1
Some arm patches; my to-review queue is by no means empty, but
1
Hi; here's a target-arm pullreq. Mostly this is RTH's FEAT_RME
2
this is a big enough set of patches to be getting on with...
2
series; there are also a handful of bug fixes including some
3
which aren't arm-specific but which it's convenient to include
4
here.
3
5
6
thanks
4
-- PMM
7
-- PMM
5
8
6
The following changes since commit cb9c6a8e5ad6a1f0ce164d352e3102df46986e22:
9
The following changes since commit b455ce4c2f300c8ba47cba7232dd03261368a4cb:
7
10
8
.gitlab-ci.d/windows: Work-around timeout and OpenGL problems of the MSYS2 jobs (2023-01-04 18:58:33 +0000)
11
Merge tag 'q800-for-8.1-pull-request' of https://github.com/vivier/qemu-m68k into staging (2023-06-22 10:18:32 +0200)
9
12
10
are available in the Git repository at:
13
are available in the Git repository at:
11
14
12
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230105
15
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230623
13
16
14
for you to fetch changes up to 93c9678de9dc7d2e68f9e8477da072bac30ef132:
17
for you to fetch changes up to 497fad38979c16b6412388927401e577eba43d26:
15
18
16
hw/net: Fix read of uninitialized memory in imx_fec. (2023-01-05 15:33:00 +0000)
19
pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym (2023-06-23 11:46:02 +0100)
17
20
18
----------------------------------------------------------------
21
----------------------------------------------------------------
19
target-arm queue:
22
target-arm queue:
20
* Implement AArch32 ARMv8-R support
23
* Add (experimental) support for FEAT_RME
21
* Add Cortex-R52 CPU
24
* host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
22
* fix handling of HLT semihosting in system mode
25
* target/arm: Restructure has_vfp_d32 test
23
* hw/timer/ixm_epit: cleanup and fix bug in compare handling
26
* hw/arm/sbsa-ref: add ITS support in SBSA GIC
24
* target/arm: Coding style fixes
27
* target/arm: Fix sve predicate store, 8 <= VQ <= 15
25
* target/arm: Clean up includes
28
* pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym
26
* nseries: minor code cleanups
27
* target/arm: align exposed ID registers with Linux
28
* hw/arm/smmu-common: remove unnecessary inlines
29
* i.MX7D: Handle GPT timers
30
* i.MX7D: Connect IRQs to GPIO devices
31
* i.MX6UL: Add a specific GPT timer instance
32
* hw/net: Fix read of uninitialized memory in imx_fec
33
29
34
----------------------------------------------------------------
30
----------------------------------------------------------------
35
Alex Bennée (1):
31
Peter Maydell (2):
36
target/arm: fix handling of HLT semihosting in system mode
32
host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
33
pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym
37
34
38
Axel Heider (8):
35
Richard Henderson (23):
39
hw/timer/imx_epit: improve comments
36
target/arm: Add isar_feature_aa64_rme
40
hw/timer/imx_epit: cleanup CR defines
37
target/arm: Update SCR and HCR for RME
41
hw/timer/imx_epit: define SR_OCIF
38
target/arm: SCR_EL3.NS may be RES1
42
hw/timer/imx_epit: update interrupt state on CR write access
39
target/arm: Add RME cpregs
43
hw/timer/imx_epit: hard reset initializes CR with 0
40
target/arm: Introduce ARMSecuritySpace
44
hw/timer/imx_epit: factor out register write handlers
41
include/exec/memattrs: Add two bits of space to MemTxAttrs
45
hw/timer/imx_epit: remove explicit fields cnt and freq
42
target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx
46
hw/timer/imx_epit: fix compare timer handling
43
target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root}
44
target/arm: Remove __attribute__((nonnull)) from ptw.c
45
target/arm: Pipe ARMSecuritySpace through ptw.c
46
target/arm: NSTable is RES0 for the RME EL3 regime
47
target/arm: Handle Block and Page bits for security space
48
target/arm: Handle no-execute for Realm and Root regimes
49
target/arm: Use get_phys_addr_with_struct in S1_ptw_translate
50
target/arm: Move s1_is_el0 into S1Translate
51
target/arm: Use get_phys_addr_with_struct for stage2
52
target/arm: Add GPC syndrome
53
target/arm: Implement GPC exceptions
54
target/arm: Implement the granule protection check
55
target/arm: Add cpu properties for enabling FEAT_RME
56
docs/system/arm: Document FEAT_RME
57
target/arm: Restructure has_vfp_d32 test
58
target/arm: Fix sve predicate store, 8 <= VQ <= 15
47
59
48
Claudio Fontana (1):
60
Shashi Mallela (1):
49
target/arm: cleanup cpu includes
61
hw/arm/sbsa-ref: add ITS support in SBSA GIC
50
62
51
Fabiano Rosas (5):
63
docs/system/arm/cpu-features.rst | 23 ++
52
target/arm: Fix checkpatch comment style warnings in helper.c
64
docs/system/arm/emulation.rst | 1 +
53
target/arm: Fix checkpatch space errors in helper.c
65
docs/system/arm/sbsa.rst | 14 +
54
target/arm: Fix checkpatch brace errors in helper.c
66
include/exec/memattrs.h | 9 +-
55
target/arm: Remove unused includes from m_helper.c
67
include/qemu/compiler.h | 13 +
56
target/arm: Remove unused includes from helper.c
68
include/qemu/host-utils.h | 2 +-
57
69
target/arm/cpu.h | 151 ++++++++---
58
Jean-Christophe Dubois (4):
70
target/arm/internals.h | 27 ++
59
i.MX7D: Connect GPT timers to IRQ
71
target/arm/syndrome.h | 10 +
60
i.MX7D: Compute clock frequency for the fixed frequency clocks.
72
hw/arm/sbsa-ref.c | 33 ++-
61
i.MX6UL: Add a specific GPT timer instance for the i.MX6UL
73
target/arm/cpu.c | 32 ++-
62
i.MX7D: Connect IRQs to GPIO devices.
74
target/arm/helper.c | 162 ++++++++++-
63
75
target/arm/ptw.c | 570 +++++++++++++++++++++++++++++++--------
64
Peter Maydell (1):
76
target/arm/tcg/cpu64.c | 53 ++++
65
target/arm:Set lg_page_size to 0 if either S1 or S2 asks for it
77
target/arm/tcg/tlb_helper.c | 96 ++++++-
66
78
target/arm/tcg/translate-sve.c | 2 +-
67
Philippe Mathieu-Daudé (5):
79
pc-bios/keymaps/meson.build | 2 +-
68
hw/input/tsc2xxx: Constify set_transform()'s MouseTransformInfo arg
80
17 files changed, 1034 insertions(+), 166 deletions(-)
69
hw/arm/nseries: Constify various read-only arrays
70
hw/arm/nseries: Silent -Wmissing-field-initializers warning
71
hw/arm/smmu-common: Reduce smmu_inv_notifiers_mr() scope
72
hw/arm/smmu-common: Avoid using inlined functions with external linkage
73
74
Stephen Longfield (1):
75
hw/net: Fix read of uninitialized memory in imx_fec.
76
77
Tobias Röhmel (7):
78
target/arm: Don't add all MIDR aliases for cores that implement PMSA
79
target/arm: Make RVBAR available for all ARMv8 CPUs
80
target/arm: Make stage_2_format for cache attributes optional
81
target/arm: Enable TTBCR_EAE for ARMv8-R AArch32
82
target/arm: Add PMSAv8r registers
83
target/arm: Add PMSAv8r functionality
84
target/arm: Add ARM Cortex-R52 CPU
85
86
Zhuojia Shen (1):
87
target/arm: align exposed ID registers with Linux
88
89
include/hw/arm/fsl-imx7.h | 20 +
90
include/hw/arm/smmu-common.h | 3 -
91
include/hw/input/tsc2xxx.h | 4 +-
92
include/hw/timer/imx_epit.h | 8 +-
93
include/hw/timer/imx_gpt.h | 1 +
94
target/arm/cpu.h | 6 +
95
target/arm/internals.h | 4 +
96
hw/arm/fsl-imx6ul.c | 2 +-
97
hw/arm/fsl-imx7.c | 41 +-
98
hw/arm/nseries.c | 28 +-
99
hw/arm/smmu-common.c | 15 +-
100
hw/input/tsc2005.c | 2 +-
101
hw/input/tsc210x.c | 3 +-
102
hw/misc/imx6ul_ccm.c | 6 -
103
hw/misc/imx7_ccm.c | 49 ++-
104
hw/net/imx_fec.c | 8 +-
105
hw/timer/imx_epit.c | 376 +++++++++-------
106
hw/timer/imx_gpt.c | 25 ++
107
target/arm/cpu.c | 35 +-
108
target/arm/cpu64.c | 6 -
109
target/arm/cpu_tcg.c | 42 ++
110
target/arm/debug_helper.c | 3 +
111
target/arm/helper.c | 871 +++++++++++++++++++++++++++++---------
112
target/arm/m_helper.c | 16 -
113
target/arm/machine.c | 28 ++
114
target/arm/ptw.c | 152 +++++--
115
target/arm/tlb_helper.c | 4 +
116
target/arm/translate.c | 2 +-
117
tests/tcg/aarch64/sysregs.c | 24 +-
118
tests/tcg/aarch64/Makefile.target | 7 +-
119
30 files changed, 1330 insertions(+), 461 deletions(-)
120
diff view generated by jsdifflib
1
From: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
RVBAR shadows RVBAR_ELx where x is the highest exception
3
Add the missing field for ID_AA64PFR0, and the predicate.
4
level if the highest EL is not EL3. This patch also allows
4
Disable it if EL3 is forced off by the board or command-line.
5
ARMv8 CPUs to change the reset address with
6
the rvbar property.
7
5
8
Signed-off-by: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Message-id: 20221206102504.165775-3-tobias.roehmel@rwth-aachen.de
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20230620124418.805717-2-richard.henderson@linaro.org
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
11
---
13
target/arm/cpu.c | 6 +++++-
12
target/arm/cpu.h | 6 ++++++
14
target/arm/helper.c | 21 ++++++++++++++-------
13
target/arm/cpu.c | 4 ++++
15
2 files changed, 19 insertions(+), 8 deletions(-)
14
2 files changed, 10 insertions(+)
16
15
16
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
17
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/cpu.h
19
+++ b/target/arm/cpu.h
20
@@ -XXX,XX +XXX,XX @@ FIELD(ID_AA64PFR0, SEL2, 36, 4)
21
FIELD(ID_AA64PFR0, MPAM, 40, 4)
22
FIELD(ID_AA64PFR0, AMU, 44, 4)
23
FIELD(ID_AA64PFR0, DIT, 48, 4)
24
+FIELD(ID_AA64PFR0, RME, 52, 4)
25
FIELD(ID_AA64PFR0, CSV2, 56, 4)
26
FIELD(ID_AA64PFR0, CSV3, 60, 4)
27
28
@@ -XXX,XX +XXX,XX @@ static inline bool isar_feature_aa64_sel2(const ARMISARegisters *id)
29
return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, SEL2) != 0;
30
}
31
32
+static inline bool isar_feature_aa64_rme(const ARMISARegisters *id)
33
+{
34
+ return FIELD_EX64(id->id_aa64pfr0, ID_AA64PFR0, RME) != 0;
35
+}
36
+
37
static inline bool isar_feature_aa64_vh(const ARMISARegisters *id)
38
{
39
return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, VH) != 0;
17
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
40
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
18
index XXXXXXX..XXXXXXX 100644
41
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/cpu.c
42
--- a/target/arm/cpu.c
20
+++ b/target/arm/cpu.c
43
+++ b/target/arm/cpu.c
21
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset_hold(Object *obj)
44
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
22
env->cp15.cpacr_el1 = FIELD_DP64(env->cp15.cpacr_el1,
45
cpu->isar.id_dfr0 = FIELD_DP32(cpu->isar.id_dfr0, ID_DFR0, COPSDBG, 0);
23
CPACR, CP11, 3);
46
cpu->isar.id_aa64pfr0 = FIELD_DP64(cpu->isar.id_aa64pfr0,
24
#endif
47
ID_AA64PFR0, EL3, 0);
25
+ if (arm_feature(env, ARM_FEATURE_V8)) {
48
+
26
+ env->cp15.rvbar = cpu->rvbar_prop;
49
+ /* Disable the realm management extension, which requires EL3. */
27
+ env->regs[15] = cpu->rvbar_prop;
50
+ cpu->isar.id_aa64pfr0 = FIELD_DP64(cpu->isar.id_aa64pfr0,
28
+ }
51
+ ID_AA64PFR0, RME, 0);
29
}
52
}
30
53
31
#if defined(CONFIG_USER_ONLY)
54
if (!cpu->has_el2) {
32
@@ -XXX,XX +XXX,XX @@ void arm_cpu_post_init(Object *obj)
33
qdev_property_add_static(DEVICE(obj), &arm_cpu_reset_hivecs_property);
34
}
35
36
- if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
37
+ if (arm_feature(&cpu->env, ARM_FEATURE_V8)) {
38
object_property_add_uint64_ptr(obj, "rvbar",
39
&cpu->rvbar_prop,
40
OBJ_PROP_FLAG_READWRITE);
41
diff --git a/target/arm/helper.c b/target/arm/helper.c
42
index XXXXXXX..XXXXXXX 100644
43
--- a/target/arm/helper.c
44
+++ b/target/arm/helper.c
45
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
46
if (!arm_feature(env, ARM_FEATURE_EL3) &&
47
!arm_feature(env, ARM_FEATURE_EL2)) {
48
ARMCPRegInfo rvbar = {
49
- .name = "RVBAR_EL1", .state = ARM_CP_STATE_AA64,
50
+ .name = "RVBAR_EL1", .state = ARM_CP_STATE_BOTH,
51
.opc0 = 3, .opc1 = 0, .crn = 12, .crm = 0, .opc2 = 1,
52
.access = PL1_R,
53
.fieldoffset = offsetof(CPUARMState, cp15.rvbar),
54
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
55
}
56
/* RVBAR_EL2 is only implemented if EL2 is the highest EL */
57
if (!arm_feature(env, ARM_FEATURE_EL3)) {
58
- ARMCPRegInfo rvbar = {
59
- .name = "RVBAR_EL2", .state = ARM_CP_STATE_AA64,
60
- .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 0, .opc2 = 1,
61
- .access = PL2_R,
62
- .fieldoffset = offsetof(CPUARMState, cp15.rvbar),
63
+ ARMCPRegInfo rvbar[] = {
64
+ {
65
+ .name = "RVBAR_EL2", .state = ARM_CP_STATE_AA64,
66
+ .opc0 = 3, .opc1 = 4, .crn = 12, .crm = 0, .opc2 = 1,
67
+ .access = PL2_R,
68
+ .fieldoffset = offsetof(CPUARMState, cp15.rvbar),
69
+ },
70
+ { .name = "RVBAR", .type = ARM_CP_ALIAS,
71
+ .cp = 15, .opc1 = 0, .crn = 12, .crm = 0, .opc2 = 1,
72
+ .access = PL2_R,
73
+ .fieldoffset = offsetof(CPUARMState, cp15.rvbar),
74
+ },
75
};
76
- define_one_arm_cp_reg(cpu, &rvbar);
77
+ define_arm_cp_regs(cpu, rvbar);
78
}
79
}
80
81
--
55
--
82
2.25.1
56
2.34.1
83
57
84
58
diff view generated by jsdifflib
1
From: Fabiano Rosas <farosas@suse.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Fix this:
3
Define the missing SCR and HCR bits, allow SCR_NSE and {SCR,HCR}_GPF
4
ERROR: braces {} are necessary for all arms of this statement
4
to be set, and invalidate TLBs when NSE changes.
5
5
6
Signed-off-by: Fabiano Rosas <farosas@suse.de>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Claudio Fontana <cfontana@suse.de>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
8
Message-id: 20230620124418.805717-3-richard.henderson@linaro.org
9
Message-id: 20221213190537.511-4-farosas@suse.de
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
---
10
---
12
target/arm/helper.c | 67 ++++++++++++++++++++++++++++-----------------
11
target/arm/cpu.h | 5 +++--
13
1 file changed, 42 insertions(+), 25 deletions(-)
12
target/arm/helper.c | 10 ++++++++--
13
2 files changed, 11 insertions(+), 4 deletions(-)
14
14
15
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/cpu.h
18
+++ b/target/arm/cpu.h
19
@@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
20
#define HCR_TERR (1ULL << 36)
21
#define HCR_TEA (1ULL << 37)
22
#define HCR_MIOCNCE (1ULL << 38)
23
-/* RES0 bit 39 */
24
+#define HCR_TME (1ULL << 39)
25
#define HCR_APK (1ULL << 40)
26
#define HCR_API (1ULL << 41)
27
#define HCR_NV (1ULL << 42)
28
@@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
29
#define HCR_NV2 (1ULL << 45)
30
#define HCR_FWB (1ULL << 46)
31
#define HCR_FIEN (1ULL << 47)
32
-/* RES0 bit 48 */
33
+#define HCR_GPF (1ULL << 48)
34
#define HCR_TID4 (1ULL << 49)
35
#define HCR_TICAB (1ULL << 50)
36
#define HCR_AMVOFFEN (1ULL << 51)
37
@@ -XXX,XX +XXX,XX @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
38
#define SCR_TRNDR (1ULL << 40)
39
#define SCR_ENTP2 (1ULL << 41)
40
#define SCR_GPF (1ULL << 48)
41
+#define SCR_NSE (1ULL << 62)
42
43
#define HSTR_TTEE (1 << 16)
44
#define HSTR_TJDBX (1 << 17)
15
diff --git a/target/arm/helper.c b/target/arm/helper.c
45
diff --git a/target/arm/helper.c b/target/arm/helper.c
16
index XXXXXXX..XXXXXXX 100644
46
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/helper.c
47
--- a/target/arm/helper.c
18
+++ b/target/arm/helper.c
48
+++ b/target/arm/helper.c
19
@@ -XXX,XX +XXX,XX @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask,
49
@@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
20
env->CF = (val >> 29) & 1;
50
if (cpu_isar_feature(aa64_fgt, cpu)) {
21
env->VF = (val << 3) & 0x80000000;
51
valid_mask |= SCR_FGTEN;
22
}
52
}
23
- if (mask & CPSR_Q)
53
+ if (cpu_isar_feature(aa64_rme, cpu)) {
24
+ if (mask & CPSR_Q) {
54
+ valid_mask |= SCR_NSE | SCR_GPF;
25
env->QF = ((val & CPSR_Q) != 0);
26
- if (mask & CPSR_T)
27
+ }
28
+ if (mask & CPSR_T) {
29
env->thumb = ((val & CPSR_T) != 0);
30
+ }
31
if (mask & CPSR_IT_0_1) {
32
env->condexec_bits &= ~3;
33
env->condexec_bits |= (val >> 25) & 3;
34
@@ -XXX,XX +XXX,XX @@ static void switch_mode(CPUARMState *env, int mode)
35
int i;
36
37
old_mode = env->uncached_cpsr & CPSR_M;
38
- if (mode == old_mode)
39
+ if (mode == old_mode) {
40
return;
41
+ }
42
43
if (old_mode == ARM_CPU_MODE_FIQ) {
44
memcpy(env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
45
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs)
46
new_mode = ARM_CPU_MODE_UND;
47
addr = 0x04;
48
mask = CPSR_I;
49
- if (env->thumb)
50
+ if (env->thumb) {
51
offset = 2;
52
- else
53
+ } else {
54
offset = 4;
55
+ }
55
+ }
56
break;
56
} else {
57
case EXCP_SWI:
57
valid_mask &= ~(SCR_RW | SCR_ST);
58
new_mode = ARM_CPU_MODE_SVC;
58
if (cpu_isar_feature(aa32_ras, cpu)) {
59
@@ -XXX,XX +XXX,XX @@ static inline uint16_t add16_sat(uint16_t a, uint16_t b)
59
@@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
60
60
env->cp15.scr_el3 = value;
61
res = a + b;
61
62
if (((res ^ a) & 0x8000) && !((a ^ b) & 0x8000)) {
62
/*
63
- if (a & 0x8000)
63
- * If SCR_EL3.NS changes, i.e. arm_is_secure_below_el3, then
64
+ if (a & 0x8000) {
64
+ * If SCR_EL3.{NS,NSE} changes, i.e. change of security state,
65
res = 0x8000;
65
* we must invalidate all TLBs below EL3.
66
- else
66
*/
67
+ } else {
67
- if (changed & SCR_NS) {
68
res = 0x7fff;
68
+ if (changed & (SCR_NS | SCR_NSE)) {
69
tlb_flush_by_mmuidx(env_cpu(env), (ARMMMUIdxBit_E10_0 |
70
ARMMMUIdxBit_E20_0 |
71
ARMMMUIdxBit_E10_1 |
72
@@ -XXX,XX +XXX,XX @@ static void do_hcr_write(CPUARMState *env, uint64_t value, uint64_t valid_mask)
73
if (cpu_isar_feature(aa64_fwb, cpu)) {
74
valid_mask |= HCR_FWB;
75
}
76
+ if (cpu_isar_feature(aa64_rme, cpu)) {
77
+ valid_mask |= HCR_GPF;
69
+ }
78
+ }
70
}
79
}
71
return res;
80
72
}
81
if (cpu_isar_feature(any_evt, cpu)) {
73
@@ -XXX,XX +XXX,XX @@ static inline uint8_t add8_sat(uint8_t a, uint8_t b)
74
75
res = a + b;
76
if (((res ^ a) & 0x80) && !((a ^ b) & 0x80)) {
77
- if (a & 0x80)
78
+ if (a & 0x80) {
79
res = 0x80;
80
- else
81
+ } else {
82
res = 0x7f;
83
+ }
84
}
85
return res;
86
}
87
@@ -XXX,XX +XXX,XX @@ static inline uint16_t sub16_sat(uint16_t a, uint16_t b)
88
89
res = a - b;
90
if (((res ^ a) & 0x8000) && ((a ^ b) & 0x8000)) {
91
- if (a & 0x8000)
92
+ if (a & 0x8000) {
93
res = 0x8000;
94
- else
95
+ } else {
96
res = 0x7fff;
97
+ }
98
}
99
return res;
100
}
101
@@ -XXX,XX +XXX,XX @@ static inline uint8_t sub8_sat(uint8_t a, uint8_t b)
102
103
res = a - b;
104
if (((res ^ a) & 0x80) && ((a ^ b) & 0x80)) {
105
- if (a & 0x80)
106
+ if (a & 0x80) {
107
res = 0x80;
108
- else
109
+ } else {
110
res = 0x7f;
111
+ }
112
}
113
return res;
114
}
115
@@ -XXX,XX +XXX,XX @@ static inline uint16_t add16_usat(uint16_t a, uint16_t b)
116
{
117
uint16_t res;
118
res = a + b;
119
- if (res < a)
120
+ if (res < a) {
121
res = 0xffff;
122
+ }
123
return res;
124
}
125
126
static inline uint16_t sub16_usat(uint16_t a, uint16_t b)
127
{
128
- if (a > b)
129
+ if (a > b) {
130
return a - b;
131
- else
132
+ } else {
133
return 0;
134
+ }
135
}
136
137
static inline uint8_t add8_usat(uint8_t a, uint8_t b)
138
{
139
uint8_t res;
140
res = a + b;
141
- if (res < a)
142
+ if (res < a) {
143
res = 0xff;
144
+ }
145
return res;
146
}
147
148
static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
149
{
150
- if (a > b)
151
+ if (a > b) {
152
return a - b;
153
- else
154
+ } else {
155
return 0;
156
+ }
157
}
158
159
#define ADD16(a, b, n) RESULT(add16_usat(a, b), n, 16);
160
@@ -XXX,XX +XXX,XX @@ static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
161
162
static inline uint8_t do_usad(uint8_t a, uint8_t b)
163
{
164
- if (a > b)
165
+ if (a > b) {
166
return a - b;
167
- else
168
+ } else {
169
return b - a;
170
+ }
171
}
172
173
/* Unsigned sum of absolute byte differences. */
174
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
175
uint32_t mask;
176
177
mask = 0;
178
- if (flags & 1)
179
+ if (flags & 1) {
180
mask |= 0xff;
181
- if (flags & 2)
182
+ }
183
+ if (flags & 2) {
184
mask |= 0xff00;
185
- if (flags & 4)
186
+ }
187
+ if (flags & 4) {
188
mask |= 0xff0000;
189
- if (flags & 8)
190
+ }
191
+ if (flags & 8) {
192
mask |= 0xff000000;
193
+ }
194
return (a & mask) | (b & ~mask);
195
}
196
197
--
82
--
198
2.25.1
83
2.34.1
diff view generated by jsdifflib
1
From: Zhuojia Shen <chaosdefinition@hotmail.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
In CPUID registers exposed to userspace, some registers were missing
3
With RME, SEL2 must also be present to support secure state.
4
and some fields were not exposed. This patch aligns exposed ID
4
The NS bit is RES1 if SEL2 is not present.
5
registers and their fields with what the upstream kernel currently
6
exposes.
7
5
8
Specifically, the following new ID registers/fields are exposed to
9
userspace:
10
11
ID_AA64PFR1_EL1.BT: bits 3-0
12
ID_AA64PFR1_EL1.MTE: bits 11-8
13
ID_AA64PFR1_EL1.SME: bits 27-24
14
15
ID_AA64ZFR0_EL1.SVEver: bits 3-0
16
ID_AA64ZFR0_EL1.AES: bits 7-4
17
ID_AA64ZFR0_EL1.BitPerm: bits 19-16
18
ID_AA64ZFR0_EL1.BF16: bits 23-20
19
ID_AA64ZFR0_EL1.SHA3: bits 35-32
20
ID_AA64ZFR0_EL1.SM4: bits 43-40
21
ID_AA64ZFR0_EL1.I8MM: bits 47-44
22
ID_AA64ZFR0_EL1.F32MM: bits 55-52
23
ID_AA64ZFR0_EL1.F64MM: bits 59-56
24
25
ID_AA64SMFR0_EL1.F32F32: bit 32
26
ID_AA64SMFR0_EL1.B16F32: bit 34
27
ID_AA64SMFR0_EL1.F16F32: bit 35
28
ID_AA64SMFR0_EL1.I8I32: bits 39-36
29
ID_AA64SMFR0_EL1.F64F64: bit 48
30
ID_AA64SMFR0_EL1.I16I64: bits 55-52
31
ID_AA64SMFR0_EL1.FA64: bit 63
32
33
ID_AA64MMFR0_EL1.ECV: bits 63-60
34
35
ID_AA64MMFR1_EL1.AFP: bits 47-44
36
37
ID_AA64MMFR2_EL1.AT: bits 35-32
38
39
ID_AA64ISAR0_EL1.RNDR: bits 63-60
40
41
ID_AA64ISAR1_EL1.FRINTTS: bits 35-32
42
ID_AA64ISAR1_EL1.BF16: bits 47-44
43
ID_AA64ISAR1_EL1.DGH: bits 51-48
44
ID_AA64ISAR1_EL1.I8MM: bits 55-52
45
46
ID_AA64ISAR2_EL1.WFxT: bits 3-0
47
ID_AA64ISAR2_EL1.RPRES: bits 7-4
48
ID_AA64ISAR2_EL1.GPA3: bits 11-8
49
ID_AA64ISAR2_EL1.APA3: bits 15-12
50
51
The code is also refactored to use symbolic names for ID register fields
52
for better readability and maintainability.
53
54
The test case in tests/tcg/aarch64/sysregs.c is also updated to match
55
the intended behavior.
56
57
Signed-off-by: Zhuojia Shen <chaosdefinition@hotmail.com>
58
Message-id: DS7PR12MB6309FB585E10772928F14271ACE79@DS7PR12MB6309.namprd12.prod.outlook.com
59
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
60
[PMM: use Sn_n_Cn_Cn_n syntax to work with older assemblers
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
61
that don't recognize id_aa64isar2_el1 and id_aa64mmfr2_el1]
8
Message-id: 20230620124418.805717-4-richard.henderson@linaro.org
62
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
63
---
10
---
64
target/arm/helper.c | 96 +++++++++++++++++++++++++------
11
target/arm/helper.c | 3 +++
65
tests/tcg/aarch64/sysregs.c | 24 ++++++--
12
1 file changed, 3 insertions(+)
66
tests/tcg/aarch64/Makefile.target | 7 ++-
67
3 files changed, 103 insertions(+), 24 deletions(-)
68
13
69
diff --git a/target/arm/helper.c b/target/arm/helper.c
14
diff --git a/target/arm/helper.c b/target/arm/helper.c
70
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
71
--- a/target/arm/helper.c
16
--- a/target/arm/helper.c
72
+++ b/target/arm/helper.c
17
+++ b/target/arm/helper.c
73
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
18
@@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
74
#ifdef CONFIG_USER_ONLY
19
}
75
static const ARMCPRegUserSpaceInfo v8_user_idregs[] = {
20
if (cpu_isar_feature(aa64_sel2, cpu)) {
76
{ .name = "ID_AA64PFR0_EL1",
21
valid_mask |= SCR_EEL2;
77
- .exported_bits = 0x000f000f00ff0000,
22
+ } else if (cpu_isar_feature(aa64_rme, cpu)) {
78
- .fixed_bits = 0x0000000000000011 },
23
+ /* With RME and without SEL2, NS is RES1 (R_GSWWH, I_DJJQJ). */
79
+ .exported_bits = R_ID_AA64PFR0_FP_MASK |
24
+ value |= SCR_NS;
80
+ R_ID_AA64PFR0_ADVSIMD_MASK |
25
}
81
+ R_ID_AA64PFR0_SVE_MASK |
26
if (cpu_isar_feature(aa64_mte, cpu)) {
82
+ R_ID_AA64PFR0_DIT_MASK,
27
valid_mask |= SCR_ATA;
83
+ .fixed_bits = (0x1u << R_ID_AA64PFR0_EL0_SHIFT) |
84
+ (0x1u << R_ID_AA64PFR0_EL1_SHIFT) },
85
{ .name = "ID_AA64PFR1_EL1",
86
- .exported_bits = 0x00000000000000f0 },
87
+ .exported_bits = R_ID_AA64PFR1_BT_MASK |
88
+ R_ID_AA64PFR1_SSBS_MASK |
89
+ R_ID_AA64PFR1_MTE_MASK |
90
+ R_ID_AA64PFR1_SME_MASK },
91
{ .name = "ID_AA64PFR*_EL1_RESERVED",
92
- .is_glob = true },
93
- { .name = "ID_AA64ZFR0_EL1" },
94
+ .is_glob = true },
95
+ { .name = "ID_AA64ZFR0_EL1",
96
+ .exported_bits = R_ID_AA64ZFR0_SVEVER_MASK |
97
+ R_ID_AA64ZFR0_AES_MASK |
98
+ R_ID_AA64ZFR0_BITPERM_MASK |
99
+ R_ID_AA64ZFR0_BFLOAT16_MASK |
100
+ R_ID_AA64ZFR0_SHA3_MASK |
101
+ R_ID_AA64ZFR0_SM4_MASK |
102
+ R_ID_AA64ZFR0_I8MM_MASK |
103
+ R_ID_AA64ZFR0_F32MM_MASK |
104
+ R_ID_AA64ZFR0_F64MM_MASK },
105
+ { .name = "ID_AA64SMFR0_EL1",
106
+ .exported_bits = R_ID_AA64SMFR0_F32F32_MASK |
107
+ R_ID_AA64SMFR0_B16F32_MASK |
108
+ R_ID_AA64SMFR0_F16F32_MASK |
109
+ R_ID_AA64SMFR0_I8I32_MASK |
110
+ R_ID_AA64SMFR0_F64F64_MASK |
111
+ R_ID_AA64SMFR0_I16I64_MASK |
112
+ R_ID_AA64SMFR0_FA64_MASK },
113
{ .name = "ID_AA64MMFR0_EL1",
114
- .fixed_bits = 0x00000000ff000000 },
115
- { .name = "ID_AA64MMFR1_EL1" },
116
+ .exported_bits = R_ID_AA64MMFR0_ECV_MASK,
117
+ .fixed_bits = (0xfu << R_ID_AA64MMFR0_TGRAN64_SHIFT) |
118
+ (0xfu << R_ID_AA64MMFR0_TGRAN4_SHIFT) },
119
+ { .name = "ID_AA64MMFR1_EL1",
120
+ .exported_bits = R_ID_AA64MMFR1_AFP_MASK },
121
+ { .name = "ID_AA64MMFR2_EL1",
122
+ .exported_bits = R_ID_AA64MMFR2_AT_MASK },
123
{ .name = "ID_AA64MMFR*_EL1_RESERVED",
124
- .is_glob = true },
125
+ .is_glob = true },
126
{ .name = "ID_AA64DFR0_EL1",
127
- .fixed_bits = 0x0000000000000006 },
128
- { .name = "ID_AA64DFR1_EL1" },
129
+ .fixed_bits = (0x6u << R_ID_AA64DFR0_DEBUGVER_SHIFT) },
130
+ { .name = "ID_AA64DFR1_EL1" },
131
{ .name = "ID_AA64DFR*_EL1_RESERVED",
132
- .is_glob = true },
133
+ .is_glob = true },
134
{ .name = "ID_AA64AFR*",
135
- .is_glob = true },
136
+ .is_glob = true },
137
{ .name = "ID_AA64ISAR0_EL1",
138
- .exported_bits = 0x00fffffff0fffff0 },
139
+ .exported_bits = R_ID_AA64ISAR0_AES_MASK |
140
+ R_ID_AA64ISAR0_SHA1_MASK |
141
+ R_ID_AA64ISAR0_SHA2_MASK |
142
+ R_ID_AA64ISAR0_CRC32_MASK |
143
+ R_ID_AA64ISAR0_ATOMIC_MASK |
144
+ R_ID_AA64ISAR0_RDM_MASK |
145
+ R_ID_AA64ISAR0_SHA3_MASK |
146
+ R_ID_AA64ISAR0_SM3_MASK |
147
+ R_ID_AA64ISAR0_SM4_MASK |
148
+ R_ID_AA64ISAR0_DP_MASK |
149
+ R_ID_AA64ISAR0_FHM_MASK |
150
+ R_ID_AA64ISAR0_TS_MASK |
151
+ R_ID_AA64ISAR0_RNDR_MASK },
152
{ .name = "ID_AA64ISAR1_EL1",
153
- .exported_bits = 0x000000f0ffffffff },
154
+ .exported_bits = R_ID_AA64ISAR1_DPB_MASK |
155
+ R_ID_AA64ISAR1_APA_MASK |
156
+ R_ID_AA64ISAR1_API_MASK |
157
+ R_ID_AA64ISAR1_JSCVT_MASK |
158
+ R_ID_AA64ISAR1_FCMA_MASK |
159
+ R_ID_AA64ISAR1_LRCPC_MASK |
160
+ R_ID_AA64ISAR1_GPA_MASK |
161
+ R_ID_AA64ISAR1_GPI_MASK |
162
+ R_ID_AA64ISAR1_FRINTTS_MASK |
163
+ R_ID_AA64ISAR1_SB_MASK |
164
+ R_ID_AA64ISAR1_BF16_MASK |
165
+ R_ID_AA64ISAR1_DGH_MASK |
166
+ R_ID_AA64ISAR1_I8MM_MASK },
167
+ { .name = "ID_AA64ISAR2_EL1",
168
+ .exported_bits = R_ID_AA64ISAR2_WFXT_MASK |
169
+ R_ID_AA64ISAR2_RPRES_MASK |
170
+ R_ID_AA64ISAR2_GPA3_MASK |
171
+ R_ID_AA64ISAR2_APA3_MASK },
172
{ .name = "ID_AA64ISAR*_EL1_RESERVED",
173
- .is_glob = true },
174
+ .is_glob = true },
175
};
176
modify_arm_cp_regs(v8_idregs, v8_user_idregs);
177
#endif
178
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
179
#ifdef CONFIG_USER_ONLY
180
static const ARMCPRegUserSpaceInfo id_v8_user_midr_cp_reginfo[] = {
181
{ .name = "MIDR_EL1",
182
- .exported_bits = 0x00000000ffffffff },
183
- { .name = "REVIDR_EL1" },
184
+ .exported_bits = R_MIDR_EL1_REVISION_MASK |
185
+ R_MIDR_EL1_PARTNUM_MASK |
186
+ R_MIDR_EL1_ARCHITECTURE_MASK |
187
+ R_MIDR_EL1_VARIANT_MASK |
188
+ R_MIDR_EL1_IMPLEMENTER_MASK },
189
+ { .name = "REVIDR_EL1" },
190
};
191
modify_arm_cp_regs(id_v8_midr_cp_reginfo, id_v8_user_midr_cp_reginfo);
192
#endif
193
diff --git a/tests/tcg/aarch64/sysregs.c b/tests/tcg/aarch64/sysregs.c
194
index XXXXXXX..XXXXXXX 100644
195
--- a/tests/tcg/aarch64/sysregs.c
196
+++ b/tests/tcg/aarch64/sysregs.c
197
@@ -XXX,XX +XXX,XX @@
198
#define HWCAP_CPUID (1 << 11)
199
#endif
200
201
+/*
202
+ * Older assemblers don't recognize newer system register names,
203
+ * but we can still access them by the Sn_n_Cn_Cn_n syntax.
204
+ */
205
+#define SYS_ID_AA64ISAR2_EL1 S3_0_C0_C6_2
206
+#define SYS_ID_AA64MMFR2_EL1 S3_0_C0_C7_2
207
+
208
int failed_bit_count;
209
210
/* Read and print system register `id' value */
211
@@ -XXX,XX +XXX,XX @@ int main(void)
212
* minimum valid fields - for the purposes of this check allowed
213
* to have non-zero values.
214
*/
215
- get_cpu_reg_check_mask(id_aa64isar0_el1, _m(00ff,ffff,f0ff,fff0));
216
- get_cpu_reg_check_mask(id_aa64isar1_el1, _m(0000,00f0,ffff,ffff));
217
+ get_cpu_reg_check_mask(id_aa64isar0_el1, _m(f0ff,ffff,f0ff,fff0));
218
+ get_cpu_reg_check_mask(id_aa64isar1_el1, _m(00ff,f0ff,ffff,ffff));
219
+ get_cpu_reg_check_mask(SYS_ID_AA64ISAR2_EL1, _m(0000,0000,0000,ffff));
220
/* TGran4 & TGran64 as pegged to -1 */
221
- get_cpu_reg_check_mask(id_aa64mmfr0_el1, _m(0000,0000,ff00,0000));
222
- get_cpu_reg_check_zero(id_aa64mmfr1_el1);
223
+ get_cpu_reg_check_mask(id_aa64mmfr0_el1, _m(f000,0000,ff00,0000));
224
+ get_cpu_reg_check_mask(id_aa64mmfr1_el1, _m(0000,f000,0000,0000));
225
+ get_cpu_reg_check_mask(SYS_ID_AA64MMFR2_EL1, _m(0000,000f,0000,0000));
226
/* EL1/EL0 reported as AA64 only */
227
get_cpu_reg_check_mask(id_aa64pfr0_el1, _m(000f,000f,00ff,0011));
228
- get_cpu_reg_check_mask(id_aa64pfr1_el1, _m(0000,0000,0000,00f0));
229
+ get_cpu_reg_check_mask(id_aa64pfr1_el1, _m(0000,0000,0f00,0fff));
230
/* all hidden, DebugVer fixed to 0x6 (ARMv8 debug architecture) */
231
get_cpu_reg_check_mask(id_aa64dfr0_el1, _m(0000,0000,0000,0006));
232
get_cpu_reg_check_zero(id_aa64dfr1_el1);
233
- get_cpu_reg_check_zero(id_aa64zfr0_el1);
234
+ get_cpu_reg_check_mask(id_aa64zfr0_el1, _m(0ff0,ff0f,00ff,00ff));
235
+#ifdef HAS_ARMV9_SME
236
+ get_cpu_reg_check_mask(id_aa64smfr0_el1, _m(80f1,00fd,0000,0000));
237
+#endif
238
239
get_cpu_reg_check_zero(id_aa64afr0_el1);
240
get_cpu_reg_check_zero(id_aa64afr1_el1);
241
diff --git a/tests/tcg/aarch64/Makefile.target b/tests/tcg/aarch64/Makefile.target
242
index XXXXXXX..XXXXXXX 100644
243
--- a/tests/tcg/aarch64/Makefile.target
244
+++ b/tests/tcg/aarch64/Makefile.target
245
@@ -XXX,XX +XXX,XX @@ config-cc.mak: Makefile
246
     $(call cc-option,-march=armv8.1-a+sve2, CROSS_CC_HAS_SVE2); \
247
     $(call cc-option,-march=armv8.3-a, CROSS_CC_HAS_ARMV8_3); \
248
     $(call cc-option,-mbranch-protection=standard, CROSS_CC_HAS_ARMV8_BTI); \
249
-     $(call cc-option,-march=armv8.5-a+memtag, CROSS_CC_HAS_ARMV8_MTE)) 3> config-cc.mak
250
+     $(call cc-option,-march=armv8.5-a+memtag, CROSS_CC_HAS_ARMV8_MTE); \
251
+     $(call cc-option,-march=armv9-a+sme, CROSS_CC_HAS_ARMV9_SME)) 3> config-cc.mak
252
-include config-cc.mak
253
254
# Pauth Tests
255
@@ -XXX,XX +XXX,XX @@ endif
256
ifneq ($(CROSS_CC_HAS_SVE),)
257
# System Registers Tests
258
AARCH64_TESTS += sysregs
259
+ifneq ($(CROSS_CC_HAS_ARMV9_SME),)
260
+sysregs: CFLAGS+=-march=armv9-a+sme -DHAS_ARMV9_SME
261
+else
262
sysregs: CFLAGS+=-march=armv8.1-a+sve
263
+endif
264
265
# SVE ioctl test
266
AARCH64_TESTS += sve-ioctls
267
--
28
--
268
2.25.1
29
2.34.1
diff view generated by jsdifflib
1
From: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Signed-off-by: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
3
This includes GPCCR, GPTBR, MFAR, the TLB flush insns PAALL, PAALLOS,
4
Message-id: 20221206102504.165775-6-tobias.roehmel@rwth-aachen.de
4
RPALOS, RPAOS, and the cache flush insns CIPAPA and CIGDPAPA.
