| 1 | Hi; this pull request has a couple of fixes for bugs in | 1 | A last small test of bug fixes before rc1. |
|---|---|---|---|
| 2 | the Arm page-table-walk code, which arrived in the last | ||
| 3 | day or so. | ||
| 4 | |||
| 5 | I'm sending this out now in the hope it might just sneak | ||
| 6 | in before rc2 gets tagged, so the fixes can get more | ||
| 7 | testing time before the 7.2 release; but if they don't | ||
| 8 | make it then this should go into rc3. | ||
| 9 | 2 | ||
| 10 | thanks | 3 | thanks |
| 11 | -- PMM | 4 | -- PMM |
| 12 | 5 | ||
| 13 | The following changes since commit 6d71357a3b651ec9db126e4862b77e13165427f5: | 6 | The following changes since commit ed8ad9728a9c0eec34db9dff61dfa2f1dd625637: |
| 14 | 7 | ||
| 15 | rtl8139: honor large send MSS value (2022-11-21 09:28:43 -0500) | 8 | Merge tag 'pull-tpm-2023-07-14-1' of https://github.com/stefanberger/qemu-tpm into staging (2023-07-15 14:54:04 +0100) |
| 16 | 9 | ||
| 17 | are available in the Git repository at: | 10 | are available in the Git repository at: |
| 18 | 11 | ||
| 19 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20221122 | 12 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230717 |
| 20 | 13 | ||
| 21 | for you to fetch changes up to 15f8f4671afd22491ce99d28a296514717fead4f: | 14 | for you to fetch changes up to c2c1c4a35c7c2b1a4140b0942b9797c857e476a4: |
| 22 | 15 | ||
| 23 | target/arm: Use signed quantity to represent VMSAv8-64 translation level (2022-11-22 16:10:25 +0000) | 16 | hw/nvram: Avoid unnecessary Xilinx eFuse backstore write (2023-07-17 11:05:52 +0100) |
| 24 | 17 | ||
| 25 | ---------------------------------------------------------------- | 18 | ---------------------------------------------------------------- |
| 26 | target-arm: | 19 | target-arm queue: |
| 27 | * Fix broken 5-level pagetable handling | 20 | * hw/arm/sbsa-ref: set 'slots' property of xhci |
| 28 | * Fix debug accesses when EL2 is present | 21 | * linux-user: Remove pointless NULL check in clock_adjtime handling |
| 22 | * ptw: Fix S1_ptw_translate() debug path | ||
| 23 | * ptw: Account for FEAT_RME when applying {N}SW, SA bits | ||
| 24 | * accel/tcg: Zero-pad PC in TCG CPU exec trace lines | ||
| 25 | * hw/nvram: Avoid unnecessary Xilinx eFuse backstore write | ||
| 29 | 26 | ||
| 30 | ---------------------------------------------------------------- | 27 | ---------------------------------------------------------------- |
| 31 | Ard Biesheuvel (1): | 28 | Peter Maydell (5): |
| 32 | target/arm: Use signed quantity to represent VMSAv8-64 translation level | 29 | linux-user: Remove pointless NULL check in clock_adjtime handling |
| 30 | target/arm/ptw.c: Add comments to S1Translate struct fields | ||
| 31 | target/arm: Fix S1_ptw_translate() debug path | ||
| 32 | target/arm/ptw.c: Account for FEAT_RME when applying {N}SW, SA bits | ||
| 33 | accel/tcg: Zero-pad PC in TCG CPU exec trace lines | ||
| 33 | 34 | ||
| 34 | Peter Maydell (1): | 35 | Tong Ho (1): |
| 35 | target/arm: Don't do two-stage lookup if stage 2 is disabled | 36 | hw/nvram: Avoid unnecessary Xilinx eFuse backstore write |
| 36 | 37 | ||
| 37 | target/arm/ptw.c | 11 ++++++----- | 38 | Yuquan Wang (1): |
| 38 | 1 file changed, 6 insertions(+), 5 deletions(-) | 39 | hw/arm/sbsa-ref: set 'slots' property of xhci |
| 40 | |||
| 41 | accel/tcg/cpu-exec.c | 4 +-- | ||
| 42 | accel/tcg/translate-all.c | 2 +- | ||
| 43 | hw/arm/sbsa-ref.c | 1 + | ||
