tcg_temp_free_i64(rm_64);
240
241
@@ -XXX,XX +XXX,XX @@ static bool do_long_3d(DisasContext *s, arg_3diff *a,
242
rd0 = tcg_temp_new_i64();
243
rd1 = tcg_temp_new_i64();
244
245
- rn = neon_load_reg(a->vn, 0);
246
- rm = neon_load_reg(a->vm, 0);
247
+ rn = tcg_temp_new_i32();
248
+ rm = tcg_temp_new_i32();
249
+ read_neon_element32(rn, a->vn, 0, MO_32);
250
+ read_neon_element32(rm, a->vm, 0, MO_32);
251
opfn(rd0, rn, rm);
252
- tcg_temp_free_i32(rn);
253
- tcg_temp_free_i32(rm);
254
255
- rn = neon_load_reg(a->vn, 1);
256
- rm = neon_load_reg(a->vm, 1);
257
+ read_neon_element32(rn, a->vn, 1, MO_32);
258
+ read_neon_element32(rm, a->vm, 1, MO_32);
259
opfn(rd1, rn, rm);
260
tcg_temp_free_i32(rn);
261
tcg_temp_free_i32(rm);
262
@@ -XXX,XX +XXX,XX @@ static void gen_neon_dup_high16(TCGv_i32 var)
263
264
static inline TCGv_i32 neon_get_scalar(int size, int reg)
265
{
266
- TCGv_i32 tmp;
267
- if (size == 1) {
268
- tmp = neon_load_reg(reg & 7, reg >> 4);
269
+ TCGv_i32 tmp = tcg_temp_new_i32();
270
+ if (size == MO_16) {
271
+ read_neon_element32(tmp, reg & 7, reg >> 4, MO_32);
272
if (reg & 8) {
273
gen_neon_dup_high16(tmp);
274
} else {
275
gen_neon_dup_low16(tmp);
276
}
277
} else {
278
- tmp = neon_load_reg(reg & 15, reg >> 4);
279
+ read_neon_element32(tmp, reg & 15, reg >> 4, MO_32);
280
}
281
return tmp;
282
}
283
@@ -XXX,XX +XXX,XX @@ static bool do_2scalar(DisasContext *s, arg_2scalar *a,
284
* perform an accumulation operation of that result into the
285
* destination.
286
*/
287
- TCGv_i32 scalar;
288
+ TCGv_i32 scalar, tmp;
289
int pass;
290
291
if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
292
@@ -XXX,XX +XXX,XX @@ static bool do_2scalar(DisasContext *s, arg_2scalar *a,
293
}
294
295
scalar = neon_get_scalar(a->size, a->vm);
296
+ tmp = tcg_temp_new_i32();
297
298
for (pass = 0; pass < (a->q ? 4 : 2); pass++) {
299
- TCGv_i32 tmp = neon_load_reg(a->vn, pass);
300
+ read_neon_element32(tmp, a->vn, pass, MO_32);
301
opfn(tmp, tmp, scalar);
302
if (accfn) {
303
- TCGv_i32 rd = neon_load_reg(a->vd, pass);
304
+ TCGv_i32 rd = tcg_temp_new_i32();
305
+ read_neon_element32(rd, a->vd, pass, MO_32);
306
accfn(tmp, rd, tmp);
307
tcg_temp_free_i32(rd);
308
}
309
- neon_store_reg(a->vd, pass, tmp);
310
+ write_neon_element32(tmp, a->vd, pass, MO_32);
311
}
312
+ tcg_temp_free_i32(tmp);
313
tcg_temp_free_i32(scalar);
314
return true;
315
}
316
@@ -XXX,XX +XXX,XX @@ static bool do_vqrdmlah_2sc(DisasContext *s, arg_2scalar *a,
317
* performs a kind of fused op-then-accumulate using a helper
318
* function that takes all of rd, rn and the scalar at once.
319
*/
320
- TCGv_i32 scalar;
321
+ TCGv_i32 scalar, rn, rd;
322
int pass;
323
324
if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
325
@@ -XXX,XX +XXX,XX @@ static bool do_vqrdmlah_2sc(DisasContext *s, arg_2scalar *a,
326
}
327
328
scalar = neon_get_scalar(a->size, a->vm);
329
+ rn = tcg_temp_new_i32();
330
+ rd = tcg_temp_new_i32();
331
332
for (pass = 0; pass < (a->q ? 4 : 2); pass++) {
333
- TCGv_i32 rn = neon_load_reg(a->vn, pass);
334
- TCGv_i32 rd = neon_load_reg(a->vd, pass);
335
+ read_neon_element32(rn, a->vn, pass, MO_32);
336
+ read_neon_element32(rd, a->vd, pass, MO_32);
337
opfn(rd, cpu_env, rn, scalar, rd);
338
- tcg_temp_free_i32(rn);
339
- neon_store_reg(a->vd, pass, rd);
340
+ write_neon_element32(rd, a->vd, pass, MO_32);
341
}
342
+ tcg_temp_free_i32(rn);
343
+ tcg_temp_free_i32(rd);
344
tcg_temp_free_i32(scalar);
345
346
return true;
347
@@ -XXX,XX +XXX,XX @@ static bool do_2scalar_long(DisasContext *s, arg_2scalar *a,
348
scalar = neon_get_scalar(a->size, a->vm);
349
350
/* Load all inputs before writing any outputs, in case of overlap */
351
- rn = neon_load_reg(a->vn, 0);
352
+ rn = tcg_temp_new_i32();
353
+ read_neon_element32(rn, a->vn, 0, MO_32);
354
rn0_64 = tcg_temp_new_i64();
355
opfn(rn0_64, rn, scalar);
356
- tcg_temp_free_i32(rn);
357
358
- rn = neon_load_reg(a->vn, 1);
359
+ read_neon_element32(rn, a->vn, 1, MO_32);
360
rn1_64 = tcg_temp_new_i64();
361
opfn(rn1_64, rn, scalar);
362
tcg_temp_free_i32(rn);
363
@@ -XXX,XX +XXX,XX @@ static bool trans_VTBL(DisasContext *s, arg_VTBL *a)
364
return false;
365
}
366
n <<= 3;
367
+ tmp = tcg_temp_new_i32();
368
if (a->op) {
369
- tmp = neon_load_reg(a->vd, 0);
370
+ read_neon_element32(tmp, a->vd, 0, MO_32);
371
} else {
372
- tmp = tcg_temp_new_i32();
373
tcg_gen_movi_i32(tmp, 0);
374
}
375
- tmp2 = neon_load_reg(a->vm, 0);
376
+ tmp2 = tcg_temp_new_i32();
377
+ read_neon_element32(tmp2, a->vm, 0, MO_32);
378
ptr1 = vfp_reg_ptr(true, a->vn);
379
tmp4 = tcg_const_i32(n);
380
gen_helper_neon_tbl(tmp2, tmp2, tmp, ptr1, tmp4);
381
- tcg_temp_free_i32(tmp);
382
+
383
if (a->op) {
384
- tmp = neon_load_reg(a->vd, 1);
385
+ read_neon_element32(tmp, a->vd, 1, MO_32);
386
} else {
387
- tmp = tcg_temp_new_i32();
388
tcg_gen_movi_i32(tmp, 0);
389
}
390
- tmp3 = neon_load_reg(a->vm, 1);
391
+ tmp3 = tcg_temp_new_i32();
392
+ read_neon_element32(tmp3, a->vm, 1, MO_32);
393
gen_helper_neon_tbl(tmp3, tmp3, tmp, ptr1, tmp4);
394
+ tcg_temp_free_i32(tmp);
395
tcg_temp_free_i32(tmp4);
396
tcg_temp_free_ptr(ptr1);
397
- neon_store_reg(a->vd, 0, tmp2);
398
- neon_store_reg(a->vd, 1, tmp3);
399
- tcg_temp_free_i32(tmp);
400
+
401
+ write_neon_element32(tmp2, a->vd, 0, MO_32);
402
+ write_neon_element32(tmp3, a->vd, 1, MO_32);
403
+ tcg_temp_free_i32(tmp2);
404
+ tcg_temp_free_i32(tmp3);
405
return true;
406
}
407
408
@@ -XXX,XX +XXX,XX @@ static bool trans_VDUP_scalar(DisasContext *s, arg_VDUP_scalar *a)
409
static bool trans_VREV64(DisasContext *s, arg_VREV64 *a)
410
{
411
int pass, half;
412
+ TCGv_i32 tmp[2];
413
414
if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
415
return false;
416
@@ -XXX,XX +XXX,XX @@ static bool trans_VREV64(DisasContext *s, arg_VREV64 *a)
417
return true;
418
}
419
420
- for (pass = 0; pass < (a->q ? 2 : 1); pass++) {
421
- TCGv_i32 tmp[2];
422
+ tmp[0] = tcg_temp_new_i32();
423
+ tmp[1] = tcg_temp_new_i32();
424
425
+ for (pass = 0; pass < (a->q ? 2 : 1); pass++) {
426
for (half = 0; half < 2; half++) {
427
- tmp[half] = neon_load_reg(a->vm, pass * 2 + half);
428
+ read_neon_element32(tmp[half], a->vm, pass * 2 + half, MO_32);
429
switch (a->size) {
430
case 0:
431
tcg_gen_bswap32_i32(tmp[half], tmp[half]);
432
@@ -XXX,XX +XXX,XX @@ static bool trans_VREV64(DisasContext *s, arg_VREV64 *a)
433
g_assert_not_reached();
434
}
435
}
436
- neon_store_reg(a->vd, pass * 2, tmp[1]);
437
- neon_store_reg(a->vd, pass * 2 + 1, tmp[0]);
438
+ write_neon_element32(tmp[1], a->vd, pass * 2, MO_32);
439
+ write_neon_element32(tmp[0], a->vd, pass * 2 + 1, MO_32);
440
}
441
+
442
+ tcg_temp_free_i32(tmp[0]);
443
+ tcg_temp_free_i32(tmp[1]);
444
return true;
445
}
446
447
@@ -XXX,XX +XXX,XX @@ static bool do_2misc_pairwise(DisasContext *s, arg_2misc *a,
448
rm0_64 = tcg_temp_new_i64();
449
rm1_64 = tcg_temp_new_i64();
450
rd_64 = tcg_temp_new_i64();
451
- tmp = neon_load_reg(a->vm, pass * 2);
452
+
453
+ tmp = tcg_temp_new_i32();
454
+ read_neon_element32(tmp, a->vm, pass * 2, MO_32);
455
widenfn(rm0_64, tmp);
456
- tcg_temp_free_i32(tmp);
457
- tmp = neon_load_reg(a->vm, pass * 2 + 1);
458
+ read_neon_element32(tmp, a->vm, pass * 2 + 1, MO_32);
459
widenfn(rm1_64, tmp);
460
tcg_temp_free_i32(tmp);
461
+
462
opfn(rd_64, rm0_64, rm1_64);
463
tcg_temp_free_i64(rm0_64);
464
tcg_temp_free_i64(rm1_64);
465
@@ -XXX,XX +XXX,XX @@ static bool do_vmovn(DisasContext *s, arg_2misc *a,
466
narrowfn(rd0, cpu_env, rm);
467
neon_load_reg64(rm, a->vm + 1);
468
narrowfn(rd1, cpu_env, rm);
469
- neon_store_reg(a->vd, 0, rd0);
470
- neon_store_reg(a->vd, 1, rd1);
471
+ write_neon_element32(rd0, a->vd, 0, MO_32);
472
+ write_neon_element32(rd1, a->vd, 1, MO_32);
473
+ tcg_temp_free_i32(rd0);
474
+ tcg_temp_free_i32(rd1);
475
tcg_temp_free_i64(rm);
476
return true;
477
}
478
@@ -XXX,XX +XXX,XX @@ static bool trans_VSHLL(DisasContext *s, arg_2misc *a)
479
}
480
481
rd = tcg_temp_new_i64();
482
+ rm0 = tcg_temp_new_i32();
483
+ rm1 = tcg_temp_new_i32();
484
485
- rm0 = neon_load_reg(a->vm, 0);
486
- rm1 = neon_load_reg(a->vm, 1);
487
+ read_neon_element32(rm0, a->vm, 0, MO_32);
488
+ read_neon_element32(rm1, a->vm, 1, MO_32);
489
490
widenfn(rd, rm0);
491
tcg_gen_shli_i64(rd, rd, 8 << a->size);
492
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_F16_F32(DisasContext *s, arg_2misc *a)
493
494
fpst = fpstatus_ptr(FPST_STD);
495
ahp = get_ahp_flag();
496
- tmp = neon_load_reg(a->vm, 0);
497
+ tmp = tcg_temp_new_i32();
498
+ read_neon_element32(tmp, a->vm, 0, MO_32);
499
gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
500
- tmp2 = neon_load_reg(a->vm, 1);
501
+ tmp2 = tcg_temp_new_i32();
502
+ read_neon_element32(tmp2, a->vm, 1, MO_32);
503
gen_helper_vfp_fcvt_f32_to_f16(tmp2, tmp2, fpst, ahp);
504
tcg_gen_shli_i32(tmp2, tmp2, 16);
505
tcg_gen_or_i32(tmp2, tmp2, tmp);
506
- tcg_temp_free_i32(tmp);
507
- tmp = neon_load_reg(a->vm, 2);
508
+ read_neon_element32(tmp, a->vm, 2, MO_32);
509
gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
510
- tmp3 = neon_load_reg(a->vm, 3);
511
