[PULL 00/24] target-arm queue
[PULL 00/15] target-arm queue
1
A big pullreq by number of patches, but most of them are just docs
1
Some arm patches before softfreeze. These are all bug fixes.
2
updates or MAINTAINERS file fixes. The actual code changes are pretty
3
minimal bugfixes.
4
2
5
thanks
6
-- PMM
3
-- PMM
7
4
8
The following changes since commit 8cc30eb1400fc01f2b139cdd3dc524f8b84dbe07:
5
The following changes since commit 0ebf76aae58324b8f7bf6af798696687f5f4c2a9:
9
6
10
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-20201122' into staging (2020-11-22 15:02:52 +0000)
7
Merge tag 'nvme-next-pull-request' of git://git.infradead.org/qemu-nvme into staging (2022-07-15 15:38:13 +0100)
11
8
12
are available in the Git repository at:
9
are available in the Git repository at:
13
10
14
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201123
11
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220718
15
12
16
for you to fetch changes up to c6ff78563ad2971f289168c7cae6ecb0b4359516:
13
for you to fetch changes up to 004c8a8bc569c8b18fca6fc90ffe3223daaf17b7:
17
14
18
docs/system/pr-manager.rst: Fix minor docs nits (2020-11-23 11:10:04 +0000)
15
Align Raspberry Pi DMA interrupts with Linux DTS (2022-07-18 13:25:13 +0100)
19
16
20
----------------------------------------------------------------
17
----------------------------------------------------------------
21
target-arm queue:
18
target-arm queue:
22
* incorporate 'orphan' rST docs into manuals
19
* hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ that is being held high
23
* linux-user/arm: Deliver SIGTRAP for UDF patterns used as breakpoints
20
* target/arm: Fill in VL for tbflags when SME enabled and SVE disabled
24
* target/arm: Make SYS_HEAPINFO work with RAM that doesn't start at 0
21
* target/arm: Fix aarch64_sve_change_el for SME
25
* document raspi boards and tosa
22
* linux-user/aarch64: Do not clear PROT_MTE on mprotect
26
* docs/system: Deprecate raspi2/raspi3 machine aliases
23
* target/arm: Honour VTCR_EL2 bits in Secure EL2
27
* docs/system/arm: Document OpenPOWER Witherspoon BMC model Front LEDs
24
* hw/adc: Fix CONV bit in NPCM7XX ADC CON register
28
* MAINTAINERS: add lines for docs files for Arm boards
25
* hw/adc: Make adci[*] R/W in NPCM7XX ADC
29
* hw/intc: fix heap-buffer-overflow in rxicu_realize()
26
* target/arm: Don't set syndrome ISS for loads and stores with writeback
30
* hw/arm: Fix bad print format specifiers
27
* Align Raspberry Pi DMA interrupts with Linux DTS
31
* target/arm: fix stage 2 page-walks in 32-bit emulation
32
28
33
----------------------------------------------------------------
29
----------------------------------------------------------------
34
AlexChen (1):
30
Andrey Makarov (1):
35
hw/arm: Fix bad print format specifiers
31
Align Raspberry Pi DMA interrupts with Linux DTS
36
32
37
Chen Qun (1):
33
Hao Wu (2):
38
hw/intc: fix heap-buffer-overflow in rxicu_realize()
34
hw/adc: Fix CONV bit in NPCM7XX ADC CON register
35
hw/adc: Make adci[*] R/W in NPCM7XX ADC
39
36
40
Peter Maydell (11):
37
Peter Maydell (9):
41
target/arm: Make SYS_HEAPINFO work with RAM that doesn't start at 0
38
hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ that is being held high
42
linux-user/arm: Deliver SIGTRAP for UDF patterns used as breakpoints
39
target/arm: Define and use new regime_tcr_value() function
43
docs: Move virtio-net-failover.rst into the system manual
40
target/arm: Calculate mask/base_mask in get_level1_table_address()
44
docs: Move cpu-hotplug.rst into the system manual
41
target/arm: Fold regime_tcr() and regime_tcr_value() together
45
docs: Move virtio-pmem.rst into the system manual
42
target/arm: Fix big-endian host handling of VTCR
46
docs/system/virtio-pmem.rst: Fix minor style issues
43
target/arm: Store VTCR_EL2, VSTCR_EL2 registers as uint64_t
47
docs: Split out 'pc' machine model docs into their own file
44
target/arm: Store TCR_EL* registers as uint64_t
48
docs: Move microvm.rst into the system manual
45
target/arm: Honour VTCR_EL2 bits in Secure EL2
49
docs: Move pr-manager.rst into the system manual
46
target/arm: Don't set syndrome ISS for loads and stores with writeback
50
docs: Split qemu-pr-helper documentation into tools manual
51
docs/system/pr-manager.rst: Fix minor docs nits
52
47
53
Philippe Mathieu-Daudé (10):
48
Richard Henderson (3):
54
MAINTAINERS: Cover system/arm/cpu-features.rst with ARM TCG CPUs
49
target/arm: Fill in VL for tbflags when SME enabled and SVE disabled
55
MAINTAINERS: Cover system/arm/aspeed.rst with ASPEED BMC machines
50
target/arm: Fix aarch64_sve_change_el for SME
56
MAINTAINERS: Cover system/arm/nuvoton.rst with Nuvoton NPCM7xx
51
linux-user/aarch64: Do not clear PROT_MTE on mprotect
57
MAINTAINERS: Fix system/arm/orangepi.rst path
58
MAINTAINERS: Cover system/arm/sbsa.rst with SBSA-REF machine
59
MAINTAINERS: Cover system/arm/sx1.rst with OMAP machines
60
docs/system: Deprecate raspi2/raspi3 machine aliases
61
docs/system/arm: Document the various raspi boards
62
docs/system/arm: Document OpenPOWER Witherspoon BMC model Front LEDs
63
docs/system/arm: Document the Sharp Zaurus SL-6000
64
52
65
Rémi Denis-Courmont (1):
53
include/hw/arm/bcm2835_peripherals.h | 2 +
66
target/arm: fix stage 2 page-walks in 32-bit emulation
54
target/arm/cpu.h | 38 ++++++++---
67
55
target/arm/internals.h | 34 +++++++---
68
docs/meson.build | 1 +
56
accel/tcg/translate-all.c | 13 +++-
69
docs/system/arm/aspeed.rst | 1 +
57
hw/adc/npcm7xx_adc.c | 4 +-
70
docs/system/arm/raspi.rst | 43 +++++++++++++++
58
hw/arm/bcm2835_peripherals.c | 26 ++++++-
71
docs/system/arm/xscale.rst | 20 ++++---
59
hw/intc/armv7m_nvic.c | 9 ++-
72
docs/{ => system}/cpu-hotplug.rst | 0
60
target/arm/cpu.c | 2 +-
73
docs/system/deprecated.rst | 7 +++
61
target/arm/debug_helper.c | 2 +-
74
docs/{ => system/i386}/microvm.rst | 5 +-
62
target/arm/helper.c | 128 ++++++++++++++++-------------------
75
docs/system/i386/pc.rst | 7 +++
63
target/arm/ptw.c | 38 ++++++-----
76
docs/system/index.rst | 4 ++
64
target/arm/tlb_helper.c | 2 +-
77
docs/{ => system}/pr-manager.rst | 44 +++------------
65
target/arm/translate-a64.c | 4 +-
78
docs/system/target-arm.rst | 1 +
66
tests/qtest/bcm2835-dma-test.c | 118 ++++++++++++++++++++++++++++++++
79
docs/system/target-i386.rst | 19 +++++--
67
tests/qtest/npcm7xx_adc-test.c | 2 +-
80
docs/{ => system}/virtio-net-failover.rst | 0
68
tests/qtest/meson.build | 3 +-
81
docs/system/virtio-pmem.rst | 76 ++++++++++++++++++++++++++
69
16 files changed, 306 insertions(+), 119 deletions(-)
82
docs/tools/conf.py | 2 +
70
create mode 100644 tests/qtest/bcm2835-dma-test.c
83
docs/tools/index.rst | 1 +
84
docs/tools/qemu-pr-helper.rst | 90 +++++++++++++++++++++++++++++++
85
docs/virtio-pmem.rst | 76 --------------------------
86
hw/arm/pxa2xx.c | 2 +-
87
hw/arm/spitz.c | 2 +-
88
hw/arm/tosa.c | 2 +-
89
hw/intc/rx_icu.c | 18 +++----
90
linux-user/arm/cpu_loop.c | 28 ++++++++++
91
target/arm/arm-semi.c | 12 +++--
92
target/arm/helper.c | 4 +-
93
MAINTAINERS | 8 ++-
94
26 files changed, 326 insertions(+), 147 deletions(-)
95
create mode 100644 docs/system/arm/raspi.rst
96
rename docs/{ => system}/cpu-hotplug.rst (100%)
97
rename docs/{ => system/i386}/microvm.rst (98%)
98
create mode 100644 docs/system/i386/pc.rst
99
rename docs/{ => system}/pr-manager.rst (68%)
100
rename docs/{ => system}/virtio-net-failover.rst (100%)
101
create mode 100644 docs/system/virtio-pmem.rst
102
create mode 100644 docs/tools/qemu-pr-helper.rst
103
delete mode 100644 docs/virtio-pmem.rst
104
diff view generated by jsdifflib
[PULL 24/24] docs/system/pr-manager.rst: Fix minor docs nits
[PULL 01/15] hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ that is being held high
1
Fix a couple of nits in pr-manager.rst:
1
In the M-profile Arm ARM, rule R_CVJS defines when an interrupt should
2
* the title marker for the top level heading is overlength
2
be set to the Pending state:
3
* stray capital 'R' in the middle of a sentence
3
A) when the input line is high and the interrupt is not Active
4
B) when the input line transitions from low to high and the interrupt
5
is Active
6
(Note that the first of these is an ongoing condition, and the
7
second is a point-in-time event.)
4
8
9
This can be rephrased as:
10
1 when the line goes from low to high, set Pending
11
2 when Active goes from 1 to 0, if line is high then set Pending
12
3 ignore attempts to clear Pending when the line is high
13
and Active is 0
14
15
where 1 covers both B and one of the "transition into condition A"
16
cases, 2 deals with the other "transition into condition A"
17
possibility, and 3 is "don't drop Pending if we're already in
18
condition A". Transitions out of condition A don't affect Pending
19
state.
20
21
We handle case 1 in set_irq_level(). For an interrupt (as opposed
22
to other kinds of exception) the only place where we clear Active
23
is in armv7m_nvic_complete_irq(), where we handle case 2 by
24
checking for whether we need to re-pend the exception. For case 3,
25
the only places where we clear Pending state on an interrupt are in
26
armv7m_nvic_acknowledge_irq() (where we are setting Active so it
27
doesn't count) and for writes to NVIC_ICPRn.
28
29
It is the "write to NVIC_ICPRn" case that we missed: we must ignore
30
this if the input line is high and the interrupt is not Active.
31
(This required behaviour is differently and perhaps more clearly
32
stated in the v7M Arm ARM, which has pseudocode in section B3.4.1
33
that implies it.)
34
35
Reported-by: Igor Kotrasiński <i.kotrasinsk@samsung.com>
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
36
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
37
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
38
Message-id: 20220628154724.3297442-1-peter.maydell@linaro.org
7
---
39
---
8
docs/system/pr-manager.rst | 6 +++---
40
hw/intc/armv7m_nvic.c | 9 ++++++++-
9
1 file changed, 3 insertions(+), 3 deletions(-)
41
1 file changed, 8 insertions(+), 1 deletion(-)
10
42
11
diff --git a/docs/system/pr-manager.rst b/docs/system/pr-manager.rst
43
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
12
index XXXXXXX..XXXXXXX 100644
44
index XXXXXXX..XXXXXXX 100644
13
--- a/docs/system/pr-manager.rst
45
--- a/hw/intc/armv7m_nvic.c
14
+++ b/docs/system/pr-manager.rst
46
+++ b/hw/intc/armv7m_nvic.c
15
@@ -XXX,XX +XXX,XX @@
47
@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
16
-======================================
48
startvec = 8 * (offset - 0x280) + NVIC_FIRST_IRQ; /* vector # */
17
+===============================
49
18
Persistent reservation managers
50
for (i = 0, end = size * 8; i < end && startvec + i < s->num_irq; i++) {
19
-======================================
51
+ /*
20
+===============================
52
+ * Note that if the input line is still held high and the interrupt
21
53
+ * is not active then rule R_CVJS requires that the Pending state
22
-SCSI persistent Reservations allow restricting access to block devices
54
+ * remains set; in that case we mustn't let it be cleared.
23
+SCSI persistent reservations allow restricting access to block devices
55
+ */
24
to specific initiators in a shared storage setup. When implementing
56
if (value & (1 << i) &&
25
clustering of virtual machines, it is a common requirement for virtual
57
- (attrs.secure || s->itns[startvec + i])) {
26
machines to send persistent reservation SCSI commands. However,
58
+ (attrs.secure || s->itns[startvec + i]) &&
59
+ !(setval == 0 && s->vectors[startvec + i].level &&
60
+ !s->vectors[startvec + i].active)) {
61
s->vectors[startvec + i].pending = setval;
62
}
63
}
27
--
64
--
28
2.20.1
65
2.25.1
29
66
30
67
diff view generated by jsdifflib
[PULL 05/24] MAINTAINERS: Cover system/arm/aspeed.rst with ASPEED BMC machines
[PULL 02/15] target/arm: Fill in VL for tbflags when SME enabled and SVE disabled
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
3
When PSTATE.SM, VL = SVL even if SVE is disabled.
4
Reviewed-by: Cédric Le Goater <clg@kaod.org>
4
This is visible in kselftest ssve-test.
5
Message-id: 20201120154545.2504625-3-f4bug@amsat.org
5
6
Reported-by: Mark Brown <broonie@kernel.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20220713045848.217364-2-richard.henderson@linaro.org
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
11
---
9
MAINTAINERS | 1 +
12
target/arm/helper.c | 10 ++++++++--
10
1 file changed, 1 insertion(+)
13
1 file changed, 8 insertions(+), 2 deletions(-)
11
14
12
diff --git a/MAINTAINERS b/MAINTAINERS
15
diff --git a/target/arm/helper.c b/target/arm/helper.c
13
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
14
--- a/MAINTAINERS
17
--- a/target/arm/helper.c
15
+++ b/MAINTAINERS
18
+++ b/target/arm/helper.c
16
@@ -XXX,XX +XXX,XX @@ F: include/hw/*/*aspeed*
19
@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
17
F: include/hw/misc/pca9552*.h
20
}
18
F: hw/net/ftgmac100.c
21
if (cpu_isar_feature(aa64_sme, env_archcpu(env))) {
19
F: include/hw/net/ftgmac100.h
22
int sme_el = sme_exception_el(env, el);
20
+F: docs/system/arm/aspeed.rst
23
+ bool sm = FIELD_EX64(env->svcr, SVCR, SM);
21
24
22
NRF51
25
DP_TBFLAG_A64(flags, SMEEXC_EL, sme_el);
23
M: Joel Stanley <joel@jms.id.au>
26
if (sme_el == 0) {
27
/* Similarly, do not compute SVL if SME is disabled. */
28
- DP_TBFLAG_A64(flags, SVL, sve_vqm1_for_el_sm(env, el, true));
29
+ int svl = sve_vqm1_for_el_sm(env, el, true);
30
+ DP_TBFLAG_A64(flags, SVL, svl);
31
+ if (sm) {
32
+ /* If SVE is disabled, we will not have set VL above. */
33
+ DP_TBFLAG_A64(flags, VL, svl);
34
+ }
35
}
36
- if (FIELD_EX64(env->svcr, SVCR, SM)) {
37
+ if (sm) {
38
DP_TBFLAG_A64(flags, PSTATE_SM, 1);
39
DP_TBFLAG_A64(flags, SME_TRAP_NONSTREAMING, !sme_fa64(env, el));
40
}
24
--
41
--
25
2.20.1
42
2.25.1
26
27
diff view generated by jsdifflib
[PULL 01/24] target/arm: fix stage 2 page-walks in 32-bit emulation
[PULL 03/15] target/arm: Fix aarch64_sve_change_el for SME
1
From: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Using a target unsigned long would limit the Input Address to a LPAE
3
We were only checking for SVE disabled and not taking into
4
page-walk to 32 bits on AArch32 and 64 bits on AArch64. This is okay
4
account PSTATE.SM to check SME disabled, which resulted in
5
for stage 1 or on AArch64, but it is insufficient for stage 2 on
5
vectors being incorrectly truncated.