5
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20230620124418.805717-5-richard.henderson@linaro.org
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
---
10
---
7
target/arm/cpu.h | 6 +
11
target/arm/cpu.h | 19 ++++++++++
8
target/arm/cpu.c | 28 +++-
12
target/arm/helper.c | 84 +++++++++++++++++++++++++++++++++++++++++++++
9
target/arm/helper.c | 302 +++++++++++++++++++++++++++++++++++++++++++
13
2 files changed, 103 insertions(+)
10
target/arm/machine.c | 28 ++++
11
4 files changed, 360 insertions(+), 4 deletions(-)
12
14
13
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
15
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
14
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/cpu.h
17
--- a/target/arm/cpu.h
16
+++ b/target/arm/cpu.h
18
+++ b/target/arm/cpu.h
17
@@ -XXX,XX +XXX,XX @@ typedef struct CPUArchState {
19
@@ -XXX,XX +XXX,XX @@ typedef struct CPUArchState {
18
};
20
uint64_t fgt_read[2]; /* HFGRTR, HDFGRTR */
19
uint64_t sctlr_el[4];
21
uint64_t fgt_write[2]; /* HFGWTR, HDFGWTR */
20
};
22
uint64_t fgt_exec[1]; /* HFGITR */
21
+ uint64_t vsctlr; /* Virtualization System control register. */
23
+
22
uint64_t cpacr_el1; /* Architectural feature access control register */
24
+ /* RME registers */
23
uint64_t cptr_el[4]; /* ARMv8 feature trap registers */
25
+ uint64_t gpccr_el3;
24
uint32_t c1_xscaleauxcr; /* XScale auxiliary control register. */
26
+ uint64_t gptbr_el3;
25
@@ -XXX,XX +XXX,XX @@ typedef struct CPUArchState {
27
+ uint64_t mfar_el3;
26
*/
28
} cp15;
27
uint32_t *rbar[M_REG_NUM_BANKS];
29
28
uint32_t *rlar[M_REG_NUM_BANKS];
30
struct {
29
+ uint32_t *hprbar;
30
+ uint32_t *hprlar;
31
uint32_t mair0[M_REG_NUM_BANKS];
32
uint32_t mair1[M_REG_NUM_BANKS];
33
+ uint32_t hprselr;
34
} pmsav8;
35
36
/* v8M SAU */
37
@@ -XXX,XX +XXX,XX @@ struct ArchCPU {
31
@@ -XXX,XX +XXX,XX @@ struct ArchCPU {
38
bool has_mpu;
32
uint64_t reset_cbar;
39
/* PMSAv7 MPU number of supported regions */
33
uint32_t reset_auxcr;
40
uint32_t pmsav7_dregion;
34
bool reset_hivecs;
41
+ /* PMSAv8 MPU number of supported hyp regions */
35
+ uint8_t reset_l0gptsz;
42
+ uint32_t pmsav8r_hdregion;
36
43
/* v8M SAU number of supported regions */
37
/*
44
uint32_t sau_sregion;
38
* Intermediate values used during property parsing.
45
39
@@ -XXX,XX +XXX,XX @@ FIELD(MVFR1, SIMDFMAC, 28, 4)
46
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
40
FIELD(MVFR2, SIMDMISC, 0, 4)
47
index XXXXXXX..XXXXXXX 100644
41
FIELD(MVFR2, FPMISC, 4, 4)
48
--- a/target/arm/cpu.c
42
49
+++ b/target/arm/cpu.c
43
+FIELD(GPCCR, PPS, 0, 3)
50
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_reset_hold(Object *obj)
44
+FIELD(GPCCR, IRGN, 8, 2)
51
sizeof(*env->pmsav7.dracr) * cpu->pmsav7_dregion);
45
+FIELD(GPCCR, ORGN, 10, 2)
52
}
46
+FIELD(GPCCR, SH, 12, 2)
53
}
47
+FIELD(GPCCR, PGS, 14, 2)
48
+FIELD(GPCCR, GPC, 16, 1)
49
+FIELD(GPCCR, GPCP, 17, 1)
50
+FIELD(GPCCR, L0GPTSZ, 20, 4)
54
+
51
+
55
+ if (cpu->pmsav8r_hdregion > 0) {
52
+FIELD(MFAR, FPA, 12, 40)
56
+ memset(env->pmsav8.hprbar, 0,
53
+FIELD(MFAR, NSE, 62, 1)
57
+ sizeof(*env->pmsav8.hprbar) * cpu->pmsav8r_hdregion);
54
+FIELD(MFAR, NS, 63, 1)
58
+ memset(env->pmsav8.hprlar, 0,
59
+ sizeof(*env->pmsav8.hprlar) * cpu->pmsav8r_hdregion);
60
+ }
61
+
55
+
62
env->pmsav7.rnr[M_REG_NS] = 0;
56
QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
63
env->pmsav7.rnr[M_REG_S] = 0;
57
64
env->pmsav8.mair0[M_REG_NS] = 0;
58
/* If adding a feature bit which corresponds to a Linux ELF
65
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
66
/* MPU can be configured out of a PMSA CPU either by setting has-mpu
67
* to false or by setting pmsav7-dregion to 0.
68
*/
69
- if (!cpu->has_mpu) {
70
- cpu->pmsav7_dregion = 0;
71
- }
72
- if (cpu->pmsav7_dregion == 0) {
73
+ if (!cpu->has_mpu || cpu->pmsav7_dregion == 0) {
74
cpu->has_mpu = false;
75
+ cpu->pmsav7_dregion = 0;
76
+ cpu->pmsav8r_hdregion = 0;
77
}
78
79
if (arm_feature(env, ARM_FEATURE_PMSA) &&
80
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
81
env->pmsav7.dracr = g_new0(uint32_t, nr);
82
}
83
}
84
+
85
+ if (cpu->pmsav8r_hdregion > 0xff) {
86
+ error_setg(errp, "PMSAv8 MPU EL2 #regions invalid %" PRIu32,
87
+ cpu->pmsav8r_hdregion);
88
+ return;
89
+ }
90
+
91
+ if (cpu->pmsav8r_hdregion) {
92
+ env->pmsav8.hprbar = g_new0(uint32_t,
93
+ cpu->pmsav8r_hdregion);
94
+ env->pmsav8.hprlar = g_new0(uint32_t,
95
+ cpu->pmsav8r_hdregion);
96
+ }
97
}
98
99
if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
100
diff --git a/target/arm/helper.c b/target/arm/helper.c
59
diff --git a/target/arm/helper.c b/target/arm/helper.c
101
index XXXXXXX..XXXXXXX 100644
60
index XXXXXXX..XXXXXXX 100644
102
--- a/target/arm/helper.c
61
--- a/target/arm/helper.c
103
+++ b/target/arm/helper.c
62
+++ b/target/arm/helper.c
104
@@ -XXX,XX +XXX,XX @@ static void pmsav7_rgnr_write(CPUARMState *env, const ARMCPRegInfo *ri,
63
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo sme_reginfo[] = {
105
raw_write(env, ri, value);
64
.access = PL2_RW, .accessfn = access_esm,
106
}
65
.type = ARM_CP_CONST, .resetvalue = 0 },
107
66
};
108
+static void prbar_write(CPUARMState *env, const ARMCPRegInfo *ri,
67
+
109
+ uint64_t value)
68
+static void tlbi_aa64_paall_write(CPUARMState *env, const ARMCPRegInfo *ri,
69
+ uint64_t value)
110
+{
70
+{
111
+ ARMCPU *cpu = env_archcpu(env);
71
+ CPUState *cs = env_cpu(env);
112
+
72
+
113
+ tlb_flush(CPU(cpu)); /* Mappings may have changed - purge! */
73
+ tlb_flush(cs);
114
+ env->pmsav8.rbar[M_REG_NS][env->pmsav7.rnr[M_REG_NS]] = value;
115
+}
74
+}
116
+
75
+
117
+static uint64_t prbar_read(CPUARMState *env, const ARMCPRegInfo *ri)
76
+static void gpccr_write(CPUARMState *env, const ARMCPRegInfo *ri,
77
+ uint64_t value)
118
+{
78
+{
119
+ return env->pmsav8.rbar[M_REG_NS][env->pmsav7.rnr[M_REG_NS]];
79
+ /* L0GPTSZ is RO; other bits not mentioned are RES0. */
80
+ uint64_t rw_mask = R_GPCCR_PPS_MASK | R_GPCCR_IRGN_MASK |
81
+ R_GPCCR_ORGN_MASK | R_GPCCR_SH_MASK | R_GPCCR_PGS_MASK |
82
+ R_GPCCR_GPC_MASK | R_GPCCR_GPCP_MASK;
83
+
84
+ env->cp15.gpccr_el3 = (value & rw_mask) | (env->cp15.gpccr_el3 & ~rw_mask);
120
+}
85
+}
121
+
86
+
122
+static void prlar_write(CPUARMState *env, const ARMCPRegInfo *ri,
87
+static void gpccr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
123
+ uint64_t value)
124
+{
88
+{
125
+ ARMCPU *cpu = env_archcpu(env);
89
+ env->cp15.gpccr_el3 = FIELD_DP64(0, GPCCR, L0GPTSZ,
126
+
90
+ env_archcpu(env)->reset_l0gptsz);
127
+ tlb_flush(CPU(cpu)); /* Mappings may have changed - purge! */
128
+ env->pmsav8.rlar[M_REG_NS][env->pmsav7.rnr[M_REG_NS]] = value;
129
+}
91
+}
130
+
92
+
131
+static uint64_t prlar_read(CPUARMState *env, const ARMCPRegInfo *ri)
93
+static void tlbi_aa64_paallos_write(CPUARMState *env, const ARMCPRegInfo *ri,
94
+ uint64_t value)
132
+{
95
+{
133
+ return env->pmsav8.rlar[M_REG_NS][env->pmsav7.rnr[M_REG_NS]];
96
+ CPUState *cs = env_cpu(env);
97
+
98
+ tlb_flush_all_cpus_synced(cs);
134
+}
99
+}
135
+
100
+
136
+static void prselr_write(CPUARMState *env, const ARMCPRegInfo *ri,
101
+static const ARMCPRegInfo rme_reginfo[] = {
137
+ uint64_t value)
102
+ { .name = "GPCCR_EL3", .state = ARM_CP_STATE_AA64,
138
+{
103
+ .opc0 = 3, .opc1 = 6, .crn = 2, .crm = 1, .opc2 = 6,
139
+ ARMCPU *cpu = env_archcpu(env);
104
+ .access = PL3_RW, .writefn = gpccr_write, .resetfn = gpccr_reset,
105
+ .fieldoffset = offsetof(CPUARMState, cp15.gpccr_el3) },
106
+ { .name = "GPTBR_EL3", .state = ARM_CP_STATE_AA64,
107
+ .opc0 = 3, .opc1 = 6, .crn = 2, .crm = 1, .opc2 = 4,
108
+ .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.gptbr_el3) },
109
+ { .name = "MFAR_EL3", .state = ARM_CP_STATE_AA64,
110
+ .opc0 = 3, .opc1 = 6, .crn = 6, .crm = 0, .opc2 = 5,
111
+ .access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.mfar_el3) },
112
+ { .name = "TLBI_PAALL", .state = ARM_CP_STATE_AA64,
113
+ .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 7, .opc2 = 4,
114
+ .access = PL3_W, .type = ARM_CP_NO_RAW,
115
+ .writefn = tlbi_aa64_paall_write },
116
+ { .name = "TLBI_PAALLOS", .state = ARM_CP_STATE_AA64,
117
+ .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 1, .opc2 = 4,
118
+ .access = PL3_W, .type = ARM_CP_NO_RAW,
119
+ .writefn = tlbi_aa64_paallos_write },
120
+ /*
121
+ * QEMU does not have a way to invalidate by physical address, thus
122
+ * invalidating a range of physical addresses is accomplished by
123
+ * flushing all tlb entries in the outer sharable domain,
124
+ * just like PAALLOS.
125
+ */
126
+ { .name = "TLBI_RPALOS", .state = ARM_CP_STATE_AA64,
127
+ .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 4, .opc2 = 7,
128
+ .access = PL3_W, .type = ARM_CP_NO_RAW,
129
+ .writefn = tlbi_aa64_paallos_write },
130
+ { .name = "TLBI_RPAOS", .state = ARM_CP_STATE_AA64,
131
+ .opc0 = 1, .opc1 = 6, .crn = 8, .crm = 4, .opc2 = 3,
132
+ .access = PL3_W, .type = ARM_CP_NO_RAW,
133
+ .writefn = tlbi_aa64_paallos_write },
134
+ { .name = "DC_CIPAPA", .state = ARM_CP_STATE_AA64,
135
+ .opc0 = 1, .opc1 = 6, .crn = 7, .crm = 14, .opc2 = 1,
136
+ .access = PL3_W, .type = ARM_CP_NOP },
137
+};
140
+
138
+
141
+ /*
139
+static const ARMCPRegInfo rme_mte_reginfo[] = {
142
+ * Ignore writes that would select not implemented region.
140
+ { .name = "DC_CIGDPAPA", .state = ARM_CP_STATE_AA64,
143
+ * This is architecturally UNPREDICTABLE.
141
+ .opc0 = 1, .opc1 = 6, .crn = 7, .crm = 14, .opc2 = 5,
144
+ */
142
+ .access = PL3_W, .type = ARM_CP_NOP },
145
+ if (value >= cpu->pmsav7_dregion) {
143
+};
146
+ return;
144
#endif /* TARGET_AARCH64 */
147
+ }
145
146
static void define_pmu_regs(ARMCPU *cpu)
147
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
148
if (cpu_isar_feature(aa64_fgt, cpu)) {
149
define_arm_cp_regs(cpu, fgt_reginfo);
150
}
148
+
151
+
149
+ env->pmsav7.rnr[M_REG_NS] = value;
152
+ if (cpu_isar_feature(aa64_rme, cpu)) {
150
+}
153
+ define_arm_cp_regs(cpu, rme_reginfo);
151
+
154
+ if (cpu_isar_feature(aa64_mte, cpu)) {
152
+static void hprbar_write(CPUARMState *env, const ARMCPRegInfo *ri,
155
+ define_arm_cp_regs(cpu, rme_mte_reginfo);
153
+ uint64_t value)
154
+{
155
+ ARMCPU *cpu = env_archcpu(env);
156
+
157
+ tlb_flush(CPU(cpu)); /* Mappings may have changed - purge! */
158
+ env->pmsav8.hprbar[env->pmsav8.hprselr] = value;
159
+}
160
+
161
+static uint64_t hprbar_read(CPUARMState *env, const ARMCPRegInfo *ri)
162
+{
163
+ return env->pmsav8.hprbar[env->pmsav8.hprselr];
164
+}
165
+
166
+static void hprlar_write(CPUARMState *env, const ARMCPRegInfo *ri,
167
+ uint64_t value)
168
+{
169
+ ARMCPU *cpu = env_archcpu(env);
170
+
171
+ tlb_flush(CPU(cpu)); /* Mappings may have changed - purge! */
172
+ env->pmsav8.hprlar[env->pmsav8.hprselr] = value;
173
+}
174
+
175
+static uint64_t hprlar_read(CPUARMState *env, const ARMCPRegInfo *ri)
176
+{
177
+ return env->pmsav8.hprlar[env->pmsav8.hprselr];
178
+}
179
+
180
+static void hprenr_write(CPUARMState *env, const ARMCPRegInfo *ri,
181
+ uint64_t value)
182
+{
183
+ uint32_t n;
184
+ uint32_t bit;
185
+ ARMCPU *cpu = env_archcpu(env);
186
+
187
+ /* Ignore writes to unimplemented regions */
188
+ int rmax = MIN(cpu->pmsav8r_hdregion, 32);
189
+ value &= MAKE_64BIT_MASK(0, rmax);
190
+
191
+ tlb_flush(CPU(cpu)); /* Mappings may have changed - purge! */
192
+
193
+ /* Register alias is only valid for first 32 indexes */
194
+ for (n = 0; n < rmax; ++n) {
195
+ bit = extract32(value, n, 1);
196
+ env->pmsav8.hprlar[n] = deposit32(
197
+ env->pmsav8.hprlar[n], 0, 1, bit);
198
+ }
199
+}
200
+
201
+static uint64_t hprenr_read(CPUARMState *env, const ARMCPRegInfo *ri)
202
+{
203
+ uint32_t n;
204
+ uint32_t result = 0x0;
205
+ ARMCPU *cpu = env_archcpu(env);
206
+
207
+ /* Register alias is only valid for first 32 indexes */
208
+ for (n = 0; n < MIN(cpu->pmsav8r_hdregion, 32); ++n) {
209
+ if (env->pmsav8.hprlar[n] & 0x1) {
210
+ result |= (0x1 << n);
211
+ }
156
+ }
212
+ }
157
+ }
213
+ return result;
158
#endif
214
+}
159
215
+
160
if (cpu_isar_feature(any_predinv, cpu)) {
216
+static void hprselr_write(CPUARMState *env, const ARMCPRegInfo *ri,
217
+ uint64_t value)
218
+{
219
+ ARMCPU *cpu = env_archcpu(env);
220
+
221
+ /*
222
+ * Ignore writes that would select not implemented region.
223
+ * This is architecturally UNPREDICTABLE.
224
+ */
225
+ if (value >= cpu->pmsav8r_hdregion) {
226
+ return;
227
+ }
228
+
229
+ env->pmsav8.hprselr = value;
230
+}
231
+
232
+static void pmsav8r_regn_write(CPUARMState *env, const ARMCPRegInfo *ri,
233
+ uint64_t value)
234
+{
235
+ ARMCPU *cpu = env_archcpu(env);
236
+ uint8_t index = (extract32(ri->opc0, 0, 1) << 4) |
237
+ (extract32(ri->crm, 0, 3) << 1) | extract32(ri->opc2, 2, 1);
238
+
239
+ tlb_flush(CPU(cpu)); /* Mappings may have changed - purge! */
240
+
241
+ if (ri->opc1 & 4) {
242
+ if (index >= cpu->pmsav8r_hdregion) {
243
+ return;
244
+ }
245
+ if (ri->opc2 & 0x1) {
246
+ env->pmsav8.hprlar[index] = value;
247
+ } else {
248
+ env->pmsav8.hprbar[index] = value;
249
+ }
250
+ } else {
251
+ if (index >= cpu->pmsav7_dregion) {
252
+ return;
253
+ }
254
+ if (ri->opc2 & 0x1) {
255
+ env->pmsav8.rlar[M_REG_NS][index] = value;
256
+ } else {
257
+ env->pmsav8.rbar[M_REG_NS][index] = value;
258
+ }
259
+ }
260
+}
261
+
262
+static uint64_t pmsav8r_regn_read(CPUARMState *env, const ARMCPRegInfo *ri)
263
+{
264
+ ARMCPU *cpu = env_archcpu(env);
265
+ uint8_t index = (extract32(ri->opc0, 0, 1) << 4) |
266
+ (extract32(ri->crm, 0, 3) << 1) | extract32(ri->opc2, 2, 1);
267
+
268
+ if (ri->opc1 & 4) {
269
+ if (index >= cpu->pmsav8r_hdregion) {
270
+ return 0x0;
271
+ }
272
+ if (ri->opc2 & 0x1) {
273
+ return env->pmsav8.hprlar[index];
274
+ } else {
275
+ return env->pmsav8.hprbar[index];
276
+ }
277
+ } else {
278
+ if (index >= cpu->pmsav7_dregion) {
279
+ return 0x0;
280
+ }
281
+ if (ri->opc2 & 0x1) {
282
+ return env->pmsav8.rlar[M_REG_NS][index];
283
+ } else {
284
+ return env->pmsav8.rbar[M_REG_NS][index];
285
+ }
286
+ }
287
+}
288
+
289
+static const ARMCPRegInfo pmsav8r_cp_reginfo[] = {
290
+ { .name = "PRBAR",
291
+ .cp = 15, .opc1 = 0, .crn = 6, .crm = 3, .opc2 = 0,
292
+ .access = PL1_RW, .type = ARM_CP_NO_RAW,
293
+ .accessfn = access_tvm_trvm,
294
+ .readfn = prbar_read, .writefn = prbar_write },
295
+ { .name = "PRLAR",
296
+ .cp = 15, .opc1 = 0, .crn = 6, .crm = 3, .opc2 = 1,
297
+ .access = PL1_RW, .type = ARM_CP_NO_RAW,
298
+ .accessfn = access_tvm_trvm,
299
+ .readfn = prlar_read, .writefn = prlar_write },
300
+ { .name = "PRSELR", .resetvalue = 0,
301
+ .cp = 15, .opc1 = 0, .crn = 6, .crm = 2, .opc2 = 1,
302
+ .access = PL1_RW, .accessfn = access_tvm_trvm,
303
+ .writefn = prselr_write,
304
+ .fieldoffset = offsetof(CPUARMState, pmsav7.rnr[M_REG_NS]) },
305
+ { .name = "HPRBAR", .resetvalue = 0,
306
+ .cp = 15, .opc1 = 4, .crn = 6, .crm = 3, .opc2 = 0,
307
+ .access = PL2_RW, .type = ARM_CP_NO_RAW,
308
+ .readfn = hprbar_read, .writefn = hprbar_write },
309
+ { .name = "HPRLAR",
310
+ .cp = 15, .opc1 = 4, .crn = 6, .crm = 3, .opc2 = 1,
311
+ .access = PL2_RW, .type = ARM_CP_NO_RAW,
312
+ .readfn = hprlar_read, .writefn = hprlar_write },
313
+ { .name = "HPRSELR", .resetvalue = 0,
314
+ .cp = 15, .opc1 = 4, .crn = 6, .crm = 2, .opc2 = 1,
315
+ .access = PL2_RW,
316
+ .writefn = hprselr_write,
317
+ .fieldoffset = offsetof(CPUARMState, pmsav8.hprselr) },
318
+ { .name = "HPRENR",
319
+ .cp = 15, .opc1 = 4, .crn = 6, .crm = 1, .opc2 = 1,
320
+ .access = PL2_RW, .type = ARM_CP_NO_RAW,
321
+ .readfn = hprenr_read, .writefn = hprenr_write },
322
+};
323
+
324
static const ARMCPRegInfo pmsav7_cp_reginfo[] = {
325
/* Reset for all these registers is handled in arm_cpu_reset(),
326
* because the PMSAv7 is also used by M-profile CPUs, which do
327
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
328
.access = PL1_R, .type = ARM_CP_CONST,
329
.resetvalue = cpu->pmsav7_dregion << 8
330
};
331
+ /* HMPUIR is specific to PMSA V8 */
332
+ ARMCPRegInfo id_hmpuir_reginfo = {
333
+ .name = "HMPUIR",
334
+ .cp = 15, .opc1 = 4, .crn = 0, .crm = 0, .opc2 = 4,
335
+ .access = PL2_R, .type = ARM_CP_CONST,
336
+ .resetvalue = cpu->pmsav8r_hdregion
337
+ };
338
static const ARMCPRegInfo crn0_wi_reginfo = {
339
.name = "CRN0_WI", .cp = 15, .crn = 0, .crm = CP_ANY,
340
.opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_W,
341
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
342
define_arm_cp_regs(cpu, id_cp_reginfo);
343
if (!arm_feature(env, ARM_FEATURE_PMSA)) {
344
define_one_arm_cp_reg(cpu, &id_tlbtr_reginfo);
345
+ } else if (arm_feature(env, ARM_FEATURE_PMSA) &&
346
+ arm_feature(env, ARM_FEATURE_V8)) {
347
+ uint32_t i = 0;
348
+ char *tmp_string;
349
+
350
+ define_one_arm_cp_reg(cpu, &id_mpuir_reginfo);
351
+ define_one_arm_cp_reg(cpu, &id_hmpuir_reginfo);
352
+ define_arm_cp_regs(cpu, pmsav8r_cp_reginfo);
353
+
354
+ /* Register alias is only valid for first 32 indexes */
355
+ for (i = 0; i < MIN(cpu->pmsav7_dregion, 32); ++i) {
356
+ uint8_t crm = 0b1000 | extract32(i, 1, 3);
357
+ uint8_t opc1 = extract32(i, 4, 1);
358
+ uint8_t opc2 = extract32(i, 0, 1) << 2;
359
+
360
+ tmp_string = g_strdup_printf("PRBAR%u", i);
361
+ ARMCPRegInfo tmp_prbarn_reginfo = {
362
+ .name = tmp_string, .type = ARM_CP_ALIAS | ARM_CP_NO_RAW,
363
+ .cp = 15, .opc1 = opc1, .crn = 6, .crm = crm, .opc2 = opc2,
364
+ .access = PL1_RW, .resetvalue = 0,
365
+ .accessfn = access_tvm_trvm,
366
+ .writefn = pmsav8r_regn_write, .readfn = pmsav8r_regn_read
367
+ };
368
+ define_one_arm_cp_reg(cpu, &tmp_prbarn_reginfo);
369
+ g_free(tmp_string);
370
+
371
+ opc2 = extract32(i, 0, 1) << 2 | 0x1;
372
+ tmp_string = g_strdup_printf("PRLAR%u", i);
373
+ ARMCPRegInfo tmp_prlarn_reginfo = {
374
+ .name = tmp_string, .type = ARM_CP_ALIAS | ARM_CP_NO_RAW,
375
+ .cp = 15, .opc1 = opc1, .crn = 6, .crm = crm, .opc2 = opc2,
376
+ .access = PL1_RW, .resetvalue = 0,
377
+ .accessfn = access_tvm_trvm,
378
+ .writefn = pmsav8r_regn_write, .readfn = pmsav8r_regn_read
379
+ };
380
+ define_one_arm_cp_reg(cpu, &tmp_prlarn_reginfo);
381
+ g_free(tmp_string);
382
+ }
383
+
384
+ /* Register alias is only valid for first 32 indexes */
385
+ for (i = 0; i < MIN(cpu->pmsav8r_hdregion, 32); ++i) {
386
+ uint8_t crm = 0b1000 | extract32(i, 1, 3);
387
+ uint8_t opc1 = 0b100 | extract32(i, 4, 1);
388
+ uint8_t opc2 = extract32(i, 0, 1) << 2;
389
+
390
+ tmp_string = g_strdup_printf("HPRBAR%u", i);
391
+ ARMCPRegInfo tmp_hprbarn_reginfo = {
392
+ .name = tmp_string,
393
+ .type = ARM_CP_NO_RAW,
394
+ .cp = 15, .opc1 = opc1, .crn = 6, .crm = crm, .opc2 = opc2,
395
+ .access = PL2_RW, .resetvalue = 0,
396
+ .writefn = pmsav8r_regn_write, .readfn = pmsav8r_regn_read
397
+ };
398
+ define_one_arm_cp_reg(cpu, &tmp_hprbarn_reginfo);
399
+ g_free(tmp_string);
400
+
401
+ opc2 = extract32(i, 0, 1) << 2 | 0x1;
402
+ tmp_string = g_strdup_printf("HPRLAR%u", i);
403
+ ARMCPRegInfo tmp_hprlarn_reginfo = {
404
+ .name = tmp_string,
405
+ .type = ARM_CP_NO_RAW,
406
+ .cp = 15, .opc1 = opc1, .crn = 6, .crm = crm, .opc2 = opc2,
407
+ .access = PL2_RW, .resetvalue = 0,
408
+ .writefn = pmsav8r_regn_write, .readfn = pmsav8r_regn_read
409
+ };
410
+ define_one_arm_cp_reg(cpu, &tmp_hprlarn_reginfo);
411
+ g_free(tmp_string);
412
+ }
413
} else if (arm_feature(env, ARM_FEATURE_V7)) {
414
define_one_arm_cp_reg(cpu, &id_mpuir_reginfo);
415
}
416
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
417
sctlr.type |= ARM_CP_SUPPRESS_TB_END;
418
}
419
define_one_arm_cp_reg(cpu, &sctlr);
420
+
421
+ if (arm_feature(env, ARM_FEATURE_PMSA) &&
422
+ arm_feature(env, ARM_FEATURE_V8)) {
423
+ ARMCPRegInfo vsctlr = {
424
+ .name = "VSCTLR", .state = ARM_CP_STATE_AA32,
425
+ .cp = 15, .opc1 = 4, .crn = 2, .crm = 0, .opc2 = 0,
426
+ .access = PL2_RW, .resetvalue = 0x0,
427
+ .fieldoffset = offsetoflow32(CPUARMState, cp15.vsctlr),
428
+ };
429
+ define_one_arm_cp_reg(cpu, &vsctlr);
430
+ }
431
}
432
433
if (cpu_isar_feature(aa64_lor, cpu)) {
434
diff --git a/target/arm/machine.c b/target/arm/machine.c
435
index XXXXXXX..XXXXXXX 100644
436
--- a/target/arm/machine.c
437
+++ b/target/arm/machine.c
438
@@ -XXX,XX +XXX,XX @@ static bool pmsav8_needed(void *opaque)
439
arm_feature(env, ARM_FEATURE_V8);
440
}
441
442
+static bool pmsav8r_needed(void *opaque)
443
+{
444
+ ARMCPU *cpu = opaque;
445
+ CPUARMState *env = &cpu->env;
446
+
447
+ return arm_feature(env, ARM_FEATURE_PMSA) &&
448
+ arm_feature(env, ARM_FEATURE_V8) &&
449
+ !arm_feature(env, ARM_FEATURE_M);
450
+}
451
+
452
+static const VMStateDescription vmstate_pmsav8r = {
453
+ .name = "cpu/pmsav8/pmsav8r",
454
+ .version_id = 1,
455
+ .minimum_version_id = 1,
456
+ .needed = pmsav8r_needed,
457
+ .fields = (VMStateField[]) {
458
+ VMSTATE_VARRAY_UINT32(env.pmsav8.hprbar, ARMCPU,
459
+ pmsav8r_hdregion, 0, vmstate_info_uint32, uint32_t),
460
+ VMSTATE_VARRAY_UINT32(env.pmsav8.hprlar, ARMCPU,
461
+ pmsav8r_hdregion, 0, vmstate_info_uint32, uint32_t),
462
+ VMSTATE_END_OF_LIST()
463
+ },
464
+};
465
+
466
static const VMStateDescription vmstate_pmsav8 = {
467
.name = "cpu/pmsav8",
468
.version_id = 1,
469
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_pmsav8 = {
470
VMSTATE_UINT32(env.pmsav8.mair0[M_REG_NS], ARMCPU),
471
VMSTATE_UINT32(env.pmsav8.mair1[M_REG_NS], ARMCPU),
472
VMSTATE_END_OF_LIST()
473
+ },
474
+ .subsections = (const VMStateDescription * []) {
475
+ &vmstate_pmsav8r,
476
+ NULL
477
}
478
};
479
480
--
161
--
481
2.25.1
162
2.34.1
482
483
diff view generated by jsdifflib
1
From: Fabiano Rosas <farosas@suse.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Fix the following:
3
Introduce both the enumeration and functions to retrieve
4
the current state, and state outside of EL3.
4
5
5
ERROR: spaces required around that '|' (ctx:VxV)
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
ERROR: space required before the open parenthesis '('
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
ERROR: spaces required around that '+' (ctx:VxB)
8
Message-id: 20230620124418.805717-6-richard.henderson@linaro.org
8
ERROR: space prohibited between function name and open parenthesis '('
9
10
(the last two still have some occurrences in macros which I left
11
behind because it might impact readability)
12
13
Signed-off-by: Fabiano Rosas <farosas@suse.de>
14
Reviewed-by: Claudio Fontana <cfontana@suse.de>
15
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
16
Message-id: 20221213190537.511-3-farosas@suse.de
17
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
---
10
---
19
target/arm/helper.c | 42 +++++++++++++++++++++---------------------
11
target/arm/cpu.h | 89 ++++++++++++++++++++++++++++++++++-----------
20
1 file changed, 21 insertions(+), 21 deletions(-)
12
target/arm/helper.c | 60 ++++++++++++++++++++++++++++++
13
2 files changed, 127 insertions(+), 22 deletions(-)
21
14
15
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
16
index XXXXXXX..XXXXXXX 100644
17
--- a/target/arm/cpu.h
18
+++ b/target/arm/cpu.h
19
@@ -XXX,XX +XXX,XX @@ static inline int arm_feature(CPUARMState *env, int feature)
20
21
void arm_cpu_finalize_features(ARMCPU *cpu, Error **errp);
22
23
-#if !defined(CONFIG_USER_ONLY)
24
/*
25
+ * ARM v9 security states.
26
+ * The ordering of the enumeration corresponds to the low 2 bits
27
+ * of the GPI value, and (except for Root) the concat of NSE:NS.
28
+ */
29
+
30
+typedef enum ARMSecuritySpace {
31
+ ARMSS_Secure = 0,
32
+ ARMSS_NonSecure = 1,
33
+ ARMSS_Root = 2,
34
+ ARMSS_Realm = 3,
35
+} ARMSecuritySpace;
36
+
37
+/* Return true if @space is secure, in the pre-v9 sense. */
38
+static inline bool arm_space_is_secure(ARMSecuritySpace space)
39
+{
40
+ return space == ARMSS_Secure || space == ARMSS_Root;
41
+}
42
+
43
+/* Return the ARMSecuritySpace for @secure, assuming !RME or EL[0-2]. */
44
+static inline ARMSecuritySpace arm_secure_to_space(bool secure)
45
+{
46
+ return secure ? ARMSS_Secure : ARMSS_NonSecure;
47
+}
48
+
49
+#if !defined(CONFIG_USER_ONLY)
50
+/**
51
+ * arm_security_space_below_el3:
52
+ * @env: cpu context
53
+ *
54
+ * Return the security space of exception levels below EL3, following
55
+ * an exception return to those levels. Unlike arm_security_space,
56
+ * this doesn't care about the current EL.
57
+ */
58
+ARMSecuritySpace arm_security_space_below_el3(CPUARMState *env);
59
+
60
+/**
61
+ * arm_is_secure_below_el3:
62
+ * @env: cpu context
63
+ *
64
* Return true if exception levels below EL3 are in secure state,
65
- * or would be following an exception return to that level.
66
- * Unlike arm_is_secure() (which is always a question about the
67
- * _current_ state of the CPU) this doesn't care about the current
68
- * EL or mode.
69
+ * or would be following an exception return to those levels.
70
*/
71
static inline bool arm_is_secure_below_el3(CPUARMState *env)
72
{
73
- assert(!arm_feature(env, ARM_FEATURE_M));
74
- if (arm_feature(env, ARM_FEATURE_EL3)) {
75
- return !(env->cp15.scr_el3 & SCR_NS);
76
- } else {
77
- /* If EL3 is not supported then the secure state is implementation
78
- * defined, in which case QEMU defaults to non-secure.
79
- */
80
- return false;
81
- }
82
+ ARMSecuritySpace ss = arm_security_space_below_el3(env);
83
+ return ss == ARMSS_Secure;
84
}
85
86
/* Return true if the CPU is AArch64 EL3 or AArch32 Mon */
87
@@ -XXX,XX +XXX,XX @@ static inline bool arm_is_el3_or_mon(CPUARMState *env)
88
return false;
89
}
90
91
-/* Return true if the processor is in secure state */
92
+/**
93
+ * arm_security_space:
94
+ * @env: cpu context
95
+ *
96
+ * Return the current security space of the cpu.
97
+ */
98
+ARMSecuritySpace arm_security_space(CPUARMState *env);
99
+
100
+/**
101
+ * arm_is_secure:
102
+ * @env: cpu context
103
+ *
104
+ * Return true if the processor is in secure state.
105
+ */
106
static inline bool arm_is_secure(CPUARMState *env)
107
{
108
- if (arm_feature(env, ARM_FEATURE_M)) {
109
- return env->v7m.secure;
110
- }
111
- if (arm_is_el3_or_mon(env)) {
112
- return true;
113
- }
114
- return arm_is_secure_below_el3(env);
115
+ return arm_space_is_secure(arm_security_space(env));
116
}
117
118
/*
119
@@ -XXX,XX +XXX,XX @@ static inline bool arm_is_el2_enabled(CPUARMState *env)
120
}
121
122
#else
123
+static inline ARMSecuritySpace arm_security_space_below_el3(CPUARMState *env)
124
+{
125
+ return ARMSS_NonSecure;
126
+}
127
+
128
static inline bool arm_is_secure_below_el3(CPUARMState *env)
129
{
130
return false;
131
}
132
133
+static inline ARMSecuritySpace arm_security_space(CPUARMState *env)
134
+{
135
+ return ARMSS_NonSecure;
136
+}
137
+
138
static inline bool arm_is_secure(CPUARMState *env)
139
{
140
return false;
22
diff --git a/target/arm/helper.c b/target/arm/helper.c
141
diff --git a/target/arm/helper.c b/target/arm/helper.c
23
index XXXXXXX..XXXXXXX 100644
142
index XXXXXXX..XXXXXXX 100644
24
--- a/target/arm/helper.c
143
--- a/target/arm/helper.c
25
+++ b/target/arm/helper.c
144
+++ b/target/arm/helper.c
26
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_list(gpointer key, gpointer opaque)
145
@@ -XXX,XX +XXX,XX @@ void aarch64_sve_change_el(CPUARMState *env, int old_el,
27
uint32_t regidx = (uintptr_t)key;
28
const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
29
30
- if (!(ri->type & (ARM_CP_NO_RAW|ARM_CP_ALIAS))) {
31
+ if (!(ri->type & (ARM_CP_NO_RAW | ARM_CP_ALIAS))) {
32
cpu->cpreg_indexes[cpu->cpreg_array_len] = cpreg_to_kvm_id(regidx);
33
/* The value array need not be initialized at this point */
34
cpu->cpreg_array_len++;
35
@@ -XXX,XX +XXX,XX @@ static void count_cpreg(gpointer key, gpointer opaque)
36
37
ri = g_hash_table_lookup(cpu->cp_regs, key);
38
39
- if (!(ri->type & (ARM_CP_NO_RAW|ARM_CP_ALIAS))) {
40
+ if (!(ri->type & (ARM_CP_NO_RAW | ARM_CP_ALIAS))) {
41
cpu->cpreg_array_len++;
42
}
146
}
43
}
147
}
44
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v6k_cp_reginfo[] = {
148
#endif
45
.resetfn = arm_cp_reset_ignore },
149
+
46
{ .name = "TPIDRRO_EL0", .state = ARM_CP_STATE_AA64,
150
+#ifndef CONFIG_USER_ONLY
47
.opc0 = 3, .opc1 = 3, .opc2 = 3, .crn = 13, .crm = 0,
151
+ARMSecuritySpace arm_security_space(CPUARMState *env)
48
- .access = PL0_R|PL1_W,
152
+{
49
+ .access = PL0_R | PL1_W,
153
+ if (arm_feature(env, ARM_FEATURE_M)) {
50
.fieldoffset = offsetof(CPUARMState, cp15.tpidrro_el[0]),
154
+ return arm_secure_to_space(env->v7m.secure);
51
.resetvalue = 0},
155
+ }
52
{ .name = "TPIDRURO", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 3,
156
+
53
- .access = PL0_R|PL1_W,
157
+ /*
54
+ .access = PL0_R | PL1_W,
158
+ * If EL3 is not supported then the secure state is implementation
55
.bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.tpidruro_s),
159
+ * defined, in which case QEMU defaults to non-secure.
56
offsetoflow32(CPUARMState, cp15.tpidruro_ns) },
160
+ */
57
.resetfn = arm_cp_reset_ignore },
161
+ if (!arm_feature(env, ARM_FEATURE_EL3)) {
58
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cache_block_ops_cp_reginfo[] = {
162
+ return ARMSS_NonSecure;
59
.resetvalue = 0 },
163
+ }
60
/* The cache ops themselves: these all NOP for QEMU */
164
+
61
{ .name = "IICR", .cp = 15, .crm = 5, .opc1 = 0,
165
+ /* Check for AArch64 EL3 or AArch32 Mon. */
62
- .access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
166
+ if (is_a64(env)) {
63
+ .access = PL1_W, .type = ARM_CP_NOP | ARM_CP_64BIT },
167
+ if (extract32(env->pstate, 2, 2) == 3) {
64
{ .name = "IDCR", .cp = 15, .crm = 6, .opc1 = 0,
168
+ if (cpu_isar_feature(aa64_rme, env_archcpu(env))) {
65
- .access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
169
+ return ARMSS_Root;
66
+ .access = PL1_W, .type = ARM_CP_NOP | ARM_CP_64BIT },
170
+ } else {
67
{ .name = "CDCR", .cp = 15, .crm = 12, .opc1 = 0,
171
+ return ARMSS_Secure;
68
- .access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
172
+ }
69
+ .access = PL0_W, .type = ARM_CP_NOP | ARM_CP_64BIT },
173
+ }
70
{ .name = "PIR", .cp = 15, .crm = 12, .opc1 = 1,
174
+ } else {
71
- .access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
175
+ if ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_MON) {
72
+ .access = PL0_W, .type = ARM_CP_NOP | ARM_CP_64BIT },
176
+ return ARMSS_Secure;
73
{ .name = "PDR", .cp = 15, .crm = 12, .opc1 = 2,
177
+ }
74
- .access = PL0_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
178
+ }
75
+ .access = PL0_W, .type = ARM_CP_NOP | ARM_CP_64BIT },
179
+
76
{ .name = "CIDCR", .cp = 15, .crm = 14, .opc1 = 0,
180
+ return arm_security_space_below_el3(env);
77
- .access = PL1_W, .type = ARM_CP_NOP|ARM_CP_64BIT },
181
+}
78
+ .access = PL1_W, .type = ARM_CP_NOP | ARM_CP_64BIT },
182
+
79
};
183
+ARMSecuritySpace arm_security_space_below_el3(CPUARMState *env)
80
184
+{
81
static const ARMCPRegInfo cache_test_clean_cp_reginfo[] = {
185
+ assert(!arm_feature(env, ARM_FEATURE_M));
82
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
186
+
83
ARMCPRegInfo cbar = {
187
+ /*
84
.name = "CBAR",
188
+ * If EL3 is not supported then the secure state is implementation
85
.cp = 15, .crn = 15, .crm = 0, .opc1 = 4, .opc2 = 0,
189
+ * defined, in which case QEMU defaults to non-secure.
86
- .access = PL1_R|PL3_W, .resetvalue = cpu->reset_cbar,
190
+ */
87
+ .access = PL1_R | PL3_W, .resetvalue = cpu->reset_cbar,
191
+ if (!arm_feature(env, ARM_FEATURE_EL3)) {
88
.fieldoffset = offsetof(CPUARMState,
192
+ return ARMSS_NonSecure;
89
cp15.c15_config_base_address)
193
+ }
90
};
194
+
91
@@ -XXX,XX +XXX,XX @@ static void switch_mode(CPUARMState *env, int mode)
195
+ /*
92
return;
196
+ * Note NSE cannot be set without RME, and NSE & !NS is Reserved.