- neon_store_reg(a->vd, 0, tmp2);
512
+ tmp3 = tcg_temp_new_i32();
513
+ read_neon_element32(tmp3, a->vm, 3, MO_32);
514
+ write_neon_element32(tmp2, a->vd, 0, MO_32);
515
+ tcg_temp_free_i32(tmp2);
516
gen_helper_vfp_fcvt_f32_to_f16(tmp3, tmp3, fpst, ahp);
517
tcg_gen_shli_i32(tmp3, tmp3, 16);
518
tcg_gen_or_i32(tmp3, tmp3, tmp);
519
- neon_store_reg(a->vd, 1, tmp3);
520
+ write_neon_element32(tmp3, a->vd, 1, MO_32);
521
+ tcg_temp_free_i32(tmp3);
522
tcg_temp_free_i32(tmp);
523
tcg_temp_free_i32(ahp);
524
tcg_temp_free_ptr(fpst);
525
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_F32_F16(DisasContext *s, arg_2misc *a)
526
fpst = fpstatus_ptr(FPST_STD);
527
ahp = get_ahp_flag();
528
tmp3 = tcg_temp_new_i32();
529
- tmp = neon_load_reg(a->vm, 0);
530
- tmp2 = neon_load_reg(a->vm, 1);
531
+ tmp2 = tcg_temp_new_i32();
532
+ tmp = tcg_temp_new_i32();
533
+ read_neon_element32(tmp, a->vm, 0, MO_32);
534
+ read_neon_element32(tmp2, a->vm, 1, MO_32);
535
tcg_gen_ext16u_i32(tmp3, tmp);
536
gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
537
- neon_store_reg(a->vd, 0, tmp3);
538
+ write_neon_element32(tmp3, a->vd, 0, MO_32);
539
tcg_gen_shri_i32(tmp, tmp, 16);
540
gen_helper_vfp_fcvt_f16_to_f32(tmp, tmp, fpst, ahp);
541
- neon_store_reg(a->vd, 1, tmp);
542
- tmp3 = tcg_temp_new_i32();
543
+ write_neon_element32(tmp, a->vd, 1, MO_32);
544
+ tcg_temp_free_i32(tmp);
545
tcg_gen_ext16u_i32(tmp3, tmp2);
546
gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
547
- neon_store_reg(a->vd, 2, tmp3);
548
+ write_neon_element32(tmp3, a->vd, 2, MO_32);
549
+ tcg_temp_free_i32(tmp3);
550
tcg_gen_shri_i32(tmp2, tmp2, 16);
551
gen_helper_vfp_fcvt_f16_to_f32(tmp2, tmp2, fpst, ahp);
552
- neon_store_reg(a->vd, 3, tmp2);
553
+ write_neon_element32(tmp2, a->vd, 3, MO_32);
554
+ tcg_temp_free_i32(tmp2);
555
tcg_temp_free_i32(ahp);
556
tcg_temp_free_ptr(fpst);
557
558
@@ -XXX,XX +XXX,XX @@ DO_2M_CRYPTO(SHA256SU0, aa32_sha2, 2)
559
560
static bool do_2misc(DisasContext *s, arg_2misc *a, NeonGenOneOpFn *fn)
561
{
562
+ TCGv_i32 tmp;
563
int pass;
564
565
/* Handle a 2-reg-misc operation by iterating 32 bits at a time */
566
@@ -XXX,XX +XXX,XX @@ static bool do_2misc(DisasContext *s, arg_2misc *a, NeonGenOneOpFn *fn)
567
return true;
568
}
569
570
+ tmp = tcg_temp_new_i32();
571
for (pass = 0; pass < (a->q ? 4 : 2); pass++) {
572
- TCGv_i32 tmp = neon_load_reg(a->vm, pass);
573
+ read_neon_element32(tmp, a->vm, pass, MO_32);
574
fn(tmp, tmp);
575
- neon_store_reg(a->vd, pass, tmp);
576
+ write_neon_element32(tmp, a->vd, pass, MO_32);
577
}
578
+ tcg_temp_free_i32(tmp);
579
580
return true;
581
}
582
@@ -XXX,XX +XXX,XX @@ static bool trans_VTRN(DisasContext *s, arg_2misc *a)
583
return true;
584
}
585
586
- if (a->size == 2) {
587
+ tmp = tcg_temp_new_i32();
588
+ tmp2 = tcg_temp_new_i32();
589
+ if (a->size == MO_32) {
590
for (pass = 0; pass < (a->q ? 4 : 2); pass += 2) {
591
- tmp = neon_load_reg(a->vm, pass);
592
- tmp2 = neon_load_reg(a->vd, pass + 1);
593
- neon_store_reg(a->vm, pass, tmp2);
594
- neon_store_reg(a->vd, pass + 1, tmp);
595
+ read_neon_element32(tmp, a->vm, pass, MO_32);
596
+ read_neon_element32(tmp2, a->vd, pass + 1, MO_32);
597
+ write_neon_element32(tmp2, a->vm, pass, MO_32);
598
+ write_neon_element32(tmp, a->vd, pass + 1, MO_32);
599
}
600
} else {
601
for (pass = 0; pass < (a->q ? 4 : 2); pass++) {
602
- tmp = neon_load_reg(a->vm, pass);
603
- tmp2 = neon_load_reg(a->vd, pass);
604
- if (a->size == 0) {
605
+ read_neon_element32(tmp, a->vm, pass, MO_32);
606
+ read_neon_element32(tmp2, a->vd, pass, MO_32);
607
+ if (a->size == MO_8) {
608
gen_neon_trn_u8(tmp, tmp2);
609
} else {
610
gen_neon_trn_u16(tmp, tmp2);
611
}
612
- neon_store_reg(a->vm, pass, tmp2);
613
- neon_store_reg(a->vd, pass, tmp);
614
+ write_neon_element32(tmp2, a->vm, pass, MO_32);
615
+ write_neon_element32(tmp, a->vd, pass, MO_32);
616
}
617
}
618
+ tcg_temp_free_i32(tmp);
619
+ tcg_temp_free_i32(tmp2);
620
return true;
621
}
622
--
324
--
623
2.20.1
325
2.25.1
624
625
diff view generated by jsdifflib
[PULL 07/26] target/arm: Rename neon_load_reg32 to vfp_load_reg32
[PULL 19/30] target/arm: Implement FEAT_HAFDBS, dirty bit portion
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
The only uses of this function are for loading VFP
3
Perform the atomic update for hardware management of the dirty bit.
4
single-precision values, and nothing to do with NEON.
5
4
6
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20201030022618.785675-8-richard.henderson@linaro.org
6
Message-id: 20221024051851.3074715-14-richard.henderson@linaro.org
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
8
---
11
target/arm/translate.c | 4 +-
9
target/arm/cpu64.c | 2 +-
12
target/arm/translate-vfp.c.inc | 184 ++++++++++++++++-----------------
10
target/arm/ptw.c | 16 ++++++++++++++++
13
2 files changed, 94 insertions(+), 94 deletions(-)
11
2 files changed, 17 insertions(+), 1 deletion(-)
14
12
15
diff --git a/target/arm/translate.c b/target/arm/translate.c
13
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
16
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/translate.c
15
--- a/target/arm/cpu64.c
18
+++ b/target/arm/translate.c
16
+++ b/target/arm/cpu64.c
19
@@ -XXX,XX +XXX,XX @@ static inline void neon_store_reg64(TCGv_i64 var, int reg)
17
@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
20
tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
18
cpu->isar.id_aa64mmfr0 = t;
21
}
19
22
20
t = cpu->isar.id_aa64mmfr1;
23
-static inline void neon_load_reg32(TCGv_i32 var, int reg)
21
- t = FIELD_DP64(t, ID_AA64MMFR1, HAFDBS, 1); /* FEAT_HAFDBS, AF only */
24
+static inline void vfp_load_reg32(TCGv_i32 var, int reg)
22
+ t = FIELD_DP64(t, ID_AA64MMFR1, HAFDBS, 2); /* FEAT_HAFDBS */
25
{
23
t = FIELD_DP64(t, ID_AA64MMFR1, VMIDBITS, 2); /* FEAT_VMID16 */
26
tcg_gen_ld_i32(var, cpu_env, vfp_reg_offset(false, reg));
24
t = FIELD_DP64(t, ID_AA64MMFR1, VH, 1); /* FEAT_VHE */
27
}
25
t = FIELD_DP64(t, ID_AA64MMFR1, HPDS, 1); /* FEAT_HPDS */
28
26
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
29
-static inline void neon_store_reg32(TCGv_i32 var, int reg)
30
+static inline void vfp_store_reg32(TCGv_i32 var, int reg)
31
{
32
tcg_gen_st_i32(var, cpu_env, vfp_reg_offset(false, reg));
33
}
34
diff --git a/target/arm/translate-vfp.c.inc b/target/arm/translate-vfp.c.inc
35
index XXXXXXX..XXXXXXX 100644
27
index XXXXXXX..XXXXXXX 100644
36
--- a/target/arm/translate-vfp.c.inc
28
--- a/target/arm/ptw.c
37
+++ b/target/arm/translate-vfp.c.inc
29
+++ b/target/arm/ptw.c
38
@@ -XXX,XX +XXX,XX @@ static bool trans_VSEL(DisasContext *s, arg_VSEL *a)
30
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
39
frn = tcg_temp_new_i32();
31
goto do_fault;
40
frm = tcg_temp_new_i32();
41
dest = tcg_temp_new_i32();
42
- neon_load_reg32(frn, rn);
43
- neon_load_reg32(frm, rm);
44
+ vfp_load_reg32(frn, rn);
45
+ vfp_load_reg32(frm, rm);
46
switch (a->cc) {
47
case 0: /* eq: Z */
48
tcg_gen_movcond_i32(TCG_COND_EQ, dest, cpu_ZF, zero,
49
@@ -XXX,XX +XXX,XX @@ static bool trans_VSEL(DisasContext *s, arg_VSEL *a)
50
if (sz == 1) {
51
tcg_gen_andi_i32(dest, dest, 0xffff);
52
}
53
- neon_store_reg32(dest, rd);
54
+ vfp_store_reg32(dest, rd);
55
tcg_temp_free_i32(frn);
56
tcg_temp_free_i32(frm);
57
tcg_temp_free_i32(dest);
58
@@ -XXX,XX +XXX,XX @@ static bool trans_VRINT(DisasContext *s, arg_VRINT *a)
59
TCGv_i32 tcg_res;
60
tcg_op = tcg_temp_new_i32();
61
tcg_res = tcg_temp_new_i32();
62
- neon_load_reg32(tcg_op, rm);
63
+ vfp_load_reg32(tcg_op, rm);
64
if (sz == 1) {
65
gen_helper_rinth(tcg_res, tcg_op, fpst);
66
} else {
67
gen_helper_rints(tcg_res, tcg_op, fpst);
68
}
69
- neon_store_reg32(tcg_res, rd);
70
+ vfp_store_reg32(tcg_res, rd);
71
tcg_temp_free_i32(tcg_op);
72
tcg_temp_free_i32(tcg_res);
73
}
74
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT(DisasContext *s, arg_VCVT *a)
75
gen_helper_vfp_tould(tcg_res, tcg_double, tcg_shift, fpst);
76
}
77
tcg_gen_extrl_i64_i32(tcg_tmp, tcg_res);
78
- neon_store_reg32(tcg_tmp, rd);
79
+ vfp_store_reg32(tcg_tmp, rd);
80
tcg_temp_free_i32(tcg_tmp);
81
tcg_temp_free_i64(tcg_res);
82
tcg_temp_free_i64(tcg_double);
83
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT(DisasContext *s, arg_VCVT *a)
84
TCGv_i32 tcg_single, tcg_res;
85
tcg_single = tcg_temp_new_i32();
86
tcg_res = tcg_temp_new_i32();
87
- neon_load_reg32(tcg_single, rm);
88
+ vfp_load_reg32(tcg_single, rm);
89
if (sz == 1) {
90
if (is_signed) {
91
gen_helper_vfp_toslh(tcg_res, tcg_single, tcg_shift, fpst);
92
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT(DisasContext *s, arg_VCVT *a)
93
gen_helper_vfp_touls(tcg_res, tcg_single, tcg_shift, fpst);
94
}
32
}
95
}
33
}
96
- neon_store_reg32(tcg_res, rd);
34
+
97
+ vfp_store_reg32(tcg_res, rd);
35
+ /*
98
tcg_temp_free_i32(tcg_res);
36
+ * Dirty Bit.
99
tcg_temp_free_i32(tcg_single);
37
+ * If HD is enabled, pre-emptively set/clear the appropriate AP/S2AP
38
+ * bit for writeback. The actual write protection test may still be
39
+ * overridden by tableattrs, to be merged below.