6
AArch32. In that later case, the Input Address can have up to 40 bits.
7
6
8
Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20220713045848.217364-3-richard.henderson@linaro.org
10
Message-id: 20201118150414.18360-1-remi@remlab.net
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
11
---
13
target/arm/helper.c | 4 ++--
12
target/arm/helper.c | 31 +++++++++++++++++++++++++------
14
1 file changed, 2 insertions(+), 2 deletions(-)
13
1 file changed, 25 insertions(+), 6 deletions(-)
15
14
16
diff --git a/target/arm/helper.c b/target/arm/helper.c
15
diff --git a/target/arm/helper.c b/target/arm/helper.c
17
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/helper.c
17
--- a/target/arm/helper.c
19
+++ b/target/arm/helper.c
18
+++ b/target/arm/helper.c
20
@@ -XXX,XX +XXX,XX @@
19
@@ -XXX,XX +XXX,XX @@ void aarch64_sve_narrow_vq(CPUARMState *env, unsigned vq)
21
20
}
22
#ifndef CONFIG_USER_ONLY
21
}
23
22
24
-static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
23
+static uint32_t sve_vqm1_for_el_sm_ena(CPUARMState *env, int el, bool sm)
25
+static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
24
+{
26
MMUAccessType access_type, ARMMMUIdx mmu_idx,
25
+ int exc_el;
27
bool s1_is_el0,
26
+
28
hwaddr *phys_ptr, MemTxAttrs *txattrs, int *prot,
27
+ if (sm) {
29
@@ -XXX,XX +XXX,XX @@ static ARMVAParameters aa32_va_parameters(CPUARMState *env, uint32_t va,
28
+ exc_el = sme_exception_el(env, el);
30
* @fi: set to fault info if the translation fails
29
+ } else {
31
* @cacheattrs: (if non-NULL) set to the cacheability/shareability attributes
30
+ exc_el = sve_exception_el(env, el);
31
+ }
32
+ if (exc_el) {
33
+ return 0; /* disabled */
34
+ }
35
+ return sve_vqm1_for_el_sm(env, el, sm);
36
+}
37
+
38
/*
39
* Notice a change in SVE vector size when changing EL.
32
*/
40
*/
33
-static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
41
@@ -XXX,XX +XXX,XX @@ void aarch64_sve_change_el(CPUARMState *env, int old_el,
34
+static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
42
{
35
MMUAccessType access_type, ARMMMUIdx mmu_idx,
43
ARMCPU *cpu = env_archcpu(env);
36
bool s1_is_el0,
44
int old_len, new_len;
37
hwaddr *phys_ptr, MemTxAttrs *txattrs, int *prot,
45
- bool old_a64, new_a64;
46
+ bool old_a64, new_a64, sm;
47
48
/* Nothing to do if no SVE. */
49
if (!cpu_isar_feature(aa64_sve, cpu)) {
50
@@ -XXX,XX +XXX,XX @@ void aarch64_sve_change_el(CPUARMState *env, int old_el,
51
* invoke ResetSVEState when taking an exception from, or
52
* returning to, AArch32 state when PSTATE.SM is enabled.
53
*/
54
- if (old_a64 != new_a64 && FIELD_EX64(env->svcr, SVCR, SM)) {
55
+ sm = FIELD_EX64(env->svcr, SVCR, SM);
56
+ if (old_a64 != new_a64 && sm) {
57
arm_reset_sve_state(env);
58
return;
59
}
60
@@ -XXX,XX +XXX,XX @@ void aarch64_sve_change_el(CPUARMState *env, int old_el,
61
* we already have the correct register contents when encountering the
62
* vq0->vq0 transition between EL0->EL1.
63
*/
64
- old_len = (old_a64 && !sve_exception_el(env, old_el)
65
- ? sve_vqm1_for_el(env, old_el) : 0);
66
- new_len = (new_a64 && !sve_exception_el(env, new_el)
67
- ? sve_vqm1_for_el(env, new_el) : 0);
68
+ old_len = new_len = 0;
69
+ if (old_a64) {
70
+ old_len = sve_vqm1_for_el_sm_ena(env, old_el, sm);
71
+ }
72
+ if (new_a64) {
73
+ new_len = sve_vqm1_for_el_sm_ena(env, new_el, sm);
74
+ }
75
76
/* When changing vector length, clear inaccessible state. */
77
if (new_len < old_len) {
38
--
78
--
39
2.20.1
79
2.25.1
40
41
diff view generated by jsdifflib
[PULL 02/24] hw/arm: Fix bad print format specifiers
Deleted patch
1
From: AlexChen <alex.chen@huawei.com>
2
1
3
We should use printf format specifier "%u" instead of "%i" for
4
argument of type "unsigned int".
5
6
Reported-by: Euler Robot <euler.robot@huawei.com>
7
Signed-off-by: Alex Chen <alex.chen@huawei.com>
8
Message-id: 5F9FD78B.8000300@huawei.com
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
hw/arm/pxa2xx.c | 2 +-
13
hw/arm/spitz.c | 2 +-
14
hw/arm/tosa.c | 2 +-
15
3 files changed, 3 insertions(+), 3 deletions(-)
16
17
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
18
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/arm/pxa2xx.c
20
+++ b/hw/arm/pxa2xx.c
21
@@ -XXX,XX +XXX,XX @@ static void pxa2xx_ssp_write(void *opaque, hwaddr addr,
22
if (value & SSCR0_MOD)
23
printf("%s: Attempt to use network mode\n", __func__);
24
if (s->enable && SSCR0_DSS(value) < 4)
25
- printf("%s: Wrong data size: %i bits\n", __func__,
26
+ printf("%s: Wrong data size: %u bits\n", __func__,
27
SSCR0_DSS(value));
28
if (!(value & SSCR0_SSE)) {
29
s->sssr = 0;
30
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
31
index XXXXXXX..XXXXXXX 100644
32
--- a/hw/arm/spitz.c
33
+++ b/hw/arm/spitz.c
34
@@ -XXX,XX +XXX,XX @@ struct SpitzLCDTG {
35
static void spitz_bl_update(SpitzLCDTG *s)
36
{
37
if (s->bl_power && s->bl_intensity)
38
- zaurus_printf("LCD Backlight now at %i/63\n", s->bl_intensity);
39
+ zaurus_printf("LCD Backlight now at %u/63\n", s->bl_intensity);
40
else
41
zaurus_printf("LCD Backlight now off\n");
42
}
43
diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
44
index XXXXXXX..XXXXXXX 100644
45
--- a/hw/arm/tosa.c
46
+++ b/hw/arm/tosa.c
47
@@ -XXX,XX +XXX,XX @@ static void tosa_gpio_setup(PXA2xxState *cpu,
48
49
static uint32_t tosa_ssp_tansfer(SSISlave *dev, uint32_t value)
50
{
51
- fprintf(stderr, "TG: %d %02x\n", value >> 5, value & 0x1f);
52
+ fprintf(stderr, "TG: %u %02x\n", value >> 5, value & 0x1f);
53
return 0;
54
}
55
56
--
57
2.20.1
58
59
diff view generated by jsdifflib
[PULL 04/24] MAINTAINERS: Cover system/arm/cpu-features.rst with ARM TCG CPUs
[PULL 04/15] linux-user/aarch64: Do not clear PROT_MTE on mprotect
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
3
The documentation for PROT_MTE says that it cannot be cleared
4
Message-id: 20201120154545.2504625-2-f4bug@amsat.org
4
by mprotect. Further, the implementation of the VM_ARCH_CLEAR bit,
5
contains PROT_BTI confiming that bit should be cleared.
6
7
Introduce PAGE_TARGET_STICKY to allow target/arch/cpu.h to control
8
which bits may be reset during page_set_flags. This is sort of the
9
opposite of VM_ARCH_CLEAR, but works better with qemu's PAGE_* bits
10
that are separate from PROT_* bits.
11
12
Reported-by: Vitaly Buka <vitalybuka@google.com>
13
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
14
Message-id: 20220711031420.17820-1-richard.henderson@linaro.org
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
15
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
17
---
8
MAINTAINERS | 1 +
18
target/arm/cpu.h | 7 +++++--
9
1 file changed, 1 insertion(+)
19
accel/tcg/translate-all.c | 13 +++++++++++--
20
2 files changed, 16 insertions(+), 4 deletions(-)
10
21
11
diff --git a/MAINTAINERS b/MAINTAINERS
22
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
12
index XXXXXXX..XXXXXXX 100644
23
index XXXXXXX..XXXXXXX 100644
13
--- a/MAINTAINERS
24
--- a/target/arm/cpu.h
14
+++ b/MAINTAINERS
25
+++ b/target/arm/cpu.h
15
@@ -XXX,XX +XXX,XX @@ F: disas/arm.c
26
@@ -XXX,XX +XXX,XX @@ static inline MemTxAttrs *typecheck_memtxattrs(MemTxAttrs *x)
16
F: disas/arm-a64.cc
27
17
F: disas/libvixl/
28
/*
18
F: docs/system/target-arm.rst
29
* AArch64 usage of the PAGE_TARGET_* bits for linux-user.
19
+F: docs/system/arm/cpu-features.rst
30
+ * Note that with the Linux kernel, PROT_MTE may not be cleared by mprotect
20
31
+ * mprotect but PROT_BTI may be cleared. C.f. the kernel's VM_ARCH_CLEAR.
21
ARM SMMU
32
*/
22
M: Eric Auger <eric.auger@redhat.com>
33
-#define PAGE_BTI PAGE_TARGET_1
34
-#define PAGE_MTE PAGE_TARGET_2
35
+#define PAGE_BTI PAGE_TARGET_1
36
+#define PAGE_MTE PAGE_TARGET_2
37
+#define PAGE_TARGET_STICKY PAGE_MTE
38
39
#ifdef TARGET_TAGGED_ADDRESSES
40
/**
41
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
42
index XXXXXXX..XXXXXXX 100644
43
--- a/accel/tcg/translate-all.c
44
+++ b/accel/tcg/translate-all.c
45
@@ -XXX,XX +XXX,XX @@ int page_get_flags(target_ulong address)
46
return p->flags;
47
}
48
49
+/*
50
+ * Allow the target to decide if PAGE_TARGET_[12] may be reset.
51
+ * By default, they are not kept.
52
+ */
53
+#ifndef PAGE_TARGET_STICKY
54
+#define PAGE_TARGET_STICKY 0
55
+#endif
56
+#define PAGE_STICKY (PAGE_ANON | PAGE_TARGET_STICKY)
57
+
58
/* Modify the flags of a page and invalidate the code if necessary.
59
The flag PAGE_WRITE_ORG is positioned automatically depending
60
on PAGE_WRITE. The mmap_lock should already be held. */
61
@@ -XXX,XX +XXX,XX @@ void page_set_flags(target_ulong start, target_ulong end, int flags)
62
p->target_data = NULL;
63
p->flags = flags;
64
} else {
65
- /* Using mprotect on a page does not change MAP_ANON. */
66
- p->flags = (p->flags & PAGE_ANON) | flags;
67
+ /* Using mprotect on a page does not change sticky bits. */
68
+ p->flags = (p->flags & PAGE_STICKY) | flags;
69
}
70
}
71
}
23
--
72
--
24
2.20.1
73
2.25.1
25
26
diff view generated by jsdifflib
[PULL 15/24] linux-user/arm: Deliver SIGTRAP for UDF patterns used as breakpoints
[PULL 05/15] target/arm: Define and use new regime_tcr_value() function
1
The Linux kernel doesn't use the official bkpt insn for breakpoints;
1
The regime_tcr() function returns a pointer to a struct TCR
2
instead it uses three instructions in the guaranteed-to-UNDEF space,
2
corresponding to the TCR controlling a translation regime. The
3
and generates SIGTRAP for these rather than the SIGILL that most
3
struct TCR has the raw value of the register, plus two fields mask
4
UNDEF insns generate:
4
and base_mask which are used as a small optimization in the case of
5
32-bit short-descriptor lookups. Almost all callers of regime_tcr()
6
only want the raw register value. Define and use a new
7
regime_tcr_value() function which returns only the raw 64-bit
8
register value.
5
9
6
https://elixir.bootlin.com/linux/v5.9.8/source/arch/arm/kernel/ptrace.c#L197
10
This is a preliminary to removing the 32-bit short descriptor
7
11
optimization -- it only saves a handful of bit operations, which is
8
Make QEMU treat these insns specially too. The main benefit of this
12
tiny compared to the overhead of doing a page table walk at all, and
9
is that if you're running a debugger on a guest program that runs
13
the TCR struct is awkward and makes fixing
10
into a GCC __builtin_trap() or LLVM "trap because execution should
14
https://gitlab.com/qemu-project/qemu/-/issues/1103 unnecessarily
11
never reach here" then you'll get the expected signal rather than a
15
difficult.
12
SIGILL.
13
16
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
18
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
16
Message-id: 20201117155634.6924-1-peter.maydell@linaro.org
19
Message-id: 20220714132303.1287193-2-peter.maydell@linaro.org
17
---
20
---
18
linux-user/arm/cpu_loop.c | 28 ++++++++++++++++++++++++++++
21
target/arm/internals.h | 6 ++++++
19
1 file changed, 28 insertions(+)
22
target/arm/helper.c | 6 +++---
23
target/arm/ptw.c | 8 ++++----
24
target/arm/tlb_helper.c | 2 +-
25
4 files changed, 14 insertions(+), 8 deletions(-)
20
26
21
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
27
diff --git a/target/arm/internals.h b/target/arm/internals.h
22
index XXXXXXX..XXXXXXX 100644
28
index XXXXXXX..XXXXXXX 100644
23
--- a/linux-user/arm/cpu_loop.c
29
--- a/target/arm/internals.h
24
+++ b/linux-user/arm/cpu_loop.c
30
+++ b/target/arm/internals.h
25
@@ -XXX,XX +XXX,XX @@ do_kernel_trap(CPUARMState *env)
31
@@ -XXX,XX +XXX,XX @@ static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
26
return 0;
32
return &env->cp15.tcr_el[regime_el(env, mmu_idx)];
27
}
33
}
28
34
29
+static bool insn_is_linux_bkpt(uint32_t opcode, bool is_thumb)
35
+/* Return the raw value of the TCR controlling this translation regime */
36
+static inline uint64_t regime_tcr_value(CPUARMState *env, ARMMMUIdx mmu_idx)
30
+{
37
+{
31
+ /*
38
+ return regime_tcr(env, mmu_idx)->raw_tcr;
32
+ * Return true if this insn is one of the three magic UDF insns
33
+ * which the kernel treats as breakpoint insns.
34
+ */
35
+ if (!is_thumb) {
36
+ return (opcode & 0x0fffffff) == 0x07f001f0;
37
+ } else {
38
+ /*
39
+ * Note that we get the two halves of the 32-bit T32 insn
40
+ * in the opposite order to the value the kernel uses in
41
+ * its undef_hook struct.
42
+ */
43
+ return ((opcode & 0xffff) == 0xde01) || (opcode == 0xa000f7f0);
44
+ }
45
+}
39
+}
46
+
40
+
47
void cpu_loop(CPUARMState *env)
41
/**
42
* arm_num_brps: Return number of implemented breakpoints.
43
* Note that the ID register BRPS field is "number of bps - 1",
44
diff --git a/target/arm/helper.c b/target/arm/helper.c
45
index XXXXXXX..XXXXXXX 100644
46
--- a/target/arm/helper.c
47
+++ b/target/arm/helper.c
48
@@ -XXX,XX +XXX,XX @@ static int vae1_tlbmask(CPUARMState *env)
49
static int tlbbits_for_regime(CPUARMState *env, ARMMMUIdx mmu_idx,
50
uint64_t addr)
48
{
51
{
49
CPUState *cs = env_cpu(env);
52
- uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
50
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
53
+ uint64_t tcr = regime_tcr_value(env, mmu_idx);
51
/* FIXME - what to do if get_user() fails? */
54
int tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
52
get_user_code_u32(opcode, env->regs[15], env);
55
int select = extract64(addr, 55, 1);
53
56
54
+ /*
57
@@ -XXX,XX +XXX,XX @@ static int aa64_va_parameter_tcma(uint64_t tcr, ARMMMUIdx mmu_idx)
55
+ * The Linux kernel treats some UDF patterns specially
58
ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
56
+ * to use as breakpoints (instead of the architectural
59
ARMMMUIdx mmu_idx, bool data)
57
+ * bkpt insn). These should trigger a SIGTRAP rather
60
{
58
+ * than SIGILL.
61
- uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
59
+ */
62
+ uint64_t tcr = regime_tcr_value(env, mmu_idx);
60
+ if (insn_is_linux_bkpt(opcode, env->thumb)) {
63
bool epd, hpd, using16k, using64k, tsz_oob, ds;
61
+ goto excp_debug;
64
int select, tsz, tbi, max_tsz, min_tsz, ps, sh;
62
+ }
65
ARMCPU *cpu = env_archcpu(env);
63
+
66
@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
64
rc = EmulateAll(opcode, &ts->fpa, env);
67
{
65
if (rc == 0) { /* illegal instruction */
68
CPUARMTBFlags flags = {};
66
info.si_signo = TARGET_SIGILL;
69
ARMMMUIdx stage1 = stage_1_mmu_idx(mmu_idx);
70
- uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
71
+ uint64_t tcr = regime_tcr_value(env, mmu_idx);
72
uint64_t sctlr;
73
int tbii, tbid;
74
75
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
76
index XXXXXXX..XXXXXXX 100644
77
--- a/target/arm/ptw.c
78
+++ b/target/arm/ptw.c
79
@@ -XXX,XX +XXX,XX @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
80
static ARMVAParameters aa32_va_parameters(CPUARMState *env, uint32_t va,
81
ARMMMUIdx mmu_idx)
82
{
83
- uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
84
+ uint64_t tcr = regime_tcr_value(env, mmu_idx);
85
uint32_t el = regime_el(env, mmu_idx);
86
int select, tsz;
87
bool epd, hpd;
88
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
89
uint32_t attrs;
90
int32_t stride;
91
int addrsize, inputsize, outputsize;
92
- TCR *tcr = regime_tcr(env, mmu_idx);
93
+ uint64_t tcr = regime_tcr_value(env, mmu_idx);
94
int ap, ns, xn, pxn;
95
uint32_t el = regime_el(env, mmu_idx);
96
uint64_t descaddrmask;
97
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
98
* For stage 2 translations the starting level is specified by the
99
* VTCR_EL2.SL0 field (whose interpretation depends on the page size)
100
*/
101
- uint32_t sl0 = extract32(tcr->raw_tcr, 6, 2);
102
- uint32_t sl2 = extract64(tcr->raw_tcr, 33, 1);
103
+ uint32_t sl0 = extract32(tcr, 6, 2);
104
+ uint32_t sl2 = extract64(tcr, 33, 1);
105
uint32_t startlevel;
106
bool ok;
107
108
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
109
index XXXXXXX..XXXXXXX 100644
110
--- a/target/arm/tlb_helper.c
111
+++ b/target/arm/tlb_helper.c
112
@@ -XXX,XX +XXX,XX @@ bool regime_using_lpae_format(CPUARMState *env, ARMMMUIdx mmu_idx)
113
return true;
114
}
115
if (arm_feature(env, ARM_FEATURE_LPAE)
116
- && (regime_tcr(env, mmu_idx)->raw_tcr & TTBCR_EAE)) {
117
+ && (regime_tcr_value(env, mmu_idx) & TTBCR_EAE)) {
118
return true;
119
}
120
return false;
67
--
121
--
68
2.20.1
122
2.25.1
69
70
diff view generated by jsdifflib
[PULL 23/24] docs: Split qemu-pr-helper documentation into tools manual
[PULL 06/15] target/arm: Calculate mask/base_mask in get_level1_table_address()
1
Split the documentation of the qemu-pr-helper binary into the tools
1
In get_level1_table_address(), instead of using precalculated values
2
manual, and give it a manpage like our other standalone executables.
2
of mask and base_mask from the TCR struct, calculate them directly
3
(in the same way we currently do in vmsa_ttbcr_raw_write() to
4
populate the TCR struct fields).
3
5
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20220714132303.1287193-3-peter.maydell@linaro.org
6
---
9
---
7
docs/meson.build | 1 +
10
target/arm/ptw.c | 14 +++++++++-----
8
docs/system/pr-manager.rst | 38 ++-------------
11
1 file changed, 9 insertions(+), 5 deletions(-)
9
docs/tools/conf.py | 2 +
10
docs/tools/index.rst | 1 +
11
docs/tools/qemu-pr-helper.rst | 90 +++++++++++++++++++++++++++++++++++
12
5 files changed, 99 insertions(+), 33 deletions(-)
13
create mode 100644 docs/tools/qemu-pr-helper.rst
14
12
15
diff --git a/docs/meson.build b/docs/meson.build
13
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
16
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
17
--- a/docs/meson.build
15
--- a/target/arm/ptw.c
18
+++ b/docs/meson.build
16
+++ b/target/arm/ptw.c
19
@@ -XXX,XX +XXX,XX @@ if build_docs
17
@@ -XXX,XX +XXX,XX @@ static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx,
20
'tools': {
18
uint32_t *table, uint32_t address)
21
'qemu-img.1': (have_tools ? 'man1' : ''),
19
{
22
'qemu-nbd.8': (have_tools ? 'man8' : ''),
20
/* Note that we can only get here for an AArch32 PL0/PL1 lookup */
23
+ 'qemu-pr-helper.8': (have_tools ? 'man8' : ''),
21
- TCR *tcr = regime_tcr(env, mmu_idx);
24
'qemu-trace-stap.1': (config_host.has_key('CONFIG_TRACE_SYSTEMTAP') ? 'man1' : ''),
22
+ uint64_t tcr = regime_tcr_value(env, mmu_idx);
25
'virtfs-proxy-helper.1': (have_virtfs_proxy_helper ? 'man1' : ''),
23
+ int maskshift = extract32(tcr, 0, 3);
26
'virtiofsd.1': (have_virtiofsd ? 'man1' : ''),
24
+ uint32_t mask = ~(((uint32_t)0xffffffffu) >> maskshift);
27
diff --git a/docs/system/pr-manager.rst b/docs/system/pr-manager.rst
25
+ uint32_t base_mask;
28
index XXXXXXX..XXXXXXX 100644
26
29
--- a/docs/system/pr-manager.rst
27
- if (address & tcr->mask) {
30
+++ b/docs/system/pr-manager.rst
28
- if (tcr->raw_tcr & TTBCR_PD1) {
31
@@ -XXX,XX +XXX,XX @@ Alternatively, using ``-blockdev``::
29
+ if (address & mask) {
32
-blockdev node-name=hd,driver=raw,file.driver=host_device,file.filename=/dev/sdb,file.pr-manager=helper0
30
+ if (tcr & TTBCR_PD1) {
33
-device scsi-block,drive=hd
31
/* Translation table walk disabled for TTBR1 */
34
32
return false;
35
-----------------------------------
33
}
36
-Invoking :program:`qemu-pr-helper`
34
*table = regime_ttbr(env, mmu_idx, 1) & 0xffffc000;
37
-----------------------------------
35
} else {
38
-
36
- if (tcr->raw_tcr & TTBCR_PD0) {
39
-QEMU provides an implementation of the persistent reservation helper,
37
+ if (tcr & TTBCR_PD0) {
40
-called :program:`qemu-pr-helper`. The helper should be started as a
38
/* Translation table walk disabled for TTBR0 */
41
-system service and supports the following option:
39
return false;
42
-
40
}
43
--d, --daemon run in the background
41
- *table = regime_ttbr(env, mmu_idx, 0) & tcr->base_mask;
44
--q, --quiet decrease verbosity
42
+ base_mask = ~((uint32_t)0x3fffu >> maskshift);
45
--v, --verbose increase verbosity
43
+ *table = regime_ttbr(env, mmu_idx, 0) & base_mask;
46
--f, --pidfile=path PID file when running as a daemon
44
}
47
--k, --socket=path path to the socket
45
*table |= (address >> 18) & 0x3ffc;
48
--T, --trace=trace-opts tracing options
46
return true;
49
-
50
-By default, the socket and PID file are placed in the runtime state
51
-directory, for example :file:`/var/run/qemu-pr-helper.sock` and
52
-:file:`/var/run/qemu-pr-helper.pid`. The PID file is not created
53
-unless :option:`-d` is passed too.
54
-
55
-:program:`qemu-pr-helper` can also use the systemd socket activation
56
-protocol. In this case, the systemd socket unit should specify a
57
-Unix stream socket, like this::
58
-
59
- [Socket]
60
- ListenStream=/var/run/qemu-pr-helper.sock
61
-
62
-After connecting to the socket, :program:`qemu-pr-helper`` can optionally drop
63
-root privileges, except for those capabilities that are needed for
64
-its operation. To do this, add the following options:
65
-
66
--u, --user=user user to drop privileges to
67
--g, --group=group group to drop privileges to
68
+You will also need to ensure that the helper program
69
+:command:`qemu-pr-helper` is running, and that it has been
70
+set up to use the same socket filename as your QEMU commandline
71
+specifies. See the qemu-pr-helper documentation or manpage for
72
+further details.
73
74
---------------------------------------------
75
Multipath devices and persistent reservations
76
diff --git a/docs/tools/conf.py b/docs/tools/conf.py
77
index XXXXXXX..XXXXXXX 100644
78
--- a/docs/tools/conf.py
79
+++ b/docs/tools/conf.py
80
@@ -XXX,XX +XXX,XX @@ man_pages = [
81
['Fabrice Bellard'], 1),
82
('qemu-nbd', 'qemu-nbd', u'QEMU Disk Network Block Device Server',
83
['Anthony Liguori <anthony@codemonkey.ws>'], 8),
84
+ ('qemu-pr-helper', 'qemu-pr-helper', 'QEMU persistent reservation helper',
85
+ [], 8),
86
('qemu-trace-stap', 'qemu-trace-stap', u'QEMU SystemTap trace tool',
87
[], 1),
88
('virtfs-proxy-helper', 'virtfs-proxy-helper',
89
diff --git a/docs/tools/index.rst b/docs/tools/index.rst
90
index XXXXXXX..XXXXXXX 100644
91
--- a/docs/tools/index.rst
92
+++ b/docs/tools/index.rst
93
@@ -XXX,XX +XXX,XX @@ Contents:
94
95
qemu-img
96
qemu-nbd
97
+ qemu-pr-helper
98
qemu-trace-stap
99
virtfs-proxy-helper
100
virtiofsd
101
diff --git a/docs/tools/qemu-pr-helper.rst b/docs/tools/qemu-pr-helper.rst
102
new file mode 100644
103
index XXXXXXX..XXXXXXX
104
--- /dev/null
105
+++ b/docs/tools/qemu-pr-helper.rst
106
@@ -XXX,XX +XXX,XX @@
107
+QEMU persistent reservation helper
108
+==================================
109
+
110
+Synopsis
111
+--------
112
+
113
+**qemu-pr-helper** [*OPTION*]
114
+
115
+Description
116
+-----------
117
+
118
+Implements the persistent reservation helper for QEMU.
119
+
120
+SCSI persistent reservations allow restricting access to block devices
121
+to specific initiators in a shared storage setup. When implementing
122
+clustering of virtual machines, it is a common requirement for virtual
123
+machines to send persistent reservation SCSI commands. However,
124
+the operating system restricts sending these commands to unprivileged
125
+programs because incorrect usage can disrupt regular operation of the
126
+storage fabric. QEMU's SCSI passthrough devices ``scsi-block``
127
+and ``scsi-generic`` support passing guest persistent reservation
128
+requests to a privileged external helper program. :program:`qemu-pr-helper`
129
+is that external helper; it creates a socket which QEMU can
130
+connect to to communicate with it.
131
+
132
+If you want to run VMs in a setup like this, this helper should be
133
+started as a system service, and you should read the QEMU manual
134
+section on "persistent reservation managers" to find out how to
135
+configure QEMU to connect to the socket created by
136
+:program:`qemu-pr-helper`.
137
+
138
+After connecting to the socket, :program:`qemu-pr-helper` can
139
+optionally drop root privileges, except for those capabilities that
140
+are needed for its operation.
141
+
142
+:program:`qemu-pr-helper` can also use the systemd socket activation
143
+protocol. In this case, the systemd socket unit should specify a
144
+Unix stream socket, like this::
145
+
146
+ [Socket]
147
+ ListenStream=/var/run/qemu-pr-helper.sock
148
+
149
+Options
150
+-------
151
+
152
+.. program:: qemu-pr-helper
153
+
154
+.. option:: -d, --daemon
155
+
156
+ run in the background (and create a PID file)
157
+
158
+.. option:: -q, --quiet
159
+
160
+ decrease verbosity
161
+
162
+.. option:: -v, --verbose
163
+
164
+ increase verbosity
165
+
166
+.. option:: -f, --pidfile=PATH
167
+
168
+ PID file when running as a daemon. By default the PID file
169
+ is created in the system runtime state directory, for example
170
+ :file:`/var/run/qemu-pr-helper.pid`.
171
+
172
+.. option:: -k, --socket=PATH
173
+
174
+ path to the socket. By default the socket is created in
175
+ the system runtime state directory, for example
176
+ :file:`/var/run/qemu-pr-helper.sock`.
177
+
178
+.. option:: -T, --trace [[enable=]PATTERN][,events=FILE][,file=FILE]
179
+
180
+ .. include:: ../qemu-option-trace.rst.inc
181
+
182
+.. option:: -u, --user=USER
183
+
184
+ user to drop privileges to
185
+
186
+.. option:: -g, --group=GROUP
187
+
188
+ group to drop privileges to
189
+
190
+.. option:: -h, --help
191
+
192
+ Display a help message and exit.
193
+
194
+.. option:: -V, --version
195
+
196
+ Display version information and exit.
197
--
47
--
198
2.20.1
48
2.25.1
199
200
diff view generated by jsdifflib
[PULL 22/24] docs: Move pr-manager.rst into the system manual
[PULL 07/15] target/arm: Fold regime_tcr() and regime_tcr_value() together
1
Move the pr-manager documentation into the system manual.
1
The only caller of regime_tcr() is now regime_tcr_value(); fold the
2
Some of it (the documentation of the pr-manager-helper tool)
2
two together, and use the shorter and more natural 'regime_tcr'
3
should be in tools, but we will split it up after moving it.
3
name for the new function.
4
4
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20220714132303.1287193-4-peter.maydell@linaro.org
7
---
8
---
8
docs/system/index.rst | 1 +
9
target/arm/internals.h | 16 +++++-----------
9
docs/{ => system}/pr-manager.rst | 0
10
target/arm/helper.c | 6 +++---
10
2 files changed, 1 insertion(+)
11
target/arm/ptw.c | 6 +++---
11
rename docs/{ => system}/pr-manager.rst (100%)
12
target/arm/tlb_helper.c | 2 +-
13
4 files changed, 12 insertions(+), 18 deletions(-)
12
14
13
diff --git a/docs/system/index.rst b/docs/system/index.rst
15
diff --git a/target/arm/internals.h b/target/arm/internals.h
14
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
15
--- a/docs/system/index.rst
17
--- a/target/arm/internals.h
16
+++ b/docs/system/index.rst
18
+++ b/target/arm/internals.h
17
@@ -XXX,XX +XXX,XX @@ Contents:
19
@@ -XXX,XX +XXX,XX @@ static inline uint64_t regime_sctlr(CPUARMState *env, ARMMMUIdx mmu_idx)
18
managed-startup
20
return env->cp15.sctlr_el[regime_el(env, mmu_idx)];
19
cpu-hotplug
21
}
20
virtio-pmem
22
21
+ pr-manager
23
-/* Return the TCR controlling this translation regime */
22
targets
24
-static inline TCR *regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
23
security
25
+/* Return the value of the TCR controlling this translation regime */
24
deprecated
26
+static inline uint64_t regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
25
diff --git a/docs/pr-manager.rst b/docs/system/pr-manager.rst
27
{
26
similarity index 100%
28
if (mmu_idx == ARMMMUIdx_Stage2) {
27
rename from docs/pr-manager.rst
29
- return &env->cp15.vtcr_el2;
28
rename to docs/system/pr-manager.rst
30
+ return env->cp15.vtcr_el2.raw_tcr;
31
}
32
if (mmu_idx == ARMMMUIdx_Stage2_S) {
33
/*
34
* Note: Secure stage 2 nominally shares fields from VTCR_EL2, but
35
* those are not currently used by QEMU, so just return VSTCR_EL2.
36
*/
37
- return &env->cp15.vstcr_el2;
38
+ return env->cp15.vstcr_el2.raw_tcr;
39
}
40
- return &env->cp15.tcr_el[regime_el(env, mmu_idx)];
41
-}
42
-
43
-/* Return the raw value of the TCR controlling this translation regime */
44
-static inline uint64_t regime_tcr_value(CPUARMState *env, ARMMMUIdx mmu_idx)
45
-{
46
- return regime_tcr(env, mmu_idx)->raw_tcr;
47
+ return env->cp15.tcr_el[regime_el(env, mmu_idx)].raw_tcr;
48
}
49
50
/**
51
diff --git a/target/arm/helper.c b/target/arm/helper.c
52
index XXXXXXX..XXXXXXX 100644
53
--- a/target/arm/helper.c
54
+++ b/target/arm/helper.c
55
@@ -XXX,XX +XXX,XX @@ static int vae1_tlbmask(CPUARMState *env)
56
static int tlbbits_for_regime(CPUARMState *env, ARMMMUIdx mmu_idx,
57
uint64_t addr)
58
{
59
- uint64_t tcr = regime_tcr_value(env, mmu_idx);
60
+ uint64_t tcr = regime_tcr(env, mmu_idx);
61
int tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
62
int select = extract64(addr, 55, 1);
63
64
@@ -XXX,XX +XXX,XX @@ static int aa64_va_parameter_tcma(uint64_t tcr, ARMMMUIdx mmu_idx)
65
ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
66
ARMMMUIdx mmu_idx, bool data)
67
{
68
- uint64_t tcr = regime_tcr_value(env, mmu_idx);
69
+ uint64_t tcr = regime_tcr(env, mmu_idx);
70
bool epd, hpd, using16k, using64k, tsz_oob, ds;
71
int select, tsz, tbi, max_tsz, min_tsz, ps, sh;
72
ARMCPU *cpu = env_archcpu(env);
73
@@ -XXX,XX +XXX,XX @@ static CPUARMTBFlags rebuild_hflags_a64(CPUARMState *env, int el, int fp_el,
74
{
75
CPUARMTBFlags flags = {};
76
ARMMMUIdx stage1 = stage_1_mmu_idx(mmu_idx);
77
- uint64_t tcr = regime_tcr_value(env, mmu_idx);
78
+ uint64_t tcr = regime_tcr(env, mmu_idx);
79
uint64_t sctlr;
80
int tbii, tbid;
81
82
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
83
index XXXXXXX..XXXXXXX 100644
84
--- a/target/arm/ptw.c
85
+++ b/target/arm/ptw.c
86
@@ -XXX,XX +XXX,XX @@ static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx,
87
uint32_t *table, uint32_t address)
88
{
89
/* Note that we can only get here for an AArch32 PL0/PL1 lookup */
90
- uint64_t tcr = regime_tcr_value(env, mmu_idx);
91
+ uint64_t tcr = regime_tcr(env, mmu_idx);
92
int maskshift = extract32(tcr, 0, 3);
93
uint32_t mask = ~(((uint32_t)0xffffffffu) >> maskshift);
94
uint32_t base_mask;
95
@@ -XXX,XX +XXX,XX @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
96
static ARMVAParameters aa32_va_parameters(CPUARMState *env, uint32_t va,
97
ARMMMUIdx mmu_idx)
98
{
99
- uint64_t tcr = regime_tcr_value(env, mmu_idx);
100
+ uint64_t tcr = regime_tcr(env, mmu_idx);
101
uint32_t el = regime_el(env, mmu_idx);
102
int select, tsz;
103
bool epd, hpd;
104
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
105
uint32_t attrs;
106
int32_t stride;
107
int addrsize, inputsize, outputsize;
108
- uint64_t tcr = regime_tcr_value(env, mmu_idx);
109
+ uint64_t tcr = regime_tcr(env, mmu_idx);
110
int ap, ns, xn, pxn;
111
uint32_t el = regime_el(env, mmu_idx);
112
uint64_t descaddrmask;
113
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
114
index XXXXXXX..XXXXXXX 100644
115
--- a/target/arm/tlb_helper.c
116
+++ b/target/arm/tlb_helper.c
117
@@ -XXX,XX +XXX,XX @@ bool regime_using_lpae_format(CPUARMState *env, ARMMMUIdx mmu_idx)
118
return true;
119
}
120
if (arm_feature(env, ARM_FEATURE_LPAE)
121
- && (regime_tcr_value(env, mmu_idx) & TTBCR_EAE)) {
122
+ && (regime_tcr(env, mmu_idx) & TTBCR_EAE)) {
123
return true;
124
}
125
return false;
29
--
126
--
30
2.20.1
127
2.25.1
31
32
diff view generated by jsdifflib
[PULL 21/24] docs: Move microvm.rst into the system manual
[PULL 08/15] target/arm: Fix big-endian host handling of VTCR
1
Now that target-i386.rst has a place to list documentation of
1
We have a bug in our handling of accesses to the AArch32 VTCR
2
machines other than the 'pc' machine, we have a place we can
2
register on big-endian hosts: we were not adjusting the part of the
3
move the microvm documentation to.
3
uint64_t field within TCR that the generated code would access. That
4
can be done with offsetoflow32(), by using an ARM_CP_STATE_BOTH cpreg
5
struct, or by defining a full set of read/write/reset functions --
6
the various other TCR cpreg structs used one or another of those
7
strategies, but for VTCR we did not, so on a big-endian host VTCR
8
accesses would touch the wrong half of the register.
9
10
Use offsetoflow32() in the VTCR register struct. This works even
11
though the field in the CPU struct is currently a struct TCR, because
12
the first field in that struct is the uint64_t raw_tcr.
13
14
None of the other TCR registers have this bug -- either they are
15
AArch64 only, or else they define resetfn, writefn, etc, and
16
expect to be passed the full struct pointer.
4
17
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
19
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
20
Message-id: 20220714132303.1287193-5-peter.maydell@linaro.org
7
---
21
---
8
docs/{ => system/i386}/microvm.rst | 5 ++---
22
target/arm/helper.c | 2 +-
9
docs/system/target-i386.rst | 1 +
23
1 file changed, 1 insertion(+), 1 deletion(-)
10
2 files changed, 3 insertions(+), 3 deletions(-)
11
rename docs/{ => system/i386}/microvm.rst (98%)
12
24
13
diff --git a/docs/microvm.rst b/docs/system/i386/microvm.rst
25
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
similarity index 98%
15
rename from docs/microvm.rst
16
rename to docs/system/i386/microvm.rst
17
index XXXXXXX..XXXXXXX 100644
26
index XXXXXXX..XXXXXXX 100644
18
--- a/docs/microvm.rst
27
--- a/target/arm/helper.c
19
+++ b/docs/system/i386/microvm.rst
28
+++ b/target/arm/helper.c
20
@@ -XXX,XX +XXX,XX @@
29
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
21
-====================
30
.cp = 15, .opc1 = 4, .crn = 2, .crm = 1, .opc2 = 2,
22
-microvm Machine Type
31
.type = ARM_CP_ALIAS,
23
-====================
32
.access = PL2_RW, .accessfn = access_el3_aa32ns,
24
+'microvm' virtual platform (``microvm``)
33
- .fieldoffset = offsetof(CPUARMState, cp15.vtcr_el2) },
25
+========================================
34
+ .fieldoffset = offsetoflow32(CPUARMState, cp15.vtcr_el2) },
26
35
{ .name = "VTCR_EL2", .state = ARM_CP_STATE_AA64,
27
``microvm`` is a machine type inspired by ``Firecracker`` and
36
.opc0 = 3, .opc1 = 4, .crn = 2, .crm = 1, .opc2 = 2,
28
constructed after its machine model.
37
.access = PL2_RW,
29
diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst
30
index XXXXXXX..XXXXXXX 100644
31
--- a/docs/system/target-i386.rst
32
+++ b/docs/system/target-i386.rst
33
@@ -XXX,XX +XXX,XX @@ Board-specific documentation
34
.. toctree::
35
:maxdepth: 1
36
37
+ i386/microvm
38
i386/pc
39
40
.. include:: cpu-models-x86.rst.inc
41
--
38
--
42
2.20.1
39
2.25.1
43
44
diff view generated by jsdifflib
[PULL 20/24] docs: Split out 'pc' machine model docs into their own file
[PULL 09/15] target/arm: Store VTCR_EL2, VSTCR_EL2 registers as uint64_t
1
Currently target-i386.rst includes the documentation of the 'pc'
1
Change the representation of the VSTCR_EL2 and VTCR_EL2 registers in
2
machine model inline. Split it out into its own file, in a
2
the CPU state struct from struct TCR to uint64_t.
3
similar way to target-i386.rst; this gives us a place to put
4
documentation of other i386 machine models, such as 'microvm'.
5
3
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
5
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
6
Message-id: 20220714132303.1287193-6-peter.maydell@linaro.org
8
---
7
---
9
docs/system/i386/pc.rst | 7 +++++++
8
target/arm/cpu.h | 4 ++--
10
docs/system/target-i386.rst | 18 +++++++++++++-----
9
target/arm/internals.h | 4 ++--
11
2 files changed, 20 insertions(+), 5 deletions(-)
10
target/arm/helper.c | 4 +---
12
create mode 100644 docs/system/i386/pc.rst
11
target/arm/ptw.c | 14 +++++++-------
12
4 files changed, 12 insertions(+), 14 deletions(-)
13
13
14
diff --git a/docs/system/i386/pc.rst b/docs/system/i386/pc.rst
14
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
15
new file mode 100644
16
index XXXXXXX..XXXXXXX
17
--- /dev/null
18
+++ b/docs/system/i386/pc.rst
19
@@ -XXX,XX +XXX,XX @@
20
+i440fx PC (``pc-i440fx``, ``pc``)
21
+=================================
22
+
23
+Peripherals
24
+~~~~~~~~~~~
25
+
26
+.. include:: ../target-i386-desc.rst.inc
27
diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst
28
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
29
--- a/docs/system/target-i386.rst
16
--- a/target/arm/cpu.h
30
+++ b/docs/system/target-i386.rst
17
+++ b/target/arm/cpu.h
31
@@ -XXX,XX +XXX,XX @@
18
@@ -XXX,XX +XXX,XX @@ typedef struct CPUArchState {
32
.. _QEMU-PC-System-emulator:
19
uint64_t vsttbr_el2; /* Secure Virtualization Translation Table. */
33
20
/* MMU translation table base control. */
34
-x86 (PC) System emulator
21
TCR tcr_el[4];
35
-------------------------
22
- TCR vtcr_el2; /* Virtualization Translation Control. */
36
+x86 System emulator
23
- TCR vstcr_el2; /* Secure Virtualization Translation Control. */
37
+-------------------
24
+ uint64_t vtcr_el2; /* Virtualization Translation Control. */
38
25
+ uint64_t vstcr_el2; /* Secure Virtualization Translation Control. */
39
.. _pcsys_005fdevices:
26
uint32_t c2_data; /* MPU data cacheable bits. */
40
27
uint32_t c2_insn; /* MPU instruction cacheable bits. */
41
-Peripherals
28
union { /* MMU domain access control register
42
-~~~~~~~~~~~
29
diff --git a/target/arm/internals.h b/target/arm/internals.h
43
+Board-specific documentation
30
index XXXXXXX..XXXXXXX 100644
44
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
31
--- a/target/arm/internals.h
45
32
+++ b/target/arm/internals.h
46
-.. include:: target-i386-desc.rst.inc
33
@@ -XXX,XX +XXX,XX @@ static inline uint64_t regime_sctlr(CPUARMState *env, ARMMMUIdx mmu_idx)
47
+..
34
static inline uint64_t regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
48
+ This table of contents should be kept sorted alphabetically
35
{
49
+ by the title text of each file, which isn't the same ordering
36
if (mmu_idx == ARMMMUIdx_Stage2) {
50
+ as an alphabetical sort by filename.
37
- return env->cp15.vtcr_el2.raw_tcr;
51
+
38
+ return env->cp15.vtcr_el2;
52
+.. toctree::
39
}
53
+ :maxdepth: 1
40
if (mmu_idx == ARMMMUIdx_Stage2_S) {
54
+
41
/*
55
+ i386/pc
42
* Note: Secure stage 2 nominally shares fields from VTCR_EL2, but
56
43
* those are not currently used by QEMU, so just return VSTCR_EL2.
57
.. include:: cpu-models-x86.rst.inc
44
*/
58
45
- return env->cp15.vstcr_el2.raw_tcr;
46
+ return env->cp15.vstcr_el2;
47
}
48
return env->cp15.tcr_el[regime_el(env, mmu_idx)].raw_tcr;
49
}
50
diff --git a/target/arm/helper.c b/target/arm/helper.c
51
index XXXXXXX..XXXXXXX 100644
52
--- a/target/arm/helper.c
53
+++ b/target/arm/helper.c
54
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
55
{ .name = "VTCR_EL2", .state = ARM_CP_STATE_AA64,
56
.opc0 = 3, .opc1 = 4, .crn = 2, .crm = 1, .opc2 = 2,
57
.access = PL2_RW,
58
- /* no .writefn needed as this can't cause an ASID change;
59
- * no .raw_writefn or .resetfn needed as we never use mask/base_mask
60
- */
61
+ /* no .writefn needed as this can't cause an ASID change */
62
.fieldoffset = offsetof(CPUARMState, cp15.vtcr_el2) },
63
{ .name = "VTTBR", .state = ARM_CP_STATE_AA32,
64
.cp = 15, .opc1 = 6, .crm = 2,
65
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
66
index XXXXXXX..XXXXXXX 100644
67
--- a/target/arm/ptw.c
68
+++ b/target/arm/ptw.c
69
@@ -XXX,XX +XXX,XX @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
70
if (arm_is_secure_below_el3(env)) {
71
/* Check if page table walk is to secure or non-secure PA space. */
72
if (*is_secure) {
73
- *is_secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
74
+ *is_secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
75
} else {
76
- *is_secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
77
+ *is_secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
78
}
79
} else {
80
assert(!*is_secure);
81
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
82
ipa_secure = attrs->secure;
83
if (arm_is_secure_below_el3(env)) {
84
if (ipa_secure) {
85
- attrs->secure = !(env->cp15.vstcr_el2.raw_tcr & VSTCR_SW);
86
+ attrs->secure = !(env->cp15.vstcr_el2 & VSTCR_SW);
87
} else {
88
- attrs->secure = !(env->cp15.vtcr_el2.raw_tcr & VTCR_NSW);
89
+ attrs->secure = !(env->cp15.vtcr_el2 & VTCR_NSW);
90
}
91
} else {
92
assert(!ipa_secure);
93
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
94
if (arm_is_secure_below_el3(env)) {
95
if (ipa_secure) {
96
attrs->secure =
97
- !(env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW));
98
+ !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW));
99
} else {
100
attrs->secure =
101
- !((env->cp15.vtcr_el2.raw_tcr & (VTCR_NSA | VTCR_NSW))
102
- || (env->cp15.vstcr_el2.raw_tcr & (VSTCR_SA | VSTCR_SW)));
103
+ !((env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))
104
+ || (env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)));
105
}
106
}
107
return 0;
59
--
108
--
60
2.20.1
109
2.25.1
61
62
diff view generated by jsdifflib
[PULL 19/24] docs/system/virtio-pmem.rst: Fix minor style issues
[PULL 10/15] target/arm: Store TCR_EL* registers as uint64_t
1
The virtio-pmem documentation has some minor style issues we hadn't
1
Change the representation of the TCR_EL* registers in the CPU state
2
noticed since we weren't rendering it in our docs:
2
struct from struct TCR to uint64_t. This allows us to drop the
3
3
custom vmsa_ttbcr_raw_write() function, moving the "enforce RES0"
4
* Sphinx doesn't complain about overlong title-underlining the
4
checks to their more usual location in the writefn
5
way it complains about too-short underlining, but it looks odd;
5
vmsa_ttbcr_write(). We also don't need the resetfn any more.
6
make the underlines of section headers the right length
7
8
* Indent of paragraphs makes them render as blockquotes;
9
remove the indent so they just render as normal text
10
11
* Leading 'o' isn't rst markup, so it just renders as a literal
12
"o"; reformat as a subsection heading instead
13
14
* "QEMU" in the document title and section headings are a bit
15
odd and unnecessary since this is the QEMU manual; delete
16
or rephrase them
17
18
* There's no need to specify what QEMU version the device first
19
appeared in.
20
6
21
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
22
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
8
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
23
Reviewed-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com>
9
Message-id: 20220714132303.1287193-7-peter.maydell@linaro.org
24
---
10
---
25
docs/system/virtio-pmem.rst | 60 ++++++++++++++++++-------------------
11
target/arm/cpu.h | 8 +----
26
1 file changed, 30 insertions(+), 30 deletions(-)
12
target/arm/internals.h | 6 ++--
13
target/arm/cpu.c | 2 +-
14
target/arm/debug_helper.c | 2 +-
15
target/arm/helper.c | 75 +++++++++++----------------------------
16
target/arm/ptw.c | 2 +-
17
6 files changed, 27 insertions(+), 68 deletions(-)
27
18
28
diff --git a/docs/system/virtio-pmem.rst b/docs/system/virtio-pmem.rst
19
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
29
index XXXXXXX..XXXXXXX 100644
20
index XXXXXXX..XXXXXXX 100644
30
--- a/docs/system/virtio-pmem.rst
21
--- a/target/arm/cpu.h
31
+++ b/docs/system/virtio-pmem.rst
22
+++ b/target/arm/cpu.h
32
@@ -XXX,XX +XXX,XX @@
23
@@ -XXX,XX +XXX,XX @@ typedef struct ARMGenericTimer {
33
24
#define GTIMER_HYPVIRT 4
34
-========================
25
#define NUM_GTIMERS 5
35
-QEMU virtio pmem
26
36
-========================
27
-typedef struct {
37
+===========
28
- uint64_t raw_tcr;
38
+virtio pmem
29
- uint32_t mask;
39
+===========
30
- uint32_t base_mask;
40
31
-} TCR;
41
- This document explains the setup and usage of the virtio pmem device
32
-
42
- which is available since QEMU v4.1.0.
33
#define VTCR_NSW (1u << 29)
43
-
34
#define VTCR_NSA (1u << 30)
44
- The virtio pmem device is a paravirtualized persistent memory device
35
#define VSTCR_SW VTCR_NSW
45
- on regular (i.e non-NVDIMM) storage.
36
@@ -XXX,XX +XXX,XX @@ typedef struct CPUArchState {
46
+This document explains the setup and usage of the virtio pmem device.
37
uint64_t vttbr_el2; /* Virtualization Translation Table Base. */
47
+The virtio pmem device is a paravirtualized persistent memory device
38
uint64_t vsttbr_el2; /* Secure Virtualization Translation Table. */
48
+on regular (i.e non-NVDIMM) storage.
39
/* MMU translation table base control. */
49
40
- TCR tcr_el[4];
50
Usecase
41
+ uint64_t tcr_el[4];
51
---------
42
uint64_t vtcr_el2; /* Virtualization Translation Control. */
52
+-------
43
uint64_t vstcr_el2; /* Secure Virtualization Translation Control. */
53
44
uint32_t c2_data; /* MPU data cacheable bits. */
54
- Virtio pmem allows to bypass the guest page cache and directly use
45
diff --git a/target/arm/internals.h b/target/arm/internals.h
55
- host page cache. This reduces guest memory footprint as the host can
46
index XXXXXXX..XXXXXXX 100644
56
- make efficient memory reclaim decisions under memory pressure.
47
--- a/target/arm/internals.h
57
+Virtio pmem allows to bypass the guest page cache and directly use
48
+++ b/target/arm/internals.h
58
+host page cache. This reduces guest memory footprint as the host can
49
@@ -XXX,XX +XXX,XX @@ unsigned int arm_pamax(ARMCPU *cpu);
59
+make efficient memory reclaim decisions under memory pressure.
50
*/
60
51
static inline bool extended_addresses_enabled(CPUARMState *env)
61
-o How does virtio-pmem compare to the nvdimm emulation supported by QEMU?
52
{
62
+How does virtio-pmem compare to the nvdimm emulation?
53
- TCR *tcr = &env->cp15.tcr_el[arm_is_secure(env) ? 3 : 1];
63
+-----------------------------------------------------
54
+ uint64_t tcr = env->cp15.tcr_el[arm_is_secure(env) ? 3 : 1];
64
55
return arm_el_is_aa64(env, 1) ||
65
- NVDIMM emulation on regular (i.e. non-NVDIMM) host storage does not
56
- (arm_feature(env, ARM_FEATURE_LPAE) && (tcr->raw_tcr & TTBCR_EAE));
66
- persist the guest writes as there are no defined semantics in the device
57
+ (arm_feature(env, ARM_FEATURE_LPAE) && (tcr & TTBCR_EAE));
67
- specification. The virtio pmem device provides guest write persistence
58
}
68
- on non-NVDIMM host storage.
59
69
+NVDIMM emulation on regular (i.e. non-NVDIMM) host storage does not
60
/* Update a QEMU watchpoint based on the information the guest has set in the
70
+persist the guest writes as there are no defined semantics in the device
61
@@ -XXX,XX +XXX,XX @@ static inline uint64_t regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
71
+specification. The virtio pmem device provides guest write persistence
62
*/
72
+on non-NVDIMM host storage.
63
return env->cp15.vstcr_el2;
73
64
}
74
virtio pmem usage
65
- return env->cp15.tcr_el[regime_el(env, mmu_idx)].raw_tcr;
75
-----------------
66
+ return env->cp15.tcr_el[regime_el(env, mmu_idx)];
76
67
}
77
- A virtio pmem device backed by a memory-backend-file can be created on
68
78
- the QEMU command line as in the following example::
69
/**
79
+A virtio pmem device backed by a memory-backend-file can be created on
70
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
80
+the QEMU command line as in the following example::
71
index XXXXXXX..XXXXXXX 100644
81
72
--- a/target/arm/cpu.c
82
-object memory-backend-file,id=mem1,share,mem-path=./virtio_pmem.img,size=4G
73
+++ b/target/arm/cpu.c
83
-device virtio-pmem-pci,memdev=mem1,id=nv1
74
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset(DeviceState *dev)
84
75
* Enable TBI0 but not TBI1.
85
- where:
76
* Note that this must match useronly_clean_ptr.
86
+where:
77
*/
87
78
- env->cp15.tcr_el[1].raw_tcr = 5 | (1ULL << 37);
88
- "object memory-backend-file,id=mem1,share,mem-path=<image>, size=<image size>"
79
+ env->cp15.tcr_el[1] = 5 | (1ULL << 37);
89
creates a backend file with the specified size.
80
90
@@ -XXX,XX +XXX,XX @@ virtio pmem usage
81
/* Enable MTE */
91
- "device virtio-pmem-pci,id=nvdimm1,memdev=mem1" creates a virtio pmem
82
if (cpu_isar_feature(aa64_mte, cpu)) {
92
pci device whose storage is provided by above memory backend device.
83
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
93
84
index XXXXXXX..XXXXXXX 100644
94
- Multiple virtio pmem devices can be created if multiple pairs of "-object"
85
--- a/target/arm/debug_helper.c
95
- and "-device" are provided.
86
+++ b/target/arm/debug_helper.c
96
+Multiple virtio pmem devices can be created if multiple pairs of "-object"
87
@@ -XXX,XX +XXX,XX @@ static uint32_t arm_debug_exception_fsr(CPUARMState *env)
97
+and "-device" are provided.
88
using_lpae = true;
98
89
} else {
99
Hotplug
90
if (arm_feature(env, ARM_FEATURE_LPAE) &&
100
-------
91
- (env->cp15.tcr_el[target_el].raw_tcr & TTBCR_EAE)) {
101
@@ -XXX,XX +XXX,XX @@ the guest::
92
+ (env->cp15.tcr_el[target_el] & TTBCR_EAE)) {
102
Guest Data Persistence
93
using_lpae = true;
103
----------------------
94
}
104
95
}
105
- Guest data persistence on non-NVDIMM requires guest userspace applications
96
diff --git a/target/arm/helper.c b/target/arm/helper.c
106
- to perform fsync/msync. This is different from a real nvdimm backend where
97
index XXXXXXX..XXXXXXX 100644
107
- no additional fsync/msync is required. This is to persist guest writes in
98
--- a/target/arm/helper.c
108
- host backing file which otherwise remains in host page cache and there is
99
+++ b/target/arm/helper.c
109
- risk of losing the data in case of power failure.
100
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pmsav5_cp_reginfo[] = {
110
+Guest data persistence on non-NVDIMM requires guest userspace applications
101
.fieldoffset = offsetof(CPUARMState, cp15.c6_region[7]) },
111
+to perform fsync/msync. This is different from a real nvdimm backend where
102
};
112
+no additional fsync/msync is required. This is to persist guest writes in
103
113
+host backing file which otherwise remains in host page cache and there is
104
-static void vmsa_ttbcr_raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
114
+risk of losing the data in case of power failure.
105
- uint64_t value)
115
106
+static void vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
116
- With virtio pmem device, MAP_SYNC mmap flag is not supported. This provides
107
+ uint64_t value)
117
- a hint to application to perform fsync for write persistence.
108
{
118
+With virtio pmem device, MAP_SYNC mmap flag is not supported. This provides
109
- TCR *tcr = raw_ptr(env, ri);
119
+a hint to application to perform fsync for write persistence.
110
- int maskshift = extract32(value, 0, 3);
120
111
+ ARMCPU *cpu = env_archcpu(env);
121
Limitations
112
122
-------------
113
if (!arm_feature(env, ARM_FEATURE_V8)) {
123
+-----------
114
if (arm_feature(env, ARM_FEATURE_LPAE) && (value & TTBCR_EAE)) {
124
+
115
- /* Pre ARMv8 bits [21:19], [15:14] and [6:3] are UNK/SBZP when
125
- Real nvdimm device backend is not supported.
116
- * using Long-desciptor translation table format */
126
- virtio pmem hotunplug is not supported.
117
+ /*
127
- ACPI NVDIMM features like regions/namespaces are not supported.
118
+ * Pre ARMv8 bits [21:19], [15:14] and [6:3] are UNK/SBZP when
119
+ * using Long-descriptor translation table format
120
+ */
121
value &= ~((7 << 19) | (3 << 14) | (0xf << 3));
122
} else if (arm_feature(env, ARM_FEATURE_EL3)) {
123
- /* In an implementation that includes the Security Extensions
124
+ /*
125
+ * In an implementation that includes the Security Extensions
126
* TTBCR has additional fields PD0 [4] and PD1 [5] for
127
* Short-descriptor translation table format.
128
*/
129
@@ -XXX,XX +XXX,XX @@ static void vmsa_ttbcr_raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
130
}
131
}
132
133
- /* Update the masks corresponding to the TCR bank being written
134
- * Note that we always calculate mask and base_mask, but
135
- * they are only used for short-descriptor tables (ie if EAE is 0);
136
- * for long-descriptor tables the TCR fields are used differently
137
- * and the mask and base_mask values are meaningless.
138
- */
139
- tcr->raw_tcr = value;
140
- tcr->mask = ~(((uint32_t)0xffffffffu) >> maskshift);
141
- tcr->base_mask = ~((uint32_t)0x3fffu >> maskshift);
142
-}
143
-
144
-static void vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
145
- uint64_t value)
146
-{
147
- ARMCPU *cpu = env_archcpu(env);
148
- TCR *tcr = raw_ptr(env, ri);
149
-
150
if (arm_feature(env, ARM_FEATURE_LPAE)) {
151
/* With LPAE the TTBCR could result in a change of ASID
152
* via the TTBCR.A1 bit, so do a TLB flush.
153
*/
154
tlb_flush(CPU(cpu));
155
}
156
- /* Preserve the high half of TCR_EL1, set via TTBCR2. */
157
- value = deposit64(tcr->raw_tcr, 0, 32, value);
158
- vmsa_ttbcr_raw_write(env, ri, value);
159
-}
160
-
161
-static void vmsa_ttbcr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
162
-{
163
- TCR *tcr = raw_ptr(env, ri);
164
-
165
- /* Reset both the TCR as well as the masks corresponding to the bank of
166
- * the TCR being reset.
167
- */
168
- tcr->raw_tcr = 0;
169
- tcr->mask = 0;
170
- tcr->base_mask = 0xffffc000u;
171
+ raw_write(env, ri, value);
172
}
173
174
static void vmsa_tcr_el12_write(CPUARMState *env, const ARMCPRegInfo *ri,
175
uint64_t value)
176
{
177
ARMCPU *cpu = env_archcpu(env);
178
- TCR *tcr = raw_ptr(env, ri);
179
180
/* For AArch64 the A1 bit could result in a change of ASID, so TLB flush. */
181
tlb_flush(CPU(cpu));
182
- tcr->raw_tcr = value;
183
+ raw_write(env, ri, value);
184
}
185
186
static void vmsa_ttbr_write(CPUARMState *env, const ARMCPRegInfo *ri,
187
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
188
.opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
189
.access = PL1_RW, .accessfn = access_tvm_trvm,
190
.writefn = vmsa_tcr_el12_write,
191
- .resetfn = vmsa_ttbcr_reset, .raw_writefn = raw_write,
192
+ .raw_writefn = raw_write,
193
+ .resetvalue = 0,
194
.fieldoffset = offsetof(CPUARMState, cp15.tcr_el[1]) },
195
{ .name = "TTBCR", .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
196
.access = PL1_RW, .accessfn = access_tvm_trvm,
197
.type = ARM_CP_ALIAS, .writefn = vmsa_ttbcr_write,
198
- .raw_writefn = vmsa_ttbcr_raw_write,
199
- /* No offsetoflow32 -- pass the entire TCR to writefn/raw_writefn. */
200
- .bank_fieldoffsets = { offsetof(CPUARMState, cp15.tcr_el[3]),
201
- offsetof(CPUARMState, cp15.tcr_el[1])} },
202
+ .raw_writefn = raw_write,
203
+ .bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.tcr_el[3]),
204
+ offsetoflow32(CPUARMState, cp15.tcr_el[1])} },
205
};
206
207
/* Note that unlike TTBCR, writing to TTBCR2 does not require flushing
208
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo ttbcr2_reginfo = {
209
.access = PL1_RW, .accessfn = access_tvm_trvm,
210
.type = ARM_CP_ALIAS,
211
.bank_fieldoffsets = {
212
- offsetofhigh32(CPUARMState, cp15.tcr_el[3].raw_tcr),
213
- offsetofhigh32(CPUARMState, cp15.tcr_el[1].raw_tcr),
214
+ offsetofhigh32(CPUARMState, cp15.tcr_el[3]),
215
+ offsetofhigh32(CPUARMState, cp15.tcr_el[1]),
216
},
217
};
218
219
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
220
{ .name = "TCR_EL2", .state = ARM_CP_STATE_BOTH,
221
.opc0 = 3, .opc1 = 4, .crn = 2, .crm = 0, .opc2 = 2,
222
.access = PL2_RW, .writefn = vmsa_tcr_el12_write,
223
- /* no .raw_writefn or .resetfn needed as we never use mask/base_mask */
224
.fieldoffset = offsetof(CPUARMState, cp15.tcr_el[2]) },
225
{ .name = "VTCR", .state = ARM_CP_STATE_AA32,
226
.cp = 15, .opc1 = 4, .crn = 2, .crm = 1, .opc2 = 2,
227
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
228
{ .name = "TCR_EL3", .state = ARM_CP_STATE_AA64,
229
.opc0 = 3, .opc1 = 6, .crn = 2, .crm = 0, .opc2 = 2,
230
.access = PL3_RW,
231
- /* no .writefn needed as this can't cause an ASID change;
232
- * we must provide a .raw_writefn and .resetfn because we handle
233
- * reset and migration for the AArch32 TTBCR(S), which might be
234
- * using mask and base_mask.
235
- */
236
- .resetfn = vmsa_ttbcr_reset, .raw_writefn = vmsa_ttbcr_raw_write,
237
+ /* no .writefn needed as this can't cause an ASID change */
238
+ .resetvalue = 0,
239
.fieldoffset = offsetof(CPUARMState, cp15.tcr_el[3]) },
240
{ .name = "ELR_EL3", .state = ARM_CP_STATE_AA64,
241
.type = ARM_CP_ALIAS,
242
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
243
index XXXXXXX..XXXXXXX 100644
244
--- a/target/arm/ptw.c
245
+++ b/target/arm/ptw.c
246
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
247
int r_el = regime_el(env, mmu_idx);
248
if (arm_el_is_aa64(env, r_el)) {
249
int pamax = arm_pamax(env_archcpu(env));
250
- uint64_t tcr = env->cp15.tcr_el[r_el].raw_tcr;
251
+ uint64_t tcr = env->cp15.tcr_el[r_el];
252
int addrtop, tbi;
253
254
tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
128
--
255
--
129
2.20.1
256
2.25.1
130
131
diff view generated by jsdifflib
[PULL 03/24] hw/intc: fix heap-buffer-overflow in rxicu_realize()
[PULL 11/15] target/arm: Honour VTCR_EL2 bits in Secure EL2
1
From: Chen Qun <kuhn.chenqun@huawei.com>
1
In regime_tcr() we return the appropriate TCR register for the
2
translation regime. For Secure EL2, we return the VSTCR_EL2 value,
3
but in this translation regime some fields that control behaviour are
4
in VTCR_EL2. When this code was originally written (as the comment
5
notes), QEMU didn't care about any of those fields, but we have since
6
added support for features such as LPA2 which do need the values from
7
those fields.
2
8
3
When 'j = icu->nr_sense – 1', the 'j < icu->nr_sense' condition is true,
9
Synthesize a TCR value by merging in the relevant VTCR_EL2 fields to
4
then 'j = icu->nr_sense', the'icu->init_sense[j]' has out-of-bounds access.
10
the VSTCR_EL2 value.
5
11
6
The asan showed stack:
12
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1103
7
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000004d7d at pc 0x55852cd26a76 bp 0x7ffe39f26200 sp 0x7ffe39f261f0
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
READ of size 1 at 0x604000004d7d thread T0
14
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9
#0 0x55852cd26a75 in rxicu_realize ../hw/intc/rx_icu.c:311
15
Message-id: 20220714132303.1287193-8-peter.maydell@linaro.org
10
#1 0x55852cf075f7 in device_set_realized ../hw/core/qdev.c:886
16
---
11
#2 0x55852cd4a32f in property_set_bool ../qom/object.c:2251
17
target/arm/cpu.h | 19 +++++++++++++++++++
12
#3 0x55852cd4f9bb in object_property_set ../qom/object.c:1398
18
target/arm/internals.h | 22 +++++++++++++++++++---
13
#4 0x55852cd54f3f in object_property_set_qobject ../qom/qom-qobject.c:28
19
2 files changed, 38 insertions(+), 3 deletions(-)
14
#5 0x55852cd4fc3f in object_property_set_bool ../qom/object.c:1465
15
#6 0x55852cbf0b27 in register_icu ../hw/rx/rx62n.c:156
16
#7 0x55852cbf12a6 in rx62n_realize ../hw/rx/rx62n.c:261
17
#8 0x55852cf075f7 in device_set_realized ../hw/core/qdev.c:886
18
#9 0x55852cd4a32f in property_set_bool ../qom/object.c:2251
19
#10 0x55852cd4f9bb in object_property_set ../qom/object.c:1398
20
#11 0x55852cd54f3f in object_property_set_qobject ../qom/qom-qobject.c:28
21
#12 0x55852cd4fc3f in object_property_set_bool ../qom/object.c:1465
22
#13 0x55852cbf1a85 in rx_gdbsim_init ../hw/rx/rx-gdbsim.c:109
23
#14 0x55852cd22de0 in qemu_init ../softmmu/vl.c:4380
24
#15 0x55852ca57088 in main ../softmmu/main.c:49
25
#16 0x7feefafa5d42 in __libc_start_main (/lib64/libc.so.6+0x26d42)
26
20
27
Add the 'ice->src[i].sense' initialize to the default value, and then
21
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
28
process init_sense array to identify which irqs should be level-triggered.
29
30
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
31
Reported-by: Euler Robot <euler.robot@huawei.com>
32
Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com>
33
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
34
Message-id: 20201111141733.2358800-1-kuhn.chenqun@huawei.com
35
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
36
---
37
hw/intc/rx_icu.c | 18 ++++++++----------
38
1 file changed, 8 insertions(+), 10 deletions(-)
39
40
diff --git a/hw/intc/rx_icu.c b/hw/intc/rx_icu.c
41
index XXXXXXX..XXXXXXX 100644
22
index XXXXXXX..XXXXXXX 100644
42
--- a/hw/intc/rx_icu.c
23
--- a/target/arm/cpu.h
43
+++ b/hw/intc/rx_icu.c
24
+++ b/target/arm/cpu.h
44
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps icu_ops = {
25
@@ -XXX,XX +XXX,XX @@ FIELD(CPTR_EL3, TCPAC, 31, 1)
45
static void rxicu_realize(DeviceState *dev, Error **errp)
26
#define TTBCR_SH1 (1U << 28)
27
#define TTBCR_EAE (1U << 31)
28
29
+FIELD(VTCR, T0SZ, 0, 6)
30
+FIELD(VTCR, SL0, 6, 2)
31
+FIELD(VTCR, IRGN0, 8, 2)
32
+FIELD(VTCR, ORGN0, 10, 2)
33
+FIELD(VTCR, SH0, 12, 2)
34
+FIELD(VTCR, TG0, 14, 2)
35
+FIELD(VTCR, PS, 16, 3)
36
+FIELD(VTCR, VS, 19, 1)
37
+FIELD(VTCR, HA, 21, 1)
38
+FIELD(VTCR, HD, 22, 1)
39
+FIELD(VTCR, HWU59, 25, 1)
40
+FIELD(VTCR, HWU60, 26, 1)
41
+FIELD(VTCR, HWU61, 27, 1)
42
+FIELD(VTCR, HWU62, 28, 1)
43
+FIELD(VTCR, NSW, 29, 1)
44
+FIELD(VTCR, NSA, 30, 1)
45
+FIELD(VTCR, DS, 32, 1)
46
+FIELD(VTCR, SL2, 33, 1)
47
+
48
/* Bit definitions for ARMv8 SPSR (PSTATE) format.
49
* Only these are valid when in AArch64 mode; in
50
* AArch32 mode SPSRs are basically CPSR-format.
51
diff --git a/target/arm/internals.h b/target/arm/internals.h
52
index XXXXXXX..XXXXXXX 100644
53
--- a/target/arm/internals.h
54
+++ b/target/arm/internals.h
55
@@ -XXX,XX +XXX,XX @@ static inline uint64_t regime_sctlr(CPUARMState *env, ARMMMUIdx mmu_idx)
56
return env->cp15.sctlr_el[regime_el(env, mmu_idx)];
57
}
58
59
+/*
60
+ * These are the fields in VTCR_EL2 which affect both the Secure stage 2
61
+ * and the Non-Secure stage 2 translation regimes (and hence which are
62
+ * not present in VSTCR_EL2).
63
+ */
64
+#define VTCR_SHARED_FIELD_MASK \
65
+ (R_VTCR_IRGN0_MASK | R_VTCR_ORGN0_MASK | R_VTCR_SH0_MASK | \
66
+ R_VTCR_PS_MASK | R_VTCR_VS_MASK | R_VTCR_HA_MASK | R_VTCR_HD_MASK | \
67
+ R_VTCR_DS_MASK)
68
+
69
/* Return the value of the TCR controlling this translation regime */
70
static inline uint64_t regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
46
{
71
{
47
RXICUState *icu = RX_ICU(dev);
72
@@ -XXX,XX +XXX,XX @@ static inline uint64_t regime_tcr(CPUARMState *env, ARMMMUIdx mmu_idx)
48
- int i, j;
49
+ int i;
50
51
if (icu->init_sense == NULL) {
52
qemu_log_mask(LOG_GUEST_ERROR,
53
"rx_icu: trigger-level property must be set.");
54
return;
55
}
73
}
56
- for (i = j = 0; i < NR_IRQS; i++) {
74
if (mmu_idx == ARMMMUIdx_Stage2_S) {
57
- if (icu->init_sense[j] == i) {
75
/*
58
- icu->src[i].sense = TRG_LEVEL;
76
- * Note: Secure stage 2 nominally shares fields from VTCR_EL2, but
59
- if (j < icu->nr_sense) {
77
- * those are not currently used by QEMU, so just return VSTCR_EL2.
60
- j++;
78
+ * Secure stage 2 shares fields from VTCR_EL2. We merge those
61
- }
79
+ * in with the VSTCR_EL2 value to synthesize a single VTCR_EL2 format
62
- } else {
80
+ * value so the callers don't need to special case this.
63
- icu->src[i].sense = TRG_PEDGE;
81
+ *
64
- }
82
+ * If a future architecture change defines bits in VSTCR_EL2 that
65
+
83
+ * overlap with these VTCR_EL2 fields we may need to revisit this.
66
+ for (i = 0; i < NR_IRQS; i++) {
84
*/
67
+ icu->src[i].sense = TRG_PEDGE;
85
- return env->cp15.vstcr_el2;
68
+ }
86
+ uint64_t v = env->cp15.vstcr_el2 & ~VTCR_SHARED_FIELD_MASK;
69
+ for (i = 0; i < icu->nr_sense; i++) {
87
+ v |= env->cp15.vtcr_el2 & VTCR_SHARED_FIELD_MASK;
70
+ uint8_t irqno = icu->init_sense[i];
88
+ return v;
71
+ icu->src[irqno].sense = TRG_LEVEL;
72
}
89
}
73
icu->req_irq = -1;
90
return env->cp15.tcr_el[regime_el(env, mmu_idx)];
74
}
91
}
75
--
92
--
76
2.20.1
93
2.25.1
77
78
diff view generated by jsdifflib
[PULL 06/24] MAINTAINERS: Cover system/arm/nuvoton.rst with Nuvoton NPCM7xx
Deleted patch
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
1
3
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
4
Message-id: 20201120154545.2504625-4-f4bug@amsat.org
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
MAINTAINERS | 1 +
9
1 file changed, 1 insertion(+)
10
11
diff --git a/MAINTAINERS b/MAINTAINERS
12
index XXXXXXX..XXXXXXX 100644
13
--- a/MAINTAINERS
14
+++ b/MAINTAINERS
15
@@ -XXX,XX +XXX,XX @@ F: include/hw/*/npcm7xx*
16
F: tests/qtest/npcm7xx*
17
F: pc-bios/npcm7xx_bootrom.bin
18
F: roms/vbootrom
19
+F: docs/system/arm/nuvoton.rst
20
21
nSeries
22
M: Andrzej Zaborowski <balrogg@gmail.com>
23
--
24
2.20.1
25
26
diff view generated by jsdifflib
[PULL 13/24] docs/system/arm: Document the Sharp Zaurus SL-6000
[PULL 12/15] hw/adc: Fix CONV bit in NPCM7XX ADC CON register
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Hao Wu <wuhaotsh@google.com>
2
2
3
List the 'tosa' machine with the XScale-based PDAs models.
3
The correct bit for the CONV bit in NPCM7XX ADC is bit 13. This patch
4
fixes that in the module, and also lower the IRQ when the guest
5
is done handling an interrupt event from the ADC module.
4
6
5
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
7
Signed-off-by: Hao Wu <wuhaotsh@google.com>
6
Message-id: 20201120173953.2539469-5-f4bug@amsat.org
8
Reviewed-by: Patrick Venture<venture@google.com>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Message-id: 20220714182836.89602-4-wuhaotsh@google.com
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
12
---
10
docs/system/arm/xscale.rst | 20 +++++++++++++-------
13
hw/adc/npcm7xx_adc.c | 2 +-
11
1 file changed, 13 insertions(+), 7 deletions(-)
14
tests/qtest/npcm7xx_adc-test.c | 2 +-
15
2 files changed, 2 insertions(+), 2 deletions(-)
12
16
13
diff --git a/docs/system/arm/xscale.rst b/docs/system/arm/xscale.rst
17
diff --git a/hw/adc/npcm7xx_adc.c b/hw/adc/npcm7xx_adc.c
14
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
15
--- a/docs/system/arm/xscale.rst
19
--- a/hw/adc/npcm7xx_adc.c
16
+++ b/docs/system/arm/xscale.rst
20
+++ b/hw/adc/npcm7xx_adc.c
21
@@ -XXX,XX +XXX,XX @@ REG32(NPCM7XX_ADC_DATA, 0x4)
22
#define NPCM7XX_ADC_CON_INT BIT(18)
23
#define NPCM7XX_ADC_CON_EN BIT(17)
24
#define NPCM7XX_ADC_CON_RST BIT(16)
25
-#define NPCM7XX_ADC_CON_CONV BIT(14)
26
+#define NPCM7XX_ADC_CON_CONV BIT(13)
27
#define NPCM7XX_ADC_CON_DIV(rv) extract32(rv, 1, 8)
28
29
#define NPCM7XX_ADC_MAX_RESULT 1023
30
diff --git a/tests/qtest/npcm7xx_adc-test.c b/tests/qtest/npcm7xx_adc-test.c
31
index XXXXXXX..XXXXXXX 100644
32
--- a/tests/qtest/npcm7xx_adc-test.c
33
+++ b/tests/qtest/npcm7xx_adc-test.c
17
@@ -XXX,XX +XXX,XX @@
34
@@ -XXX,XX +XXX,XX @@
18
-Sharp XScale-based PDA models (``akita``, ``borzoi``, ``spitz``, ``terrier``)
35
#define CON_INT BIT(18)
19
-=============================================================================
36
#define CON_EN BIT(17)
20
+Sharp XScale-based PDA models (``akita``, ``borzoi``, ``spitz``, ``terrier``, ``tosa``)
37
#define CON_RST BIT(16)
21
+=======================================================================================
38
-#define CON_CONV BIT(14)
22
39
+#define CON_CONV BIT(13)
23
-The XScale-based clamshell PDA models (\"Spitz\", \"Akita\", \"Borzoi\"
40
#define CON_DIV(rv) extract32(rv, 1, 8)
24
-and \"Terrier\") emulation includes the following peripherals:
41
25
+The Sharp Zaurus are PDAs based on XScale, able to run Linux ('SL series').
42
#define FST_RDST BIT(1)
26
27
-- Intel PXA270 System-on-chip (ARMv5TE core)
28
+The SL-6000 (\"Tosa\"), released in 2005, uses a PXA255 System-on-chip.
29
30
-- NAND Flash memory
31
+The SL-C3000 (\"Spitz\"), SL-C1000 (\"Akita\"), SL-C3100 (\"Borzoi\") and
32
+SL-C3200 (\"Terrier\") use a PXA270.
33
+
34
+The clamshell PDA models emulation includes the following peripherals:
35
+
36
+- Intel PXA255/PXA270 System-on-chip (ARMv5TE core)
37
+
38
+- NAND Flash memory - not in \"Tosa\"
39
40
- IBM/Hitachi DSCM microdrive in a PXA PCMCIA slot - not in \"Akita\"
41
42
-- On-chip OHCI USB controller
43
+- On-chip OHCI USB controller - not in \"Tosa\"
44
45
- On-chip LCD controller
46
47
--
43
--
48
2.20.1
44
2.25.1
49
50
diff view generated by jsdifflib
[PULL 07/24] MAINTAINERS: Fix system/arm/orangepi.rst path
[PULL 13/15] hw/adc: Make adci[*] R/W in NPCM7XX ADC
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Hao Wu <wuhaotsh@google.com>
2
2
3
Fixes: 0553ef42571 ("docs: add Orange Pi PC document")
3
Our sensor test requires both reading and writing from a sensor's
4
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
4
QOM property. So we need to make the input of ADC module R/W instead
5
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
5
of write only for that to work.
6
Message-id: 20201120154545.2504625-5-f4bug@amsat.org
6
7
Signed-off-by: Hao Wu <wuhaotsh@google.com>
8
Reviewed-by: Titus Rwantare <titusr@google.com>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Message-id: 20220714182836.89602-5-wuhaotsh@google.com
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
12
---
10
MAINTAINERS | 2 +-
13
hw/adc/npcm7xx_adc.c | 2 +-
11
1 file changed, 1 insertion(+), 1 deletion(-)
14
1 file changed, 1 insertion(+), 1 deletion(-)
12
15
13
diff --git a/MAINTAINERS b/MAINTAINERS
16
diff --git a/hw/adc/npcm7xx_adc.c b/hw/adc/npcm7xx_adc.c
14
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
15
--- a/MAINTAINERS
18
--- a/hw/adc/npcm7xx_adc.c
16
+++ b/MAINTAINERS
19
+++ b/hw/adc/npcm7xx_adc.c
17
@@ -XXX,XX +XXX,XX @@ S: Maintained
20
@@ -XXX,XX +XXX,XX @@ static void npcm7xx_adc_init(Object *obj)
18
F: hw/*/allwinner-h3*
21
19
F: include/hw/*/allwinner-h3*
22
for (i = 0; i < NPCM7XX_ADC_NUM_INPUTS; ++i) {
20
F: hw/arm/orangepi.c
23
object_property_add_uint32_ptr(obj, "adci[*]",
21
-F: docs/system/orangepi.rst
24
- &s->adci[i], OBJ_PROP_FLAG_WRITE);
22
+F: docs/system/arm/orangepi.rst
25
+ &s->adci[i], OBJ_PROP_FLAG_READWRITE);
23
26
}
24
ARM PrimeCell and CMSDK devices
27
object_property_add_uint32_ptr(obj, "vref",
25
M: Peter Maydell <peter.maydell@linaro.org>
28
&s->vref, OBJ_PROP_FLAG_WRITE);
26
--
29
--
27
2.20.1
30
2.25.1
28
29
diff view generated by jsdifflib
[PULL 08/24] MAINTAINERS: Cover system/arm/sbsa.rst with SBSA-REF machine
Deleted patch
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
1
3
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
4
Message-id: 20201120154545.2504625-6-f4bug@amsat.org
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
MAINTAINERS | 1 +
9
1 file changed, 1 insertion(+)
10
11
diff --git a/MAINTAINERS b/MAINTAINERS
12
index XXXXXXX..XXXXXXX 100644
13
--- a/MAINTAINERS
14
+++ b/MAINTAINERS
15
@@ -XXX,XX +XXX,XX @@ R: Leif Lindholm <leif@nuviainc.com>
16
L: qemu-arm@nongnu.org
17
S: Maintained
18
F: hw/arm/sbsa-ref.c
19
+F: docs/system/arm/sbsa.rst
20
21
Sharp SL-5500 (Collie) PDA
22
M: Peter Maydell <peter.maydell@linaro.org>
23
--
24
2.20.1
25
26
diff view generated by jsdifflib
[PULL 09/24] MAINTAINERS: Cover system/arm/sx1.rst with OMAP machines
Deleted patch
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
1
3
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
4
Message-id: 20201120154545.2504625-7-f4bug@amsat.org
5
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
8
MAINTAINERS | 1 +
9
1 file changed, 1 insertion(+)
10
11
diff --git a/MAINTAINERS b/MAINTAINERS
12
index XXXXXXX..XXXXXXX 100644
13
--- a/MAINTAINERS
14
+++ b/MAINTAINERS
15
@@ -XXX,XX +XXX,XX @@ L: qemu-arm@nongnu.org
16
S: Maintained
17
F: hw/*/omap*
18
F: include/hw/arm/omap.h
19
+F: docs/system/arm/sx1.rst
20
21
IPack
22
M: Alberto Garcia <berto@igalia.com>
23
--
24
2.20.1
25
26
diff view generated by jsdifflib
[PULL 10/24] docs/system: Deprecate raspi2/raspi3 machine aliases
Deleted patch
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
1
3
Since commit aa35ec2213b ("hw/arm/raspi: Use more specific
4
machine names") the raspi2/raspi3 machines have been renamed
5
as raspi2b/raspi3b.
6
7
Note, rather than the raspi3b, the raspi3ap introduced in
8
commit 5be94252d34 ("hw/arm/raspi: Add the Raspberry Pi 3
9
model A+") is a closer match to what QEMU models, but only
10
provides 512 MB of RAM.
11
12
As more Raspberry Pi 2/3 models are emulated, in order
13
to avoid confusion, deprecate the raspi2/raspi3 machine
14
aliases.
15
16
ACKed-by: Peter Krempa <pkrempa@redhat.com>
17
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
18
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
19
Message-id: 20201120173953.2539469-2-f4bug@amsat.org
20
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
21
---
22
docs/system/deprecated.rst | 7 +++++++
23
1 file changed, 7 insertions(+)
24
25
diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
26
index XXXXXXX..XXXXXXX 100644
27
--- a/docs/system/deprecated.rst
28
+++ b/docs/system/deprecated.rst
29
@@ -XXX,XX +XXX,XX @@ This machine has been renamed ``fuloong2e``.
30
These machine types are very old and likely can not be used for live migration
31
from old QEMU versions anymore. A newer machine type should be used instead.
32
33
+Raspberry Pi ``raspi2`` and ``raspi3`` machines (since 5.2)
34
+'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
35
+
36
+The Raspberry Pi machines come in various models (A, A+, B, B+). To be able
37
+to distinguish which model QEMU is implementing, the ``raspi2`` and ``raspi3``
38
+machines have been renamed ``raspi2b`` and ``raspi3b``.
39
+
40
Device options
41
--------------
42
43
--
44
2.20.1
45
46
diff view generated by jsdifflib
[PULL 18/24] docs: Move virtio-pmem.rst into the system manual
[PULL 14/15] target/arm: Don't set syndrome ISS for loads and stores with writeback
1
The architecture requires that for faults on loads and stores which
2
do writeback, the syndrome information does not have the ISS
3
instruction syndrome information (i.e. ISV is 0). We got this wrong
4
for the load and store instructions covered by disas_ldst_reg_imm9().
5
Calculate iss_valid correctly so that if the insn is a writeback one
6
it is false.
7
8
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1057
1
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
10
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
11
Message-id: 20220715123323.1550983-1-peter.maydell@linaro.org
3
---
12
---
4
docs/system/index.rst | 1 +
13
target/arm/translate-a64.c | 4 +++-
5
docs/{ => system}/virtio-pmem.rst | 0
14
1 file changed, 3 insertions(+), 1 deletion(-)
6
2 files changed, 1 insertion(+)
7
rename docs/{ => system}/virtio-pmem.rst (100%)
8
15
9
diff --git a/docs/system/index.rst b/docs/system/index.rst
16
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
10
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
11
--- a/docs/system/index.rst
18
--- a/target/arm/translate-a64.c
12
+++ b/docs/system/index.rst
19
+++ b/target/arm/translate-a64.c
13
@@ -XXX,XX +XXX,XX @@ Contents:
20
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn,
14
gdb
21
bool is_store = false;
15
managed-startup
22
bool is_extended = false;
16
cpu-hotplug
23
bool is_unpriv = (idx == 2);
17
+ virtio-pmem
24
- bool iss_valid = !is_vector;
18
targets
25
+ bool iss_valid;
19
security
26
bool post_index;
20
deprecated
27
bool writeback;
21
diff --git a/docs/virtio-pmem.rst b/docs/system/virtio-pmem.rst
28
int memidx;
22
similarity index 100%
29
@@ -XXX,XX +XXX,XX @@ static void disas_ldst_reg_imm9(DisasContext *s, uint32_t insn,
23
rename from docs/virtio-pmem.rst
30
g_assert_not_reached();
24
rename to docs/system/virtio-pmem.rst
31
}
32
33
+ iss_valid = !is_vector && !writeback;
34
+
35
if (rn == 31) {
36
gen_check_sp_alignment(s);
37
}
25
--
38
--
26
2.20.1
39
2.25.1
27
28
diff view generated by jsdifflib
[PULL 11/24] docs/system/arm: Document the various raspi boards
[PULL 15/15] Align Raspberry Pi DMA interrupts with Linux DTS
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
1
From: Andrey Makarov <ph.makarov@gmail.com>
2
2
3
Document the following Raspberry Pi models:
3
There is nothing in the specs on DMA engine interrupt lines: it should have
4
4
been in the "BCM2835 ARM Peripherals" datasheet but the appropriate
5
- raspi0 Raspberry Pi Zero (revision 1.2)
5
"ARM peripherals interrupt table" (p.113) is nearly empty.
6
- raspi1ap Raspberry Pi A+ (revision 1.1)
6
7
- raspi2b Raspberry Pi 2B (revision 1.1)
7
All Raspberry Pi models 1-3 (based on bcm2835) have
8
- raspi3ap Raspberry Pi 3A+ (revision 1.0)
8
Linux device tree (arch/arm/boot/dts/bcm2835-common.dtsi +25):
9
- raspi3b Raspberry Pi 3B (revision 1.2)
9
10
10
/* dma channel 11-14 share one irq */
11
12
This information is repeated in the driver code
13
(drivers/dma/bcm2835-dma.c +1344):
14
15
/*
16
* in case of channel >= 11
17
* use the 11th interrupt and that is shared
18
*/
19
20
In this patch channels 0--10 and 11--14 are handled separately.
21
22
Signed-off-by: Andrey Makarov <andrey.makarov@auriga.com>
23
Message-id: 20220716113210.349153-1-andrey.makarov@auriga.com
24
[PMM: fixed checkpatch nits]
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
25
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
13
Message-id: 20201120173953.2539469-3-f4bug@amsat.org
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
26
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
---
27
---
16
docs/system/arm/raspi.rst | 43 ++++++++++++++++++++++++++++++++++++++
28
include/hw/arm/bcm2835_peripherals.h | 2 +
17
docs/system/target-arm.rst | 1 +
29
hw/arm/bcm2835_peripherals.c | 26 +++++-
18
MAINTAINERS | 1 +
30
tests/qtest/bcm2835-dma-test.c | 118 +++++++++++++++++++++++++++
19
3 files changed, 45 insertions(+)
31
tests/qtest/meson.build | 3 +-
20
create mode 100644 docs/system/arm/raspi.rst
32
4 files changed, 147 insertions(+), 2 deletions(-)
21
33
create mode 100644 tests/qtest/bcm2835-dma-test.c
22
diff --git a/docs/system/arm/raspi.rst b/docs/system/arm/raspi.rst
34
35
diff --git a/include/hw/arm/bcm2835_peripherals.h b/include/hw/arm/bcm2835_peripherals.h
36
index XXXXXXX..XXXXXXX 100644
37
--- a/include/hw/arm/bcm2835_peripherals.h
38
+++ b/include/hw/arm/bcm2835_peripherals.h
39
@@ -XXX,XX +XXX,XX @@
40
#include "hw/char/bcm2835_aux.h"
41
#include "hw/display/bcm2835_fb.h"
42
#include "hw/dma/bcm2835_dma.h"
43
+#include "hw/or-irq.h"
44
#include "hw/intc/bcm2835_ic.h"
45
#include "hw/misc/bcm2835_property.h"
46
#include "hw/misc/bcm2835_rng.h"
47
@@ -XXX,XX +XXX,XX @@ struct BCM2835PeripheralState {
48
BCM2835AuxState aux;
49
BCM2835FBState fb;
50
BCM2835DMAState dma;
51
+ qemu_or_irq orgated_dma_irq;
52
BCM2835ICState ic;
53
BCM2835PropertyState property;
54
BCM2835RngState rng;
55
diff --git a/hw/arm/bcm2835_peripherals.c b/hw/arm/bcm2835_peripherals.c
56
index XXXXXXX..XXXXXXX 100644
57
--- a/hw/arm/bcm2835_peripherals.c
58
+++ b/hw/arm/bcm2835_peripherals.c
59
@@ -XXX,XX +XXX,XX @@
60
/* Capabilities for SD controller: no DMA, high-speed, default clocks etc. */
61
#define BCM2835_SDHC_CAPAREG 0x52134b4
62
63
+/*
64
+ * According to Linux driver & DTS, dma channels 0--10 have separate IRQ,
65
+ * while channels 11--14 share one IRQ:
66
+ */
67
+#define SEPARATE_DMA_IRQ_MAX 10
68
+#define ORGATED_DMA_IRQ_COUNT 4
69
+
70
static void create_unimp(BCM2835PeripheralState *ps,
71
UnimplementedDeviceState *uds,
72
const char *name, hwaddr ofs, hwaddr size)
73
@@ -XXX,XX +XXX,XX @@ static void bcm2835_peripherals_init(Object *obj)
74
/* DMA Channels */
75
object_initialize_child(obj, "dma", &s->dma, TYPE_BCM2835_DMA);
76
77
+ object_initialize_child(obj, "orgated-dma-irq",
78
+ &s->orgated_dma_irq, TYPE_OR_IRQ);
79
+ object_property_set_int(OBJECT(&s->orgated_dma_irq), "num-lines",
80
+ ORGATED_DMA_IRQ_COUNT, &error_abort);
81
+
82
object_property_add_const_link(OBJECT(&s->dma), "dma-mr",
83
OBJECT(&s->gpu_bus_mr));
84
85
@@ -XXX,XX +XXX,XX @@ static void bcm2835_peripherals_realize(DeviceState *dev, Error **errp)
86
memory_region_add_subregion(&s->peri_mr, DMA15_OFFSET,
87
sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->dma), 1));
88
89
- for (n = 0; n <= 12; n++) {
90
+ for (n = 0; n <= SEPARATE_DMA_IRQ_MAX; n++) {
91
sysbus_connect_irq(SYS_BUS_DEVICE(&s->dma), n,
92
qdev_get_gpio_in_named(DEVICE(&s->ic),
93
BCM2835_IC_GPU_IRQ,
94
INTERRUPT_DMA0 + n));
95
}
96
+ if (!qdev_realize(DEVICE(&s->orgated_dma_irq), NULL, errp)) {
97
+ return;
98
+ }
99
+ for (n = 0; n < ORGATED_DMA_IRQ_COUNT; n++) {
100
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->dma),
101
+ SEPARATE_DMA_IRQ_MAX + 1 + n,
102
+ qdev_get_gpio_in(DEVICE(&s->orgated_dma_irq), n));
103
+ }
104
+ qdev_connect_gpio_out(DEVICE(&s->orgated_dma_irq), 0,
105
+ qdev_get_gpio_in_named(DEVICE(&s->ic),
106
+ BCM2835_IC_GPU_IRQ,
107
+ INTERRUPT_DMA0 + SEPARATE_DMA_IRQ_MAX + 1));
108
109
/* THERMAL */
110
if (!sysbus_realize(SYS_BUS_DEVICE(&s->thermal), errp)) {
111
diff --git a/tests/qtest/bcm2835-dma-test.c b/tests/qtest/bcm2835-dma-test.c
23
new file mode 100644
112
new file mode 100644
24
index XXXXXXX..XXXXXXX
113
index XXXXXXX..XXXXXXX
25
--- /dev/null
114
--- /dev/null
26
+++ b/docs/system/arm/raspi.rst
115
+++ b/tests/qtest/bcm2835-dma-test.c
27
@@ -XXX,XX +XXX,XX @@
116
@@ -XXX,XX +XXX,XX @@
28
+Raspberry Pi boards (``raspi0``, ``raspi1ap``, ``raspi2b``, ``raspi3ap``, ``raspi3b``)
117
+/*
29
+======================================================================================
118
+ * QTest testcase for BCM283x DMA engine (on Raspberry Pi 3)
30
+
119
+ * and its interrupts coming to Interrupt Controller.