93
197
+ * Ignoring NSE when !NS retains consistency without having to
94
if (old_mode == ARM_CPU_MODE_FIQ) {
198
+ * modify other predicates.
95
- memcpy (env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
199
+ */
96
- memcpy (env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
200
+ if (!(env->cp15.scr_el3 & SCR_NS)) {
97
+ memcpy(env->fiq_regs, env->regs + 8, 5 * sizeof(uint32_t));
201
+ return ARMSS_Secure;
98
+ memcpy(env->regs + 8, env->usr_regs, 5 * sizeof(uint32_t));
202
+ } else if (env->cp15.scr_el3 & SCR_NSE) {
99
} else if (mode == ARM_CPU_MODE_FIQ) {
203
+ return ARMSS_Realm;
100
- memcpy (env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
204
+ } else {
101
- memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
205
+ return ARMSS_NonSecure;
102
+ memcpy(env->usr_regs, env->regs + 8, 5 * sizeof(uint32_t));
206
+ }
103
+ memcpy(env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
207
+}
104
}
208
+#endif /* !CONFIG_USER_ONLY */
105
106
i = bank_number(old_mode);
107
@@ -XXX,XX +XXX,XX @@ static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
108
RESULT(sum, n, 16); \
109
if (sum >= 0) \
110
ge |= 3 << (n * 2); \
111
- } while(0)
112
+ } while (0)
113
114
#define SARITH8(a, b, n, op) do { \
115
int32_t sum; \
116
@@ -XXX,XX +XXX,XX @@ static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
117
RESULT(sum, n, 8); \
118
if (sum >= 0) \
119
ge |= 1 << n; \
120
- } while(0)
121
+ } while (0)
122
123
124
#define ADD16(a, b, n) SARITH16(a, b, n, +)
125
@@ -XXX,XX +XXX,XX @@ static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
126
RESULT(sum, n, 16); \
127
if ((sum >> 16) == 1) \
128
ge |= 3 << (n * 2); \
129
- } while(0)
130
+ } while (0)
131
132
#define ADD8(a, b, n) do { \
133
uint32_t sum; \
134
@@ -XXX,XX +XXX,XX @@ static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
135
RESULT(sum, n, 8); \
136
if ((sum >> 8) == 1) \
137
ge |= 1 << n; \
138
- } while(0)
139
+ } while (0)
140
141
#define SUB16(a, b, n) do { \
142
uint32_t sum; \
143
@@ -XXX,XX +XXX,XX @@ static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
144
RESULT(sum, n, 16); \
145
if ((sum >> 16) == 0) \
146
ge |= 3 << (n * 2); \
147
- } while(0)
148
+ } while (0)
149
150
#define SUB8(a, b, n) do { \
151
uint32_t sum; \
152
@@ -XXX,XX +XXX,XX @@ static inline uint8_t sub8_usat(uint8_t a, uint8_t b)
153
RESULT(sum, n, 8); \
154
if ((sum >> 8) == 0) \
155
ge |= 1 << n; \
156
- } while(0)
157
+ } while (0)
158
159
#define PFX u
160
#define ARITH_GE
161
--
209
--
162
2.25.1
210
2.34.1
diff view generated by jsdifflib
1
From: Jean-Christophe Dubois <jcd@tribudubois.net>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
IRQs were not associated to the various GPIO devices inside i.MX7D.
3
We will need 2 bits to represent ARMSecurityState.
4
This patch brings the i.MX7D on par with i.MX6.
5
4
6
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
5
Do not attempt to replace or widen secure, even though it
7
Message-id: 20221226101418.415170-1-jcd@tribudubois.net
6
logically overlaps the new field -- there are uses within
7
e.g. hw/block/pflash_cfi01.c, which don't know anything
8
specific about ARM.
9
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
12
Message-id: 20230620124418.805717-7-richard.henderson@linaro.org
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
14
---
11
include/hw/arm/fsl-imx7.h | 15 +++++++++++++++
15
include/exec/memattrs.h | 9 ++++++++-
12
hw/arm/fsl-imx7.c | 31 ++++++++++++++++++++++++++++++-
16
1 file changed, 8 insertions(+), 1 deletion(-)
13
2 files changed, 45 insertions(+), 1 deletion(-)
14
17
15
diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h
18
diff --git a/include/exec/memattrs.h b/include/exec/memattrs.h
16
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
17
--- a/include/hw/arm/fsl-imx7.h
20
--- a/include/exec/memattrs.h
18
+++ b/include/hw/arm/fsl-imx7.h
21
+++ b/include/exec/memattrs.h
19
@@ -XXX,XX +XXX,XX @@ enum FslIMX7IRQs {
22
@@ -XXX,XX +XXX,XX @@ typedef struct MemTxAttrs {
20
FSL_IMX7_GPT3_IRQ = 53,
23
* "didn't specify" if necessary.
21
FSL_IMX7_GPT4_IRQ = 52,
24
*/
22
25
unsigned int unspecified:1;
23
+ FSL_IMX7_GPIO1_LOW_IRQ = 64,
26
- /* ARM/AMBA: TrustZone Secure access
24
+ FSL_IMX7_GPIO1_HIGH_IRQ = 65,
27
+ /*
25
+ FSL_IMX7_GPIO2_LOW_IRQ = 66,
28
+ * ARM/AMBA: TrustZone Secure access
26
+ FSL_IMX7_GPIO2_HIGH_IRQ = 67,
29
* x86: System Management Mode access
27
+ FSL_IMX7_GPIO3_LOW_IRQ = 68,
30
*/
28
+ FSL_IMX7_GPIO3_HIGH_IRQ = 69,
31
unsigned int secure:1;
29
+ FSL_IMX7_GPIO4_LOW_IRQ = 70,
32
+ /*
30
+ FSL_IMX7_GPIO4_HIGH_IRQ = 71,
33
+ * ARM: ArmSecuritySpace. This partially overlaps secure, but it is
31
+ FSL_IMX7_GPIO5_LOW_IRQ = 72,
34
+ * easier to have both fields to assist code that does not understand
32
+ FSL_IMX7_GPIO5_HIGH_IRQ = 73,
35
+ * ARMv9 RME, or no specific knowledge of ARM at all (e.g. pflash).
33
+ FSL_IMX7_GPIO6_LOW_IRQ = 74,
36
+ */
34
+ FSL_IMX7_GPIO6_HIGH_IRQ = 75,
37
+ unsigned int space:2;
35
+ FSL_IMX7_GPIO7_LOW_IRQ = 76,
38
/* Memory access is usermode (unprivileged) */
36
+ FSL_IMX7_GPIO7_HIGH_IRQ = 77,
39
unsigned int user:1;
37
+
38
FSL_IMX7_WDOG1_IRQ = 78,
39
FSL_IMX7_WDOG2_IRQ = 79,
40
FSL_IMX7_WDOG3_IRQ = 10,
41
diff --git a/hw/arm/fsl-imx7.c b/hw/arm/fsl-imx7.c
42
index XXXXXXX..XXXXXXX 100644
43
--- a/hw/arm/fsl-imx7.c
44
+++ b/hw/arm/fsl-imx7.c
45
@@ -XXX,XX +XXX,XX @@ static void fsl_imx7_realize(DeviceState *dev, Error **errp)
46
FSL_IMX7_GPIO7_ADDR,
47
};
48
49
+ static const int FSL_IMX7_GPIOn_LOW_IRQ[FSL_IMX7_NUM_GPIOS] = {
50
+ FSL_IMX7_GPIO1_LOW_IRQ,
51
+ FSL_IMX7_GPIO2_LOW_IRQ,
52
+ FSL_IMX7_GPIO3_LOW_IRQ,
53
+ FSL_IMX7_GPIO4_LOW_IRQ,
54
+ FSL_IMX7_GPIO5_LOW_IRQ,
55
+ FSL_IMX7_GPIO6_LOW_IRQ,
56
+ FSL_IMX7_GPIO7_LOW_IRQ,
57
+ };
58
+
59
+ static const int FSL_IMX7_GPIOn_HIGH_IRQ[FSL_IMX7_NUM_GPIOS] = {
60
+ FSL_IMX7_GPIO1_HIGH_IRQ,
61
+ FSL_IMX7_GPIO2_HIGH_IRQ,
62
+ FSL_IMX7_GPIO3_HIGH_IRQ,
63
+ FSL_IMX7_GPIO4_HIGH_IRQ,
64
+ FSL_IMX7_GPIO5_HIGH_IRQ,
65
+ FSL_IMX7_GPIO6_HIGH_IRQ,
66
+ FSL_IMX7_GPIO7_HIGH_IRQ,
67
+ };
68
+
69
sysbus_realize(SYS_BUS_DEVICE(&s->gpio[i]), &error_abort);
70
- sysbus_mmio_map(SYS_BUS_DEVICE(&s->gpio[i]), 0, FSL_IMX7_GPIOn_ADDR[i]);
71
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->gpio[i]), 0,
72
+ FSL_IMX7_GPIOn_ADDR[i]);
73
+
74
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->gpio[i]), 0,
75
+ qdev_get_gpio_in(DEVICE(&s->a7mpcore),
76
+ FSL_IMX7_GPIOn_LOW_IRQ[i]));
77
+
78
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->gpio[i]), 1,
79
+ qdev_get_gpio_in(DEVICE(&s->a7mpcore),
80
+ FSL_IMX7_GPIOn_HIGH_IRQ[i]));
81
}
82
83
/*
40
/*
84
--
41
--
85
2.25.1
42
2.34.1
diff view generated by jsdifflib
1
From: Stephen Longfield <slongfield@google.com>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Size is used at lines 1088/1188 for the loop, which reads the last 4
3
It will be helpful to have ARMMMUIdx_Phys_* to be in the same
4
bytes from the crc_ptr so it does need to get increased, however it
4
relative order as ARMSecuritySpace enumerators. This requires
5
shouldn't be increased before the buffer is passed to CRC computation,
5
the adjustment to the nstable check. While there, check for being
6
or the crc32 function will access uninitialized memory.
6
in secure state rather than rely on clearing the low bit making
7
no change to non-secure state.
7
8
8
This was pointed out to me by clg@kaod.org during the code review of
9
a similar patch to hw/net/ftgmac100.c
10
11
Change-Id: Ib0464303b191af1e28abeb2f5105eb25aadb5e9b
12
Signed-off-by: Stephen Longfield <slongfield@google.com>
13
Reviewed-by: Patrick Venture <venture@google.com>
14
Message-id: 20221221183202.3788132-1-slongfield@google.com
15
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Message-id: 20230620124418.805717-8-richard.henderson@linaro.org
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
---
13
---
18
hw/net/imx_fec.c | 8 ++++----
14
target/arm/cpu.h | 12 ++++++------
19
1 file changed, 4 insertions(+), 4 deletions(-)
15
target/arm/ptw.c | 12 +++++-------
16
2 files changed, 11 insertions(+), 13 deletions(-)
20
17
21
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
18
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
22
index XXXXXXX..XXXXXXX 100644
19
index XXXXXXX..XXXXXXX 100644
23
--- a/hw/net/imx_fec.c
20
--- a/target/arm/cpu.h
24
+++ b/hw/net/imx_fec.c
21
+++ b/target/arm/cpu.h
25
@@ -XXX,XX +XXX,XX @@ static ssize_t imx_fec_receive(NetClientState *nc, const uint8_t *buf,
22
@@ -XXX,XX +XXX,XX @@ typedef enum ARMMMUIdx {
26
return 0;
23
ARMMMUIdx_E2 = 6 | ARM_MMU_IDX_A,
24
ARMMMUIdx_E3 = 7 | ARM_MMU_IDX_A,
25
26
- /* TLBs with 1-1 mapping to the physical address spaces. */
27
- ARMMMUIdx_Phys_NS = 8 | ARM_MMU_IDX_A,
28
- ARMMMUIdx_Phys_S = 9 | ARM_MMU_IDX_A,
29
-
30
/*
31
* Used for second stage of an S12 page table walk, or for descriptor
32
* loads during first stage of an S1 page table walk. Note that both
33
* are in use simultaneously for SecureEL2: the security state for
34
* the S2 ptw is selected by the NS bit from the S1 ptw.
35
*/
36
- ARMMMUIdx_Stage2 = 10 | ARM_MMU_IDX_A,
37
- ARMMMUIdx_Stage2_S = 11 | ARM_MMU_IDX_A,
38
+ ARMMMUIdx_Stage2_S = 8 | ARM_MMU_IDX_A,
39
+ ARMMMUIdx_Stage2 = 9 | ARM_MMU_IDX_A,
40
+
41
+ /* TLBs with 1-1 mapping to the physical address spaces. */
42
+ ARMMMUIdx_Phys_S = 10 | ARM_MMU_IDX_A,
43
+ ARMMMUIdx_Phys_NS = 11 | ARM_MMU_IDX_A,
44
45
/*
46
* These are not allocated TLBs and are used only for AT system
47
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
48
index XXXXXXX..XXXXXXX 100644
49
--- a/target/arm/ptw.c
50
+++ b/target/arm/ptw.c
51
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
52
descaddr |= (address >> (stride * (4 - level))) & indexmask;
53
descaddr &= ~7ULL;
54
nstable = !regime_is_stage2(mmu_idx) && extract32(tableattrs, 4, 1);
55
- if (nstable) {
56
+ if (nstable && ptw->in_secure) {
57
/*
58
* Stage2_S -> Stage2 or Phys_S -> Phys_NS
59
- * Assert that the non-secure idx are even, and relative order.
60
+ * Assert the relative order of the secure/non-secure indexes.
61
*/
62
- QEMU_BUILD_BUG_ON((ARMMMUIdx_Phys_NS & 1) != 0);
63
- QEMU_BUILD_BUG_ON((ARMMMUIdx_Stage2 & 1) != 0);
64
- QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_NS + 1 != ARMMMUIdx_Phys_S);
65
- QEMU_BUILD_BUG_ON(ARMMMUIdx_Stage2 + 1 != ARMMMUIdx_Stage2_S);
66
- ptw->in_ptw_idx &= ~1;
67
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_S + 1 != ARMMMUIdx_Phys_NS);
68
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Stage2_S + 1 != ARMMMUIdx_Stage2);
69
+ ptw->in_ptw_idx += 1;
70
ptw->in_secure = false;
27
}
71
}
28
72
if (!S1_ptw_translate(env, ptw, descaddr, fi)) {
29
- /* 4 bytes for the CRC. */
30
- size += 4;
31
crc = cpu_to_be32(crc32(~0, buf, size));
32
+ /* Increase size by 4, loop below reads the last 4 bytes from crc_ptr. */
33
+ size += 4;
34
crc_ptr = (uint8_t *) &crc;
35
36
/* Huge frames are truncated. */
37
@@ -XXX,XX +XXX,XX @@ static ssize_t imx_enet_receive(NetClientState *nc, const uint8_t *buf,
38
return 0;
39
}
40
41
- /* 4 bytes for the CRC. */
42
- size += 4;
43
crc = cpu_to_be32(crc32(~0, buf, size));
44
+ /* Increase size by 4, loop below reads the last 4 bytes from crc_ptr. */
45
+ size += 4;
46
crc_ptr = (uint8_t *) &crc;
47
48
if (shift16) {
49
--
73
--
50
2.25.1
74
2.34.1
diff view generated by jsdifflib
1
From: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
All constants are taken from the ARM Cortex-R52 Processor TRM Revision: r1p3
3
With FEAT_RME, there are four physical address spaces.
4
For now, just define the symbols, and mention them in
5
the same spots as the other Phys indexes in ptw.c.
4
6
5
Signed-off-by: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Message-id: 20221206102504.165775-8-tobias.roehmel@rwth-aachen.de
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20230620124418.805717-9-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
12
---
10
target/arm/cpu_tcg.c | 42 ++++++++++++++++++++++++++++++++++++++++++
13
target/arm/cpu.h | 23 +++++++++++++++++++++--
11
1 file changed, 42 insertions(+)
14
target/arm/ptw.c | 10 ++++++++--
15
2 files changed, 29 insertions(+), 4 deletions(-)
12
16
13
diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
17
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
14
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/cpu_tcg.c
19
--- a/target/arm/cpu.h
16
+++ b/target/arm/cpu_tcg.c
20
+++ b/target/arm/cpu.h
17
@@ -XXX,XX +XXX,XX @@ static void cortex_r5_initfn(Object *obj)
21
@@ -XXX,XX +XXX,XX @@ typedef enum ARMMMUIdx {
18
define_arm_cp_regs(cpu, cortexr5_cp_reginfo);
22
ARMMMUIdx_Stage2 = 9 | ARM_MMU_IDX_A,
19
}
23
20
24
/* TLBs with 1-1 mapping to the physical address spaces. */
21
+static void cortex_r52_initfn(Object *obj)
25
- ARMMMUIdx_Phys_S = 10 | ARM_MMU_IDX_A,
26
- ARMMMUIdx_Phys_NS = 11 | ARM_MMU_IDX_A,
27
+ ARMMMUIdx_Phys_S = 10 | ARM_MMU_IDX_A,
28
+ ARMMMUIdx_Phys_NS = 11 | ARM_MMU_IDX_A,
29
+ ARMMMUIdx_Phys_Root = 12 | ARM_MMU_IDX_A,
30
+ ARMMMUIdx_Phys_Realm = 13 | ARM_MMU_IDX_A,
31
32
/*
33
* These are not allocated TLBs and are used only for AT system
34
@@ -XXX,XX +XXX,XX @@ typedef enum ARMASIdx {
35
ARMASIdx_TagS = 3,
36
} ARMASIdx;
37
38
+static inline ARMMMUIdx arm_space_to_phys(ARMSecuritySpace space)
22
+{
39
+{
23
+ ARMCPU *cpu = ARM_CPU(obj);
40
+ /* Assert the relative order of the physical mmu indexes. */
41
+ QEMU_BUILD_BUG_ON(ARMSS_Secure != 0);
42
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_NS != ARMMMUIdx_Phys_S + ARMSS_NonSecure);
43
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_Root != ARMMMUIdx_Phys_S + ARMSS_Root);
44
+ QEMU_BUILD_BUG_ON(ARMMMUIdx_Phys_Realm != ARMMMUIdx_Phys_S + ARMSS_Realm);
24
+
45
+
25
+ set_feature(&cpu->env, ARM_FEATURE_V8);
46
+ return ARMMMUIdx_Phys_S + space;
26
+ set_feature(&cpu->env, ARM_FEATURE_EL2);
27
+ set_feature(&cpu->env, ARM_FEATURE_PMSA);
28
+ set_feature(&cpu->env, ARM_FEATURE_NEON);
29
+ set_feature(&cpu->env, ARM_FEATURE_GENERIC_TIMER);
30
+ cpu->midr = 0x411fd133; /* r1p3 */
31
+ cpu->revidr = 0x00000000;
32
+ cpu->reset_fpsid = 0x41034023;
33
+ cpu->isar.mvfr0 = 0x10110222;
34
+ cpu->isar.mvfr1 = 0x12111111;
35
+ cpu->isar.mvfr2 = 0x00000043;
36
+ cpu->ctr = 0x8144c004;
37
+ cpu->reset_sctlr = 0x30c50838;
38
+ cpu->isar.id_pfr0 = 0x00000131;
39
+ cpu->isar.id_pfr1 = 0x10111001;
40
+ cpu->isar.id_dfr0 = 0x03010006;
41
+ cpu->id_afr0 = 0x00000000;
42
+ cpu->isar.id_mmfr0 = 0x00211040;
43
+ cpu->isar.id_mmfr1 = 0x40000000;
44
+ cpu->isar.id_mmfr2 = 0x01200000;
45
+ cpu->isar.id_mmfr3 = 0xf0102211;
46
+ cpu->isar.id_mmfr4 = 0x00000010;
47
+ cpu->isar.id_isar0 = 0x02101110;
48
+ cpu->isar.id_isar1 = 0x13112111;
49
+ cpu->isar.id_isar2 = 0x21232142;
50
+ cpu->isar.id_isar3 = 0x01112131;
51
+ cpu->isar.id_isar4 = 0x00010142;
52
+ cpu->isar.id_isar5 = 0x00010001;
53
+ cpu->isar.dbgdidr = 0x77168000;
54
+ cpu->clidr = (1 << 27) | (1 << 24) | 0x3;
55
+ cpu->ccsidr[0] = 0x700fe01a; /* 32KB L1 dcache */
56
+ cpu->ccsidr[1] = 0x201fe00a; /* 32KB L1 icache */
57
+
58
+ cpu->pmsav7_dregion = 16;
59
+ cpu->pmsav8r_hdregion = 16;
60
+}
47
+}
61
+
48
+
62
static void cortex_r5f_initfn(Object *obj)
49
+static inline ARMSecuritySpace arm_phys_to_space(ARMMMUIdx idx)
50
+{
51
+ assert(idx >= ARMMMUIdx_Phys_S && idx <= ARMMMUIdx_Phys_Realm);
52
+ return idx - ARMMMUIdx_Phys_S;
53
+}
54
+
55
static inline bool arm_v7m_csselr_razwi(ARMCPU *cpu)
63
{
56
{
64
ARMCPU *cpu = ARM_CPU(obj);
57
/* If all the CLIDR.Ctypem bits are 0 there are no caches, and
65
@@ -XXX,XX +XXX,XX @@ static const ARMCPUInfo arm_tcg_cpus[] = {
58
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
66
.class_init = arm_v7m_class_init },
59
index XXXXXXX..XXXXXXX 100644
67
{ .name = "cortex-r5", .initfn = cortex_r5_initfn },
60
--- a/target/arm/ptw.c
68
{ .name = "cortex-r5f", .initfn = cortex_r5f_initfn },
61
+++ b/target/arm/ptw.c
69
+ { .name = "cortex-r52", .initfn = cortex_r52_initfn },
62
@@ -XXX,XX +XXX,XX @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
70
{ .name = "ti925t", .initfn = ti925t_initfn },
63
case ARMMMUIdx_E3:
71
{ .name = "sa1100", .initfn = sa1100_initfn },
64
break;
72
{ .name = "sa1110", .initfn = sa1110_initfn },
65
66
- case ARMMMUIdx_Phys_NS:
67
case ARMMMUIdx_Phys_S:
68
+ case ARMMMUIdx_Phys_NS:
69
+ case ARMMMUIdx_Phys_Root:
70
+ case ARMMMUIdx_Phys_Realm:
71
/* No translation for physical address spaces. */
72
return true;
73
74
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
75
switch (mmu_idx) {
76
case ARMMMUIdx_Stage2:
77
case ARMMMUIdx_Stage2_S:
78
- case ARMMMUIdx_Phys_NS:
79
case ARMMMUIdx_Phys_S:
80
+ case ARMMMUIdx_Phys_NS:
81
+ case ARMMMUIdx_Phys_Root:
82
+ case ARMMMUIdx_Phys_Realm:
83
break;
84
85
default:
86
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
87
switch (mmu_idx) {
88
case ARMMMUIdx_Phys_S:
89
case ARMMMUIdx_Phys_NS:
90
+ case ARMMMUIdx_Phys_Root:
91
+ case ARMMMUIdx_Phys_Realm:
92
/* Checking Phys early avoids special casing later vs regime_el. */
93
return get_phys_addr_disabled(env, address, access_type, mmu_idx,
94
is_secure, result, fi);
73
--
95
--
74
2.25.1
96
2.34.1
75
97
76
98
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <philmd@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
3
This was added in 7e98e21c098 as part of a reorg in which
4
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
4
one of the argument had been legally NULL, and this caught
5
Message-id: 20221220142520.24094-3-philmd@linaro.org
5
actual instances. Now that the reorg is complete, this
6
serves little purpose.
7
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
10
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Message-id: 20230620124418.805717-10-richard.henderson@linaro.org
6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
---
13
---
8
hw/arm/nseries.c | 18 +++++++++---------
14
target/arm/ptw.c | 6 ++----
9
1 file changed, 9 insertions(+), 9 deletions(-)
15
1 file changed, 2 insertions(+), 4 deletions(-)
10
16
11
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
17
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
12
index XXXXXXX..XXXXXXX 100644
18
index XXXXXXX..XXXXXXX 100644
13
--- a/hw/arm/nseries.c
19
--- a/target/arm/ptw.c
14
+++ b/hw/arm/nseries.c
20
+++ b/target/arm/ptw.c
15
@@ -XXX,XX +XXX,XX @@ static void n8x0_i2c_setup(struct n800_s *s)
21
@@ -XXX,XX +XXX,XX @@ typedef struct S1Translate {
16
}
22
static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
17
23
uint64_t address,
18
/* Touchscreen and keypad controller */
24
MMUAccessType access_type, bool s1_is_el0,
19
-static MouseTransformInfo n800_pointercal = {
25
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
20
+static const MouseTransformInfo n800_pointercal = {
26
- __attribute__((nonnull));
21
.x = 800,
27
+ GetPhysAddrResult *result, ARMMMUFaultInfo *fi);
22
.y = 480,
28
23
.a = { 14560, -68, -3455208, -39, -9621, 35152972, 65536 },
29
static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
24
};
30
target_ulong address,
25
31
MMUAccessType access_type,
26
-static MouseTransformInfo n810_pointercal = {
32
GetPhysAddrResult *result,
27
+static const MouseTransformInfo n810_pointercal = {
33
- ARMMMUFaultInfo *fi)
28
.x = 800,
34
- __attribute__((nonnull));
29
.y = 480,
35
+ ARMMMUFaultInfo *fi);
30
.a = { 15041, 148, -4731056, 171, -10238, 35933380, 65536 },
36
31
@@ -XXX,XX +XXX,XX @@ static void n810_key_event(void *opaque, int keycode)
37
/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
32
38
static const uint8_t pamax_map[] = {
33
#define M    0
34
35
-static int n810_keys[0x80] = {
36
+static const int n810_keys[0x80] = {
37
[0x01] = 16,    /* Q */
38
[0x02] = 37,    /* K */
39
[0x03] = 24,    /* O */
40
@@ -XXX,XX +XXX,XX @@ static void n8x0_usb_setup(struct n800_s *s)
41
/* Setup done before the main bootloader starts by some early setup code
42
* - used when we want to run the main bootloader in emulation. This
43
* isn't documented. */
44
-static uint32_t n800_pinout[104] = {
45
+static const uint32_t n800_pinout[104] = {
46
0x080f00d8, 0x00d40808, 0x03080808, 0x080800d0,
47
0x00dc0808, 0x0b0f0f00, 0x080800b4, 0x00c00808,
48
0x08080808, 0x180800c4, 0x00b80000, 0x08080808,
49
@@ -XXX,XX +XXX,XX @@ static void n8x0_boot_init(void *opaque)
50
#define OMAP_TAG_CBUS        0x4e03
51
#define OMAP_TAG_EM_ASIC_BB5    0x4e04
52
53
-static struct omap_gpiosw_info_s {
54
+static const struct omap_gpiosw_info_s {
55
const char *name;
56
int line;
57
int type;
58
@@ -XXX,XX +XXX,XX @@ static struct omap_gpiosw_info_s {
59
{ NULL }
60
};
61
62
-static struct omap_partition_info_s {
63
+static const struct omap_partition_info_s {
64
uint32_t offset;
65
uint32_t size;
66
int mask;
67
@@ -XXX,XX +XXX,XX @@ static struct omap_partition_info_s {
68
{ 0, 0, 0, NULL }
69
};
70
71
-static uint8_t n8x0_bd_addr[6] = { N8X0_BD_ADDR };
72
+static const uint8_t n8x0_bd_addr[6] = { N8X0_BD_ADDR };
73
74
static int n8x0_atag_setup(void *p, int model)
75
{
76
uint8_t *b;
77
uint16_t *w;
78
uint32_t *l;
79
- struct omap_gpiosw_info_s *gpiosw;
80
- struct omap_partition_info_s *partition;
81
+ const struct omap_gpiosw_info_s *gpiosw;
82
+ const struct omap_partition_info_s *partition;
83
const char *tag;
84
85
w = p;
86
--
39
--
87
2.25.1
40
2.34.1
88
41
89
42
diff view generated by jsdifflib
1
From: Fabiano Rosas <farosas@suse.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Fix these:
3
Add input and output space members to S1Translate. Set and adjust
4
them in S1_ptw_translate, and the various points at which we drop
5
secure state. Initialize the space in get_phys_addr; for now leave
6
get_phys_addr_with_secure considering only secure vs non-secure spaces.
4
7
5
WARNING: Block comments use a leading /* on a separate line
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
WARNING: Block comments use * on subsequent lines
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
7
WARNING: Block comments use a trailing */ on a separate line
10
Message-id: 20230620124418.805717-11-richard.henderson@linaro.org
8
9
Signed-off-by: Fabiano Rosas <farosas@suse.de>
10
Reviewed-by: Claudio Fontana <cfontana@suse.de>
11
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
12
Message-id: 20221213190537.511-2-farosas@suse.de
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
12
---
15
target/arm/helper.c | 323 +++++++++++++++++++++++++++++---------------
13
target/arm/ptw.c | 86 +++++++++++++++++++++++++++++++++++++++---------
16
1 file changed, 215 insertions(+), 108 deletions(-)
14
1 file changed, 71 insertions(+), 15 deletions(-)
17
15
18
diff --git a/target/arm/helper.c b/target/arm/helper.c
16
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
19
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/helper.c
18
--- a/target/arm/ptw.c
21
+++ b/target/arm/helper.c
19
+++ b/target/arm/ptw.c
22
@@ -XXX,XX +XXX,XX @@ uint64_t read_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri)
20
@@ -XXX,XX +XXX,XX @@
23
static void write_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri,
21
typedef struct S1Translate {
24
uint64_t v)
22
ARMMMUIdx in_mmu_idx;
23
ARMMMUIdx in_ptw_idx;
24
+ ARMSecuritySpace in_space;
25
bool in_secure;
26
bool in_debug;
27
bool out_secure;
28
bool out_rw;
29
bool out_be;
30
+ ARMSecuritySpace out_space;
31
hwaddr out_virt;
32
hwaddr out_phys;
33
void *out_host;
34
@@ -XXX,XX +XXX,XX @@ static bool S2_attrs_are_device(uint64_t hcr, uint8_t attrs)
35
static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
36
hwaddr addr, ARMMMUFaultInfo *fi)
25
{
37
{
26
- /* Raw write of a coprocessor register (as needed for migration, etc).
38
+ ARMSecuritySpace space = ptw->in_space;
27
+ /*
39
bool is_secure = ptw->in_secure;
28
+ * Raw write of a coprocessor register (as needed for migration, etc).
40
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
29
* Note that constant registers are treated as write-ignored; the
41
ARMMMUIdx s2_mmu_idx = ptw->in_ptw_idx;
30
* caller should check for success by whether a readback gives the
42
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
31
* value written.
43
.in_mmu_idx = s2_mmu_idx,
32
@@ -XXX,XX +XXX,XX @@ static void write_raw_cp_reg(CPUARMState *env, const ARMCPRegInfo *ri,
44
.in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
33
45
.in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
34
static bool raw_accessors_invalid(const ARMCPRegInfo *ri)
46
+ .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure
35
{
47
+ : space == ARMSS_Realm ? ARMSS_Realm
36
- /* Return true if the regdef would cause an assertion if you called
48
+ : ARMSS_NonSecure),
37
+ /*
49
.in_debug = true,
38
+ * Return true if the regdef would cause an assertion if you called
50
};
39
* read_raw_cp_reg() or write_raw_cp_reg() on it (ie if it is a
51
GetPhysAddrResult s2 = { };
40
* program bug for it not to have the NO_RAW flag).
52
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
41
* NB that returning false here doesn't necessarily mean that calling
53
ptw->out_phys = s2.f.phys_addr;
42
@@ -XXX,XX +XXX,XX @@ bool write_list_to_cpustate(ARMCPU *cpu)
54
pte_attrs = s2.cacheattrs.attrs;
43
if (ri->type & ARM_CP_NO_RAW) {
55
ptw->out_secure = s2.f.attrs.secure;
44
continue;
56
+ ptw->out_space = s2.f.attrs.space;
57
} else {
58
/* Regime is physical. */
59
ptw->out_phys = addr;
60
pte_attrs = 0;
61
ptw->out_secure = s2_mmu_idx == ARMMMUIdx_Phys_S;
62
+ ptw->out_space = (s2_mmu_idx == ARMMMUIdx_Phys_S ? ARMSS_Secure
63
+ : space == ARMSS_Realm ? ARMSS_Realm
64
+ : ARMSS_NonSecure);
45
}
65
}
46
- /* Write value and confirm it reads back as written
66
ptw->out_host = NULL;
47
+ /*
67
ptw->out_rw = false;
48
+ * Write value and confirm it reads back as written
68
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
49
* (to catch read-only registers and partially read-only
69
ptw->out_rw = full->prot & PAGE_WRITE;
50
* registers where the incoming migration value doesn't match)
70
pte_attrs = full->pte_attrs;
51
*/
71
ptw->out_secure = full->attrs.secure;
52
@@ -XXX,XX +XXX,XX @@ static gint cpreg_key_compare(gconstpointer a, gconstpointer b)
72
+ ptw->out_space = full->attrs.space;
53
54
void init_cpreg_list(ARMCPU *cpu)
55
{
56
- /* Initialise the cpreg_tuples[] array based on the cp_regs hash.
57
+ /*
58
+ * Initialise the cpreg_tuples[] array based on the cp_regs hash.
59
* Note that we require cpreg_tuples[] to be sorted by key ID.
60
*/
61
GList *keys;
62
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_el3_aa32ns(CPUARMState *env,
63
return CP_ACCESS_OK;
64
}
65
66
-/* Some secure-only AArch32 registers trap to EL3 if used from
67
+/*
68
+ * Some secure-only AArch32 registers trap to EL3 if used from
69
* Secure EL1 (but are just ordinary UNDEF in other non-EL3 contexts).
70
* Note that an access from Secure EL1 can only happen if EL3 is AArch64.
71
* We assume that the .access field is set to PL1_RW.
72
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_trap_aa32s_el1(CPUARMState *env,
73
return CP_ACCESS_TRAP_UNCATEGORIZED;
74
}
75
76
-/* Check for traps to performance monitor registers, which are controlled
77
+/*
78
+ * Check for traps to performance monitor registers, which are controlled
79
* by MDCR_EL2.TPM for EL2 and MDCR_EL3.TPM for EL3.
80
*/
81
static CPAccessResult access_tpm(CPUARMState *env, const ARMCPRegInfo *ri,
82
@@ -XXX,XX +XXX,XX @@ static void fcse_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
83
ARMCPU *cpu = env_archcpu(env);
84
85
if (raw_read(env, ri) != value) {
86
- /* Unlike real hardware the qemu TLB uses virtual addresses,
87
+ /*
88
+ * Unlike real hardware the qemu TLB uses virtual addresses,
89
* not modified virtual addresses, so this causes a TLB flush.
90
*/
91
tlb_flush(CPU(cpu));
92
@@ -XXX,XX +XXX,XX @@ static void contextidr_write(CPUARMState *env, const ARMCPRegInfo *ri,
93
94
if (raw_read(env, ri) != value && !arm_feature(env, ARM_FEATURE_PMSA)
95
&& !extended_addresses_enabled(env)) {
96
- /* For VMSA (when not using the LPAE long descriptor page table
97
+ /*
98
+ * For VMSA (when not using the LPAE long descriptor page table
99
* format) this register includes the ASID, so do a TLB flush.
100
* For PMSA it is purely a process ID and no action is needed.
101
*/
102
@@ -XXX,XX +XXX,XX @@ static void tlbiipas2is_hyp_write(CPUARMState *env, const ARMCPRegInfo *ri,
103
}
104
105
static const ARMCPRegInfo cp_reginfo[] = {
106
- /* Define the secure and non-secure FCSE identifier CP registers
107
+ /*
108
+ * Define the secure and non-secure FCSE identifier CP registers
109
* separately because there is no secure bank in V8 (no _EL3). This allows
110
* the secure register to be properly reset and migrated. There is also no
111
* v8 EL1 version of the register so the non-secure instance stands alone.
112
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cp_reginfo[] = {
113
.access = PL1_RW, .secure = ARM_CP_SECSTATE_S,
114
.fieldoffset = offsetof(CPUARMState, cp15.fcseidr_s),
115
.resetvalue = 0, .writefn = fcse_write, .raw_writefn = raw_write, },
116
- /* Define the secure and non-secure context identifier CP registers
117
+ /*
118
+ * Define the secure and non-secure context identifier CP registers
119
* separately because there is no secure bank in V8 (no _EL3). This allows
120
* the secure register to be properly reset and migrated. In the
121
* non-secure case, the 32-bit register will have reset and migration
122
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cp_reginfo[] = {
123
};
124
125
static const ARMCPRegInfo not_v8_cp_reginfo[] = {
126
- /* NB: Some of these registers exist in v8 but with more precise
127
+ /*
128
+ * NB: Some of these registers exist in v8 but with more precise
129
* definitions that don't use CP_ANY wildcards (mostly in v8_cp_reginfo[]).
130
*/
131
/* MMU Domain access control / MPU write buffer control */
132
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo not_v8_cp_reginfo[] = {
133
.writefn = dacr_write, .raw_writefn = raw_write,
134
.bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.dacr_s),
135
offsetoflow32(CPUARMState, cp15.dacr_ns) } },
136
- /* ARMv7 allocates a range of implementation defined TLB LOCKDOWN regs.
137
+ /*
138
+ * ARMv7 allocates a range of implementation defined TLB LOCKDOWN regs.
139
* For v6 and v5, these mappings are overly broad.
140
*/
141
{ .name = "TLB_LOCKDOWN", .cp = 15, .crn = 10, .crm = 0,
142
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo not_v8_cp_reginfo[] = {
143
};
144
145
static const ARMCPRegInfo not_v6_cp_reginfo[] = {
146
- /* Not all pre-v6 cores implemented this WFI, so this is slightly
147
+ /*
148
+ * Not all pre-v6 cores implemented this WFI, so this is slightly
149
* over-broad.
150
*/
151
{ .name = "WFI_v5", .cp = 15, .crn = 7, .crm = 8, .opc1 = 0, .opc2 = 2,
152
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo not_v6_cp_reginfo[] = {
153
};
154
155
static const ARMCPRegInfo not_v7_cp_reginfo[] = {
156
- /* Standard v6 WFI (also used in some pre-v6 cores); not in v7 (which
157
+ /*
158
+ * Standard v6 WFI (also used in some pre-v6 cores); not in v7 (which
159
* is UNPREDICTABLE; we choose to NOP as most implementations do).
160
*/
161
{ .name = "WFI_v6", .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
162
.access = PL1_W, .type = ARM_CP_WFI },
163
- /* L1 cache lockdown. Not architectural in v6 and earlier but in practice
164
+ /*
165
+ * L1 cache lockdown. Not architectural in v6 and earlier but in practice
166
* implemented in 926, 946, 1026, 1136, 1176 and 11MPCore. StrongARM and
167
* OMAPCP will override this space.
168
*/
169
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo not_v7_cp_reginfo[] = {
170
{ .name = "DUMMY", .cp = 15, .crn = 0, .crm = 0, .opc1 = 1, .opc2 = CP_ANY,
171
.access = PL1_R, .type = ARM_CP_CONST | ARM_CP_NO_RAW,
172
.resetvalue = 0 },
173
- /* We don't implement pre-v7 debug but most CPUs had at least a DBGDIDR;
174
+ /*
175
+ * We don't implement pre-v7 debug but most CPUs had at least a DBGDIDR;
176
* implementing it as RAZ means the "debug architecture version" bits
177
* will read as a reserved value, which should cause Linux to not try
178
* to use the debug hardware.
179
*/
180
{ .name = "DBGDIDR", .cp = 14, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 0,
181
.access = PL0_R, .type = ARM_CP_CONST, .resetvalue = 0 },
182
- /* MMU TLB control. Note that the wildcarding means we cover not just
183
+ /*
184
+ * MMU TLB control. Note that the wildcarding means we cover not just
185
* the unified TLB ops but also the dside/iside/inner-shareable variants.
186
*/
187
{ .name = "TLBIALL", .cp = 15, .crn = 8, .crm = CP_ANY,
188
@@ -XXX,XX +XXX,XX @@ static void cpacr_write(CPUARMState *env, const ARMCPRegInfo *ri,
189
190
/* In ARMv8 most bits of CPACR_EL1 are RES0. */
191
if (!arm_feature(env, ARM_FEATURE_V8)) {
192
- /* ARMv7 defines bits for unimplemented coprocessors as RAZ/WI.
193
+ /*
194
+ * ARMv7 defines bits for unimplemented coprocessors as RAZ/WI.
195
* ASEDIS [31] and D32DIS [30] are both UNK/SBZP without VFP.
196
* TRCDIS [28] is RAZ/WI since we do not implement a trace macrocell.
197
*/
198
@@ -XXX,XX +XXX,XX @@ static void cpacr_write(CPUARMState *env, const ARMCPRegInfo *ri,
199
value |= R_CPACR_ASEDIS_MASK;
200
}
201
202
- /* VFPv3 and upwards with NEON implement 32 double precision
203
+ /*
204
+ * VFPv3 and upwards with NEON implement 32 double precision
205
* registers (D0-D31).
206
*/
207
if (!cpu_isar_feature(aa32_simd_r32, env_archcpu(env))) {
208
@@ -XXX,XX +XXX,XX @@ static uint64_t cpacr_read(CPUARMState *env, const ARMCPRegInfo *ri)
209
210
static void cpacr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
211
{
212
- /* Call cpacr_write() so that we reset with the correct RAO bits set
213
+ /*
214
+ * Call cpacr_write() so that we reset with the correct RAO bits set
215
* for our CPU features.
216
*/
217
cpacr_write(env, ri, 0);
218
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
219
{ .name = "MVA_prefetch",
220
.cp = 15, .crn = 7, .crm = 13, .opc1 = 0, .opc2 = 1,
221
.access = PL1_W, .type = ARM_CP_NOP },
222
- /* We need to break the TB after ISB to execute self-modifying code
223
+ /*
224
+ * We need to break the TB after ISB to execute self-modifying code
225
* correctly and also to take any pending interrupts immediately.
226
* So use arm_cp_write_ignore() function instead of ARM_CP_NOP flag.