40
+ */
41
+ if (param.hd
42
+ && extract64(descriptor, 51, 1) /* DBM */
43
+ && access_type == MMU_DATA_STORE) {
44
+ if (regime_is_stage2(mmu_idx)) {
45
+ new_descriptor |= 1ull << 7; /* set S2AP[1] */
46
+ } else {
47
+ new_descriptor &= ~(1ull << 7); /* clear AP[2] */
48
+ }
49
+ }
100
}
50
}
101
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_half(DisasContext *s, arg_VMOV_single *a)
51
102
if (a->l) {
52
/*
103
/* VFP to general purpose register */
104
tmp = tcg_temp_new_i32();
105
- neon_load_reg32(tmp, a->vn);
106
+ vfp_load_reg32(tmp, a->vn);
107
tcg_gen_andi_i32(tmp, tmp, 0xffff);
108
store_reg(s, a->rt, tmp);
109
} else {
110
/* general purpose register to VFP */
111
tmp = load_reg(s, a->rt);
112
tcg_gen_andi_i32(tmp, tmp, 0xffff);
113
- neon_store_reg32(tmp, a->vn);
114
+ vfp_store_reg32(tmp, a->vn);
115
tcg_temp_free_i32(tmp);
116
}
117
118
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_single(DisasContext *s, arg_VMOV_single *a)
119
if (a->l) {
120
/* VFP to general purpose register */
121
tmp = tcg_temp_new_i32();
122
- neon_load_reg32(tmp, a->vn);
123
+ vfp_load_reg32(tmp, a->vn);
124
if (a->rt == 15) {
125
/* Set the 4 flag bits in the CPSR. */
126
gen_set_nzcv(tmp);
127
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_single(DisasContext *s, arg_VMOV_single *a)
128
} else {
129
/* general purpose register to VFP */
130
tmp = load_reg(s, a->rt);
131
- neon_store_reg32(tmp, a->vn);
132
+ vfp_store_reg32(tmp, a->vn);
133
tcg_temp_free_i32(tmp);
134
}
135
136
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_64_sp(DisasContext *s, arg_VMOV_64_sp *a)
137
if (a->op) {
138
/* fpreg to gpreg */
139
tmp = tcg_temp_new_i32();
140
- neon_load_reg32(tmp, a->vm);
141
+ vfp_load_reg32(tmp, a->vm);
142
store_reg(s, a->rt, tmp);
143
tmp = tcg_temp_new_i32();
144
- neon_load_reg32(tmp, a->vm + 1);
145
+ vfp_load_reg32(tmp, a->vm + 1);
146
store_reg(s, a->rt2, tmp);
147
} else {
148
/* gpreg to fpreg */
149
tmp = load_reg(s, a->rt);
150
- neon_store_reg32(tmp, a->vm);
151
+ vfp_store_reg32(tmp, a->vm);
152
tcg_temp_free_i32(tmp);
153
tmp = load_reg(s, a->rt2);
154
- neon_store_reg32(tmp, a->vm + 1);
155
+ vfp_store_reg32(tmp, a->vm + 1);
156
tcg_temp_free_i32(tmp);
157
}
158
159
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_64_dp(DisasContext *s, arg_VMOV_64_dp *a)
160
if (a->op) {
161
/* fpreg to gpreg */
162
tmp = tcg_temp_new_i32();
163
- neon_load_reg32(tmp, a->vm * 2);
164
+ vfp_load_reg32(tmp, a->vm * 2);
165
store_reg(s, a->rt, tmp);
166
tmp = tcg_temp_new_i32();
167
- neon_load_reg32(tmp, a->vm * 2 + 1);
168
+ vfp_load_reg32(tmp, a->vm * 2 + 1);
169
store_reg(s, a->rt2, tmp);
170
} else {
171
/* gpreg to fpreg */
172
tmp = load_reg(s, a->rt);
173
- neon_store_reg32(tmp, a->vm * 2);
174
+ vfp_store_reg32(tmp, a->vm * 2);
175
tcg_temp_free_i32(tmp);
176
tmp = load_reg(s, a->rt2);
177
- neon_store_reg32(tmp, a->vm * 2 + 1);
178
+ vfp_store_reg32(tmp, a->vm * 2 + 1);
179
tcg_temp_free_i32(tmp);
180
}
181
182
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_hp(DisasContext *s, arg_VLDR_VSTR_sp *a)
183
tmp = tcg_temp_new_i32();
184
if (a->l) {
185
gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
186
- neon_store_reg32(tmp, a->vd);
187
+ vfp_store_reg32(tmp, a->vd);
188
} else {
189
- neon_load_reg32(tmp, a->vd);
190
+ vfp_load_reg32(tmp, a->vd);
191
gen_aa32_st16(s, tmp, addr, get_mem_index(s));
192
}
193
tcg_temp_free_i32(tmp);
194
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_sp(DisasContext *s, arg_VLDR_VSTR_sp *a)
195
tmp = tcg_temp_new_i32();
196
if (a->l) {
197
gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
198
- neon_store_reg32(tmp, a->vd);
199
+ vfp_store_reg32(tmp, a->vd);
200
} else {
201
- neon_load_reg32(tmp, a->vd);
202
+ vfp_load_reg32(tmp, a->vd);
203
gen_aa32_st32(s, tmp, addr, get_mem_index(s));
204
}
205
tcg_temp_free_i32(tmp);
206
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDM_VSTM_sp(DisasContext *s, arg_VLDM_VSTM_sp *a)
207
if (a->l) {
208
/* load */
209
gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
210
- neon_store_reg32(tmp, a->vd + i);
211
+ vfp_store_reg32(tmp, a->vd + i);
212
} else {
213
/* store */
214
- neon_load_reg32(tmp, a->vd + i);
215
+ vfp_load_reg32(tmp, a->vd + i);
216
gen_aa32_st32(s, tmp, addr, get_mem_index(s));
217
}
218
tcg_gen_addi_i32(addr, addr, offset);
219
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_3op_sp(DisasContext *s, VFPGen3OpSPFn *fn,
220
fd = tcg_temp_new_i32();
221
fpst = fpstatus_ptr(FPST_FPCR);
222
223
- neon_load_reg32(f0, vn);
224
- neon_load_reg32(f1, vm);
225
+ vfp_load_reg32(f0, vn);
226
+ vfp_load_reg32(f1, vm);
227
228
for (;;) {
229
if (reads_vd) {
230
- neon_load_reg32(fd, vd);
231
+ vfp_load_reg32(fd, vd);
232
}
233
fn(fd, f0, f1, fpst);
234
- neon_store_reg32(fd, vd);
235
+ vfp_store_reg32(fd, vd);
236
237
if (veclen == 0) {
238
break;
239
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_3op_sp(DisasContext *s, VFPGen3OpSPFn *fn,
240
veclen--;
241
vd = vfp_advance_sreg(vd, delta_d);
242
vn = vfp_advance_sreg(vn, delta_d);
243
- neon_load_reg32(f0, vn);
244
+ vfp_load_reg32(f0, vn);
245
if (delta_m) {
246
vm = vfp_advance_sreg(vm, delta_m);
247
- neon_load_reg32(f1, vm);
248
+ vfp_load_reg32(f1, vm);
249
}
250
}
251
252
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_3op_hp(DisasContext *s, VFPGen3OpSPFn *fn,
253
fd = tcg_temp_new_i32();
254
fpst = fpstatus_ptr(FPST_FPCR_F16);
255
256
- neon_load_reg32(f0, vn);
257
- neon_load_reg32(f1, vm);
258
+ vfp_load_reg32(f0, vn);
259
+ vfp_load_reg32(f1, vm);
260
261
if (reads_vd) {
262
- neon_load_reg32(fd, vd);
263
+ vfp_load_reg32(fd, vd);
264
}
265
fn(fd, f0, f1, fpst);
266
- neon_store_reg32(fd, vd);
267
+ vfp_store_reg32(fd, vd);
268
269
tcg_temp_free_i32(f0);
270
tcg_temp_free_i32(f1);
271
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_2op_sp(DisasContext *s, VFPGen2OpSPFn *fn, int vd, int vm)
272
f0 = tcg_temp_new_i32();
273
fd = tcg_temp_new_i32();
274
275
- neon_load_reg32(f0, vm);
276
+ vfp_load_reg32(f0, vm);
277
278
for (;;) {
279
fn(fd, f0);
280
- neon_store_reg32(fd, vd);
281
+ vfp_store_reg32(fd, vd);
282
283
if (veclen == 0) {
284
break;
285
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_2op_sp(DisasContext *s, VFPGen2OpSPFn *fn, int vd, int vm)
286
/* single source one-many */
287
while (veclen--) {
288
vd = vfp_advance_sreg(vd, delta_d);
289
- neon_store_reg32(fd, vd);
290
+ vfp_store_reg32(fd, vd);
291
}
292
break;
293
}
294
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_2op_sp(DisasContext *s, VFPGen2OpSPFn *fn, int vd, int vm)
295
veclen--;
296
vd = vfp_advance_sreg(vd, delta_d);
297
vm = vfp_advance_sreg(vm, delta_m);
298
- neon_load_reg32(f0, vm);
299
+ vfp_load_reg32(f0, vm);
300
}
301
302
tcg_temp_free_i32(f0);
303
@@ -XXX,XX +XXX,XX @@ static bool do_vfp_2op_hp(DisasContext *s, VFPGen2OpSPFn *fn, int vd, int vm)
304
}
305
306
f0 = tcg_temp_new_i32();
307
- neon_load_reg32(f0, vm);
308
+ vfp_load_reg32(f0, vm);
309
fn(f0, f0);
310
- neon_store_reg32(f0, vd);
311
+ vfp_store_reg32(f0, vd);
312
tcg_temp_free_i32(f0);
313
314
return true;
315
@@ -XXX,XX +XXX,XX @@ static bool do_vfm_hp(DisasContext *s, arg_VFMA_sp *a, bool neg_n, bool neg_d)
316
vm = tcg_temp_new_i32();
317
vd = tcg_temp_new_i32();
318
319
- neon_load_reg32(vn, a->vn);
320
- neon_load_reg32(vm, a->vm);
321
+ vfp_load_reg32(vn, a->vn);
322
+ vfp_load_reg32(vm, a->vm);
323
if (neg_n) {
324
/* VFNMS, VFMS */
325
gen_helper_vfp_negh(vn, vn);
326
}
327
- neon_load_reg32(vd, a->vd);
328
+ vfp_load_reg32(vd, a->vd);
329
if (neg_d) {
330
/* VFNMA, VFNMS */
331
gen_helper_vfp_negh(vd, vd);
332
}
333
fpst = fpstatus_ptr(FPST_FPCR_F16);
334
gen_helper_vfp_muladdh(vd, vn, vm, vd, fpst);
335
- neon_store_reg32(vd, a->vd);
336
+ vfp_store_reg32(vd, a->vd);
337
338
tcg_temp_free_ptr(fpst);
339
tcg_temp_free_i32(vn);
340
@@ -XXX,XX +XXX,XX @@ static bool do_vfm_sp(DisasContext *s, arg_VFMA_sp *a, bool neg_n, bool neg_d)
341
vm = tcg_temp_new_i32();
342
vd = tcg_temp_new_i32();
343
344
- neon_load_reg32(vn, a->vn);
345
- neon_load_reg32(vm, a->vm);
346
+ vfp_load_reg32(vn, a->vn);
347
+ vfp_load_reg32(vm, a->vm);
348
if (neg_n) {
349
/* VFNMS, VFMS */
350
gen_helper_vfp_negs(vn, vn);
351
}
352
- neon_load_reg32(vd, a->vd);
353
+ vfp_load_reg32(vd, a->vd);
354
if (neg_d) {
355
/* VFNMA, VFNMS */
356
gen_helper_vfp_negs(vd, vd);
357
}
358
fpst = fpstatus_ptr(FPST_FPCR);
359
gen_helper_vfp_muladds(vd, vn, vm, vd, fpst);
360
- neon_store_reg32(vd, a->vd);
361
+ vfp_store_reg32(vd, a->vd);
362
363
tcg_temp_free_ptr(fpst);
364
tcg_temp_free_i32(vn);
365
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_imm_hp(DisasContext *s, arg_VMOV_imm_sp *a)
366
}
367
368
fd = tcg_const_i32(vfp_expand_imm(MO_16, a->imm));
369
- neon_store_reg32(fd, a->vd);
370
+ vfp_store_reg32(fd, a->vd);
371
tcg_temp_free_i32(fd);
372
return true;
373
}
374
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOV_imm_sp(DisasContext *s, arg_VMOV_imm_sp *a)
375
fd = tcg_const_i32(vfp_expand_imm(MO_32, a->imm));
376
377
for (;;) {
378
- neon_store_reg32(fd, vd);
379
+ vfp_store_reg32(fd, vd);
380
381
if (veclen == 0) {
382
break;
383
@@ -XXX,XX +XXX,XX @@ static bool trans_VCMP_hp(DisasContext *s, arg_VCMP_sp *a)
384
vd = tcg_temp_new_i32();
385
vm = tcg_temp_new_i32();
386
387
- neon_load_reg32(vd, a->vd);
388
+ vfp_load_reg32(vd, a->vd);
389
if (a->z) {
390
tcg_gen_movi_i32(vm, 0);
391
} else {
392
- neon_load_reg32(vm, a->vm);
393
+ vfp_load_reg32(vm, a->vm);
394
}
395
396
if (a->e) {
397
@@ -XXX,XX +XXX,XX @@ static bool trans_VCMP_sp(DisasContext *s, arg_VCMP_sp *a)
398
vd = tcg_temp_new_i32();
399
vm = tcg_temp_new_i32();
400
401
- neon_load_reg32(vd, a->vd);
402
+ vfp_load_reg32(vd, a->vd);
403
if (a->z) {
404
tcg_gen_movi_i32(vm, 0);
405
} else {
406
- neon_load_reg32(vm, a->vm);
407
+ vfp_load_reg32(vm, a->vm);
408
}
409
410
if (a->e) {
411
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_f32_f16(DisasContext *s, arg_VCVT_f32_f16 *a)
412
/* The T bit tells us if we want the low or high 16 bits of Vm */
413
tcg_gen_ld16u_i32(tmp, cpu_env, vfp_f16_offset(a->vm, a->t));
414
gen_helper_vfp_fcvt_f16_to_f32(tmp, tmp, fpst, ahp_mode);
415
- neon_store_reg32(tmp, a->vd);
416
+ vfp_store_reg32(tmp, a->vd);
417
tcg_temp_free_i32(ahp_mode);
418
tcg_temp_free_ptr(fpst);
419
tcg_temp_free_i32(tmp);
420
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_f16_f32(DisasContext *s, arg_VCVT_f16_f32 *a)
421
ahp_mode = get_ahp_flag();
422
tmp = tcg_temp_new_i32();
423
424
- neon_load_reg32(tmp, a->vm);
425
+ vfp_load_reg32(tmp, a->vm);
426
gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp_mode);
427
tcg_gen_st16_i32(tmp, cpu_env, vfp_f16_offset(a->vd, a->t));
428
tcg_temp_free_i32(ahp_mode);
429
@@ -XXX,XX +XXX,XX @@ static bool trans_VRINTR_hp(DisasContext *s, arg_VRINTR_sp *a)
430
}
431
432
tmp = tcg_temp_new_i32();
433
- neon_load_reg32(tmp, a->vm);
434
+ vfp_load_reg32(tmp, a->vm);
435
fpst = fpstatus_ptr(FPST_FPCR_F16);
436
gen_helper_rinth(tmp, tmp, fpst);
437
