1
The following changes since commit efcd0ec14b0fe9ee0ee70277763b2d538d19238d:
1
Massively slimmed down v2: MemTag broke bsd-user, and the npcm7xx
2
ethernet device failed 'make check' on big-endian hosts.
2
3
3
Merge tag 'misc-fixes-20230330' of https://github.com/philmd/qemu into staging (2023-03-30 14:22:29 +0100)
4
-- PMM
5
6
The following changes since commit 83339e21d05c824ebc9131d644f25c23d0e41ecf:
7
8
Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2021-02-10 15:42:20 +0000)
4
9
5
are available in the Git repository at:
10
are available in the Git repository at:
6
11
7
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230403
12
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210211-1
8
13
9
for you to fetch changes up to a0eaa126af3c5a43937a22c58cfb9bb36e4a5001:
14
for you to fetch changes up to d3c1183ffeb71ca3a783eae3d7e1c51e71e8a621:
10
15
11
hw/ssi: Fix Linux driver init issue with xilinx_spi (2023-04-03 16:12:30 +0100)
16
target/arm: Correctly initialize MDCR_EL2.HPMN (2021-02-11 19:48:09 +0000)
12
17
13
----------------------------------------------------------------
18
----------------------------------------------------------------
14
* target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()
19
target-arm queue:
15
* hw/arm: do not free machine->fdt in arm_load_dtb()
20
* Correctly initialize MDCR_EL2.HPMN
16
* target/arm: Fix generated code for cpreg reads when HSTR is active
21
* versal: Use nr_apu_cpus in favor of hard coding 2
17
* hw/ssi: Fix Linux driver init issue with xilinx_spi
22
* accel/tcg: Add URL of clang bug to comment about our workaround
23
* Add support for FEAT_DIT, Data Independent Timing
24
* Remove GPIO from unimplemented NPCM7XX
25
* Fix SCR RES1 handling
26
* Don't migrate CPUARMState.features
18
27
19
----------------------------------------------------------------
28
----------------------------------------------------------------
20
Chris Rauer (1):
29
Aaron Lindsay (1):
21
hw/ssi: Fix Linux driver init issue with xilinx_spi
30
target/arm: Don't migrate CPUARMState.features
22
31
23
Markus Armbruster (1):
32
Daniel Müller (1):
24
hw/arm: do not free machine->fdt in arm_load_dtb()
33
target/arm: Correctly initialize MDCR_EL2.HPMN
25
34
26
Peter Maydell (1):
35
Edgar E. Iglesias (1):
27
target/arm: Fix generated code for cpreg reads when HSTR is active
36
hw/arm: versal: Use nr_apu_cpus in favor of hard coding 2
28
37
29
Philippe Mathieu-Daudé (1):
38
Hao Wu (1):
30
target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask()
39
hw/arm: Remove GPIO from unimplemented NPCM7XX
31
40
32
target/arm/internals.h | 15 ++++++++++-----
41
Mike Nawrocki (1):
33
hw/arm/boot.c | 5 ++++-
42
target/arm: Fix SCR RES1 handling
34
hw/ssi/xilinx_spi.c | 1 +
35
target/arm/gdbstub64.c | 7 +++++--
36
target/arm/tcg/pauth_helper.c | 18 +-----------------
37
target/arm/tcg/translate.c | 6 ++++++
38
6 files changed, 27 insertions(+), 25 deletions(-)
39
43
44
Peter Maydell (2):
45
arm: Update infocenter.arm.com URLs
46
accel/tcg: Add URL of clang bug to comment about our workaround
47
48
Rebecca Cran (4):
49
target/arm: Add support for FEAT_DIT, Data Independent Timing