227
*/
228
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
229
.bank_fieldoffsets = { offsetof(CPUARMState, cp15.ifar_s),
230
offsetof(CPUARMState, cp15.ifar_ns) },
231
.resetvalue = 0, },
232
- /* Watchpoint Fault Address Register : should actually only be present
233
+ /*
234
+ * Watchpoint Fault Address Register : should actually only be present
235
* for 1136, 1176, 11MPCore.
236
*/
237
{ .name = "WFAR", .cp = 15, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 1,
238
@@ -XXX,XX +XXX,XX @@ static bool event_supported(uint16_t number)
239
static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri,
240
bool isread)
241
{
242
- /* Performance monitor registers user accessibility is controlled
243
+ /*
244
+ * Performance monitor registers user accessibility is controlled
245
* by PMUSERENR. MDCR_EL2.TPM and MDCR_EL3.TPM allow configurable
246
* trapping to EL2 or EL3 for other accesses.
247
*/
248
@@ -XXX,XX +XXX,XX @@ static CPAccessResult pmreg_access_ccntr(CPUARMState *env,
249
(MDCR_HPME | MDCR_HPMD | MDCR_HPMN | MDCR_HCCD | MDCR_HLP)
250
#define MDCR_EL3_PMU_ENABLE_BITS (MDCR_SPME | MDCR_SCCD)
251
252
-/* Returns true if the counter (pass 31 for PMCCNTR) should count events using
253
+/*
254
+ * Returns true if the counter (pass 31 for PMCCNTR) should count events using
255
* the current EL, security state, and register configuration.
256
*/
257
static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)
258
@@ -XXX,XX +XXX,XX @@ static uint64_t pmccntr_read(CPUARMState *env, const ARMCPRegInfo *ri)
259
static void pmselr_write(CPUARMState *env, const ARMCPRegInfo *ri,
260
uint64_t value)
261
{
262
- /* The value of PMSELR.SEL affects the behavior of PMXEVTYPER and
263
+ /*
264
+ * The value of PMSELR.SEL affects the behavior of PMXEVTYPER and
265
* PMXEVCNTR. We allow [0..31] to be written to PMSELR here; in the
266
* meanwhile, we check PMSELR.SEL when PMXEVTYPER and PMXEVCNTR are
267
* accessed.
268
@@ -XXX,XX +XXX,XX @@ static void pmevtyper_write(CPUARMState *env, const ARMCPRegInfo *ri,
269
env->cp15.c14_pmevtyper[counter] = value & PMXEVTYPER_MASK;
270
pmevcntr_op_finish(env, counter);
271
}
272
- /* Attempts to access PMXEVTYPER are CONSTRAINED UNPREDICTABLE when
273
+ /*
274
+ * Attempts to access PMXEVTYPER are CONSTRAINED UNPREDICTABLE when
275
* PMSELR value is equal to or greater than the number of implemented
276
* counters, but not equal to 0x1f. We opt to behave as a RAZ/WI.
277
*/
278
@@ -XXX,XX +XXX,XX @@ static uint64_t pmevcntr_read(CPUARMState *env, const ARMCPRegInfo *ri,
279
}
280
return ret;
281
} else {
282
- /* We opt to behave as a RAZ/WI when attempts to access PM[X]EVCNTR
283
- * are CONSTRAINED UNPREDICTABLE. */
284
+ /*
285
+ * We opt to behave as a RAZ/WI when attempts to access PM[X]EVCNTR
286
+ * are CONSTRAINED UNPREDICTABLE.
287
+ */
288
return 0;
289
}
290
}
291
@@ -XXX,XX +XXX,XX @@ static void pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
292
static void vbar_write(CPUARMState *env, const ARMCPRegInfo *ri,
293
uint64_t value)
294
{
295
- /* Note that even though the AArch64 view of this register has bits
296
+ /*
297
+ * Note that even though the AArch64 view of this register has bits
298
* [10:0] all RES0 we can only mask the bottom 5, to comply with the
299
* architectural requirements for bits which are RES0 only in some
300
* contexts. (ARMv8 would permit us to do no masking at all, but ARMv7
301
@@ -XXX,XX +XXX,XX @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
302
if (!arm_feature(env, ARM_FEATURE_EL2)) {
303
valid_mask &= ~SCR_HCE;
304
305
- /* On ARMv7, SMD (or SCD as it is called in v7) is only
306
+ /*
307
+ * On ARMv7, SMD (or SCD as it is called in v7) is only
308
* supported if EL2 exists. The bit is UNK/SBZP when
309
* EL2 is unavailable. In QEMU ARMv7, we force it to always zero
310
* when EL2 is unavailable.
311
@@ -XXX,XX +XXX,XX @@ static uint64_t ccsidr_read(CPUARMState *env, const ARMCPRegInfo *ri)
312
{
313
ARMCPU *cpu = env_archcpu(env);
314
315
- /* Acquire the CSSELR index from the bank corresponding to the CCSIDR
316
+ /*
317
+ * Acquire the CSSELR index from the bank corresponding to the CCSIDR
318
* bank
319
*/
320
uint32_t index = A32_BANKED_REG_GET(env, csselr,
321
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
322
/* the old v6 WFI, UNPREDICTABLE in v7 but we choose to NOP */
323
{ .name = "NOP", .cp = 15, .crn = 7, .crm = 0, .opc1 = 0, .opc2 = 4,
324
.access = PL1_W, .type = ARM_CP_NOP },
325
- /* Performance monitors are implementation defined in v7,
326
+ /*
327
+ * Performance monitors are implementation defined in v7,
328
* but with an ARM recommended set of registers, which we
329
* follow.
330
*
331
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
332
.writefn = csselr_write, .resetvalue = 0,
333
.bank_fieldoffsets = { offsetof(CPUARMState, cp15.csselr_s),
334
offsetof(CPUARMState, cp15.csselr_ns) } },
335
- /* Auxiliary ID register: this actually has an IMPDEF value but for now
336
+ /*
337
+ * Auxiliary ID register: this actually has an IMPDEF value but for now
338
* just RAZ for all cores:
339
*/
340
{ .name = "AIDR", .state = ARM_CP_STATE_BOTH,
341
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
342
.access = PL1_R, .type = ARM_CP_CONST,
343
.accessfn = access_aa64_tid1,
344
.resetvalue = 0 },
345
- /* Auxiliary fault status registers: these also are IMPDEF, and we
346
+ /*
347
+ * Auxiliary fault status registers: these also are IMPDEF, and we
348
* choose to RAZ/WI for all cores.
349
*/
350
{ .name = "AFSR0_EL1", .state = ARM_CP_STATE_BOTH,
351
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
352
.opc0 = 3, .opc1 = 0, .crn = 5, .crm = 1, .opc2 = 1,
353
.access = PL1_RW, .accessfn = access_tvm_trvm,
354
.type = ARM_CP_CONST, .resetvalue = 0 },
355
- /* MAIR can just read-as-written because we don't implement caches
356
+ /*
357
+ * MAIR can just read-as-written because we don't implement caches
358
* and so don't need to care about memory attributes.
359
*/
360
{ .name = "MAIR_EL1", .state = ARM_CP_STATE_AA64,
361
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
362
.opc0 = 3, .opc1 = 6, .crn = 10, .crm = 2, .opc2 = 0,
363
.access = PL3_RW, .fieldoffset = offsetof(CPUARMState, cp15.mair_el[3]),
364
.resetvalue = 0 },
365
- /* For non-long-descriptor page tables these are PRRR and NMRR;
366
+ /*
367
+ * For non-long-descriptor page tables these are PRRR and NMRR;
368
* regardless they still act as reads-as-written for QEMU.
369
*/
370
- /* MAIR0/1 are defined separately from their 64-bit counterpart which
371
+ /*
372
+ * MAIR0/1 are defined separately from their 64-bit counterpart which
373
* allows them to assign the correct fieldoffset based on the endianness
374
* handled in the field definitions.
375
*/
376
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v6k_cp_reginfo[] = {
377
static CPAccessResult gt_cntfrq_access(CPUARMState *env, const ARMCPRegInfo *ri,
378
bool isread)
379
{
380
- /* CNTFRQ: not visible from PL0 if both PL0PCTEN and PL0VCTEN are zero.
381
+ /*
382
+ * CNTFRQ: not visible from PL0 if both PL0PCTEN and PL0VCTEN are zero.
383
* Writable only at the highest implemented exception level.
384
*/
385
int el = arm_current_el(env);
386
@@ -XXX,XX +XXX,XX @@ static CPAccessResult gt_stimer_access(CPUARMState *env,
387
const ARMCPRegInfo *ri,
388
bool isread)
389
{
390
- /* The AArch64 register view of the secure physical timer is
391
+ /*
392
+ * The AArch64 register view of the secure physical timer is
393
* always accessible from EL3, and configurably accessible from
394
* Secure EL1.
395
*/
396
@@ -XXX,XX +XXX,XX @@ static void gt_recalc_timer(ARMCPU *cpu, int timeridx)
397
ARMGenericTimer *gt = &cpu->env.cp15.c14_timer[timeridx];
398
399
if (gt->ctl & 1) {
400
- /* Timer enabled: calculate and set current ISTATUS, irq, and
401
+ /*
402
+ * Timer enabled: calculate and set current ISTATUS, irq, and
403
* reset timer to when ISTATUS next has to change
404
*/
405
uint64_t offset = timeridx == GTIMER_VIRT ?
406
@@ -XXX,XX +XXX,XX @@ static void gt_recalc_timer(ARMCPU *cpu, int timeridx)
407
/* Next transition is when we hit cval */
408
nexttick = gt->cval + offset;
409
}
410
- /* Note that the desired next expiry time might be beyond the
411
+ /*
412
+ * Note that the desired next expiry time might be beyond the
413
* signed-64-bit range of a QEMUTimer -- in this case we just
414
* set the timer for as far in the future as possible. When the
415
* timer expires we will reset the timer for any remaining period.
416
@@ -XXX,XX +XXX,XX @@ static void gt_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri,
417
/* Enable toggled */
418
gt_recalc_timer(cpu, timeridx);
419
} else if ((oldval ^ value) & 2) {
420
- /* IMASK toggled: don't need to recalculate,
421
+ /*
422
+ * IMASK toggled: don't need to recalculate,
423
* just set the interrupt line based on ISTATUS
424
*/
425
int irqstate = (oldval & 4) && !(value & 2);
426
@@ -XXX,XX +XXX,XX @@ static void arm_gt_cntfrq_reset(CPUARMState *env, const ARMCPRegInfo *opaque)
427
}
428
429
static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
430
- /* Note that CNTFRQ is purely reads-as-written for the benefit
431
+ /*
432
+ * Note that CNTFRQ is purely reads-as-written for the benefit
433
* of software; writing it doesn't actually change the timer frequency.
434
* Our reset value matches the fixed frequency we implement the timer at.
435
*/
436
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo generic_timer_cp_reginfo[] = {
437
.readfn = gt_virt_redir_cval_read, .raw_readfn = raw_read,
438
.writefn = gt_virt_redir_cval_write, .raw_writefn = raw_write,
439
},
440
- /* Secure timer -- this is actually restricted to only EL3
441
+ /*
442
+ * Secure timer -- this is actually restricted to only EL3
443
* and configurably Secure-EL1 via the accessfn.
444
*/
445
{ .name = "CNTPS_TVAL_EL1", .state = ARM_CP_STATE_AA64,
446
@@ -XXX,XX +XXX,XX @@ static CPAccessResult e2h_access(CPUARMState *env, const ARMCPRegInfo *ri,
447
448
#else
73
#else
449
74
g_assert_not_reached();
450
-/* In user-mode most of the generic timer registers are inaccessible
75
#endif
451
+/*
76
@@ -XXX,XX +XXX,XX @@ static uint32_t arm_ldl_ptw(CPUARMState *env, S1Translate *ptw,
452
+ * In user-mode most of the generic timer registers are inaccessible
453
* however modern kernels (4.12+) allow access to cntvct_el0
454
*/
455
456
@@ -XXX,XX +XXX,XX @@ static uint64_t gt_virt_cnt_read(CPUARMState *env, const ARMCPRegInfo *ri)
457
{
458
ARMCPU *cpu = env_archcpu(env);
459
460
- /* Currently we have no support for QEMUTimer in linux-user so we
461
+ /*
462
+ * Currently we have no support for QEMUTimer in linux-user so we
463
* can't call gt_get_countervalue(env), instead we directly
464
* call the lower level functions.
465
*/
466
@@ -XXX,XX +XXX,XX @@ static CPAccessResult ats_access(CPUARMState *env, const ARMCPRegInfo *ri,
467
bool isread)
468
{
469
if (ri->opc2 & 4) {
470
- /* The ATS12NSO* operations must trap to EL3 or EL2 if executed in
471
+ /*
472
+ * The ATS12NSO* operations must trap to EL3 or EL2 if executed in
473
* Secure EL1 (which can only happen if EL3 is AArch64).
474
* They are simply UNDEF if executed from NS EL1.
475
* They function normally from EL2 or EL3.
476
@@ -XXX,XX +XXX,XX @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
477
}
478
}
77
}
479
} else {
78
} else {
480
- /* fsr is a DFSR/IFSR value for the short descriptor
79
/* Page tables are in MMIO. */
80
- MemTxAttrs attrs = { .secure = ptw->out_secure };
81
+ MemTxAttrs attrs = {
82
+ .secure = ptw->out_secure,
83
+ .space = ptw->out_space,
84
+ };
85
AddressSpace *as = arm_addressspace(cs, attrs);
86
MemTxResult result = MEMTX_OK;
87
88
@@ -XXX,XX +XXX,XX @@ static uint64_t arm_ldq_ptw(CPUARMState *env, S1Translate *ptw,
89
#endif
90
} else {
91
/* Page tables are in MMIO. */
92
- MemTxAttrs attrs = { .secure = ptw->out_secure };
93
+ MemTxAttrs attrs = {
94
+ .secure = ptw->out_secure,
95
+ .space = ptw->out_space,
96
+ };
97
AddressSpace *as = arm_addressspace(cs, attrs);
98
MemTxResult result = MEMTX_OK;
99
100
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_v6(CPUARMState *env, S1Translate *ptw,
101
* regime, because the attribute will already be non-secure.
102
*/
103
result->f.attrs.secure = false;
104
+ result->f.attrs.space = ARMSS_NonSecure;
105
}
106
result->f.phys_addr = phys_addr;
107
return false;
108
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
109
* regime, because the attribute will already be non-secure.
110
*/
111
result->f.attrs.secure = false;
112
+ result->f.attrs.space = ARMSS_NonSecure;
113
}
114
115
if (regime_is_stage2(mmu_idx)) {
116
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
117
*/
118
if (sattrs.ns) {
119
result->f.attrs.secure = false;
120
+ result->f.attrs.space = ARMSS_NonSecure;
121
} else if (!secure) {
122
/*
123
* NS access to S memory must fault.
124
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
125
bool is_secure = ptw->in_secure;
126
bool ret, ipa_secure;
127
ARMCacheAttrs cacheattrs1;
128
+ ARMSecuritySpace ipa_space;
129
bool is_el0;
130
uint64_t hcr;
131
132
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
133
134
ipa = result->f.phys_addr;
135
ipa_secure = result->f.attrs.secure;
136
+ ipa_space = result->f.attrs.space;
137
138
is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
139
ptw->in_mmu_idx = ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
140
ptw->in_secure = ipa_secure;
141
+ ptw->in_space = ipa_space;
142
ptw->in_ptw_idx = ptw_idx_for_stage_2(env, ptw->in_mmu_idx);
143
144
/*
145
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
146
ARMMMUIdx s1_mmu_idx;
147
148
/*
149
- * The page table entries may downgrade secure to non-secure, but
150
- * cannot upgrade an non-secure translation regime's attributes
151
- * to secure.
152
+ * The page table entries may downgrade Secure to NonSecure, but
153
+ * cannot upgrade a NonSecure translation regime's attributes
154
+ * to Secure or Realm.
155
*/
156
result->f.attrs.secure = is_secure;
157
+ result->f.attrs.space = ptw->in_space;
158
159
switch (mmu_idx) {
160
case ARMMMUIdx_Phys_S:
161
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
162
163
default:
164
/* Single stage uses physical for ptw. */
165
- ptw->in_ptw_idx = is_secure ? ARMMMUIdx_Phys_S : ARMMMUIdx_Phys_NS;
166
+ ptw->in_ptw_idx = arm_space_to_phys(ptw->in_space);
167
break;
168
}
169
170
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
171
S1Translate ptw = {
172
.in_mmu_idx = mmu_idx,
173
.in_secure = is_secure,
174
+ .in_space = arm_secure_to_space(is_secure),
175
};
176
return get_phys_addr_with_struct(env, &ptw, address, access_type,
177
result, fi);
178
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
179
MMUAccessType access_type, ARMMMUIdx mmu_idx,
180
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
181
{
182
- bool is_secure;
183
+ S1Translate ptw = {
184
+ .in_mmu_idx = mmu_idx,
185
+ };
186
+ ARMSecuritySpace ss;
187
188
switch (mmu_idx) {
189
case ARMMMUIdx_E10_0:
190
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
191
case ARMMMUIdx_Stage1_E1:
192
case ARMMMUIdx_Stage1_E1_PAN:
193
case ARMMMUIdx_E2:
194
- is_secure = arm_is_secure_below_el3(env);
195
+ ss = arm_security_space_below_el3(env);
196
break;
197
case ARMMMUIdx_Stage2:
481
+ /*
198
+ /*
482
+ * fsr is a DFSR/IFSR value for the short descriptor
199
+ * For Secure EL2, we need this index to be NonSecure;
483
* translation table format (with WnR always clear).
200
+ * otherwise this will already be NonSecure or Realm.
484
* Convert it to a 32-bit PAR.
201
+ */
485
*/
202
+ ss = arm_security_space_below_el3(env);
486
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo pmsav8r_cp_reginfo[] = {
203
+ if (ss == ARMSS_Secure) {
487
};
204
+ ss = ARMSS_NonSecure;
488
205
+ }
489
static const ARMCPRegInfo pmsav7_cp_reginfo[] = {
206
+ break;
490
- /* Reset for all these registers is handled in arm_cpu_reset(),
207
case ARMMMUIdx_Phys_NS:
491
+ /*
208
case ARMMMUIdx_MPrivNegPri:
492
+ * Reset for all these registers is handled in arm_cpu_reset(),
209
case ARMMMUIdx_MUserNegPri:
493
* because the PMSAv7 is also used by M-profile CPUs, which do
210
case ARMMMUIdx_MPriv:
494
* not register cpregs but still need the state to be reset.
211
case ARMMMUIdx_MUser:
495
*/
212
- is_secure = false;
496
@@ -XXX,XX +XXX,XX @@ static void vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
213
+ ss = ARMSS_NonSecure;
497
}
214
break;
498
215
- case ARMMMUIdx_E3:
499
if (arm_feature(env, ARM_FEATURE_LPAE)) {
216
case ARMMMUIdx_Stage2_S:
500
- /* With LPAE the TTBCR could result in a change of ASID
217
case ARMMMUIdx_Phys_S:
501
+ /*
218
case ARMMMUIdx_MSPrivNegPri:
502
+ * With LPAE the TTBCR could result in a change of ASID
219
case ARMMMUIdx_MSUserNegPri:
503
* via the TTBCR.A1 bit, so do a TLB flush.
220
case ARMMMUIdx_MSPriv:
504
*/
221
case ARMMMUIdx_MSUser:
505
tlb_flush(CPU(cpu));
222
- is_secure = true;
506
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
223
+ ss = ARMSS_Secure;
507
offsetoflow32(CPUARMState, cp15.tcr_el[1])} },
224
+ break;
508
};
225
+ case ARMMMUIdx_E3:
509
226
+ if (arm_feature(env, ARM_FEATURE_AARCH64) &&
510
-/* Note that unlike TTBCR, writing to TTBCR2 does not require flushing
227
+ cpu_isar_feature(aa64_rme, env_archcpu(env))) {
511
+/*
228
+ ss = ARMSS_Root;
512
+ * Note that unlike TTBCR, writing to TTBCR2 does not require flushing
229
+ } else {
513
* qemu tlbs nor adjusting cached masks.
230
+ ss = ARMSS_Secure;
514
*/
231
+ }
515
static const ARMCPRegInfo ttbcr2_reginfo = {
232
+ break;
516
@@ -XXX,XX +XXX,XX @@ static void omap_wfi_write(CPUARMState *env, const ARMCPRegInfo *ri,
233
+ case ARMMMUIdx_Phys_Root:
517
static void omap_cachemaint_write(CPUARMState *env, const ARMCPRegInfo *ri,
234
+ ss = ARMSS_Root;
518
uint64_t value)
235
+ break;
519
{
236
+ case ARMMMUIdx_Phys_Realm:
520
- /* On OMAP there are registers indicating the max/min index of dcache lines
237
+ ss = ARMSS_Realm;
521
+ /*
238
break;
522
+ * On OMAP there are registers indicating the max/min index of dcache lines
523
* containing a dirty line; cache flush operations have to reset these.
524
*/
525
env->cp15.c15_i_max = 0x000;
526
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo omap_cp_reginfo[] = {
527
.crm = 8, .opc1 = 0, .opc2 = 0, .access = PL1_RW,
528
.type = ARM_CP_NO_RAW,
529
.readfn = arm_cp_read_zero, .writefn = omap_wfi_write, },
530
- /* TODO: Peripheral port remap register:
531
+ /*
532
+ * TODO: Peripheral port remap register:
533
* On OMAP2 mcr p15, 0, rn, c15, c2, 4 sets up the interrupt controller
534
* base address at $rn & ~0xfff and map size of 0x200 << ($rn & 0xfff),
535
* when MMU is off.
536
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo xscale_cp_reginfo[] = {
537
.cp = 15, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 1, .access = PL1_RW,
538
.fieldoffset = offsetof(CPUARMState, cp15.c1_xscaleauxcr),
539
.resetvalue = 0, },
540
- /* XScale specific cache-lockdown: since we have no cache we NOP these
541
+ /*
542
+ * XScale specific cache-lockdown: since we have no cache we NOP these
543
* and hope the guest does not really rely on cache behaviour.
544
*/
545
{ .name = "XSCALE_LOCK_ICACHE_LINE",
546
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo xscale_cp_reginfo[] = {
547
};
548
549
static const ARMCPRegInfo dummy_c15_cp_reginfo[] = {
550
- /* RAZ/WI the whole crn=15 space, when we don't have a more specific
551
+ /*
552
+ * RAZ/WI the whole crn=15 space, when we don't have a more specific
553
* implementation of this implementation-defined space.
554
* Ideally this should eventually disappear in favour of actually
555
* implementing the correct behaviour for all cores.
556
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo cache_block_ops_cp_reginfo[] = {
557
};
558
559
static const ARMCPRegInfo cache_test_clean_cp_reginfo[] = {
560
- /* The cache test-and-clean instructions always return (1 << 30)
561
+ /*
562
+ * The cache test-and-clean instructions always return (1 << 30)
563
* to indicate that there are no dirty cache lines.
564
*/
565
{ .name = "TC_DCACHE", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 3,
566
@@ -XXX,XX +XXX,XX @@ static uint64_t mpidr_read_val(CPUARMState *env)
567
568
if (arm_feature(env, ARM_FEATURE_V7MP)) {
569
mpidr |= (1U << 31);
570
- /* Cores which are uniprocessor (non-coherent)
571
+ /*
572
+ * Cores which are uniprocessor (non-coherent)
573
* but still implement the MP extensions set
574
* bit 30. (For instance, Cortex-R5).
575
*/
576
@@ -XXX,XX +XXX,XX @@ static CPAccessResult access_tocu(CPUARMState *env, const ARMCPRegInfo *ri,
577
return do_cacheop_pou_access(env, HCR_TOCU | HCR_TPU);
578
}
579
580
-/* See: D4.7.2 TLB maintenance requirements and the TLB maintenance instructions
581
+/*
582
+ * See: D4.7.2 TLB maintenance requirements and the TLB maintenance instructions
583
* Page D4-1736 (DDI0487A.b)
584
*/
585
586
@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_alle3is_write(CPUARMState *env, const ARMCPRegInfo *ri,
587
static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri,
588
uint64_t value)
589
{
590
- /* Invalidate by VA, EL2
591
+ /*
592
+ * Invalidate by VA, EL2
593
* Currently handles both VAE2 and VALE2, since we don't support
594
* flush-last-level-only.
595
*/
596
@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_vae2_write(CPUARMState *env, const ARMCPRegInfo *ri,
597
static void tlbi_aa64_vae3_write(CPUARMState *env, const ARMCPRegInfo *ri,
598
uint64_t value)
599
{
600
- /* Invalidate by VA, EL3
601
+ /*
602
+ * Invalidate by VA, EL3
603
* Currently handles both VAE3 and VALE3, since we don't support
604
* flush-last-level-only.
605
*/
606
@@ -XXX,XX +XXX,XX @@ static void tlbi_aa64_vae1is_write(CPUARMState *env, const ARMCPRegInfo *ri,
607
static void tlbi_aa64_vae1_write(CPUARMState *env, const ARMCPRegInfo *ri,
608
uint64_t value)
609
{
610
- /* Invalidate by VA, EL1&0 (AArch64 version).
611
+ /*
612
+ * Invalidate by VA, EL1&0 (AArch64 version).
613
* Currently handles all of VAE1, VAAE1, VAALE1 and VALE1,
614
* since we don't support flush-for-specific-ASID-only or
615
* flush-last-level-only.
616
@@ -XXX,XX +XXX,XX @@ static CPAccessResult sp_el0_access(CPUARMState *env, const ARMCPRegInfo *ri,
617
bool isread)
618
{
619
if (!(env->pstate & PSTATE_SP)) {
620
- /* Access to SP_EL0 is undefined if it's being used as
621
+ /*
622
+ * Access to SP_EL0 is undefined if it's being used as
623
* the stack pointer.
624
*/
625
return CP_ACCESS_TRAP_UNCATEGORIZED;
626
@@ -XXX,XX +XXX,XX @@ static void sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
627
}
628
629
if (raw_read(env, ri) == value) {
630
- /* Skip the TLB flush if nothing actually changed; Linux likes
631
+ /*
632
+ * Skip the TLB flush if nothing actually changed; Linux likes
633
* to do a lot of pointless SCTLR writes.
634
*/
635
return;
636
@@ -XXX,XX +XXX,XX @@ static void mdcr_el2_write(CPUARMState *env, const ARMCPRegInfo *ri,
637
}
638
639
static const ARMCPRegInfo v8_cp_reginfo[] = {
640
- /* Minimal set of EL0-visible registers. This will need to be expanded
641
+ /*
642
+ * Minimal set of EL0-visible registers. This will need to be expanded
643
* significantly for system emulation of AArch64 CPUs.
644
*/
645
{ .name = "NZCV", .state = ARM_CP_STATE_AA64,
646
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
647
.opc0 = 3, .opc1 = 0, .crn = 4, .crm = 0, .opc2 = 0,
648
.access = PL1_RW,
649
.fieldoffset = offsetof(CPUARMState, banked_spsr[BANK_SVC]) },
650
- /* We rely on the access checks not allowing the guest to write to the
651
+ /*
652
+ * We rely on the access checks not allowing the guest to write to the
653
* state field when SPSel indicates that it's being used as the stack
654
* pointer.
655
*/
656
@@ -XXX,XX +XXX,XX @@ static void do_hcr_write(CPUARMState *env, uint64_t value, uint64_t valid_mask)
657
if (arm_feature(env, ARM_FEATURE_EL3)) {
658
valid_mask &= ~HCR_HCD;
659
} else if (cpu->psci_conduit != QEMU_PSCI_CONDUIT_SMC) {
660
- /* Architecturally HCR.TSC is RES0 if EL3 is not implemented.
661
+ /*
662
+ * Architecturally HCR.TSC is RES0 if EL3 is not implemented.
663
* However, if we're using the SMC PSCI conduit then QEMU is
664
* effectively acting like EL3 firmware and so the guest at
665
* EL2 should retain the ability to prevent EL1 from being
666
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
667
.access = PL2_W, .type = ARM_CP_NO_RAW | ARM_CP_EL3_NO_EL2_UNDEF,
668
.writefn = tlbi_aa64_vae2is_write },
669
#ifndef CONFIG_USER_ONLY
670
- /* Unlike the other EL2-related AT operations, these must
671
+ /*
672
+ * Unlike the other EL2-related AT operations, these must
673
* UNDEF from EL3 if EL2 is not implemented, which is why we
674
* define them here rather than with the rest of the AT ops.
675
*/
676
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
677
.access = PL2_W, .accessfn = at_s1e2_access,
678
.type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC | ARM_CP_EL3_NO_EL2_UNDEF,
679
.writefn = ats_write64 },
680
- /* The AArch32 ATS1H* operations are CONSTRAINED UNPREDICTABLE
681
+ /*
682
+ * The AArch32 ATS1H* operations are CONSTRAINED UNPREDICTABLE
683
* if EL2 is not implemented; we choose to UNDEF. Behaviour at EL3
684
* with SCR.NS == 0 outside Monitor mode is UNPREDICTABLE; we choose
685
* to behave as if SCR.NS was 1.
686
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
687
.writefn = ats1h_write, .type = ARM_CP_NO_RAW | ARM_CP_RAISES_EXC },
688
{ .name = "CNTHCTL_EL2", .state = ARM_CP_STATE_BOTH,
689
.opc0 = 3, .opc1 = 4, .crn = 14, .crm = 1, .opc2 = 0,
690
- /* ARMv7 requires bit 0 and 1 to reset to 1. ARMv8 defines the
691
+ /*
692
+ * ARMv7 requires bit 0 and 1 to reset to 1. ARMv8 defines the
693
* reset values as IMPDEF. We choose to reset to 3 to comply with
694
* both ARMv7 and ARMv8.
695
*/
696
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_sec_cp_reginfo[] = {
697
static CPAccessResult nsacr_access(CPUARMState *env, const ARMCPRegInfo *ri,
698
bool isread)
699
{
700
- /* The NSACR is RW at EL3, and RO for NS EL1 and NS EL2.
701
+ /*
702
+ * The NSACR is RW at EL3, and RO for NS EL1 and NS EL2.
703
* At Secure EL1 it traps to EL3 or EL2.
704
*/
705
if (arm_current_el(env) == 3) {
706
@@ -XXX,XX +XXX,XX @@ static void define_pmu_regs(ARMCPU *cpu)
707
}
708
}
709
710
-/* We don't know until after realize whether there's a GICv3
711
+/*
712
+ * We don't know until after realize whether there's a GICv3
713
* attached, and that is what registers the gicv3 sysregs.
714
* So we have to fill in the GIC fields in ID_PFR/ID_PFR1_EL1/ID_AA64PFR0_EL1
715
* at runtime.
716
@@ -XXX,XX +XXX,XX @@ static uint64_t id_aa64pfr0_read(CPUARMState *env, const ARMCPRegInfo *ri)
717
}
718
#endif
719
720
-/* Shared logic between LORID and the rest of the LOR* registers.
721
+/*
722
+ * Shared logic between LORID and the rest of the LOR* registers.
723
* Secure state exclusion has already been dealt with.
724
*/
725
static CPAccessResult access_lor_ns(CPUARMState *env,
726
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
727
728
define_arm_cp_regs(cpu, cp_reginfo);
729
if (!arm_feature(env, ARM_FEATURE_V8)) {
730
- /* Must go early as it is full of wildcards that may be
731
+ /*
732
+ * Must go early as it is full of wildcards that may be
733
* overridden by later definitions.
734
*/
735
define_arm_cp_regs(cpu, not_v8_cp_reginfo);
736
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
737
.access = PL1_R, .type = ARM_CP_CONST,
738
.accessfn = access_aa32_tid3,
739
.resetvalue = cpu->isar.id_pfr0 },
740
- /* ID_PFR1 is not a plain ARM_CP_CONST because we don't know
741
+ /*
742
+ * ID_PFR1 is not a plain ARM_CP_CONST because we don't know
743
* the value of the GIC field until after we define these regs.
744
*/
745
{ .name = "ID_PFR1", .state = ARM_CP_STATE_BOTH,
746
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
747
748
define_arm_cp_regs(cpu, el3_regs);
749
}
750
- /* The behaviour of NSACR is sufficiently various that we don't
751
+ /*
752
+ * The behaviour of NSACR is sufficiently various that we don't
753
* try to describe it in a single reginfo:
754
* if EL3 is 64 bit, then trap to EL3 from S EL1,
755
* reads as constant 0xc00 from NS EL1 and NS EL2
756
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
757
if (cpu_isar_feature(aa32_jazelle, cpu)) {
758
define_arm_cp_regs(cpu, jazelle_regs);
759
}
760
- /* Slightly awkwardly, the OMAP and StrongARM cores need all of
761
+ /*
762
+ * Slightly awkwardly, the OMAP and StrongARM cores need all of
763
* cp15 crn=0 to be writes-ignored, whereas for other cores they should
764
* be read-only (ie write causes UNDEF exception).
765
*/
766
{
767
ARMCPRegInfo id_pre_v8_midr_cp_reginfo[] = {
768
- /* Pre-v8 MIDR space.
769
+ /*
770
+ * Pre-v8 MIDR space.
771
* Note that the MIDR isn't a simple constant register because
772
* of the TI925 behaviour where writes to another register can
773
* cause the MIDR value to change.
774
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
775
if (arm_feature(env, ARM_FEATURE_OMAPCP) ||
776
arm_feature(env, ARM_FEATURE_STRONGARM)) {
777
size_t i;
778
- /* Register the blanket "writes ignored" value first to cover the
779
+ /*
780
+ * Register the blanket "writes ignored" value first to cover the
781
* whole space. Then update the specific ID registers to allow write
782
* access, so that they ignore writes rather than causing them to
783
* UNDEF.
784
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
785
.raw_writefn = raw_write,
786
};
787
if (arm_feature(env, ARM_FEATURE_XSCALE)) {
788
- /* Normally we would always end the TB on an SCTLR write, but Linux
789
+ /*
790
+ * Normally we would always end the TB on an SCTLR write, but Linux
791
* arch/arm/mach-pxa/sleep.S expects two instructions following
792
* an MMU enable to execute from cache. Imitate this behaviour.
793
*/
794
@@ -XXX,XX +XXX,XX @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r,
795
void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
796
const ARMCPRegInfo *r, void *opaque)
797
{
798
- /* Define implementations of coprocessor registers.
799
+ /*
800
+ * Define implementations of coprocessor registers.
801
* We store these in a hashtable because typically
802
* there are less than 150 registers in a space which
803
* is 16*16*16*8*8 = 262144 in size.
804
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
805
default:
239
default:
806
g_assert_not_reached();
240
g_assert_not_reached();
807
}
241
}
808
- /* The AArch64 pseudocode CheckSystemAccess() specifies that op1
242
- return get_phys_addr_with_secure(env, address, access_type, mmu_idx,
809
+ /*
243
- is_secure, result, fi);
810
+ * The AArch64 pseudocode CheckSystemAccess() specifies that op1
244
+
811
* encodes a minimum access level for the register. We roll this
245
+ ptw.in_space = ss;
812
* runtime check into our general permission check code, so check
246
+ ptw.in_secure = arm_space_is_secure(ss);
813
* here that the reginfo's specified permissions are strict enough
247
+ return get_phys_addr_with_struct(env, &ptw, address, access_type,
814
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
248
+ result, fi);
815
assert((r->access & ~mask) == 0);
249
}
816
}
250
817
251
hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
818
- /* Check that the register definition has enough info to handle
252
@@ -XXX,XX +XXX,XX @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
819
+ /*
820
+ * Check that the register definition has enough info to handle
821
* reads and writes if they are permitted.
822
*/
823
if (!(r->type & (ARM_CP_SPECIAL_MASK | ARM_CP_CONST))) {
824
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
825
continue;
826
}
827
if (state == ARM_CP_STATE_AA32) {
828
- /* Under AArch32 CP registers can be common
829
+ /*
830
+ * Under AArch32 CP registers can be common
831
* (same for secure and non-secure world) or banked.
832
*/
833
char *name;
834
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
835
g_assert_not_reached();
836
}
837
} else {
838
- /* AArch64 registers get mapped to non-secure instance
839
- * of AArch32 */
840
+ /*
841
+ * AArch64 registers get mapped to non-secure instance
842
+ * of AArch32
843
+ */
844
add_cpreg_to_hashtable(cpu, r, opaque, state,
845
ARM_CP_SECSTATE_NS,
846
crm, opc1, opc2, r->name);
847
@@ -XXX,XX +XXX,XX @@ void arm_cp_reset_ignore(CPUARMState *env, const ARMCPRegInfo *opaque)
848
849
static int bad_mode_switch(CPUARMState *env, int mode, CPSRWriteType write_type)
850
{
253
{
851
- /* Return true if it is not valid for us to switch to
254
ARMCPU *cpu = ARM_CPU(cs);
852
+ /*
255
CPUARMState *env = &cpu->env;
853
+ * Return true if it is not valid for us to switch to
256
+ ARMMMUIdx mmu_idx = arm_mmu_idx(env);
854
* this CPU mode (ie all the UNPREDICTABLE cases in
257
+ ARMSecuritySpace ss = arm_security_space(env);
855
* the ARM ARM CPSRWriteByInstr pseudocode).
258
S1Translate ptw = {
856
*/
259
- .in_mmu_idx = arm_mmu_idx(env),
857
@@ -XXX,XX +XXX,XX @@ static int bad_mode_switch(CPUARMState *env, int mode, CPSRWriteType write_type)
260
- .in_secure = arm_is_secure(env),
858
case ARM_CPU_MODE_UND:
261
+ .in_mmu_idx = mmu_idx,
859
case ARM_CPU_MODE_IRQ:
262
+ .in_space = ss,
860
case ARM_CPU_MODE_FIQ:
263
+ .in_secure = arm_space_is_secure(ss),
861
- /* Note that we don't implement the IMPDEF NSACR.RFR which in v7
264
.in_debug = true,
862
+ /*
863
+ * Note that we don't implement the IMPDEF NSACR.RFR which in v7
864
* allows FIQ mode to be Secure-only. (In v8 this doesn't exist.)
865
*/
866
- /* If HCR.TGE is set then changes from Monitor to NS PL1 via MSR
867
+ /*
868
+ * If HCR.TGE is set then changes from Monitor to NS PL1 via MSR
869
* and CPS are treated as illegal mode changes.
870
*/
871
if (write_type == CPSRWriteByInstr &&
872
@@ -XXX,XX +XXX,XX @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask,
873
env->GE = (val >> 16) & 0xf;
874
}
875
876
- /* In a V7 implementation that includes the security extensions but does
877
+ /*
878
+ * In a V7 implementation that includes the security extensions but does
879
* not include Virtualization Extensions the SCR.FW and SCR.AW bits control
880
* whether non-secure software is allowed to change the CPSR_F and CPSR_A
881
* bits respectively.
882
@@ -XXX,XX +XXX,XX @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask,
883
changed_daif = (env->daif ^ val) & mask;
884
885
if (changed_daif & CPSR_A) {
886
- /* Check to see if we are allowed to change the masking of async
887
+ /*
888
+ * Check to see if we are allowed to change the masking of async
889
* abort exceptions from a non-secure state.
890
*/
891
if (!(env->cp15.scr_el3 & SCR_AW)) {
892
@@ -XXX,XX +XXX,XX @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask,
893
}
894
895
if (changed_daif & CPSR_F) {
896
- /* Check to see if we are allowed to change the masking of FIQ
897
+ /*
898
+ * Check to see if we are allowed to change the masking of FIQ
899
* exceptions from a non-secure state.
900
*/
901
if (!(env->cp15.scr_el3 & SCR_FW)) {
902
@@ -XXX,XX +XXX,XX @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask,
903
mask &= ~CPSR_F;
904
}
905
906
- /* Check whether non-maskable FIQ (NMFI) support is enabled.
907
+ /*
908
+ * Check whether non-maskable FIQ (NMFI) support is enabled.
909
* If this bit is set software is not allowed to mask
910
* FIQs, but is allowed to set CPSR_F to 0.
911
*/
912
@@ -XXX,XX +XXX,XX @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask,
913
if (write_type != CPSRWriteRaw &&
914
((env->uncached_cpsr ^ val) & mask & CPSR_M)) {
915
if ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_USR) {
916
- /* Note that we can only get here in USR mode if this is a
917
+ /*
918
+ * Note that we can only get here in USR mode if this is a
919
* gdb stub write; for this case we follow the architectural
920
* behaviour for guest writes in USR mode of ignoring an attempt
921
* to switch mode. (Those are caught by translate.c for writes
922
@@ -XXX,XX +XXX,XX @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask,
923
*/
924
mask &= ~CPSR_M;
925
} else if (bad_mode_switch(env, val & CPSR_M, write_type)) {
926
- /* Attempt to switch to an invalid mode: this is UNPREDICTABLE in
927
+ /*
928
+ * Attempt to switch to an invalid mode: this is UNPREDICTABLE in
929
* v7, and has defined behaviour in v8:
930
* + leave CPSR.M untouched
931
* + allow changes to the other CPSR fields
932
@@ -XXX,XX +XXX,XX @@ static void switch_mode(CPUARMState *env, int mode)
933
env->regs[14] = env->banked_r14[r14_bank_number(mode)];
934
}
935
936
-/* Physical Interrupt Target EL Lookup Table
937
+/*
938
+ * Physical Interrupt Target EL Lookup Table
939
*
940
* [ From ARM ARM section G1.13.4 (Table G1-15) ]
941
*
942
@@ -XXX,XX +XXX,XX @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
943
if (arm_feature(env, ARM_FEATURE_EL3)) {
944
rw = ((env->cp15.scr_el3 & SCR_RW) == SCR_RW);
945
} else {
946
- /* Either EL2 is the highest EL (and so the EL2 register width
947
+ /*
948
+ * Either EL2 is the highest EL (and so the EL2 register width
949
* is given by is64); or there is no EL2 or EL3, in which case
950
* the value of 'rw' does not affect the table lookup anyway.
951
*/
952
@@ -XXX,XX +XXX,XX @@ void aarch64_sync_64_to_32(CPUARMState *env)
953
env->banked_r13[bank_number(ARM_CPU_MODE_UND)] = env->xregs[23];
954
}
955
956
- /* Registers x24-x30 are mapped to r8-r14 in FIQ mode. If we are in FIQ
957
+ /*
958
+ * Registers x24-x30 are mapped to r8-r14 in FIQ mode. If we are in FIQ
959
* mode, then we can copy to r8-r14. Otherwise, we copy to the
960
* FIQ bank for r8-r14.