- neon_store_reg32(tmp, a->vd);
438
+ vfp_store_reg32(tmp, a->vd);
439
tcg_temp_free_ptr(fpst);
440
tcg_temp_free_i32(tmp);
441
return true;
442
@@ -XXX,XX +XXX,XX @@ static bool trans_VRINTR_sp(DisasContext *s, arg_VRINTR_sp *a)
443
}
444
445
tmp = tcg_temp_new_i32();
446
- neon_load_reg32(tmp, a->vm);
447
+ vfp_load_reg32(tmp, a->vm);
448
fpst = fpstatus_ptr(FPST_FPCR);
449
gen_helper_rints(tmp, tmp, fpst);
450
- neon_store_reg32(tmp, a->vd);
451
+ vfp_store_reg32(tmp, a->vd);
452
tcg_temp_free_ptr(fpst);
453
tcg_temp_free_i32(tmp);
454
return true;
455
@@ -XXX,XX +XXX,XX @@ static bool trans_VRINTZ_hp(DisasContext *s, arg_VRINTZ_sp *a)
456
}
457
458
tmp = tcg_temp_new_i32();
459
- neon_load_reg32(tmp, a->vm);
460
+ vfp_load_reg32(tmp, a->vm);
461
fpst = fpstatus_ptr(FPST_FPCR_F16);
462
tcg_rmode = tcg_const_i32(float_round_to_zero);
463
gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
464
gen_helper_rinth(tmp, tmp, fpst);
465
gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
466
- neon_store_reg32(tmp, a->vd);
467
+ vfp_store_reg32(tmp, a->vd);
468
tcg_temp_free_ptr(fpst);
469
tcg_temp_free_i32(tcg_rmode);
470
tcg_temp_free_i32(tmp);
471
@@ -XXX,XX +XXX,XX @@ static bool trans_VRINTZ_sp(DisasContext *s, arg_VRINTZ_sp *a)
472
}
473
474
tmp = tcg_temp_new_i32();
475
- neon_load_reg32(tmp, a->vm);
476
+ vfp_load_reg32(tmp, a->vm);
477
fpst = fpstatus_ptr(FPST_FPCR);
478
tcg_rmode = tcg_const_i32(float_round_to_zero);
479
gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
480
gen_helper_rints(tmp, tmp, fpst);
481
gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
482
- neon_store_reg32(tmp, a->vd);
483
+ vfp_store_reg32(tmp, a->vd);
484
tcg_temp_free_ptr(fpst);
485
tcg_temp_free_i32(tcg_rmode);
486
tcg_temp_free_i32(tmp);
487
@@ -XXX,XX +XXX,XX @@ static bool trans_VRINTX_hp(DisasContext *s, arg_VRINTX_sp *a)
488
}
489
490
tmp = tcg_temp_new_i32();
491
- neon_load_reg32(tmp, a->vm);
492
+ vfp_load_reg32(tmp, a->vm);
493
fpst = fpstatus_ptr(FPST_FPCR_F16);
494
gen_helper_rinth_exact(tmp, tmp, fpst);
495
- neon_store_reg32(tmp, a->vd);
496
+ vfp_store_reg32(tmp, a->vd);
497
tcg_temp_free_ptr(fpst);
498
tcg_temp_free_i32(tmp);
499
return true;
500
@@ -XXX,XX +XXX,XX @@ static bool trans_VRINTX_sp(DisasContext *s, arg_VRINTX_sp *a)
501
}
502
503
tmp = tcg_temp_new_i32();
504
- neon_load_reg32(tmp, a->vm);
505
+ vfp_load_reg32(tmp, a->vm);
506
fpst = fpstatus_ptr(FPST_FPCR);
507
gen_helper_rints_exact(tmp, tmp, fpst);
508
- neon_store_reg32(tmp, a->vd);
509
+ vfp_store_reg32(tmp, a->vd);
510
tcg_temp_free_ptr(fpst);
511
tcg_temp_free_i32(tmp);
512
return true;
513
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_sp(DisasContext *s, arg_VCVT_sp *a)
514
515
vm = tcg_temp_new_i32();
516
vd = tcg_temp_new_i64();
517
- neon_load_reg32(vm, a->vm);
518
+ vfp_load_reg32(vm, a->vm);
519
gen_helper_vfp_fcvtds(vd, vm, cpu_env);
520
neon_store_reg64(vd, a->vd);
521
tcg_temp_free_i32(vm);
522
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_dp(DisasContext *s, arg_VCVT_dp *a)
523
vm = tcg_temp_new_i64();
524
neon_load_reg64(vm, a->vm);
525
gen_helper_vfp_fcvtsd(vd, vm, cpu_env);
526
- neon_store_reg32(vd, a->vd);
527
+ vfp_store_reg32(vd, a->vd);
528
tcg_temp_free_i32(vd);
529
tcg_temp_free_i64(vm);
530
return true;
531
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_int_hp(DisasContext *s, arg_VCVT_int_sp *a)
532
}
533
534
vm = tcg_temp_new_i32();
535
- neon_load_reg32(vm, a->vm);
536
+ vfp_load_reg32(vm, a->vm);
537
fpst = fpstatus_ptr(FPST_FPCR_F16);
538
if (a->s) {
539
/* i32 -> f16 */
540
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_int_hp(DisasContext *s, arg_VCVT_int_sp *a)
541
/* u32 -> f16 */
542
gen_helper_vfp_uitoh(vm, vm, fpst);
543
}
544
- neon_store_reg32(vm, a->vd);
545
+ vfp_store_reg32(vm, a->vd);
546
tcg_temp_free_i32(vm);
547
tcg_temp_free_ptr(fpst);
548
return true;
549
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_int_sp(DisasContext *s, arg_VCVT_int_sp *a)
550
}
551
552
vm = tcg_temp_new_i32();
553
- neon_load_reg32(vm, a->vm);
554
+ vfp_load_reg32(vm, a->vm);
555
fpst = fpstatus_ptr(FPST_FPCR);
556
if (a->s) {
557
/* i32 -> f32 */
558
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_int_sp(DisasContext *s, arg_VCVT_int_sp *a)
559
/* u32 -> f32 */
560
gen_helper_vfp_uitos(vm, vm, fpst);
561
}
562
- neon_store_reg32(vm, a->vd);
563
+ vfp_store_reg32(vm, a->vd);
564
tcg_temp_free_i32(vm);
565
tcg_temp_free_ptr(fpst);
566
return true;
567
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_int_dp(DisasContext *s, arg_VCVT_int_dp *a)
568
569
vm = tcg_temp_new_i32();
570
vd = tcg_temp_new_i64();
571
- neon_load_reg32(vm, a->vm);
572
+ vfp_load_reg32(vm, a->vm);
573
fpst = fpstatus_ptr(FPST_FPCR);
574
if (a->s) {
575
/* i32 -> f64 */
576
@@ -XXX,XX +XXX,XX @@ static bool trans_VJCVT(DisasContext *s, arg_VJCVT *a)
577
vd = tcg_temp_new_i32();
578
neon_load_reg64(vm, a->vm);
579
gen_helper_vjcvt(vd, vm, cpu_env);
580
- neon_store_reg32(vd, a->vd);
581
+ vfp_store_reg32(vd, a->vd);
582
tcg_temp_free_i64(vm);
583
tcg_temp_free_i32(vd);
584
return true;
585
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_fix_hp(DisasContext *s, arg_VCVT_fix_sp *a)
586
frac_bits = (a->opc & 1) ? (32 - a->imm) : (16 - a->imm);
587
588
vd = tcg_temp_new_i32();
589
- neon_load_reg32(vd, a->vd);
590
+ vfp_load_reg32(vd, a->vd);
591
592
fpst = fpstatus_ptr(FPST_FPCR_F16);
593
shift = tcg_const_i32(frac_bits);
594
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_fix_hp(DisasContext *s, arg_VCVT_fix_sp *a)
595
g_assert_not_reached();
596
}
597
598
- neon_store_reg32(vd, a->vd);
599
+ vfp_store_reg32(vd, a->vd);
600
tcg_temp_free_i32(vd);
601
tcg_temp_free_i32(shift);
602
tcg_temp_free_ptr(fpst);
603
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_fix_sp(DisasContext *s, arg_VCVT_fix_sp *a)
604
frac_bits = (a->opc & 1) ? (32 - a->imm) : (16 - a->imm);
605
606
vd = tcg_temp_new_i32();
607
- neon_load_reg32(vd, a->vd);
608
+ vfp_load_reg32(vd, a->vd);
609
610
fpst = fpstatus_ptr(FPST_FPCR);
611
shift = tcg_const_i32(frac_bits);
612
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_fix_sp(DisasContext *s, arg_VCVT_fix_sp *a)
613
g_assert_not_reached();
614
}
615
616
- neon_store_reg32(vd, a->vd);
617
+ vfp_store_reg32(vd, a->vd);
618
tcg_temp_free_i32(vd);
619
tcg_temp_free_i32(shift);
620
tcg_temp_free_ptr(fpst);
621
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_hp_int(DisasContext *s, arg_VCVT_sp_int *a)
622
623
fpst = fpstatus_ptr(FPST_FPCR_F16);
624
vm = tcg_temp_new_i32();
625
- neon_load_reg32(vm, a->vm);
626
+ vfp_load_reg32(vm, a->vm);
627
628
if (a->s) {
629
if (a->rz) {
630
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_hp_int(DisasContext *s, arg_VCVT_sp_int *a)
631
gen_helper_vfp_touih(vm, vm, fpst);
632
}
633
}
634
- neon_store_reg32(vm, a->vd);
635
+ vfp_store_reg32(vm, a->vd);
636
tcg_temp_free_i32(vm);
637
tcg_temp_free_ptr(fpst);
638
return true;
639
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_sp_int(DisasContext *s, arg_VCVT_sp_int *a)
640
641
fpst = fpstatus_ptr(FPST_FPCR);
642
vm = tcg_temp_new_i32();
643
- neon_load_reg32(vm, a->vm);
644
+ vfp_load_reg32(vm, a->vm);
645
646
if (a->s) {
647
if (a->rz) {
648
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_sp_int(DisasContext *s, arg_VCVT_sp_int *a)
649
gen_helper_vfp_touis(vm, vm, fpst);
650
}
651
}
652
- neon_store_reg32(vm, a->vd);
653
+ vfp_store_reg32(vm, a->vd);
654
tcg_temp_free_i32(vm);
655
tcg_temp_free_ptr(fpst);
656
return true;
657
@@ -XXX,XX +XXX,XX @@ static bool trans_VCVT_dp_int(DisasContext *s, arg_VCVT_dp_int *a)
658
gen_helper_vfp_touid(vd, vm, fpst);
659
}
660
}
661
- neon_store_reg32(vd, a->vd);
662
+ vfp_store_reg32(vd, a->vd);
663
tcg_temp_free_i32(vd);
664
tcg_temp_free_i64(vm);
665
tcg_temp_free_ptr(fpst);
666
@@ -XXX,XX +XXX,XX @@ static bool trans_VINS(DisasContext *s, arg_VINS *a)
667
/* Insert low half of Vm into high half of Vd */
668
rm = tcg_temp_new_i32();
669
rd = tcg_temp_new_i32();
670
- neon_load_reg32(rm, a->vm);
671
- neon_load_reg32(rd, a->vd);
672
+ vfp_load_reg32(rm, a->vm);
673
+ vfp_load_reg32(rd, a->vd);
674
tcg_gen_deposit_i32(rd, rd, rm, 16, 16);
675
- neon_store_reg32(rd, a->vd);
676
+ vfp_store_reg32(rd, a->vd);
677
tcg_temp_free_i32(rm);
678
tcg_temp_free_i32(rd);
679
return true;
680
@@ -XXX,XX +XXX,XX @@ static bool trans_VMOVX(DisasContext *s, arg_VINS *a)
681
682
/* Set Vd to high half of Vm */
683
rm = tcg_temp_new_i32();
684
- neon_load_reg32(rm, a->vm);
685
+ vfp_load_reg32(rm, a->vm);
686
tcg_gen_shri_i32(rm, rm, 16);
687
- neon_store_reg32(rm, a->vd);
688
+ vfp_store_reg32(rm, a->vd);
689
tcg_temp_free_i32(rm);
690
return true;
691
}
692
--
53
--
693
2.20.1
54
2.25.1
694
695
diff view generated by jsdifflib
[PULL 12/26] target/arm: Fix float16 pairwise Neon ops on big-endian hosts
[PULL 20/30] target/arm: Use the max page size in a 2-stage ptw
1
In the neon_padd/pmax/pmin helpers for float16, a cut-and-paste error
1
From: Richard Henderson <richard.henderson@linaro.org>
2
meant we were using the H4() address swizzler macro rather than the
3
H2() which is required for 2-byte data. This had no effect on
4
little-endian hosts but meant we put the result data into the
5
destination Dreg in the wrong order on big-endian hosts.
6
2
3
We had only been reporting the stage2 page size. This causes
4
problems if stage1 is using a larger page size (16k, 2M, etc),
5
but stage2 is using a smaller page size, because cputlb does
6
not set large_page_{addr,mask} properly.
7
8
Fix by using the max of the two page sizes.
9
10
Reported-by: Marc Zyngier <maz@kernel.org>
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
13
Message-id: 20221024051851.3074715-15-richard.henderson@linaro.org
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
10
Message-id: 20201028191712.4910-2-peter.maydell@linaro.org
11
---
15
---
12
target/arm/vec_helper.c | 8 ++++----
16
target/arm/ptw.c | 11 ++++++++++-
13
1 file changed, 4 insertions(+), 4 deletions(-)
17
1 file changed, 10 insertions(+), 1 deletion(-)
14
18
15
diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
19
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
16
index XXXXXXX..XXXXXXX 100644
20
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/vec_helper.c
21
--- a/target/arm/ptw.c
18
+++ b/target/arm/vec_helper.c
22
+++ b/target/arm/ptw.c
19
@@ -XXX,XX +XXX,XX @@ DO_ABA(gvec_uaba_d, uint64_t)
23
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
20
r2 = float16_##OP(m[H2(0)], m[H2(1)], fpst); \
24
ARMMMUFaultInfo *fi)
21
r3 = float16_##OP(m[H2(2)], m[H2(3)], fpst); \
25
{
22
\
26
hwaddr ipa;
23
- d[H4(0)] = r0; \
27
- int s1_prot;
24
- d[H4(1)] = r1; \
28
+ int s1_prot, s1_lgpgsz;
25
- d[H4(2)] = r2; \
29
bool is_secure = ptw->in_secure;
26
- d[H4(3)] = r3; \
30
bool ret, ipa_secure, s2walk_secure;
27
+ d[H2(0)] = r0; \
31
ARMCacheAttrs cacheattrs1;
28
+ d[H2(1)] = r1; \
32
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
29
+ d[H2(2)] = r2; \
33
* Save the stage1 results so that we may merge prot and cacheattrs later.