50
target/arm: Support AA32 DIT by moving PSTATE_SS from cpsr into env->pstate
51
target/arm: Set ID_AA64PFR0.DIT and ID_PFR0.DIT to 1 for "max" AA64 CPU
52
target/arm: Set ID_PFR0.DIT to 1 for "max" 32-bit CPU
53
54
include/hw/dma/pl080.h | 7 ++--
55
include/hw/misc/arm_integrator_debug.h | 2 +-
56
include/hw/ssi/pl022.h | 5 ++-
57
target/arm/cpu.h | 17 ++++++++
58
target/arm/internals.h | 6 +++
59
accel/tcg/cpu-exec.c | 25 +++++++++---
60
hw/arm/aspeed_ast2600.c | 2 +-
61
hw/arm/musca.c | 4 +-
62
hw/arm/npcm7xx.c | 8 ----
63
hw/arm/xlnx-versal.c | 4 +-
64
hw/misc/arm_integrator_debug.c | 2 +-
65
hw/timer/arm_timer.c | 7 ++--
66
target/arm/cpu.c | 4 ++
67
target/arm/cpu64.c | 5 +++
68
target/arm/helper-a64.c | 27 +++++++++++--
69
target/arm/helper.c | 71 +++++++++++++++++++++++++++-------
70
target/arm/machine.c | 2 +-
71
target/arm/op_helper.c | 9 +----
72
target/arm/translate-a64.c | 12 ++++++
73
19 files changed, 164 insertions(+), 55 deletions(-)
74
diff view generated by jsdifflib
Deleted patch
1
From: Philippe Mathieu-Daudé <philmd@linaro.org>
2
1
3
aarch64_gdb_get_pauth_reg() -- although disabled since commit
4
5787d17a42 ("target/arm: Don't advertise aarch64-pauth.xml to
5
gdb") is still compiled in. It calls pauth_ptr_mask() which is
6
located in target/arm/tcg/pauth_helper.c, a TCG specific helper.
7
8
To avoid a linking error when TCG is not enabled:
9
10
Undefined symbols for architecture arm64:
11
"_pauth_ptr_mask", referenced from:
12
_aarch64_gdb_get_pauth_reg in target_arm_gdbstub64.c.o
13
ld: symbol(s) not found for architecture arm64
14
clang: error: linker command failed with exit code 1 (use -v to see invocation)
15
16
- Inline pauth_ptr_mask() in aarch64_gdb_get_pauth_reg()
17
(this is the single user),
18
- Rename pauth_ptr_mask_internal() as pauth_ptr_mask() and
19
inline it in "internals.h",
20
21
Fixes: e995d5cce4 ("target/arm: Implement gdbstub pauth extension")
22
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
23
Reviewed-by: Fabiano Rosas <farosas@suse.de>
24
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
25
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
26
Message-id: 20230328212516.29592-1-philmd@linaro.org
27
[PMM: reinstated doc comment]
28
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
29
---
30
target/arm/internals.h | 15 ++++++++++-----
31
target/arm/gdbstub64.c | 7 +++++--
32
target/arm/tcg/pauth_helper.c | 18 +-----------------
33
3 files changed, 16 insertions(+), 24 deletions(-)
34
35
diff --git a/target/arm/internals.h b/target/arm/internals.h
36
index XXXXXXX..XXXXXXX 100644
37
--- a/target/arm/internals.h
38
+++ b/target/arm/internals.h
39
@@ -XXX,XX +XXX,XX @@ bool arm_generate_debug_exceptions(CPUARMState *env);
40
41
/**
42
* pauth_ptr_mask:
43
- * @env: cpu context
44
- * @ptr: selects between TTBR0 and TTBR1
45
- * @data: selects between TBI and TBID
46
+ * @param: parameters defining the MMU setup
47
*
48
- * Return a mask of the bits of @ptr that contain the authentication code.
49
+ * Return a mask of the address bits that contain the authentication code,
50
+ * given the MMU config defined by @param.
51
*/
52
-uint64_t pauth_ptr_mask(CPUARMState *env, uint64_t ptr, bool data);
53
+static inline uint64_t pauth_ptr_mask(ARMVAParameters param)
54
+{
55
+ int bot_pac_bit = 64 - param.tsz;
56
+ int top_pac_bit = 64 - 8 * param.tbi;
57
+
58
+ return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit);
59
+}
60
61
/* Add the cpreg definitions for debug related system registers */
62
void define_debug_regs(ARMCPU *cpu);
63
diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c
64
index XXXXXXX..XXXXXXX 100644
65
--- a/target/arm/gdbstub64.c
66
+++ b/target/arm/gdbstub64.c
67
@@ -XXX,XX +XXX,XX @@ int aarch64_gdb_get_pauth_reg(CPUARMState *env, GByteArray *buf, int reg)
68
{
69
bool is_data = !(reg & 1);
70
bool is_high = reg & 2;
71
- uint64_t mask = pauth_ptr_mask(env, -is_high, is_data);
72
- return gdb_get_reg64(buf, mask);
73
+ ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
74
+ ARMVAParameters param;
75
+
76
+ param = aa64_va_parameters(env, -is_high, mmu_idx, is_data);
77
+ return gdb_get_reg64(buf, pauth_ptr_mask(param));
78
}
79
default:
80
return 0;
81
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
82
index XXXXXXX..XXXXXXX 100644
83
--- a/target/arm/tcg/pauth_helper.c
84
+++ b/target/arm/tcg/pauth_helper.c
85
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
86
return pac | ext | ptr;
87
}
88
89
-static uint64_t pauth_ptr_mask_internal(ARMVAParameters param)
90
-{
91
- int bot_pac_bit = 64 - param.tsz;
92
- int top_pac_bit = 64 - 8 * param.tbi;
93
-
94
- return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit);
95
-}
96
-
97
static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param)
98
{
99
- uint64_t mask = pauth_ptr_mask_internal(param);
100
+ uint64_t mask = pauth_ptr_mask(param);
101
102
/* Note that bit 55 is used whether or not the regime has 2 ranges. */
103
if (extract64(ptr, 55, 1)) {
104
@@ -XXX,XX +XXX,XX @@ static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param)
105
}
106
}
107
108
-uint64_t pauth_ptr_mask(CPUARMState *env, uint64_t ptr, bool data)
109
-{
110
- ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
111
- ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
112
-
113
- return pauth_ptr_mask_internal(param);
114
-}
115
-
116
static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
117
ARMPACKey *key, bool data, int keynumber)
118
{
119
--
120
2.34.1
121
122
diff view generated by jsdifflib
Deleted patch
1
From: Markus Armbruster <armbru@redhat.com>
2
1
3
At this moment, arm_load_dtb() can free machine->fdt when
4
binfo->dtb_filename is NULL. If there's no 'dtb_filename', 'fdt' will be
5
retrieved by binfo->get_dtb(). If get_dtb() returns machine->fdt, as is
6
the case of machvirt_dtb() from hw/arm/virt.c, fdt now has a pointer to
7
machine->fdt. And, in that case, the existing g_free(fdt) at the end of
8
arm_load_dtb() will make machine->fdt point to an invalid memory region.
9
10
Since monitor command 'dumpdtb' was introduced a couple of releases
11
ago, running it with any ARM machine that uses arm_load_dtb() will
12
crash QEMU.
13
14
Let's enable all arm_load_dtb() callers to use dumpdtb properly. Instead
15
of freeing 'fdt', assign it back to ms->fdt.