961
*/
962
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs)
963
/* High vectors. When enabled, base address cannot be remapped. */
964
addr += 0xffff0000;
965
} else {
966
- /* ARM v7 architectures provide a vector base address register to remap
967
+ /*
968
+ * ARM v7 architectures provide a vector base address register to remap
969
* the interrupt vector table.
970
* This register is only followed in non-monitor mode, and is banked.
971
* Note: only bits 31:5 are valid.
972
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
973
aarch64_sve_change_el(env, cur_el, new_el, is_a64(env));
974
975
if (cur_el < new_el) {
976
- /* Entry vector offset depends on whether the implemented EL
977
+ /*
978
+ * Entry vector offset depends on whether the implemented EL
979
* immediately lower than the target level is using AArch32 or AArch64
980
*/
981
bool is_aa64;
982
@@ -XXX,XX +XXX,XX @@ static void handle_semihosting(CPUState *cs)
983
}
984
#endif
985
986
-/* Handle a CPU exception for A and R profile CPUs.
987
+/*
988
+ * Handle a CPU exception for A and R profile CPUs.
989
* Do any appropriate logging, handle PSCI calls, and then hand off
990
* to the AArch64-entry or AArch32-entry function depending on the
991
* target exception level's register width.
992
@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_interrupt(CPUState *cs)
993
}
994
#endif
995
996
- /* Hooks may change global state so BQL should be held, also the
997
+ /*
998
+ * Hooks may change global state so BQL should be held, also the
999
* BQL needs to be held for any modification of
1000
* cs->interrupt_request.
1001
*/
1002
@@ -XXX,XX +XXX,XX @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
1003
};
265
};
1004
}
266
GetPhysAddrResult res = {};
1005
1006
-/* Note that signed overflow is undefined in C. The following routines are
1007
- careful to use unsigned types where modulo arithmetic is required.
1008
- Failure to do so _will_ break on newer gcc. */
1009
+/*
1010
+ * Note that signed overflow is undefined in C. The following routines are
1011
+ * careful to use unsigned types where modulo arithmetic is required.
1012
+ * Failure to do so _will_ break on newer gcc.
1013
+ */
1014
1015
/* Signed saturating arithmetic. */
1016
1017
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(sel_flags)(uint32_t flags, uint32_t a, uint32_t b)
1018
return (a & mask) | (b & ~mask);
1019
}
1020
1021
-/* CRC helpers.
1022
+/*
1023
+ * CRC helpers.
1024
* The upper bytes of val (above the number specified by 'bytes') must have
1025
* been zeroed out by the caller.
1026
*/
1027
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(crc32c)(uint32_t acc, uint32_t val, uint32_t bytes)
1028
return crc32c(acc, buf, bytes) ^ 0xffffffff;
1029
}
1030
1031
-/* Return the exception level to which FP-disabled exceptions should
1032
+/*
1033
+ * Return the exception level to which FP-disabled exceptions should
1034
* be taken, or 0 if FP is enabled.
1035
*/
1036
int fp_exception_el(CPUARMState *env, int cur_el)
1037
@@ -XXX,XX +XXX,XX @@ int fp_exception_el(CPUARMState *env, int cur_el)
1038
#ifndef CONFIG_USER_ONLY
1039
uint64_t hcr_el2;
1040
1041
- /* CPACR and the CPTR registers don't exist before v6, so FP is
1042
+ /*
1043
+ * CPACR and the CPTR registers don't exist before v6, so FP is
1044
* always accessible
1045
*/
1046
if (!arm_feature(env, ARM_FEATURE_V6)) {
1047
@@ -XXX,XX +XXX,XX @@ int fp_exception_el(CPUARMState *env, int cur_el)
1048
1049
hcr_el2 = arm_hcr_el2_eff(env);
1050
1051
- /* The CPACR controls traps to EL1, or PL1 if we're 32 bit:
1052
+ /*
1053
+ * The CPACR controls traps to EL1, or PL1 if we're 32 bit:
1054
* 0, 2 : trap EL0 and EL1/PL1 accesses
1055
* 1 : trap only EL0 accesses
1056
* 3 : trap no accesses
1057
--
267
--
1058
2.25.1
268
2.34.1
diff view generated by jsdifflib
1
From: Axel Heider <axel.heider@hensoldt.net>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
- fix #1263 for CR writes
3
Test in_space instead of in_secure so that we don't
4
- rework compare time handling
4
switch out of Root space.
5
- The compare timer has to run even if CR.OCIEN is not set,
6
as SR.OCIF must be updated.
7
- The compare timer fires exactly once when the
8
compare value is less than the current value, but the
9
reload values is less than the compare value.
10
- The compare timer will never fire if the reload value is
11
less than the compare value. Disable it in this case.
12
5
13
Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
14
[PMM: fixed minor style nits]
15
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20230620124418.805717-12-richard.henderson@linaro.org
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
17
---
10
---
18
hw/timer/imx_epit.c | 192 ++++++++++++++++++++++++++------------------
11
target/arm/ptw.c | 28 ++++++++++++++--------------
19
1 file changed, 116 insertions(+), 76 deletions(-)
12
1 file changed, 14 insertions(+), 14 deletions(-)
20
13
21
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
14
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
22
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
23
--- a/hw/timer/imx_epit.c
16
--- a/target/arm/ptw.c
24
+++ b/hw/timer/imx_epit.c
17
+++ b/target/arm/ptw.c
25
@@ -XXX,XX +XXX,XX @@
18
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
26
* Originally written by Hans Jiang
27
* Updated by Peter Chubb
28
* Updated by Jean-Christophe Dubois <jcd@tribudubois.net>
29
+ * Updated by Axel Heider
30
*
31
* This code is licensed under GPL version 2 or later. See
32
* the COPYING file in the top-level directory.
33
@@ -XXX,XX +XXX,XX @@ static uint64_t imx_epit_read(void *opaque, hwaddr offset, unsigned size)
34
return reg_value;
35
}
36
37
-/* Must be called from ptimer_transaction_begin/commit block for s->timer_cmp */
38
-static void imx_epit_reload_compare_timer(IMXEPITState *s)
39
+/*
40
+ * Must be called from a ptimer_transaction_begin/commit block for
41
+ * s->timer_cmp, but outside of a transaction block of s->timer_reload,
42
+ * so the proper counter value is read.
43
+ */
44
+static void imx_epit_update_compare_timer(IMXEPITState *s)
45
{
19
{
46
- if ((s->cr & (CR_EN | CR_OCIEN)) == (CR_EN | CR_OCIEN)) {
20
ARMCPU *cpu = env_archcpu(env);
47
- /* if the compare feature is on and timers are running */
21
ARMMMUIdx mmu_idx = ptw->in_mmu_idx;
48
- uint32_t tmp = ptimer_get_count(s->timer_reload);
22
- bool is_secure = ptw->in_secure;
49
- uint64_t next;
23
int32_t level;
50
- if (tmp > s->cmp) {
24
ARMVAParameters param;
51
- /* It'll fire in this round of the timer */
25
uint64_t ttbr;
52
- next = tmp - s->cmp;
26
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
53
- } else { /* catch it next time around */
27
uint64_t descaddrmask;
54
- next = tmp - s->cmp + ((s->cr & CR_RLD) ? EPIT_TIMER_MAX : s->lr);
28
bool aarch64 = arm_el_is_aa64(env, el);
55
+ uint64_t counter = 0;
29
uint64_t descriptor, new_descriptor;
56
+ bool is_oneshot = false;
30
- bool nstable;
31
32
/* TODO: This code does not support shareability levels. */
33
if (aarch64) {
34
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
35
descaddrmask = MAKE_64BIT_MASK(0, 40);
36
}
37
descaddrmask &= ~indexmask_grainsize;
38
-
39
- /*
40
- * Secure stage 1 accesses start with the page table in secure memory and
41
- * can be downgraded to non-secure at any step. Non-secure accesses
42
- * remain non-secure. We implement this by just ORing in the NSTable/NS
43
- * bits at each step.
44
- * Stage 2 never gets this kind of downgrade.
45
- */
46
- tableattrs = is_secure ? 0 : (1 << 4);
47
+ tableattrs = 0;
48
49
next_level:
50
descaddr |= (address >> (stride * (4 - level))) & indexmask;
51
descaddr &= ~7ULL;
52
- nstable = !regime_is_stage2(mmu_idx) && extract32(tableattrs, 4, 1);
53
- if (nstable && ptw->in_secure) {
54
+
57
+ /*
55
+ /*
58
+ * The compare timer only has to run if the timer peripheral is active
56
+ * Process the NSTable bit from the previous level. This changes
59
+ * and there is an input clock, Otherwise it can be switched off.
57
+ * the table address space and the output space from Secure to
58
+ * NonSecure. With RME, the EL3 translation regime does not change
59
+ * from Root to NonSecure.
60
+ */
60
+ */
61
+ bool is_active = (s->cr & CR_EN) && imx_epit_get_freq(s);
61
+ if (ptw->in_space == ARMSS_Secure
62
+ if (is_active) {
62
+ && !regime_is_stage2(mmu_idx)
63
+ /*
63
+ && extract32(tableattrs, 4, 1)) {
64
+ * Calculate next timeout for compare timer. Reading the reload
64
/*
65
+ * counter returns proper results only if pending transactions
65
* Stage2_S -> Stage2 or Phys_S -> Phys_NS
66
+ * on it are committed here. Otherwise stale values are be read.
66
* Assert the relative order of the secure/non-secure indexes.
67
+ */
67
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
68
+ counter = ptimer_get_count(s->timer_reload);
68
QEMU_BUILD_BUG_ON(ARMMMUIdx_Stage2_S + 1 != ARMMMUIdx_Stage2);
69
+ uint64_t limit = ptimer_get_limit(s->timer_cmp);
69
ptw->in_ptw_idx += 1;
70
+ /*
70
ptw->in_secure = false;
71
+ * The compare timer is a periodic timer if the limit is at least
71
+ ptw->in_space = ARMSS_NonSecure;
72
+ * the compare value. Otherwise it may fire at most once in the
73
+ * current round.
74
+ */
75
+ bool is_oneshot = (limit >= s->cmp);
76
+ if (counter >= s->cmp) {
77
+ /* The compare timer fires in the current round. */
78
+ counter -= s->cmp;
79
+ } else if (!is_oneshot) {
80
+ /*
81
+ * The compare timer fires after a reload, as it is below the
82
+ * compare value already in this round. Note that the counter
83
+ * value calculated below can be above the 32-bit limit, which
84
+ * is legal here because the compare timer is an internal
85
+ * helper ptimer only.
86
+ */
87
+ counter += limit - s->cmp;
88
+ } else {
89
+ /*
90
+ * The compare timer won't fire in this round, and the limit is
91
+ * set to a value below the compare value. This practically means
92
+ * it will never fire, so it can be switched off.
93
+ */
94
+ is_active = false;
95
}
96
- ptimer_set_count(s->timer_cmp, next);
97
}
72
}
98
+
73
+
99
+ /*
74
if (!S1_ptw_translate(env, ptw, descaddr, fi)) {
100
+ * Set the compare timer and let it run, or stop it. This is agnostic
75
goto do_fault;
101
+ * of CR.OCIEN bit, as this bit affects interrupt generation only. The
102
+ * compare timer needs to run even if no interrupts are to be generated,
103
+ * because the SR.OCIF bit must be updated also.
104
+ * Note that the timer might already be stopped or be running with
105
+ * counter values. However, finding out when an update is needed and
106
+ * when not is not trivial. It's much easier applying the setting again,
107
+ * as this does not harm either and the overhead is negligible.
108
+ */
109
+ if (is_active) {
110
+ ptimer_set_count(s->timer_cmp, counter);
111
+ ptimer_run(s->timer_cmp, is_oneshot ? 1 : 0);
112
+ } else {
113
+ ptimer_stop(s->timer_cmp);
114
+ }
115
+
116
}
117
118
static void imx_epit_write_cr(IMXEPITState *s, uint32_t value)
119
{
120
- uint32_t freq = 0;
121
uint32_t oldcr = s->cr;
122
123
s->cr = value & 0x03ffffff;
124
125
if (s->cr & CR_SWR) {
126
- /* handle the reset */
127
+ /*
128
+ * Reset clears CR.SWR again. It does not touch CR.EN, but the timers
129
+ * are still stopped because the input clock is disabled.
130
+ */
131
imx_epit_reset(s, false);
132
+ } else {
133
+ uint32_t freq;
134
+ uint32_t toggled_cr_bits = oldcr ^ s->cr;
135
+ /* re-initialize the limits if CR.RLD has changed */
136
+ bool set_limit = toggled_cr_bits & CR_RLD;
137
+ /* set the counter if the timer got just enabled and CR.ENMOD is set */
138
+ bool is_switched_on = (toggled_cr_bits & s->cr) & CR_EN;
139
+ bool set_counter = is_switched_on && (s->cr & CR_ENMOD);
140
+
141
+ ptimer_transaction_begin(s->timer_cmp);
142
+ ptimer_transaction_begin(s->timer_reload);
143
+ freq = imx_epit_get_freq(s);
144
+ if (freq) {
145
+ ptimer_set_freq(s->timer_reload, freq);
146
+ ptimer_set_freq(s->timer_cmp, freq);
147
+ }
148
+
149
+ if (set_limit || set_counter) {
150
+ uint64_t limit = (s->cr & CR_RLD) ? s->lr : EPIT_TIMER_MAX;
151
+ ptimer_set_limit(s->timer_reload, limit, set_counter ? 1 : 0);
152
+ if (set_limit) {
153
+ ptimer_set_limit(s->timer_cmp, limit, 0);
154
+ }
155
+ }
156
+ /*
157
+ * If there is an input clock and the peripheral is enabled, then
158
+ * ensure the wall clock timer is ticking. Otherwise stop the timers.
159
+ * The compare timer will be updated later.
160
+ */
161
+ if (freq && (s->cr & CR_EN)) {
162
+ ptimer_run(s->timer_reload, 0);
163
+ } else {
164
+ ptimer_stop(s->timer_reload);
165
+ }
166
+ /* Commit changes to reload timer, so they can propagate. */
167
+ ptimer_transaction_commit(s->timer_reload);
168
+ /* Update compare timer based on the committed reload timer value. */
169
+ imx_epit_update_compare_timer(s);
170
+ ptimer_transaction_commit(s->timer_cmp);
171
}
76
}
172
77
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
173
/*
174
@@ -XXX,XX +XXX,XX @@ static void imx_epit_write_cr(IMXEPITState *s, uint32_t value)
175
* - write to CR.EN or CR.OCIE
176
*/
78
*/
177
imx_epit_update_int(s);
79
attrs = new_descriptor & (MAKE_64BIT_MASK(2, 10) | MAKE_64BIT_MASK(50, 14));
178
-
80
if (!regime_is_stage2(mmu_idx)) {
179
- /*
81
- attrs |= nstable << 5; /* NS */
180
- * TODO: could we 'break' here for reset? following operations appear
82
+ attrs |= !ptw->in_secure << 5; /* NS */
181
- * to duplicate the work imx_epit_reset() already did.
83
if (!param.hpd) {
182
- */
84
attrs |= extract64(tableattrs, 0, 2) << 53; /* XN, PXN */
183
-
85
/*
184
- ptimer_transaction_begin(s->timer_cmp);
185
- ptimer_transaction_begin(s->timer_reload);
186
-
187
- /*
188
- * Update the frequency. In case of a reset the input clock was
189
- * switched off, so this can be skipped.
190
- */
191
- if (!(s->cr & CR_SWR)) {
192
- freq = imx_epit_get_freq(s);
193
- if (freq) {
194
- ptimer_set_freq(s->timer_reload, freq);
195
- ptimer_set_freq(s->timer_cmp, freq);
196
- }
197
- }
198
-
199
- if (freq && (s->cr & CR_EN) && !(oldcr & CR_EN)) {
200
- if (s->cr & CR_ENMOD) {
201
- if (s->cr & CR_RLD) {
202
- ptimer_set_limit(s->timer_reload, s->lr, 1);
203
- ptimer_set_limit(s->timer_cmp, s->lr, 1);
204
- } else {
205
- ptimer_set_limit(s->timer_reload, EPIT_TIMER_MAX, 1);
206
- ptimer_set_limit(s->timer_cmp, EPIT_TIMER_MAX, 1);
207
- }
208
- }
209
-
210
- imx_epit_reload_compare_timer(s);
211
- ptimer_run(s->timer_reload, 0);
212
- if (s->cr & CR_OCIEN) {
213
- ptimer_run(s->timer_cmp, 0);
214
- } else {
215
- ptimer_stop(s->timer_cmp);
216
- }
217
- } else if (!(s->cr & CR_EN)) {
218
- /* stop both timers */
219
- ptimer_stop(s->timer_reload);
220
- ptimer_stop(s->timer_cmp);
221
- } else if (s->cr & CR_OCIEN) {
222
- if (!(oldcr & CR_OCIEN)) {
223
- imx_epit_reload_compare_timer(s);
224
- ptimer_run(s->timer_cmp, 0);
225
- }
226
- } else {
227
- ptimer_stop(s->timer_cmp);
228
- }
229
-
230
- ptimer_transaction_commit(s->timer_cmp);
231
- ptimer_transaction_commit(s->timer_reload);
232
}
233
234
static void imx_epit_write_sr(IMXEPITState *s, uint32_t value)
235
@@ -XXX,XX +XXX,XX @@ static void imx_epit_write_lr(IMXEPITState *s, uint32_t value)
236
/* If IOVW bit is set then set the timer value */
237
ptimer_set_count(s->timer_reload, s->lr);
238
}
239
- /*
240
- * Commit the change to s->timer_reload, so it can propagate. Otherwise
241
- * the timer interrupt may not fire properly. The commit must happen
242
- * before calling imx_epit_reload_compare_timer(), which reads
243
- * s->timer_reload internally again.
244
- */
245
+ /* Commit the changes to s->timer_reload, so they can propagate. */
246
ptimer_transaction_commit(s->timer_reload);
247
- imx_epit_reload_compare_timer(s);
248
+ /* Update the compare timer based on the committed reload timer value. */
249
+ imx_epit_update_compare_timer(s);
250
ptimer_transaction_commit(s->timer_cmp);
251
}
252
253
@@ -XXX,XX +XXX,XX @@ static void imx_epit_write_cmp(IMXEPITState *s, uint32_t value)
254
{
255
s->cmp = value;
256
257
+ /* Update the compare timer based on the committed reload timer value. */
258
ptimer_transaction_begin(s->timer_cmp);
259
- imx_epit_reload_compare_timer(s);
260
+ imx_epit_update_compare_timer(s);
261
ptimer_transaction_commit(s->timer_cmp);
262
}
263
264
@@ -XXX,XX +XXX,XX @@ static void imx_epit_cmp(void *opaque)
265
{
266
IMXEPITState *s = IMX_EPIT(opaque);
267
268
+ /* The cmp ptimer can't be running when the peripheral is disabled */
269
+ assert(s->cr & CR_EN);
270
+
271
DPRINTF("sr was %d\n", s->sr);
272
/* Set interrupt status bit SR.OCIF and update the interrupt state */
273
s->sr |= SR_OCIF;
274
--
86
--
275
2.25.1
87
2.34.1
diff view generated by jsdifflib
1
In get_phys_addr_twostage() we set the lg_page_size of the result to
1
From: Richard Henderson <richard.henderson@linaro.org>
2
the maximum of the stage 1 and stage 2 page sizes. This works for
3
the case where we do want to create a TLB entry, because we know the
4
common TLB code only creates entries of the TARGET_PAGE_SIZE and
5
asking for a size larger than that only means that invalidations
6
invalidate the whole larger area. However, if lg_page_size is
7
smaller than TARGET_PAGE_SIZE this effectively means "don't create a
8
TLB entry"; in this case if either S1 or S2 said "this covers less
9
than a page and can't go in a TLB" then the final result also should
10
be marked that way. Set the resulting page size to 0 if either
11
stage asked for a less-than-a-page entry, and expand the comment
12
to explain what's going on.
13
2
14
This has no effect for VMSA because currently the VMSA lookup always
3
With Realm security state, bit 55 of a block or page descriptor during
15
returns results that cover at least TARGET_PAGE_SIZE; however when we
4
the stage2 walk becomes the NS bit; during the stage1 walk the bit 5
16
add v8R support it will reuse this code path, and for v8R the S1 and
5
NS bit is RES0. With Root security state, bit 11 of the block or page
17
S2 results can be smaller than TARGET_PAGE_SIZE.
6
descriptor during the stage1 walk becomes the NSE bit.
18
7
8
Rather than collecting an NS bit and applying it later, compute the
9
output pa space from the input pa space and unconditionally assign.
10
This means that we no longer need to adjust the output space earlier
11
for the NSTable bit.
12
13
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
14
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
15
Message-id: 20230620124418.805717-13-richard.henderson@linaro.org
19
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
16
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
20
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
21
Message-id: 20221212142708.610090-1-peter.maydell@linaro.org
22
---
17
---
23
target/arm/ptw.c | 16 +++++++++++++---
18
target/arm/ptw.c | 89 +++++++++++++++++++++++++++++++++++++++---------
24
1 file changed, 13 insertions(+), 3 deletions(-)
19
1 file changed, 73 insertions(+), 16 deletions(-)
25
20
26
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
21
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
27
index XXXXXXX..XXXXXXX 100644
22
index XXXXXXX..XXXXXXX 100644
28
--- a/target/arm/ptw.c
23
--- a/target/arm/ptw.c
29
+++ b/target/arm/ptw.c
24
+++ b/target/arm/ptw.c
30
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
25
@@ -XXX,XX +XXX,XX @@ static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
26
* @mmu_idx: MMU index indicating required translation regime
27
* @is_aa64: TRUE if AArch64
28
* @ap: The 2-bit simple AP (AP[2:1])
29
- * @ns: NS (non-secure) bit
30
* @xn: XN (execute-never) bit
31
* @pxn: PXN (privileged execute-never) bit
32
+ * @in_pa: The original input pa space
33
+ * @out_pa: The output pa space, modified by NSTable, NS, and NSE
34
*/
35
static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
36
- int ap, int ns, int xn, int pxn)
37
+ int ap, int xn, int pxn,
38
+ ARMSecuritySpace in_pa, ARMSecuritySpace out_pa)
39
{
40
ARMCPU *cpu = env_archcpu(env);
41
bool is_user = regime_is_user(env, mmu_idx);
42
@@ -XXX,XX +XXX,XX @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
43
}
31
}
44
}
32
45
33
/*
46
- if (ns && arm_is_secure(env) && (env->cp15.scr_el3 & SCR_SIF)) {
34
- * Use the maximum of the S1 & S2 page size, so that invalidation
47
+ if (out_pa == ARMSS_NonSecure && in_pa == ARMSS_Secure &&
35
- * of pages > TARGET_PAGE_SIZE works correctly.
48
+ (env->cp15.scr_el3 & SCR_SIF)) {
36
+ * If either S1 or S2 returned a result smaller than TARGET_PAGE_SIZE,
49
return prot_rw;
37
+ * this means "don't put this in the TLB"; in this case, return a
38
+ * result with lg_page_size == 0 to achieve that. Otherwise,
39
+ * use the maximum of the S1 & S2 page size, so that invalidation
40
+ * of pages > TARGET_PAGE_SIZE works correctly. (This works even though
41
+ * we know the combined result permissions etc only cover the minimum
42
+ * of the S1 and S2 page size, because we know that the common TLB code
43
+ * never actually creates TLB entries bigger than TARGET_PAGE_SIZE,
44
+ * and passing a larger page size value only affects invalidations.)
45
*/
46
- if (result->f.lg_page_size < s1_lgpgsz) {
47
+ if (result->f.lg_page_size < TARGET_PAGE_BITS ||
48
+ s1_lgpgsz < TARGET_PAGE_BITS) {
49
+ result->f.lg_page_size = 0;
50
+ } else if (result->f.lg_page_size < s1_lgpgsz) {
51
result->f.lg_page_size = s1_lgpgsz;
52
}
50
}
53
51
52
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
53
int32_t stride;
54
int addrsize, inputsize, outputsize;
55
uint64_t tcr = regime_tcr(env, mmu_idx);
56
- int ap, ns, xn, pxn;
57
+ int ap, xn, pxn;
58
uint32_t el = regime_el(env, mmu_idx);
59
uint64_t descaddrmask;
60
bool aarch64 = arm_el_is_aa64(env, el);
61
uint64_t descriptor, new_descriptor;
62
+ ARMSecuritySpace out_space;
63
64
/* TODO: This code does not support shareability levels. */
65
if (aarch64) {
66
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
67
}
68
69
ap = extract32(attrs, 6, 2);
70
+ out_space = ptw->in_space;
71
if (regime_is_stage2(mmu_idx)) {
72
- ns = mmu_idx == ARMMMUIdx_Stage2;
73
+ /*
74
+ * R_GYNXY: For stage2 in Realm security state, bit 55 is NS.
75
+ * The bit remains ignored for other security states.
76
+ */
77
+ if (out_space == ARMSS_Realm && extract64(attrs, 55, 1)) {
78
+ out_space = ARMSS_NonSecure;
79
+ }
80
xn = extract64(attrs, 53, 2);
81
result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
82
} else {
83
- ns = extract32(attrs, 5, 1);
84
+ int nse, ns = extract32(attrs, 5, 1);
85
+ switch (out_space) {
86
+ case ARMSS_Root:
87
+ /*
88
+ * R_GVZML: Bit 11 becomes the NSE field in the EL3 regime.
89
+ * R_XTYPW: NSE and NS together select the output pa space.
90
+ */
91
+ nse = extract32(attrs, 11, 1);
92
+ out_space = (nse << 1) | ns;
93
+ if (out_space == ARMSS_Secure &&
94
+ !cpu_isar_feature(aa64_sel2, cpu)) {
95
+ out_space = ARMSS_NonSecure;
96
+ }
97
+ break;
98
+ case ARMSS_Secure:
99
+ if (ns) {
100
+ out_space = ARMSS_NonSecure;
101
+ }
102
+ break;
103
+ case ARMSS_Realm:
104
+ switch (mmu_idx) {
105
+ case ARMMMUIdx_Stage1_E0:
106
+ case ARMMMUIdx_Stage1_E1:
107
+ case ARMMMUIdx_Stage1_E1_PAN:
108
+ /* I_CZPRF: For Realm EL1&0 stage1, NS bit is RES0. */
109
+ break;
110
+ case ARMMMUIdx_E2:
111
+ case ARMMMUIdx_E20_0:
112
+ case ARMMMUIdx_E20_2:
113
+ case ARMMMUIdx_E20_2_PAN:
114
+ /*
115
+ * R_LYKFZ, R_WGRZN: For Realm EL2 and EL2&1,
116
+ * NS changes the output to non-secure space.
117
+ */
118
+ if (ns) {
119
+ out_space = ARMSS_NonSecure;
120
+ }
121
+ break;
122
+ default:
123
+ g_assert_not_reached();
124
+ }
125
+ break;
126
+ case ARMSS_NonSecure:
127
+ /* R_QRMFF: For NonSecure state, the NS bit is RES0. */
128
+ break;
129
+ default:
130
+ g_assert_not_reached();
131
+ }
132
xn = extract64(attrs, 54, 1);
133
pxn = extract64(attrs, 53, 1);
134
- result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
135
+
136
+ /*
137
+ * Note that we modified ptw->in_space earlier for NSTable, but
138
+ * result->f.attrs retains a copy of the original security space.
139
+ */
140
+ result->f.prot = get_S1prot(env, mmu_idx, aarch64, ap, xn, pxn,
141
+ result->f.attrs.space, out_space);
142
}
143
144
if (!(result->f.prot & (1 << access_type))) {
145
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
146
}
147
}
148
149
- if (ns) {
150
- /*
151
- * The NS bit will (as required by the architecture) have no effect if
152
- * the CPU doesn't support TZ or this is a non-secure translation
153
- * regime, because the attribute will already be non-secure.
154
- */
155
- result->f.attrs.secure = false;
156
- result->f.attrs.space = ARMSS_NonSecure;
157
- }
158
+ result->f.attrs.space = out_space;
159
+ result->f.attrs.secure = arm_space_is_secure(out_space);
160
161
if (regime_is_stage2(mmu_idx)) {
162
result->cacheattrs.is_s2_format = true;
54
--
163
--
55
2.25.1
164
2.34.1
diff view generated by jsdifflib
Deleted patch
1
From: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
2
1
3
Cores with PMSA have the MPUIR register which has the
4
same encoding as the MIDR alias with opc2=4. So we only
5
add that alias if we are not realizing a core that
6
implements PMSA.
7
8
Signed-off-by: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
11
Message-id: 20221206102504.165775-2-tobias.roehmel@rwth-aachen.de
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
14
target/arm/helper.c | 13 +++++++++----
15
1 file changed, 9 insertions(+), 4 deletions(-)
16
17
diff --git a/target/arm/helper.c b/target/arm/helper.c
18
index XXXXXXX..XXXXXXX 100644
19
--- a/target/arm/helper.c
20
+++ b/target/arm/helper.c
21
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
22
.access = PL1_R, .type = ARM_CP_NO_RAW, .resetvalue = cpu->midr,
23
.fieldoffset = offsetof(CPUARMState, cp15.c0_cpuid),
24
.readfn = midr_read },
25
- /* crn = 0 op1 = 0 crm = 0 op2 = 4,7 : AArch32 aliases of MIDR */
26
- { .name = "MIDR", .type = ARM_CP_ALIAS | ARM_CP_CONST,
27
- .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 4,
28
- .access = PL1_R, .resetvalue = cpu->midr },
29
+ /* crn = 0 op1 = 0 crm = 0 op2 = 7 : AArch32 aliases of MIDR */
30
{ .name = "MIDR", .type = ARM_CP_ALIAS | ARM_CP_CONST,
31
.cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 7,
32
.access = PL1_R, .resetvalue = cpu->midr },
33
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
34
.accessfn = access_aa64_tid1,
35
.type = ARM_CP_CONST, .resetvalue = cpu->revidr },
36
};
37
+ ARMCPRegInfo id_v8_midr_alias_cp_reginfo = {
38
+ .name = "MIDR", .type = ARM_CP_ALIAS | ARM_CP_CONST,
39
+ .cp = 15, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 4,
40
+ .access = PL1_R, .resetvalue = cpu->midr
41
+ };
42
ARMCPRegInfo id_cp_reginfo[] = {
43
/* These are common to v8 and pre-v8 */
44
{ .name = "CTR",
45
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
46
}
47
if (arm_feature(env, ARM_FEATURE_V8)) {
48
define_arm_cp_regs(cpu, id_v8_midr_cp_reginfo);
49
+ if (!arm_feature(env, ARM_FEATURE_PMSA)) {
50
+ define_one_arm_cp_reg(cpu, &id_v8_midr_alias_cp_reginfo);
51
+ }
52
} else {
53
define_arm_cp_regs(cpu, id_pre_v8_midr_cp_reginfo);
54
}
55
--
56
2.25.1
57
58
diff view generated by jsdifflib
1
From: Axel Heider <axel.heider@hensoldt.net>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
The CNT register is a read-only register. There is no need to
3
While Root and Realm may read and write data from other spaces,
4
store it's value, it can be calculated on demand.
4
neither may execute from other pa spaces.
5
The calculated frequency is needed temporarily only.
6
5
7
Note that this is a migration compatibility break for all boards
6
This happens for Stage1 EL3, EL2, EL2&0, and Stage2 EL1&0.
8
types that use the EPIT peripheral.
9
7
10
Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20230620124418.805717-14-richard.henderson@linaro.org
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
12
---
14
include/hw/timer/imx_epit.h | 2 -
13
target/arm/ptw.c | 52 ++++++++++++++++++++++++++++++++++++++++++------
15
hw/timer/imx_epit.c | 73 ++++++++++++++-----------------------
14
1 file changed, 46 insertions(+), 6 deletions(-)
16
2 files changed, 28 insertions(+), 47 deletions(-)
17
15
18
diff --git a/include/hw/timer/imx_epit.h b/include/hw/timer/imx_epit.h
16
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
19
index XXXXXXX..XXXXXXX 100644
17
index XXXXXXX..XXXXXXX 100644
20
--- a/include/hw/timer/imx_epit.h
18
--- a/target/arm/ptw.c
21
+++ b/include/hw/timer/imx_epit.h
19
+++ b/target/arm/ptw.c
22
@@ -XXX,XX +XXX,XX @@ struct IMXEPITState {
20
@@ -XXX,XX +XXX,XX @@ do_fault:
23
uint32_t sr;
21
* @xn: XN (execute-never) bits
24
uint32_t lr;
22
* @s1_is_el0: true if this is S2 of an S1+2 walk for EL0
25
uint32_t cmp;
23
*/
26
- uint32_t cnt;
24
-static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
27
25
+static int get_S2prot_noexecute(int s2ap)
28
- uint32_t freq;
26
{
29
qemu_irq irq;
27
int prot = 0;
30
};
28
31
29
@@ -XXX,XX +XXX,XX @@ static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
32
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
30
if (s2ap & 2) {
33
index XXXXXXX..XXXXXXX 100644
31
prot |= PAGE_WRITE;
34
--- a/hw/timer/imx_epit.c
35
+++ b/hw/timer/imx_epit.c
36
@@ -XXX,XX +XXX,XX @@ static void imx_epit_update_int(IMXEPITState *s)
37
}
32
}
38
}
33
+ return prot;
39
34
+}
40
-/*
41
- * Must be called from within a ptimer_transaction_begin/commit block
42
- * for both s->timer_cmp and s->timer_reload.
43
- */
44
-static void imx_epit_set_freq(IMXEPITState *s)
45
+static uint32_t imx_epit_get_freq(IMXEPITState *s)
46
{
47
- uint32_t clksrc;
48
- uint32_t prescaler;
49
-
50
- clksrc = extract32(s->cr, CR_CLKSRC_SHIFT, CR_CLKSRC_BITS);
51
- prescaler = 1 + extract32(s->cr, CR_PRESCALE_SHIFT, CR_PRESCALE_BITS);
52
-
53
- s->freq = imx_ccm_get_clock_frequency(s->ccm,
54
- imx_epit_clocks[clksrc]) / prescaler;
55
-
56
- DPRINTF("Setting ptimer frequency to %u\n", s->freq);
57
-
58
- if (s->freq) {
59
- ptimer_set_freq(s->timer_reload, s->freq);
60
- ptimer_set_freq(s->timer_cmp, s->freq);
61
- }
62
+ uint32_t clksrc = extract32(s->cr, CR_CLKSRC_SHIFT, CR_CLKSRC_BITS);
63
+ uint32_t prescaler = 1 + extract32(s->cr, CR_PRESCALE_SHIFT, CR_PRESCALE_BITS);
64
+ uint32_t f_in = imx_ccm_get_clock_frequency(s->ccm, imx_epit_clocks[clksrc]);
65
+ uint32_t freq = f_in / prescaler;
66
+ DPRINTF("ptimer frequency is %u\n", freq);
67
+ return freq;
68
}
69
70
/*
71
@@ -XXX,XX +XXX,XX @@ static void imx_epit_reset(IMXEPITState *s, bool is_hard_reset)
72
s->sr = 0;
73
s->lr = EPIT_TIMER_MAX;
74
s->cmp = 0;
75
- s->cnt = 0;
76
ptimer_transaction_begin(s->timer_cmp);
77
ptimer_transaction_begin(s->timer_reload);
78
- /* stop both timers */
79
+
35
+
80
+ /*
36
+static int get_S2prot(CPUARMState *env, int s2ap, int xn, bool s1_is_el0)
81
+ * The reset switches off the input clock, so even if the CR.EN is still
37
+{
82
+ * set, the timers are no longer running.
38
+ int prot = get_S2prot_noexecute(s2ap);
83
+ */
39
84
+ assert(imx_epit_get_freq(s) == 0);
40
if (cpu_isar_feature(any_tts2uxn, env_archcpu(env))) {
85
ptimer_stop(s->timer_cmp);
41
switch (xn) {
86
ptimer_stop(s->timer_reload);
42
@@ -XXX,XX +XXX,XX @@ static int get_S1prot(CPUARMState *env, ARMMMUIdx mmu_idx, bool is_aa64,
87
- /* compute new frequency */
43
}
88
- imx_epit_set_freq(s);
44
}
89
/* init both timers to EPIT_TIMER_MAX */
45
90
ptimer_set_limit(s->timer_cmp, EPIT_TIMER_MAX, 1);
46
- if (out_pa == ARMSS_NonSecure && in_pa == ARMSS_Secure &&
91
ptimer_set_limit(s->timer_reload, EPIT_TIMER_MAX, 1);
47
- (env->cp15.scr_el3 & SCR_SIF)) {
92
- if (s->freq && (s->cr & CR_EN)) {
48
- return prot_rw;
93
- /* if the timer is still enabled, restart it */
49
+ if (in_pa != out_pa) {
94
- ptimer_run(s->timer_reload, 0);
50
+ switch (in_pa) {
95
- }
51
+ case ARMSS_Root:
96
ptimer_transaction_commit(s->timer_cmp);
52
+ /*
97
ptimer_transaction_commit(s->timer_reload);
53
+ * R_ZWRVD: permission fault for insn fetched from non-Root,
98
}
54
+ * I_WWBFB: SIF has no effect in EL3.
99
55
+ */
100
-static uint32_t imx_epit_update_count(IMXEPITState *s)
56
+ return prot_rw;
101
-{
57
+ case ARMSS_Realm:
102
- s->cnt = ptimer_get_count(s->timer_reload);
58
+ /*
103
-
59
+ * R_PKTDS: permission fault for insn fetched from non-Realm,
104
- return s->cnt;
60
+ * for Realm EL2 or EL2&0. The corresponding fault for EL1&0
105
-}
61
+ * happens during any stage2 translation.
106
-
62
+ */
107
static uint64_t imx_epit_read(void *opaque, hwaddr offset, unsigned size)
63
+ switch (mmu_idx) {
108
{
64
+ case ARMMMUIdx_E2:
109
IMXEPITState *s = IMX_EPIT(opaque);
65
+ case ARMMMUIdx_E20_0:
110
@@ -XXX,XX +XXX,XX @@ static uint64_t imx_epit_read(void *opaque, hwaddr offset, unsigned size)
66
+ case ARMMMUIdx_E20_2:
111
break;
67
+ case ARMMMUIdx_E20_2_PAN:
112
68
+ return prot_rw;
113
case 4: /* CNT */
69
+ default:
114
- imx_epit_update_count(s);
70
+ break;
115
- reg_value = s->cnt;
71
+ }
116
+ reg_value = ptimer_get_count(s->timer_reload);
72
+ break;
117
break;
73
+ case ARMSS_Secure:
118
74
+ if (env->cp15.scr_el3 & SCR_SIF) {
119
default:
75
+ return prot_rw;
120
@@ -XXX,XX +XXX,XX @@ static void imx_epit_reload_compare_timer(IMXEPITState *s)
76
+ }
121
{
77
+ break;
122
if ((s->cr & (CR_EN | CR_OCIEN)) == (CR_EN | CR_OCIEN)) {
78
+ default:
123
/* if the compare feature is on and timers are running */
79
+ /* Input NonSecure must have output NonSecure. */
124
- uint32_t tmp = imx_epit_update_count(s);
80
+ g_assert_not_reached();
125
+ uint32_t tmp = ptimer_get_count(s->timer_reload);
126
uint64_t next;
127
if (tmp > s->cmp) {
128
/* It'll fire in this round of the timer */
129
@@ -XXX,XX +XXX,XX @@ static void imx_epit_reload_compare_timer(IMXEPITState *s)
130
131
static void imx_epit_write_cr(IMXEPITState *s, uint32_t value)
132
{
133
+ uint32_t freq = 0;
134
uint32_t oldcr = s->cr;
135
136
s->cr = value & 0x03ffffff;
137
@@ -XXX,XX +XXX,XX @@ static void imx_epit_write_cr(IMXEPITState *s, uint32_t value)
138
ptimer_transaction_begin(s->timer_cmp);
139
ptimer_transaction_begin(s->timer_reload);
140
141
- /* Update the frequency. Has been done already in case of a reset. */
142
+ /*
143
+ * Update the frequency. In case of a reset the input clock was
144
+ * switched off, so this can be skipped.
145
+ */
146
if (!(s->cr & CR_SWR)) {
147
- imx_epit_set_freq(s);
148
+ freq = imx_epit_get_freq(s);
149
+ if (freq) {
150
+ ptimer_set_freq(s->timer_reload, freq);
151
+ ptimer_set_freq(s->timer_cmp, freq);
152
+ }
81
+ }
153
}
82
}
154
83
155
- if (s->freq && (s->cr & CR_EN) && !(oldcr & CR_EN)) {
84
/* TODO have_wxn should be replaced with
156
+ if (freq && (s->cr & CR_EN) && !(oldcr & CR_EN)) {
85
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
157
if (s->cr & CR_ENMOD) {
86
/*
158
if (s->cr & CR_RLD) {
87
* R_GYNXY: For stage2 in Realm security state, bit 55 is NS.
159
ptimer_set_limit(s->timer_reload, s->lr, 1);
88
* The bit remains ignored for other security states.
160
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps imx_epit_ops = {
89
+ * R_YMCSL: Executing an insn fetched from non-Realm causes
161
90
+ * a stage2 permission fault.
162
static const VMStateDescription vmstate_imx_timer_epit = {
91
*/
163
.name = TYPE_IMX_EPIT,
92
if (out_space == ARMSS_Realm && extract64(attrs, 55, 1)) {
164
- .version_id = 2,
93
out_space = ARMSS_NonSecure;
165
- .minimum_version_id = 2,
94
+ result->f.prot = get_S2prot_noexecute(ap);
166
+ .version_id = 3,
95
+ } else {
167
+ .minimum_version_id = 3,
96
+ xn = extract64(attrs, 53, 2);
168
.fields = (VMStateField[]) {
97
+ result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
169
VMSTATE_UINT32(cr, IMXEPITState),
98
}
170
VMSTATE_UINT32(sr, IMXEPITState),
99
- xn = extract64(attrs, 53, 2);
171
VMSTATE_UINT32(lr, IMXEPITState),
100
- result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
172
VMSTATE_UINT32(cmp, IMXEPITState),
101
} else {
173
- VMSTATE_UINT32(cnt, IMXEPITState),
102
int nse, ns = extract32(attrs, 5, 1);
174
- VMSTATE_UINT32(freq, IMXEPITState),
103
switch (out_space) {
175
VMSTATE_PTIMER(timer_reload, IMXEPITState),
176
VMSTATE_PTIMER(timer_cmp, IMXEPITState),
177
VMSTATE_END_OF_LIST()
178
--
104
--
179
2.25.1
105
2.34.1
diff view generated by jsdifflib
1
From: Axel Heider <axel.heider@hensoldt.net>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
3
Do not provide a fast-path for physical addresses,
4
as those will need to be validated for GPC.
