aboutsummaryrefslogtreecommitdiff
path: root/hw/intc
AgeCommit message (Collapse)Author
2017-12-21i8259: convert DPRINTFs into tracePeter Xu
One thing to mention is that in pic_set_irq() I need to uncomment a few lines in the macros to make sure IRQ value calculation is correct. Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20171210063819.14892-2-peterx@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-18misc: drop old i386 dependencyPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-15spapr: introduce a spapr_qirq() helperCédric Le Goater
xics_get_qirq() is only used by the sPAPR machine. Let's move it there and change its name to reflect its scope. It will be useful for XIVE support which will use its own set of qirqs. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-12-15spapr: move the IRQ allocation routines under the machineCédric Le Goater
Also change the prototype to use a sPAPRMachineState and prefix them with spapr_irq_. It will let us synchronise the IRQ allocation with the XIVE interrupt mode when available. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-12-15ppc/xics: assign of the CPU 'intc' pointer under the coreCédric Le Goater
The 'intc' pointer of the CPU references the interrupt presenter in the XICS interrupt mode. When the XIVE interrupt mode is available and activated, the machine will need to reassign this pointer to reflect the change. Moving this assignment under the realize routine of the CPU will ease the process when the interrupt mode is toggled. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-12-15ppc/xics: introduce an icp_create() helperCédric Le Goater
The sPAPR and the PowerNV core objects create the interrupt presenter object of the CPUs in a very similar way. Let's provide a common routine in which we use the presenter 'type' as a child identifier. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-12-15openpic: debug w/ info_report()Michael Davidsaver
Replace *printf() with *_report(). Remove trailing new lines. Signed-off-by: Michael Davidsaver <mdavidsaver@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-12-15ppc/xics: remove useless if conditionCédric Le Goater
The previous code section uses a 'first < 0' test and returns. Therefore, there is no need to test the 'first' variable against '>= 0' afterwards. Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-12-13nvic: Make systick bankedPeter Maydell
For the v8M security extension, there should be two systick devices, which use separate banked systick exceptions. The register interface is banked in the same way as for other banked registers, including the existence of an NS alias region for secure code to access the nonsecure timer. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1512154296-5652-3-git-send-email-peter.maydell@linaro.org
2017-12-13nvic: Make nvic_sysreg_ns_ops work with any MemoryRegionPeter Maydell
Generalize nvic_sysreg_ns_ops so that we can pass it an arbitrary MemoryRegion which it will use as the underlying register implementation to apply the NS-alias behaviour to. We'll want this so we can do the same with systick. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1512154296-5652-2-git-send-email-peter.maydell@linaro.org
2017-12-13hw/intc/arm_gicv3_its: Implement full resetEric Auger
Voiding the ITS caches is not supposed to happen via individual register writes. So we introduced a dedicated ITS KVM device ioctl to perform a cold reset of the ITS: KVM_DEV_ARM_VGIC_GRP_CTRL/KVM_DEV_ARM_ITS_CTRL_RESET. Let's use this latter if the kernel supports it. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1511883692-11511-5-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-13hw/intc/arm_gicv3_its: Implement a minimalist resetEric Auger
At the moment the ITS is not properly reset and this causes various bugs on save/restore. We implement a minimalist reset through individual register writes but for kernel versions before v4.15 this fails voiding the vITS cache. We cannot claim we have a comprehensive reset (hence the error message) but that's better than nothing. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1511883692-11511-3-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-13hw/intc/arm_gicv3_its: Don't call post_load on resetEric Auger
From the very beginning, post_load() was called from common reset. This is not standard and obliged to discriminate the reset case from the restore case using the iidr value. Let's get rid of that call. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1511883692-11511-2-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-20nvic: Fix ARMv7M MPU_RBAR readsPeter Maydell
Fix an incorrect mask expression in the handling of v7M MPU_RBAR reads that meant that we would always report the ADDR field as zero. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 1509732813-22957-1-git-send-email-peter.maydell@linaro.org
2017-11-16Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
Miscellaneous bugfixes # gpg: Signature made Wed 15 Nov 2017 15:27:25 GMT # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: fix scripts/update-linux-headers.sh here document exec: Do not resolve subpage in mru_section util/stats64: Fix min/max comparisons cpu-exec: avoid cpu_exec_nocache infinite loop with record/replay cpu-exec: don't overwrite exception_index vhost-user-scsi: add missing virtqueue_size param target-i386: adds PV_TLB_FLUSH CPUID feature bit thread-posix: fix qemu_rec_mutex_trylock macro Makefile: simpler/faster "make help" ioapic/tracing: Remove last DPRINTFs Enable 8-byte wide MMIO for 16550 serial devices Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-14ioapic/tracing: Remove last DPRINTFsDr. David Alan Gilbert
