1 | The following changes since commit efcd0ec14b0fe9ee0ee70277763b2d538d19238d: | 1 | Massively slimmed down v2: MemTag broke bsd-user, and the npcm7xx |
---|---|---|---|
2 | ethernet device failed 'make check' on big-endian hosts. | ||
2 | 3 | ||
3 | Merge tag 'misc-fixes-20230330' of https://github.com/philmd/qemu into staging (2023-03-30 14:22:29 +0100) | 4 | -- PMM |
5 | |||
6 | The following changes since commit 83339e21d05c824ebc9131d644f25c23d0e41ecf: | ||
7 | |||
8 | Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2021-02-10 15:42:20 +0000) | ||
4 | 9 | ||
5 | are available in the Git repository at: | 10 | are available in the Git repository at: |
6 | 11 | ||
7 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230403 | 12 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20210211-1 |
8 | 13 | ||
9 | for you to fetch changes up to a0eaa126af3c5a43937a22c58cfb9bb36e4a5001: | 14 | for you to fetch changes up to d3c1183ffeb71ca3a783eae3d7e1c51e71e8a621: |
10 | 15 | ||
11 | hw/ssi: Fix Linux driver init issue with xilinx_spi (2023-04-03 16:12:30 +0100) | 16 | target/arm: Correctly initialize MDCR_EL2.HPMN (2021-02-11 19:48:09 +0000) |
12 | 17 | ||
13 | ---------------------------------------------------------------- | 18 | ---------------------------------------------------------------- |
14 | * target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask() | 19 | target-arm queue: |
15 | * hw/arm: do not free machine->fdt in arm_load_dtb() | 20 | * Correctly initialize MDCR_EL2.HPMN |
16 | * target/arm: Fix generated code for cpreg reads when HSTR is active | 21 | * versal: Use nr_apu_cpus in favor of hard coding 2 |
17 | * hw/ssi: Fix Linux driver init issue with xilinx_spi | 22 | * accel/tcg: Add URL of clang bug to comment about our workaround |
23 | * Add support for FEAT_DIT, Data Independent Timing | ||
24 | * Remove GPIO from unimplemented NPCM7XX | ||
25 | * Fix SCR RES1 handling | ||
26 | * Don't migrate CPUARMState.features | ||
18 | 27 | ||
19 | ---------------------------------------------------------------- | 28 | ---------------------------------------------------------------- |
20 | Chris Rauer (1): | 29 | Aaron Lindsay (1): |
21 | hw/ssi: Fix Linux driver init issue with xilinx_spi | 30 | target/arm: Don't migrate CPUARMState.features |
22 | 31 | ||
23 | Markus Armbruster (1): | 32 | Daniel Müller (1): |
24 | hw/arm: do not free machine->fdt in arm_load_dtb() | 33 | target/arm: Correctly initialize MDCR_EL2.HPMN |
25 | 34 | ||
26 | Peter Maydell (1): | 35 | Edgar E. Iglesias (1): |
27 | target/arm: Fix generated code for cpreg reads when HSTR is active | 36 | hw/arm: versal: Use nr_apu_cpus in favor of hard coding 2 |
28 | 37 | ||
29 | Philippe Mathieu-Daudé (1): | 38 | Hao Wu (1): |
30 | target/arm: Fix non-TCG build failure by inlining pauth_ptr_mask() | 39 | hw/arm: Remove GPIO from unimplemented NPCM7XX |
31 | 40 | ||
32 | target/arm/internals.h | 15 ++++++++++----- | 41 | Mike Nawrocki (1): |
33 | hw/arm/boot.c | 5 ++++- | 42 | target/arm: Fix SCR RES1 handling |
34 | hw/ssi/xilinx_spi.c | 1 + | ||
35 | target/arm/gdbstub64.c | 7 +++++-- | ||
36 | target/arm/tcg/pauth_helper.c | 18 +----------------- | ||