30
+ d[H2(3)] = r3; \
34
*/
35
s1_prot = result->f.prot;
36
+ s1_lgpgsz = result->f.lg_page_size;
37
cacheattrs1 = result->cacheattrs;
38
memset(result, 0, sizeof(*result));
39
40
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
41
return ret;
31
}
42
}
32
43
33
DO_NEON_PAIRWISE(neon_padd, add)
44
+ /*
45
+ * Use the maximum of the S1 & S2 page size, so that invalidation
46
+ * of pages > TARGET_PAGE_SIZE works correctly.
47
+ */
48
+ if (result->f.lg_page_size < s1_lgpgsz) {
49
+ result->f.lg_page_size = s1_lgpgsz;
50
+ }
51
+
52
/* Combine the S1 and S2 cache attributes. */
53
hcr = arm_hcr_el2_eff_secstate(env, is_secure);
54
if (hcr & HCR_DC) {
34
--
55
--
35
2.20.1
56
2.25.1
36
37
diff view generated by jsdifflib
[PULL 22/26] configure: Test that gio libs from pkg-config work
[PULL 21/30] reset: allow registering handlers that aren't called by snapshot loading
1
On some hosts (eg Ubuntu Bionic) pkg-config returns a set of
1
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2
libraries for gio-2.0 which don't actually work when compiling
3
statically. (Specifically, the returned library string includes
4
-lmount, but not -lblkid which -lmount depends upon, so linking
5
fails due to missing symbols.)
6
2
7
Check that the libraries work, and don't enable gio if they don't,
3
Snapshot loading only expects to call deterministic handlers, not
8
in the same way we do for gnutls.
4
non-deterministic ones. So introduce a way of registering handlers that
5
won't be called when reseting for snapshots.
9
6
7
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
8
Message-id: 20221025004327.568476-2-Jason@zx2c4.com
9
[PMM: updated json doc comment with Markus' text; fixed
10
checkpatch style nit]
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
12
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
13
Message-id: 20200928160402.7961-1-peter.maydell@linaro.org
14
---
13
---
15
configure | 10 +++++++++-
14
qapi/run-state.json | 6 +++++-
16
1 file changed, 9 insertions(+), 1 deletion(-)
15
include/hw/boards.h | 2 +-
16
include/sysemu/reset.h | 5 ++++-
17
hw/arm/aspeed.c | 4 ++--
18
hw/arm/mps2-tz.c | 4 ++--
19
hw/core/reset.c | 17 ++++++++++++++++-
20
hw/hppa/machine.c | 4 ++--
21
hw/i386/microvm.c | 4 ++--
22
hw/i386/pc.c | 6 +++---
23
hw/ppc/pegasos2.c | 4 ++--
24
hw/ppc/pnv.c | 4 ++--
25
hw/ppc/spapr.c | 4 ++--
26
hw/s390x/s390-virtio-ccw.c | 4 ++--
27
migration/savevm.c | 2 +-
28
softmmu/runstate.c | 11 ++++++++---
29
15 files changed, 54 insertions(+), 27 deletions(-)
17
30
18
diff --git a/configure b/configure
31
diff --git a/qapi/run-state.json b/qapi/run-state.json
19
index XXXXXXX..XXXXXXX 100755
32
index XXXXXXX..XXXXXXX 100644
20
--- a/configure
33
--- a/qapi/run-state.json
21
+++ b/configure
34
+++ b/qapi/run-state.json
22
@@ -XXX,XX +XXX,XX @@ if test "$static" = yes && test "$mingw32" = yes; then
35
@@ -XXX,XX +XXX,XX @@
23
fi
36
# ignores --no-reboot. This is useful for sanitizing
24
37
# hypercalls on s390 that are used during kexec/kdump/boot
25
if $pkg_config --atleast-version=$glib_req_ver gio-2.0; then
38
#
26
- gio=yes
39
+# @snapshot-load: A snapshot is being loaded by the record & replay
27
gio_cflags=$($pkg_config --cflags gio-2.0)
40
+# subsystem. This value is used only within QEMU. It
28
gio_libs=$($pkg_config --libs gio-2.0)
41
+# doesn't occur in QMP. (since 7.2)
29
gdbus_codegen=$($pkg_config --variable=gdbus_codegen gio-2.0)
42
+#
30
if [ ! -x "$gdbus_codegen" ]; then
43
##
31
gdbus_codegen=
44
{ 'enum': 'ShutdownCause',
32
fi
45
# Beware, shutdown_caused_by_guest() depends on enumeration order
33
+ # Check that the libraries actually work -- Ubuntu 18.04 ships
46
'data': [ 'none', 'host-error', 'host-qmp-quit', 'host-qmp-system-reset',
34
+ # with pkg-config --static --libs data for gio-2.0 that is missing
47
'host-signal', 'host-ui', 'guest-shutdown', 'guest-reset',
35
+ # -lblkid and will give a link error.
48
- 'guest-panic', 'subsystem-reset'] }
36
+ write_c_skeleton
49
+ 'guest-panic', 'subsystem-reset', 'snapshot-load'] }
37
+ if compile_prog "" "gio_libs" ; then
50
38
+ gio=yes
51
##
39
+ else
52
# @StatusInfo:
40
+ gio=no
53
diff --git a/include/hw/boards.h b/include/hw/boards.h
41
+ fi
54
index XXXXXXX..XXXXXXX 100644
42
else
55
--- a/include/hw/boards.h
43
gio=no
56
+++ b/include/hw/boards.h
44
fi
57
@@ -XXX,XX +XXX,XX @@ struct MachineClass {
58
const char *deprecation_reason;
59
60
void (*init)(MachineState *state);
61
- void (*reset)(MachineState *state);
62
+ void (*reset)(MachineState *state, ShutdownCause reason);
63
void (*wakeup)(MachineState *state);
64
int (*kvm_type)(MachineState *machine, const char *arg);
65
66
diff --git a/include/sysemu/reset.h b/include/sysemu/reset.h
67
index XXXXXXX..XXXXXXX 100644
68
--- a/include/sysemu/reset.h
69
+++ b/include/sysemu/reset.h
70
@@ -XXX,XX +XXX,XX @@
71
#ifndef QEMU_SYSEMU_RESET_H
72
#define QEMU_SYSEMU_RESET_H
73
74
+#include "qapi/qapi-events-run-state.h"
75
+
76
typedef void QEMUResetHandler(void *opaque);
77
78
void qemu_register_reset(QEMUResetHandler *func, void *opaque);
79
+void qemu_register_reset_nosnapshotload(QEMUResetHandler *func, void *opaque);
80
void qemu_unregister_reset(QEMUResetHandler *func, void *opaque);
81
-void qemu_devices_reset(void);
82
+void qemu_devices_reset(ShutdownCause reason);
83
84
#endif
85
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
86
index XXXXXXX..XXXXXXX 100644
87
--- a/hw/arm/aspeed.c
88
+++ b/hw/arm/aspeed.c
89
@@ -XXX,XX +XXX,XX @@ static void aspeed_machine_bletchley_class_init(ObjectClass *oc, void *data)
90
aspeed_soc_num_cpus(amc->soc_name);
91
}
92
93
-static void fby35_reset(MachineState *state)
94
+static void fby35_reset(MachineState *state, ShutdownCause reason)
95
{
96
AspeedMachineState *bmc = ASPEED_MACHINE(state);
97
AspeedGPIOState *gpio = &bmc->soc.gpio;
98
99
- qemu_devices_reset();
100
+ qemu_devices_reset(reason);
101
102
/* Board ID: 7 (Class-1, 4 slots) */
103
object_property_set_bool(OBJECT(gpio), "gpioV4", true, &error_fatal);
104
diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c
105
index XXXXXXX..XXXXXXX 100644
106
--- a/hw/arm/mps2-tz.c
107
+++ b/hw/arm/mps2-tz.c
108
@@ -XXX,XX +XXX,XX @@ static void mps2_set_remap(Object *obj, const char *value, Error **errp)
109
}
110
}
111
112
-static void mps2_machine_reset(MachineState *machine)
113
+static void mps2_machine_reset(MachineState *machine, ShutdownCause reason)
114
{
115
MPS2TZMachineState *mms = MPS2TZ_MACHINE(machine);
116
117
@@ -XXX,XX +XXX,XX @@ static void mps2_machine_reset(MachineState *machine)
118
* reset see the correct mapping.
119
*/
120
remap_memory(mms, mms->remap);
121
- qemu_devices_reset();
122
+ qemu_devices_reset(reason);
123
}
124
125
static void mps2tz_class_init(ObjectClass *oc, void *data)
126
diff --git a/hw/core/reset.c b/hw/core/reset.c
127
index XXXXXXX..XXXXXXX 100644
128
--- a/hw/core/reset.c
129
+++ b/hw/core/reset.c
130
@@ -XXX,XX +XXX,XX @@ typedef struct QEMUResetEntry {
131
QTAILQ_ENTRY(QEMUResetEntry) entry;
132
QEMUResetHandler *func;
133
void *opaque;
134
+ bool skip_on_snapshot_load;
135
} QEMUResetEntry;
136
137
static QTAILQ_HEAD(, QEMUResetEntry) reset_handlers =
138
@@ -XXX,XX +XXX,XX @@ void qemu_register_reset(QEMUResetHandler *func, void *opaque)
139
QTAILQ_INSERT_TAIL(&reset_handlers, re, entry);
140
}
141
142
+void qemu_register_reset_nosnapshotload(QEMUResetHandler *func, void *opaque)
143
+{
144
+ QEMUResetEntry *re = g_new0(QEMUResetEntry, 1);
145
+
146
+ re->func = func;
147
+ re->opaque = opaque;
148
+ re->skip_on_snapshot_load = true;
149
+ QTAILQ_INSERT_TAIL(&reset_handlers, re, entry);
150
+}
151
+
152
void qemu_unregister_reset(QEMUResetHandler *func, void *opaque)
153
{
154
QEMUResetEntry *re;
155
@@ -XXX,XX +XXX,XX @@ void qemu_unregister_reset(QEMUResetHandler *func, void *opaque)
156
}
157
}
158
159
-void qemu_devices_reset(void)
160
+void qemu_devices_reset(ShutdownCause reason)
161
{
162
QEMUResetEntry *re, *nre;
163
164
/* reset all devices */
165
QTAILQ_FOREACH_SAFE(re, &reset_handlers, entry, nre) {
166
+ if (reason == SHUTDOWN_CAUSE_SNAPSHOT_LOAD &&
167
+ re->skip_on_snapshot_load) {
168
+ continue;
169
+ }
170
re->func(re->opaque);
171
}
172
}
173
diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
174
index XXXXXXX..XXXXXXX 100644
175
--- a/hw/hppa/machine.c
176
+++ b/hw/hppa/machine.c
177
@@ -XXX,XX +XXX,XX @@ static void machine_hppa_init(MachineState *machine)
178
cpu[0]->env.gr[19] = FW_CFG_IO_BASE;
179
}
180
181
-static void hppa_machine_reset(MachineState *ms)
182
+static void hppa_machine_reset(MachineState *ms, ShutdownCause reason)
183
{
184
unsigned int smp_cpus = ms->smp.cpus;
185
int i;
186
187
- qemu_devices_reset();
188
+ qemu_devices_reset(reason);
189
190
/* Start all CPUs at the firmware entry point.
191
* Monarch CPU will initialize firmware, secondary CPUs
192
diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
193
index XXXXXXX..XXXXXXX 100644
194
--- a/hw/i386/microvm.c
195
+++ b/hw/i386/microvm.c
196
@@ -XXX,XX +XXX,XX @@ static void microvm_machine_state_init(MachineState *machine)
197
microvm_devices_init(mms);
198
}
199
200
-static void microvm_machine_reset(MachineState *machine)
201
+static void microvm_machine_reset(MachineState *machine, ShutdownCause reason)
202
{
203
MicrovmMachineState *mms = MICROVM_MACHINE(machine);
204
CPUState *cs;
205
@@ -XXX,XX +XXX,XX @@ static void microvm_machine_reset(MachineState *machine)
206
mms->kernel_cmdline_fixed = true;
207
}
208
209
- qemu_devices_reset();
210
+ qemu_devices_reset(reason);
211
212
CPU_FOREACH(cs) {
213
cpu = X86_CPU(cs);
214
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
215
index XXXXXXX..XXXXXXX 100644
216
--- a/hw/i386/pc.c
217
+++ b/hw/i386/pc.c
218
@@ -XXX,XX +XXX,XX @@ static void pc_machine_initfn(Object *obj)
219
cxl_machine_init(obj, &pcms->cxl_devices_state);
220
}
221
222
-static void pc_machine_reset(MachineState *machine)
223
+static void pc_machine_reset(MachineState *machine, ShutdownCause reason)
224
{
225
CPUState *cs;
226
X86CPU *cpu;
227
228
- qemu_devices_reset();
229
+ qemu_devices_reset(reason);
230
231
/* Reset APIC after devices have been reset to cancel
232
* any changes that qemu_devices_reset() might have done.