Remove the last few DPRINTFs from hw/intc/ioapic.c and turn them into tracing. In one case it's a new trace, in the others it's just adding a parameter to the existing traces. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20171102180310.24760-1-dgilbert@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-11-14xics/kvm: synchonize state before 'info pic'Greg Kurz
When using the emulated XICS, the 'info pic' monitor command shows: CPU 0 XIRR=ff000000 ((nil)) PP=ff MFRR=ff ICS 1000..13ff 0x10040060340 1000 MSI 05 00 1001 MSI 05 00 1002 MSI 05 00 1003 MSI ff 00 1004 LSI ff 00 1005 LSI ff 00 1006 LSI ff 00 1007 LSI ff 00 1008 MSI 05 00 1009 MSI 05 00 100a MSI 05 00 100b MSI 05 00 100c MSI 05 00 but when using the in-kernel XICS with the very same guest, we get: CPU 0 XIRR=00000000 ((nil)) PP=ff MFRR=ff ICS 1000..13ff 0x10032e00340 1000 MSI ff 00 1001 MSI ff 00 1002 MSI ff 00 1003 MSI ff 00 1004 LSI ff 00 1005 LSI ff 00 1006 LSI ff 00 1007 LSI ff 00 1008 MSI ff 00 1009 MSI ff 00 100a MSI ff 00 100b MSI ff 00 100c MSI ff 00 ie, all irqs are masked and XIRR is null, while we should get the same output as with the emulated XICS. If the guest is then migrated, 'info pic' shows the expected values on both source and destination. The problem is that QEMU doesn't synchronize with KVM before printing the XICS state. Migration happens to fix the output because it enforces synchronization with KVM. To fix the invalid output of 'info pic', this patch introduces a new synchronize_state operation for both ICPStateClass and ICSStateClass. The ICP operation relies on run_on_cpu() in order to kick the vCPU and avoid sleeping on KVM_GET_ONE_REG. Signed-off-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-11-07hw/intc/arm_gicv3_its: Don't abort on table save failureEric Auger
The ITS is not fully properly reset at the moment. Caches are not emptied. After a reset, in case we attempt to save the state before the bound devices have registered their MSIs and after the 1st level table has been allocated by the ITS driver (device BASER is valid), the first level entries are still invalid. If the device cache is not empty (devices registered before the reset), vgic_its_save_device_tables fails with -EINVAL. This causes a QEMU abort(). Cc: qemu-stable@nongnu.org Signed-off-by: Eric Auger <eric.auger@redhat.com> Reported-by: wanghaibin <wanghaibin.wang@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-11-07hw/intc/arm_gicv3_its: Fix the VM termination in vm_change_state_handler()Shanker Donthineni
The commit cddafd8f353d ("hw/intc/arm_gicv3_its: Implement state save /restore") breaks the backward compatibility with the older kernels where vITS save/restore support is not available. The vmstate function vm_change_state_handler() should not be registered if the running kernel doesn't support ITS save/restore feature. Otherwise VM instance will be killed whenever vmstate callback function is invoked. Observed a virtual machine shutdown with QEMU-2.10+linux-4.11 when testing the reboot command "virsh reboot <domain> --mode acpi" instead of reboot. KVM Error: 'KVM_SET_DEVICE_ATTR failed: Group 4 attr 0x00000000000001' Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Message-id: 1509712671-16299-1-git-send-email-shankerd@codeaurora.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-10-21openrisc/ompic: Add OpenRISC Multicore PIC (OMPIC)Stafford Horne
Add OpenRISC Multicore PIC which handles inter processor interrupts (IPI) between cores. In OpenRISC all device interrupts are routed to each core enabling this device to be simple. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Stafford Horne <shorne@gmail.com>
2017-10-12nvic: Fix miscalculation of offsets into ITNS arrayPeter Maydell
This calculation of the first exception vector in the ITNS<n> register being accessed: int startvec = 32 * (offset - 0x380) + NVIC_FIRST_IRQ; is incorrect, because offset is in bytes, so we only want to multiply by 8. Spotted by Coverity (CID 1381484, CID 1381488), though it is not correct that it actually overflows the buffer, because we have a 'startvec + i < s->num_irq' guard. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1507650856-11718-1-git-send-email-peter.maydell@linaro.org
2017-10-12nvic: Add missing 'break'Peter Maydell
Coverity points out that we forgot the 'break' for the SAU_CTRL write case (CID1381683). This has no actual visible consequences because it happens that the following case is effectively a no-op. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1507742676-9908-1-git-send-email-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2017-10-06nvic: Add missing code for writing SHCSR.HARDFAULTPENDED bitPeter Maydell
When we added support for the new SHCSR bits in v8M in commit 437d59c17e9 the code to support writing to the new HARDFAULTPENDED bit was accidentally only added for non-secure writes; the secure banked version of the bit should also be writable. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-21-git-send-email-peter.maydell@linaro.org