37 | target/arm/tcg/translate.c | 6 ++++++ | ||
38 | 6 files changed, 27 insertions(+), 25 deletions(-) | ||
39 | 43 | ||
44 | Peter Maydell (2): | ||
45 | arm: Update infocenter.arm.com URLs | ||
46 | accel/tcg: Add URL of clang bug to comment about our workaround | ||
47 | |||
48 | Rebecca Cran (4): | ||
49 | target/arm: Add support for FEAT_DIT, Data Independent Timing | ||
50 | target/arm: Support AA32 DIT by moving PSTATE_SS from cpsr into env->pstate | ||
51 | target/arm: Set ID_AA64PFR0.DIT and ID_PFR0.DIT to 1 for "max" AA64 CPU | ||
52 | target/arm: Set ID_PFR0.DIT to 1 for "max" 32-bit CPU | ||
53 | |||
54 | include/hw/dma/pl080.h | 7 ++-- | ||
55 | include/hw/misc/arm_integrator_debug.h | 2 +- | ||
56 | include/hw/ssi/pl022.h | 5 ++- | ||
57 | target/arm/cpu.h | 17 ++++++++ | ||
58 | target/arm/internals.h | 6 +++ | ||
59 | accel/tcg/cpu-exec.c | 25 +++++++++--- | ||
60 | hw/arm/aspeed_ast2600.c | 2 +- | ||
61 | hw/arm/musca.c | 4 +- | ||
62 | hw/arm/npcm7xx.c | 8 ---- | ||
63 | hw/arm/xlnx-versal.c | 4 +- | ||
64 | hw/misc/arm_integrator_debug.c | 2 +- | ||
65 | hw/timer/arm_timer.c | 7 ++-- | ||
66 | target/arm/cpu.c | 4 ++ | ||
67 | target/arm/cpu64.c | 5 +++ | ||
68 | target/arm/helper-a64.c | 27 +++++++++++-- | ||
69 | target/arm/helper.c | 71 +++++++++++++++++++++++++++------- | ||
70 | target/arm/machine.c | 2 +- | ||
71 | target/arm/op_helper.c | 9 +---- | ||
72 | target/arm/translate-a64.c | 12 ++++++ | ||
73 | 19 files changed, 164 insertions(+), 55 deletions(-) | ||
74 | diff view generated by jsdifflib |
Deleted patch | |||
---|---|---|---|
1 | From: Philippe Mathieu-Daudé <philmd@linaro.org> | ||
2 | 1 | ||
3 | aarch64_gdb_get_pauth_reg() -- although disabled since commit | ||
4 | 5787d17a42 ("target/arm: Don't advertise aarch64-pauth.xml to | ||
5 | gdb") is still compiled in. It calls pauth_ptr_mask() which is | ||
6 | located in target/arm/tcg/pauth_helper.c, a TCG specific helper. | ||
7 | |||
8 | To avoid a linking error when TCG is not enabled: | ||
9 | |||
10 | Undefined symbols for architecture arm64: | ||
11 | "_pauth_ptr_mask", referenced from: | ||
12 | _aarch64_gdb_get_pauth_reg in target_arm_gdbstub64.c.o | ||
13 | ld: symbol(s) not found for architecture arm64 | ||
14 | clang: error: linker command failed with exit code 1 (use -v to see invocation) | ||
15 | |||
16 | - Inline pauth_ptr_mask() in aarch64_gdb_get_pauth_reg() | ||
17 | (this is the single user), | ||
18 | - Rename pauth_ptr_mask_internal() as pauth_ptr_mask() and | ||
19 | inline it in "internals.h", | ||
20 | |||
21 | Fixes: e995d5cce4 ("target/arm: Implement gdbstub pauth extension") | ||
22 | Suggested-by: Richard Henderson <richard.henderson@linaro.org> | ||
23 | Reviewed-by: Fabiano Rosas <farosas@suse.de> | ||
24 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
25 | Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> | ||
26 | Message-id: 20230328212516.29592-1-philmd@linaro.org | ||
27 | [PMM: reinstated doc comment] | ||
28 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
29 | --- | ||
30 | target/arm/internals.h | 15 ++++++++++----- | ||
31 | target/arm/gdbstub64.c | 7 +++++-- | ||
32 | target/arm/tcg/pauth_helper.c | 18 +----------------- | ||
