target-arm queue: just bugfixes, mostly mine.

The following changes since commit 885fc169f09f5915ce037263d20a59eb226d473d:

Merge tag 'pull-riscv-to-apply-20230723-3' of https://github.com/alistair23/qemu into staging (2023-07-24 11:34:35 +0100)

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230725

for you to fetch changes up to 78cc90346ec680a7f1bb9f138bf7c9654cf526d5:

tests/decode: Suppress "error: " string for expected-failure tests (2023-07-25 10:56:52 +0100)

* tests/decode: Suppress "error: " string for expected-failure tests

* ui/curses: For curses display, recognize a few more control keys

* target/arm: Special case M-profile in debug_helper.c code

* scripts/git-submodule.sh: Don't rely on non-POSIX 'read' behaviour

* hw/arm/smmu: Handle big-endian hosts correctly

Peter Maydell (4):

hw/arm/smmu: Handle big-endian hosts correctly

scripts/git-submodule.sh: Don't rely on non-POSIX 'read' behaviour

target/arm: Special case M-profile in debug_helper.c code

tests/decode: Suppress "error: " string for expected-failure tests

Sean Estabrooks (1):

For curses display, recognize a few more control keys

ui/curses_keys.h | 6 ++++++

hw/arm/smmu-common.c | 3 +--

hw/arm/smmuv3.c | 39 +++++++++++++++++++++++++++++++--------

target/arm/debug_helper.c | 18 ++++++++++++------

scripts/decodetree.py | 6 +++++-

scripts/git-submodule.sh | 2 +-

6 files changed, 56 insertions(+), 18 deletions(-)

The implementation of the SMMUv3 has multiple places where it reads a

data structure from the guest and directly operates on it without

doing a guest-to-host endianness conversion. Since all SMMU data

structures are little-endian, this means that the SMMU doesn't work

on a big-endian host. In particular, this causes the Avocado test

machine_aarch64_virt.py:Aarch64VirtMachine.test_alpine_virt_tcg_gic_max

to fail on an s390x host.

Add appropriate byte-swapping on reads and writes of guest in-memory

data structures so that the device works correctly on big-endian

hosts.

As part of this we constrain queue_read() to operate only on Cmd

structs and queue_write() on Evt structs, because in practice these

are the only data structures the two functions are used with, and we

need to know what the data structure is to be able to byte-swap its

parts correctly.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Tested-by: Thomas Huth <thuth@redhat.com>

Reviewed-by: Eric Auger <eric.auger@redhat.com>

Message-id: 20230717132641.764660-1-peter.maydell@linaro.org

Cc: qemu-stable@nongnu.org

hw/arm/smmu-common.c | 3 +--

hw/arm/smmuv3.c | 39 +++++++++++++++++++++++++++++++--------

2 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c

--- a/hw/arm/smmu-common.c

+++ b/hw/arm/smmu-common.c

@@ -XXX,XX +XXX,XX @@ static int get_pte(dma_addr_t baseaddr, uint32_t index, uint64_t *pte,

dma_addr_t addr = baseaddr + index * sizeof(*pte);

/* TODO: guarantee 64-bit single-copy atomicity */

- ret = dma_memory_read(&address_space_memory, addr, pte, sizeof(*pte),

- MEMTXATTRS_UNSPECIFIED);

+ ret = ldq_le_dma(&address_space_memory, addr, pte, MEMTXATTRS_UNSPECIFIED);

if (ret != MEMTX_OK) {

info->type = SMMU_PTW_ERR_WALK_EABT;

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c

index XXXXXXX..XXXXXXX 100644

--- a/hw/arm/smmuv3.c

+++ b/hw/arm/smmuv3.c

@@ -XXX,XX +XXX,XX @@ static void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t new_gerrorn)

trace_smmuv3_write_gerrorn(toggled & pending, s->gerrorn);

}

-static inline MemTxResult queue_read(SMMUQueue *q, void *data)

+static inline MemTxResult queue_read(SMMUQueue *q, Cmd *cmd)

dma_addr_t addr = Q_CONS_ENTRY(q);

+ MemTxResult ret;

+ int i;

- return dma_memory_read(&address_space_memory, addr, data, q->entry_size,

- MEMTXATTRS_UNSPECIFIED);