31
+
120
+ *
32
+QEMU provides models of the following Raspberry Pi boards:
121
+ * Copyright (c) 2022 Auriga LLC
33
+
122
+ *
34
+``raspi0`` and ``raspi1ap``
123
+ * SPDX-License-Identifier: GPL-2.0-or-later
35
+ ARM1176JZF-S core, 512 MiB of RAM
124
+ */
36
+``raspi2b``
125
+
37
+ Cortex-A7 (4 cores), 1 GiB of RAM
126
+#include "qemu/osdep.h"
38
+``raspi3ap``
127
+#include "libqtest-single.h"
39
+ Cortex-A53 (4 cores), 512 MiB of RAM
128
+
40
+``raspi3b``
129
+/* Offsets in raspi3b platform: */
41
+ Cortex-A53 (4 cores), 1 GiB of RAM
130
+#define RASPI3_DMA_BASE 0x3f007000
42
+
131
+#define RASPI3_IC_BASE 0x3f00b200
43
+
132
+
44
+Implemented devices
133
+/* Used register/fields definitions */
45
+-------------------
134
+
46
+
135
+/* DMA engine registers: */
47
+ * ARM1176JZF-S, Cortex-A7 or Cortex-A53 CPU
136
+#define BCM2708_DMA_CS 0
48
+ * Interrupt controller
137
+#define BCM2708_DMA_ACTIVE (1 << 0)
49
+ * DMA controller
138
+#define BCM2708_DMA_INT (1 << 2)
50
+ * Clock and reset controller (CPRMAN)
139
+
51
+ * System Timer
140
+#define BCM2708_DMA_ADDR 0x04
52
+ * GPIO controller
141
+
53
+ * Serial ports (BCM2835 AUX - 16550 based - and PL011)
142
+#define BCM2708_DMA_INT_STATUS 0xfe0
54
+ * Random Number Generator (RNG)
143
+
55
+ * Frame Buffer
144
+/* DMA Trasfer Info fields: */
56
+ * USB host (USBH)
145
+#define BCM2708_DMA_INT_EN (1 << 0)
57
+ * GPIO controller
146
+#define BCM2708_DMA_D_INC (1 << 4)
58
+ * SD/MMC host controller
147
+#define BCM2708_DMA_S_INC (1 << 8)
59
+ * SoC thermal sensor
148
+
60
+ * USB2 host controller (DWC2 and MPHI)
149
+/* Interrupt controller registers: */
61
+ * MailBox controller (MBOX)
150
+#define IRQ_PENDING_BASIC 0x00
62
+ * VideoCore firmware (property)
151
+#define IRQ_GPU_PENDING1_AGGR (1 << 8)
63
+
152
+#define IRQ_PENDING_1 0x04
64
+
153
+#define IRQ_ENABLE_1 0x10
65
+Missing devices
154
+
66
+---------------
155
+/* Data for the test: */
67
+
156
+#define SCB_ADDR 256
68
+ * Peripheral SPI controller (SPI)
157
+#define S_ADDR 32
69
+ * Analog to Digital Converter (ADC)
158
+#define D_ADDR 64
70
+ * Pulse Width Modulation (PWM)
159
+#define TXFR_LEN 32
71
diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst
160
+const uint32_t check_data = 0x12345678;
161
+
162
+static void bcm2835_dma_test_interrupt(int dma_c, int irq_line)
163
+{
164
+ uint64_t dma_base = RASPI3_DMA_BASE + dma_c * 0x100;
165
+ int gpu_irq_line = 16 + irq_line;
166
+
167
+ /* Check that interrupts are silent by default: */
168
+ writel(RASPI3_IC_BASE + IRQ_ENABLE_1, 1 << gpu_irq_line);
169
+ int isr = readl(dma_base + BCM2708_DMA_INT_STATUS);
170
+ g_assert_cmpint(isr, ==, 0);
171
+ uint32_t reg0 = readl(dma_base + BCM2708_DMA_CS);
172
+ g_assert_cmpint(reg0, ==, 0);
173
+ uint32_t ic_pending = readl(RASPI3_IC_BASE + IRQ_PENDING_BASIC);
174
+ g_assert_cmpint(ic_pending, ==, 0);
175
+ uint32_t gpu_pending1 = readl(RASPI3_IC_BASE + IRQ_PENDING_1);
176
+ g_assert_cmpint(gpu_pending1, ==, 0);
177
+
178
+ /* Prepare Control Block: */
179
+ writel(SCB_ADDR + 0, BCM2708_DMA_S_INC | BCM2708_DMA_D_INC |
180
+ BCM2708_DMA_INT_EN); /* transfer info */
181
+ writel(SCB_ADDR + 4, S_ADDR); /* source address */
182
+ writel(SCB_ADDR + 8, D_ADDR); /* destination address */
183
+ writel(SCB_ADDR + 12, TXFR_LEN); /* transfer length */
184
+ writel(dma_base + BCM2708_DMA_ADDR, SCB_ADDR);
185
+
186
+ writel(S_ADDR, check_data);
187
+ for (int word = S_ADDR + 4; word < S_ADDR + TXFR_LEN; word += 4) {
188
+ writel(word, ~check_data);
189
+ }
190
+ /* Perform the transfer: */
191
+ writel(dma_base + BCM2708_DMA_CS, BCM2708_DMA_ACTIVE);
192
+
193
+ /* Check that destination == source: */
194
+ uint32_t data = readl(D_ADDR);
195
+ g_assert_cmpint(data, ==, check_data);
196
+ for (int word = D_ADDR + 4; word < D_ADDR + TXFR_LEN; word += 4) {
197
+ data = readl(word);
198
+ g_assert_cmpint(data, ==, ~check_data);
199
+ }
200
+
201
+ /* Check that interrupt status is set both in DMA and IC controllers: */
202
+ isr = readl(RASPI3_DMA_BASE + BCM2708_DMA_INT_STATUS);
203
+ g_assert_cmpint(isr, ==, 1 << dma_c);
204
+
205
+ ic_pending = readl(RASPI3_IC_BASE + IRQ_PENDING_BASIC);
206
+ g_assert_cmpint(ic_pending, ==, IRQ_GPU_PENDING1_AGGR);
207
+
208
+ gpu_pending1 = readl(RASPI3_IC_BASE + IRQ_PENDING_1);
209
+ g_assert_cmpint(gpu_pending1, ==, 1 << gpu_irq_line);
210
+
211
+ /* Clean up, clear interrupt: */
212
+ writel(dma_base + BCM2708_DMA_CS, BCM2708_DMA_INT);
213
+}
214
+
215
+static void bcm2835_dma_test_interrupts(void)
216
+{
217
+ /* DMA engines 0--10 have separate IRQ lines, 11--14 - only one: */
218
+ bcm2835_dma_test_interrupt(0, 0);
219
+ bcm2835_dma_test_interrupt(10, 10);
220
+ bcm2835_dma_test_interrupt(11, 11);
221
+ bcm2835_dma_test_interrupt(14, 11);
222
+}
223
+
224
+int main(int argc, char **argv)
225
+{
226
+ int ret;
227
+ g_test_init(&argc, &argv, NULL);
228
+ qtest_add_func("/bcm2835/dma/test_interrupts",
229
+ bcm2835_dma_test_interrupts);
230
+ qtest_start("-machine raspi3b");
231
+ ret = g_test_run();
232
+ qtest_end();
233
+ return ret;
234
+}
235
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
72
index XXXXXXX..XXXXXXX 100644
236
index XXXXXXX..XXXXXXX 100644
73
--- a/docs/system/target-arm.rst
237
--- a/tests/qtest/meson.build
74
+++ b/docs/system/target-arm.rst
238
+++ b/tests/qtest/meson.build
75
@@ -XXX,XX +XXX,XX @@ undocumented; you can get a complete list by running
239
@@ -XXX,XX +XXX,XX @@ qtests_aarch64 = \
76
arm/nuvoton
240
['arm-cpu-features',
77
arm/orangepi
241
'numa-test',
78
arm/palm
242
'boot-serial-test',
79
+ arm/raspi
243
- 'migration-test']
80
arm/xscale
244
+ 'migration-test',
81
arm/collie
245
+ 'bcm2835-dma-test']
82
arm/sx1
246
83
diff --git a/MAINTAINERS b/MAINTAINERS
247
qtests_s390x = \
84
index XXXXXXX..XXXXXXX 100644
248
(slirp.found() ? ['pxe-test', 'test-netfilter'] : []) + \
85
--- a/MAINTAINERS
86
+++ b/MAINTAINERS
87
@@ -XXX,XX +XXX,XX @@ F: hw/arm/raspi_platform.h
88
F: hw/*/bcm283*
89
F: include/hw/arm/raspi*
90
F: include/hw/*/bcm283*
91
+F: docs/system/arm/raspi.rst
92
93
Real View
94
M: Peter Maydell <peter.maydell@linaro.org>
95
--
249
--
96
2.20.1
250
2.25.1
97
98
diff view generated by jsdifflib
[PULL 12/24] docs/system/arm: Document OpenPOWER Witherspoon BMC model Front LEDs
Deleted patch
1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
2
1
3
Document the 3 front LEDs modeled on the OpenPOWER Witherspoon BMC
4
(see commit 7cfbde5ea1c "hw/arm/aspeed: Add the 3 front LEDs drived
5
by the PCA9552 #1").
6
7
Reviewed-by: Cédric Le Goater <clg@kaod.org>
8
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
9
Message-id: 20201120173953.2539469-4-f4bug@amsat.org
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
12
docs/system/arm/aspeed.rst | 1 +
13
1 file changed, 1 insertion(+)
14
15
diff --git a/docs/system/arm/aspeed.rst b/docs/system/arm/aspeed.rst
16
index XXXXXXX..XXXXXXX 100644
17
--- a/docs/system/arm/aspeed.rst
18
+++ b/docs/system/arm/aspeed.rst
19
@@ -XXX,XX +XXX,XX @@ Supported devices
20
* GPIO Controller (Master only)
21
* UART
22
* Ethernet controllers
23
+ * Front LEDs (PCA9552 on I2C bus)
24
25
26
Missing devices
27
--
28
2.20.1
29
30
diff view generated by jsdifflib
[PULL 14/24] target/arm: Make SYS_HEAPINFO work with RAM that doesn't start at 0
Deleted patch
1
The semihosting SYS_HEAPINFO call is supposed to return an array
2
of four guest addresses:
3
* base of heap memory
4
* limit of heap memory
5
* base of stack memory
6
* limit of stack memory
7
1
8
Some semihosting programs (including those compiled to use the
9
'newlib' embedded C library) use this call to work out where they
10
should initialize themselves to.
11
12
QEMU's implementation when in system emulation mode is very
13
simplistic: we say that the heap starts halfway into RAM and
14
continues to the end of RAM, and the stack starts at the top of RAM
15
and works down to the bottom. Unfortunately the code assumes that
16
the base address of RAM is at address 0, so on boards like 'virt'
17
where this is not true the addresses returned will all be wrong and
18
the guest application will usually crash.
19
20
Conveniently since all Arm boards call arm_load_kernel() we have the
21
base address of the main RAM block in the arm_boot_info struct which
22
is accessible via the CPU object. Use this to return sensible values
23
from SYS_HEAPINFO.
24
25
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
26
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
27
Message-id: 20201119092346.32356-1-peter.maydell@linaro.org
28
---
29
target/arm/arm-semi.c | 12 ++++++++----
30
1 file changed, 8 insertions(+), 4 deletions(-)
31
32
diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
33
index XXXXXXX..XXXXXXX 100644
34
--- a/target/arm/arm-semi.c
35
+++ b/target/arm/arm-semi.c
36
@@ -XXX,XX +XXX,XX @@
37
#else
38
#include "exec/gdbstub.h"
39
#include "qemu/cutils.h"
40
+#include "hw/arm/boot.h"
41
#endif
42
43
#define TARGET_SYS_OPEN 0x01
44
@@ -XXX,XX +XXX,XX @@ target_ulong do_arm_semihosting(CPUARMState *env)
45
int i;
46
#ifdef CONFIG_USER_ONLY
47
TaskState *ts = cs->opaque;
48
+#else
49
+ const struct arm_boot_info *info = env->boot_info;
50
+ target_ulong rambase = info->loader_start;
51
#endif
52
53
GET_ARG(0);
54
@@ -XXX,XX +XXX,XX @@ target_ulong do_arm_semihosting(CPUARMState *env)
55
#else
56
limit = ram_size;
57
/* TODO: Make this use the limit of the loaded application. */
58
- retvals[0] = limit / 2;
59
- retvals[1] = limit;
60
- retvals[2] = limit; /* Stack base */
61
- retvals[3] = 0; /* Stack limit. */
62
+ retvals[0] = rambase + limit / 2;
63
+ retvals[1] = rambase + limit;
64
+ retvals[2] = rambase + limit; /* Stack base */
65
+ retvals[3] = rambase; /* Stack limit. */
66
#endif
67
68
for (i = 0; i < ARRAY_SIZE(retvals); i++) {
69
--
70
2.20.1
71
72
diff view generated by jsdifflib
[PULL 16/24] docs: Move virtio-net-failover.rst into the system manual
Deleted patch
1
The virtio-net-failover documentation is currently orphan and
2
not included in any manual; move it into the system manual,
3
immediately following the general network emulation section.
4
1
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
7
---
8
docs/system/index.rst | 1 +
9
docs/{ => system}/virtio-net-failover.rst | 0
10
2 files changed, 1 insertion(+)
11
rename docs/{ => system}/virtio-net-failover.rst (100%)
12
13
diff --git a/docs/system/index.rst b/docs/system/index.rst
14
index XXXXXXX..XXXXXXX 100644
15
--- a/docs/system/index.rst
16
+++ b/docs/system/index.rst
17
@@ -XXX,XX +XXX,XX @@ Contents:
18
monitor
19
images
20
net
21
+ virtio-net-failover
22
usb
23
ivshmem
24
linuxboot
25
diff --git a/docs/virtio-net-failover.rst b/docs/system/virtio-net-failover.rst
26
similarity index 100%
27
rename from docs/virtio-net-failover.rst
28
rename to docs/system/virtio-net-failover.rst
29
--
30
2.20.1
31
32
diff view generated by jsdifflib
[PULL 17/24] docs: Move cpu-hotplug.rst into the system manual
Deleted patch
1
The cpu-hotplug.rst documentation is currently orphan and not
2
included in any manual; move it into the system manual.
3
1
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
6
---
7
docs/{ => system}/cpu-hotplug.rst | 0
8
docs/system/index.rst | 1 +
9
2 files changed, 1 insertion(+)
10
rename docs/{ => system}/cpu-hotplug.rst (100%)
11
12
diff --git a/docs/cpu-hotplug.rst b/docs/system/cpu-hotplug.rst
13
similarity index 100%
14
rename from docs/cpu-hotplug.rst
15
rename to docs/system/cpu-hotplug.rst
16
diff --git a/docs/system/index.rst b/docs/system/index.rst
17
index XXXXXXX..XXXXXXX 100644
18
--- a/docs/system/index.rst
19
+++ b/docs/system/index.rst
20
@@ -XXX,XX +XXX,XX @@ Contents:
21
tls
22
gdb
23
managed-startup
24
+ cpu-hotplug
25
targets
26
security
27
deprecated
28
--
29
2.20.1
30
31
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.