2
5
3
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20230620124418.805717-15-richard.henderson@linaro.org
4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
5
---
10
---
6
include/hw/timer/imx_epit.h | 2 ++
11
target/arm/ptw.c | 44 +++++++++++++++++---------------------------
7
hw/timer/imx_epit.c | 12 ++++++------
12
1 file changed, 17 insertions(+), 27 deletions(-)
8
2 files changed, 8 insertions(+), 6 deletions(-)
9
13
10
diff --git a/include/hw/timer/imx_epit.h b/include/hw/timer/imx_epit.h
14
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
11
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
12
--- a/include/hw/timer/imx_epit.h
16
--- a/target/arm/ptw.c
13
+++ b/include/hw/timer/imx_epit.h
17
+++ b/target/arm/ptw.c
14
@@ -XXX,XX +XXX,XX @@
18
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
15
#define CR_CLKSRC_SHIFT (24)
19
* From gdbstub, do not use softmmu so that we don't modify the
16
#define CR_CLKSRC_BITS (2)
20
* state of the cpu at all, including softmmu tlb contents.
17
21
*/
18
+#define SR_OCIF (1 << 0)
22
- if (regime_is_stage2(s2_mmu_idx)) {
19
+
23
- S1Translate s2ptw = {
20
#define EPIT_TIMER_MAX 0XFFFFFFFFUL
24
- .in_mmu_idx = s2_mmu_idx,
21
25
- .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
22
#define TYPE_IMX_EPIT "imx.epit"
26
- .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
23
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
27
- .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure
24
index XXXXXXX..XXXXXXX 100644
28
- : space == ARMSS_Realm ? ARMSS_Realm
25
--- a/hw/timer/imx_epit.c
29
- : ARMSS_NonSecure),
26
+++ b/hw/timer/imx_epit.c
30
- .in_debug = true,
27
@@ -XXX,XX +XXX,XX @@ static const IMXClk imx_epit_clocks[] = {
31
- };
28
*/
32
- GetPhysAddrResult s2 = { };
29
static void imx_epit_update_int(IMXEPITState *s)
33
+ S1Translate s2ptw = {
30
{
34
+ .in_mmu_idx = s2_mmu_idx,
31
- if (s->sr && (s->cr & CR_OCIEN) && (s->cr & CR_EN)) {
35
+ .in_ptw_idx = ptw_idx_for_stage_2(env, s2_mmu_idx),
32
+ if ((s->sr & SR_OCIF) && (s->cr & CR_OCIEN) && (s->cr & CR_EN)) {
36
+ .in_secure = s2_mmu_idx == ARMMMUIdx_Stage2_S,
33
qemu_irq_raise(s->irq);
37
+ .in_space = (s2_mmu_idx == ARMMMUIdx_Stage2_S ? ARMSS_Secure
38
+ : space == ARMSS_Realm ? ARMSS_Realm
39
+ : ARMSS_NonSecure),
40
+ .in_debug = true,
41
+ };
42
+ GetPhysAddrResult s2 = { };
43
44
- if (get_phys_addr_lpae(env, &s2ptw, addr, MMU_DATA_LOAD,
45
- false, &s2, fi)) {
46
- goto fail;
47
- }
48
- ptw->out_phys = s2.f.phys_addr;
49
- pte_attrs = s2.cacheattrs.attrs;
50
- ptw->out_secure = s2.f.attrs.secure;
51
- ptw->out_space = s2.f.attrs.space;
52
- } else {
53
- /* Regime is physical. */
54
- ptw->out_phys = addr;
55
- pte_attrs = 0;
56
- ptw->out_secure = s2_mmu_idx == ARMMMUIdx_Phys_S;
57
- ptw->out_space = (s2_mmu_idx == ARMMMUIdx_Phys_S ? ARMSS_Secure
58
- : space == ARMSS_Realm ? ARMSS_Realm
59
- : ARMSS_NonSecure);
60
+ if (get_phys_addr_with_struct(env, &s2ptw, addr,
61
+ MMU_DATA_LOAD, &s2, fi)) {
62
+ goto fail;
63
}
64
+ ptw->out_phys = s2.f.phys_addr;
65
+ pte_attrs = s2.cacheattrs.attrs;
66
ptw->out_host = NULL;
67
ptw->out_rw = false;
68
+ ptw->out_secure = s2.f.attrs.secure;
69
+ ptw->out_space = s2.f.attrs.space;
34
} else {
70
} else {
35
qemu_irq_lower(s->irq);
71
#ifdef CONFIG_TCG
36
@@ -XXX,XX +XXX,XX @@ static void imx_epit_write(void *opaque, hwaddr offset, uint64_t value,
72
CPUTLBEntryFull *full;
37
break;
38
39
case 1: /* SR - ACK*/
40
- /* writing 1 to OCIF clears the OCIF bit */
41
- if (value & 0x01) {
42
- s->sr = 0;
43
+ /* writing 1 to SR.OCIF clears this bit and turns the interrupt off */
44
+ if (value & SR_OCIF) {
45
+ s->sr = 0; /* SR.OCIF is the only bit in this register anyway */
46
imx_epit_update_int(s);
47
}
48
break;
49
@@ -XXX,XX +XXX,XX @@ static void imx_epit_cmp(void *opaque)
50
IMXEPITState *s = IMX_EPIT(opaque);
51
52
DPRINTF("sr was %d\n", s->sr);
53
-
54
- s->sr = 1;
55
+ /* Set interrupt status bit SR.OCIF and update the interrupt state */
56
+ s->sr |= SR_OCIF;
57
imx_epit_update_int(s);
58
}
59
60
--
73
--
61
2.25.1
74
2.34.1
diff view generated by jsdifflib
1
From: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
The v8R PMSAv8 has a two-stage MPU translation process, but, unlike
3
Instead of passing this to get_phys_addr_lpae, stash it
4
VMSAv8, the stage 2 attributes are in the same format as the stage 1
4
in the S1Translate structure.
5
attributes (8-bit MAIR format). Rather than converting the MAIR
6
format to the format used for VMSA stage 2 (bits [5:2] of a VMSA
7
stage 2 descriptor) and then converting back to do the attribute
8
combination, allow combined_attrs_nofwb() to accept s2 attributes
9
that are already in the MAIR format.
10
5
11
We move the assert() to combined_attrs_fwb(), because that function
6
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
12
really does require a VMSA stage 2 attribute format. (We will never
13
get there for v8R, because PMSAv8 does not implement FEAT_S2FWB.)
14
15
Signed-off-by: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
16
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
17
Message-id: 20221206102504.165775-4-tobias.roehmel@rwth-aachen.de
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20230620124418.805717-16-richard.henderson@linaro.org
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
---
11
---
20
target/arm/ptw.c | 10 ++++++++--
12
target/arm/ptw.c | 27 ++++++++++++---------------
21
1 file changed, 8 insertions(+), 2 deletions(-)
13
1 file changed, 12 insertions(+), 15 deletions(-)
22
14
23
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
15
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
24
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
25
--- a/target/arm/ptw.c
17
--- a/target/arm/ptw.c
26
+++ b/target/arm/ptw.c
18
+++ b/target/arm/ptw.c
27
@@ -XXX,XX +XXX,XX @@ static uint8_t combined_attrs_nofwb(uint64_t hcr,
19
@@ -XXX,XX +XXX,XX @@ typedef struct S1Translate {
20
ARMSecuritySpace in_space;
21
bool in_secure;
22
bool in_debug;
23
+ /*
24
+ * If this is stage 2 of a stage 1+2 page table walk, then this must
25
+ * be true if stage 1 is an EL0 access; otherwise this is ignored.
26
+ * Stage 2 is indicated by in_mmu_idx set to ARMMMUIdx_Stage2{,_S}.
27
+ */
28
+ bool in_s1_is_el0;
29
bool out_secure;
30
bool out_rw;
31
bool out_be;
32
@@ -XXX,XX +XXX,XX @@ typedef struct S1Translate {
33
} S1Translate;
34
35
static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
36
- uint64_t address,
37
- MMUAccessType access_type, bool s1_is_el0,
38
+ uint64_t address, MMUAccessType access_type,
39
GetPhysAddrResult *result, ARMMMUFaultInfo *fi);
40
41
static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
42
@@ -XXX,XX +XXX,XX @@ static int check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, uint64_t tcr,
43
* @ptw: Current and next stage parameters for the walk.
44
* @address: virtual address to get physical address for
45
* @access_type: MMU_DATA_LOAD, MMU_DATA_STORE or MMU_INST_FETCH
46
- * @s1_is_el0: if @ptw->in_mmu_idx is ARMMMUIdx_Stage2
47
- * (so this is a stage 2 page table walk),
48
- * must be true if this is stage 2 of a stage 1+2
49
- * walk for an EL0 access. If @mmu_idx is anything else,
50
- * @s1_is_el0 is ignored.
51
* @result: set on translation success,
52
* @fi: set to fault info if the translation fails
53
*/
54
static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
55
uint64_t address,
56
- MMUAccessType access_type, bool s1_is_el0,
57
+ MMUAccessType access_type,
58
GetPhysAddrResult *result, ARMMMUFaultInfo *fi)
28
{
59
{
29
uint8_t s1lo, s2lo, s1hi, s2hi, s2_mair_attrs, ret_attrs;
60
ARMCPU *cpu = env_archcpu(env);
30
61
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
31
- s2_mair_attrs = convert_stage2_attrs(hcr, s2.attrs);
62
result->f.prot = get_S2prot_noexecute(ap);
32
+ if (s2.is_s2_format) {
63
} else {
33
+ s2_mair_attrs = convert_stage2_attrs(hcr, s2.attrs);
64
xn = extract64(attrs, 53, 2);
34
+ } else {
65
- result->f.prot = get_S2prot(env, ap, xn, s1_is_el0);
35
+ s2_mair_attrs = s2.attrs;
66
+ result->f.prot = get_S2prot(env, ap, xn, ptw->in_s1_is_el0);
36
+ }
67
}
37
68
} else {
38
s1lo = extract32(s1.attrs, 0, 4);
69
int nse, ns = extract32(attrs, 5, 1);
39
s2lo = extract32(s2_mair_attrs, 0, 4);
70
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
40
@@ -XXX,XX +XXX,XX @@ static uint8_t force_cacheattr_nibble_wb(uint8_t attr)
71
bool ret, ipa_secure;
41
*/
72
ARMCacheAttrs cacheattrs1;
42
static uint8_t combined_attrs_fwb(ARMCacheAttrs s1, ARMCacheAttrs s2)
73
ARMSecuritySpace ipa_space;
43
{
74
- bool is_el0;
44
+ assert(s2.is_s2_format && !s1.is_s2_format);
75
uint64_t hcr;
45
+
76
46
switch (s2.attrs) {
77
ret = get_phys_addr_with_struct(env, ptw, address, access_type, result, fi);
47
case 7:
78
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
48
/* Use stage 1 attributes */
79
ipa_secure = result->f.attrs.secure;
49
@@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr,
80
ipa_space = result->f.attrs.space;
50
ARMCacheAttrs ret;
81
51
bool tagged = false;
82
- is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
52
83
+ ptw->in_s1_is_el0 = ptw->in_mmu_idx == ARMMMUIdx_Stage1_E0;
53
- assert(s2.is_s2_format && !s1.is_s2_format);
84
ptw->in_mmu_idx = ipa_secure ? ARMMMUIdx_Stage2_S : ARMMMUIdx_Stage2;
54
+ assert(!s1.is_s2_format);
85
ptw->in_secure = ipa_secure;
55
ret.is_s2_format = false;
86
ptw->in_space = ipa_space;
56
87
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
57
if (s1.attrs == 0xf0) {
88
ret = get_phys_addr_pmsav8(env, ipa, access_type,
89
ptw->in_mmu_idx, is_secure, result, fi);
90
} else {
91
- ret = get_phys_addr_lpae(env, ptw, ipa, access_type,
92
- is_el0, result, fi);
93
+ ret = get_phys_addr_lpae(env, ptw, ipa, access_type, result, fi);
94
}
95
fi->s2addr = ipa;
96
97
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
98
}
99
100
if (regime_using_lpae_format(env, mmu_idx)) {
101
- return get_phys_addr_lpae(env, ptw, address, access_type, false,
102
- result, fi);
103
+ return get_phys_addr_lpae(env, ptw, address, access_type, result, fi);
104
} else if (arm_feature(env, ARM_FEATURE_V7) ||
105
regime_sctlr(env, mmu_idx) & SCTLR_XP) {
106
return get_phys_addr_v6(env, ptw, address, access_type, result, fi);
58
--
107
--
59
2.25.1
108
2.34.1
60
109
61
110
diff view generated by jsdifflib
1
From: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Add PMSAv8r translation.
3
This fixes a bug in which we failed to initialize
4
the result attributes properly after the memset.
4
5
5
Signed-off-by: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Message-id: 20221206102504.165775-7-tobias.roehmel@rwth-aachen.de
7
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20230620124418.805717-17-richard.henderson@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
11
---
10
target/arm/ptw.c | 126 ++++++++++++++++++++++++++++++++++++++---------
12
target/arm/ptw.c | 11 +----------
11
1 file changed, 104 insertions(+), 22 deletions(-)
13
1 file changed, 1 insertion(+), 10 deletions(-)
12
14
13
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
15
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
14
index XXXXXXX..XXXXXXX 100644
16
index XXXXXXX..XXXXXXX 100644
15
--- a/target/arm/ptw.c
17
--- a/target/arm/ptw.c
16
+++ b/target/arm/ptw.c
18
+++ b/target/arm/ptw.c
17
@@ -XXX,XX +XXX,XX @@ static bool pmsav7_use_background_region(ARMCPU *cpu, ARMMMUIdx mmu_idx,
19
@@ -XXX,XX +XXX,XX @@ typedef struct S1Translate {
18
20
void *out_host;
19
if (arm_feature(env, ARM_FEATURE_M)) {
21
} S1Translate;
20
return env->v7m.mpu_ctrl[is_secure] & R_V7M_MPU_CTRL_PRIVDEFENA_MASK;
22
21
- } else {
23
-static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw,
22
- return regime_sctlr(env, mmu_idx) & SCTLR_BR;
24
- uint64_t address, MMUAccessType access_type,
23
}
25
- GetPhysAddrResult *result, ARMMMUFaultInfo *fi);
24
+
26
-
25
+ if (mmu_idx == ARMMMUIdx_Stage2) {
27
static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
26
+ return false;
28
target_ulong address,
27
+ }
29
MMUAccessType access_type,
28
+
29
+ return regime_sctlr(env, mmu_idx) & SCTLR_BR;
30
}
31
32
static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
33
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
34
return !(result->f.prot & (1 << access_type));
35
}
36
37
+static uint32_t *regime_rbar(CPUARMState *env, ARMMMUIdx mmu_idx,
38
+ uint32_t secure)
39
+{
40
+ if (regime_el(env, mmu_idx) == 2) {
41
+ return env->pmsav8.hprbar;
42
+ } else {
43
+ return env->pmsav8.rbar[secure];
44
+ }
45
+}
46
+
47
+static uint32_t *regime_rlar(CPUARMState *env, ARMMMUIdx mmu_idx,
48
+ uint32_t secure)
49
+{
50
+ if (regime_el(env, mmu_idx) == 2) {
51
+ return env->pmsav8.hprlar;
52
+ } else {
53
+ return env->pmsav8.rlar[secure];
54
+ }
55
+}
56
+
57
bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
58
MMUAccessType access_type, ARMMMUIdx mmu_idx,
59
bool secure, GetPhysAddrResult *result,
60
@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
61
bool hit = false;
62
uint32_t addr_page_base = address & TARGET_PAGE_MASK;
63
uint32_t addr_page_limit = addr_page_base + (TARGET_PAGE_SIZE - 1);
64
+ int region_counter;
65
+
66
+ if (regime_el(env, mmu_idx) == 2) {
67
+ region_counter = cpu->pmsav8r_hdregion;
68
+ } else {
69
+ region_counter = cpu->pmsav7_dregion;
70
+ }
71
72
result->f.lg_page_size = TARGET_PAGE_BITS;
73
result->f.phys_addr = address;
74
@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
75
*mregion = -1;
76
}
77
78
+ if (mmu_idx == ARMMMUIdx_Stage2) {
79
+ fi->stage2 = true;
80
+ }
81
+
82
/*
83
* Unlike the ARM ARM pseudocode, we don't need to check whether this
84
* was an exception vector read from the vector table (which is always
85
@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
86
hit = true;
87
}
88
89
- for (n = (int)cpu->pmsav7_dregion - 1; n >= 0; n--) {
90
+ uint32_t bitmask;
91
+ if (arm_feature(env, ARM_FEATURE_M)) {
92
+ bitmask = 0x1f;
93
+ } else {
94
+ bitmask = 0x3f;
95
+ fi->level = 0;
96
+ }
97
+
98
+ for (n = region_counter - 1; n >= 0; n--) {
99
/* region search */
100
/*
101
- * Note that the base address is bits [31:5] from the register
102
- * with bits [4:0] all zeroes, but the limit address is bits
103
- * [31:5] from the register with bits [4:0] all ones.
104
+ * Note that the base address is bits [31:x] from the register
105
+ * with bits [x-1:0] all zeroes, but the limit address is bits
106
+ * [31:x] from the register with bits [x:0] all ones. Where x is
107
+ * 5 for Cortex-M and 6 for Cortex-R
108
*/
109
- uint32_t base = env->pmsav8.rbar[secure][n] & ~0x1f;
110
- uint32_t limit = env->pmsav8.rlar[secure][n] | 0x1f;
111
+ uint32_t base = regime_rbar(env, mmu_idx, secure)[n] & ~bitmask;
112
+ uint32_t limit = regime_rlar(env, mmu_idx, secure)[n] | bitmask;
113
114
- if (!(env->pmsav8.rlar[secure][n] & 0x1)) {
115
+ if (!(regime_rlar(env, mmu_idx, secure)[n] & 0x1)) {
116
/* Region disabled */
117
continue;
118
}
119
@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
120
* PMSAv7 where highest-numbered-region wins)
121
*/
122
fi->type = ARMFault_Permission;
123
- fi->level = 1;
124
+ if (arm_feature(env, ARM_FEATURE_M)) {
125
+ fi->level = 1;
126
+ }
127
return true;
128
}
129
130
@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
131
}
132
133
if (!hit) {
134
- /* background fault */
135
- fi->type = ARMFault_Background;
136
+ if (arm_feature(env, ARM_FEATURE_M)) {
137
+ fi->type = ARMFault_Background;
138
+ } else {
139
+ fi->type = ARMFault_Permission;
140
+ }
141
return true;
142
}
143
144
@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
145
/* hit using the background region */
146
get_phys_addr_pmsav7_default(env, mmu_idx, address, &result->f.prot);
147
} else {
148
- uint32_t ap = extract32(env->pmsav8.rbar[secure][matchregion], 1, 2);
149
- uint32_t xn = extract32(env->pmsav8.rbar[secure][matchregion], 0, 1);
150
+ uint32_t matched_rbar = regime_rbar(env, mmu_idx, secure)[matchregion];
151
+ uint32_t matched_rlar = regime_rlar(env, mmu_idx, secure)[matchregion];
152
+ uint32_t ap = extract32(matched_rbar, 1, 2);
153
+ uint32_t xn = extract32(matched_rbar, 0, 1);
154
bool pxn = false;
155
156
if (arm_feature(env, ARM_FEATURE_V8_1M)) {
157
- pxn = extract32(env->pmsav8.rlar[secure][matchregion], 4, 1);
158
+ pxn = extract32(matched_rlar, 4, 1);
159
}
160
161
if (m_is_system_region(env, address)) {
162
@@ -XXX,XX +XXX,XX @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
163
xn = 1;
164
}
165
166
- result->f.prot = simple_ap_to_rw_prot(env, mmu_idx, ap);
167
+ if (regime_el(env, mmu_idx) == 2) {
168
+ result->f.prot = simple_ap_to_rw_prot_is_user(ap,
169
+ mmu_idx != ARMMMUIdx_E2);
170
+ } else {
171
+ result->f.prot = simple_ap_to_rw_prot(env, mmu_idx, ap);
172
+ }
173
+
174
+ if (!arm_feature(env, ARM_FEATURE_M)) {
175
+ uint8_t attrindx = extract32(matched_rlar, 1, 3);
176
+ uint64_t mair = env->cp15.mair_el[regime_el(env, mmu_idx)];
177
+ uint8_t sh = extract32(matched_rlar, 3, 2);
178
+
179
+ if (regime_sctlr(env, mmu_idx) & SCTLR_WXN &&
180
+ result->f.prot & PAGE_WRITE && mmu_idx != ARMMMUIdx_Stage2) {
181
+ xn = 0x1;
182
+ }
183
+
184
+ if ((regime_el(env, mmu_idx) == 1) &&
185
+ regime_sctlr(env, mmu_idx) & SCTLR_UWXN && ap == 0x1) {
186
+ pxn = 0x1;
187
+ }
188
+
189
+ result->cacheattrs.is_s2_format = false;
190
+ result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8);
191
+ result->cacheattrs.shareability = sh;
192
+ }
193
+
194
if (result->f.prot && !xn && !(pxn && !is_user)) {
195
result->f.prot |= PAGE_EXEC;
196
}
197
- /*
198
- * We don't need to look the attribute up in the MAIR0/MAIR1
199
- * registers because that only tells us about cacheability.
200
- */
201
+
202
if (mregion) {
203
*mregion = matchregion;
204
}
205
}
206
207
fi->type = ARMFault_Permission;
208
- fi->level = 1;
209
+ if (arm_feature(env, ARM_FEATURE_M)) {
210
+ fi->level = 1;
211
+ }
212
return !(result->f.prot & (1 << access_type));
213
}
214
215
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
30
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
216
cacheattrs1 = result->cacheattrs;
31
cacheattrs1 = result->cacheattrs;
217
memset(result, 0, sizeof(*result));
32
memset(result, 0, sizeof(*result));
218
33
219
- ret = get_phys_addr_lpae(env, ptw, ipa, access_type, is_el0, result, fi);
34
- if (arm_feature(env, ARM_FEATURE_PMSA)) {
220
+ if (arm_feature(env, ARM_FEATURE_PMSA)) {
35
- ret = get_phys_addr_pmsav8(env, ipa, access_type,
221
+ ret = get_phys_addr_pmsav8(env, ipa, access_type,
36
- ptw->in_mmu_idx, is_secure, result, fi);
222
+ ptw->in_mmu_idx, is_secure, result, fi);
37
- } else {
223
+ } else {
38
- ret = get_phys_addr_lpae(env, ptw, ipa, access_type, result, fi);
224
+ ret = get_phys_addr_lpae(env, ptw, ipa, access_type,
39
- }
225
+ is_el0, result, fi);
40
+ ret = get_phys_addr_with_struct(env, ptw, ipa, access_type, result, fi);
226
+ }
227
fi->s2addr = ipa;
41
fi->s2addr = ipa;
228
42
229
/* Combine the S1 and S2 perms. */
43
/* Combine the S1 and S2 perms. */
230
--
44
--
231
2.25.1
45
2.34.1
232
46
233
47
diff view generated by jsdifflib
1
From: Jean-Christophe Dubois <jcd@tribudubois.net>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
The i.MX6UL doesn't support CLK_HIGH ou CLK_HIGH_DIV clock source.
3
The function takes the fields as filled in by
4
the Arm ARM pseudocode for TakeGPCException.
4
5
5
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20230620124418.805717-18-richard.henderson@linaro.org
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
10
---
9
include/hw/timer/imx_gpt.h | 1 +
11
target/arm/syndrome.h | 10 ++++++++++
10
hw/arm/fsl-imx6ul.c | 2 +-
12
1 file changed, 10 insertions(+)
11
hw/misc/imx6ul_ccm.c | 6 ------
12
hw/timer/imx_gpt.c | 25 +++++++++++++++++++++++++
13
4 files changed, 27 insertions(+), 7 deletions(-)
14
13
15
diff --git a/include/hw/timer/imx_gpt.h b/include/hw/timer/imx_gpt.h
14
diff --git a/target/arm/syndrome.h b/target/arm/syndrome.h
16
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
17
--- a/include/hw/timer/imx_gpt.h
16
--- a/target/arm/syndrome.h
18
+++ b/include/hw/timer/imx_gpt.h
17
+++ b/target/arm/syndrome.h
19
@@ -XXX,XX +XXX,XX @@
18
@@ -XXX,XX +XXX,XX @@ enum arm_exception_class {
20
#define TYPE_IMX25_GPT "imx25.gpt"
19
EC_SVEACCESSTRAP = 0x19,
21
#define TYPE_IMX31_GPT "imx31.gpt"
20
EC_ERETTRAP = 0x1a,
22
#define TYPE_IMX6_GPT "imx6.gpt"
21
EC_SMETRAP = 0x1d,
23
+#define TYPE_IMX6UL_GPT "imx6ul.gpt"
22
+ EC_GPC = 0x1e,
24
#define TYPE_IMX7_GPT "imx7.gpt"
23
EC_INSNABORT = 0x20,
25
24
EC_INSNABORT_SAME_EL = 0x21,
26
#define TYPE_IMX_GPT TYPE_IMX25_GPT
25
EC_PCALIGNMENT = 0x22,
27
diff --git a/hw/arm/fsl-imx6ul.c b/hw/arm/fsl-imx6ul.c
26
@@ -XXX,XX +XXX,XX @@ static inline uint32_t syn_bxjtrap(int cv, int cond, int rm)
28
index XXXXXXX..XXXXXXX 100644
27
(cv << 24) | (cond << 20) | rm;
29
--- a/hw/arm/fsl-imx6ul.c
30
+++ b/hw/arm/fsl-imx6ul.c
31
@@ -XXX,XX +XXX,XX @@ static void fsl_imx6ul_init(Object *obj)
32
*/
33
for (i = 0; i < FSL_IMX6UL_NUM_GPTS; i++) {
34
snprintf(name, NAME_SIZE, "gpt%d", i);
35
- object_initialize_child(obj, name, &s->gpt[i], TYPE_IMX7_GPT);
36
+ object_initialize_child(obj, name, &s->gpt[i], TYPE_IMX6UL_GPT);
37
}
38
39
/*
40
diff --git a/hw/misc/imx6ul_ccm.c b/hw/misc/imx6ul_ccm.c
41
index XXXXXXX..XXXXXXX 100644
42
--- a/hw/misc/imx6ul_ccm.c
43
+++ b/hw/misc/imx6ul_ccm.c
44
@@ -XXX,XX +XXX,XX @@ static uint32_t imx6ul_ccm_get_clock_frequency(IMXCCMState *dev, IMXClk clock)
45
case CLK_32k:
46
freq = CKIL_FREQ;
47
break;
48
- case CLK_HIGH:
49
- freq = CKIH_FREQ;
50
- break;
51
- case CLK_HIGH_DIV:
52
- freq = CKIH_FREQ / 8;
53
- break;
54
default:
55
qemu_log_mask(LOG_GUEST_ERROR, "[%s]%s: unsupported clock %d\n",
56
TYPE_IMX6UL_CCM, __func__, clock);
57
diff --git a/hw/timer/imx_gpt.c b/hw/timer/imx_gpt.c
58
index XXXXXXX..XXXXXXX 100644
59
--- a/hw/timer/imx_gpt.c
60
+++ b/hw/timer/imx_gpt.c
61
@@ -XXX,XX +XXX,XX @@ static const IMXClk imx6_gpt_clocks[] = {
62
CLK_HIGH, /* 111 reference clock */
63
};
64
65
+static const IMXClk imx6ul_gpt_clocks[] = {
66
+ CLK_NONE, /* 000 No clock source */
67
+ CLK_IPG, /* 001 ipg_clk, 532MHz*/
68
+ CLK_IPG_HIGH, /* 010 ipg_clk_highfreq */
69
+ CLK_EXT, /* 011 External clock */
70
+ CLK_32k, /* 100 ipg_clk_32k */
71
+ CLK_NONE, /* 101 not defined */
72
+ CLK_NONE, /* 110 not defined */
73
+ CLK_NONE, /* 111 not defined */
74
+};
75
+
76
static const IMXClk imx7_gpt_clocks[] = {
77
CLK_NONE, /* 000 No clock source */
78
CLK_IPG, /* 001 ipg_clk, 532MHz*/
79
@@ -XXX,XX +XXX,XX @@ static void imx6_gpt_init(Object *obj)
80
s->clocks = imx6_gpt_clocks;
81
}
28
}
82
29
83
+static void imx6ul_gpt_init(Object *obj)
30
+static inline uint32_t syn_gpc(int s2ptw, int ind, int gpcsc,
31
+ int cm, int s1ptw, int wnr, int fsc)
84
+{
32
+{
85
+ IMXGPTState *s = IMX_GPT(obj);
33
+ /* TODO: FEAT_NV2 adds VNCR */
86
+
34
+ return (EC_GPC << ARM_EL_EC_SHIFT) | ARM_EL_IL | (s2ptw << 21)
87
+ s->clocks = imx6ul_gpt_clocks;
35
+ | (ind << 20) | (gpcsc << 14) | (cm << 8) | (s1ptw << 7)
36
+ | (wnr << 6) | fsc;
88
+}
37
+}
89
+
38
+
90
static void imx7_gpt_init(Object *obj)
39
static inline uint32_t syn_insn_abort(int same_el, int ea, int s1ptw, int fsc)
91
{
40
{
92
IMXGPTState *s = IMX_GPT(obj);
41
return (EC_INSNABORT << ARM_EL_EC_SHIFT) | (same_el << ARM_EL_EC_SHIFT)
93
@@ -XXX,XX +XXX,XX @@ static const TypeInfo imx6_gpt_info = {
94
.instance_init = imx6_gpt_init,
95
};
96
97
+static const TypeInfo imx6ul_gpt_info = {
98
+ .name = TYPE_IMX6UL_GPT,
99
+ .parent = TYPE_IMX25_GPT,
100
+ .instance_init = imx6ul_gpt_init,
101
+};
102
+
103
static const TypeInfo imx7_gpt_info = {
104
.name = TYPE_IMX7_GPT,
105
.parent = TYPE_IMX25_GPT,
106
@@ -XXX,XX +XXX,XX @@ static void imx_gpt_register_types(void)
107
type_register_static(&imx25_gpt_info);
108
type_register_static(&imx31_gpt_info);
109
type_register_static(&imx6_gpt_info);
110
+ type_register_static(&imx6ul_gpt_info);
111
type_register_static(&imx7_gpt_info);
112
}
113
114
--
42
--
115
2.25.1
43
2.34.1
diff view generated by jsdifflib
1
From: Fabiano Rosas <farosas@suse.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Signed-off-by: Fabiano Rosas <farosas@suse.de>
3
Handle GPC Fault types in arm_deliver_fault, reporting as
4
Reviewed-by: Claudio Fontana <cfontana@suse.de>
4
either a GPC exception at EL3, or falling through to insn
5
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
5
or data aborts at various exception levels.
6
Message-id: 20221213190537.511-6-farosas@suse.de
6
7
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
9
Message-id: 20230620124418.805717-19-richard.henderson@linaro.org
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
11
---
9
target/arm/helper.c | 7 -------
12
target/arm/cpu.h | 1 +
10
1 file changed, 7 deletions(-)
13
target/arm/internals.h | 27 +++++++++++
14
target/arm/helper.c | 5 ++
15
target/arm/tcg/tlb_helper.c | 96 +++++++++++++++++++++++++++++++++++--
16
4 files changed, 126 insertions(+), 3 deletions(-)
11
17
18
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
19
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/cpu.h
21
+++ b/target/arm/cpu.h
22
@@ -XXX,XX +XXX,XX @@
23
#define EXCP_UNALIGNED 22 /* v7M UNALIGNED UsageFault */
24
#define EXCP_DIVBYZERO 23 /* v7M DIVBYZERO UsageFault */
25
#define EXCP_VSERR 24
26
+#define EXCP_GPC 25 /* v9 Granule Protection Check Fault */
27
/* NB: add new EXCP_ defines to the array in arm_log_exception() too */
28
29
#define ARMV7M_EXCP_RESET 1
30
diff --git a/target/arm/internals.h b/target/arm/internals.h
31
index XXXXXXX..XXXXXXX 100644
32
--- a/target/arm/internals.h
33
+++ b/target/arm/internals.h
34
@@ -XXX,XX +XXX,XX @@ typedef enum ARMFaultType {
35
ARMFault_ICacheMaint,
36
ARMFault_QEMU_NSCExec, /* v8M: NS executing in S&NSC memory */
37
ARMFault_QEMU_SFault, /* v8M: SecureFault INVTRAN, INVEP or AUVIOL */
38
+ ARMFault_GPCFOnWalk,
39
+ ARMFault_GPCFOnOutput,
40
} ARMFaultType;
41
42
+typedef enum ARMGPCF {
43
+ GPCF_None,
44
+ GPCF_AddressSize,
45
+ GPCF_Walk,
46
+ GPCF_EABT,
47
+ GPCF_Fail,
48
+} ARMGPCF;
49
+
50
/**
51
* ARMMMUFaultInfo: Information describing an ARM MMU Fault
52
* @type: Type of fault
53
+ * @gpcf: Subtype of ARMFault_GPCFOn{Walk,Output}.
54
* @level: Table walk level (for translation, access flag and permission faults)
55
* @domain: Domain of the fault address (for non-LPAE CPUs only)
56
* @s2addr: Address that caused a fault at stage 2
57
+ * @paddr: physical address that caused a fault for gpc
58
+ * @paddr_space: physical address space that caused a fault for gpc
59
* @stage2: True if we faulted at stage 2
60
* @s1ptw: True if we faulted at stage 2 while doing a stage 1 page-table walk
61
* @s1ns: True if we faulted on a non-secure IPA while in secure state
62
@@ -XXX,XX +XXX,XX @@ typedef enum ARMFaultType {
63
typedef struct ARMMMUFaultInfo ARMMMUFaultInfo;
64
struct ARMMMUFaultInfo {
65
ARMFaultType type;
66
+ ARMGPCF gpcf;
67
target_ulong s2addr;
68
+ target_ulong paddr;
69
+ ARMSecuritySpace paddr_space;
70
int level;
71
int domain;
72
bool stage2;
73
@@ -XXX,XX +XXX,XX @@ static inline uint32_t arm_fi_to_lfsc(ARMMMUFaultInfo *fi)
74
case ARMFault_Exclusive:
75
fsc = 0x35;
76
break;
77
+ case ARMFault_GPCFOnWalk:
78
+ assert(fi->level >= -1 && fi->level <= 3);
79
+ if (fi->level < 0) {
80
+ fsc = 0b100011;
81
+ } else {
82
+ fsc = 0b100100 | fi->level;
83
+ }
84
+ break;
85
+ case ARMFault_GPCFOnOutput:
86
+ fsc = 0b101000;
87
+ break;
88
default:
89
/* Other faults can't occur in a context that requires a
90
* long-format status code.
12
diff --git a/target/arm/helper.c b/target/arm/helper.c
91
diff --git a/target/arm/helper.c b/target/arm/helper.c
13
index XXXXXXX..XXXXXXX 100644
92
index XXXXXXX..XXXXXXX 100644
14
--- a/target/arm/helper.c
93
--- a/target/arm/helper.c
15
+++ b/target/arm/helper.c
94
+++ b/target/arm/helper.c
16
@@ -XXX,XX +XXX,XX @@
95
@@ -XXX,XX +XXX,XX @@ void arm_log_exception(CPUState *cs)
17
*/
96
[EXCP_UNALIGNED] = "v7M UNALIGNED UsageFault",
18
97
[EXCP_DIVBYZERO] = "v7M DIVBYZERO UsageFault",
19
#include "qemu/osdep.h"
98
[EXCP_VSERR] = "Virtual SERR",
20
-#include "qemu/units.h"
99
+ [EXCP_GPC] = "Granule Protection Check",
21
#include "qemu/log.h"
100
};
22
#include "trace.h"
101
23
#include "cpu.h"
102
if (idx >= 0 && idx < ARRAY_SIZE(excnames)) {
24
#include "internals.h"
103
@@ -XXX,XX +XXX,XX @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs)
25
#include "exec/helper-proto.h"
104
}
26
-#include "qemu/host-utils.h"
105
27
#include "qemu/main-loop.h"
106
switch (cs->exception_index) {
28
#include "qemu/timer.h"
107
+ case EXCP_GPC:
29
#include "qemu/bitops.h"
108
+ qemu_log_mask(CPU_LOG_INT, "...with MFAR 0x%" PRIx64 "\n",
30
@@ -XXX,XX +XXX,XX @@
109
+ env->cp15.mfar_el3);
31
#include "exec/exec-all.h"
110
+ /* fall through */
32
#include <zlib.h> /* For crc32 */
111
case EXCP_PREFETCH_ABORT:
33
#include "hw/irq.h"
112
case EXCP_DATA_ABORT:
34
-#include "semihosting/semihost.h"
113
/*
35
-#include "sysemu/cpus.h"
114
diff --git a/target/arm/tcg/tlb_helper.c b/target/arm/tcg/tlb_helper.c
36
#include "sysemu/cpu-timers.h"
115
index XXXXXXX..XXXXXXX 100644
37
#include "sysemu/kvm.h"
116
--- a/target/arm/tcg/tlb_helper.c
38
-#include "qemu/range.h"
117
+++ b/target/arm/tcg/tlb_helper.c
39
#include "qapi/qapi-commands-machine-target.h"
118
@@ -XXX,XX +XXX,XX @@ static uint32_t compute_fsr_fsc(CPUARMState *env, ARMMMUFaultInfo *fi,
40
#include "qapi/error.h"
119
return fsr;
41
#include "qemu/guest-random.h"
120
}
42
#ifdef CONFIG_TCG
121
43
-#include "arm_ldst.h"
122
+static bool report_as_gpc_exception(ARMCPU *cpu, int current_el,
44
-#include "exec/cpu_ldst.h"
123
+ ARMMMUFaultInfo *fi)
45
#include "semihosting/common-semi.h"
124
+{
46
#endif
125
+ bool ret;
47
#include "cpregs.h"
126
+
127
+ switch (fi->gpcf) {
128
+ case GPCF_None:
129
+ return false;
130
+ case GPCF_AddressSize:
131
+ case GPCF_Walk:
132
+ case GPCF_EABT:
133
+ /* R_PYTGX: GPT faults are reported as GPC. */
134
+ ret = true;
135
+ break;
136
+ case GPCF_Fail:
137
+ /*
138
+ * R_BLYPM: A GPF at EL3 is reported as insn or data abort.
139
+ * R_VBZMW, R_LXHQR: A GPF at EL[0-2] is reported as a GPC
140
+ * if SCR_EL3.GPF is set, otherwise an insn or data abort.
141
+ */
142
+ ret = (cpu->env.cp15.scr_el3 & SCR_GPF) && current_el != 3;
143
+ break;
144
+ default:
145
+ g_assert_not_reached();
146
+ }
147
+
148
+ assert(cpu_isar_feature(aa64_rme, cpu));
149
+ assert(fi->type == ARMFault_GPCFOnWalk ||
150
+ fi->type == ARMFault_GPCFOnOutput);
151
+ if (fi->gpcf == GPCF_AddressSize) {
152
+ assert(fi->level == 0);
153
+ } else {
154
+ assert(fi->level >= 0 && fi->level <= 1);
155
+ }
156
+
157
+ return ret;
158
+}
159
+
160
+static unsigned encode_gpcsc(ARMMMUFaultInfo *fi)
161
+{
162
+ static uint8_t const gpcsc[] = {
163
+ [GPCF_AddressSize] = 0b000000,
164
+ [GPCF_Walk] = 0b000100,
165
+ [GPCF_Fail] = 0b001100,
166
+ [GPCF_EABT] = 0b010100,
167
+ };
168
+
169
+ /* Note that we've validated fi->gpcf and fi->level above. */
170
+ return gpcsc[fi->gpcf] | fi->level;
171
+}
172
+
173
static G_NORETURN
174
void arm_deliver_fault(ARMCPU *cpu, vaddr addr,
175
MMUAccessType access_type,
176
int mmu_idx, ARMMMUFaultInfo *fi)
177
{
178
CPUARMState *env = &cpu->env;
179
- int target_el;
180
+ int target_el = exception_target_el(env);
181
+ int current_el = arm_current_el(env);
182
bool same_el;
183
uint32_t syn, exc, fsr, fsc;
184
185
- target_el = exception_target_el(env);
186
+ if (report_as_gpc_exception(cpu, current_el, fi)) {
187
+ target_el = 3;
188
+
189
+ fsr = compute_fsr_fsc(env, fi, target_el, mmu_idx, &fsc);
190
+
191
+ syn = syn_gpc(fi->stage2 && fi->type == ARMFault_GPCFOnWalk,
192
+ access_type == MMU_INST_FETCH,
193
+ encode_gpcsc(fi), 0, fi->s1ptw,
194
+ access_type == MMU_DATA_STORE, fsc);
195
+
196
+ env->cp15.mfar_el3 = fi->paddr;
197
+ switch (fi->paddr_space) {
198
+ case ARMSS_Secure:
199
+ break;
200
+ case ARMSS_NonSecure:
201
+ env->cp15.mfar_el3 |= R_MFAR_NS_MASK;
202
+ break;
203
+ case ARMSS_Root:
204
+ env->cp15.mfar_el3 |= R_MFAR_NSE_MASK;
205
+ break;
206
+ case ARMSS_Realm:
207
+ env->cp15.mfar_el3 |= R_MFAR_NSE_MASK | R_MFAR_NS_MASK;
208
+ break;
209
+ default:
210
+ g_assert_not_reached();
211
+ }
212
+
213
+ exc = EXCP_GPC;
214
+ goto do_raise;
215
+ }
216
+
217
+ /* If SCR_EL3.GPF is unset, GPF may still be routed to EL2. */
218
+ if (fi->gpcf == GPCF_Fail && target_el < 2) {
219
+ if (arm_hcr_el2_eff(env) & HCR_GPF) {
220
+ target_el = 2;
221
+ }
222
+ }
223
+
224
if (fi->stage2) {
225
target_el = 2;
226
env->cp15.hpfar_el2 = extract64(fi->s2addr, 12, 47) << 4;
227
@@ -XXX,XX +XXX,XX @@ void arm_deliver_fault(ARMCPU *cpu, vaddr addr,
228
env->cp15.hpfar_el2 |= HPFAR_NS;
229
}
230
}
231
- same_el = (arm_current_el(env) == target_el);
232
233
+ same_el = current_el == target_el;
234
fsr = compute_fsr_fsc(env, fi, target_el, mmu_idx, &fsc);
235
236
if (access_type == MMU_INST_FETCH) {
237
@@ -XXX,XX +XXX,XX @@ void arm_deliver_fault(ARMCPU *cpu, vaddr addr,
238
exc = EXCP_DATA_ABORT;
239
}
240
241
+ do_raise:
242
env->exception.vaddress = addr;
243
env->exception.fsr = fsr;
244
raise_exception(env, exc, syn, target_el);
48
--
245
--
49
2.25.1
246
2.34.1
diff view generated by jsdifflib
1
From: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
ARMv8-R AArch32 CPUs behave as if TTBCR.EAE is always 1 even
3
Place the check at the end of get_phys_addr_with_struct,
4
tough they don't have the TTBCR register.