33 | 3 files changed, 16 insertions(+), 24 deletions(-) | ||
34 | |||
35 | diff --git a/target/arm/internals.h b/target/arm/internals.h | ||
36 | index XXXXXXX..XXXXXXX 100644 | ||
37 | --- a/target/arm/internals.h | ||
38 | +++ b/target/arm/internals.h | ||
39 | @@ -XXX,XX +XXX,XX @@ bool arm_generate_debug_exceptions(CPUARMState *env); | ||
40 | |||
41 | /** | ||
42 | * pauth_ptr_mask: | ||
43 | - * @env: cpu context | ||
44 | - * @ptr: selects between TTBR0 and TTBR1 | ||
45 | - * @data: selects between TBI and TBID | ||
46 | + * @param: parameters defining the MMU setup | ||
47 | * | ||
48 | - * Return a mask of the bits of @ptr that contain the authentication code. | ||
49 | + * Return a mask of the address bits that contain the authentication code, | ||
50 | + * given the MMU config defined by @param. | ||
51 | */ | ||
52 | -uint64_t pauth_ptr_mask(CPUARMState *env, uint64_t ptr, bool data); | ||
53 | +static inline uint64_t pauth_ptr_mask(ARMVAParameters param) | ||
54 | +{ | ||
55 | + int bot_pac_bit = 64 - param.tsz; | ||
56 | + int top_pac_bit = 64 - 8 * param.tbi; | ||
57 | + | ||
58 | + return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit); | ||
59 | +} | ||
60 | |||
61 | /* Add the cpreg definitions for debug related system registers */ | ||
62 | void define_debug_regs(ARMCPU *cpu); | ||
63 | diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c | ||
64 | index XXXXXXX..XXXXXXX 100644 | ||
65 | --- a/target/arm/gdbstub64.c | ||
66 | +++ b/target/arm/gdbstub64.c | ||
67 | @@ -XXX,XX +XXX,XX @@ int aarch64_gdb_get_pauth_reg(CPUARMState *env, GByteArray *buf, int reg) | ||
68 | { | ||
69 | bool is_data = !(reg & 1); | ||
70 | bool is_high = reg & 2; | ||
71 | - uint64_t mask = pauth_ptr_mask(env, -is_high, is_data); | ||
72 | - return gdb_get_reg64(buf, mask); | ||
73 | + ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env); | ||
74 | + ARMVAParameters param; | ||
75 | + | ||
76 | + param = aa64_va_parameters(env, -is_high, mmu_idx, is_data); | ||
77 | + return gdb_get_reg64(buf, pauth_ptr_mask(param)); | ||
78 | } | ||
79 | default: | ||
80 | return 0; | ||
81 | diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c | ||
82 | index XXXXXXX..XXXXXXX 100644 | ||
83 | --- a/target/arm/tcg/pauth_helper.c | ||
84 | +++ b/target/arm/tcg/pauth_helper.c | ||
85 | @@ -XXX,XX +XXX,XX @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier, | ||
86 | return pac | ext | ptr; | ||
87 | } | ||
88 | |||
89 | -static uint64_t pauth_ptr_mask_internal(ARMVAParameters param) | ||
90 | -{ | ||
91 | - int bot_pac_bit = 64 - param.tsz; | ||
92 | - int top_pac_bit = 64 - 8 * param.tbi; | ||
93 | - | ||
94 | - return MAKE_64BIT_MASK(bot_pac_bit, top_pac_bit - bot_pac_bit); | ||
95 | -} | ||
96 | - | ||
97 | static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param) | ||
98 | { | ||
99 | - uint64_t mask = pauth_ptr_mask_internal(param); | ||
100 | + uint64_t mask = pauth_ptr_mask(param); | ||
101 | |||
102 | /* Note that bit 55 is used whether or not the regime has 2 ranges. */ | ||
103 | if (extract64(ptr, 55, 1)) { | ||
104 | @@ -XXX,XX +XXX,XX @@ static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param) | ||
105 | } | ||
106 | } | ||
107 | |||