2017-10-06nvic: Implement Security Attribution Unit registersPeter Maydell
Implement the register interface for the SAU: SAU_CTRL, SAU_TYPE, SAU_RNR, SAU_RBAR and SAU_RLAR. None of the actual behaviour is implemented here; registers just read back as written. When the CPU definition for Cortex-M33 is eventually added, its initfn will set cpu->sau_sregion, in the same way that we currently set cpu->pmsav7_dregion for the M3 and M4. Number of SAU regions is typically a configurable CPU parameter, but this patch doesn't provide a QEMU CPU property for it. We can easily add one when we have a board that requires it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-14-git-send-email-peter.maydell@linaro.org
2017-10-06target/arm: Add new-in-v8M SFSR and SFARPeter Maydell
Add the new M profile Secure Fault Status Register and Secure Fault Address Register. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-10-git-send-email-peter.maydell@linaro.org
2017-10-06target/arm: Prepare for CONTROL.SPSEL being nonzero in Handler modePeter Maydell
In the v7M architecture, there is an invariant that if the CPU is in Handler mode then the CONTROL.SPSEL bit cannot be nonzero. This in turn means that the current stack pointer is always indicated by CONTROL.SPSEL, even though Handler mode always uses the Main stack pointer. In v8M, this invariant is removed, and CONTROL.SPSEL may now be nonzero in Handler mode (though Handler mode still always uses the Main stack pointer). In preparation for this change, change how we handle this bit: rename switch_v7m_sp() to the now more accurate write_v7m_control_spsel(), and make it check both the handler mode state and the SPSEL bit. Note that this implicitly changes the point at which we switch active SP on exception exit from before we pop the exception frame to after it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1506092407-26985-4-git-send-email-peter.maydell@linaro.org
2017-10-06nvic: Clear the vector arrays and prigroup on resetPeter Maydell
Reset for devices does not include an automatic clear of the device state (unlike CPU state, where most of the state structure is cleared to zero). Add some missing initialization of NVIC state that meant that the device was left in the wrong state if the guest did a warm reset. (In particular, since we were resetting the computed state like s->exception_prio but not all the state it was computed from like s->vectors[x].active, the NVIC wound up in an inconsistent state that could later trigger assertion failures.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 1506092407-26985-2-git-send-email-peter.maydell@linaro.org
2017-09-27Merge remote-tracking branch ↵Peter Maydell
'remotes/dgilbert/tags/pull-migration-20170927a' into staging Migration pull 2017-09-27 # gpg: Signature made Wed 27 Sep 2017 14:56:23 BST # gpg: using RSA key 0x0516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20170927a: migration: Route more error paths migration: Route errors up through vmstate_save migration: wire vmstate_save_state errors up to vmstate_subsection_save migration: Check field save returns migration: check pre_save return in vmstate_save_state migration: pre_save return int migration: disable auto-converge during bulk block migration Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-09-27migration: pre_save return intDr. David Alan Gilbert
Modify the pre_save method on VMStateDescription to return an int rather than void so that it potentially can fail. Changed zillions of devices to make them return 0; the only case I've made it return non-0 is hw/intc/s390_flic_kvm.c that already had an error_report/return case. Note: If you add an error exit in your pre_save you must emit an error_report to say why. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20170925112917.21340-2-dgilbert@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-09-27ppc: Fix OpenPIC modelBenjamin Herrenschmidt
Apple uses an IBM MPIC2A without timers, it has 64 sources. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2017-09-23Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* Speed up AddressSpaceDispatch creation (Alexey) * Fix kvm.c assert (David) * Memory fixes and further speedup (me) * Persistent reservation manager infrastructure (me) * virtio-serial: add enable_backend callback (Pavel) * chardev GMainContext fixes (Peter) # gpg: Signature made Fri 22 Sep 2017 20:07:33 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (32 commits) chardev: remove context in chr_update_read_handler chardev: use per-dev context for io_add_watch_poll chardev: add Chardev.gcontext field chardev: new qemu_chr_be_update_read_handlers() scsi: add persistent reservation manager using qemu-pr-helper scsi: add multipath support to qemu-pr-helper scsi: build qemu-pr-helper scsi, file-posix: add support for persistent reservation management memory: Share special empty FlatView memory: seek FlatView sharing candidates among children subregions memory: trace FlatView creation and destruction memory: Create FlatView directly memory: Get rid of address_space_init_shareable memory: Rework "info mtree" to print flat views and dispatch trees memory: Do not allocate FlatView in address_space_init memory: Share FlatView's and dispatch trees between address spaces memory: Move address_space_update_ioeventfds memory: Alloc dispatch tree where topology is generared memory: Store physical root MR in FlatView memory: Rename mem_begin/mem_commit/mem_add helpers ... # Conflicts: # configure