| 44 | hw/nvram/xlnx-efuse.c | 11 ++++-- | ||
| 45 | linux-user/syscall.c | 12 +++---- | ||
| 46 | target/arm/ptw.c | 90 +++++++++++++++++++++++++++++++++++++++++------ | ||
| 47 | 6 files changed, 98 insertions(+), 22 deletions(-) | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | From: Yuquan Wang <wangyuquan1236@phytium.com.cn> | ||
| 1 | 2 | ||
| 3 | This extends the slots of xhci to 64, since the default xhci_sysbus | ||
| 4 | just supports one slot. | ||
| 5 | |||
| 6 | Signed-off-by: Wang Yuquan <wangyuquan1236@phytium.com.cn> | ||
| 7 | Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn> | ||
| 8 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 9 | Reviewed-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> | ||
| 10 | Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> | ||
| 11 | Message-id: 20230710063750.473510-2-wangyuquan1236@phytium.com.cn | ||
| 12 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 13 | --- | ||
| 14 | hw/arm/sbsa-ref.c | 1 + | ||
| 15 | 1 file changed, 1 insertion(+) | ||
| 16 | |||
| 17 | diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c | ||
| 18 | index XXXXXXX..XXXXXXX 100644 | ||
| 19 | --- a/hw/arm/sbsa-ref.c | ||
| 20 | +++ b/hw/arm/sbsa-ref.c | ||
| 21 | @@ -XXX,XX +XXX,XX @@ static void create_xhci(const SBSAMachineState *sms) | ||
| 22 | hwaddr base = sbsa_ref_memmap[SBSA_XHCI].base; | ||
| 23 | int irq = sbsa_ref_irqmap[SBSA_XHCI]; | ||
| 24 | DeviceState *dev = qdev_new(TYPE_XHCI_SYSBUS); | ||
| 25 | + qdev_prop_set_uint32(dev, "slots", XHCI_MAXSLOTS); | ||
| 26 | |||
| 27 | sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); | ||
| 28 | sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); | ||
| 29 | -- | ||
| 30 | 2.34.1 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | In the code for TARGET_NR_clock_adjtime, we set the pointer phtx to | ||
| 2 | the address of the local variable htx. This means it can never be | ||
| 3 | NULL, but later in the code we check it for NULL anyway. Coverity | ||
| 4 | complains about this (CID 1507683) because the NULL check comes after | ||
| 5 | a call to clock_adjtime() that assumes it is non-NULL. | ||
| 1 | 6 | ||
| 7 | Since phtx is always &htx, and is used only in three places, it's not | ||
| 8 | really necessary. Remove it, bringing the code structure in to line | ||
| 9 | with that for TARGET_NR_clock_adjtime64, which already uses a simple | ||
| 10 | '&htx' when it wants a pointer to 'htx'. | ||
| 11 | |||
| 12 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 13 | Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> | ||
| 14 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 15 | Message-id: 20230623144410.1837261-1-peter.maydell@linaro.org | ||
| 16 | --- | ||
| 17 | linux-user/syscall.c | 12 +++++------- | ||
| 18 | 1 file changed, 5 insertions(+), 7 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/linux-user/syscall.c b/linux-user/syscall.c | ||
| 21 | index XXXXXXX..XXXXXXX 100644 | ||
| 22 | --- a/linux-user/syscall.c | ||
| 23 | +++ b/linux-user/syscall.c | ||
| 24 | @@ -XXX,XX +XXX,XX @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, | ||
| 25 | #if defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME) | ||
| 26 | case TARGET_NR_clock_adjtime: | ||
| 27 | { | ||
| 28 | - struct timex htx, *phtx = &htx; | ||
| 29 | + struct timex htx; | ||
| 30 | |||
| 31 | - if (target_to_host_timex(phtx, arg2) != 0) { | ||