16
17
Cc: Peter Maydell <peter.maydell@linaro.org>
18
Cc: qemu-arm@nongnu.org
19
Fixes: bf353ad55590f ("qmp/hmp, device_tree.c: introduce dumpdtb")
20
Reported-by: Markus Armbruster <armbru@redhat.com>
21
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
22
Signed-off-by: Markus Armbruster <armbru@redhat.com>
23
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
24
Message-id: 20230328165935.1512846-1-armbru@redhat.com
25
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
26
---
27
hw/arm/boot.c | 5 ++++-
28
1 file changed, 4 insertions(+), 1 deletion(-)
29
30
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
31
index XXXXXXX..XXXXXXX 100644
32
--- a/hw/arm/boot.c
33
+++ b/hw/arm/boot.c
34
@@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
35
qemu_register_reset_nosnapshotload(qemu_fdt_randomize_seeds,
36
rom_ptr_for_as(as, addr, size));
37
38
- g_free(fdt);
39
+ if (fdt != ms->fdt) {
40
+ g_free(ms->fdt);
41
+ ms->fdt = fdt;
42
+ }
43
44
return size;
45
46
--
47
2.34.1
diff view generated by jsdifflib
Deleted patch
1
In commit 049edada we added some code to handle HSTR_EL2 traps, which
2
we did as an inline "conditionally branch over a
3
gen_exception_insn()". Unfortunately this fails to take account of
4
the fact that gen_exception_insn() will set s->base.is_jmp to
5
DISAS_NORETURN. That means that at the end of the TB we won't
6
generate the necessary code to handle the "branched over the trap and
7
continued normal execution" codepath. The result is that the TCG
8
main loop thinks that we stopped execution of the TB due to a
9
situation that only happens when icount is enabled, and hits an
10
assertion. Explicitly set is_jmp back to DISAS_NEXT so we generate
11
the correct code for when execution continues past this insn.
12
1
13
Note that this only happens for cpreg reads; writes will call
14
gen_lookup_tb() which generates a valid end-of-TB.
15
16
Fixes: 049edada ("target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1")
17
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1551
18
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
19
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
20
Message-id: 20230330101900.2320380-1-peter.maydell@linaro.org
21
---
22
target/arm/tcg/translate.c | 6 ++++++
23
1 file changed, 6 insertions(+)
24
25
diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
26
index XXXXXXX..XXXXXXX 100644
27
--- a/target/arm/tcg/translate.c
28
+++ b/target/arm/tcg/translate.c
29
@@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64,
30
tcg_gen_brcondi_i32(TCG_COND_EQ, t, 0, over.label);
31
32
gen_exception_insn(s, 0, EXCP_UDEF, syndrome);
33
+ /*
34
+ * gen_exception_insn() will set is_jmp to DISAS_NORETURN,
35
+ * but since we're conditionally branching over it, we want
36
+ * to assume continue-to-next-instruction.
37
+ */
38
+ s->base.is_jmp = DISAS_NEXT;
39
set_disas_label(s, over);
40
}
41
}
42
--
43
2.34.1
diff view generated by jsdifflib
Deleted patch
1
From: Chris Rauer <crauer@google.com>
2
1
3
The problem is that the Linux driver expects the master transaction inhibit
4
bit(R_SPICR_MTI) to be set during driver initialization so that it can
5
detect the fifo size but QEMU defaults it to zero out of reset. The
6
datasheet indicates this bit is active on reset.
7
8
See page 25, SPI Control Register section:
9
https://www.xilinx.com/content/dam/xilinx/support/documents/ip_documentation/axi_quad_spi/v3_2/pg153-axi-quad-spi.pdf
10
11
Signed-off-by: Chris Rauer <crauer@google.com>
12
Message-id: 20230323182811.2641044-1-crauer@google.com
13
Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com>
14
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
15
---
16
hw/ssi/xilinx_spi.c | 1 +
17
1 file changed, 1 insertion(+)
18
19
diff --git a/hw/ssi/xilinx_spi.c b/hw/ssi/xilinx_spi.c
20
index XXXXXXX..XXXXXXX 100644
21
--- a/hw/ssi/xilinx_spi.c
22
+++ b/hw/ssi/xilinx_spi.c
23
@@ -XXX,XX +XXX,XX @@ static void xlx_spi_do_reset(XilinxSPI *s)
24
txfifo_reset(s);
25
26
s->regs[R_SPISSR] = ~0;
27
+ s->regs[R_SPICR] = R_SPICR_MTI;
28
xlx_spi_update_irq(s);
29
xlx_spi_update_cs(s);
30
}
31
--
32
2.34.1
diff view generated by jsdifflib