2017-09-21memory: Switch memory from using AddressSpace to FlatViewAlexey Kardashevskiy
FlatView's will be shared between AddressSpace's and subpage_t and MemoryRegionSection cannot store AS anymore, hence this change. In particular, for: typedef struct subpage_t { MemoryRegion iomem; - AddressSpace *as; + FlatView *fv; hwaddr base; uint16_t sub_section[]; } subpage_t; struct MemoryRegionSection { MemoryRegion *mr; - AddressSpace *address_space; + FlatView *fv; hwaddr offset_within_region; Int128 size; hwaddr offset_within_address_space; bool readonly; }; This should cause no behavioural change. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Message-Id: <20170921085110.25598-7-aik@ozlabs.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-09-21nvic: Support banked exceptions in acknowledge and completePeter Maydell
Update armv7m_nvic_acknowledge_irq() and armv7m_nvic_complete_irq() to handle banked exceptions: * acknowledge needs to use the correct vector, which may be in sec_vectors[] * acknowledge needs to return to its caller whether the exception should be taken to secure or non-secure state * complete needs its caller to tell it whether the exception being completed is a secure one or not Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-20-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Make SHCSR banked for v8MPeter Maydell
Handle banking of SHCSR: some register bits are banked between Secure and Non-Secure, and some are only accessible to Secure. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-19-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Make ICSR banked for v8MPeter Maydell
The ICSR NVIC register is banked for v8M. This doesn't require any new state, but it does mean that some bits are controlled by BFHNFNMINS and some bits must work with the correct banked exception. There is also a new in v8M PENDNMICLR bit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-18-git-send-email-peter.maydell@linaro.org
2017-09-21target/arm: Handle banking in negative-execution-priority check in ↵Peter Maydell
cpu_mmu_index() Now that we have a banked FAULTMASK register and banked exceptions, we can implement the correct check in cpu_mmu_index() for whether the MPU_CTRL.HFNMIENA bit's effect should apply. This bit causes handlers which have requested a negative execution priority to run with the MPU disabled. In v8M the test has to check this for the current security state and so takes account of banking. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-17-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Handle v8M changes in nvic_exec_prio()Peter Maydell
Update nvic_exec_prio() to support the v8M changes: * BASEPRI, FAULTMASK and PRIMASK are all banked * AIRCR.PRIS can affect NS priorities * AIRCR.BFHFNMINS affects FAULTMASK behaviour These changes mean that it's no longer possible to definitely say that if FAULTMASK is set it overrides PRIMASK, and if PRIMASK is set it overrides BASEPRI (since if PRIMASK_NS is set and AIRCR.PRIS is set then whether that 0x80 priority should take effect or the priority in BASEPRI_S depends on the value of BASEPRI_S, for instance). So we switch to the same approach used by the pseudocode of working through BASEPRI, PRIMASK and FAULTMASK and overriding the previous values if needed. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-16-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Disable the non-secure HardFault if AIRCR.BFHFNMINS is clearPeter Maydell
If AIRCR.BFHFNMINS is clear, then although NonSecure HardFault can still be pended via SHCSR.HARDFAULTPENDED it mustn't actually preempt execution. The simple way to achieve this is to clear the enable bit for it, since the enable bit isn't guest visible. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-15-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Implement v8M changes to fixed priority exceptionsPeter Maydell
In v7M, the fixed-priority exceptions are: Reset: -3 NMI: -2 HardFault: -1 In v8M, this changes because Secure HardFault may need to be prioritised above NMI: Reset: -4 Secure HardFault if AIRCR.BFHFNMINS == 1: -3 NMI: -2 Secure HardFault if AIRCR.BFHFNMINS == 0: -1 NonSecure HardFault: -1 Make these changes, including support for changing the priority of Secure HardFault as AIRCR.BFHFNMINS changes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-14-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: In escalation to HardFault, support HF not being priority -1Peter Maydell
When escalating to HardFault, we must go into Lockup if we can't take the synchronous HardFault because the current execution priority is already at or below the priority of HardFault. In v7M HF is always priority -1 so a simple < 0 comparison sufficed; in v8M the priority of HardFault can vary depending on whether it is a Secure or NonSecure HardFault, so we must check against the priority of the HardFault exception vector we're about to use. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-13-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Compare group priority for escalation to HFPeter Maydell