| 32 | + if (target_to_host_timex(&htx, arg2) != 0) { | ||
| 33 | return -TARGET_EFAULT; | ||
| 34 | } | ||
| 35 | - ret = get_errno(clock_adjtime(arg1, phtx)); | ||
| 36 | - if (!is_error(ret) && phtx) { | ||
| 37 | - if (host_to_target_timex(arg2, phtx) != 0) { | ||
| 38 | - return -TARGET_EFAULT; | ||
| 39 | - } | ||
| 40 | + ret = get_errno(clock_adjtime(arg1, &htx)); | ||
| 41 | + if (!is_error(ret) && host_to_target_timex(arg2, &htx)) { | ||
| 42 | + return -TARGET_EFAULT; | ||
| 43 | } | ||
| 44 | } | ||
| 45 | return ret; | ||
| 46 | -- | ||
| 47 | 2.34.1 | ||
| 48 | |||
| 49 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | Add comments to the in_* fields in the S1Translate struct | ||
| 2 | that explain what they're doing. | ||
| 1 | 3 | ||
| 4 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 5 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 6 | Message-id: 20230710152130.3928330-2-peter.maydell@linaro.org | ||
| 7 | --- | ||
| 8 | target/arm/ptw.c | 40 ++++++++++++++++++++++++++++++++++++++++ | ||
| 9 | 1 file changed, 40 insertions(+) | ||
| 10 | |||
| 11 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c | ||
| 12 | index XXXXXXX..XXXXXXX 100644 | ||
| 13 | --- a/target/arm/ptw.c | ||
| 14 | +++ b/target/arm/ptw.c | ||
| 15 | @@ -XXX,XX +XXX,XX @@ | ||
| 16 | #endif | ||
| 17 | |||
| 18 | typedef struct S1Translate { | ||
| 19 | + /* | ||
| 20 | + * in_mmu_idx : specifies which TTBR, TCR, etc to use for the walk. | ||
| 21 | + * Together with in_space, specifies the architectural translation regime. | ||
| 22 | + */ | ||
| 23 | ARMMMUIdx in_mmu_idx; | ||
| 24 | + /* | ||
| 25 | + * in_ptw_idx: specifies which mmuidx to use for the actual | ||
| 26 | + * page table descriptor load operations. This will be one of the | ||
| 27 | + * ARMMMUIdx_Stage2* or one of the ARMMMUIdx_Phys_* indexes. | ||
| 28 | + * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit, | ||
| 29 | + * this field is updated accordingly. | ||
| 30 | + */ | ||
| 31 | ARMMMUIdx in_ptw_idx; | ||
| 32 | + /* | ||
| 33 | + * in_space: the security space for this walk. This plus | ||
| 34 | + * the in_mmu_idx specify the architectural translation regime. | ||
| 35 | + * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit, | ||
| 36 | + * this field is updated accordingly. | ||
| 37 | + * | ||
| 38 | + * Note that the security space for the in_ptw_idx may be different | ||
| 39 | + * from that for the in_mmu_idx. We do not need to explicitly track | ||
| 40 | + * the in_ptw_idx security space because: | ||
| 41 | + * - if the in_ptw_idx is an ARMMMUIdx_Phys_* then the mmuidx | ||
| 42 | + * itself specifies the security space | ||
| 43 | + * - if the in_ptw_idx is an ARMMMUIdx_Stage2* then the security | ||
| 44 | + * space used for ptw reads is the same as that of the security | ||
| 45 | + * space of the stage 1 translation for all cases except where | ||
| 46 | + * stage 1 is Secure; in that case the only possibilities for | ||
| 47 | + * the ptw read are Secure and NonSecure, and the in_ptw_idx | ||
| 48 | + * value being Stage2 vs Stage2_S distinguishes those. | ||
| 49 | + */ | ||
| 50 | ARMSecuritySpace in_space; | ||
| 51 | + /* | ||
| 52 | + * in_secure: whether the translation regime is a Secure one. | ||
| 53 | + * This is always equal to arm_space_is_secure(in_space). | ||
| 54 | + * If a Secure ptw is "downgraded" to NonSecure by an NSTable bit, | ||
| 55 | + * this field is updated accordingly. | ||