233
@@ -XXX,XX +XXX,XX @@ static void pc_machine_reset(MachineState *machine)
234
static void pc_machine_wakeup(MachineState *machine)
235
{
236
cpu_synchronize_all_states();
237
- pc_machine_reset(machine);
238
+ pc_machine_reset(machine, SHUTDOWN_CAUSE_NONE);
239
cpu_synchronize_all_post_reset();
240
}
241
242
diff --git a/hw/ppc/pegasos2.c b/hw/ppc/pegasos2.c
243
index XXXXXXX..XXXXXXX 100644
244
--- a/hw/ppc/pegasos2.c
245
+++ b/hw/ppc/pegasos2.c
246
@@ -XXX,XX +XXX,XX @@ static void pegasos2_pci_config_write(Pegasos2MachineState *pm, int bus,
247
pegasos2_mv_reg_write(pm, pcicfg + 4, len, val);
248
}
249
250
-static void pegasos2_machine_reset(MachineState *machine)
251
+static void pegasos2_machine_reset(MachineState *machine, ShutdownCause reason)
252
{
253
Pegasos2MachineState *pm = PEGASOS2_MACHINE(machine);
254
void *fdt;
255
uint64_t d[2];
256
int sz;
257
258
- qemu_devices_reset();
259
+ qemu_devices_reset(reason);
260
if (!pm->vof) {
261
return; /* Firmware should set up machine so nothing to do */
262
}
263
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
264
index XXXXXXX..XXXXXXX 100644
265
--- a/hw/ppc/pnv.c
266
+++ b/hw/ppc/pnv.c
267
@@ -XXX,XX +XXX,XX @@ static void pnv_powerdown_notify(Notifier *n, void *opaque)
268
}
269
}
270
271
-static void pnv_reset(MachineState *machine)
272
+static void pnv_reset(MachineState *machine, ShutdownCause reason)
273
{
274
PnvMachineState *pnv = PNV_MACHINE(machine);
275
IPMIBmc *bmc;
276
void *fdt;
277
278
- qemu_devices_reset();
279
+ qemu_devices_reset(reason);
280
281
/*
282
* The machine should provide by default an internal BMC simulator.
283
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
284
index XXXXXXX..XXXXXXX 100644
285
--- a/hw/ppc/spapr.c
286
+++ b/hw/ppc/spapr.c
287
@@ -XXX,XX +XXX,XX @@ void spapr_check_mmu_mode(bool guest_radix)
288
}
289
}
290
291
-static void spapr_machine_reset(MachineState *machine)
292
+static void spapr_machine_reset(MachineState *machine, ShutdownCause reason)
293
{
294
SpaprMachineState *spapr = SPAPR_MACHINE(machine);
295
PowerPCCPU *first_ppc_cpu;
296
@@ -XXX,XX +XXX,XX @@ static void spapr_machine_reset(MachineState *machine)
297
spapr_setup_hpt(spapr);
298
}
299
300
- qemu_devices_reset();
301
+ qemu_devices_reset(reason);
302
303
spapr_ovec_cleanup(spapr->ov5_cas);
304
spapr->ov5_cas = spapr_ovec_new();
305
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
306
index XXXXXXX..XXXXXXX 100644
307
--- a/hw/s390x/s390-virtio-ccw.c
308
+++ b/hw/s390x/s390-virtio-ccw.c
309
@@ -XXX,XX +XXX,XX @@ static void s390_pv_prepare_reset(S390CcwMachineState *ms)
310
s390_pv_prep_reset();
311
}
312
313
-static void s390_machine_reset(MachineState *machine)
314
+static void s390_machine_reset(MachineState *machine, ShutdownCause reason)
315
{
316
S390CcwMachineState *ms = S390_CCW_MACHINE(machine);
317
enum s390_reset reset_type;
318
@@ -XXX,XX +XXX,XX @@ static void s390_machine_reset(MachineState *machine)
319
s390_machine_unprotect(ms);
320
}
321
322
- qemu_devices_reset();
323
+ qemu_devices_reset(reason);
324
s390_crypto_reset();
325
326
/* configure and start the ipl CPU only */
327
diff --git a/migration/savevm.c b/migration/savevm.c
328
index XXXXXXX..XXXXXXX 100644
329
--- a/migration/savevm.c
330
+++ b/migration/savevm.c
331
@@ -XXX,XX +XXX,XX @@ bool load_snapshot(const char *name, const char *vmstate,
332
goto err_drain;
333
}
334
335
- qemu_system_reset(SHUTDOWN_CAUSE_NONE);
336
+ qemu_system_reset(SHUTDOWN_CAUSE_SNAPSHOT_LOAD);
337
mis->from_src_file = f;
338
339
if (!yank_register_instance(MIGRATION_YANK_INSTANCE, errp)) {
340
diff --git a/softmmu/runstate.c b/softmmu/runstate.c
341
index XXXXXXX..XXXXXXX 100644
342
--- a/softmmu/runstate.c
343
+++ b/softmmu/runstate.c
344
@@ -XXX,XX +XXX,XX @@ void qemu_system_reset(ShutdownCause reason)
345
cpu_synchronize_all_states();
346
347
if (mc && mc->reset) {
348
- mc->reset(current_machine);
349
+ mc->reset(current_machine, reason);
350
} else {
351
- qemu_devices_reset();
352
+ qemu_devices_reset(reason);
353
}
354
- if (reason && reason != SHUTDOWN_CAUSE_SUBSYSTEM_RESET) {
355
+ switch (reason) {
356
+ case SHUTDOWN_CAUSE_NONE:
357
+ case SHUTDOWN_CAUSE_SUBSYSTEM_RESET:
358
+ case SHUTDOWN_CAUSE_SNAPSHOT_LOAD:
359
+ break;
360
+ default:
361
qapi_event_send_reset(shutdown_caused_by_guest(reason), reason);
362
}
363
cpu_synchronize_all_post_reset();
45
--
364
--
46
2.20.1
365
2.25.1
47
48
diff view generated by jsdifflib
[PULL 20/26] hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
[PULL 22/30] device-tree: add re-randomization helper function
1
From: AlexChen <alex.chen@huawei.com>
1
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2
2
3
In exynos4210_fimd_update(), the pointer s is dereferinced before
3
When the system reboots, the rng-seed that the FDT has should be
4
being check if it is valid, which may lead to NULL pointer dereference.
4
re-randomized, so that the new boot gets a new seed. Several
5
So move the assignment to global_width after checking that the s is valid.
5
architectures require this functionality, so export a function for
6
injecting a new seed into the given FDT.
6
7
7
Reported-by: Euler Robot <euler.robot@huawei.com>
8
Cc: Alistair Francis <alistair.francis@wdc.com>
8
Signed-off-by: Alex Chen <alex.chen@huawei.com>
9
Cc: David Gibson <david@gibson.dropbear.id.au>
9
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
10
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
10
Message-id: 5F9F8D88.9030102@huawei.com
11
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
12
Message-id: 20221025004327.568476-3-Jason@zx2c4.com
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
14
---
13
hw/display/exynos4210_fimd.c | 4 +++-
15
include/sysemu/device_tree.h | 9 +++++++++
14
1 file changed, 3 insertions(+), 1 deletion(-)
16
softmmu/device_tree.c | 21 +++++++++++++++++++++
17
2 files changed, 30 insertions(+)
15
18
16
diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c
19
diff --git a/include/sysemu/device_tree.h b/include/sysemu/device_tree.h
17
index XXXXXXX..XXXXXXX 100644
20
index XXXXXXX..XXXXXXX 100644
18
--- a/hw/display/exynos4210_fimd.c
21
--- a/include/sysemu/device_tree.h
19
+++ b/hw/display/exynos4210_fimd.c
22
+++ b/include/sysemu/device_tree.h
20
@@ -XXX,XX +XXX,XX @@ static void exynos4210_fimd_update(void *opaque)
23
@@ -XXX,XX +XXX,XX @@ int qemu_fdt_setprop_sized_cells_from_array(void *fdt,
21
bool blend = false;
24
qdt_tmp); \
22
uint8_t *host_fb_addr;
25
})
23
bool is_dirty = false;
26
24
- const int global_width = (s->vidtcon[2] & FIMD_VIDTCON2_SIZE_MASK) + 1;
25
+ int global_width;
26
27
if (!s || !s->console || !s->enabled ||
28
surface_bits_per_pixel(qemu_console_surface(s->console)) == 0) {
29
return;
30
}
31
+
27
+
32
+ global_width = (s->vidtcon[2] & FIMD_VIDTCON2_SIZE_MASK) + 1;
28
+/**
33
exynos4210_update_resolution(s);
29
+ * qemu_fdt_randomize_seeds:
34
surface = qemu_console_surface(s->console);
30
+ * @fdt: device tree blob
35
31
+ *
32
+ * Re-randomize all "rng-seed" properties with new seeds.
33
+ */
34
+void qemu_fdt_randomize_seeds(void *fdt);
35
+
36
#define FDT_PCI_RANGE_RELOCATABLE 0x80000000
37
#define FDT_PCI_RANGE_PREFETCHABLE 0x40000000
38
#define FDT_PCI_RANGE_ALIASED 0x20000000
39
diff --git a/softmmu/device_tree.c b/softmmu/device_tree.c
40
index XXXXXXX..XXXXXXX 100644
41
--- a/softmmu/device_tree.c
42
+++ b/softmmu/device_tree.c
43
@@ -XXX,XX +XXX,XX @@
44
#include "qemu/option.h"
45
#include "qemu/bswap.h"
46
#include "qemu/cutils.h"
47
+#include "qemu/guest-random.h"
48
#include "sysemu/device_tree.h"
49
#include "hw/loader.h"
50
#include "hw/boards.h"
51
@@ -XXX,XX +XXX,XX @@ void hmp_dumpdtb(Monitor *mon, const QDict *qdict)
52
53
info_report("dtb dumped to %s", filename);
54
}
55
+
56
+void qemu_fdt_randomize_seeds(void *fdt)
57
+{
58
+ int noffset, poffset, len;
59
+ const char *name;
60
+ uint8_t *data;
61
+
62
+ for (noffset = fdt_next_node(fdt, 0, NULL);
63
+ noffset >= 0;
64
+ noffset = fdt_next_node(fdt, noffset, NULL)) {
65
+ for (poffset = fdt_first_property_offset(fdt, noffset);
66
+ poffset >= 0;
67
+ poffset = fdt_next_property_offset(fdt, poffset)) {
68
+ data = (uint8_t *)fdt_getprop_by_offset(fdt, poffset, &name, &len);
69
+ if (!data || strcmp(name, "rng-seed"))
70
+ continue;
71
+ qemu_guest_getrandom_nofail(data, len);
72
+ }
73
+ }
74
+}
36
--
75
--
37
2.20.1
76
2.25.1
38
39
diff view generated by jsdifflib
[PULL 16/26] disas/capstone: Fix monitor disassembly of >32 bytes
[PULL 23/30] x86: do not re-randomize RNG seed on snapshot load
1
If we're using the capstone disassembler, disassembly of a run of
1
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2
instructions more than 32 bytes long disassembles the wrong data for
3
instructions beyond the 32 byte mark:
4
2
5
(qemu) xp /16x 0x100
3
Snapshot loading is supposed to be deterministic, so we shouldn't
6
0000000000000100: 0x00000005 0x54410001 0x00000001 0x00001000
4
re-randomize the various seeds used.
7
0000000000000110: 0x00000000 0x00000004 0x54410002 0x3c000000
8
0000000000000120: 0x00000000 0x00000004 0x54410009 0x74736574
9
0000000000000130: 0x00000000 0x00000000 0x00000000 0x00000000
10
(qemu) xp /16i 0x100
11
0x00000100: 00000005 andeq r0, r0, r5
12
0x00000104: 54410001 strbpl r0, [r1], #-1
13
0x00000108: 00000001 andeq r0, r0, r1
14
0x0000010c: 00001000 andeq r1, r0, r0
15
0x00000110: 00000000 andeq r0, r0, r0
16
0x00000114: 00000004 andeq r0, r0, r4
17
0x00000118: 54410002 strbpl r0, [r1], #-2
18
0x0000011c: 3c000000 .byte 0x00, 0x00, 0x00, 0x3c
19
0x00000120: 54410001 strbpl r0, [r1], #-1
20
0x00000124: 00000001 andeq r0, r0, r1
21
0x00000128: 00001000 andeq r1, r0, r0
22
0x0000012c: 00000000 andeq r0, r0, r0
23
0x00000130: 00000004 andeq r0, r0, r4
24
0x00000134: 54410002 strbpl r0, [r1], #-2
25
0x00000138: 3c000000 .byte 0x00, 0x00, 0x00, 0x3c
26
0x0000013c: 00000000 andeq r0, r0, r0
27
5
28
Here the disassembly of 0x120..0x13f is using the data that is in
6
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
29
0x104..0x123.
7
Message-id: 20221025004327.568476-4-Jason@zx2c4.com
30
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
31
This is caused by passing the wrong value to the read_memory_func().
32
The intention is that at this point in the loop the 'cap_buf' buffer
33
already contains 'csize' bytes of data for the instruction at guest
34
addr 'pc', and we want to read in an extra 'tsize' bytes. Those
35
extra bytes are therefore at 'pc + csize', not 'pc'. On the first
36
time through the loop 'csize' happens to be zero, so the initial read
37
of 32 bytes into cap_buf is correct and as long as the disassembly
38
never needs to read more data we return the correct information.
39
40
Use the correct guest address in the call to read_memory_func().
41
42
Cc: qemu-stable@nongnu.org
43
Fixes: https://bugs.launchpad.net/qemu/+bug/1900779
44
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
45
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
46
Message-id: 20201022132445.25039-1-peter.maydell@linaro.org
47
---
10
---
48
disas/capstone.c | 2 +-
11
hw/i386/x86.c | 2 +-
49
1 file changed, 1 insertion(+), 1 deletion(-)
12
1 file changed, 1 insertion(+), 1 deletion(-)
50
13
51
diff --git a/disas/capstone.c b/disas/capstone.c
14
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
52
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
53
--- a/disas/capstone.c
16
--- a/hw/i386/x86.c
54
+++ b/disas/capstone.c
17
+++ b/hw/i386/x86.c
55
@@ -XXX,XX +XXX,XX @@ bool cap_disas_monitor(disassemble_info *info, uint64_t pc, int count)
18
@@ -XXX,XX +XXX,XX @@ void x86_load_linux(X86MachineState *x86ms,
56
19
setup_data->type = cpu_to_le32(SETUP_RNG_SEED);
57
/* Make certain that we can make progress. */
20
setup_data->len = cpu_to_le32(RNG_SEED_LENGTH);
58
assert(tsize != 0);
21
qemu_guest_getrandom_nofail(setup_data->data, RNG_SEED_LENGTH);
59
- info->read_memory_func(pc, cap_buf + csize, tsize, info);
22
- qemu_register_reset(reset_rng_seed, setup_data);
60
+ info->read_memory_func(pc + csize, cap_buf + csize, tsize, info);
23
+ qemu_register_reset_nosnapshotload(reset_rng_seed, setup_data);
61
csize += tsize;
24
fw_cfg_add_bytes_callback(fw_cfg, FW_CFG_KERNEL_DATA, reset_rng_seed, NULL,
62
25
setup_data, kernel, kernel_size, true);
63
if (cs_disasm_iter(handle, &cbuf, &csize, &pc, insn)) {
26
} else {
64
--
27
--
65
2.20.1
28
2.25.1
66
67
diff view generated by jsdifflib
[PULL 18/26] hw/arm/boot: fix SVE for EL3 direct kernel boot
[PULL 24/30] arm: re-randomize rng-seed on reboot
1
From: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
1
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2
2
3
When booting a CPU with EL3 using the -kernel flag, set up CPTR_EL3 so
3
When the system reboots, the rng-seed that the FDT has should be
4
that SVE will not trap to EL3.