In armv7m_nvic_set_pending() we have to compare the priority of an exception against the execution priority to decide whether it needs to be escalated to HardFault. In the specification this is a comparison against the exception's group priority; for v7M we implemented it as a comparison against the raw exception priority because the two comparisons will always give the same answer. For v8M the existence of AIRCR.PRIS and the possibility of different PRIGROUP values for secure and nonsecure exceptions means we need to explicitly calculate the vector's group priority for this check. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-12-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Make SHPR registers bankedPeter Maydell
Make the set_prio() function take a bool indicating whether to pend the secure or non-secure version of a banked interrupt, and use this to implement the correct banking semantics for the SHPR registers. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-11-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Make set_pending and clear_pending take a secure parameterPeter Maydell
Make the armv7m_nvic_set_pending() and armv7m_nvic_clear_pending() functions take a bool indicating whether to pend the secure or non-secure version of a banked interrupt, and update the callsites accordingly. In most callsites we can simply pass the correct security state in; in a couple of cases we use TODO comments to indicate that we will return the code in a subsequent commit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-10-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Handle banked exceptions in nvic_recompute_state()Peter Maydell
Update the nvic_recompute_state() code to handle the security extension and its associated banked registers. Code that uses the resulting cached state (ie the irq acknowledge and complete code) will be updated in a later commit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-9-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Implement NVIC_ITNS<n> registersPeter Maydell
For v8M, the NVIC has a new set of registers per interrupt, NVIC_ITNS<n>. These determine whether the interrupt targets Secure or Non-secure state. Implement the register read/write code for these, and make them cause NVIC_IABR, NVIC_ICER, NVIC_ISER, NVIC_ICPR, NVIC_IPR and NVIC_ISPR to RAZ/WI for non-secure accesses to fields corresponding to interrupts which are configured to target secure state. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-8-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Make ICSR.RETTOBASE handle banked exceptionsPeter Maydell
Update the code in nvic_rettobase() so that it checks the sec_vectors[] array as well as the vectors[] array if needed. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-7-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Implement AIRCR changes for v8MPeter Maydell
The Application Interrupt and Reset Control Register has some changes for v8M: * new bits SYSRESETREQS, BFHFNMINS and PRIS: these all have real state if the security extension is implemented and otherwise are constant * the PRIGROUP field is banked between security states * non-secure code can be blocked from using the SYSRESET bit to reset the system if SYSRESETREQS is set Implement the new state and the changes to register read and write. For the moment we ignore the effects of the secure PRIGROUP. We will implement the effects of PRIS and BFHFNMIS later. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-6-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Add cached vectpending_prio statePeter Maydell
Instead of looking up the pending priority in nvic_pending_prio(), cache it in a new state struct field. The calculation of the pending priority given the interrupt number is more complicated in v8M with the security extension, so the caching will be worthwhile. This changes nvic_pending_prio() from returning a full (group + subpriority) priority value to returning a group priority. This doesn't require changes to its callsites because we use it only in comparisons of the form execution_prio > nvic_pending_prio() and execution priority is always a group priority, so a test (exec prio > full prio) is true if and only if (execprio > group_prio). (Architecturally the expected comparison is with the group priority for this sort of "would we preempt" test; we were only doing a test with a full priority as an optimisation to avoid the mask, which is possible precisely because the two comparisons always give the same answer.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1505240046-11454-5-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Add cached vectpending_is_s_banked statePeter Maydell
With banked exceptions, just the exception number in s->vectpending is no longer sufficient to uniquely identify the pending exception. Add a vectpending_is_s_banked bool which is true if the exception is using the sec_vectors[] array. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1505240046-11454-4-git-send-email-peter.maydell@linaro.org
2017-09-21nvic: Add banked exception statesPeter Maydell
For the v8M security extension, some exceptions must be banked between security states. Add the new vecinfo array which holds the state for the banked exceptions and migrate it if the CPU the NVIC is attached to implements the security extension. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>