108 | -uint64_t pauth_ptr_mask(CPUARMState *env, uint64_t ptr, bool data) | ||
109 | -{ | ||
110 | - ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env); | ||
111 | - ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data); | ||
112 | - | ||
113 | - return pauth_ptr_mask_internal(param); | ||
114 | -} | ||
115 | - | ||
116 | static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier, | ||
117 | ARMPACKey *key, bool data, int keynumber) | ||
118 | { | ||
119 | -- | ||
120 | 2.34.1 | ||
121 | |||
122 | diff view generated by jsdifflib |
Deleted patch | |||
---|---|---|---|
1 | From: Markus Armbruster <armbru@redhat.com> | ||
2 | 1 | ||
3 | At this moment, arm_load_dtb() can free machine->fdt when | ||
4 | binfo->dtb_filename is NULL. If there's no 'dtb_filename', 'fdt' will be | ||
5 | retrieved by binfo->get_dtb(). If get_dtb() returns machine->fdt, as is | ||
6 | the case of machvirt_dtb() from hw/arm/virt.c, fdt now has a pointer to | ||
7 | machine->fdt. And, in that case, the existing g_free(fdt) at the end of | ||
8 | arm_load_dtb() will make machine->fdt point to an invalid memory region. | ||
9 | |||
10 | Since monitor command 'dumpdtb' was introduced a couple of releases | ||
11 | ago, running it with any ARM machine that uses arm_load_dtb() will | ||
12 | crash QEMU. | ||
13 | |||
14 | Let's enable all arm_load_dtb() callers to use dumpdtb properly. Instead | ||
15 | of freeing 'fdt', assign it back to ms->fdt. | ||
16 | |||
17 | Cc: Peter Maydell <peter.maydell@linaro.org> | ||
18 | Cc: qemu-arm@nongnu.org | ||
19 | Fixes: bf353ad55590f ("qmp/hmp, device_tree.c: introduce dumpdtb") | ||
20 | Reported-by: Markus Armbruster <armbru@redhat.com> | ||
21 | Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> | ||
22 | Signed-off-by: Markus Armbruster <armbru@redhat.com> | ||
23 | Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> | ||
24 | Message-id: 20230328165935.1512846-1-armbru@redhat.com | ||
25 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
26 | --- | ||
27 | hw/arm/boot.c | 5 ++++- | ||
28 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
29 | |||
30 | diff --git a/hw/arm/boot.c b/hw/arm/boot.c | ||
31 | index XXXXXXX..XXXXXXX 100644 | ||
32 | --- a/hw/arm/boot.c | ||
33 | +++ b/hw/arm/boot.c | ||
34 | @@ -XXX,XX +XXX,XX @@ int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo, | ||
35 | qemu_register_reset_nosnapshotload(qemu_fdt_randomize_seeds, | ||
36 | rom_ptr_for_as(as, addr, size)); | ||
37 | |||
38 | - g_free(fdt); | ||
39 | + if (fdt != ms->fdt) { | ||
40 | + g_free(ms->fdt); | ||
41 | + ms->fdt = fdt; | ||
42 | + } | ||
43 | |||
44 | return size; | ||
45 | |||
46 | -- | ||
47 | 2.34.1 | diff view generated by jsdifflib |
Deleted patch | |||
---|---|---|---|
1 | In commit 049edada we added some code to handle HSTR_EL2 traps, which | ||
2 | we did as an inline "conditionally branch over a | ||
3 | gen_exception_insn()". Unfortunately this fails to take account of | ||
4 | the fact that gen_exception_insn() will set s->base.is_jmp to | ||
5 | DISAS_NORETURN. That means that at the end of the TB we won't | ||
6 | generate the necessary code to handle the "branched over the trap and | ||