| 56 | + */ | ||
| 57 | bool in_secure; | ||
| 58 | + /* | ||
| 59 | + * in_debug: is this a QEMU debug access (gdbstub, etc)? Debug | ||
| 60 | + * accesses will not update the guest page table access flags | ||
| 61 | + * and will not change the state of the softmmu TLBs. | ||
| 62 | + */ | ||
| 63 | bool in_debug; | ||
| 64 | /* | ||
| 65 | * If this is stage 2 of a stage 1+2 page table walk, then this must | ||
| 66 | -- | ||
| 67 | 2.34.1 | diff view generated by jsdifflib |
| 1 | From: Ard Biesheuvel <ardb@kernel.org> | 1 | In commit fe4a5472ccd6 we rearranged the logic in S1_ptw_translate() |
|---|---|---|---|
| 2 | so that the debug-access "call get_phys_addr_*" codepath is used both | ||
| 3 | when S1 is doing ptw reads from stage 2 and when it is doing ptw | ||
| 4 | reads from physical memory. However, we didn't update the | ||
| 5 | calculation of s2ptw->in_space and s2ptw->in_secure to account for | ||
| 6 | the "ptw reads from physical memory" case. This meant that debug | ||
| 7 | accesses when in Secure state broke. | ||
| 2 | 8 | ||
| 3 | The LPA2 extension implements 52-bit virtual addressing for 4k and 16k | 9 | Create a new function S2_security_space() which returns the |
| 4 | translation granules, and for the former, this means an additional level | 10 | correct security space to use for the ptw load, and use it to |
| 5 | of translation is needed. This means we start counting at -1 instead of | 11 | determine the correct .in_secure and .in_space fields for the |
| 6 | 0 when doing a walk, and so 'level' is now a signed quantity, and should | 12 | stage 2 lookup for the ptw load. |
| 7 | be typed as such. So turn it from uint32_t into int32_t. | ||
| 8 | 13 | ||
| 9 | This avoids a level of -1 getting misinterpreted as being >= 3, and | 14 | Reported-by: Jean-Philippe Brucker <jean-philippe@linaro.org> |
| 10 | terminating a page table walk prematurely with a bogus output address. | 15 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
| 11 | 16 | Tested-by: Jean-Philippe Brucker <jean-philippe@linaro.org> | |
| 12 | Cc: Peter Maydell <peter.maydell@linaro.org> | 17 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
| 13 | Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> | 18 | Message-id: 20230710152130.3928330-3-peter.maydell@linaro.org |
| 14 | Cc: Richard Henderson <richard.henderson@linaro.org> | 19 | Fixes: fe4a5472ccd6 ("target/arm: Use get_phys_addr_with_struct in S1_ptw_translate") |
| 15 | Signed-off-by: Ard Biesheuvel <ardb@kernel.org> | ||
| 16 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 17 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 20 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
| 18 | --- | 21 | --- |
| 19 | target/arm/ptw.c | 4 ++-- | 22 | target/arm/ptw.c | 37 ++++++++++++++++++++++++++++++++----- |
| 20 | 1 file changed, 2 insertions(+), 2 deletions(-) | 23 | 1 file changed, 32 insertions(+), 5 deletions(-) |
| 21 | 24 | ||
| 22 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c | 25 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c |
| 23 | index XXXXXXX..XXXXXXX 100644 | 26 | index XXXXXXX..XXXXXXX 100644 |
| 24 | --- a/target/arm/ptw.c | 27 | --- a/target/arm/ptw.c |
| 25 | +++ b/target/arm/ptw.c | 28 | +++ b/target/arm/ptw.c |
| 26 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, | 29 | @@ -XXX,XX +XXX,XX @@ static bool S2_attrs_are_device(uint64_t hcr, uint8_t attrs) |