4
so that we check all physical results.
5
See ARM Architecture Reference Manual Supplement - ARMv8, for the ARMv8-R
6
AArch32 architecture profile Version:A.c section C1.2.
7
5
8
Signed-off-by: Tobias Röhmel <tobias.roehmel@rwth-aachen.de>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Message-id: 20221206102504.165775-5-tobias.roehmel@rwth-aachen.de
7
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
8
Message-id: 20230620124418.805717-20-richard.henderson@linaro.org
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
12
---
10
---
13
target/arm/internals.h | 4 ++++
11
target/arm/ptw.c | 249 +++++++++++++++++++++++++++++++++++++++++++----
14
target/arm/debug_helper.c | 3 +++
12
1 file changed, 232 insertions(+), 17 deletions(-)
15
target/arm/tlb_helper.c | 4 ++++
16
3 files changed, 11 insertions(+)
17
13
18
diff --git a/target/arm/internals.h b/target/arm/internals.h
14
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
19
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
20
--- a/target/arm/internals.h
16
--- a/target/arm/ptw.c
21
+++ b/target/arm/internals.h
17
+++ b/target/arm/ptw.c
22
@@ -XXX,XX +XXX,XX @@ unsigned int arm_pamax(ARMCPU *cpu);
18
@@ -XXX,XX +XXX,XX @@ typedef struct S1Translate {
23
static inline bool extended_addresses_enabled(CPUARMState *env)
19
void *out_host;
20
} S1Translate;
21
22
-static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
23
- target_ulong address,
24
- MMUAccessType access_type,
25
- GetPhysAddrResult *result,
26
- ARMMMUFaultInfo *fi);
27
+static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
28
+ target_ulong address,
29
+ MMUAccessType access_type,
30
+ GetPhysAddrResult *result,
31
+ ARMMMUFaultInfo *fi);
32
+
33
+static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
34
+ target_ulong address,
35
+ MMUAccessType access_type,
36
+ GetPhysAddrResult *result,
37
+ ARMMMUFaultInfo *fi);
38
39
/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
40
static const uint8_t pamax_map[] = {
41
@@ -XXX,XX +XXX,XX @@ static bool regime_translation_disabled(CPUARMState *env, ARMMMUIdx mmu_idx,
42
return (regime_sctlr(env, mmu_idx) & SCTLR_M) == 0;
43
}
44
45
+static bool granule_protection_check(CPUARMState *env, uint64_t paddress,
46
+ ARMSecuritySpace pspace,
47
+ ARMMMUFaultInfo *fi)
48
+{
49
+ MemTxAttrs attrs = {
50
+ .secure = true,
51
+ .space = ARMSS_Root,
52
+ };
53
+ ARMCPU *cpu = env_archcpu(env);
54
+ uint64_t gpccr = env->cp15.gpccr_el3;
55
+ unsigned pps, pgs, l0gptsz, level = 0;
56
+ uint64_t tableaddr, pps_mask, align, entry, index;
57
+ AddressSpace *as;
58
+ MemTxResult result;
59
+ int gpi;
60
+
61
+ if (!FIELD_EX64(gpccr, GPCCR, GPC)) {
62
+ return true;
63
+ }
64
+
65
+ /*
66
+ * GPC Priority 1 (R_GMGRR):
67
+ * R_JWCSM: If the configuration of GPCCR_EL3 is invalid,
68
+ * the access fails as GPT walk fault at level 0.
69
+ */
70
+
71
+ /*
72
+ * Configuration of PPS to a value exceeding the implemented
73
+ * physical address size is invalid.
74
+ */
75
+ pps = FIELD_EX64(gpccr, GPCCR, PPS);
76
+ if (pps > FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE)) {
77
+ goto fault_walk;
78
+ }
79
+ pps = pamax_map[pps];
80
+ pps_mask = MAKE_64BIT_MASK(0, pps);
81
+
82
+ switch (FIELD_EX64(gpccr, GPCCR, SH)) {
83
+ case 0b10: /* outer shareable */
84
+ break;
85
+ case 0b00: /* non-shareable */
86
+ case 0b11: /* inner shareable */
87
+ /* Inner and Outer non-cacheable requires Outer shareable. */
88
+ if (FIELD_EX64(gpccr, GPCCR, ORGN) == 0 &&
89
+ FIELD_EX64(gpccr, GPCCR, IRGN) == 0) {
90
+ goto fault_walk;
91
+ }
92
+ break;
93
+ default: /* reserved */
94
+ goto fault_walk;
95
+ }
96
+
97
+ switch (FIELD_EX64(gpccr, GPCCR, PGS)) {
98
+ case 0b00: /* 4KB */
99
+ pgs = 12;
100
+ break;
101
+ case 0b01: /* 64KB */
102
+ pgs = 16;
103
+ break;
104
+ case 0b10: /* 16KB */
105
+ pgs = 14;
106
+ break;
107
+ default: /* reserved */
108
+ goto fault_walk;
109
+ }
110
+
111
+ /* Note this field is read-only and fixed at reset. */
112
+ l0gptsz = 30 + FIELD_EX64(gpccr, GPCCR, L0GPTSZ);
113
+
114
+ /*
115
+ * GPC Priority 2: Secure, Realm or Root address exceeds PPS.
116
+ * R_CPDSB: A NonSecure physical address input exceeding PPS
117
+ * does not experience any fault.
118
+ */
119
+ if (paddress & ~pps_mask) {
120
+ if (pspace == ARMSS_NonSecure) {
121
+ return true;
122
+ }
123
+ goto fault_size;
124
+ }
125
+
126
+ /* GPC Priority 3: the base address of GPTBR_EL3 exceeds PPS. */
127
+ tableaddr = env->cp15.gptbr_el3 << 12;
128
+ if (tableaddr & ~pps_mask) {
129
+ goto fault_size;
130
+ }
131
+
132
+ /*
133
+ * BADDR is aligned per a function of PPS and L0GPTSZ.
134
+ * These bits of GPTBR_EL3 are RES0, but are not a configuration error,
135
+ * unlike the RES0 bits of the GPT entries (R_XNKFZ).
136
+ */
137
+ align = MAX(pps - l0gptsz + 3, 12);
138
+ align = MAKE_64BIT_MASK(0, align);
139
+ tableaddr &= ~align;
140
+
141
+ as = arm_addressspace(env_cpu(env), attrs);
142
+
143
+ /* Level 0 lookup. */
144
+ index = extract64(paddress, l0gptsz, pps - l0gptsz);
145
+ tableaddr += index * 8;
146
+ entry = address_space_ldq_le(as, tableaddr, attrs, &result);
147
+ if (result != MEMTX_OK) {
148
+ goto fault_eabt;
149
+ }
150
+
151
+ switch (extract32(entry, 0, 4)) {
152
+ case 1: /* block descriptor */
153
+ if (entry >> 8) {
154
+ goto fault_walk; /* RES0 bits not 0 */
155
+ }
156
+ gpi = extract32(entry, 4, 4);
157
+ goto found;
158
+ case 3: /* table descriptor */
159
+ tableaddr = entry & ~0xf;
160
+ align = MAX(l0gptsz - pgs - 1, 12);
161
+ align = MAKE_64BIT_MASK(0, align);
162
+ if (tableaddr & (~pps_mask | align)) {
163
+ goto fault_walk; /* RES0 bits not 0 */
164
+ }
165
+ break;
166
+ default: /* invalid */
167
+ goto fault_walk;
168
+ }
169
+
170
+ /* Level 1 lookup */
171
+ level = 1;
172
+ index = extract64(paddress, pgs + 4, l0gptsz - pgs - 4);
173
+ tableaddr += index * 8;
174
+ entry = address_space_ldq_le(as, tableaddr, attrs, &result);
175
+ if (result != MEMTX_OK) {
176
+ goto fault_eabt;
177
+ }
178
+
179
+ switch (extract32(entry, 0, 4)) {
180
+ case 1: /* contiguous descriptor */
181
+ if (entry >> 10) {
182
+ goto fault_walk; /* RES0 bits not 0 */
183
+ }
184
+ /*
185
+ * Because the softmmu tlb only works on units of TARGET_PAGE_SIZE,
186
+ * and because we cannot invalidate by pa, and thus will always
187
+ * flush entire tlbs, we don't actually care about the range here
188
+ * and can simply extract the GPI as the result.
189
+ */
190
+ if (extract32(entry, 8, 2) == 0) {
191
+ goto fault_walk; /* reserved contig */
192
+ }
193
+ gpi = extract32(entry, 4, 4);
194
+ break;
195
+ default:
196
+ index = extract64(paddress, pgs, 4);
197
+ gpi = extract64(entry, index * 4, 4);
198
+ break;
199
+ }
200
+
201
+ found:
202
+ switch (gpi) {
203
+ case 0b0000: /* no access */
204
+ break;
205
+ case 0b1111: /* all access */
206
+ return true;
207
+ case 0b1000:
208
+ case 0b1001:
209
+ case 0b1010:
210
+ case 0b1011:
211
+ if (pspace == (gpi & 3)) {
212
+ return true;
213
+ }
214
+ break;
215
+ default:
216
+ goto fault_walk; /* reserved */
217
+ }
218
+
219
+ fi->gpcf = GPCF_Fail;
220
+ goto fault_common;
221
+ fault_eabt:
222
+ fi->gpcf = GPCF_EABT;
223
+ goto fault_common;
224
+ fault_size:
225
+ fi->gpcf = GPCF_AddressSize;
226
+ goto fault_common;
227
+ fault_walk:
228
+ fi->gpcf = GPCF_Walk;
229
+ fault_common:
230
+ fi->level = level;
231
+ fi->paddr = paddress;
232
+ fi->paddr_space = pspace;
233
+ return false;
234
+}
235
+
236
static bool S2_attrs_are_device(uint64_t hcr, uint8_t attrs)
24
{
237
{
25
uint64_t tcr = env->cp15.tcr_el[arm_is_secure(env) ? 3 : 1];
238
/*
26
+ if (arm_feature(env, ARM_FEATURE_PMSA) &&
239
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
27
+ arm_feature(env, ARM_FEATURE_V8)) {
240
};
241
GetPhysAddrResult s2 = { };
242
243
- if (get_phys_addr_with_struct(env, &s2ptw, addr,
244
- MMU_DATA_LOAD, &s2, fi)) {
245
+ if (get_phys_addr_gpc(env, &s2ptw, addr, MMU_DATA_LOAD, &s2, fi)) {
246
goto fail;
247
}
248
+
249
ptw->out_phys = s2.f.phys_addr;
250
pte_attrs = s2.cacheattrs.attrs;
251
ptw->out_host = NULL;
252
@@ -XXX,XX +XXX,XX @@ static bool S1_ptw_translate(CPUARMState *env, S1Translate *ptw,
253
254
fail:
255
assert(fi->type != ARMFault_None);
256
+ if (fi->type == ARMFault_GPCFOnOutput) {
257
+ fi->type = ARMFault_GPCFOnWalk;
258
+ }
259
fi->s2addr = addr;
260
fi->stage2 = true;
261
fi->s1ptw = true;
262
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
263
ARMMMUFaultInfo *fi)
264
{
265
uint8_t memattr = 0x00; /* Device nGnRnE */
266
- uint8_t shareability = 0; /* non-sharable */
267
+ uint8_t shareability = 0; /* non-shareable */
268
int r_el;
269
270
switch (mmu_idx) {
271
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_disabled(CPUARMState *env, target_ulong address,
272
} else {
273
memattr = 0x44; /* Normal, NC, No */
274
}
275
- shareability = 2; /* outer sharable */
276
+ shareability = 2; /* outer shareable */
277
}
278
result->cacheattrs.is_s2_format = false;
279
break;
280
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
281
ARMSecuritySpace ipa_space;
282
uint64_t hcr;
283
284
- ret = get_phys_addr_with_struct(env, ptw, address, access_type, result, fi);
285
+ ret = get_phys_addr_nogpc(env, ptw, address, access_type, result, fi);
286
287
/* If S1 fails, return early. */
288
if (ret) {
289
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
290
cacheattrs1 = result->cacheattrs;
291
memset(result, 0, sizeof(*result));
292
293
- ret = get_phys_addr_with_struct(env, ptw, ipa, access_type, result, fi);
294
+ ret = get_phys_addr_nogpc(env, ptw, ipa, access_type, result, fi);
295
fi->s2addr = ipa;
296
297
/* Combine the S1 and S2 perms. */
298
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_twostage(CPUARMState *env, S1Translate *ptw,
299
return false;
300
}
301
302
-static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
303
+static bool get_phys_addr_nogpc(CPUARMState *env, S1Translate *ptw,
304
target_ulong address,
305
MMUAccessType access_type,
306
GetPhysAddrResult *result,
307
@@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_with_struct(CPUARMState *env, S1Translate *ptw,
308
}
309
}
310
311
+static bool get_phys_addr_gpc(CPUARMState *env, S1Translate *ptw,
312
+ target_ulong address,
313
+ MMUAccessType access_type,
314
+ GetPhysAddrResult *result,
315
+ ARMMMUFaultInfo *fi)
316
+{
317
+ if (get_phys_addr_nogpc(env, ptw, address, access_type, result, fi)) {
28
+ return true;
318
+ return true;
29
+ }
319
+ }
30
return arm_el_is_aa64(env, 1) ||
320
+ if (!granule_protection_check(env, result->f.phys_addr,
31
(arm_feature(env, ARM_FEATURE_LPAE) && (tcr & TTBCR_EAE));
321
+ result->f.attrs.space, fi)) {
32
}
322
+ fi->type = ARMFault_GPCFOnOutput;
33
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
34
index XXXXXXX..XXXXXXX 100644
35
--- a/target/arm/debug_helper.c
36
+++ b/target/arm/debug_helper.c
37
@@ -XXX,XX +XXX,XX @@ static uint32_t arm_debug_exception_fsr(CPUARMState *env)
38
39
if (target_el == 2 || arm_el_is_aa64(env, target_el)) {
40
using_lpae = true;
41
+ } else if (arm_feature(env, ARM_FEATURE_PMSA) &&
42
+ arm_feature(env, ARM_FEATURE_V8)) {
43
+ using_lpae = true;
44
} else {
45
if (arm_feature(env, ARM_FEATURE_LPAE) &&
46
(env->cp15.tcr_el[target_el] & TTBCR_EAE)) {
47
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
48
index XXXXXXX..XXXXXXX 100644
49
--- a/target/arm/tlb_helper.c
50
+++ b/target/arm/tlb_helper.c
51
@@ -XXX,XX +XXX,XX @@ bool regime_using_lpae_format(CPUARMState *env, ARMMMUIdx mmu_idx)
52
if (el == 2 || arm_el_is_aa64(env, el)) {
53
return true;
54
}
55
+ if (arm_feature(env, ARM_FEATURE_PMSA) &&
56
+ arm_feature(env, ARM_FEATURE_V8)) {
57
+ return true;
323
+ return true;
58
+ }
324
+ }
59
if (arm_feature(env, ARM_FEATURE_LPAE)
325
+ return false;
60
&& (regime_tcr(env, mmu_idx) & TTBCR_EAE)) {
326
+}
61
return true;
327
+
328
bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
329
MMUAccessType access_type, ARMMMUIdx mmu_idx,
330
bool is_secure, GetPhysAddrResult *result,
331
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr_with_secure(CPUARMState *env, target_ulong address,
332
.in_secure = is_secure,
333
.in_space = arm_secure_to_space(is_secure),
334
};
335
- return get_phys_addr_with_struct(env, &ptw, address, access_type,
336
- result, fi);
337
+ return get_phys_addr_gpc(env, &ptw, address, access_type, result, fi);
338
}
339
340
bool get_phys_addr(CPUARMState *env, target_ulong address,
341
@@ -XXX,XX +XXX,XX @@ bool get_phys_addr(CPUARMState *env, target_ulong address,
342
343
ptw.in_space = ss;
344
ptw.in_secure = arm_space_is_secure(ss);
345
- return get_phys_addr_with_struct(env, &ptw, address, access_type,
346
- result, fi);
347
+ return get_phys_addr_gpc(env, &ptw, address, access_type, result, fi);
348
}
349
350
hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
351
@@ -XXX,XX +XXX,XX @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
352
ARMMMUFaultInfo fi = {};
353
bool ret;
354
355
- ret = get_phys_addr_with_struct(env, &ptw, addr, MMU_DATA_LOAD, &res, &fi);
356
+ ret = get_phys_addr_gpc(env, &ptw, addr, MMU_DATA_LOAD, &res, &fi);
357
*attrs = res.f.attrs;
358
359
if (ret) {
62
--
360
--
63
2.25.1
361
2.34.1
64
65
diff view generated by jsdifflib
1
From: Axel Heider <axel.heider@hensoldt.net>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
3
Add an x-rme cpu property to enable FEAT_RME.
4
Add an x-l0gptsz property to set GPCCR_EL3.L0GPTSZ,
5
for testing various possible configurations.
6
7
We're not currently completely sure whether FEAT_RME will
8
be OK to enable purely as a CPU-level property, or if it will
9
need board co-operation, so we're making these experimental
10
x- properties, so that the people developing the system
11
level software for RME can try to start using this and let
12
us know how it goes. The command line syntax for enabling
13
this will change in future, without backwards-compatibility.
14
15
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
16
Message-id: 20230620124418.805717-21-richard.henderson@linaro.org
4
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
17
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
---
19
---
7
hw/timer/imx_epit.c | 215 ++++++++++++++++++++++++--------------------
20
target/arm/tcg/cpu64.c | 53 ++++++++++++++++++++++++++++++++++++++++++
8
1 file changed, 117 insertions(+), 98 deletions(-)
21
1 file changed, 53 insertions(+)
9
22
10
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
23
diff --git a/target/arm/tcg/cpu64.c b/target/arm/tcg/cpu64.c
11
index XXXXXXX..XXXXXXX 100644
24
index XXXXXXX..XXXXXXX 100644
12
--- a/hw/timer/imx_epit.c
25
--- a/target/arm/tcg/cpu64.c
13
+++ b/hw/timer/imx_epit.c
26
+++ b/target/arm/tcg/cpu64.c
14
@@ -XXX,XX +XXX,XX @@ static void imx_epit_reload_compare_timer(IMXEPITState *s)
27
@@ -XXX,XX +XXX,XX @@ static void cpu_max_set_sve_max_vq(Object *obj, Visitor *v, const char *name,
15
}
28
cpu->sve_max_vq = max_vq;
16
}
29
}
17
30
18
+static void imx_epit_write_cr(IMXEPITState *s, uint32_t value)
31
+static bool cpu_arm_get_rme(Object *obj, Error **errp)
19
+{
32
+{
20
+ uint32_t oldcr = s->cr;
33
+ ARMCPU *cpu = ARM_CPU(obj);
34
+ return cpu_isar_feature(aa64_rme, cpu);
35
+}
21
+
36
+
22
+ s->cr = value & 0x03ffffff;
37
+static void cpu_arm_set_rme(Object *obj, bool value, Error **errp)
38
+{
39
+ ARMCPU *cpu = ARM_CPU(obj);
40
+ uint64_t t;
23
+
41
+
24
+ if (s->cr & CR_SWR) {
42
+ t = cpu->isar.id_aa64pfr0;
25
+ /* handle the reset */
43
+ t = FIELD_DP64(t, ID_AA64PFR0, RME, value);
26
+ imx_epit_reset(s, false);
44
+ cpu->isar.id_aa64pfr0 = t;
45
+}
46
+
47
+static void cpu_max_set_l0gptsz(Object *obj, Visitor *v, const char *name,
48
+ void *opaque, Error **errp)
49
+{
50
+ ARMCPU *cpu = ARM_CPU(obj);
51
+ uint32_t value;
52
+
53
+ if (!visit_type_uint32(v, name, &value, errp)) {
54
+ return;
27
+ }
55
+ }
28
+
56
+
29
+ /*
57
+ /* Encode the value for the GPCCR_EL3 field. */
30
+ * The interrupt state can change due to:
58
+ switch (value) {
31
+ * - reset clears both SR.OCIF and CR.OCIE
59
+ case 30:
32
+ * - write to CR.EN or CR.OCIE
60
+ case 34:
33
+ */
61
+ case 36:
34
+ imx_epit_update_int(s);
62
+ case 39:
35
+
63
+ cpu->reset_l0gptsz = value - 30;
36
+ /*
64
+ break;
37
+ * TODO: could we 'break' here for reset? following operations appear
65
+ default:
38
+ * to duplicate the work imx_epit_reset() already did.
66
+ error_setg(errp, "invalid value for l0gptsz");
39
+ */
67
+ error_append_hint(errp, "valid values are 30, 34, 36, 39\n");
40
+
68
+ break;
41
+ ptimer_transaction_begin(s->timer_cmp);
42
+ ptimer_transaction_begin(s->timer_reload);
43
+
44
+ /* Update the frequency. Has been done already in case of a reset. */
45
+ if (!(s->cr & CR_SWR)) {
46
+ imx_epit_set_freq(s);
47
+ }
48
+
49
+ if (s->freq && (s->cr & CR_EN) && !(oldcr & CR_EN)) {
50
+ if (s->cr & CR_ENMOD) {
51
+ if (s->cr & CR_RLD) {
52
+ ptimer_set_limit(s->timer_reload, s->lr, 1);
53
+ ptimer_set_limit(s->timer_cmp, s->lr, 1);
54
+ } else {
55
+ ptimer_set_limit(s->timer_reload, EPIT_TIMER_MAX, 1);
56
+ ptimer_set_limit(s->timer_cmp, EPIT_TIMER_MAX, 1);
57
+ }
58
+ }
59
+
60
+ imx_epit_reload_compare_timer(s);
61
+ ptimer_run(s->timer_reload, 0);
62
+ if (s->cr & CR_OCIEN) {
63
+ ptimer_run(s->timer_cmp, 0);
64
+ } else {
65
+ ptimer_stop(s->timer_cmp);
66
+ }
67
+ } else if (!(s->cr & CR_EN)) {
68
+ /* stop both timers */
69
+ ptimer_stop(s->timer_reload);
70
+ ptimer_stop(s->timer_cmp);
71
+ } else if (s->cr & CR_OCIEN) {
72
+ if (!(oldcr & CR_OCIEN)) {
73
+ imx_epit_reload_compare_timer(s);
74
+ ptimer_run(s->timer_cmp, 0);
75
+ }
76
+ } else {
77
+ ptimer_stop(s->timer_cmp);
78
+ }
79
+
80
+ ptimer_transaction_commit(s->timer_cmp);
81
+ ptimer_transaction_commit(s->timer_reload);
82
+}
83
+
84
+static void imx_epit_write_sr(IMXEPITState *s, uint32_t value)
85
+{
86
+ /* writing 1 to SR.OCIF clears this bit and turns the interrupt off */
87
+ if (value & SR_OCIF) {
88
+ s->sr = 0; /* SR.OCIF is the only bit in this register anyway */
89
+ imx_epit_update_int(s);
90
+ }
69
+ }
91
+}
70
+}
92
+
71
+
93
+static void imx_epit_write_lr(IMXEPITState *s, uint32_t value)
72
+static void cpu_max_get_l0gptsz(Object *obj, Visitor *v, const char *name,
73
+ void *opaque, Error **errp)
94
+{
74
+{
95
+ s->lr = value;
75
+ ARMCPU *cpu = ARM_CPU(obj);
76
+ uint32_t value = cpu->reset_l0gptsz + 30;
96
+
77
+
97
+ ptimer_transaction_begin(s->timer_cmp);
78
+ visit_type_uint32(v, name, &value, errp);
98
+ ptimer_transaction_begin(s->timer_reload);
99
+ if (s->cr & CR_RLD) {
100
+ /* Also set the limit if the LRD bit is set */
101
+ /* If IOVW bit is set then set the timer value */
102
+ ptimer_set_limit(s->timer_reload, s->lr, s->cr & CR_IOVW);
103
+ ptimer_set_limit(s->timer_cmp, s->lr, 0);
104
+ } else if (s->cr & CR_IOVW) {
105
+ /* If IOVW bit is set then set the timer value */
106
+ ptimer_set_count(s->timer_reload, s->lr);
107
+ }
108
+ /*
109
+ * Commit the change to s->timer_reload, so it can propagate. Otherwise
110
+ * the timer interrupt may not fire properly. The commit must happen
111
+ * before calling imx_epit_reload_compare_timer(), which reads
112
+ * s->timer_reload internally again.
113
+ */
114
+ ptimer_transaction_commit(s->timer_reload);
115
+ imx_epit_reload_compare_timer(s);
116
+ ptimer_transaction_commit(s->timer_cmp);
117
+}
79
+}
118
+
80
+
119
+static void imx_epit_write_cmp(IMXEPITState *s, uint32_t value)
81
static Property arm_cpu_lpa2_property =
120
+{
82
DEFINE_PROP_BOOL("lpa2", ARMCPU, prop_lpa2, true);
121
+ s->cmp = value;
83
122
+
84
@@ -XXX,XX +XXX,XX @@ void aarch64_max_tcg_initfn(Object *obj)
123
+ ptimer_transaction_begin(s->timer_cmp);
85
aarch64_add_sme_properties(obj);
124
+ imx_epit_reload_compare_timer(s);
86
object_property_add(obj, "sve-max-vq", "uint32", cpu_max_get_sve_max_vq,
125
+ ptimer_transaction_commit(s->timer_cmp);
87
cpu_max_set_sve_max_vq, NULL, NULL);
126
+}
88
+ object_property_add_bool(obj, "x-rme", cpu_arm_get_rme, cpu_arm_set_rme);
127
+
89
+ object_property_add(obj, "x-l0gptsz", "uint32", cpu_max_get_l0gptsz,
128
static void imx_epit_write(void *opaque, hwaddr offset, uint64_t value,
90
+ cpu_max_set_l0gptsz, NULL, NULL);
129
unsigned size)
91
qdev_property_add_static(DEVICE(obj), &arm_cpu_lpa2_property);
130
{
131
IMXEPITState *s = IMX_EPIT(opaque);
132
- uint64_t oldcr;
133
134
DPRINTF("(%s, value = 0x%08x)\n", imx_epit_reg_name(offset >> 2),
135
(uint32_t)value);
136
137
switch (offset >> 2) {
138
case 0: /* CR */
139
-
140
- oldcr = s->cr;
141
- s->cr = value & 0x03ffffff;
142
- if (s->cr & CR_SWR) {
143
- /* handle the reset */
144
- imx_epit_reset(s, false);
145
- }
146
-
147
- /*
148
- * The interrupt state can change due to:
149
- * - reset clears both SR.OCIF and CR.OCIE
150
- * - write to CR.EN or CR.OCIE
151
- */
152
- imx_epit_update_int(s);
153
-
154
- /*
155
- * TODO: could we 'break' here for reset? following operations appear
156
- * to duplicate the work imx_epit_reset() already did.
157
- */
158
-
159
- ptimer_transaction_begin(s->timer_cmp);
160
- ptimer_transaction_begin(s->timer_reload);
161
-
162
- /* Update the frequency. Has been done already in case of a reset. */
163
- if (!(s->cr & CR_SWR)) {
164
- imx_epit_set_freq(s);
165
- }
166
-
167
- if (s->freq && (s->cr & CR_EN) && !(oldcr & CR_EN)) {
168
- if (s->cr & CR_ENMOD) {
169
- if (s->cr & CR_RLD) {
170
- ptimer_set_limit(s->timer_reload, s->lr, 1);
171
- ptimer_set_limit(s->timer_cmp, s->lr, 1);
172
- } else {
173
- ptimer_set_limit(s->timer_reload, EPIT_TIMER_MAX, 1);
174
- ptimer_set_limit(s->timer_cmp, EPIT_TIMER_MAX, 1);
175
- }
176
- }
177
-
178
- imx_epit_reload_compare_timer(s);
179
- ptimer_run(s->timer_reload, 0);
180
- if (s->cr & CR_OCIEN) {
181
- ptimer_run(s->timer_cmp, 0);
182
- } else {
183
- ptimer_stop(s->timer_cmp);
184
- }
185
- } else if (!(s->cr & CR_EN)) {
186
- /* stop both timers */
187
- ptimer_stop(s->timer_reload);
188
- ptimer_stop(s->timer_cmp);
189
- } else if (s->cr & CR_OCIEN) {
190
- if (!(oldcr & CR_OCIEN)) {
191
- imx_epit_reload_compare_timer(s);
192
- ptimer_run(s->timer_cmp, 0);
193
- }
194
- } else {
195
- ptimer_stop(s->timer_cmp);
196
- }
197
-
198
- ptimer_transaction_commit(s->timer_cmp);
199
- ptimer_transaction_commit(s->timer_reload);
200
+ imx_epit_write_cr(s, (uint32_t)value);
201
break;
202
203
- case 1: /* SR - ACK*/
204
- /* writing 1 to SR.OCIF clears this bit and turns the interrupt off */
205
- if (value & SR_OCIF) {
206
- s->sr = 0; /* SR.OCIF is the only bit in this register anyway */
207
- imx_epit_update_int(s);
208
- }
209
+ case 1: /* SR */
210
+ imx_epit_write_sr(s, (uint32_t)value);
211
break;
212
213
- case 2: /* LR - set ticks */
214
- s->lr = value;
215
-
216
- ptimer_transaction_begin(s->timer_cmp);
217
- ptimer_transaction_begin(s->timer_reload);
218
- if (s->cr & CR_RLD) {
219
- /* Also set the limit if the LRD bit is set */
220
- /* If IOVW bit is set then set the timer value */
221
- ptimer_set_limit(s->timer_reload, s->lr, s->cr & CR_IOVW);
222
- ptimer_set_limit(s->timer_cmp, s->lr, 0);
223
- } else if (s->cr & CR_IOVW) {
224
- /* If IOVW bit is set then set the timer value */
225
- ptimer_set_count(s->timer_reload, s->lr);
226
- }
227
- /*
228
- * Commit the change to s->timer_reload, so it can propagate. Otherwise
229
- * the timer interrupt may not fire properly. The commit must happen
230
- * before calling imx_epit_reload_compare_timer(), which reads
231
- * s->timer_reload internally again.
232
- */
233
- ptimer_transaction_commit(s->timer_reload);
234
- imx_epit_reload_compare_timer(s);
235
- ptimer_transaction_commit(s->timer_cmp);
236
+ case 2: /* LR */
237
+ imx_epit_write_lr(s, (uint32_t)value);
238
break;
239
240
case 3: /* CMP */
241
- s->cmp = value;
242
-
243
- ptimer_transaction_begin(s->timer_cmp);
244
- imx_epit_reload_compare_timer(s);
245
- ptimer_transaction_commit(s->timer_cmp);
246
-
247
+ imx_epit_write_cmp(s, (uint32_t)value);
248
break;
249
250
default:
251
qemu_log_mask(LOG_GUEST_ERROR, "[%s]%s: Bad register at offset 0x%"
252
HWADDR_PRIx "\n", TYPE_IMX_EPIT, __func__, offset);
253
-
254
break;
255
}
256
}
92
}
257
+
93
258
static void imx_epit_cmp(void *opaque)
259
{
260
IMXEPITState *s = IMX_EPIT(opaque);
261
--
94
--
262
2.25.1
95
2.34.1
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <philmd@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
When using Clang ("Apple clang version 14.0.0 (clang-1400.0.29.202)")
3
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
4
and building with -Wall we get:
4
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
5
5
Message-id: 20230622143046.1578160-1-richard.henderson@linaro.org
6
hw/arm/smmu-common.c:173:33: warning: static function 'smmu_hash_remove_by_asid_iova' is used in an inline function with external linkage [-Wstatic-in-inline]
6
[PMM: fixed typo; note experimental status in emulation.rst too]
7
hw/arm/smmu-common.h:170:1: note: use 'static' to give inline function 'smmu_iotlb_inv_iova' internal linkage
8
void smmu_iotlb_inv_iova(SMMUState *s, int asid, dma_addr_t iova,
9
^
10
static
11
12
None of our code base require / use inlined functions with external
13
linkage. Some places use internal inlining in the hot path. These
14
two functions are certainly not in any hot path and don't justify
15
any inlining, so these are likely oversights rather than intentional.
16
17
Reported-by: Stefan Weil <sw@weilnetz.de>
18
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
19
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
20
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
21
Reviewed-by: Eric Auger <eric.auger@redhat.com>
22
Message-id: 20221216214924.4711-3-philmd@linaro.org
23
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
24
---
8
---
25
hw/arm/smmu-common.c | 13 ++++++-------
9
docs/system/arm/cpu-features.rst | 23 +++++++++++++++++++++++
26
1 file changed, 6 insertions(+), 7 deletions(-)
10
docs/system/arm/emulation.rst | 1 +
11
2 files changed, 24 insertions(+)
27
12
28
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
13
diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
29
index XXXXXXX..XXXXXXX 100644
14
index XXXXXXX..XXXXXXX 100644
30
--- a/hw/arm/smmu-common.c
15
--- a/docs/system/arm/cpu-features.rst
31
+++ b/hw/arm/smmu-common.c
16
+++ b/docs/system/arm/cpu-features.rst
32
@@ -XXX,XX +XXX,XX @@ void smmu_iotlb_insert(SMMUState *bs, SMMUTransCfg *cfg, SMMUTLBEntry *new)
17
@@ -XXX,XX +XXX,XX @@ As with ``sve-default-vector-length``, if the default length is larger
33
g_hash_table_insert(bs->iotlb, key, new);
18
than the maximum vector length enabled, the actual vector length will
34
}
19
be reduced. If this property is set to ``-1`` then the default vector
35
20
length is set to the maximum possible length.
36
-inline void smmu_iotlb_inv_all(SMMUState *s)
21
+
37
+void smmu_iotlb_inv_all(SMMUState *s)
22
+RME CPU Properties
38
{
23
+==================
39
trace_smmu_iotlb_inv_all();
24
+
40
g_hash_table_remove_all(s->iotlb);
25
+The status of RME support with QEMU is experimental. At this time we
41
@@ -XXX,XX +XXX,XX @@ static gboolean smmu_hash_remove_by_asid_iova(gpointer key, gpointer value,
26
+only support RME within the CPU proper, not within the SMMU or GIC.
42
((entry->iova & ~info->mask) == info->iova);
27
+The feature is enabled by the CPU property ``x-rme``, with the ``x-``
43
}
28
+prefix present as a reminder of the experimental status, and defaults off.
44
29
+
45
-inline void
30
+The method for enabling RME will change in some future QEMU release
46
-smmu_iotlb_inv_iova(SMMUState *s, int asid, dma_addr_t iova,
31
+without notice or backward compatibility.
47
- uint8_t tg, uint64_t num_pages, uint8_t ttl)
32
+
48
+void smmu_iotlb_inv_iova(SMMUState *s, int asid, dma_addr_t iova,
33
+RME Level 0 GPT Size Property
49
+ uint8_t tg, uint64_t num_pages, uint8_t ttl)
34
+-----------------------------
50
{
35
+
51
/* if tg is not set we use 4KB range invalidation */
36
+To aid firmware developers in testing different possible CPU
52
uint8_t granule = tg ? tg * 2 + 10 : 12;
37
+configurations, ``x-l0gptsz=S`` may be used to specify the value
53
@@ -XXX,XX +XXX,XX @@ smmu_iotlb_inv_iova(SMMUState *s, int asid, dma_addr_t iova,
38
+to encode into ``GPCCR_EL3.L0GPTSZ``, a read-only field that
54
&info);
39
+specifies the size of the Level 0 Granule Protection Table.
55
}
40
+Legal values for ``S`` are 30, 34, 36, and 39; the default is 30.
56
41
+
57
-inline void smmu_iotlb_inv_asid(SMMUState *s, uint16_t asid)
42
+As with ``x-rme``, the ``x-l0gptsz`` property may be renamed or
58
+void smmu_iotlb_inv_asid(SMMUState *s, uint16_t asid)
43
+removed in some future QEMU release.
59
{
44
diff --git a/docs/system/arm/emulation.rst b/docs/system/arm/emulation.rst
60
trace_smmu_iotlb_inv_asid(asid);
45
index XXXXXXX..XXXXXXX 100644
61
g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_asid, &asid);
46
--- a/docs/system/arm/emulation.rst
62
@@ -XXX,XX +XXX,XX @@ error:
47
+++ b/docs/system/arm/emulation.rst
63
*
48
@@ -XXX,XX +XXX,XX @@ the following architecture extensions:
64
* return 0 on success
49
- FEAT_RAS (Reliability, availability, and serviceability)
65
*/
50
- FEAT_RASv1p1 (RAS Extension v1.1)
66
-inline int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,
51
- FEAT_RDM (Advanced SIMD rounding double multiply accumulate instructions)
67
- SMMUTLBEntry *tlbe, SMMUPTWEventInfo *info)
52
+- FEAT_RME (Realm Management Extension) (NB: support status in QEMU is experimental)
68
+int smmu_ptw(SMMUTransCfg *cfg, dma_addr_t iova, IOMMUAccessFlags perm,
53
- FEAT_RNG (Random number generator)
69
+ SMMUTLBEntry *tlbe, SMMUPTWEventInfo *info)
54
- FEAT_S2FWB (Stage 2 forced Write-Back)
70
{
55
- FEAT_SB (Speculation Barrier)
71
if (!cfg->aa64) {
72
/*
73
--
56
--
74
2.25.1
57
2.34.1
75
58
76
59
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <philmd@linaro.org>
1
We use __builtin_subcll() to do a 64-bit subtract with borrow-in and
2
borrow-out when the host compiler supports it. Unfortunately some
3
versions of Apple Clang have a bug in their implementation of this
4
intrinsic which means it returns the wrong value. The effect is that
5
a QEMU built with the affected compiler will hang when emulating x86
6
or m68k float80 division.
2
7
3
This function is not used anywhere outside this file,
8
The upstream LLVM issue is:
4
so we can make the function "static void".
9
https://github.com/llvm/llvm-project/issues/55253
5
10
6
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
11
The commit that introduced the bug apparently never made it into an
12
upstream LLVM release without the subsequent fix
13
https://github.com/llvm/llvm-project/commit/fffb6e6afdbaba563189c1f715058ed401fbc88d
14
but unfortunately it did make it into Apple Clang 14.0, as shipped
15
in Xcode 14.3 (14.2 is reported to be OK). The Apple bug number is
16
FB12210478.
17
18
Add ifdefs to avoid use of __builtin_subcll() on Apple Clang version
19
14 or greater. There is not currently a version of Apple Clang which
20
has the bug fix -- when one appears we should be able to add an upper
21
bound to the ifdef condition so we can start using the builtin again.
22
We make the lower bound a conservative "any Apple clang with major
23
version 14 or greater" because the consequences of incorrectly
24
disabling the builtin when it would work are pretty small and the
25
consequences of not disabling it when we should are pretty bad.
26
27
Many thanks to those users who both reported this bug and also
28
did a lot of work in identifying the root cause; in particular
29
to Daniel Bertalan and osy.
30
31
Cc: qemu-stable@nongnu.org
32
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1631
33
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1659
34
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
7
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
35
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
8
Reviewed-by: Eric Auger <eric.auger@redhat.com>
36
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
9
Message-id: 20221216214924.4711-2-philmd@linaro.org
37
Tested-by: Daniel Bertalan <dani@danielbertalan.dev>
10
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
38
Tested-by: Tested-By: Solra Bizna <solra@bizna.name>
39
Message-id: 20230622130823.1631719-1-peter.maydell@linaro.org
11
---
40
---
12
include/hw/arm/smmu-common.h | 3 ---
41
include/qemu/compiler.h | 13 +++++++++++++
13
hw/arm/smmu-common.c | 2 +-
42
include/qemu/host-utils.h | 2 +-
14
2 files changed, 1 insertion(+), 4 deletions(-)
43
2 files changed, 14 insertions(+), 1 deletion(-)
15
44
16
diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
45
diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
17
index XXXXXXX..XXXXXXX 100644
46
index XXXXXXX..XXXXXXX 100644
18
--- a/include/hw/arm/smmu-common.h
47
--- a/include/qemu/compiler.h
19
+++ b/include/hw/arm/smmu-common.h
48
+++ b/include/qemu/compiler.h
20
@@ -XXX,XX +XXX,XX @@ void smmu_iotlb_inv_iova(SMMUState *s, int asid, dma_addr_t iova,
49
@@ -XXX,XX +XXX,XX @@
21
/* Unmap the range of all the notifiers registered to any IOMMU mr */
50
#define QEMU_DISABLE_CFI
22
void smmu_inv_notifiers_all(SMMUState *s);
51
#endif
23
52
24
-/* Unmap the range of all the notifiers registered to @mr */
53
+/*
25
-void smmu_inv_notifiers_mr(IOMMUMemoryRegion *mr);
54
+ * Apple clang version 14 has a bug in its __builtin_subcll(); define
26
-
55
+ * BUILTIN_SUBCLL_BROKEN for the offending versions so we can avoid it.
27
#endif /* HW_ARM_SMMU_COMMON_H */
56
+ * When a version of Apple clang which has this bug fixed is released
28
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
57
+ * we can add an upper bound to this check.
58
+ * See https://gitlab.com/qemu-project/qemu/-/issues/1631
59
+ * and https://gitlab.com/qemu-project/qemu/-/issues/1659 for details.
60
+ * The bug never made it into any upstream LLVM releases, only Apple ones.