7 | continued normal execution" codepath. The result is that the TCG | ||
8 | main loop thinks that we stopped execution of the TB due to a | ||
9 | situation that only happens when icount is enabled, and hits an | ||
10 | assertion. Explicitly set is_jmp back to DISAS_NEXT so we generate | ||
11 | the correct code for when execution continues past this insn. | ||
12 | 1 | ||
13 | Note that this only happens for cpreg reads; writes will call | ||
14 | gen_lookup_tb() which generates a valid end-of-TB. | ||
15 | |||
16 | Fixes: 049edada ("target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1") | ||
17 | Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1551 | ||
18 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
19 | Reviewed-by: Richard Henderson <richard.henderson@linaro.org> | ||
20 | Message-id: 20230330101900.2320380-1-peter.maydell@linaro.org | ||
21 | --- | ||
22 | target/arm/tcg/translate.c | 6 ++++++ | ||
23 | 1 file changed, 6 insertions(+) | ||
24 | |||
25 | diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c | ||
26 | index XXXXXXX..XXXXXXX 100644 | ||
27 | --- a/target/arm/tcg/translate.c | ||
28 | +++ b/target/arm/tcg/translate.c | ||
29 | @@ -XXX,XX +XXX,XX @@ static void do_coproc_insn(DisasContext *s, int cpnum, int is64, | ||
30 | tcg_gen_brcondi_i32(TCG_COND_EQ, t, 0, over.label); | ||
31 | |||
32 | gen_exception_insn(s, 0, EXCP_UDEF, syndrome); | ||
33 | + /* | ||
34 | + * gen_exception_insn() will set is_jmp to DISAS_NORETURN, | ||
35 | + * but since we're conditionally branching over it, we want | ||
36 | + * to assume continue-to-next-instruction. | ||
37 | + */ | ||
38 | + s->base.is_jmp = DISAS_NEXT; | ||
39 | set_disas_label(s, over); | ||
40 | } | ||
41 | } | ||
42 | -- | ||
43 | 2.34.1 | diff view generated by jsdifflib |
Deleted patch | |||
---|---|---|---|
1 | From: Chris Rauer <crauer@google.com> | ||
2 | 1 | ||
3 | The problem is that the Linux driver expects the master transaction inhibit | ||
4 | bit(R_SPICR_MTI) to be set during driver initialization so that it can | ||
5 | detect the fifo size but QEMU defaults it to zero out of reset. The | ||
6 | datasheet indicates this bit is active on reset. | ||
7 | |||
8 | See page 25, SPI Control Register section: | ||
9 | https://www.xilinx.com/content/dam/xilinx/support/documents/ip_documentation/axi_quad_spi/v3_2/pg153-axi-quad-spi.pdf | ||
10 | |||
11 | Signed-off-by: Chris Rauer <crauer@google.com> | ||
12 | Message-id: 20230323182811.2641044-1-crauer@google.com | ||
13 | Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com> | ||
14 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
15 | --- | ||
16 | hw/ssi/xilinx_spi.c | 1 + | ||
17 | 1 file changed, 1 insertion(+) | ||
18 | |||
19 | diff --git a/hw/ssi/xilinx_spi.c b/hw/ssi/xilinx_spi.c | ||
20 | index XXXXXXX..XXXXXXX 100644 | ||
21 | --- a/hw/ssi/xilinx_spi.c | ||
22 | +++ b/hw/ssi/xilinx_spi.c | ||
23 | @@ -XXX,XX +XXX,XX @@ static void xlx_spi_do_reset(XilinxSPI *s) | ||
24 | txfifo_reset(s); | ||
25 | |||
26 | s->regs[R_SPISSR] = ~0; | ||
27 | + s->regs[R_SPICR] = R_SPICR_MTI; | ||
28 | xlx_spi_update_irq(s); | ||
29 | xlx_spi_update_cs(s); | ||
30 | } | ||
31 | -- | ||
32 | 2.34.1 | diff view generated by jsdifflib |