| 27 | ARMCPU *cpu = env_archcpu(env); | 30 | } |
| 31 | } | ||
| 32 | |||
| 33 | +static ARMSecuritySpace S2_security_space(ARMSecuritySpace s1_space, | ||
| 34 | + ARMMMUIdx s2_mmu_idx) | ||
| 35 | +{ | ||
| 36 | + /* | ||
| 37 | + * Return the security space to use for stage 2 when doing | ||
| 38 | + * the S1 page table descriptor load. | ||
| 39 | + */ | ||
| 40 | + if (regime_is_stage2(s2_mmu_idx)) { | ||
| 41 | + /* | ||
| 42 | + * The security space for ptw reads is almost always the same | ||
| 43 | + * as that of the security space of the stage 1 translation. | ||
| 44 | + * The only exception is when stage 1 is Secure; in that case | ||
| 45 | + * the ptw read might be to the Secure or the NonSecure space | ||
| 46 | + * (but never Realm or Root), and the s2_mmu_idx tells us which. | ||
| 47 | + * Root translations are always single-stage. | ||
| 48 | + */ | ||
| 49 | + if (s1_space == ARMSS_Secure) { | ||
| 50 | + return arm_secure_to_space(s2_mmu_idx == ARMMMUIdx_Stage2_S); | ||
| 51 | + } else { | ||
| 52 | + assert(s2_mmu_idx != ARMMMUIdx_Stage2_S); | ||
| 53 | + assert(s1_space != ARMSS_Root); | ||
| 54 | + return s1_space; | ||
| 55 | + } | ||
| 56 | + } else { | ||
| 57 | + /* ptw loads are from phys: the mmu idx itself says which space */ | ||
| 58 | + return arm_phys_to_space(s2_mmu_idx); | ||
| 59 | + } | ||
| 60 | +} | ||
| 61 | + | ||
| 62 | /* Translate a S1 pagetable walk through S2 if needed. */ | ||
| 63 | static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw, | ||
| 64 | hwaddr addr, ARMMMUFaultInfo *fi) | ||
| 65 | { | ||
| 66 | - ARMSecuritySpace space = ptw->in_space; | ||
| 67 | bool is_secure = ptw->in_secure; | ||
| 28 | ARMMMUIdx mmu_idx = ptw->in_mmu_idx; | 68 | ARMMMUIdx mmu_idx = ptw->in_mmu_idx; |
| 29 | bool is_secure = ptw->in_secure; | 69 | ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx; |
| 30 | - uint32_t level; | 70 | @@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw, |
| 31 | + int32_t level; | 71 | * From gdbstub, do not use softmmu so that we don't modify the |
| 32 | ARMVAParameters param; | 72 | * state of the cpu at all, including softmmu tlb contents. |
| 33 | uint64_t ttbr; | ||
| 34 | hwaddr descaddr, indexmask, indexmask_grainsize; | ||
| 35 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, | ||
| 36 | */ | 73 | */ |
| 37 | uint32_t sl0 = extract32(tcr, 6, 2); | 74 | + ARMSecuritySpace s2_space = S2_security_space(ptw->in_space, s2_mmu_idx); |
| 38 | uint32_t sl2 = extract64(tcr, 33, 1); | 75 | S1Translate s2ptw = { |
| 39 | - uint32_t startlevel; | 76 | .in_mmu_idx = s2_mmu_idx, |
| 40 | + int32_t startlevel; | 77 | .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx), |
| 41 | bool ok; | 78 | - .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S, |
| 42 | 79 | - .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure | |
| 43 | /* SL2 is RES0 unless DS=1 & 4kb granule. */ | 80 | - : space == ARMSS_Realm ? ARMSS_Realm |
| 81 | - : ARMSS_NonSecure), | ||
| 82 | + .in_secure = arm_space_is_secure(s2_space), | ||
| 83 | + .in_space = s2_space, | ||
| 84 | .in_debug = true, | ||
| 85 | }; | ||
| 86 | GetPhysAddrResult s2 = { }; | ||
| 44 | -- | 87 | -- |
| 45 | 2.25.1 | 88 | 2.34.1 |
| 46 | |||
| 47 | diff view generated by jsdifflib |
| 1 | In get_phys_addr_with_struct(), we call get_phys_addr_twostage() if | 1 | In get_phys_addr_twostage() the code that applies the effects of |
|---|---|---|---|