4
re-randomized, so that the new boot gets a new seed. Since the FDT is in
5
the ROM region at this point, we add a hook right after the ROM has been
6
added, so that we have a pointer to that copy of the FDT.
5
7
6
Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
8
Cc: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
Cc: qemu-arm@nongnu.org
8
Message-id: 20201030151541.11976-1-remi@remlab.net
10
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11
Message-id: 20221025004327.568476-5-Jason@zx2c4.com
12
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
14
---
11
hw/arm/boot.c | 3 +++
15
hw/arm/boot.c | 2 ++
12
1 file changed, 3 insertions(+)
16
1 file changed, 2 insertions(+)
13
17
14
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
18
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
15
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/arm/boot.c
20
--- a/hw/arm/boot.c
17
+++ b/hw/arm/boot.c
21
+++ b/hw/arm/boot.c
18
@@ -XXX,XX +XXX,XX @@ static void do_cpu_reset(void *opaque)
22
@@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
19
if (cpu_isar_feature(aa64_mte, cpu)) {
23
* the DTB is copied again upon reset, even if addr points into RAM.
20
env->cp15.scr_el3 |= SCR_ATA;
24
*/
21
}
25
rom_add_blob_fixed_as("dtb", fdt, size, addr, as);
22
+ if (cpu_isar_feature(aa64_sve, cpu)) {
26
+ qemu_register_reset_nosnapshotload(qemu_fdt_randomize_seeds,
23
+ env->cp15.cptr_el[3] |= CPTR_EZ;
27
+ rom_ptr_for_as(as, addr, size));
24
+ }
28
25
/* AArch64 kernels never boot in secure mode */
29
g_free(fdt);
26
assert(!info->secure_boot);
30
27
/* This hook is only supported for AArch32 currently:
28
--
31
--
29
2.20.1
32
2.25.1
30
31
diff view generated by jsdifflib
[PULL 13/26] target/arm: Fix VUDOT/VSDOT (scalar) on big-endian hosts
[PULL 25/30] riscv: re-randomize rng-seed on reboot
1
The helper functions for performing the udot/sdot operations against
1
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2
a scalar were not using an address-swizzling macro when converting
3
the index of the scalar element into a pointer into the vm array.
4
This had no effect on little-endian hosts but meant we generated
5
incorrect results on big-endian hosts.
6
2
7
For these insns, the index is indexing over group of 4 8-bit values,
3
When the system reboots, the rng-seed that the FDT has should be
8
so 32 bits per indexed entity, and H4() is therefore what we want.
4
re-randomized, so that the new boot gets a new seed. Since the FDT is in
9
(For Neon the only possible input indexes are 0 and 1.)
5
the ROM region at this point, we add a hook right after the ROM has been
6
added, so that we have a pointer to that copy of the FDT.
10
7
8
Cc: Palmer Dabbelt <palmer@dabbelt.com>
9
Cc: Alistair Francis <alistair.francis@wdc.com>
10
Cc: Bin Meng <bin.meng@windriver.com>
11
Cc: qemu-riscv@nongnu.org
12
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
13
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
14
Message-id: 20221025004327.568476-6-Jason@zx2c4.com
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
13
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
14
Message-id: 20201028191712.4910-3-peter.maydell@linaro.org
15
---
16
---
16
target/arm/vec_helper.c | 4 ++--
17
hw/riscv/boot.c | 3 +++
17
1 file changed, 2 insertions(+), 2 deletions(-)
18
1 file changed, 3 insertions(+)
18
19
19
diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
20
diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
20
index XXXXXXX..XXXXXXX 100644
21
index XXXXXXX..XXXXXXX 100644
21
--- a/target/arm/vec_helper.c
22
--- a/hw/riscv/boot.c
22
+++ b/target/arm/vec_helper.c
23
+++ b/hw/riscv/boot.c
23
@@ -XXX,XX +XXX,XX @@ void HELPER(gvec_sdot_idx_b)(void *vd, void *vn, void *vm, uint32_t desc)
24
@@ -XXX,XX +XXX,XX @@
24
intptr_t index = simd_data(desc);
25
#include "sysemu/device_tree.h"
25
uint32_t *d = vd;
26
#include "sysemu/qtest.h"
26
int8_t *n = vn;
27
#include "sysemu/kvm.h"
27
- int8_t *m_indexed = (int8_t *)vm + index * 4;
28
+#include "sysemu/reset.h"
28
+ int8_t *m_indexed = (int8_t *)vm + H4(index) * 4;
29
29
30
#include <libfdt.h>
30
/* Notice the special case of opr_sz == 8, from aa64/aa32 advsimd.
31
31
* Otherwise opr_sz is a multiple of 16.
32
@@ -XXX,XX +XXX,XX @@ uint64_t riscv_load_fdt(hwaddr dram_base, uint64_t mem_size, void *fdt)
32
@@ -XXX,XX +XXX,XX @@ void HELPER(gvec_udot_idx_b)(void *vd, void *vn, void *vm, uint32_t desc)
33
33
intptr_t index = simd_data(desc);
34
rom_add_blob_fixed_as("fdt", fdt, fdtsize, fdt_addr,
34
uint32_t *d = vd;
35
&address_space_memory);
35
uint8_t *n = vn;
36
+ qemu_register_reset_nosnapshotload(qemu_fdt_randomize_seeds,
36
- uint8_t *m_indexed = (uint8_t *)vm + index * 4;
37
+ rom_ptr_for_as(&address_space_memory, fdt_addr, fdtsize));
37
+ uint8_t *m_indexed = (uint8_t *)vm + H4(index) * 4;
38
38
39
return fdt_addr;
39
/* Notice the special case of opr_sz == 8, from aa64/aa32 advsimd.
40
}
40
* Otherwise opr_sz is a multiple of 16.
41
--
41
--
42
2.20.1
42
2.25.1
43
44
diff view generated by jsdifflib
[PULL 04/26] target/arm: Use neon_element_offset in vfp_reg_offset
[PULL 26/30] m68k/virt: do not re-randomize RNG seed on snapshot load
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2
2
3
This seems a bit more readable than using offsetof CPU_DoubleU.
3
Snapshot loading is supposed to be deterministic, so we shouldn't
4
re-randomize the various seeds used.
4
5
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
6
Message-id: 20201030022618.785675-5-richard.henderson@linaro.org
7
Message-id: 20221025004327.568476-7-Jason@zx2c4.com
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
---
10
target/arm/translate.c | 13 ++++---------
11
hw/m68k/virt.c | 20 +++++++++++---------
11
1 file changed, 4 insertions(+), 9 deletions(-)
12
1 file changed, 11 insertions(+), 9 deletions(-)
12
13
13
diff --git a/target/arm/translate.c b/target/arm/translate.c
14
diff --git a/hw/m68k/virt.c b/hw/m68k/virt.c
14
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/translate.c
16
--- a/hw/m68k/virt.c
16
+++ b/target/arm/translate.c
17
+++ b/hw/m68k/virt.c
17
@@ -XXX,XX +XXX,XX @@ static long neon_element_offset(int reg, int element, MemOp size)
18
@@ -XXX,XX +XXX,XX @@ typedef struct {
18
return neon_full_reg_offset(reg) + ofs;
19
M68kCPU *cpu;
20
hwaddr initial_pc;
21
hwaddr initial_stack;
22
- struct bi_record *rng_seed;
23
} ResetInfo;
24
25
static void main_cpu_reset(void *opaque)
26
@@ -XXX,XX +XXX,XX @@ static void main_cpu_reset(void *opaque)
27
M68kCPU *cpu = reset_info->cpu;
28
CPUState *cs = CPU(cpu);
29
30
- if (reset_info->rng_seed) {
31
- qemu_guest_getrandom_nofail((void *)reset_info->rng_seed->data + 2,
32
- be16_to_cpu(*(uint16_t *)reset_info->rng_seed->data));
33
- }
34
-
35
cpu_reset(cs);
36
cpu->env.aregs[7] = reset_info->initial_stack;
37
cpu->env.pc = reset_info->initial_pc;
19
}
38
}
20
39
21
-static inline long vfp_reg_offset(bool dp, unsigned reg)
40
+static void rerandomize_rng_seed(void *opaque)
22
+/* Return the offset of a VFP Dreg (dp = true) or VFP Sreg (dp = false). */
41
+{
23
+static long vfp_reg_offset(bool dp, unsigned reg)
42
+ struct bi_record *rng_seed = opaque;
43
+ qemu_guest_getrandom_nofail((void *)rng_seed->data + 2,
44
+ be16_to_cpu(*(uint16_t *)rng_seed->data));
45
+}
46
+
47
static void virt_init(MachineState *machine)
24
{
48
{
25
if (dp) {
49
M68kCPU *cpu = NULL;
26
- return offsetof(CPUARMState, vfp.zregs[reg >> 1].d[reg & 1]);
50
@@ -XXX,XX +XXX,XX @@ static void virt_init(MachineState *machine)
27
+ return neon_element_offset(reg, 0, MO_64);
51
BOOTINFO0(param_ptr, BI_LAST);
28
} else {
52
rom_add_blob_fixed_as("bootinfo", param_blob, param_ptr - param_blob,
29
- long ofs = offsetof(CPUARMState, vfp.zregs[reg >> 2].d[(reg >> 1) & 1]);
53
parameters_base, cs->as);
30
- if (reg & 1) {
54
- reset_info->rng_seed = rom_ptr_for_as(cs->as, parameters_base,
31
- ofs += offsetof(CPU_DoubleU, l.upper);
55
- param_ptr - param_blob) +
32
- } else {
56
- (param_rng_seed - param_blob);
33
- ofs += offsetof(CPU_DoubleU, l.lower);
57
+ qemu_register_reset_nosnapshotload(rerandomize_rng_seed,
34
- }
58
+ rom_ptr_for_as(cs->as, parameters_base,
35
- return ofs;
59
+ param_ptr - param_blob) +
36
+ return neon_element_offset(reg >> 1, reg & 1, MO_32);
60
+ (param_rng_seed - param_blob));
61
g_free(param_blob);
37
}
62
}
38
}
63
}
39
40
--
64
--
41
2.20.1
65
2.25.1
42
43
diff view generated by jsdifflib
[PULL 02/26] target/arm: Move neon_element_offset to translate.c
[PULL 27/30] m68k/q800: do not re-randomize RNG seed on snapshot load
1
From: Richard Henderson <richard.henderson@linaro.org>
1
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2
2
3
This will shortly have users outside of translate-neon.c.inc.
3
Snapshot loading is supposed to be deterministic, so we shouldn't
4
re-randomize the various seeds used.
4
5
5
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
6
Message-id: 20201030022618.785675-3-richard.henderson@linaro.org
7
Message-id: 20221025004327.568476-8-Jason@zx2c4.com
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
---
10
target/arm/translate.c | 20 ++++++++++++++++++++
11
hw/m68k/q800.c | 33 +++++++++++++--------------------
11
target/arm/translate-neon.c.inc | 19 -------------------
12
1 file changed, 13 insertions(+), 20 deletions(-)
12
2 files changed, 20 insertions(+), 19 deletions(-)
13
13
14
diff --git a/target/arm/translate.c b/target/arm/translate.c
14
diff --git a/hw/m68k/q800.c b/hw/m68k/q800.c
15
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
16
--- a/target/arm/translate.c
16
--- a/hw/m68k/q800.c
17
+++ b/target/arm/translate.c
17
+++ b/hw/m68k/q800.c
18
@@ -XXX,XX +XXX,XX @@ static long neon_full_reg_offset(unsigned reg)
18
@@ -XXX,XX +XXX,XX @@ static const TypeInfo glue_info = {
19
return offsetof(CPUARMState, vfp.zregs[reg >> 1].d[reg & 1]);
19
},
20
};
21
22
-typedef struct {
23
- M68kCPU *cpu;
24
- struct bi_record *rng_seed;
25
-} ResetInfo;
26
-
27
static void main_cpu_reset(void *opaque)
28
{
29
- ResetInfo *reset_info = opaque;
30
- M68kCPU *cpu = reset_info->cpu;
31
+ M68kCPU *cpu = opaque;
32
CPUState *cs = CPU(cpu);
33
34
- if (reset_info->rng_seed) {
35
- qemu_guest_getrandom_nofail((void *)reset_info->rng_seed->data + 2,
36
- be16_to_cpu(*(uint16_t *)reset_info->rng_seed->data));
37
- }
38
-
39
cpu_reset(cs);
40
cpu->env.aregs[7] = ldl_phys(cs->as, 0);
41
cpu->env.pc = ldl_phys(cs->as, 4);
20
}
42
}
21
43
22
+/*
44
+static void rerandomize_rng_seed(void *opaque)
23
+ * Return the offset of a 2**SIZE piece of a NEON register, at index ELE,
24
+ * where 0 is the least significant end of the register.
25
+ */
26
+static long neon_element_offset(int reg, int element, MemOp size)
27
+{
45
+{
28
+ int element_size = 1 << size;
46
+ struct bi_record *rng_seed = opaque;
29
+ int ofs = element * element_size;
47
+ qemu_guest_getrandom_nofail((void *)rng_seed->data + 2,
30
+#ifdef HOST_WORDS_BIGENDIAN
48
+ be16_to_cpu(*(uint16_t *)rng_seed->data));
31
+ /*
32
+ * Calculate the offset assuming fully little-endian,
33
+ * then XOR to account for the order of the 8-byte units.