+ ret = dma_memory_read(&address_space_memory, addr, cmd, sizeof(Cmd),

+ MEMTXATTRS_UNSPECIFIED);

+ if (ret != MEMTX_OK) {

+ return ret;

+ }

+ for (i = 0; i < ARRAY_SIZE(cmd->word); i++) {

+ le32_to_cpus(&cmd->word[i]);

+ }

+ return ret;

}

-static MemTxResult queue_write(SMMUQueue *q, void *data)

+static MemTxResult queue_write(SMMUQueue *q, Evt *evt_in)

{

dma_addr_t addr = Q_PROD_ENTRY(q);

MemTxResult ret;

+ Evt evt = *evt_in;

+ int i;

- ret = dma_memory_write(&address_space_memory, addr, data, q->entry_size,

+ for (i = 0; i < ARRAY_SIZE(evt.word); i++) {

+ cpu_to_le32s(&evt.word[i]);

+ }

+ ret = dma_memory_write(&address_space_memory, addr, &evt, sizeof(Evt),

MEMTXATTRS_UNSPECIFIED);

if (ret != MEMTX_OK) {

return ret;

@@ -XXX,XX +XXX,XX @@ static void smmuv3_init_regs(SMMUv3State *s)

static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf,

SMMUEventInfo *event)

{

- int ret;

+ int ret, i;

trace_smmuv3_get_ste(addr);

/* TODO: guarantee 64-bit single-copy atomicity */

@@ -XXX,XX +XXX,XX @@ static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf,

event->u.f_ste_fetch.addr = addr;

return -EINVAL;

+ for (i = 0; i < ARRAY_SIZE(buf->word); i++) {

+ le32_to_cpus(&buf->word[i]);

return 0;

The POSIX definition of the 'read' utility requires that you

specify the variable name to set; omitting the name and

having it default to 'REPLY' is a bashism. If your system

sh is dash, then it will print an error message during build:

qemu/pc-bios/s390-ccw/../../scripts/git-submodule.sh: 106: read: arg count

Specify the variable name explicitly.

Fixes: fdb8fd8cb915647b ("git-submodule: allow partial update of .git-submodule-status")

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Message-id: 20230720153038.1587196-1-peter.maydell@linaro.org

---

scripts/git-submodule.sh | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/git-submodule.sh b/scripts/git-submodule.sh

index XXXXXXX..XXXXXXX 100755

--- a/scripts/git-submodule.sh

+++ b/scripts/git-submodule.sh

@@ -XXX,XX +XXX,XX @@ update)

check_updated $module || echo Updated "$module"

done

- (while read -r; do

+ (while read -r REPLY; do

for module in $modules; do

case $REPLY in

*" $module "*) continue 2 ;;

A lot of the code called from helper_exception_bkpt_insn() is written

assuming A-profile, but we will also call this helper on M-profile

CPUs when they execute a BKPT insn. This used to work by accident,

but recent changes mean that we will hit an assert when some of this

code calls down into lower level functions that end up calling

arm_security_space_below_el3(), arm_el_is_aa64(), and other functions

that now explicitly assert that the guest CPU is not M-profile.

Handle M-profile directly to avoid the assertions:

* in arm_debug_target_el(), M-profile debug exceptions always

go to EL1

* in arm_debug_exception_fsr(), M-profile always uses the short

format FSR (compare commit d7fe699be54b2, though in this case

the code in arm_v7m_cpu_do_interrupt() does not need to

look at the FSR value at all)

Message-id: 20230721143239.1753066-1-peter.maydell@linaro.org

target/arm/debug_helper.c | 18 ++++++++++++------

1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c

--- a/target/arm/debug_helper.c

+++ b/target/arm/debug_helper.c

@@ -XXX,XX +XXX,XX @@ static int arm_debug_target_el(CPUARMState *env)

bool secure = arm_is_secure(env);

bool route_to_el2 = false;

+ if (arm_feature(env, ARM_FEATURE_M)) {

+ return 1;

+

if (arm_is_el2_enabled(env)) {

route_to_el2 = env->cp15.hcr_el2 & HCR_TGE ||

env->cp15.mdcr_el2 & MDCR_TDE;

@@ -XXX,XX +XXX,XX @@ static uint32_t arm_debug_exception_fsr(CPUARMState *env)