| 2 | the CPU supports EL2. However, we don't check here that stage 2 is | 2 | VSTCR.{SA,SW} and VTCR.{NSA,NSW} only updates result->f.attrs.secure. |
| 3 | actually enabled. Instead we only check that inside | 3 | Now we also have f.attrs.space for FEAT_RME, we need to keep the two |
| 4 | get_phys_addr_twostage() to skip stage 2 translation. This means | 4 | in sync. |
| 5 | that even if stage 2 is disabled we still tell the stage 1 lookup to | ||
| 6 | do its page table walks via stage 2. | ||
| 7 | 5 | ||
| 8 | This works by luck for normal CPU accesses, but it breaks for debug | 6 | These bits only have an effect for Secure space translations, not |
| 9 | accesses, which are used by the disassembler and also by semihosting | 7 | for Root, so use the input in_space field to determine whether to |
| 10 | file reads and writes, because the debug case takes a different code | 8 | apply them rather than the input is_secure. This doesn't actually |
| 11 | path inside S1_ptw_translate(). | 9 | make a difference because Root translations are never two-stage, |
| 10 | but it's a little clearer. | ||
| 12 | 11 | ||
| 13 | This means that setups that use semihosting for file loads are broken | 12 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
| 14 | (a regression since 7.1, introduced in recent ptw refactoring), and | ||
| 15 | that sometimes disassembly in debug logs reports "unable to read | ||
| 16 | memory" rather than showing the guest insns. | ||
| 17 | |||
| 18 | Fix the bug by hoisting the "is stage 2 enabled?" check up to | ||
| 19 | get_phys_addr_with_struct(), so that we handle S2 disabled the same | ||
| 20 | way we do the "no EL2" case, with a simple single stage lookup. | ||
| 21 | |||
| 22 | Reported-by: Jens Wiklander <jens.wiklander@linaro.org> | ||
| 23 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | 13 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> |
| 24 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 14 | Message-id: 20230710152130.3928330-4-peter.maydell@linaro.org |
| 25 | Message-id: 20221121212404.1450382-1-peter.maydell@linaro.org | ||
| 26 | --- | 15 | --- |
| 27 | target/arm/ptw.c | 7 ++++--- | 16 | target/arm/ptw.c | 13 ++++++++----- |
| 28 | 1 file changed, 4 insertions(+), 3 deletions(-) | 17 | 1 file changed, 8 insertions(+), 5 deletions(-) |
| 29 | 18 | ||
| 30 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c | 19 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c |
| 31 | index XXXXXXX..XXXXXXX 100644 | 20 | index XXXXXXX..XXXXXXX 100644 |
| 32 | --- a/target/arm/ptw.c | 21 | --- a/target/arm/ptw.c |
| 33 | +++ b/target/arm/ptw.c | 22 | +++ b/target/arm/ptw.c |
| 34 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, | 23 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, |
| 35 | 24 | hwaddr ipa; | |
| 36 | ret = get_phys_addr_with_struct(env, ptw, address, access_type, result, fi); | 25 | int s1_prot, s1_lgpgsz; |
| 37 | 26 | bool is_secure = ptw->in_secure; | |
| 38 | - /* If S1 fails or S2 is disabled, return early. */ | 27 | + ARMSecuritySpace in_space = ptw->in_space; |
| 39 | - if (ret || regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) { | 28 | bool ret, ipa_secure; |
| 40 | + /* If S1 fails, return early. */ | 29 | ARMCacheAttrs cacheattrs1; |
| 41 | + if (ret) { | 30 | ARMSecuritySpace ipa_space; |
| 42 | return ret; | 31 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw, |
| 43 | } | 32 | * Check if IPA translates to secure or non-secure PA space. |
| 44 | 33 | * Note that VSTCR overrides VTCR and {N}SW overrides {N}SA. | |
| 45 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw, | 34 | */ |
| 46 | * Otherwise, a stage1+stage2 translation is just stage 1. | 35 | - result->f.attrs.secure = |
| 47 | */ | 36 | - (is_secure |
| 48 | ptw->in_mmu_idx = mmu_idx = s1_mmu_idx; | 37 | - && !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)) |
| 49 | - if (arm_feature(env, ARM_FEATURE_EL2)) { | 38 | - && (ipa_secure |
| 50 | + if (arm_feature(env, ARM_FEATURE_EL2) && | 39 | - || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW)))); |
| 51 | + !regime_translation_disabled(env, ARMMMUIdx_Stage2, is_secure)) { | 40 | + if (in_space == ARMSS_Secure) { |
| 52 | return get_phys_addr_twostage(env, ptw, address, access_type, | 41 | + result->f.attrs.secure = |
| 53 | result, fi); | 42 | + !(env->cp15.vstcr_el2 & (VSTCR_SA | VSTCR_SW)) |
| 54 | } | 43 | + && (ipa_secure |
| 44 | + || !(env->cp15.vtcr_el2 & (VTCR_NSA | VTCR_NSW))); | ||
| 45 | + result->f.attrs.space = arm_secure_to_space(result->f.attrs.secure); | ||
| 46 | + } | ||
| 47 | |||
| 48 | return false; | ||
| 49 | } | ||
| 55 | -- | 50 | -- |
| 56 | 2.25.1 | 51 | 2.34.1 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | In commit f0a08b0913befbd we changed the type of the PC from | ||
| 2 | target_ulong to vaddr. In doing so we inadvertently dropped the | ||
| 3 | zero-padding on the PC in trace lines (the second item inside the [] | ||
| 4 | in these lines). They used to look like this on AArch64, for | ||
| 5 | instance: | ||
| 1 | 6 | ||
| 7 | Trace 0: 0x7f2260000100 [00000000/0000000040000000/00000061/ff200000] | ||
| 8 | |||
| 9 | and now they look like this: | ||
| 10 | Trace 0: 0x7f4f50000100 [00000000/40000000/00000061/ff200000] | ||
| 11 | |||
| 12 | and if the PC happens to be somewhere low like 0x5000 | ||
| 13 | then the field is shown as /5000/. | ||
| 14 | |||
| 15 | This is because TARGET_FMT_lx is a "%08x" or "%016x" specifier, | ||
| 16 | depending on TARGET_LONG_SIZE, whereas VADDR_PRIx is just PRIx64 | ||
| 17 | with no width specifier. | ||
| 18 | |||
| 19 | Restore the zero-padding by adding an 016 width specifier to | ||
| 20 | this tracing and a couple of others that were similarly recently | ||
| 21 | changed to use VADDR_PRIx without a width specifier. | ||
| 22 | |||
| 23 | We can't unfortunately restore the "32-bit guests are padded to | ||
| 24 | 8 hex digits and 64-bit guests to 16 hex digits" behaviour so | ||
| 25 | easily. | ||
| 26 | |||
| 27 | Fixes: f0a08b0913befbd ("accel/tcg/cpu-exec.c: Widen pc to vaddr") | ||
| 28 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 29 | Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> | ||
| 30 | Reviewed-by: Anton Johansson <anjo@rev.ng> | ||
| 31 | Message-id: 20230711165434.4123674-1-peter.maydell@linaro.org | ||
| 32 | --- | ||
| 33 | accel/tcg/cpu-exec.c | 4 ++-- | ||
| 34 | accel/tcg/translate-all.c | 2 +- | ||
| 35 | 2 files changed, 3 insertions(+), 3 deletions(-) | ||
| 36 | |||
| 37 | diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c | ||
| 38 | index XXXXXXX..XXXXXXX 100644 | ||
| 39 | --- a/accel/tcg/cpu-exec.c | ||
| 40 | +++ b/accel/tcg/cpu-exec.c | ||
| 41 | @@ -XXX,XX +XXX,XX @@ static void log_cpu_exec(vaddr pc, CPUState *cpu, | ||
| 42 | if (qemu_log_in_addr_range(pc)) { | ||
| 43 | qemu_log_mask(CPU_LOG_EXEC, | ||