34
+ */
35
+ if (element_size < 8) {
36
+ ofs ^= 8 - element_size;
37
+ }
38
+#endif
39
+ return neon_full_reg_offset(reg) + ofs;
40
+}
49
+}
41
+
50
+
42
static inline long vfp_reg_offset(bool dp, unsigned reg)
51
static uint8_t fake_mac_rom[] = {
43
{
52
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
44
if (dp) {
53
45
diff --git a/target/arm/translate-neon.c.inc b/target/arm/translate-neon.c.inc
54
@@ -XXX,XX +XXX,XX @@ static void q800_init(MachineState *machine)
46
index XXXXXXX..XXXXXXX 100644
55
NubusBus *nubus;
47
--- a/target/arm/translate-neon.c.inc
56
DeviceState *glue;
48
+++ b/target/arm/translate-neon.c.inc
57
DriveInfo *dinfo;
49
@@ -XXX,XX +XXX,XX @@ static inline int neon_3same_fp_size(DisasContext *s, int x)
58
- ResetInfo *reset_info;
50
#include "decode-neon-ls.c.inc"
59
uint8_t rng_seed[32];
51
#include "decode-neon-shared.c.inc"
60
52
61
linux_boot = (kernel_filename != NULL);
53
-/* Return the offset of a 2**SIZE piece of a NEON register, at index ELE,
62
@@ -XXX,XX +XXX,XX @@ static void q800_init(MachineState *machine)
54
- * where 0 is the least significant end of the register.
63
exit(1);
55
- */
64
}
56
-static inline long
65
57
-neon_element_offset(int reg, int element, MemOp size)
66
- reset_info = g_new0(ResetInfo, 1);
58
-{
59
- int element_size = 1 << size;
60
- int ofs = element * element_size;
61
-#ifdef HOST_WORDS_BIGENDIAN
62
- /* Calculate the offset assuming fully little-endian,
63
- * then XOR to account for the order of the 8-byte units.
64
- */
65
- if (element_size < 8) {
66
- ofs ^= 8 - element_size;
67
- }
68
-#endif
69
- return neon_full_reg_offset(reg) + ofs;
70
-}
71
-
67
-
72
static void neon_load_element(TCGv_i32 var, int reg, int ele, MemOp mop)
68
/* init CPUs */
73
{
69
cpu = M68K_CPU(cpu_create(machine->cpu_type));
74
long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
70
- reset_info->cpu = cpu;
71
- qemu_register_reset(main_cpu_reset, reset_info);
72
+ qemu_register_reset(main_cpu_reset, cpu);
73
74
/* RAM */
75
memory_region_add_subregion(get_system_memory(), 0, machine->ram);
76
@@ -XXX,XX +XXX,XX @@ static void q800_init(MachineState *machine)
77
BOOTINFO0(param_ptr, BI_LAST);
78
rom_add_blob_fixed_as("bootinfo", param_blob, param_ptr - param_blob,
79
parameters_base, cs->as);
80
- reset_info->rng_seed = rom_ptr_for_as(cs->as, parameters_base,
81
- param_ptr - param_blob) +
82
- (param_rng_seed - param_blob);
83
+ qemu_register_reset_nosnapshotload(rerandomize_rng_seed,
84
+ rom_ptr_for_as(cs->as, parameters_base,
85
+ param_ptr - param_blob) +
86
+ (param_rng_seed - param_blob));
87
g_free(param_blob);
88
} else {
89
uint8_t *ptr;
75
--
90
--
76
2.20.1
91
2.25.1
77
78
diff view generated by jsdifflib
[PULL 19/26] hw/display/omap_lcdc: Fix potential NULL pointer dereference
[PULL 28/30] mips/boston: re-randomize rng-seed on reboot
1
From: AlexChen <alex.chen@huawei.com>
1
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2
2
3
In omap_lcd_interrupts(), the pointer omap_lcd is dereferinced before
3
When the system reboots, the rng-seed that the FDT has should be
4
being check if it is valid, which may lead to NULL pointer dereference.
4
re-randomized, so that the new boot gets a new seed. Since the FDT is in
5
So move the assignment to surface after checking that the omap_lcd is valid
5
the ROM region at this point, we add a hook right after the ROM has been
6
and move surface_bits_per_pixel(surface) to after the surface assignment.
6
added, so that we have a pointer to that copy of the FDT.
7
7
8
Reported-by: Euler Robot <euler.robot@huawei.com>
8
Cc: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
9
Signed-off-by: AlexChen <alex.chen@huawei.com>
9
Cc: Paul Burton <paulburton@kernel.org>
10
Message-id: 5F9CDB8A.9000001@huawei.com
10
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
11
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
12
Message-id: 20221025004327.568476-9-Jason@zx2c4.com
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
13
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
15
---
14
hw/display/omap_lcdc.c | 10 +++++++---
16
hw/mips/boston.c | 3 +++
15
1 file changed, 7 insertions(+), 3 deletions(-)
17
1 file changed, 3 insertions(+)
16
18
17
diff --git a/hw/display/omap_lcdc.c b/hw/display/omap_lcdc.c
19
diff --git a/hw/mips/boston.c b/hw/mips/boston.c
18
index XXXXXXX..XXXXXXX 100644
20
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/display/omap_lcdc.c
21
--- a/hw/mips/boston.c
20
+++ b/hw/display/omap_lcdc.c
22
+++ b/hw/mips/boston.c
21
@@ -XXX,XX +XXX,XX @@ static void omap_lcd_interrupts(struct omap_lcd_panel_s *s)
23
@@ -XXX,XX +XXX,XX @@
22
static void omap_update_display(void *opaque)
24
#include "sysemu/sysemu.h"
23
{
25
#include "sysemu/qtest.h"
24
struct omap_lcd_panel_s *omap_lcd = (struct omap_lcd_panel_s *) opaque;
26
#include "sysemu/runstate.h"
25
- DisplaySurface *surface = qemu_console_surface(omap_lcd->con);
27
+#include "sysemu/reset.h"
26
+ DisplaySurface *surface;
28
27
draw_line_func draw_line;
29
#include <libfdt.h>
28
int size, height, first, last;
30
#include "qom/object.h"
29
int width, linesize, step, bpp, frame_offset;
31
@@ -XXX,XX +XXX,XX @@ static void boston_mach_init(MachineState *machine)
30
hwaddr frame_base;
32
/* Calculate real fdt size after filter */
31
33
dt_size = fdt_totalsize(dtb_load_data);
32
- if (!omap_lcd || omap_lcd->plm == 1 || !omap_lcd->enable ||
34
rom_add_blob_fixed("dtb", dtb_load_data, dt_size, dtb_paddr);
33
- !surface_bits_per_pixel(surface)) {
35
+ qemu_register_reset_nosnapshotload(qemu_fdt_randomize_seeds,
34
+ if (!omap_lcd || omap_lcd->plm == 1 || !omap_lcd->enable) {
36
+ rom_ptr(dtb_paddr, dt_size));
35
+ return;
37
} else {
36
+ }
38
/* Try to load file as FIT */
37
+
39
fit_err = load_fit(&boston_fit_loader, machine->kernel_filename, s);
38
+ surface = qemu_console_surface(omap_lcd->con);
39
+ if (!surface_bits_per_pixel(surface)) {
40
return;
41
}
42
43
--
40
--
44
2.20.1
41
2.25.1
45
42
46
43
diff view generated by jsdifflib
[PULL 21/26] target/arm: Get correct MMU index for other-security-state
[PULL 29/30] openrisc: re-randomize rng-seed on reboot
1
In arm_v7m_mmu_idx_for_secstate() we get the 'priv' level to pass to
1
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2
armv7m_mmu_idx_for_secstate_and_priv() by calling arm_current_el().
3
This is incorrect when the security state being queried is not the
4
current one, because arm_current_el() uses the current security state
5
to determine which of the banked CONTROL.nPRIV bits to look at.
6
The effect was that if (for instance) Secure state was in privileged
7
mode but Non-Secure was not then we would return the wrong MMU index.
8
2
9
The only places where we are using this function in a way that could
3
When the system reboots, the rng-seed that the FDT has should be
10
trigger this bug are for the stack loads during a v8M function-return
4
re-randomized, so that the new boot gets a new seed. Since the FDT is in
11
and for the instruction fetch of a v8M SG insn.
5
the ROM region at this point, we add a hook right after the ROM has been
6
added, so that we have a pointer to that copy of the FDT.
12
7
13
Fix the bug by expanding out the M-profile version of the
8
Cc: Stafford Horne <shorne@gmail.com>
14
arm_current_el() logic inline so it can use the passed in secstate
9
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
15
rather than env->v7m.secure.
10
Message-id: 20221025004327.568476-11-Jason@zx2c4.com
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
14
hw/openrisc/boot.c | 3 +++
15
1 file changed, 3 insertions(+)
16
16
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
diff --git a/hw/openrisc/boot.c b/hw/openrisc/boot.c
18
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
19
Message-id: 20201022164408.13214-1-peter.maydell@linaro.org
20
---
21
target/arm/m_helper.c | 3 ++-
22
1 file changed, 2 insertions(+), 1 deletion(-)
23
24
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
25
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
26
--- a/target/arm/m_helper.c
19
--- a/hw/openrisc/boot.c
27
+++ b/target/arm/m_helper.c
20
+++ b/hw/openrisc/boot.c
28
@@ -XXX,XX +XXX,XX @@ ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env,
21
@@ -XXX,XX +XXX,XX @@
29
/* Return the MMU index for a v7M CPU in the specified security state */
22
#include "hw/openrisc/boot.h"
30
ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate)
23
#include "sysemu/device_tree.h"
31
{
24
#include "sysemu/qtest.h"
32
- bool priv = arm_current_el(env) != 0;
25
+#include "sysemu/reset.h"
33
+ bool priv = arm_v7m_is_handler_mode(env) ||
26
34
+ !(env->v7m.control[secstate] & 1);
27
#include <libfdt.h>
35
28
36
return arm_v7m_mmu_idx_for_secstate_and_priv(env, secstate, priv);
29
@@ -XXX,XX +XXX,XX @@ uint32_t openrisc_load_fdt(void *fdt, hwaddr load_start,
30
31
rom_add_blob_fixed_as("fdt", fdt, fdtsize, fdt_addr,
32
&address_space_memory);
33
+ qemu_register_reset_nosnapshotload(qemu_fdt_randomize_seeds,
34
+ rom_ptr_for_as(&address_space_memory, fdt_addr, fdtsize));
35
36
return fdt_addr;
37
}
37
}
38
--
38
--
39
2.20.1
39
2.25.1
40
41
diff view generated by jsdifflib
[PULL 17/26] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363)
[PULL 30/30] rx: re-randomize rng-seed on reboot
1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
1
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
2
2
3
Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.
3
When the system reboots, the rng-seed that the FDT has should be
4
This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):
4
re-randomized, so that the new boot gets a new seed. Since the FDT is in
5
the ROM region at this point, we add a hook right after the ROM has been
6
added, so that we have a pointer to that copy of the FDT.
5
7
6
CID 1432363 (#1 of 1): Unintentional integer overflow:
8
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
7
9
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
8
overflow_before_widen:
10
Message-id: 20221025004327.568476-12-Jason@zx2c4.com
9
Potentially overflowing expression 1 << scale with type int
10
(32 bits, signed) is evaluated using 32-bit arithmetic, and
11
then used in a context that expects an expression of type
12
hwaddr (64 bits, unsigned).
13
14
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
15
Acked-by: Eric Auger <eric.auger@redhat.com>
16
Message-id: 20201030144617.1535064-1-philmd@redhat.com
17
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
---
13
---
20
hw/arm/smmuv3.c | 3 ++-
14
hw/rx/rx-gdbsim.c | 3 +++
21
1 file changed, 2 insertions(+), 1 deletion(-)
15
1 file changed, 3 insertions(+)
22
16
23
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
17
diff --git a/hw/rx/rx-gdbsim.c b/hw/rx/rx-gdbsim.c
24
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
25
--- a/hw/arm/smmuv3.c
19
--- a/hw/rx/rx-gdbsim.c
26
+++ b/hw/arm/smmuv3.c
20
+++ b/hw/rx/rx-gdbsim.c
27
@@ -XXX,XX +XXX,XX @@
21
@@ -XXX,XX +XXX,XX @@
28
*/
22
#include "hw/rx/rx62n.h"
29
23
#include "sysemu/qtest.h"
30
#include "qemu/osdep.h"
24
#include "sysemu/device_tree.h"
31
+#include "qemu/bitops.h"
25
+#include "sysemu/reset.h"
32
#include "hw/irq.h"
26
#include "hw/boards.h"
33
#include "hw/sysbus.h"
27
#include "qom/object.h"
34
#include "migration/vmstate.h"
28
35
@@ -XXX,XX +XXX,XX @@ static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd)
29
@@ -XXX,XX +XXX,XX @@ static void rx_gdbsim_init(MachineState *machine)
36
scale = CMD_SCALE(cmd);
30
dtb_offset = ROUND_DOWN(machine->ram_size - dtb_size, 16);
37
num = CMD_NUM(cmd);
31
rom_add_blob_fixed("dtb", dtb, dtb_size,
38
ttl = CMD_TTL(cmd);
32
SDRAM_BASE + dtb_offset);
39
- num_pages = (num + 1) * (1 << (scale));
33
+ qemu_register_reset_nosnapshotload(qemu_fdt_randomize_seeds,
40
+ num_pages = (num + 1) * BIT_ULL(scale);
34
+ rom_ptr(SDRAM_BASE + dtb_offset, dtb_size));
41
}
35
/* Set dtb address to R1 */
42
36
RX_CPU(first_cpu)->env.regs[1] = SDRAM_BASE + dtb_offset;
43
if (type == SMMU_CMD_TLBI_NH_VA) {
37
}
44
--
38
--
45
2.20.1
39
2.25.1
46
47
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.