61
+ */
62
+#if defined(__apple_build_version__) && __clang_major__ >= 14
63
+#define BUILTIN_SUBCLL_BROKEN
64
+#endif
65
+
66
#endif /* COMPILER_H */
67
diff --git a/include/qemu/host-utils.h b/include/qemu/host-utils.h
29
index XXXXXXX..XXXXXXX 100644
68
index XXXXXXX..XXXXXXX 100644
30
--- a/hw/arm/smmu-common.c
69
--- a/include/qemu/host-utils.h
31
+++ b/hw/arm/smmu-common.c
70
+++ b/include/qemu/host-utils.h
32
@@ -XXX,XX +XXX,XX @@ static void smmu_unmap_notifier_range(IOMMUNotifier *n)
71
@@ -XXX,XX +XXX,XX @@ static inline uint64_t uadd64_carry(uint64_t x, uint64_t y, bool *pcarry)
33
}
72
*/
34
73
static inline uint64_t usub64_borrow(uint64_t x, uint64_t y, bool *pborrow)
35
/* Unmap all notifiers attached to @mr */
36
-inline void smmu_inv_notifiers_mr(IOMMUMemoryRegion *mr)
37
+static void smmu_inv_notifiers_mr(IOMMUMemoryRegion *mr)
38
{
74
{
39
IOMMUNotifier *n;
75
-#if __has_builtin(__builtin_subcll)
40
76
+#if __has_builtin(__builtin_subcll) && !defined(BUILTIN_SUBCLL_BROKEN)
77
unsigned long long b = *pborrow;
78
x = __builtin_subcll(x, y, b, &b);
79
*pborrow = b & 1;
41
--
80
--
42
2.25.1
81
2.34.1
43
82
44
83
diff view generated by jsdifflib
1
From: Claudio Fontana <cfontana@suse.de>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Remove some unused headers.
3
One cannot test for feature aa32_simd_r32 without first
4
testing if AArch32 mode is supported at all. This leads to
4
5
5
Signed-off-by: Claudio Fontana <cfontana@suse.de>
6
qemu-system-aarch64: ARM CPUs must have both VFP-D32 and Neon or neither
6
Acked-by: Richard Henderson <richard.henderson@linaro.org>
7
7
Reviewed-by: Claudio Fontana <cfontana@suse.de>
8
for Apple M1 cpus.
8
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
9
9
Signed-off-by: Fabiano Rosas <farosas@suse.de>
10
We already have a check for ARMv8-A never setting vfp-d32 true,
10
Message-id: 20221213190537.511-7-farosas@suse.de
11
so restructure the code so that AArch64 avoids the test entirely.
11
[added back some includes that are still needed at this point]
12
12
Signed-off-by: Fabiano Rosas <farosas@suse.de>
13
Reported-by: Mads Ynddal <mads@ynddal.dk>
14
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
15
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
16
Tested-by: Mads Ynddal <m.ynddal@samsung.com>
17
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
18
Reviewed-by: Cédric Le Goater <clg@kaod.org>
19
Reviewed-by: Mads Ynddal <m.ynddal@samsung.com>
20
Message-id: 20230619140216.402530-1-richard.henderson@linaro.org
13
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
21
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
14
---
22
---
15
target/arm/cpu.c | 1 -
23
target/arm/cpu.c | 28 +++++++++++++++-------------
16
target/arm/cpu64.c | 6 ------
24
1 file changed, 15 insertions(+), 13 deletions(-)
17
2 files changed, 7 deletions(-)
18
25
19
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
26
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
20
index XXXXXXX..XXXXXXX 100644
27
index XXXXXXX..XXXXXXX 100644
21
--- a/target/arm/cpu.c
28
--- a/target/arm/cpu.c
22
+++ b/target/arm/cpu.c
29
+++ b/target/arm/cpu.c
23
@@ -XXX,XX +XXX,XX @@
30
@@ -XXX,XX +XXX,XX @@ void arm_cpu_post_init(Object *obj)
24
#include "target/arm/idau.h"
31
* KVM does not currently allow us to lie to the guest about its
25
#include "qemu/module.h"
32
* ID/feature registers, so the guest always sees what the host has.
26
#include "qapi/error.h"
33
*/
27
-#include "qapi/visitor.h"
34
- if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)
28
#include "cpu.h"
35
- ? cpu_isar_feature(aa64_fp_simd, cpu)
29
#ifdef CONFIG_TCG
36
- : cpu_isar_feature(aa32_vfp, cpu)) {
30
#include "hw/core/tcg-cpu-ops.h"
37
- cpu->has_vfp = true;
31
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
38
- if (!kvm_enabled()) {
32
index XXXXXXX..XXXXXXX 100644
39
- qdev_property_add_static(DEVICE(obj), &arm_cpu_has_vfp_property);
33
--- a/target/arm/cpu64.c
40
+ if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
34
+++ b/target/arm/cpu64.c
41
+ if (cpu_isar_feature(aa64_fp_simd, cpu)) {
35
@@ -XXX,XX +XXX,XX @@
42
+ cpu->has_vfp = true;
36
#include "qemu/osdep.h"
43
+ cpu->has_vfp_d32 = true;
37
#include "qapi/error.h"
44
+ if (tcg_enabled() || qtest_enabled()) {
38
#include "cpu.h"
45
+ qdev_property_add_static(DEVICE(obj),
39
-#ifdef CONFIG_TCG
46
+ &arm_cpu_has_vfp_property);
40
-#include "hw/core/tcg-cpu-ops.h"
47
+ }
41
-#endif /* CONFIG_TCG */
48
}
42
#include "qemu/module.h"
49
- }
43
-#if !defined(CONFIG_USER_ONLY)
50
-
44
-#include "hw/loader.h"
51
- if (cpu->has_vfp && cpu_isar_feature(aa32_simd_r32, cpu)) {
45
-#endif
52
- cpu->has_vfp_d32 = true;
46
#include "sysemu/kvm.h"
53
- if (!kvm_enabled()) {
47
#include "sysemu/hvf.h"
54
+ } else if (cpu_isar_feature(aa32_vfp, cpu)) {
48
#include "kvm_arm.h"
55
+ cpu->has_vfp = true;
56
+ if (cpu_isar_feature(aa32_simd_r32, cpu)) {
57
+ cpu->has_vfp_d32 = true;
58
/*
59
* The permitted values of the SIMDReg bits [3:0] on
60
* Armv8-A are either 0b0000 and 0b0010. On such CPUs,
61
* make sure that has_vfp_d32 can not be set to false.
62
*/
63
- if (!(arm_feature(&cpu->env, ARM_FEATURE_V8) &&
64
- !arm_feature(&cpu->env, ARM_FEATURE_M))) {
65
+ if ((tcg_enabled() || qtest_enabled())
66
+ && !(arm_feature(&cpu->env, ARM_FEATURE_V8)
67
+ && !arm_feature(&cpu->env, ARM_FEATURE_M))) {
68
qdev_property_add_static(DEVICE(obj),
69
&arm_cpu_has_vfp_d32_property);
70
}
49
--
71
--
50
2.25.1
72
2.34.1
73
74
diff view generated by jsdifflib
1
From: Axel Heider <axel.heider@hensoldt.net>
1
From: Shashi Mallela <shashi.mallela@linaro.org>
2
2
3
Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
3
Create ITS as part of SBSA platform GIC initialization.
4
5
GIC ITS information is in DeviceTree so TF-A can pass it to EDK2.
6
7
Bumping platform version to 0.2 as this is important hardware change.
8
9
Signed-off-by: Shashi Mallela <shashi.mallela@linaro.org>
10
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
11
Message-id: 20230619170913.517373-2-marcin.juszkiewicz@linaro.org
12
Co-authored-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
13
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
4
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
5
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6
---
16
---
7
hw/timer/imx_epit.c | 20 ++++++++++++++------
17
docs/system/arm/sbsa.rst | 14 ++++++++++++++
8
1 file changed, 14 insertions(+), 6 deletions(-)
18
hw/arm/sbsa-ref.c | 33 ++++++++++++++++++++++++++++++---
19
2 files changed, 44 insertions(+), 3 deletions(-)
9
20
10
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
21
diff --git a/docs/system/arm/sbsa.rst b/docs/system/arm/sbsa.rst
11
index XXXXXXX..XXXXXXX 100644
22
index XXXXXXX..XXXXXXX 100644
12
--- a/hw/timer/imx_epit.c
23
--- a/docs/system/arm/sbsa.rst
13
+++ b/hw/timer/imx_epit.c
24
+++ b/docs/system/arm/sbsa.rst
14
@@ -XXX,XX +XXX,XX @@ static void imx_epit_set_freq(IMXEPITState *s)
25
@@ -XXX,XX +XXX,XX @@ to be a complete compliant DT. It currently reports:
26
- platform version
27
- GIC addresses
28
29
+Platform version
30
+''''''''''''''''
31
+
32
The platform version is only for informing platform firmware about
33
what kind of ``sbsa-ref`` board it is running on. It is neither
34
a QEMU versioned machine type nor a reflection of the level of the
35
@@ -XXX,XX +XXX,XX @@ SBSA/SystemReady SR support provided.
36
The ``machine-version-major`` value is updated when changes breaking
37
fw compatibility are introduced. The ``machine-version-minor`` value
38
is updated when features are added that don't break fw compatibility.
39
+
40
+Platform version changes:
41
+
42
+0.0
43
+ Devicetree holds information about CPUs, memory and platform version.
44
+
45
+0.1
46
+ GIC information is present in devicetree.
47
+
48
+0.2
49
+ GIC ITS information is present in devicetree.
50
diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
51
index XXXXXXX..XXXXXXX 100644
52
--- a/hw/arm/sbsa-ref.c
53
+++ b/hw/arm/sbsa-ref.c
54
@@ -XXX,XX +XXX,XX @@ enum {
55
SBSA_CPUPERIPHS,
56
SBSA_GIC_DIST,
57
SBSA_GIC_REDIST,
58
+ SBSA_GIC_ITS,
59
SBSA_SECURE_EC,
60
SBSA_GWDT_WS0,
61
SBSA_GWDT_REFRESH,
62
@@ -XXX,XX +XXX,XX @@ static const MemMapEntry sbsa_ref_memmap[] = {
63
[SBSA_CPUPERIPHS] = { 0x40000000, 0x00040000 },
64
[SBSA_GIC_DIST] = { 0x40060000, 0x00010000 },
65
[SBSA_GIC_REDIST] = { 0x40080000, 0x04000000 },
66
+ [SBSA_GIC_ITS] = { 0x44081000, 0x00020000 },
67
[SBSA_SECURE_EC] = { 0x50000000, 0x00001000 },
68
[SBSA_GWDT_REFRESH] = { 0x50010000, 0x00001000 },
69
[SBSA_GWDT_CONTROL] = { 0x50011000, 0x00001000 },
70
@@ -XXX,XX +XXX,XX @@ static void sbsa_fdt_add_gic_node(SBSAMachineState *sms)
71
2, sbsa_ref_memmap[SBSA_GIC_REDIST].base,
72
2, sbsa_ref_memmap[SBSA_GIC_REDIST].size);
73
74
+ nodename = g_strdup_printf("/intc/its");
75
+ qemu_fdt_add_subnode(sms->fdt, nodename);
76
+ qemu_fdt_setprop_sized_cells(sms->fdt, nodename, "reg",
77
+ 2, sbsa_ref_memmap[SBSA_GIC_ITS].base,
78
+ 2, sbsa_ref_memmap[SBSA_GIC_ITS].size);
79
+
80
g_free(nodename);
81
}
82
+
15
/*
83
/*
16
* This is called both on hardware (device) reset and software reset.
84
* Firmware on this machine only uses ACPI table to load OS, these limited
17
*/
85
* device tree nodes are just to let firmware know the info which varies from
18
-static void imx_epit_reset(DeviceState *dev)
86
@@ -XXX,XX +XXX,XX @@ static void create_fdt(SBSAMachineState *sms)
19
+static void imx_epit_reset(IMXEPITState *s, bool is_hard_reset)
87
* fw compatibility.
20
{
88
*/
21
- IMXEPITState *s = IMX_EPIT(dev);
89
qemu_fdt_setprop_cell(fdt, "/", "machine-version-major", 0);
22
-
90
- qemu_fdt_setprop_cell(fdt, "/", "machine-version-minor", 1);
23
/* Soft reset doesn't touch some bits; hard reset clears them */
91
+ qemu_fdt_setprop_cell(fdt, "/", "machine-version-minor", 2);
24
- s->cr &= (CR_EN|CR_ENMOD|CR_STOPEN|CR_DOZEN|CR_WAITEN|CR_DBGEN);
92
25
+ if (is_hard_reset) {
93
if (ms->numa_state->have_numa_distance) {
26
+ s->cr = 0;
94
int size = nb_numa_nodes * nb_numa_nodes * 3 * sizeof(uint32_t);
27
+ } else {
95
@@ -XXX,XX +XXX,XX @@ static void create_secure_ram(SBSAMachineState *sms,
28
+ s->cr &= (CR_EN|CR_ENMOD|CR_STOPEN|CR_DOZEN|CR_WAITEN|CR_DBGEN);
96
memory_region_add_subregion(secure_sysmem, base, secram);
29
+ }
30
s->sr = 0;
31
s->lr = EPIT_TIMER_MAX;
32
s->cmp = 0;
33
@@ -XXX,XX +XXX,XX @@ static void imx_epit_write(void *opaque, hwaddr offset, uint64_t value,
34
s->cr = value & 0x03ffffff;
35
if (s->cr & CR_SWR) {
36
/* handle the reset */
37
- imx_epit_reset(DEVICE(s));
38
+ imx_epit_reset(s, false);
39
}
40
41
/*
42
@@ -XXX,XX +XXX,XX @@ static void imx_epit_realize(DeviceState *dev, Error **errp)
43
s->timer_cmp = ptimer_init(imx_epit_cmp, s, PTIMER_POLICY_LEGACY);
44
}
97
}
45
98
46
+static void imx_epit_dev_reset(DeviceState *dev)
99
-static void create_gic(SBSAMachineState *sms)
100
+static void create_its(SBSAMachineState *sms)
47
+{
101
+{
48
+ IMXEPITState *s = IMX_EPIT(dev);
102
+ const char *itsclass = its_class_name();
49
+ imx_epit_reset(s, true);
103
+ DeviceState *dev;
104
+
105
+ dev = qdev_new(itsclass);
106
+
107
+ object_property_set_link(OBJECT(dev), "parent-gicv3", OBJECT(sms->gic),
108
+ &error_abort);
109
+ sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
110
+ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, sbsa_ref_memmap[SBSA_GIC_ITS].base);
50
+}
111
+}
51
+
112
+
52
static void imx_epit_class_init(ObjectClass *klass, void *data)
113
+static void create_gic(SBSAMachineState *sms, MemoryRegion *mem)
53
{
114
{
54
DeviceClass *dc = DEVICE_CLASS(klass);
115
unsigned int smp_cpus = MACHINE(sms)->smp.cpus;
55
116
SysBusDevice *gicbusdev;
56
dc->realize = imx_epit_realize;
117
@@ -XXX,XX +XXX,XX @@ static void create_gic(SBSAMachineState *sms)
57
- dc->reset = imx_epit_reset;
118
qdev_prop_set_uint32(sms->gic, "len-redist-region-count", 1);
58
+ dc->reset = imx_epit_dev_reset;
119
qdev_prop_set_uint32(sms->gic, "redist-region-count[0]", redist0_count);
59
dc->vmsd = &vmstate_imx_timer_epit;
120
60
dc->desc = "i.MX periodic timer";
121
+ object_property_set_link(OBJECT(sms->gic), "sysmem",
122
+ OBJECT(mem), &error_fatal);
123
+ qdev_prop_set_bit(sms->gic, "has-lpi", true);
124
+
125
gicbusdev = SYS_BUS_DEVICE(sms->gic);
126
sysbus_realize_and_unref(gicbusdev, &error_fatal);
127
sysbus_mmio_map(gicbusdev, 0, sbsa_ref_memmap[SBSA_GIC_DIST].base);
128
@@ -XXX,XX +XXX,XX @@ static void create_gic(SBSAMachineState *sms)
129
sysbus_connect_irq(gicbusdev, i + 3 * smp_cpus,
130
qdev_get_gpio_in(cpudev, ARM_CPU_VFIQ));
131
}
132
+ create_its(sms);
61
}
133
}
134
135
static void create_uart(const SBSAMachineState *sms, int uart,
136
@@ -XXX,XX +XXX,XX @@ static void sbsa_ref_init(MachineState *machine)
137
138
create_secure_ram(sms, secure_sysmem);
139
140
- create_gic(sms);
141
+ create_gic(sms, sysmem);
142
143
create_uart(sms, SBSA_UART, sysmem, serial_hd(0));
144
create_uart(sms, SBSA_SECURE_UART, secure_sysmem, serial_hd(1));
62
--
145
--
63
2.25.1
146
2.34.1
diff view generated by jsdifflib
1
From: Philippe Mathieu-Daudé <philmd@linaro.org>
1
From: Richard Henderson <richard.henderson@linaro.org>
2
2
3
Silent when compiling with -Wextra:
3
Brown bag time: store instead of load results in uninitialized temp.
4
4
5
../hw/arm/nseries.c:1081:12: warning: missing field 'line' initializer [-Wmissing-field-initializers]
6
{ NULL }
7
^
8
5
9
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
6
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1704
10
Message-id: 20221220142520.24094-4-philmd@linaro.org
7
Reported-by: Mark Rutland <mark.rutland@arm.com>
8
Tested-by: Alex Bennée <alex.bennee@linaro.org>
9
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
10
Message-id: 20230620134659.817559-1-richard.henderson@linaro.org
11
Fixes: e6dd5e782be ("target/arm: Use tcg_gen_qemu_{ld, st}_i128 in gen_sve_{ld, st}r")
12
Tested-by: Alex Bennée <alex.bennee@linaro.org>
13
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
11
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
14
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
12
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
13
---
16
---
14
hw/arm/nseries.c | 10 ++++------
17
target/arm/tcg/translate-sve.c | 2 +-
15
1 file changed, 4 insertions(+), 6 deletions(-)
18
1 file changed, 1 insertion(+), 1 deletion(-)
16
19
17
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
20
diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
18
index XXXXXXX..XXXXXXX 100644
21
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/arm/nseries.c
22
--- a/target/arm/tcg/translate-sve.c
20
+++ b/hw/arm/nseries.c
23
+++ b/target/arm/tcg/translate-sve.c
21
@@ -XXX,XX +XXX,XX @@ static const struct omap_gpiosw_info_s {
24
@@ -XXX,XX +XXX,XX @@ void gen_sve_str(DisasContext *s, TCGv_ptr base, int vofs,
22
"headphone", N8X0_HEADPHONE_GPIO,
25
/* Predicate register stores can be any multiple of 2. */
23
OMAP_GPIOSW_TYPE_CONNECTION | OMAP_GPIOSW_INVERTED,
26
if (len_remain >= 8) {
24
},
27
t0 = tcg_temp_new_i64();
25
- { NULL }
28
- tcg_gen_st_i64(t0, base, vofs + len_align);
26
+ { /* end of list */ }
29
+ tcg_gen_ld_i64(t0, base, vofs + len_align);
27
}, n810_gpiosw_info[] = {
30
tcg_gen_qemu_st_i64(t0, clean_addr, midx, MO_LEUQ | MO_ATOM_NONE);
28
{
31
len_remain -= 8;
29
"gps_reset", N810_GPS_RESET_GPIO,
32
len_align += 8;
30
@@ -XXX,XX +XXX,XX @@ static const struct omap_gpiosw_info_s {
31
"slide", N810_SLIDE_GPIO,
32
OMAP_GPIOSW_TYPE_COVER | OMAP_GPIOSW_INVERTED,
33
},
34
- { NULL }
35
+ { /* end of list */ }
36
};
37
38
static const struct omap_partition_info_s {
39
@@ -XXX,XX +XXX,XX @@ static const struct omap_partition_info_s {
40
{ 0x00080000, 0x00200000, 0x0, "kernel" },
41
{ 0x00280000, 0x00200000, 0x3, "initfs" },
42
{ 0x00480000, 0x0fb80000, 0x3, "rootfs" },
43
-
44
- { 0, 0, 0, NULL }
45
+ { /* end of list */ }
46
}, n810_part_info[] = {
47
{ 0x00000000, 0x00020000, 0x3, "bootloader" },
48
{ 0x00020000, 0x00060000, 0x0, "config" },
49
{ 0x00080000, 0x00220000, 0x0, "kernel" },
50
{ 0x002a0000, 0x00400000, 0x0, "initfs" },
51
{ 0x006a0000, 0x0f960000, 0x0, "rootfs" },
52
-
53
- { 0, 0, 0, NULL }
54
+ { /* end of list */ }
55
};
56
57
static const uint8_t n8x0_bd_addr[6] = { N8X0_BD_ADDR };
58
--
33
--
59
2.25.1
34
2.34.1
60
35
61
36
diff view generated by jsdifflib
1
From: Alex Bennée <alex.bennee@linaro.org>
1
The xkb official name for the Arabic keyboard layout is 'ara'.
2
However xkb has for at least the past 15 years also permitted it to
3
be named via the legacy synonym 'ar'. In xkeyboard-config 2.39 this
4
synoynm was removed, which breaks compilation of QEMU:
2
5
3
The check semihosting_enabled() wants to know if the guest is
6
FAILED: pc-bios/keymaps/ar
4
currently in user mode. Unlike the other cases the test was inverted
7
/home/fred/qemu-git/src/qemu/build-full/qemu-keymap -f pc-bios/keymaps/ar -l ar
5
causing us to block semihosting calls in non-EL0 modes.
8
xkbcommon: ERROR: Couldn't find file "symbols/ar" in include paths
9
xkbcommon: ERROR: 1 include paths searched:
10
xkbcommon: ERROR:     /usr/share/X11/xkb
11
xkbcommon: ERROR: 3 include paths could not be added:
12
xkbcommon: ERROR:     /home/fred/.config/xkb
13
xkbcommon: ERROR:     /home/fred/.xkb
14
xkbcommon: ERROR:     /etc/xkb
15
xkbcommon: ERROR: Abandoning symbols file "(unnamed)"
16
xkbcommon: ERROR: Failed to compile xkb_symbols
17
xkbcommon: ERROR: Failed to compile keymap
18
19
The upstream xkeyboard-config change removing the compat
20
mapping is:
21
https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config/-/commit/470ad2cd8fea84d7210377161d86b31999bb5ea6
22
23
Make QEMU always ask for the 'ara' xkb layout, which should work on
24
both older and newer xkeyboard-config. We leave the QEMU name for
25
this keyboard layout as 'ar'; it is not the only one where our name
26
for it deviates from the xkb standard name.
6
27
7
Cc: qemu-stable@nongnu.org
28
Cc: qemu-stable@nongnu.org
8
Fixes: 19b26317e9 (target/arm: Honour -semihosting-config userspace=on)
9
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
10
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
11
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
29
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
30
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
31
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
32
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
33
Message-id: 20230620162024.1132013-1-peter.maydell@linaro.org
34
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1709
12
---
35
---
13
target/arm/translate.c | 2 +-
36
pc-bios/keymaps/meson.build | 2 +-
14
1 file changed, 1 insertion(+), 1 deletion(-)
37
1 file changed, 1 insertion(+), 1 deletion(-)
15
38
16
diff --git a/target/arm/translate.c b/target/arm/translate.c
39
diff --git a/pc-bios/keymaps/meson.build b/pc-bios/keymaps/meson.build
17
index XXXXXXX..XXXXXXX 100644
40
index XXXXXXX..XXXXXXX 100644
18
--- a/target/arm/translate.c
41
--- a/pc-bios/keymaps/meson.build
19
+++ b/target/arm/translate.c
42
+++ b/pc-bios/keymaps/meson.build
20
@@ -XXX,XX +XXX,XX @@ static inline void gen_hlt(DisasContext *s, int imm)
43
@@ -XXX,XX +XXX,XX @@
21
* semihosting, to provide some semblance of security
44
keymaps = {
22
* (and for consistency with our 32-bit semihosting).
45
- 'ar': '-l ar',
23
*/
46
+ 'ar': '-l ara',
24
- if (semihosting_enabled(s->current_el != 0) &&
47
'bepo': '-l fr -v dvorak',
25
+ if (semihosting_enabled(s->current_el == 0) &&
48
'cz': '-l cz',
26
(imm == (s->thumb ? 0x3c : 0xf000))) {
49
'da': '-l dk',
27
gen_exception_internal_insn(s, EXCP_SEMIHOST);
28
return;
29
--
50
--
30
2.25.1
51
2.34.1
31
52
32
53
diff view generated by jsdifflib
Deleted patch
1
From: Axel Heider <axel.heider@hensoldt.net>
2
1
3
Fix typos, add background information
4
5
Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
9
hw/timer/imx_epit.c | 20 ++++++++++++++++----
10
1 file changed, 16 insertions(+), 4 deletions(-)
11
12
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
13
index XXXXXXX..XXXXXXX 100644
14
--- a/hw/timer/imx_epit.c
15
+++ b/hw/timer/imx_epit.c
16
@@ -XXX,XX +XXX,XX @@ static void imx_epit_set_freq(IMXEPITState *s)
17
}
18
}
19
20
+/*
21
+ * This is called both on hardware (device) reset and software reset.
22
+ */
23
static void imx_epit_reset(DeviceState *dev)
24
{
25
IMXEPITState *s = IMX_EPIT(dev);
26
27
- /*
28
- * Soft reset doesn't touch some bits; hard reset clears them
29
- */
30
+ /* Soft reset doesn't touch some bits; hard reset clears them */
31
s->cr &= (CR_EN|CR_ENMOD|CR_STOPEN|CR_DOZEN|CR_WAITEN|CR_DBGEN);
32
s->sr = 0;
33
s->lr = EPIT_TIMER_MAX;
34
@@ -XXX,XX +XXX,XX @@ static void imx_epit_write(void *opaque, hwaddr offset, uint64_t value,
35
ptimer_transaction_begin(s->timer_cmp);
36
ptimer_transaction_begin(s->timer_reload);
37
38
+ /* Update the frequency. Has been done already in case of a reset. */
39
if (!(s->cr & CR_SWR)) {
40
imx_epit_set_freq(s);
41
}
42
@@ -XXX,XX +XXX,XX @@ static void imx_epit_write(void *opaque, hwaddr offset, uint64_t value,
43
break;
44
45
case 1: /* SR - ACK*/
46
- /* writing 1 to OCIF clear the OCIF bit */
47
+ /* writing 1 to OCIF clears the OCIF bit */
48
if (value & 0x01) {
49
s->sr = 0;
50
imx_epit_update_int(s);
51
@@ -XXX,XX +XXX,XX @@ static void imx_epit_realize(DeviceState *dev, Error **errp)
52
0x00001000);
53
sysbus_init_mmio(sbd, &s->iomem);
54
55
+ /*
56
+ * The reload timer keeps running when the peripheral is enabled. It is a
57
+ * kind of wall clock that does not generate any interrupts. The callback
58
+ * needs to be provided, but it does nothing as the ptimer already supports
59
+ * all necessary reloading functionality.
60
+ */
61
s->timer_reload = ptimer_init(imx_epit_reload, s, PTIMER_POLICY_LEGACY);
62
63
+ /*
64
+ * The compare timer is running only when the peripheral configuration is
65
+ * in a state that will generate compare interrupts.
66
+ */
67
s->timer_cmp = ptimer_init(imx_epit_cmp, s, PTIMER_POLICY_LEGACY);
68
}
69
70
--
71
2.25.1
diff view generated by jsdifflib
Deleted patch
1
From: Axel Heider <axel.heider@hensoldt.net>
2
1
3
remove unused defines, add needed defines
4
5
Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
9
include/hw/timer/imx_epit.h | 4 ++--
10
hw/timer/imx_epit.c | 4 ++--
11
2 files changed, 4 insertions(+), 4 deletions(-)
12
13
diff --git a/include/hw/timer/imx_epit.h b/include/hw/timer/imx_epit.h
14
index XXXXXXX..XXXXXXX 100644
15
--- a/include/hw/timer/imx_epit.h
16
+++ b/include/hw/timer/imx_epit.h
17
@@ -XXX,XX +XXX,XX @@
18
#define CR_OCIEN (1 << 2)
19
#define CR_RLD (1 << 3)
20
#define CR_PRESCALE_SHIFT (4)
21
-#define CR_PRESCALE_MASK (0xfff)
22
+#define CR_PRESCALE_BITS (12)
23
#define CR_SWR (1 << 16)
24
#define CR_IOVW (1 << 17)
25
#define CR_DBGEN (1 << 18)
26
@@ -XXX,XX +XXX,XX @@
27
#define CR_DOZEN (1 << 20)
28
#define CR_STOPEN (1 << 21)
29
#define CR_CLKSRC_SHIFT (24)
30
-#define CR_CLKSRC_MASK (0x3 << CR_CLKSRC_SHIFT)
31
+#define CR_CLKSRC_BITS (2)
32
33
#define EPIT_TIMER_MAX 0XFFFFFFFFUL
34
35
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
36
index XXXXXXX..XXXXXXX 100644
37
--- a/hw/timer/imx_epit.c
38
+++ b/hw/timer/imx_epit.c
39
@@ -XXX,XX +XXX,XX @@ static void imx_epit_set_freq(IMXEPITState *s)
40
uint32_t clksrc;
41
uint32_t prescaler;
42
43
- clksrc = extract32(s->cr, CR_CLKSRC_SHIFT, 2);
44
- prescaler = 1 + extract32(s->cr, CR_PRESCALE_SHIFT, 12);
45
+ clksrc = extract32(s->cr, CR_CLKSRC_SHIFT, CR_CLKSRC_BITS);
46
+ prescaler = 1 + extract32(s->cr, CR_PRESCALE_SHIFT, CR_PRESCALE_BITS);
47
48
s->freq = imx_ccm_get_clock_frequency(s->ccm,
49
imx_epit_clocks[clksrc]) / prescaler;
50
--
51
2.25.1
diff view generated by jsdifflib
Deleted patch
1
From: Axel Heider <axel.heider@hensoldt.net>
2
1
3
The interrupt state can change due to:
4
- reset clears both SR.OCIF and CR.OCIE
5
- write to CR.EN or CR.OCIE
6
7
Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
9
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
10
---
11
hw/timer/imx_epit.c | 16 ++++++++++++----
12
1 file changed, 12 insertions(+), 4 deletions(-)
13
14
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
15
index XXXXXXX..XXXXXXX 100644
16
--- a/hw/timer/imx_epit.c
17
+++ b/hw/timer/imx_epit.c
18
@@ -XXX,XX +XXX,XX @@ static void imx_epit_write(void *opaque, hwaddr offset, uint64_t value,
19
if (s->cr & CR_SWR) {
20
/* handle the reset */
21
imx_epit_reset(DEVICE(s));
22
- /*
23
- * TODO: could we 'break' here? following operations appear
24
- * to duplicate the work imx_epit_reset() already did.
25
- */
26
}
27
28
+ /*
29
+ * The interrupt state can change due to:
30
+ * - reset clears both SR.OCIF and CR.OCIE
31
+ * - write to CR.EN or CR.OCIE
32
+ */
33
+ imx_epit_update_int(s);
34
+
35
+ /*
36
+ * TODO: could we 'break' here for reset? following operations appear
37
+ * to duplicate the work imx_epit_reset() already did.
38
+ */
39
+
40
ptimer_transaction_begin(s->timer_cmp);
41
ptimer_transaction_begin(s->timer_reload);
42
43
--
44
2.25.1
diff view generated by jsdifflib
Deleted patch
1
From: Fabiano Rosas <farosas@suse.de>
2
1
3
Signed-off-by: Fabiano Rosas <farosas@suse.de>
4
Reviewed-by: Claudio Fontana <cfontana@suse.de>
5
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
6
Message-id: 20221213190537.511-5-farosas@suse.de
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
9
target/arm/m_helper.c | 16 ----------------
10
1 file changed, 16 deletions(-)
11
12
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
13
index XXXXXXX..XXXXXXX 100644
14
--- a/target/arm/m_helper.c
15
+++ b/target/arm/m_helper.c
16
@@ -XXX,XX +XXX,XX @@
17
*/
18
19
#include "qemu/osdep.h"
20
-#include "qemu/units.h"
21
-#include "target/arm/idau.h"
22
-#include "trace.h"
23
#include "cpu.h"
24
#include "internals.h"
25
-#include "exec/gdbstub.h"
26
#include "exec/helper-proto.h"
27
-#include "qemu/host-utils.h"
28
#include "qemu/main-loop.h"
29
#include "qemu/bitops.h"
30
-#include "qemu/crc32c.h"
31
-#include "qemu/qemu-print.h"
32
#include "qemu/log.h"
33
#include "exec/exec-all.h"
34
-#include <zlib.h> /* For crc32 */
35
-#include "semihosting/semihost.h"
36
-#include "sysemu/cpus.h"
37
-#include "sysemu/kvm.h"
38
-#include "qemu/range.h"
39
-#include "qapi/qapi-commands-machine-target.h"
40
-#include "qapi/error.h"
41
-#include "qemu/guest-random.h"
42
#ifdef CONFIG_TCG
43
-#include "arm_ldst.h"
44
#include "exec/cpu_ldst.h"
45
#include "semihosting/common-semi.h"
46
#endif
47
--
48
2.25.1
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@linaro.org>
2
1
3
The pointed MouseTransformInfo structure is accessed read-only.
4
5
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
6
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
7
Message-id: 20221220142520.24094-2-philmd@linaro.org
8
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
9
---
10
include/hw/input/tsc2xxx.h | 4 ++--
11
hw/input/tsc2005.c | 2 +-
12
hw/input/tsc210x.c | 3 +--
13
3 files changed, 4 insertions(+), 5 deletions(-)
14
15
diff --git a/include/hw/input/tsc2xxx.h b/include/hw/input/tsc2xxx.h
16
index XXXXXXX..XXXXXXX 100644
17
--- a/include/hw/input/tsc2xxx.h
18
+++ b/include/hw/input/tsc2xxx.h
19
@@ -XXX,XX +XXX,XX @@ uWireSlave *tsc2102_init(qemu_irq pint);
20
uWireSlave *tsc2301_init(qemu_irq penirq, qemu_irq kbirq, qemu_irq dav);
21
I2SCodec *tsc210x_codec(uWireSlave *chip);
22
uint32_t tsc210x_txrx(void *opaque, uint32_t value, int len);
23
-void tsc210x_set_transform(uWireSlave *chip, MouseTransformInfo *info);
24
+void tsc210x_set_transform(uWireSlave *chip, const MouseTransformInfo *info);
25
void tsc210x_key_event(uWireSlave *chip, int key, int down);
26
27
/* tsc2005.c */
28
void *tsc2005_init(qemu_irq pintdav);
29
uint32_t tsc2005_txrx(void *opaque, uint32_t value, int len);
30
-void tsc2005_set_transform(void *opaque, MouseTransformInfo *info);
31
+void tsc2005_set_transform(void *opaque, const MouseTransformInfo *info);
32
33
#endif
34
diff --git a/hw/input/tsc2005.c b/hw/input/tsc2005.c
35
index XXXXXXX..XXXXXXX 100644
36
--- a/hw/input/tsc2005.c
37
+++ b/hw/input/tsc2005.c
38
@@ -XXX,XX +XXX,XX @@ void *tsc2005_init(qemu_irq pintdav)
39
* from the touchscreen. Assuming 12-bit precision was used during
40
* tslib calibration.
41
*/
42
-void tsc2005_set_transform(void *opaque, MouseTransformInfo *info)
43
+void tsc2005_set_transform(void *opaque, const MouseTransformInfo *info)
44
{
45
TSC2005State *s = (TSC2005State *) opaque;
46
47
diff --git a/hw/input/tsc210x.c b/hw/input/tsc210x.c
48
index XXXXXXX..XXXXXXX 100644
49
--- a/hw/input/tsc210x.c
50
+++ b/hw/input/tsc210x.c
51
@@ -XXX,XX +XXX,XX @@ I2SCodec *tsc210x_codec(uWireSlave *chip)
52
* from the touchscreen. Assuming 12-bit precision was used during
53
* tslib calibration.
54
*/
55
-void tsc210x_set_transform(uWireSlave *chip,
56
- MouseTransformInfo *info)
57
+void tsc210x_set_transform(uWireSlave *chip, const MouseTransformInfo *info)
58
{
59
TSC210xState *s = (TSC210xState *) chip->opaque;
60
#if 0
61
--
62
2.25.1
63
64
diff view generated by jsdifflib
Deleted patch
1
From: Jean-Christophe Dubois <jcd@tribudubois.net>
2
1
3
So far the GPT timers were unable to raise IRQs to the processor.
4
5
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
9
include/hw/arm/fsl-imx7.h | 5 +++++
10
hw/arm/fsl-imx7.c | 10 ++++++++++
11
2 files changed, 15 insertions(+)
12
13
diff --git a/include/hw/arm/fsl-imx7.h b/include/hw/arm/fsl-imx7.h
14
index XXXXXXX..XXXXXXX 100644
15
--- a/include/hw/arm/fsl-imx7.h
16
+++ b/include/hw/arm/fsl-imx7.h
17
@@ -XXX,XX +XXX,XX @@ enum FslIMX7IRQs {
18
FSL_IMX7_USB2_IRQ = 42,
19
FSL_IMX7_USB3_IRQ = 40,
20
21
+ FSL_IMX7_GPT1_IRQ = 55,
22
+ FSL_IMX7_GPT2_IRQ = 54,
23
+ FSL_IMX7_GPT3_IRQ = 53,
24
+ FSL_IMX7_GPT4_IRQ = 52,
25
+
26
FSL_IMX7_WDOG1_IRQ = 78,
27
FSL_IMX7_WDOG2_IRQ = 79,
28
FSL_IMX7_WDOG3_IRQ = 10,
29
diff --git a/hw/arm/fsl-imx7.c b/hw/arm/fsl-imx7.c
30
index XXXXXXX..XXXXXXX 100644
31
--- a/hw/arm/fsl-imx7.c
32
+++ b/hw/arm/fsl-imx7.c
33
@@ -XXX,XX +XXX,XX @@ static void fsl_imx7_realize(DeviceState *dev, Error **errp)
34
FSL_IMX7_GPT4_ADDR,
35
};
36
37
+ static const int FSL_IMX7_GPTn_IRQ[FSL_IMX7_NUM_GPTS] = {
38
+ FSL_IMX7_GPT1_IRQ,
39
+ FSL_IMX7_GPT2_IRQ,
40
+ FSL_IMX7_GPT3_IRQ,
41
+ FSL_IMX7_GPT4_IRQ,
42
+ };
43
+
44
s->gpt[i].ccm = IMX_CCM(&s->ccm);
45
sysbus_realize(SYS_BUS_DEVICE(&s->gpt[i]), &error_abort);
46
sysbus_mmio_map(SYS_BUS_DEVICE(&s->gpt[i]), 0, FSL_IMX7_GPTn_ADDR[i]);
47
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->gpt[i]), 0,
48
+ qdev_get_gpio_in(DEVICE(&s->a7mpcore),
49
+ FSL_IMX7_GPTn_IRQ[i]));
50
}
51
52
for (i = 0; i < FSL_IMX7_NUM_GPIOS; i++) {
53
--
54
2.25.1
diff view generated by jsdifflib
Deleted patch
1
From: Jean-Christophe Dubois <jcd@tribudubois.net>
2
1
3
CCM derived clocks will have to be added later.
4
5
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
6
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
7
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
8
---
9
hw/misc/imx7_ccm.c | 49 +++++++++++++++++++++++++++++++++++++---------
10
1 file changed, 40 insertions(+), 9 deletions(-)
11
12
diff --git a/hw/misc/imx7_ccm.c b/hw/misc/imx7_ccm.c
13
index XXXXXXX..XXXXXXX 100644
14
--- a/hw/misc/imx7_ccm.c
15
+++ b/hw/misc/imx7_ccm.c
16
@@ -XXX,XX +XXX,XX @@
17
#include "hw/misc/imx7_ccm.h"
18
#include "migration/vmstate.h"
19
20
+#include "trace.h"
21
+
22
+#define CKIH_FREQ 24000000 /* 24MHz crystal input */
23
+
24
static void imx7_analog_reset(DeviceState *dev)
25
{
26
IMX7AnalogState *s = IMX7_ANALOG(dev);
27
@@ -XXX,XX +XXX,XX @@ static const VMStateDescription vmstate_imx7_ccm = {
28
static uint32_t imx7_ccm_get_clock_frequency(IMXCCMState *dev, IMXClk clock)
29
{
30
/*
31
- * This function is "consumed" by GPT emulation code, however on
32
- * i.MX7 each GPT block can have their own clock root. This means
33
- * that this functions needs somehow to know requester's identity
34
- * and the way to pass it: be it via additional IMXClk constants
35
- * or by adding another argument to this method needs to be
36
- * figured out
37
+ * This function is "consumed" by GPT emulation code. Some clocks
38
+ * have fixed frequencies and we can provide requested frequency
39
+ * easily. However for CCM provided clocks (like IPG) each GPT
40
+ * timer can have its own clock root.
41
+ * This means we need additionnal information when calling this
42
+ * function to know the requester's identity.
43
*/
44
- qemu_log_mask(LOG_GUEST_ERROR, "[%s]%s: Not implemented\n",
45
- TYPE_IMX7_CCM, __func__);
46
- return 0;
47
+ uint32_t freq = 0;
48
+
49
+ switch (clock) {
50
+ case CLK_NONE:
51
+ break;
52
+ case CLK_32k:
53
+ freq = CKIL_FREQ;
54
+ break;
55
+ case CLK_HIGH:
56
+ freq = CKIH_FREQ;
57
+ break;
58
+ case CLK_IPG:
59
+ case CLK_IPG_HIGH:
60
+ /*
61
+ * For now we don't have a way to figure out the device this
62
+ * function is called for. Until then the IPG derived clocks
63
+ * are left unimplemented.
64
+ */
65
+ qemu_log_mask(LOG_GUEST_ERROR, "[%s]%s: Clock %d Not implemented\n",
66
+ TYPE_IMX7_CCM, __func__, clock);
67
+ break;
68
+ default:
69
+ qemu_log_mask(LOG_GUEST_ERROR, "[%s]%s: unsupported clock %d\n",
70
+ TYPE_IMX7_CCM, __func__, clock);
71
+ break;
72
+ }
73
+
74
+ trace_ccm_clock_freq(clock, freq);
75
+
76
+ return freq;
77
}
78
79
static void imx7_ccm_class_init(ObjectClass *klass, void *data)
80
--
81
2.25.1
diff view generated by jsdifflib