| 44 | "Trace %d: %p [%08" PRIx64 | ||
| 45 | - "/%" VADDR_PRIx "/%08x/%08x] %s\n", | ||
| 46 | + "/%016" VADDR_PRIx "/%08x/%08x] %s\n", | ||
| 47 | cpu->cpu_index, tb->tc.ptr, tb->cs_base, pc, | ||
| 48 | tb->flags, tb->cflags, lookup_symbol(pc)); | ||
| 49 | |||
| 50 | @@ -XXX,XX +XXX,XX @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit) | ||
| 51 | if (qemu_loglevel_mask(CPU_LOG_EXEC)) { | ||
| 52 | vaddr pc = log_pc(cpu, last_tb); | ||
| 53 | if (qemu_log_in_addr_range(pc)) { | ||
| 54 | - qemu_log("Stopped execution of TB chain before %p [%" | ||
| 55 | + qemu_log("Stopped execution of TB chain before %p [%016" | ||
| 56 | VADDR_PRIx "] %s\n", | ||
| 57 | last_tb->tc.ptr, pc, lookup_symbol(pc)); | ||
| 58 | } | ||
| 59 | diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c | ||
| 60 | index XXXXXXX..XXXXXXX 100644 | ||
| 61 | --- a/accel/tcg/translate-all.c | ||
| 62 | +++ b/accel/tcg/translate-all.c | ||
| 63 | @@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr) | ||
| 64 | if (qemu_loglevel_mask(CPU_LOG_EXEC)) { | ||
| 65 | vaddr pc = log_pc(cpu, tb); | ||
| 66 | if (qemu_log_in_addr_range(pc)) { | ||
| 67 | - qemu_log("cpu_io_recompile: rewound execution of TB to %" | ||
| 68 | + qemu_log("cpu_io_recompile: rewound execution of TB to %016" | ||
| 69 | VADDR_PRIx "\n", pc); | ||
| 70 | } | ||
| 71 | } | ||
| 72 | -- | ||
| 73 | 2.34.1 | ||
| 74 | |||
| 75 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | From: Tong Ho <tong.ho@amd.com> | ||
| 1 | 2 | ||
| 3 | Add a check in the bit-set operation to write the backstore | ||
| 4 | only if the affected bit is 0 before. | ||
| 5 | |||
| 6 | With this in place, there will be no need for callers to | ||
| 7 | do the checking in order to avoid unnecessary writes. | ||
| 8 | |||
| 9 | Signed-off-by: Tong Ho <tong.ho@amd.com> | ||
| 10 | Reviewed-by: Alistair Francis <alistair.francis@wdc.com> | ||
| 11 | Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com> | ||
| 12 | Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> | ||
| 13 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 14 | --- | ||
| 15 | hw/nvram/xlnx-efuse.c | 11 +++++++++-- | ||
| 16 | 1 file changed, 9 insertions(+), 2 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/hw/nvram/xlnx-efuse.c b/hw/nvram/xlnx-efuse.c | ||
| 19 | index XXXXXXX..XXXXXXX 100644 | ||
| 20 | --- a/hw/nvram/xlnx-efuse.c | ||
| 21 | +++ b/hw/nvram/xlnx-efuse.c | ||
| 22 | @@ -XXX,XX +XXX,XX @@ static bool efuse_ro_bits_find(XlnxEFuse *s, uint32_t k) | ||
| 23 | |||
| 24 | bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit) | ||
| 25 | { | ||
| 26 | + uint32_t set, *row; | ||
| 27 | + | ||
| 28 | if (efuse_ro_bits_find(s, bit)) { | ||
| 29 | g_autofree char *path = object_get_canonical_path(OBJECT(s)); | ||
| 30 | |||
| 31 | @@ -XXX,XX +XXX,XX @@ bool xlnx_efuse_set_bit(XlnxEFuse *s, unsigned int bit) | ||
| 32 | return false; | ||
| 33 | } | ||
| 34 | |||
| 35 | - s->fuse32[bit / 32] |= 1 << (bit % 32); | ||
| 36 | - efuse_bdrv_sync(s, bit); | ||
| 37 | + /* Avoid back-end write unless there is a real update */ | ||
| 38 | + row = &s->fuse32[bit / 32]; | ||
| 39 | + set = 1 << (bit % 32); | ||
| 40 | + if (!(set & *row)) { | ||
| 41 | + *row |= set; | ||
| 42 | + efuse_bdrv_sync(s, bit); | ||
| 43 | + } | ||
| 44 | return true; | ||
| 45 | } | ||
| 46 | |||
| 47 | -- | ||
| 48 | 2.34.1 | ||
| 49 | |||
| 50 | diff view generated by jsdifflib |