{

ARMMMUFaultInfo fi = { .type = ARMFault_Debug };

int target_el = arm_debug_target_el(env);

- bool using_lpae = false;

+ bool using_lpae;

- if (target_el == 2 || arm_el_is_aa64(env, target_el)) {

+ if (arm_feature(env, ARM_FEATURE_M)) {

+ using_lpae = false;

+ } else if (target_el == 2 || arm_el_is_aa64(env, target_el)) {

using_lpae = true;

} else if (arm_feature(env, ARM_FEATURE_PMSA) &&

arm_feature(env, ARM_FEATURE_V8)) {

using_lpae = true;

+ } else if (arm_feature(env, ARM_FEATURE_LPAE) &&

+ (env->cp15.tcr_el[target_el] & TTBCR_EAE)) {

+ using_lpae = true;

} else {

- if (arm_feature(env, ARM_FEATURE_LPAE) &&

- (env->cp15.tcr_el[target_el] & TTBCR_EAE)) {

- using_lpae = true;

- }

+ using_lpae = false;

}

if (using_lpae) {

From: Sean Estabrooks <sean.estabrooks@gmail.com>

The curses display handles most control-X keys, and translates

them into their corresponding keycode. Here we recognize

a few that are missing, Ctrl-@ (null), Ctrl-\ (backslash),

Ctrl-] (right bracket), Ctrl-^ (caret), Ctrl-_ (underscore).

Signed-off-by: Sean Estabrooks <sean.estabrooks@gmail.com>

Message-id: CAHyVn3Bh9CRgDuOmf7G7Ngwamu8d4cVozAcB2i4ymnnggBXNmg@mail.gmail.com

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

ui/curses_keys.h | 6 ++++++

1 file changed, 6 insertions(+)

diff --git a/ui/curses_keys.h b/ui/curses_keys.h

--- a/ui/curses_keys.h

+++ b/ui/curses_keys.h

@@ -XXX,XX +XXX,XX @@ static const int _curses2keycode[CURSES_CHARS] = {

['N' - '@'] = 49 | CNTRL, /* Control + n */

/* Control + m collides with the keycode for Enter */

+ ['@' - '@'] = 3 | CNTRL, /* Control + @ */

+ /* Control + [ collides with the keycode for Escape */

+ ['\\' - '@'] = 43 | CNTRL, /* Control + Backslash */

+ [']' - '@'] = 27 | CNTRL, /* Control + ] */

+ ['^' - '@'] = 7 | CNTRL, /* Control + ^ */

+ ['_' - '@'] = 12 | CNTRL, /* Control + Underscore */

};

static const int _curseskey2keycode[CURSES_KEYS] = {

The "expected failure" tests for decodetree result in the

error messages from decodetree ending up in logs and in

V=1 output:

>>> MALLOC_PERTURB_=226 /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/x86/pyvenv/bin/python3 /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/scripts/decodetree.py --output-null --test-for-error /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/x86/../../tests/decode/err_argset1.decode

――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――

/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/x86/../../tests/decode/err_argset1.decode:5: error: duplicate argument "a"

―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――

1/44 qemu:decodetree / err_argset1 OK 0.05s

This then produces false positives when scanning the

logfiles for strings like "error: ".

For the expected-failure tests, make decodetree print

"detected:" instead of "error:".

Message-id: 20230720131521.1325905-1-peter.maydell@linaro.org

scripts/decodetree.py | 6 +++++-

1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scripts/decodetree.py b/scripts/decodetree.py

--- a/scripts/decodetree.py

+++ b/scripts/decodetree.py

@@ -XXX,XX +XXX,XX @@ def error_with_file(file, lineno, *args):

global output_file

global output_fd

+ # For the test suite expected-errors case, don't print the

+ # string "error: ", so they don't turn up as false positives

+ # if you grep the meson logs for strings like that.

+ end = 'error: ' if not testforerror else 'detected: '

prefix = ''

if file:

prefix += f'{file}:'

@@ -XXX,XX +XXX,XX @@ def error_with_file(file, lineno, *args):

prefix += f'{lineno}:'

if prefix:

prefix += ' '

- print(prefix, end='error: ', file=sys.stderr)

+ print(prefix, end=end, file=sys.stderr)

print(*args, file=sys.stderr)

if output_file and output_fd: