From f698c8ba48809454ba4a28fe3eb6f677943cd1ae Mon Sep 17 00:00:00 2001 From: Peter Crosthwaite Date: Thu, 21 Jan 2016 14:15:03 +0000 Subject: qdev: get_child_bus(): Use QOM lookup if available qbus_realize() adds busses as a QOM child of the device in addition to adding it to the qdev bus list. Change get_child_bus() to use the QOM child if it is available. This takes priority over the bus-list, but the child object is checked for type correctness. This prepares support for aliasing of buses. The use case is SoCs, where a SoC container needs to present buses to the board level, but the buses are implemented by controller IP we already model as self contained qbus-containing devices. Signed-off-by: Peter Crosthwaite Acked-by: Alistair Francis Signed-off-by: Alistair Francis Signed-off-by: Peter Maydell --- hw/core/qdev.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/core/qdev.c b/hw/core/qdev.c index 44bf790b01..655f5d5d5b 100644 --- a/hw/core/qdev.c +++ b/hw/core/qdev.c @@ -580,6 +580,12 @@ void qdev_pass_gpios(DeviceState *dev, DeviceState *container, BusState *qdev_get_child_bus(DeviceState *dev, const char *name) { BusState *bus; + Object *child = object_resolve_path_component(OBJECT(dev), name); + + bus = (BusState *)object_dynamic_cast(child, TYPE_BUS); + if (bus) { + return bus; + } QLIST_FOREACH(bus, &dev->child_bus, sibling) { if (strcmp(name, bus->name) == 0) { -- cgit v1.2.3 From d857c4c0235f2e891850b0d08b5a1a48d18bf8bf Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Thu, 21 Jan 2016 14:15:03 +0000 Subject: m25p80.c: Add sst25wf080 SPI flash device Add the sst25wf080 SPI flash device. Signed-off-by: Alistair Francis Reviewed-by: Peter Crosthwaite Signed-off-by: Peter Crosthwaite Signed-off-by: Peter Maydell --- hw/block/m25p80.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c index 4bbf90d461..b49260a59d 100644 --- a/hw/block/m25p80.c +++ b/hw/block/m25p80.c @@ -164,6 +164,7 @@ static const FlashPartInfo known_devices[] = { { INFO("sst25wf010", 0xbf2502, 0, 64 << 10, 2, ER_4K) }, { INFO("sst25wf020", 0xbf2503, 0, 64 << 10, 4, ER_4K) }, { INFO("sst25wf040", 0xbf2504, 0, 64 << 10, 8, ER_4K) }, + { INFO("sst25wf080", 0xbf2505, 0, 64 << 10, 16, ER_4K) }, /* ST Microelectronics -- newer production may have feature updates */ { INFO("m25p05", 0x202010, 0, 32 << 10, 2, 0) }, -- cgit v1.2.3 From 8fd06719e7d37f91f1b843af4cdcdfe7eb3e4a69 Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Thu, 21 Jan 2016 14:15:03 +0000 Subject: ssi: Move ssi.h into a separate directory Move the ssi.h include file into the ssi directory. While touching the code also fix the typdef lines as checkpatch complains. Signed-off-by: Alistair Francis Reviewed-by: Peter Crosthwaite Signed-off-by: Peter Crosthwaite Signed-off-by: Peter Maydell --- hw/arm/pxa2xx.c | 2 +- hw/arm/spitz.c | 2 +- hw/arm/stellaris.c | 2 +- hw/arm/strongarm.c | 2 +- hw/arm/tosa.c | 2 +- hw/arm/xilinx_zynq.c | 2 +- hw/arm/z2.c | 2 +- hw/block/m25p80.c | 2 +- hw/display/ads7846.c | 2 +- hw/display/ssd0323.c | 2 +- hw/microblaze/petalogix_ml605_mmu.c | 2 +- hw/misc/max111x.c | 2 +- hw/sd/ssi-sd.c | 2 +- hw/ssi/pl022.c | 2 +- hw/ssi/ssi.c | 2 +- hw/ssi/xilinx_spi.c | 2 +- hw/ssi/xilinx_spips.c | 2 +- include/hw/ssi.h | 94 ------------------------------------ include/hw/ssi/ssi.h | 96 +++++++++++++++++++++++++++++++++++++ 19 files changed, 113 insertions(+), 111 deletions(-) delete mode 100644 include/hw/ssi.h create mode 100644 include/hw/ssi/ssi.h diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c index db58781e01..ff6ac7a60a 100644 --- a/hw/arm/pxa2xx.c +++ b/hw/arm/pxa2xx.c @@ -13,7 +13,7 @@ #include "sysemu/sysemu.h" #include "hw/char/serial.h" #include "hw/i2c/i2c.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #include "sysemu/char.h" #include "sysemu/block-backend.h" #include "sysemu/blockdev.h" diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c index 317ade1202..607cb58a2f 100644 --- a/hw/arm/spitz.c +++ b/hw/arm/spitz.c @@ -17,7 +17,7 @@ #include "sysemu/sysemu.h" #include "hw/pcmcia.h" #include "hw/i2c/i2c.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #include "hw/block/flash.h" #include "qemu/timer.h" #include "hw/devices.h" diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c index 3eb7d3cb77..de8dbb2a0f 100644 --- a/hw/arm/stellaris.c +++ b/hw/arm/stellaris.c @@ -9,7 +9,7 @@ #include "qemu/osdep.h" #include "hw/sysbus.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #include "hw/arm/arm.h" #include "hw/devices.h" #include "qemu/timer.h" diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c index d9f2f5b3aa..3b17a2126a 100644 --- a/hw/arm/strongarm.c +++ b/hw/arm/strongarm.c @@ -35,7 +35,7 @@ #include "hw/arm/arm.h" #include "sysemu/char.h" #include "sysemu/sysemu.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" //#define DEBUG diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c index c387950fb0..d83c1e1785 100644 --- a/hw/arm/tosa.c +++ b/hw/arm/tosa.c @@ -20,7 +20,7 @@ #include "hw/pcmcia.h" #include "hw/boards.h" #include "hw/i2c/i2c.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #include "sysemu/block-backend.h" #include "hw/sysbus.h" #include "exec/address-spaces.h" diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c index 40b476172a..66e7f27ace 100644 --- a/hw/arm/xilinx_zynq.c +++ b/hw/arm/xilinx_zynq.c @@ -26,7 +26,7 @@ #include "sysemu/block-backend.h" #include "hw/loader.h" #include "hw/misc/zynq-xadc.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #include "qemu/error-report.h" #define NUM_SPI_FLASHES 4 diff --git a/hw/arm/z2.c b/hw/arm/z2.c index aecb24a8e9..aea895a500 100644 --- a/hw/arm/z2.c +++ b/hw/arm/z2.c @@ -17,7 +17,7 @@ #include "hw/arm/arm.h" #include "hw/devices.h" #include "hw/i2c/i2c.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #include "hw/boards.h" #include "sysemu/sysemu.h" #include "hw/block/flash.h" diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c index b49260a59d..de24f427dc 100644 --- a/hw/block/m25p80.c +++ b/hw/block/m25p80.c @@ -25,7 +25,7 @@ #include "hw/hw.h" #include "sysemu/block-backend.h" #include "sysemu/blockdev.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #ifndef M25P80_ERR_DEBUG #define M25P80_ERR_DEBUG 0 diff --git a/hw/display/ads7846.c b/hw/display/ads7846.c index 3f35369bb4..cb82317119 100644 --- a/hw/display/ads7846.c +++ b/hw/display/ads7846.c @@ -10,7 +10,7 @@ * GNU GPL, version 2 or (at your option) any later version. */ -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #include "ui/console.h" typedef struct { diff --git a/hw/display/ssd0323.c b/hw/display/ssd0323.c index 97270077e2..7545da88d7 100644 --- a/hw/display/ssd0323.c +++ b/hw/display/ssd0323.c @@ -10,7 +10,7 @@ /* The controller can support a variety of different displays, but we only implement one. Most of the commends relating to brightness and geometry setup are ignored. */ -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #include "ui/console.h" //#define DEBUG_SSD0323 1 diff --git a/hw/microblaze/petalogix_ml605_mmu.c b/hw/microblaze/petalogix_ml605_mmu.c index edfb30f697..3f9fa5f2f4 100644 --- a/hw/microblaze/petalogix_ml605_mmu.c +++ b/hw/microblaze/petalogix_ml605_mmu.c @@ -35,7 +35,7 @@ #include "sysemu/block-backend.h" #include "hw/char/serial.h" #include "exec/address-spaces.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #include "boot.h" diff --git a/hw/misc/max111x.c b/hw/misc/max111x.c index bef3651d6e..d619d61d34 100644 --- a/hw/misc/max111x.c +++ b/hw/misc/max111x.c @@ -10,7 +10,7 @@ * GNU GPL, version 2 or (at your option) any later version. */ -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" typedef struct { SSISlave parent_obj; diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c index c49ff62f56..eeb96b9d76 100644 --- a/hw/sd/ssi-sd.c +++ b/hw/sd/ssi-sd.c @@ -12,7 +12,7 @@ #include "sysemu/block-backend.h" #include "sysemu/blockdev.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #include "hw/sd/sd.h" //#define DEBUG_SSI_SD 1 diff --git a/hw/ssi/pl022.c b/hw/ssi/pl022.c index 61d568f36e..0bbf63313c 100644 --- a/hw/ssi/pl022.c +++ b/hw/ssi/pl022.c @@ -8,7 +8,7 @@ */ #include "hw/sysbus.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" //#define DEBUG_PL022 1 diff --git a/hw/ssi/ssi.c b/hw/ssi/ssi.c index 2aab79ba7f..a0f57c0a72 100644 --- a/hw/ssi/ssi.c +++ b/hw/ssi/ssi.c @@ -12,7 +12,7 @@ * GNU GPL, version 2 or (at your option) any later version. */ -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" struct SSIBus { BusState parent_obj; diff --git a/hw/ssi/xilinx_spi.c b/hw/ssi/xilinx_spi.c index 620573caca..94bb2a7652 100644 --- a/hw/ssi/xilinx_spi.c +++ b/hw/ssi/xilinx_spi.c @@ -29,7 +29,7 @@ #include "qemu/log.h" #include "qemu/fifo8.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #ifdef XILINX_SPI_ERR_DEBUG #define DB_PRINT(...) do { \ diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c index 0910f5479a..e9471fff9d 100644 --- a/hw/ssi/xilinx_spips.c +++ b/hw/ssi/xilinx_spips.c @@ -27,7 +27,7 @@ #include "hw/ptimer.h" #include "qemu/log.h" #include "qemu/fifo8.h" -#include "hw/ssi.h" +#include "hw/ssi/ssi.h" #include "qemu/bitops.h" #ifndef XILINX_SPIPS_ERR_DEBUG diff --git a/include/hw/ssi.h b/include/hw/ssi.h deleted file mode 100644 index df0f838510..0000000000 --- a/include/hw/ssi.h +++ /dev/null @@ -1,94 +0,0 @@ -/* QEMU Synchronous Serial Interface support. */ - -/* In principle SSI is a point-point interface. As such the qemu - implementation has a single slave device on a "bus". - However it is fairly common for boards to have multiple slaves - connected to a single master, and select devices with an external - chip select. This is implemented in qemu by having an explicit mux device. - It is assumed that master and slave are both using the same transfer width. - */ - -#ifndef QEMU_SSI_H -#define QEMU_SSI_H - -#include "hw/qdev.h" - -typedef struct SSISlave SSISlave; - -#define TYPE_SSI_SLAVE "ssi-slave" -#define SSI_SLAVE(obj) \ - OBJECT_CHECK(SSISlave, (obj), TYPE_SSI_SLAVE) -#define SSI_SLAVE_CLASS(klass) \ - OBJECT_CLASS_CHECK(SSISlaveClass, (klass), TYPE_SSI_SLAVE) -#define SSI_SLAVE_GET_CLASS(obj) \ - OBJECT_GET_CLASS(SSISlaveClass, (obj), TYPE_SSI_SLAVE) - -#define SSI_GPIO_CS "ssi-gpio-cs" - -typedef enum { - SSI_CS_NONE = 0, - SSI_CS_LOW, - SSI_CS_HIGH, -} SSICSMode; - -/* Slave devices. */ -typedef struct SSISlaveClass { - DeviceClass parent_class; - - int (*init)(SSISlave *dev); - - /* if you have standard or no CS behaviour, just override transfer. - * This is called when the device cs is active (true by default). - */ - uint32_t (*transfer)(SSISlave *dev, uint32_t val); - /* called when the CS line changes. Optional, devices only need to implement - * this if they have side effects associated with the cs line (beyond - * tristating the txrx lines). - */ - int (*set_cs)(SSISlave *dev, bool select); - /* define whether or not CS exists and is active low/high */ - SSICSMode cs_polarity; - - /* if you have non-standard CS behaviour override this to take control - * of the CS behaviour at the device level. transfer, set_cs, and - * cs_polarity are unused if this is overwritten. Transfer_raw will - * always be called for the device for every txrx access to the parent bus - */ - uint32_t (*transfer_raw)(SSISlave *dev, uint32_t val); -} SSISlaveClass; - -struct SSISlave { - DeviceState parent_obj; - - /* Chip select state */ - bool cs; -}; - -#define FROM_SSI_SLAVE(type, dev) DO_UPCAST(type, ssidev, dev) - -extern const VMStateDescription vmstate_ssi_slave; - -#define VMSTATE_SSI_SLAVE(_field, _state) { \ - .name = (stringify(_field)), \ - .size = sizeof(SSISlave), \ - .vmsd = &vmstate_ssi_slave, \ - .flags = VMS_STRUCT, \ - .offset = vmstate_offset_value(_state, _field, SSISlave), \ -} - -DeviceState *ssi_create_slave(SSIBus *bus, const char *name); -DeviceState *ssi_create_slave_no_init(SSIBus *bus, const char *name); - -/* Master interface. */ -SSIBus *ssi_create_bus(DeviceState *parent, const char *name); - -uint32_t ssi_transfer(SSIBus *bus, uint32_t val); - -/* Automatically connect all children nodes a spi controller as slaves */ -void ssi_auto_connect_slaves(DeviceState *parent, qemu_irq *cs_lines, - SSIBus *bus); - -/* max111x.c */ -void max111x_set_input(DeviceState *dev, int line, uint8_t value); - -#endif diff --git a/include/hw/ssi/ssi.h b/include/hw/ssi/ssi.h new file mode 100644 index 0000000000..4a0a53903c --- /dev/null +++ b/include/hw/ssi/ssi.h @@ -0,0 +1,96 @@ +/* QEMU Synchronous Serial Interface support. */ + +/* In principle SSI is a point-point interface. As such the qemu + implementation has a single slave device on a "bus". + However it is fairly common for boards to have multiple slaves + connected to a single master, and select devices with an external + chip select. This is implemented in qemu by having an explicit mux device. + It is assumed that master and slave are both using the same transfer width. + */ + +#ifndef QEMU_SSI_H +#define QEMU_SSI_H + +#include "hw/qdev.h" + +typedef struct SSISlave SSISlave; +typedef struct SSISlaveClass SSISlaveClass; +typedef enum SSICSMode SSICSMode; + +#define TYPE_SSI_SLAVE "ssi-slave" +#define SSI_SLAVE(obj) \ + OBJECT_CHECK(SSISlave, (obj), TYPE_SSI_SLAVE) +#define SSI_SLAVE_CLASS(klass) \ + OBJECT_CLASS_CHECK(SSISlaveClass, (klass), TYPE_SSI_SLAVE) +#define SSI_SLAVE_GET_CLASS(obj) \ + OBJECT_GET_CLASS(SSISlaveClass, (obj), TYPE_SSI_SLAVE) + +#define SSI_GPIO_CS "ssi-gpio-cs" + +enum SSICSMode { + SSI_CS_NONE = 0, + SSI_CS_LOW, + SSI_CS_HIGH, +}; + +/* Slave devices. */ +struct SSISlaveClass { + DeviceClass parent_class; + + int (*init)(SSISlave *dev); + + /* if you have standard or no CS behaviour, just override transfer. + * This is called when the device cs is active (true by default). + */ + uint32_t (*transfer)(SSISlave *dev, uint32_t val); + /* called when the CS line changes. Optional, devices only need to implement + * this if they have side effects associated with the cs line (beyond + * tristating the txrx lines). + */ + int (*set_cs)(SSISlave *dev, bool select); + /* define whether or not CS exists and is active low/high */ + SSICSMode cs_polarity; + + /* if you have non-standard CS behaviour override this to take control + * of the CS behaviour at the device level. transfer, set_cs, and + * cs_polarity are unused if this is overwritten. Transfer_raw will + * always be called for the device for every txrx access to the parent bus + */ + uint32_t (*transfer_raw)(SSISlave *dev, uint32_t val); +}; + +struct SSISlave { + DeviceState parent_obj; + + /* Chip select state */ + bool cs; +}; + +#define FROM_SSI_SLAVE(type, dev) DO_UPCAST(type, ssidev, dev) + +extern const VMStateDescription vmstate_ssi_slave; + +#define VMSTATE_SSI_SLAVE(_field, _state) { \ + .name = (stringify(_field)), \ + .size = sizeof(SSISlave), \ + .vmsd = &vmstate_ssi_slave, \ + .flags = VMS_STRUCT, \ + .offset = vmstate_offset_value(_state, _field, SSISlave), \ +} + +DeviceState *ssi_create_slave(SSIBus *bus, const char *name); +DeviceState *ssi_create_slave_no_init(SSIBus *bus, const char *name); + +/* Master interface. */ +SSIBus *ssi_create_bus(DeviceState *parent, const char *name); + +uint32_t ssi_transfer(SSIBus *bus, uint32_t val); + +/* Automatically connect all children nodes a spi controller as slaves */ +void ssi_auto_connect_slaves(DeviceState *parent, qemu_irq *cs_lines, + SSIBus *bus); + +/* max111x.c */ +void max111x_set_input(DeviceState *dev, int line, uint8_t value); + +#endif -- cgit v1.2.3 From 6363235b2bd49d31a04c0229ae95e5f415c52a54 Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Thu, 21 Jan 2016 14:15:03 +0000 Subject: xilinx_spips: Separate the state struct into a header Separate out the XilinxSPIPS struct into a separate header file. Signed-off-by: Alistair Francis Reviewed-by: Peter Crosthwaite Signed-off-by: Peter Crosthwaite Signed-off-by: Peter Maydell --- hw/ssi/xilinx_spips.c | 46 +++------------------------ include/hw/ssi/xilinx_spips.h | 72 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 42 deletions(-) create mode 100644 include/hw/ssi/xilinx_spips.h diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c index e9471fff9d..c2a8dda313 100644 --- a/hw/ssi/xilinx_spips.c +++ b/hw/ssi/xilinx_spips.c @@ -29,6 +29,7 @@ #include "qemu/fifo8.h" #include "hw/ssi/ssi.h" #include "qemu/bitops.h" +#include "hw/ssi/xilinx_spips.h" #ifndef XILINX_SPIPS_ERR_DEBUG #define XILINX_SPIPS_ERR_DEBUG 0 @@ -103,8 +104,6 @@ #define R_MOD_ID (0xFC / 4) -#define R_MAX (R_MOD_ID+1) - /* size of TXRX FIFOs */ #define RXFF_A 32 #define TXFF_A 32 @@ -134,30 +133,6 @@ typedef enum { QPP = 0x32, } FlashCMD; -typedef struct { - SysBusDevice parent_obj; - - MemoryRegion iomem; - MemoryRegion mmlqspi; - - qemu_irq irq; - int irqline; - - uint8_t num_cs; - uint8_t num_busses; - - uint8_t snoop_state; - qemu_irq *cs_lines; - SSIBus **spi; - - Fifo8 rx_fifo; - Fifo8 tx_fifo; - - uint8_t num_txrx_bytes; - - uint32_t regs[R_MAX]; -} XilinxSPIPS; - typedef struct { XilinxSPIPS parent_obj; @@ -174,19 +149,6 @@ typedef struct XilinxSPIPSClass { uint32_t tx_fifo_size; } XilinxSPIPSClass; -#define TYPE_XILINX_SPIPS "xlnx.ps7-spi" -#define TYPE_XILINX_QSPIPS "xlnx.ps7-qspi" - -#define XILINX_SPIPS(obj) \ - OBJECT_CHECK(XilinxSPIPS, (obj), TYPE_XILINX_SPIPS) -#define XILINX_SPIPS_CLASS(klass) \ - OBJECT_CLASS_CHECK(XilinxSPIPSClass, (klass), TYPE_XILINX_SPIPS) -#define XILINX_SPIPS_GET_CLASS(obj) \ - OBJECT_GET_CLASS(XilinxSPIPSClass, (obj), TYPE_XILINX_SPIPS) - -#define XILINX_QSPIPS(obj) \ - OBJECT_CHECK(XilinxQSPIPS, (obj), TYPE_XILINX_QSPIPS) - static inline int num_effective_busses(XilinxSPIPS *s) { return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS && @@ -257,7 +219,7 @@ static void xilinx_spips_reset(DeviceState *d) XilinxSPIPS *s = XILINX_SPIPS(d); int i; - for (i = 0; i < R_MAX; i++) { + for (i = 0; i < XLNX_SPIPS_R_MAX; i++) { s->regs[i] = 0; } @@ -664,7 +626,7 @@ static void xilinx_spips_realize(DeviceState *dev, Error **errp) } memory_region_init_io(&s->iomem, OBJECT(s), xsc->reg_ops, s, - "spi", R_MAX*4); + "spi", XLNX_SPIPS_R_MAX * 4); sysbus_init_mmio(sbd, &s->iomem); s->irqline = -1; @@ -708,7 +670,7 @@ static const VMStateDescription vmstate_xilinx_spips = { .fields = (VMStateField[]) { VMSTATE_FIFO8(tx_fifo, XilinxSPIPS), VMSTATE_FIFO8(rx_fifo, XilinxSPIPS), - VMSTATE_UINT32_ARRAY(regs, XilinxSPIPS, R_MAX), + VMSTATE_UINT32_ARRAY(regs, XilinxSPIPS, XLNX_SPIPS_R_MAX), VMSTATE_UINT8(snoop_state, XilinxSPIPS), VMSTATE_END_OF_LIST() } diff --git a/include/hw/ssi/xilinx_spips.h b/include/hw/ssi/xilinx_spips.h new file mode 100644 index 0000000000..dbb9eefbaa --- /dev/null +++ b/include/hw/ssi/xilinx_spips.h @@ -0,0 +1,72 @@ +/* + * Header file for the Xilinx Zynq SPI controller + * + * Copyright (C) 2015 Xilinx Inc + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#ifndef XLNX_SPIPS_H +#define XLNX_SPIPS_H + +#include "hw/ssi/ssi.h" +#include "qemu/fifo8.h" + +typedef struct XilinxSPIPS XilinxSPIPS; + +#define XLNX_SPIPS_R_MAX (0x100 / 4) + +struct XilinxSPIPS { + SysBusDevice parent_obj; + + MemoryRegion iomem; + MemoryRegion mmlqspi; + + qemu_irq irq; + int irqline; + + uint8_t num_cs; + uint8_t num_busses; + + uint8_t snoop_state; + qemu_irq *cs_lines; + SSIBus **spi; + + Fifo8 rx_fifo; + Fifo8 tx_fifo; + + uint8_t num_txrx_bytes; + + uint32_t regs[XLNX_SPIPS_R_MAX]; +}; + +#define TYPE_XILINX_SPIPS "xlnx.ps7-spi" +#define TYPE_XILINX_QSPIPS "xlnx.ps7-qspi" + +#define XILINX_SPIPS(obj) \ + OBJECT_CHECK(XilinxSPIPS, (obj), TYPE_XILINX_SPIPS) +#define XILINX_SPIPS_CLASS(klass) \ + OBJECT_CLASS_CHECK(XilinxSPIPSClass, (klass), TYPE_XILINX_SPIPS) +#define XILINX_SPIPS_GET_CLASS(obj) \ + OBJECT_GET_CLASS(XilinxSPIPSClass, (obj), TYPE_XILINX_SPIPS) + +#define XILINX_QSPIPS(obj) \ + OBJECT_CHECK(XilinxQSPIPS, (obj), TYPE_XILINX_QSPIPS) + +#endif /* XLNX_SPIPS_H */ -- cgit v1.2.3 From 02d07eb49436aec8bd13b4ac7c63d9ca3f1c6e6c Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Thu, 21 Jan 2016 14:15:03 +0000 Subject: xlnx-zynqmp: Connect the SPI devices Connect the Xilinx SPI devices to the ZynqMP model. Signed-off-by: Alistair Francis Reviewed-by: Peter Crosthwaite [ PC changes * Use QOM alias for bus connectivity on SoC level ] Signed-off-by: Peter Crosthwaite [PMM: free the g_strdup_printf() string when finished with it] Signed-off-by: Peter Maydell --- hw/arm/xlnx-zynqmp.c | 31 +++++++++++++++++++++++++++++++ include/hw/arm/xlnx-zynqmp.h | 3 +++ 2 files changed, 34 insertions(+) diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c index 57e926d524..1508d0867d 100644 --- a/hw/arm/xlnx-zynqmp.c +++ b/hw/arm/xlnx-zynqmp.c @@ -57,6 +57,14 @@ static const int sdhci_intr[XLNX_ZYNQMP_NUM_SDHCI] = { 48, 49, }; +static const uint64_t spi_addr[XLNX_ZYNQMP_NUM_SPIS] = { + 0xFF040000, 0xFF050000, +}; + +static const int spi_intr[XLNX_ZYNQMP_NUM_SPIS] = { + 19, 20, +}; + typedef struct XlnxZynqMPGICRegion { int region_index; uint32_t address; @@ -118,6 +126,12 @@ static void xlnx_zynqmp_init(Object *obj) qdev_set_parent_bus(DEVICE(&s->sdhci[i]), sysbus_get_default()); } + + for (i = 0; i < XLNX_ZYNQMP_NUM_SPIS; i++) { + object_initialize(&s->spi[i], sizeof(s->spi[i]), + TYPE_XILINX_SPIPS); + qdev_set_parent_bus(DEVICE(&s->spi[i]), sysbus_get_default()); + } } static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp) @@ -324,6 +338,23 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp) sysbus_connect_irq(SYS_BUS_DEVICE(&s->sdhci[i]), 0, gic_spi[sdhci_intr[i]]); } + + for (i = 0; i < XLNX_ZYNQMP_NUM_SPIS; i++) { + gchar *bus_name; + + object_property_set_bool(OBJECT(&s->spi[i]), true, "realized", &err); + + sysbus_mmio_map(SYS_BUS_DEVICE(&s->spi[i]), 0, spi_addr[i]); + sysbus_connect_irq(SYS_BUS_DEVICE(&s->spi[i]), 0, + gic_spi[spi_intr[i]]); + + /* Alias controller SPI bus to the SoC itself */ + bus_name = g_strdup_printf("spi%d", i); + object_property_add_alias(OBJECT(s), bus_name, + OBJECT(&s->spi[i]), "spi0", + &error_abort); + g_free(bus_name); + } } static Property xlnx_zynqmp_props[] = { diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h index 1eba937964..2332596b40 100644 --- a/include/hw/arm/xlnx-zynqmp.h +++ b/include/hw/arm/xlnx-zynqmp.h @@ -25,6 +25,7 @@ #include "hw/ide/pci.h" #include "hw/ide/ahci.h" #include "hw/sd/sdhci.h" +#include "hw/ssi/xilinx_spips.h" #define TYPE_XLNX_ZYNQMP "xlnx,zynqmp" #define XLNX_ZYNQMP(obj) OBJECT_CHECK(XlnxZynqMPState, (obj), \ @@ -35,6 +36,7 @@ #define XLNX_ZYNQMP_NUM_GEMS 4 #define XLNX_ZYNQMP_NUM_UARTS 2 #define XLNX_ZYNQMP_NUM_SDHCI 2 +#define XLNX_ZYNQMP_NUM_SPIS 2 #define XLNX_ZYNQMP_NUM_OCM_BANKS 4 #define XLNX_ZYNQMP_OCM_RAM_0_ADDRESS 0xFFFC0000 @@ -78,6 +80,7 @@ typedef struct XlnxZynqMPState { CadenceUARTState uart[XLNX_ZYNQMP_NUM_UARTS]; SysbusAHCIState sata; SDHCIState sdhci[XLNX_ZYNQMP_NUM_SDHCI]; + XilinxSPIPS spi[XLNX_ZYNQMP_NUM_SPIS]; char *boot_cpu; ARMCPU *boot_cpu_ptr; -- cgit v1.2.3 From a4b26335c8c2b513ee9383837704f264e0b8d83f Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Thu, 21 Jan 2016 14:15:04 +0000 Subject: xlnx-ep108: Connect the SPI Flash Connect the sst25wf080 SPI flash to the EP108 board. Signed-off-by: Alistair Francis Reviewed-by: Peter Crosthwaite Signed-off-by: Peter Crosthwaite [PMM: free string when finished with it] Signed-off-by: Peter Maydell --- hw/arm/xlnx-ep108.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/hw/arm/xlnx-ep108.c b/hw/arm/xlnx-ep108.c index c9414e6a25..2cd69b5faf 100644 --- a/hw/arm/xlnx-ep108.c +++ b/hw/arm/xlnx-ep108.c @@ -31,6 +31,7 @@ static struct arm_boot_info xlnx_ep108_binfo; static void xlnx_ep108_init(MachineState *machine) { XlnxEP108 *s = g_new0(XlnxEP108, 1); + int i; Error *err = NULL; uint64_t ram_size = machine->ram_size; @@ -63,6 +64,21 @@ static void xlnx_ep108_init(MachineState *machine) exit(1); } + for (i = 0; i < XLNX_ZYNQMP_NUM_SPIS; i++) { + SSIBus *spi_bus; + DeviceState *flash_dev; + qemu_irq cs_line; + gchar *bus_name = g_strdup_printf("spi%d", i); + + spi_bus = (SSIBus *)qdev_get_child_bus(DEVICE(&s->soc), bus_name); + g_free(bus_name); + + flash_dev = ssi_create_slave(spi_bus, "sst25wf080"); + cs_line = qdev_get_gpio_in_named(flash_dev, SSI_GPIO_CS, 0); + + sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.spi[i]), 1, cs_line); + } + xlnx_ep108_binfo.ram_size = ram_size; xlnx_ep108_binfo.kernel_filename = machine->kernel_filename; xlnx_ep108_binfo.kernel_cmdline = machine->kernel_cmdline; -- cgit v1.2.3 From 4a94fc9bf2dac5965acb8e264d55a356737a2aa6 Mon Sep 17 00:00:00 2001 From: Peter Crosthwaite Date: Thu, 21 Jan 2016 14:15:04 +0000 Subject: misc: zynq-xadc: Fix off-by-one This bounds check was off-by-one. Fix. Reported-by: Paolo Bonzini Signed-off-by: Peter Crosthwaite Message-id: 1453101737-11255-1-git-send-email-crosthwaite.peter@gmail.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/misc/zynq-xadc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/misc/zynq-xadc.c b/hw/misc/zynq-xadc.c index 1a32595455..d160ff2361 100644 --- a/hw/misc/zynq-xadc.c +++ b/hw/misc/zynq-xadc.c @@ -220,7 +220,7 @@ static void zynq_xadc_write(void *opaque, hwaddr offset, uint64_t val, break; } - if (xadc_reg > ZYNQ_XADC_NUM_ADC_REGS && xadc_cmd != CMD_NOP) { + if (xadc_reg >= ZYNQ_XADC_NUM_ADC_REGS && xadc_cmd != CMD_NOP) { qemu_log_mask(LOG_GUEST_ERROR, "read/write op to invalid xadc " "reg 0x%x\n", xadc_reg); break; -- cgit v1.2.3 From 56943e8cc14b7eeeab67d1942fa5d8bcafe3e53f Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:04 +0000 Subject: exec.c: Don't set cpu->as until cpu_address_space_init Rather than setting cpu->as unconditionally in cpu_exec_init (and then having target-i386 override this later), don't set it until the first call to cpu_address_space_init. This requires us to initialise the address space for both TCG and KVM (KVM doesn't need the AS listener but it does require cpu->as to be set). For target CPUs which don't set up any address spaces (currently everything except i386), add the default address_space_memory in qemu_init_vcpu(). Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias Acked-by: Edgar E. Iglesias --- cpus.c | 10 ++++++++-- exec.c | 16 ++++++++++++---- include/exec/exec-all.h | 16 +++++++++++++++- target-i386/cpu.c | 6 ++++-- 4 files changed, 39 insertions(+), 9 deletions(-) diff --git a/cpus.c b/cpus.c index ea29584397..787877aa24 100644 --- a/cpus.c +++ b/cpus.c @@ -1310,8 +1310,6 @@ static void qemu_tcg_init_vcpu(CPUState *cpu) static QemuCond *tcg_halt_cond; static QemuThread *tcg_cpu_thread; - tcg_cpu_address_space_init(cpu, cpu->as); - /* share a single thread for all cpus with TCG */ if (!tcg_cpu_thread) { cpu->thread = g_malloc0(sizeof(QemuThread)); @@ -1372,6 +1370,14 @@ void qemu_init_vcpu(CPUState *cpu) cpu->nr_cores = smp_cores; cpu->nr_threads = smp_threads; cpu->stopped = true; + + if (!cpu->as) { + /* If the target cpu hasn't set up any address spaces itself, + * give it the default one. + */ + cpu_address_space_init(cpu, &address_space_memory, 0); + } + if (kvm_enabled()) { qemu_kvm_start_vcpu(cpu); } else if (tcg_enabled()) { diff --git a/exec.c b/exec.c index 7f0ce42af0..f34d55698b 100644 --- a/exec.c +++ b/exec.c @@ -536,8 +536,13 @@ CPUState *qemu_get_cpu(int index) } #if !defined(CONFIG_USER_ONLY) -void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as) +void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx) { + if (asidx == 0) { + /* address space 0 gets the convenience alias */ + cpu->as = as; + } + /* We only support one address space per cpu at the moment. */ assert(cpu->as == as); @@ -549,8 +554,10 @@ void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as) cpu->cpu_ases = g_new0(CPUAddressSpace, 1); cpu->cpu_ases[0].cpu = cpu; cpu->cpu_ases[0].as = as; - cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit; - memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as); + if (tcg_enabled()) { + cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit; + memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as); + } } #endif @@ -605,8 +612,9 @@ void cpu_exec_init(CPUState *cpu, Error **errp) int cpu_index; Error *local_err = NULL; + cpu->as = NULL; + #ifndef CONFIG_USER_ONLY - cpu->as = &address_space_memory; cpu->thread_id = qemu_get_thread_id(); #endif diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h index d900b0d078..eb3890a389 100644 --- a/include/exec/exec-all.h +++ b/include/exec/exec-all.h @@ -84,7 +84,21 @@ void QEMU_NORETURN cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc); #if !defined(CONFIG_USER_ONLY) void cpu_reloading_memory_map(void); -void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as); +/** + * cpu_address_space_init: + * @cpu: CPU to add this address space to + * @as: address space to add + * @asidx: integer index of this address space + * + * Add the specified address space to the CPU's cpu_ases list. + * The address space added with @asidx 0 is the one used for the + * convenience pointer cpu->as. + * The target-specific code which registers ASes is responsible + * for defining what semantics address space 0, 1, 2, etc have. + * + * Note that with KVM only one address space is supported. + */ +void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx); /* cputlb.c */ /** * tlb_flush_page: diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 0d447b5690..36fae2dc26 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -2861,9 +2861,10 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) #ifndef CONFIG_USER_ONLY if (tcg_enabled()) { + AddressSpace *newas = g_new(AddressSpace, 1); + cpu->cpu_as_mem = g_new(MemoryRegion, 1); cpu->cpu_as_root = g_new(MemoryRegion, 1); - cs->as = g_new(AddressSpace, 1); /* Outer container... */ memory_region_init(cpu->cpu_as_root, OBJECT(cpu), "memory", ~0ull); @@ -2876,7 +2877,8 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) get_system_memory(), 0, ~0ull); memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->cpu_as_mem, 0); memory_region_set_enabled(cpu->cpu_as_mem, true); - address_space_init(cs->as, cpu->cpu_as_root, "CPU"); + address_space_init(newas, cpu->cpu_as_root, "CPU"); + cpu_address_space_init(cs, newas, 0); /* ... SMRAM with higher priority, linked from /machine/smram. */ cpu->machine_done.notify = x86_cpu_machine_done; -- cgit v1.2.3 From 12ebc9a76dd7702aef0a3618717a826c19c34ef4 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:04 +0000 Subject: exec.c: Allow target CPUs to define multiple AddressSpaces Allow multiple calls to cpu_address_space_init(); each call adds an entry to the cpu->ases array at the specified index. It is up to the target-specific CPU code to actually use these extra address spaces. Since this multiple AddressSpace support won't work with KVM, add an assertion to avoid confusing failures. Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- cpus.c | 1 + exec.c | 25 +++++++++++++++---------- include/exec/exec-all.h | 4 ++++ include/qom/cpu.h | 2 ++ target-i386/cpu.c | 1 + 5 files changed, 23 insertions(+), 10 deletions(-) diff --git a/cpus.c b/cpus.c index 787877aa24..725a51dac9 100644 --- a/cpus.c +++ b/cpus.c @@ -1375,6 +1375,7 @@ void qemu_init_vcpu(CPUState *cpu) /* If the target cpu hasn't set up any address spaces itself, * give it the default one. */ + cpu->num_ases = 1; cpu_address_space_init(cpu, &address_space_memory, 0); } diff --git a/exec.c b/exec.c index f34d55698b..8bc3288105 100644 --- a/exec.c +++ b/exec.c @@ -538,25 +538,29 @@ CPUState *qemu_get_cpu(int index) #if !defined(CONFIG_USER_ONLY) void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx) { + CPUAddressSpace *newas; + + /* Target code should have set num_ases before calling us */ + assert(asidx < cpu->num_ases); + if (asidx == 0) { /* address space 0 gets the convenience alias */ cpu->as = as; } - /* We only support one address space per cpu at the moment. */ - assert(cpu->as == as); + /* KVM cannot currently support multiple address spaces. */ + assert(asidx == 0 || !kvm_enabled()); - if (cpu->cpu_ases) { - /* We've already registered the listener for our only AS */ - return; + if (!cpu->cpu_ases) { + cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases); } - cpu->cpu_ases = g_new0(CPUAddressSpace, 1); - cpu->cpu_ases[0].cpu = cpu; - cpu->cpu_ases[0].as = as; + newas = &cpu->cpu_ases[asidx]; + newas->cpu = cpu; + newas->as = as; if (tcg_enabled()) { - cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit; - memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as); + newas->tcg_as_listener.commit = tcg_commit; + memory_listener_register(&newas->tcg_as_listener, as); } } #endif @@ -613,6 +617,7 @@ void cpu_exec_init(CPUState *cpu, Error **errp) Error *local_err = NULL; cpu->as = NULL; + cpu->num_ases = 0; #ifndef CONFIG_USER_ONLY cpu->thread_id = qemu_get_thread_id(); diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h index eb3890a389..9be0165e80 100644 --- a/include/exec/exec-all.h +++ b/include/exec/exec-all.h @@ -96,6 +96,10 @@ void cpu_reloading_memory_map(void); * The target-specific code which registers ASes is responsible * for defining what semantics address space 0, 1, 2, etc have. * + * Before the first call to this function, the caller must set + * cpu->num_ases to the total number of address spaces it needs + * to support. + * * Note that with KVM only one address space is supported. */ void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx); diff --git a/include/qom/cpu.h b/include/qom/cpu.h index 51a1323ead..ae1793219b 100644 --- a/include/qom/cpu.h +++ b/include/qom/cpu.h @@ -236,6 +236,7 @@ struct kvm_run; * so that interrupts take effect immediately. * @cpu_ases: Pointer to array of CPUAddressSpaces (which define the * AddressSpaces this CPU has) + * @num_ases: number of CPUAddressSpaces in @cpu_ases * @as: Pointer to the first AddressSpace, for the convenience of targets which * only have a single AddressSpace * @env_ptr: Pointer to subclass-specific CPUArchState field. @@ -285,6 +286,7 @@ struct CPUState { struct qemu_work_item *queued_work_first, *queued_work_last; CPUAddressSpace *cpu_ases; + int num_ases; AddressSpace *as; void *env_ptr; /* CPUArchState */ diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 36fae2dc26..4430494085 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -2878,6 +2878,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->cpu_as_mem, 0); memory_region_set_enabled(cpu->cpu_as_mem, true); address_space_init(newas, cpu->cpu_as_root, "CPU"); + cs->num_ases = 1; cpu_address_space_init(cs, newas, 0); /* ... SMRAM with higher priority, linked from /machine/smram. */ -- cgit v1.2.3 From 1787cc8ee55143b6071c87e59f08d56e7c22c1eb Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:04 +0000 Subject: exec-all.h: Document tlb_set_page_with_attrs, tlb_set_page Add documentation comments for tlb_set_page_with_attrs() and tlb_set_page(). Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- include/exec/exec-all.h | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h index 9be0165e80..caa78a952b 100644 --- a/include/exec/exec-all.h +++ b/include/exec/exec-all.h @@ -144,12 +144,40 @@ void tlb_flush_page_by_mmuidx(CPUState *cpu, target_ulong addr, ...); * MMU indexes. */ void tlb_flush_by_mmuidx(CPUState *cpu, ...); -void tlb_set_page(CPUState *cpu, target_ulong vaddr, - hwaddr paddr, int prot, - int mmu_idx, target_ulong size); +/** + * tlb_set_page_with_attrs: + * @cpu: CPU to add this TLB entry for + * @vaddr: virtual address of page to add entry for + * @paddr: physical address of the page + * @attrs: memory transaction attributes + * @prot: access permissions (PAGE_READ/PAGE_WRITE/PAGE_EXEC bits) + * @mmu_idx: MMU index to insert TLB entry for + * @size: size of the page in bytes + * + * Add an entry to this CPU's TLB (a mapping from virtual address + * @vaddr to physical address @paddr) with the specified memory + * transaction attributes. This is generally called by the target CPU + * specific code after it has been called through the tlb_fill() + * entry point and performed a successful page table walk to find + * the physical address and attributes for the virtual address + * which provoked the TLB miss. + * + * At most one entry for a given virtual address is permitted. Only a + * single TARGET_PAGE_SIZE region is mapped; the supplied @size is only + * used by tlb_flush_page. + */ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr, hwaddr paddr, MemTxAttrs attrs, int prot, int mmu_idx, target_ulong size); +/* tlb_set_page: + * + * This function is equivalent to calling tlb_set_page_with_attrs() + * with an @attrs argument of MEMTXATTRS_UNSPECIFIED. It's provided + * as a convenience for CPUs which don't use memory transaction attributes. + */ +void tlb_set_page(CPUState *cpu, target_ulong vaddr, + hwaddr paddr, int prot, + int mmu_idx, target_ulong size); void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr); void probe_write(CPUArchState *env, target_ulong addr, int mmu_idx, uintptr_t retaddr); -- cgit v1.2.3 From 1dc6fb1f5cc5cea5ba01010a19c6acefd0ae4b73 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:05 +0000 Subject: cpu: Add new get_phys_page_attrs_debug() method Add a new optional method get_phys_page_attrs_debug() to CPUClass. This is like the existing get_phys_page_debug(), but also returns the memory transaction attributes to use for the access. This will be necessary for CPUs which have multiple address spaces and use the attributes to select the correct address space. We provide a wrapper function cpu_get_phys_page_attrs_debug() which falls back to the existing get_phys_page_debug(), so we don't need to change every target CPU. Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- include/qom/cpu.h | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/include/qom/cpu.h b/include/qom/cpu.h index ae1793219b..58605a5350 100644 --- a/include/qom/cpu.h +++ b/include/qom/cpu.h @@ -98,6 +98,10 @@ struct TranslationBlock; * #TranslationBlock. * @handle_mmu_fault: Callback for handling an MMU fault. * @get_phys_page_debug: Callback for obtaining a physical address. + * @get_phys_page_attrs_debug: Callback for obtaining a physical address and the + * associated memory transaction attributes to use for the access. + * CPUs which use memory transaction attributes should implement this + * instead of get_phys_page_debug. * @gdb_read_register: Callback for letting GDB read a register. * @gdb_write_register: Callback for letting GDB write a register. * @debug_excp_handler: Callback for handling debug exceptions. @@ -152,6 +156,8 @@ typedef struct CPUClass { int (*handle_mmu_fault)(CPUState *cpu, vaddr address, int rw, int mmu_index); hwaddr (*get_phys_page_debug)(CPUState *cpu, vaddr addr); + hwaddr (*get_phys_page_attrs_debug)(CPUState *cpu, vaddr addr, + MemTxAttrs *attrs); int (*gdb_read_register)(CPUState *cpu, uint8_t *buf, int reg); int (*gdb_write_register)(CPUState *cpu, uint8_t *buf, int reg); void (*debug_excp_handler)(CPUState *cpu); @@ -444,6 +450,32 @@ void cpu_dump_statistics(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf, int flags); #ifndef CONFIG_USER_ONLY +/** + * cpu_get_phys_page_attrs_debug: + * @cpu: The CPU to obtain the physical page address for. + * @addr: The virtual address. + * @attrs: Updated on return with the memory transaction attributes to use + * for this access. + * + * Obtains the physical page corresponding to a virtual one, together + * with the corresponding memory transaction attributes to use for the access. + * Use it only for debugging because no protection checks are done. + * + * Returns: Corresponding physical page address or -1 if no page found. + */ +static inline hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr, + MemTxAttrs *attrs) +{ + CPUClass *cc = CPU_GET_CLASS(cpu); + + if (cc->get_phys_page_attrs_debug) { + return cc->get_phys_page_attrs_debug(cpu, addr, attrs); + } + /* Fallback for CPUs which don't implement the _attrs_ hook */ + *attrs = MEMTXATTRS_UNSPECIFIED; + return cc->get_phys_page_debug(cpu, addr); +} + /** * cpu_get_phys_page_debug: * @cpu: The CPU to obtain the physical page address for. @@ -456,9 +488,9 @@ void cpu_dump_statistics(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf, */ static inline hwaddr cpu_get_phys_page_debug(CPUState *cpu, vaddr addr) { - CPUClass *cc = CPU_GET_CLASS(cpu); + MemTxAttrs attrs = {}; - return cc->get_phys_page_debug(cpu, addr); + return cpu_get_phys_page_attrs_debug(cpu, addr, &attrs); } #endif -- cgit v1.2.3 From d7f25a9e6a6b2c69a0be6033903b7d6087bcf47d Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:05 +0000 Subject: cpu: Add new asidx_from_attrs() method Add a new method to CPUClass which the memory system core can use to obtain the correct address space index to use for a memory access with a given set of transaction attributes, together with the wrapper function cpu_asidx_from_attrs() which implements the default behaviour ("always use asidx 0") for CPU classes which don't provide the method. Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- include/qom/cpu.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/include/qom/cpu.h b/include/qom/cpu.h index 58605a5350..ed232463d5 100644 --- a/include/qom/cpu.h +++ b/include/qom/cpu.h @@ -102,6 +102,8 @@ struct TranslationBlock; * associated memory transaction attributes to use for the access. * CPUs which use memory transaction attributes should implement this * instead of get_phys_page_debug. + * @asidx_from_attrs: Callback to return the CPU AddressSpace to use for + * a memory access with the specified memory transaction attributes. * @gdb_read_register: Callback for letting GDB read a register. * @gdb_write_register: Callback for letting GDB write a register. * @debug_excp_handler: Callback for handling debug exceptions. @@ -158,6 +160,7 @@ typedef struct CPUClass { hwaddr (*get_phys_page_debug)(CPUState *cpu, vaddr addr); hwaddr (*get_phys_page_attrs_debug)(CPUState *cpu, vaddr addr, MemTxAttrs *attrs); + int (*asidx_from_attrs)(CPUState *cpu, MemTxAttrs attrs); int (*gdb_read_register)(CPUState *cpu, uint8_t *buf, int reg); int (*gdb_write_register)(CPUState *cpu, uint8_t *buf, int reg); void (*debug_excp_handler)(CPUState *cpu); @@ -492,6 +495,23 @@ static inline hwaddr cpu_get_phys_page_debug(CPUState *cpu, vaddr addr) return cpu_get_phys_page_attrs_debug(cpu, addr, &attrs); } + +/** cpu_asidx_from_attrs: + * @cpu: CPU + * @attrs: memory transaction attributes + * + * Returns the address space index specifying the CPU AddressSpace + * to use for a memory access with the given transaction attributes. + */ +static inline int cpu_asidx_from_attrs(CPUState *cpu, MemTxAttrs attrs) +{ + CPUClass *cc = CPU_GET_CLASS(cpu); + + if (cc->asidx_from_attrs) { + return cc->asidx_from_attrs(cpu, attrs); + } + return 0; +} #endif /** -- cgit v1.2.3 From d7898cda81b6efa6b2d7a749882695cdcf280eaa Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:05 +0000 Subject: cputlb.c: Use correct address space when looking up MemoryRegionSection When looking up the MemoryRegionSection for the new TLB entry in tlb_set_page_with_attrs(), use cpu_asidx_from_attrs() to determine the correct address space index for the lookup, and pass it into address_space_translate_for_iotlb(). Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- cputlb.c | 3 ++- exec.c | 7 ++++--- include/exec/exec-all.h | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/cputlb.c b/cputlb.c index bf1d50adde..f1c1082069 100644 --- a/cputlb.c +++ b/cputlb.c @@ -356,6 +356,7 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr, CPUTLBEntry *te; hwaddr iotlb, xlat, sz; unsigned vidx = env->vtlb_index++ % CPU_VTLB_SIZE; + int asidx = cpu_asidx_from_attrs(cpu, attrs); assert(size >= TARGET_PAGE_SIZE); if (size != TARGET_PAGE_SIZE) { @@ -363,7 +364,7 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr, } sz = size; - section = address_space_translate_for_iotlb(cpu, paddr, &xlat, &sz); + section = address_space_translate_for_iotlb(cpu, asidx, paddr, &xlat, &sz); assert(sz >= TARGET_PAGE_SIZE); #if defined(DEBUG_TLB) diff --git a/exec.c b/exec.c index 8bc3288105..884586ad2f 100644 --- a/exec.c +++ b/exec.c @@ -431,12 +431,13 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr, /* Called from RCU critical section */ MemoryRegionSection * -address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr, +address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr, hwaddr *xlat, hwaddr *plen) { MemoryRegionSection *section; - section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch, - addr, xlat, plen, false); + AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch; + + section = address_space_translate_internal(d, addr, xlat, plen, false); assert(!section->mr->iommu_ops); return section; diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h index caa78a952b..ee9757f60d 100644 --- a/include/exec/exec-all.h +++ b/include/exec/exec-all.h @@ -432,8 +432,8 @@ void tlb_set_dirty(CPUState *cpu, target_ulong vaddr); void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr); MemoryRegionSection * -address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr, hwaddr *xlat, - hwaddr *plen); +address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr, + hwaddr *xlat, hwaddr *plen); hwaddr memory_region_section_get_iotlb(CPUState *cpu, MemoryRegionSection *section, target_ulong vaddr, -- cgit v1.2.3 From a54c87b68a0410d0cf6f8b84e42074a5cf463732 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:05 +0000 Subject: exec.c: Pass MemTxAttrs to iotlb_to_region so it uses the right AS Pass the MemTxAttrs for the memory access to iotlb_to_region(); this allows it to determine the correct AddressSpace to use for the lookup. Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- cputlb.c | 6 ++++-- exec.c | 5 +++-- include/exec/exec-all.h | 2 +- softmmu_template.h | 4 ++-- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/cputlb.c b/cputlb.c index f1c1082069..f6fb161d15 100644 --- a/cputlb.c +++ b/cputlb.c @@ -449,6 +449,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr) void *p; MemoryRegion *mr; CPUState *cpu = ENV_GET_CPU(env1); + CPUIOTLBEntry *iotlbentry; page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); mmu_idx = cpu_mmu_index(env1, true); @@ -456,8 +457,9 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr) (addr & TARGET_PAGE_MASK))) { cpu_ldub_code(env1, addr); } - pd = env1->iotlb[mmu_idx][page_index].addr & ~TARGET_PAGE_MASK; - mr = iotlb_to_region(cpu, pd); + iotlbentry = &env1->iotlb[mmu_idx][page_index]; + pd = iotlbentry->addr & ~TARGET_PAGE_MASK; + mr = iotlb_to_region(cpu, pd, iotlbentry->attrs); if (memory_region_is_unassigned(mr)) { CPUClass *cc = CPU_GET_CLASS(cpu); diff --git a/exec.c b/exec.c index 884586ad2f..5bd304584c 100644 --- a/exec.c +++ b/exec.c @@ -2238,9 +2238,10 @@ static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as, return phys_section_add(map, §ion); } -MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index) +MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs) { - CPUAddressSpace *cpuas = &cpu->cpu_ases[0]; + int asidx = cpu_asidx_from_attrs(cpu, attrs); + CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx]; AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch); MemoryRegionSection *sections = d->map.sections; diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h index ee9757f60d..587736e9fb 100644 --- a/include/exec/exec-all.h +++ b/include/exec/exec-all.h @@ -403,7 +403,7 @@ extern uintptr_t tci_tb_ptr; #if !defined(CONFIG_USER_ONLY) struct MemoryRegion *iotlb_to_region(CPUState *cpu, - hwaddr index); + hwaddr index, MemTxAttrs attrs); void tlb_fill(CPUState *cpu, target_ulong addr, int is_write, int mmu_idx, uintptr_t retaddr); diff --git a/softmmu_template.h b/softmmu_template.h index 6803890e4f..208f808f3e 100644 --- a/softmmu_template.h +++ b/softmmu_template.h @@ -150,7 +150,7 @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState *env, uint64_t val; CPUState *cpu = ENV_GET_CPU(env); hwaddr physaddr = iotlbentry->addr; - MemoryRegion *mr = iotlb_to_region(cpu, physaddr); + MemoryRegion *mr = iotlb_to_region(cpu, physaddr, iotlbentry->attrs); physaddr = (physaddr & TARGET_PAGE_MASK) + addr; cpu->mem_io_pc = retaddr; @@ -357,7 +357,7 @@ static inline void glue(io_write, SUFFIX)(CPUArchState *env, { CPUState *cpu = ENV_GET_CPU(env); hwaddr physaddr = iotlbentry->addr; - MemoryRegion *mr = iotlb_to_region(cpu, physaddr); + MemoryRegion *mr = iotlb_to_region(cpu, physaddr, iotlbentry->attrs); physaddr = (physaddr & TARGET_PAGE_MASK) + addr; if (mr != &io_mem_rom && mr != &io_mem_notdirty && !cpu->can_do_io) { -- cgit v1.2.3 From 651a5bc03705102de519ebf079a40ecc1da991db Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:05 +0000 Subject: exec.c: Add cpu_get_address_space() Add a function to return the AddressSpace for a CPU based on its numerical index. (Callers outside exec.c don't have access to the CPUAddressSpace struct so can't just fish it out of the CPUState struct directly.) Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- exec.c | 6 ++++++ include/exec/exec-all.h | 9 +++++++++ 2 files changed, 15 insertions(+) diff --git a/exec.c b/exec.c index 5bd304584c..cbadca4b50 100644 --- a/exec.c +++ b/exec.c @@ -564,6 +564,12 @@ void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx) memory_listener_register(&newas->tcg_as_listener, as); } } + +AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx) +{ + /* Return the AddressSpace corresponding to the specified index */ + return cpu->cpu_ases[asidx].as; +} #endif #ifndef CONFIG_USER_ONLY diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h index 587736e9fb..05a151da4a 100644 --- a/include/exec/exec-all.h +++ b/include/exec/exec-all.h @@ -103,6 +103,15 @@ void cpu_reloading_memory_map(void); * Note that with KVM only one address space is supported. */ void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx); +/** + * cpu_get_address_space: + * @cpu: CPU to get address space from + * @asidx: index identifying which address space to get + * + * Return the requested address space of this CPU. @asidx + * specifies which address space to read. + */ +AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx); /* cputlb.c */ /** * tlb_flush_page: -- cgit v1.2.3 From 5232e4c798ba7a46261d3157b73d08fc598e7dcb Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:06 +0000 Subject: exec.c: Use cpu_get_phys_page_attrs_debug Use cpu_get_phys_page_attrs_debug() when doing virtual-to-physical conversions in debug related code, so that we can obtain the right address space index and thus select the correct AddressSpace, rather than always using cpu->as. Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- exec.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/exec.c b/exec.c index cbadca4b50..590a018d95 100644 --- a/exec.c +++ b/exec.c @@ -667,9 +667,11 @@ static void breakpoint_invalidate(CPUState *cpu, target_ulong pc) #else static void breakpoint_invalidate(CPUState *cpu, target_ulong pc) { - hwaddr phys = cpu_get_phys_page_debug(cpu, pc); + MemTxAttrs attrs; + hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs); + int asidx = cpu_asidx_from_attrs(cpu, attrs); if (phys != -1) { - tb_invalidate_phys_addr(cpu->as, + tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as, phys | (pc & ~TARGET_PAGE_MASK)); } } @@ -3586,8 +3588,12 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr, target_ulong page; while (len > 0) { + int asidx; + MemTxAttrs attrs; + page = addr & TARGET_PAGE_MASK; - phys_addr = cpu_get_phys_page_debug(cpu, page); + phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs); + asidx = cpu_asidx_from_attrs(cpu, attrs); /* if no physical page mapped, return an error */ if (phys_addr == -1) return -1; @@ -3596,9 +3602,11 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr, l = len; phys_addr += (addr & ~TARGET_PAGE_MASK); if (is_write) { - cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l); + cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as, + phys_addr, buf, l); } else { - address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED, + address_space_rw(cpu->cpu_ases[asidx].as, phys_addr, + MEMTXATTRS_UNSPECIFIED, buf, l, 0); } len -= l; -- cgit v1.2.3 From 79ed0416477440ccb6acf136d6808a4f5848bbdf Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:06 +0000 Subject: exec.c: Use correct AddressSpace in watch_mem_read and watch_mem_write In the watchpoint access routines watch_mem_read and watch_mem_write, find the correct AddressSpace to use from current_cpu and the memory transaction attributes, rather than always assuming address_space_memory. Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- exec.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/exec.c b/exec.c index 590a018d95..0e4f681360 100644 --- a/exec.c +++ b/exec.c @@ -2056,17 +2056,19 @@ static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata, { MemTxResult res; uint64_t data; + int asidx = cpu_asidx_from_attrs(current_cpu, attrs); + AddressSpace *as = current_cpu->cpu_ases[asidx].as; check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ); switch (size) { case 1: - data = address_space_ldub(&address_space_memory, addr, attrs, &res); + data = address_space_ldub(as, addr, attrs, &res); break; case 2: - data = address_space_lduw(&address_space_memory, addr, attrs, &res); + data = address_space_lduw(as, addr, attrs, &res); break; case 4: - data = address_space_ldl(&address_space_memory, addr, attrs, &res); + data = address_space_ldl(as, addr, attrs, &res); break; default: abort(); } @@ -2079,17 +2081,19 @@ static MemTxResult watch_mem_write(void *opaque, hwaddr addr, MemTxAttrs attrs) { MemTxResult res; + int asidx = cpu_asidx_from_attrs(current_cpu, attrs); + AddressSpace *as = current_cpu->cpu_ases[asidx].as; check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE); switch (size) { case 1: - address_space_stb(&address_space_memory, addr, val, attrs, &res); + address_space_stb(as, addr, val, attrs, &res); break; case 2: - address_space_stw(&address_space_memory, addr, val, attrs, &res); + address_space_stw(as, addr, val, attrs, &res); break; case 4: - address_space_stl(&address_space_memory, addr, val, attrs, &res); + address_space_stl(as, addr, val, attrs, &res); break; default: abort(); } -- cgit v1.2.3 From f0c02d15b57da6f5463e3768aa0cfeedccf4b8f4 Mon Sep 17 00:00:00 2001 From: Peter Crosthwaite Date: Thu, 21 Jan 2016 14:15:06 +0000 Subject: memory: Add address_space_init_shareable() This will either create a new AS or return a pointer to an already existing equivalent one, if we have already created an AS for the specified root memory region. The motivation is to reuse address spaces as much as possible. It's going to be quite common that bus masters out in device land have pointers to the same memory region for their mastering yet each will need to create its own address space. Let the memory API implement sharing for them. Aside from the perf optimisations, this should reduce the amount of redundant output on info mtree as well. Thee returned value will be malloced, but the malloc will be automatically freed when the AS runs out of refs. Signed-off-by: Peter Crosthwaite [PMM: dropped check for NULL root as unused; added doc-comment; squashed Peter C's reference-counting patch into this one; don't compare name string when deciding if we can share ASes; read as->malloced before the unref of as->root to avoid possible read-after-free if as->root was the owner of as] Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- include/exec/memory.h | 18 ++++++++++++++++++ memory.c | 27 +++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/include/exec/memory.h b/include/exec/memory.h index 01f10049c1..c92734ae2b 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -241,6 +241,8 @@ struct AddressSpace { struct rcu_head rcu; char *name; MemoryRegion *root; + int ref_count; + bool malloced; /* Accessed via RCU. */ struct FlatView *current_map; @@ -1189,6 +1191,22 @@ MemTxResult memory_region_dispatch_write(MemoryRegion *mr, */ void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name); +/** + * address_space_init_shareable: return an address space for a memory region, + * creating it if it does not already exist + * + * @root: a #MemoryRegion that routes addresses for the address space + * @name: an address space name. The name is only used for debugging + * output. + * + * This function will return a pointer to an existing AddressSpace + * which was initialized with the specified MemoryRegion, or it will + * create and initialize one if it does not already exist. The ASes + * are reference-counted, so the memory will be freed automatically + * when the AddressSpace is destroyed via address_space_destroy. + */ +AddressSpace *address_space_init_shareable(MemoryRegion *root, + const char *name); /** * address_space_destroy: destroy an address space diff --git a/memory.c b/memory.c index 93bd8ed7bc..d2d0a92810 100644 --- a/memory.c +++ b/memory.c @@ -2124,7 +2124,9 @@ void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name) { memory_region_ref(root); memory_region_transaction_begin(); + as->ref_count = 1; as->root = root; + as->malloced = false; as->current_map = g_new(FlatView, 1); flatview_init(as->current_map); as->ioeventfd_nb = 0; @@ -2139,6 +2141,7 @@ void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name) static void do_address_space_destroy(AddressSpace *as) { MemoryListener *listener; + bool do_free = as->malloced; address_space_destroy_dispatch(as); @@ -2150,12 +2153,36 @@ static void do_address_space_destroy(AddressSpace *as) g_free(as->name); g_free(as->ioeventfds); memory_region_unref(as->root); + if (do_free) { + g_free(as); + } +} + +AddressSpace *address_space_init_shareable(MemoryRegion *root, const char *name) +{ + AddressSpace *as; + + QTAILQ_FOREACH(as, &address_spaces, address_spaces_link) { + if (root == as->root && as->malloced) { + as->ref_count++; + return as; + } + } + + as = g_malloc0(sizeof *as); + address_space_init(as, root, name); + as->malloced = true; + return as; } void address_space_destroy(AddressSpace *as) { MemoryRegion *root = as->root; + as->ref_count--; + if (as->ref_count) { + return; + } /* Flush out anything from MemoryListeners listening in on this */ memory_region_transaction_begin(); as->root = NULL; -- cgit v1.2.3 From 6731d864f80938e404dc3e5eb7f6b76b891e3e43 Mon Sep 17 00:00:00 2001 From: Peter Crosthwaite Date: Thu, 21 Jan 2016 14:15:06 +0000 Subject: qom/cpu: Add MemoryRegion property Add a MemoryRegion property, which if set is used to construct the CPU's initial (default) AddressSpace. Signed-off-by: Peter Crosthwaite [PMM: code is moved from qom/cpu.c to exec.c to avoid having to make qom/cpu.o be a non-common object file; code to use the MemoryRegion and to default it to system_memory added.] Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- cpus.c | 4 +++- exec.c | 14 ++++++++++++++ include/qom/cpu.h | 1 + 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/cpus.c b/cpus.c index 725a51dac9..3efff6b109 100644 --- a/cpus.c +++ b/cpus.c @@ -1375,8 +1375,10 @@ void qemu_init_vcpu(CPUState *cpu) /* If the target cpu hasn't set up any address spaces itself, * give it the default one. */ + AddressSpace *as = address_space_init_shareable(cpu->memory, + "cpu-memory"); cpu->num_ases = 1; - cpu_address_space_init(cpu, &address_space_memory, 0); + cpu_address_space_init(cpu, as, 0); } if (kvm_enabled()) { diff --git a/exec.c b/exec.c index 0e4f681360..5a1b208911 100644 --- a/exec.c +++ b/exec.c @@ -628,6 +628,20 @@ void cpu_exec_init(CPUState *cpu, Error **errp) #ifndef CONFIG_USER_ONLY cpu->thread_id = qemu_get_thread_id(); + + /* This is a softmmu CPU object, so create a property for it + * so users can wire up its memory. (This can't go in qom/cpu.c + * because that file is compiled only once for both user-mode + * and system builds.) The default if no link is set up is to use + * the system address space. + */ + object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION, + (Object **)&cpu->memory, + qdev_prop_allow_set_link_before_realize, + OBJ_PROP_LINK_UNREF_ON_RELEASE, + &error_abort); + cpu->memory = system_memory; + object_ref(OBJECT(cpu->memory)); #endif #if defined(CONFIG_USER_ONLY) diff --git a/include/qom/cpu.h b/include/qom/cpu.h index ed232463d5..2e5229d280 100644 --- a/include/qom/cpu.h +++ b/include/qom/cpu.h @@ -297,6 +297,7 @@ struct CPUState { CPUAddressSpace *cpu_ases; int num_ases; AddressSpace *as; + MemoryRegion *memory; void *env_ptr; /* CPUArchState */ struct TranslationBlock *current_tb; -- cgit v1.2.3 From 9e273ef2174d7cd5b14a16d8638812541d3eb6bb Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:06 +0000 Subject: target-arm: Add QOM property for Secure memory region Add QOM property to the ARM CPU which boards can use to tell us what memory region to use for secure accesses. Nonsecure accesses go via the memory region specified with the base CPU class 'memory' property. By default, if no secure region is specified it is the same as the nonsecure region, and if no nonsecure region is specified we will use address_space_memory. Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- target-arm/cpu-qom.h | 3 +++ target-arm/cpu.c | 32 ++++++++++++++++++++++++++++++++ target-arm/cpu.h | 6 ++++++ 3 files changed, 41 insertions(+) diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h index 5bd9b7bb9f..333af589bc 100644 --- a/target-arm/cpu-qom.h +++ b/target-arm/cpu-qom.h @@ -87,6 +87,9 @@ typedef struct ARMCPU { /* GPIO outputs for generic timer */ qemu_irq gt_timer_outputs[NUM_GTIMERS]; + /* MemoryRegion to use for secure physical accesses */ + MemoryRegion *secure_memory; + /* 'compatible' string for this CPU for Linux device trees */ const char *dtb_compatible; diff --git a/target-arm/cpu.c b/target-arm/cpu.c index 3f5f8e8cb5..57f1754cbf 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c @@ -543,6 +543,15 @@ static void arm_cpu_post_init(Object *obj) */ qdev_property_add_static(DEVICE(obj), &arm_cpu_has_el3_property, &error_abort); + +#ifndef CONFIG_USER_ONLY + object_property_add_link(obj, "secure-memory", + TYPE_MEMORY_REGION, + (Object **)&cpu->secure_memory, + qdev_prop_allow_set_link_before_realize, + OBJ_PROP_LINK_UNREF_ON_RELEASE, + &error_abort); +#endif } if (arm_feature(&cpu->env, ARM_FEATURE_MPU)) { @@ -666,6 +675,29 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp) init_cpreg_list(cpu); +#ifndef CONFIG_USER_ONLY + if (cpu->has_el3) { + cs->num_ases = 2; + } else { + cs->num_ases = 1; + } + + if (cpu->has_el3) { + AddressSpace *as; + + if (!cpu->secure_memory) { + cpu->secure_memory = cs->memory; + } + as = address_space_init_shareable(cpu->secure_memory, + "cpu-secure-memory"); + cpu_address_space_init(cs, as, ARMASIdx_S); + } + cpu_address_space_init(cs, + address_space_init_shareable(cs->memory, + "cpu-memory"), + ARMASIdx_NS); +#endif + qemu_init_vcpu(cs); cpu_reset(cs); diff --git a/target-arm/cpu.h b/target-arm/cpu.h index 815fef8a30..9108b5bd6d 100644 --- a/target-arm/cpu.h +++ b/target-arm/cpu.h @@ -1720,6 +1720,12 @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch) return el; } +/* Indexes used when registering address spaces with cpu_address_space_init */ +typedef enum ARMASIdx { + ARMASIdx_NS = 0, + ARMASIdx_S = 1, +} ARMASIdx; + /* Return the Exception Level targeted by debug exceptions; * currently always EL1 since we don't implement EL2 or EL3. */ -- cgit v1.2.3 From 017518c1f6ed9939c7f390cb91078f0919b5494c Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:06 +0000 Subject: target-arm: Implement asidx_from_attrs Implement the asidx_from_attrs CPU method to return the Secure or NonSecure address space as appropriate. (The function is inline so we can use it directly in target-arm code to be added in later patches.) Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- target-arm/cpu.c | 1 + target-arm/cpu.h | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/target-arm/cpu.c b/target-arm/cpu.c index 57f1754cbf..808ec48420 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c @@ -1452,6 +1452,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void *data) cc->do_interrupt = arm_cpu_do_interrupt; cc->do_unaligned_access = arm_cpu_do_unaligned_access; cc->get_phys_page_debug = arm_cpu_get_phys_page_debug; + cc->asidx_from_attrs = arm_asidx_from_attrs; cc->vmsd = &vmstate_arm_cpu; cc->virtio_is_big_endian = arm_cpu_is_big_endian; cc->write_elf64_note = arm_cpu_write_elf64_note; diff --git a/target-arm/cpu.h b/target-arm/cpu.h index 9108b5bd6d..ee873b7079 100644 --- a/target-arm/cpu.h +++ b/target-arm/cpu.h @@ -1997,4 +1997,12 @@ enum { QEMU_PSCI_CONDUIT_HVC = 2, }; +#ifndef CONFIG_USER_ONLY +/* Return the address space index to use for a memory access */ +static inline int arm_asidx_from_attrs(CPUState *cs, MemTxAttrs attrs) +{ + return attrs.secure ? ARMASIdx_S : ARMASIdx_NS; +} +#endif + #endif -- cgit v1.2.3 From 0faea0c7e6b729c64035b3591b184eeeeef6f1d4 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:07 +0000 Subject: target-arm: Implement cpu_get_phys_page_attrs_debug Implement cpu_get_phys_page_attrs_debug instead of cpu_get_phys_page_debug. Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- target-arm/cpu-qom.h | 3 ++- target-arm/cpu.c | 2 +- target-arm/helper.c | 9 +++++---- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h index 333af589bc..ad5ee38016 100644 --- a/target-arm/cpu-qom.h +++ b/target-arm/cpu-qom.h @@ -219,7 +219,8 @@ bool arm_cpu_exec_interrupt(CPUState *cpu, int int_req); void arm_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf, int flags); -hwaddr arm_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr); +hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr, + MemTxAttrs *attrs); int arm_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg); int arm_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg); diff --git a/target-arm/cpu.c b/target-arm/cpu.c index 808ec48420..6c34476a3d 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c @@ -1451,7 +1451,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void *data) #else cc->do_interrupt = arm_cpu_do_interrupt; cc->do_unaligned_access = arm_cpu_do_unaligned_access; - cc->get_phys_page_debug = arm_cpu_get_phys_page_debug; + cc->get_phys_page_attrs_debug = arm_cpu_get_phys_page_attrs_debug; cc->asidx_from_attrs = arm_asidx_from_attrs; cc->vmsd = &vmstate_arm_cpu; cc->virtio_is_big_endian = arm_cpu_is_big_endian; diff --git a/target-arm/helper.c b/target-arm/helper.c index f956b67ded..16a5406e21 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -7346,7 +7346,8 @@ bool arm_tlb_fill(CPUState *cs, vaddr address, return ret; } -hwaddr arm_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) +hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr, + MemTxAttrs *attrs) { ARMCPU *cpu = ARM_CPU(cs); CPUARMState *env = &cpu->env; @@ -7355,16 +7356,16 @@ hwaddr arm_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) int prot; bool ret; uint32_t fsr; - MemTxAttrs attrs = {}; ARMMMUFaultInfo fi = {}; + *attrs = (MemTxAttrs) {}; + ret = get_phys_addr(env, addr, 0, cpu_mmu_index(env, false), &phys_addr, - &attrs, &prot, &page_size, &fsr, &fi); + attrs, &prot, &page_size, &fsr, &fi); if (ret) { return -1; } - return phys_addr; } -- cgit v1.2.3 From 5ce4ff6502fc6ae01a30c3917996c6c41be1d176 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:07 +0000 Subject: target-arm: Support multiple address spaces in page table walks If we have a secure address space, use it in page table walks: when doing the physical accesses to read descriptors, make them through the correct address space. (The descriptor reads are the only direct physical accesses made in target-arm/ for CPUs which might have TrustZone.) Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- target-arm/cpu.h | 9 +++++++++ target-arm/helper.c | 8 ++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/target-arm/cpu.h b/target-arm/cpu.h index ee873b7079..5f8134296b 100644 --- a/target-arm/cpu.h +++ b/target-arm/cpu.h @@ -2003,6 +2003,15 @@ static inline int arm_asidx_from_attrs(CPUState *cs, MemTxAttrs attrs) { return attrs.secure ? ARMASIdx_S : ARMASIdx_NS; } + +/* Return the AddressSpace to use for a memory access + * (which depends on whether the access is S or NS, and whether + * the board gave us a separate AddressSpace for S accesses). + */ +static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs) +{ + return cpu_get_address_space(cs, arm_asidx_from_attrs(cs, attrs)); +} #endif #endif diff --git a/target-arm/helper.c b/target-arm/helper.c index 16a5406e21..6c5dcfd3cf 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -6273,13 +6273,15 @@ static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure, ARMCPU *cpu = ARM_CPU(cs); CPUARMState *env = &cpu->env; MemTxAttrs attrs = {}; + AddressSpace *as; attrs.secure = is_secure; + as = arm_addressspace(cs, attrs); addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fsr, fi); if (fi->s1ptw) { return 0; } - return address_space_ldl(cs->as, addr, attrs, NULL); + return address_space_ldl(as, addr, attrs, NULL); } static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure, @@ -6289,13 +6291,15 @@ static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure, ARMCPU *cpu = ARM_CPU(cs); CPUARMState *env = &cpu->env; MemTxAttrs attrs = {}; + AddressSpace *as; attrs.secure = is_secure; + as = arm_addressspace(cs, attrs); addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fsr, fi); if (fi->s1ptw) { return 0; } - return address_space_ldq(cs->as, addr, attrs, NULL); + return address_space_ldq(as, addr, attrs, NULL); } static bool get_phys_addr_v5(CPUARMState *env, uint32_t address, -- cgit v1.2.3 From 1d939a68afe1673441250b495ed2e5f9b568a2fb Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:07 +0000 Subject: hw/arm/virt: Wire up memory region to CPUs explicitly Wire up the system memory region to the CPUs explicitly by setting the QOM property. This doesn't change anything over letting it default, but will be needed for adding a secure memory region later. Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias Acked-by: Edgar E. Iglesias --- hw/arm/virt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 05f9087cca..82754dc80d 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -1093,6 +1093,9 @@ static void machvirt_init(MachineState *machine) "reset-cbar", &error_abort); } + object_property_set_link(cpuobj, OBJECT(sysmem), "memory", + &error_abort); + object_property_set_bool(cpuobj, true, "realized", NULL); } g_strfreev(cpustr); -- cgit v1.2.3 From 3df708eb48180fcf11956b81fd6a036cd13ed5f1 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:07 +0000 Subject: hw/arm/virt: add secure memory region and UART Add a secure memory region to the virt board, which is the same as the nonsecure memory region except that it also has a secure-only UART in it. This is only created if the board is started with the '-machine secure=on' property. Signed-off-by: Peter Maydell Acked-by: Edgar E. Iglesias --- hw/arm/virt.c | 55 ++++++++++++++++++++++++++++++++++++++++++++------- include/hw/arm/virt.h | 1 + 2 files changed, 49 insertions(+), 7 deletions(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 82754dc80d..134f452998 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -123,6 +123,7 @@ static const MemMapEntry a15memmap[] = { [VIRT_RTC] = { 0x09010000, 0x00001000 }, [VIRT_FW_CFG] = { 0x09020000, 0x00000018 }, [VIRT_GPIO] = { 0x09030000, 0x00001000 }, + [VIRT_SECURE_UART] = { 0x09040000, 0x00001000 }, [VIRT_MMIO] = { 0x0a000000, 0x00000200 }, /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */ [VIRT_PLATFORM_BUS] = { 0x0c000000, 0x02000000 }, @@ -139,6 +140,7 @@ static const int a15irqmap[] = { [VIRT_RTC] = 2, [VIRT_PCIE] = 3, /* ... to 6 */ [VIRT_GPIO] = 7, + [VIRT_SECURE_UART] = 8, [VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */ [VIRT_GIC_V2M] = 48, /* ...to 48 + NUM_GICV2M_SPIS - 1 */ [VIRT_PLATFORM_BUS] = 112, /* ...to 112 + PLATFORM_BUS_NUM_IRQS -1 */ @@ -489,16 +491,22 @@ static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic, int type, bool secure) } } -static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic) +static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic, int uart, + MemoryRegion *mem) { char *nodename; - hwaddr base = vbi->memmap[VIRT_UART].base; - hwaddr size = vbi->memmap[VIRT_UART].size; - int irq = vbi->irqmap[VIRT_UART]; + hwaddr base = vbi->memmap[uart].base; + hwaddr size = vbi->memmap[uart].size; + int irq = vbi->irqmap[uart]; const char compat[] = "arm,pl011\0arm,primecell"; const char clocknames[] = "uartclk\0apb_pclk"; + DeviceState *dev = qdev_create(NULL, "pl011"); + SysBusDevice *s = SYS_BUS_DEVICE(dev); - sysbus_create_simple("pl011", base, pic[irq]); + qdev_init_nofail(dev); + memory_region_add_subregion(mem, base, + sysbus_mmio_get_region(s, 0)); + sysbus_connect_irq(s, 0, pic[irq]); nodename = g_strdup_printf("/pl011@%" PRIx64, base); qemu_fdt_add_subnode(vbi->fdt, nodename); @@ -515,7 +523,14 @@ static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic) qemu_fdt_setprop(vbi->fdt, nodename, "clock-names", clocknames, sizeof(clocknames)); - qemu_fdt_setprop_string(vbi->fdt, "/chosen", "stdout-path", nodename); + if (uart == VIRT_UART) { + qemu_fdt_setprop_string(vbi->fdt, "/chosen", "stdout-path", nodename); + } else { + /* Mark as not usable by the normal world */ + qemu_fdt_setprop_string(vbi->fdt, nodename, "status", "disabled"); + qemu_fdt_setprop_string(vbi->fdt, nodename, "secure-status", "okay"); + } + g_free(nodename); } @@ -995,6 +1010,7 @@ static void machvirt_init(MachineState *machine) VirtMachineState *vms = VIRT_MACHINE(machine); qemu_irq pic[NUM_IRQS]; MemoryRegion *sysmem = get_system_memory(); + MemoryRegion *secure_sysmem = NULL; int gic_version = vms->gic_version; int n, max_cpus; MemoryRegion *ram = g_new(MemoryRegion, 1); @@ -1053,6 +1069,23 @@ static void machvirt_init(MachineState *machine) exit(1); } + if (vms->secure) { + if (kvm_enabled()) { + error_report("mach-virt: KVM does not support Security extensions"); + exit(1); + } + + /* The Secure view of the world is the same as the NonSecure, + * but with a few extra devices. Create it as a container region + * containing the system memory at low priority; any secure-only + * devices go in at higher priority and take precedence. + */ + secure_sysmem = g_new(MemoryRegion, 1); + memory_region_init(secure_sysmem, OBJECT(machine), "secure-memory", + UINT64_MAX); + memory_region_add_subregion_overlap(secure_sysmem, 0, sysmem, -1); + } + create_fdt(vbi); for (n = 0; n < smp_cpus; n++) { @@ -1095,6 +1128,10 @@ static void machvirt_init(MachineState *machine) object_property_set_link(cpuobj, OBJECT(sysmem), "memory", &error_abort); + if (vms->secure) { + object_property_set_link(cpuobj, OBJECT(secure_sysmem), + "secure-memory", &error_abort); + } object_property_set_bool(cpuobj, true, "realized", NULL); } @@ -1111,7 +1148,11 @@ static void machvirt_init(MachineState *machine) create_gic(vbi, pic, gic_version, vms->secure); - create_uart(vbi, pic); + create_uart(vbi, pic, VIRT_UART, sysmem); + + if (vms->secure) { + create_uart(vbi, pic, VIRT_SECURE_UART, secure_sysmem); + } create_rtc(vbi, pic); diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h index 925faa7249..1ce7847ae6 100644 --- a/include/hw/arm/virt.h +++ b/include/hw/arm/virt.h @@ -60,6 +60,7 @@ enum { VIRT_PLATFORM_BUS, VIRT_PCIE_MMIO_HIGH, VIRT_GPIO, + VIRT_SECURE_UART, }; typedef struct MemMapEntry { -- cgit v1.2.3 From caa49adbccffb7d50cdd8d0faf0d88647901998b Mon Sep 17 00:00:00 2001 From: Christoffer Dall Date: Thu, 21 Jan 2016 14:15:07 +0000 Subject: hw/arm/virt: Add always-on property to the virt board timer The virt board has an arch timer, which is always on. Emit the "always-on" property to indicate to Linux that it can switch off the periodic timer and reduces the amount of interrupts injected into a guest. Signed-off-by: Christoffer Dall Reviewed-by: Andrew Jones Message-id: 1453204158-11412-1-git-send-email-christoffer.dall@linaro.org Signed-off-by: Peter Maydell --- hw/arm/virt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 134f452998..15658f49c4 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -293,6 +293,7 @@ static void fdt_add_timer_nodes(const VirtBoardInfo *vbi, int gictype) qemu_fdt_setprop_string(vbi->fdt, "/timer", "compatible", "arm,armv7-timer"); } + qemu_fdt_setprop(vbi->fdt, "/timer", "always-on", NULL, 0); qemu_fdt_setprop_cells(vbi->fdt, "/timer", "interrupts", GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_S_EL1_IRQ, irqflags, GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_NS_EL1_IRQ, irqflags, -- cgit v1.2.3 From 3355c360534321f81d25afb1aeaab15ab6e43be8 Mon Sep 17 00:00:00 2001 From: Alistair Francis Date: Thu, 21 Jan 2016 14:15:08 +0000 Subject: arm_gic: Update ID registers based on revision MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update the GIC ID registers (registers above 0xfe0) based on the GIC revision instead of using the sames values for all GIC implementations. Signed-off-by: Alistair Francis Tested-by: Sören Brinkmann Message-id: 629e7fa5d47f2800e51cc1f18d12635f1eece349.1453333840.git.alistair.francis@xilinx.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/intc/arm_gic.c | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c index 13e297d52e..cd60176ff7 100644 --- a/hw/intc/arm_gic.c +++ b/hw/intc/arm_gic.c @@ -31,8 +31,16 @@ do { fprintf(stderr, "arm_gic: " fmt , ## __VA_ARGS__); } while (0) #define DPRINTF(fmt, ...) do {} while(0) #endif -static const uint8_t gic_id[] = { - 0x90, 0x13, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 +static const uint8_t gic_id_11mpcore[] = { + 0x00, 0x00, 0x00, 0x00, 0x90, 0x13, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 +}; + +static const uint8_t gic_id_gicv1[] = { + 0x04, 0x00, 0x00, 0x00, 0x90, 0xb3, 0x1b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 +}; + +static const uint8_t gic_id_gicv2[] = { + 0x04, 0x00, 0x00, 0x00, 0x90, 0xb4, 0x2b, 0x00, 0x0d, 0xf0, 0x05, 0xb1 }; static inline int gic_get_current_cpu(GICState *s) @@ -683,14 +691,31 @@ static uint32_t gic_dist_readb(void *opaque, hwaddr offset, MemTxAttrs attrs) } res = s->sgi_pending[irq][cpu]; - } else if (offset < 0xfe0) { + } else if (offset < 0xfd0) { goto bad_reg; - } else /* offset >= 0xfe0 */ { + } else if (offset < 0x1000) { if (offset & 3) { res = 0; } else { - res = gic_id[(offset - 0xfe0) >> 2]; + switch (s->revision) { + case REV_11MPCORE: + res = gic_id_11mpcore[(offset - 0xfd0) >> 2]; + break; + case 1: + res = gic_id_gicv1[(offset - 0xfd0) >> 2]; + break; + case 2: + res = gic_id_gicv2[(offset - 0xfd0) >> 2]; + break; + case REV_NVIC: + /* Shouldn't be able to get here */ + abort(); + default: + res = 0; + } } + } else { + g_assert_not_reached(); } return res; bad_reg: -- cgit v1.2.3 From 446c81abf8e0572b8d5d23fe056516ac62af278d Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:08 +0000 Subject: target-arm: Properly support EL2 and EL3 in arm_el_is_aa64() Support EL2 and EL3 in arm_el_is_aa64() by implementing the logic for checking the SCR_EL3 and HCR_EL2 register-width bits as appropriate to determine the register width of lower exception levels. Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias --- target-arm/cpu.h | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/target-arm/cpu.h b/target-arm/cpu.h index 5f8134296b..b8b3364615 100644 --- a/target-arm/cpu.h +++ b/target-arm/cpu.h @@ -969,18 +969,33 @@ static inline bool arm_is_secure(CPUARMState *env) /* Return true if the specified exception level is running in AArch64 state. */ static inline bool arm_el_is_aa64(CPUARMState *env, int el) { - /* We don't currently support EL2, and this isn't valid for EL0 - * (if we're in EL0, is_a64() is what you want, and if we're not in EL0 - * then the state of EL0 isn't well defined.) + /* This isn't valid for EL0 (if we're in EL0, is_a64() is what you want, + * and if we're not in EL0 then the state of EL0 isn't well defined.) */ - assert(el == 1 || el == 3); + assert(el >= 1 && el <= 3); + bool aa64 = arm_feature(env, ARM_FEATURE_AARCH64); - /* AArch64-capable CPUs always run with EL1 in AArch64 mode. This - * is a QEMU-imposed simplification which we may wish to change later. - * If we in future support EL2 and/or EL3, then the state of lower - * exception levels is controlled by the HCR.RW and SCR.RW bits. + /* The highest exception level is always at the maximum supported + * register width, and then lower levels have a register width controlled + * by bits in the SCR or HCR registers. */ - return arm_feature(env, ARM_FEATURE_AARCH64); + if (el == 3) { + return aa64; + } + + if (arm_feature(env, ARM_FEATURE_EL3)) { + aa64 = aa64 && (env->cp15.scr_el3 & SCR_RW); + } + + if (el == 2) { + return aa64; + } + + if (arm_feature(env, ARM_FEATURE_EL2) && !arm_is_secure_below_el3(env)) { + aa64 = aa64 && (env->cp15.hcr_el2 & HCR_RW); + } + + return aa64; } /* Function for determing whether guest cp register reads and writes should -- cgit v1.2.3 From f3a9b6945cbbb23f3a70da14e9ffdf1e60c580a8 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:08 +0000 Subject: target-arm: Move aarch64_cpu_do_interrupt() to helper.c Move the aarch64_cpu_do_interrupt() function to helper.c. We want to be able to call this from code that isn't AArch64-only, and the move allows us to avoid awkward #ifdeffery at the callsite. Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias --- target-arm/cpu-qom.h | 2 +- target-arm/helper-a64.c | 104 ------------------------------------------------ target-arm/helper.c | 100 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 101 insertions(+), 105 deletions(-) diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h index ad5ee38016..979e1ee4cf 100644 --- a/target-arm/cpu-qom.h +++ b/target-arm/cpu-qom.h @@ -252,8 +252,8 @@ void arm_gt_stimer_cb(void *opaque); #ifdef TARGET_AARCH64 int aarch64_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg); int aarch64_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg); +#endif void aarch64_cpu_do_interrupt(CPUState *cs); -#endif #endif diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c index 01f3958b90..c7bfb4d8f7 100644 --- a/target-arm/helper-a64.c +++ b/target-arm/helper-a64.c @@ -26,7 +26,6 @@ #include "qemu/bitops.h" #include "internals.h" #include "qemu/crc32c.h" -#include "sysemu/kvm.h" #include /* For crc32 */ /* C2.4.7 Multiply and divide */ @@ -444,106 +443,3 @@ uint64_t HELPER(crc32c_64)(uint64_t acc, uint64_t val, uint32_t bytes) /* Linux crc32c converts the output to one's complement. */ return crc32c(acc, buf, bytes) ^ 0xffffffff; } - -#if !defined(CONFIG_USER_ONLY) - -/* Handle a CPU exception. */ -void aarch64_cpu_do_interrupt(CPUState *cs) -{ - ARMCPU *cpu = ARM_CPU(cs); - CPUARMState *env = &cpu->env; - unsigned int new_el = env->exception.target_el; - target_ulong addr = env->cp15.vbar_el[new_el]; - unsigned int new_mode = aarch64_pstate_mode(new_el, true); - - if (arm_current_el(env) < new_el) { - if (env->aarch64) { - addr += 0x400; - } else { - addr += 0x600; - } - } else if (pstate_read(env) & PSTATE_SP) { - addr += 0x200; - } - - arm_log_exception(cs->exception_index); - qemu_log_mask(CPU_LOG_INT, "...from EL%d to EL%d\n", arm_current_el(env), - new_el); - if (qemu_loglevel_mask(CPU_LOG_INT) - && !excp_is_internal(cs->exception_index)) { - qemu_log_mask(CPU_LOG_INT, "...with ESR %x/0x%" PRIx32 "\n", - env->exception.syndrome >> ARM_EL_EC_SHIFT, - env->exception.syndrome); - } - - if (arm_is_psci_call(cpu, cs->exception_index)) { - arm_handle_psci_call(cpu); - qemu_log_mask(CPU_LOG_INT, "...handled as PSCI call\n"); - return; - } - - switch (cs->exception_index) { - case EXCP_PREFETCH_ABORT: - case EXCP_DATA_ABORT: - env->cp15.far_el[new_el] = env->exception.vaddress; - qemu_log_mask(CPU_LOG_INT, "...with FAR 0x%" PRIx64 "\n", - env->cp15.far_el[new_el]); - /* fall through */ - case EXCP_BKPT: - case EXCP_UDEF: - case EXCP_SWI: - case EXCP_HVC: - case EXCP_HYP_TRAP: - case EXCP_SMC: - env->cp15.esr_el[new_el] = env->exception.syndrome; - break; - case EXCP_IRQ: - case EXCP_VIRQ: - addr += 0x80; - break; - case EXCP_FIQ: - case EXCP_VFIQ: - addr += 0x100; - break; - case EXCP_SEMIHOST: - qemu_log_mask(CPU_LOG_INT, - "...handling as semihosting call 0x%" PRIx64 "\n", - env->xregs[0]); - env->xregs[0] = do_arm_semihosting(env); - return; - default: - cpu_abort(cs, "Unhandled exception 0x%x\n", cs->exception_index); - } - - if (is_a64(env)) { - env->banked_spsr[aarch64_banked_spsr_index(new_el)] = pstate_read(env); - aarch64_save_sp(env, arm_current_el(env)); - env->elr_el[new_el] = env->pc; - } else { - env->banked_spsr[aarch64_banked_spsr_index(new_el)] = cpsr_read(env); - if (!env->thumb) { - env->cp15.esr_el[new_el] |= 1 << 25; - } - env->elr_el[new_el] = env->regs[15]; - - aarch64_sync_32_to_64(env); - - env->condexec_bits = 0; - } - qemu_log_mask(CPU_LOG_INT, "...with ELR 0x%" PRIx64 "\n", - env->elr_el[new_el]); - - pstate_write(env, PSTATE_DAIF | new_mode); - env->aarch64 = 1; - aarch64_restore_sp(env, new_el); - - env->pc = addr; - - qemu_log_mask(CPU_LOG_INT, "...to EL%d PC 0x%" PRIx64 " PSTATE 0x%x\n", - new_el, env->pc, pstate_read(env)); - - if (!kvm_enabled()) { - cs->interrupt_request |= CPU_INTERRUPT_EXITTB; - } -} -#endif diff --git a/target-arm/helper.c b/target-arm/helper.c index 6c5dcfd3cf..573e1556fd 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -12,6 +12,7 @@ #include "arm_ldst.h" #include /* For crc32 */ #include "exec/semihost.h" +#include "sysemu/kvm.h" #define ARM_CPU_FREQ 1000000000 /* FIXME: 1 GHz, should be configurable */ @@ -5902,6 +5903,105 @@ void arm_cpu_do_interrupt(CPUState *cs) cs->interrupt_request |= CPU_INTERRUPT_EXITTB; } +/* Handle a CPU exception. */ +void aarch64_cpu_do_interrupt(CPUState *cs) +{ + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + unsigned int new_el = env->exception.target_el; + target_ulong addr = env->cp15.vbar_el[new_el]; + unsigned int new_mode = aarch64_pstate_mode(new_el, true); + + if (arm_current_el(env) < new_el) { + if (env->aarch64) { + addr += 0x400; + } else { + addr += 0x600; + } + } else if (pstate_read(env) & PSTATE_SP) { + addr += 0x200; + } + + arm_log_exception(cs->exception_index); + qemu_log_mask(CPU_LOG_INT, "...from EL%d to EL%d\n", arm_current_el(env), + new_el); + if (qemu_loglevel_mask(CPU_LOG_INT) + && !excp_is_internal(cs->exception_index)) { + qemu_log_mask(CPU_LOG_INT, "...with ESR %x/0x%" PRIx32 "\n", + env->exception.syndrome >> ARM_EL_EC_SHIFT, + env->exception.syndrome); + } + + if (arm_is_psci_call(cpu, cs->exception_index)) { + arm_handle_psci_call(cpu); + qemu_log_mask(CPU_LOG_INT, "...handled as PSCI call\n"); + return; + } + + switch (cs->exception_index) { + case EXCP_PREFETCH_ABORT: + case EXCP_DATA_ABORT: + env->cp15.far_el[new_el] = env->exception.vaddress; + qemu_log_mask(CPU_LOG_INT, "...with FAR 0x%" PRIx64 "\n", + env->cp15.far_el[new_el]); + /* fall through */ + case EXCP_BKPT: + case EXCP_UDEF: + case EXCP_SWI: + case EXCP_HVC: + case EXCP_HYP_TRAP: + case EXCP_SMC: + env->cp15.esr_el[new_el] = env->exception.syndrome; + break; + case EXCP_IRQ: + case EXCP_VIRQ: + addr += 0x80; + break; + case EXCP_FIQ: + case EXCP_VFIQ: + addr += 0x100; + break; + case EXCP_SEMIHOST: + qemu_log_mask(CPU_LOG_INT, + "...handling as semihosting call 0x%" PRIx64 "\n", + env->xregs[0]); + env->xregs[0] = do_arm_semihosting(env); + return; + default: + cpu_abort(cs, "Unhandled exception 0x%x\n", cs->exception_index); + } + + if (is_a64(env)) { + env->banked_spsr[aarch64_banked_spsr_index(new_el)] = pstate_read(env); + aarch64_save_sp(env, arm_current_el(env)); + env->elr_el[new_el] = env->pc; + } else { + env->banked_spsr[aarch64_banked_spsr_index(new_el)] = cpsr_read(env); + if (!env->thumb) { + env->cp15.esr_el[new_el] |= 1 << 25; + } + env->elr_el[new_el] = env->regs[15]; + + aarch64_sync_32_to_64(env); + + env->condexec_bits = 0; + } + qemu_log_mask(CPU_LOG_INT, "...with ELR 0x%" PRIx64 "\n", + env->elr_el[new_el]); + + pstate_write(env, PSTATE_DAIF | new_mode); + env->aarch64 = 1; + aarch64_restore_sp(env, new_el); + + env->pc = addr; + + qemu_log_mask(CPU_LOG_INT, "...to EL%d PC 0x%" PRIx64 " PSTATE 0x%x\n", + new_el, env->pc, pstate_read(env)); + + if (!kvm_enabled()) { + cs->interrupt_request |= CPU_INTERRUPT_EXITTB; + } +} /* Return the exception level which controls this address translation regime */ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx) -- cgit v1.2.3 From 966f758c49ff478c4757efa5970ce649161bff92 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:08 +0000 Subject: target-arm: Use a single entry point for AArch64 and AArch32 exceptions If EL2 or EL3 is present on an AArch64 CPU, then exceptions can be taken to an exception level which is running AArch32 (if only EL0 and EL1 are present then EL1 must be AArch64 and all exceptions are taken to AArch64). To support this we need to have a single implementation of the CPU do_interrupt() method which can handle both 32 and 64 bit exception entry. Pull the common parts of aarch64_cpu_do_interrupt() and arm_cpu_do_interrupt() out into a new function which calls either the AArch32 or AArch64 specific entry code once it has worked out which one is needed. We temporarily special-case the handling of EXCP_SEMIHOST to avoid an assertion in arm_el_is_aa64(); the next patch will pull all the semihosting handling out to the arm_cpu_do_interrupt() level (since semihosting semantics depend on the register width of the calling code, not on that of any higher EL). Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias --- target-arm/cpu-qom.h | 2 -- target-arm/cpu64.c | 3 --- target-arm/helper.c | 75 ++++++++++++++++++++++++++++++---------------------- 3 files changed, 44 insertions(+), 36 deletions(-) diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h index 979e1ee4cf..07c0a71942 100644 --- a/target-arm/cpu-qom.h +++ b/target-arm/cpu-qom.h @@ -254,6 +254,4 @@ int aarch64_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg); int aarch64_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg); #endif -void aarch64_cpu_do_interrupt(CPUState *cs); - #endif diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c index 5f8a177475..cc177bb9f6 100644 --- a/target-arm/cpu64.c +++ b/target-arm/cpu64.c @@ -291,9 +291,6 @@ static void aarch64_cpu_class_init(ObjectClass *oc, void *data) { CPUClass *cc = CPU_CLASS(oc); -#if !defined(CONFIG_USER_ONLY) - cc->do_interrupt = aarch64_cpu_do_interrupt; -#endif cc->cpu_exec_interrupt = arm_cpu_exec_interrupt; cc->set_pc = aarch64_cpu_set_pc; cc->gdb_read_register = aarch64_cpu_gdb_read_register; diff --git a/target-arm/helper.c b/target-arm/helper.c index 573e1556fd..8f3a4579fa 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5708,8 +5708,7 @@ void aarch64_sync_64_to_32(CPUARMState *env) env->regs[15] = env->pc; } -/* Handle a CPU exception. */ -void arm_cpu_do_interrupt(CPUState *cs) +static void arm_cpu_do_interrupt_aarch32(CPUState *cs) { ARMCPU *cpu = ARM_CPU(cs); CPUARMState *env = &cpu->env; @@ -5719,16 +5718,6 @@ void arm_cpu_do_interrupt(CPUState *cs) uint32_t offset; uint32_t moe; - assert(!IS_M(env)); - - arm_log_exception(cs->exception_index); - - if (arm_is_psci_call(cpu, cs->exception_index)) { - arm_handle_psci_call(cpu); - qemu_log_mask(CPU_LOG_INT, "...handled as PSCI call\n"); - return; - } - /* If this is a debug exception we must update the DBGDSCR.MOE bits */ switch (env->exception.syndrome >> ARM_EL_EC_SHIFT) { case EC_BREAKPOINT: @@ -5900,11 +5889,10 @@ void arm_cpu_do_interrupt(CPUState *cs) } env->regs[14] = env->regs[15] + offset; env->regs[15] = addr; - cs->interrupt_request |= CPU_INTERRUPT_EXITTB; } -/* Handle a CPU exception. */ -void aarch64_cpu_do_interrupt(CPUState *cs) +/* Handle exception entry to a target EL which is using AArch64 */ +static void arm_cpu_do_interrupt_aarch64(CPUState *cs) { ARMCPU *cpu = ARM_CPU(cs); CPUARMState *env = &cpu->env; @@ -5922,22 +5910,6 @@ void aarch64_cpu_do_interrupt(CPUState *cs) addr += 0x200; } - arm_log_exception(cs->exception_index); - qemu_log_mask(CPU_LOG_INT, "...from EL%d to EL%d\n", arm_current_el(env), - new_el); - if (qemu_loglevel_mask(CPU_LOG_INT) - && !excp_is_internal(cs->exception_index)) { - qemu_log_mask(CPU_LOG_INT, "...with ESR %x/0x%" PRIx32 "\n", - env->exception.syndrome >> ARM_EL_EC_SHIFT, - env->exception.syndrome); - } - - if (arm_is_psci_call(cpu, cs->exception_index)) { - arm_handle_psci_call(cpu); - qemu_log_mask(CPU_LOG_INT, "...handled as PSCI call\n"); - return; - } - switch (cs->exception_index) { case EXCP_PREFETCH_ABORT: case EXCP_DATA_ABORT: @@ -5997,6 +5969,47 @@ void aarch64_cpu_do_interrupt(CPUState *cs) qemu_log_mask(CPU_LOG_INT, "...to EL%d PC 0x%" PRIx64 " PSTATE 0x%x\n", new_el, env->pc, pstate_read(env)); +} + +/* Handle a CPU exception for A and R profile CPUs. + * Do any appropriate logging, handle PSCI calls, and then hand off + * to the AArch64-entry or AArch32-entry function depending on the + * target exception level's register width. + */ +void arm_cpu_do_interrupt(CPUState *cs) +{ + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + unsigned int new_el = env->exception.target_el; + + assert(!IS_M(env)); + + arm_log_exception(cs->exception_index); + qemu_log_mask(CPU_LOG_INT, "...from EL%d to EL%d\n", arm_current_el(env), + new_el); + if (qemu_loglevel_mask(CPU_LOG_INT) + && !excp_is_internal(cs->exception_index)) { + qemu_log_mask(CPU_LOG_INT, "...with ESR %x/0x%" PRIx32 "\n", + env->exception.syndrome >> ARM_EL_EC_SHIFT, + env->exception.syndrome); + } + + if (arm_is_psci_call(cpu, cs->exception_index)) { + arm_handle_psci_call(cpu); + qemu_log_mask(CPU_LOG_INT, "...handled as PSCI call\n"); + return; + } + + /* Temporary special case for EXCP_SEMIHOST, which is used only + * for 64-bit semihosting calls -- as this is an internal exception + * it has no specified target level and arm_el_is_aa64() would + * assert because new_el could be 0. + */ + if (cs->exception_index == EXCP_SEMIHOST || arm_el_is_aa64(env, new_el)) { + arm_cpu_do_interrupt_aarch64(cs); + } else { + arm_cpu_do_interrupt_aarch32(cs); + } if (!kvm_enabled()) { cs->interrupt_request |= CPU_INTERRUPT_EXITTB; -- cgit v1.2.3 From 904c04de2e1b425e7bc8c4ce2fae3d652eeed242 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:08 +0000 Subject: target-arm: Pull semihosting handling out to arm_cpu_do_interrupt() Handling of semihosting calls should depend on the register width of the calling code, not on that of any higher exception level, so we need to identify and handle semihosting calls before we decide whether to deliver the exception as an entry to AArch32 or AArch64. (EXCP_SEMIHOST is also an "internal exception" so it has no target exception level in the first place.) This will allow AArch32 EL1 code to use semihosting calls when running under an AArch64 EL3. Signed-off-by: Peter Maydell --- target-arm/helper.c | 120 +++++++++++++++++++++++++++++++++++----------------- 1 file changed, 81 insertions(+), 39 deletions(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index 8f3a4579fa..90c985ab35 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5755,27 +5755,6 @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs) offset = 4; break; case EXCP_SWI: - if (semihosting_enabled()) { - /* Check for semihosting interrupt. */ - if (env->thumb) { - mask = arm_lduw_code(env, env->regs[15] - 2, env->bswap_code) - & 0xff; - } else { - mask = arm_ldl_code(env, env->regs[15] - 4, env->bswap_code) - & 0xffffff; - } - /* Only intercept calls from privileged modes, to provide some - semblance of security. */ - if (((mask == 0x123456 && !env->thumb) - || (mask == 0xab && env->thumb)) - && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) { - qemu_log_mask(CPU_LOG_INT, - "...handling as semihosting call 0x%x\n", - env->regs[0]); - env->regs[0] = do_arm_semihosting(env); - return; - } - } new_mode = ARM_CPU_MODE_SVC; addr = 0x08; mask = CPSR_I; @@ -5783,19 +5762,6 @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs) offset = 0; break; case EXCP_BKPT: - /* See if this is a semihosting syscall. */ - if (env->thumb && semihosting_enabled()) { - mask = arm_lduw_code(env, env->regs[15], env->bswap_code) & 0xff; - if (mask == 0xab - && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) { - env->regs[15] += 2; - qemu_log_mask(CPU_LOG_INT, - "...handling as semihosting call 0x%x\n", - env->regs[0]); - env->regs[0] = do_arm_semihosting(env); - return; - } - } env->exception.fsr = 2; /* Fall through to prefetch abort. */ case EXCP_PREFETCH_ABORT: @@ -5971,6 +5937,78 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs) new_el, env->pc, pstate_read(env)); } +static inline bool check_for_semihosting(CPUState *cs) +{ + /* Check whether this exception is a semihosting call; if so + * then handle it and return true; otherwise return false. + */ + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + + if (is_a64(env)) { + if (cs->exception_index == EXCP_SEMIHOST) { + /* This is always the 64-bit semihosting exception. + * The "is this usermode" and "is semihosting enabled" + * checks have been done at translate time. + */ + qemu_log_mask(CPU_LOG_INT, + "...handling as semihosting call 0x%" PRIx64 "\n", + env->xregs[0]); + env->xregs[0] = do_arm_semihosting(env); + return true; + } + return false; + } else { + uint32_t imm; + + /* Only intercept calls from privileged modes, to provide some + * semblance of security. + */ + if (!semihosting_enabled() || + ((env->uncached_cpsr & CPSR_M) == ARM_CPU_MODE_USR)) { + return false; + } + + switch (cs->exception_index) { + case EXCP_SWI: + /* Check for semihosting interrupt. */ + if (env->thumb) { + imm = arm_lduw_code(env, env->regs[15] - 2, env->bswap_code) + & 0xff; + if (imm == 0xab) { + break; + } + } else { + imm = arm_ldl_code(env, env->regs[15] - 4, env->bswap_code) + & 0xffffff; + if (imm == 0x123456) { + break; + } + } + return false; + case EXCP_BKPT: + /* See if this is a semihosting syscall. */ + if (env->thumb) { + imm = arm_lduw_code(env, env->regs[15], env->bswap_code) + & 0xff; + if (imm == 0xab) { + env->regs[15] += 2; + break; + } + } + return false; + default: + return false; + } + + qemu_log_mask(CPU_LOG_INT, + "...handling as semihosting call 0x%x\n", + env->regs[0]); + env->regs[0] = do_arm_semihosting(env); + return true; + } +} + /* Handle a CPU exception for A and R profile CPUs. * Do any appropriate logging, handle PSCI calls, and then hand off * to the AArch64-entry or AArch32-entry function depending on the @@ -6000,12 +6038,16 @@ void arm_cpu_do_interrupt(CPUState *cs) return; } - /* Temporary special case for EXCP_SEMIHOST, which is used only - * for 64-bit semihosting calls -- as this is an internal exception - * it has no specified target level and arm_el_is_aa64() would - * assert because new_el could be 0. + /* Semihosting semantics depend on the register width of the + * code that caused the exception, not the target exception level, + * so must be handled here. */ - if (cs->exception_index == EXCP_SEMIHOST || arm_el_is_aa64(env, new_el)) { + if (check_for_semihosting(cs)) { + return; + } + + assert(!excp_is_internal(cs->exception_index)); + if (arm_el_is_aa64(env, new_el)) { arm_cpu_do_interrupt_aarch64(cs); } else { arm_cpu_do_interrupt_aarch32(cs); -- cgit v1.2.3 From 3d6f761713745dfed7d2ccfe98077d213a6a6eba Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:08 +0000 Subject: target-arm: Fix wrong AArch64 entry offset for EL2/EL3 target The entry offset when taking an exception to AArch64 from a lower exception level may be 0x400 or 0x600. 0x400 is used if the implemented exception level immediately lower than the target level is using AArch64, and 0x600 if it is using AArch32. We were incorrectly implementing this as checking the exception level that the exception was taken from. (The two can be different if for example we take an exception from EL0 to AArch64 EL3; we should in this case be checking EL2 if EL2 is implemented, and EL1 if EL2 is not implemented.) Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias --- target-arm/helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index 90c985ab35..06eb7752c9 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -5867,7 +5867,26 @@ static void arm_cpu_do_interrupt_aarch64(CPUState *cs) unsigned int new_mode = aarch64_pstate_mode(new_el, true); if (arm_current_el(env) < new_el) { - if (env->aarch64) { + /* Entry vector offset depends on whether the implemented EL + * immediately lower than the target level is using AArch32 or AArch64 + */ + bool is_aa64; + + switch (new_el) { + case 3: + is_aa64 = (env->cp15.scr_el3 & SCR_RW) != 0; + break; + case 2: + is_aa64 = (env->cp15.hcr_el2 & HCR_RW) != 0; + break; + case 1: + is_aa64 = is_a64(env); + break; + default: + g_assert_not_reached(); + } + + if (is_aa64) { addr += 0x400; } else { addr += 0x600; -- cgit v1.2.3 From 3809951bf61605974b91578c582de4da28f8ed07 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:09 +0000 Subject: target-arm: Handle exception return from AArch64 to non-EL0 AArch32 Remove the assumptions that the AArch64 exception return code was making about a return to AArch32 always being a return to EL0. This includes pulling out the illegal-SPSR checks so we can apply them for return to 32 bit as well as return to 64-bit. Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias --- target-arm/op_helper.c | 80 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 59 insertions(+), 21 deletions(-) diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c index 7b6b3fd97c..b9f51e0822 100644 --- a/target-arm/op_helper.c +++ b/target-arm/op_helper.c @@ -641,12 +641,51 @@ void HELPER(pre_smc)(CPUARMState *env, uint32_t syndrome) } } +static int el_from_spsr(uint32_t spsr) +{ + /* Return the exception level that this SPSR is requesting a return to, + * or -1 if it is invalid (an illegal return) + */ + if (spsr & PSTATE_nRW) { + switch (spsr & CPSR_M) { + case ARM_CPU_MODE_USR: + return 0; + case ARM_CPU_MODE_HYP: + return 2; + case ARM_CPU_MODE_FIQ: + case ARM_CPU_MODE_IRQ: + case ARM_CPU_MODE_SVC: + case ARM_CPU_MODE_ABT: + case ARM_CPU_MODE_UND: + case ARM_CPU_MODE_SYS: + return 1; + case ARM_CPU_MODE_MON: + /* Returning to Mon from AArch64 is never possible, + * so this is an illegal return. + */ + default: + return -1; + } + } else { + if (extract32(spsr, 1, 1)) { + /* Return with reserved M[1] bit set */ + return -1; + } + if (extract32(spsr, 0, 4) == 1) { + /* return to EL0 with M[0] bit set */ + return -1; + } + return extract32(spsr, 2, 2); + } +} + void HELPER(exception_return)(CPUARMState *env) { int cur_el = arm_current_el(env); unsigned int spsr_idx = aarch64_banked_spsr_index(cur_el); uint32_t spsr = env->banked_spsr[spsr_idx]; int new_el; + bool return_to_aa64 = (spsr & PSTATE_nRW) == 0; aarch64_save_sp(env, cur_el); @@ -663,35 +702,34 @@ void HELPER(exception_return)(CPUARMState *env) spsr &= ~PSTATE_SS; } - if (spsr & PSTATE_nRW) { - /* TODO: We currently assume EL1/2/3 are running in AArch64. */ + new_el = el_from_spsr(spsr); + if (new_el == -1) { + goto illegal_return; + } + if (new_el > cur_el + || (new_el == 2 && !arm_feature(env, ARM_FEATURE_EL2))) { + /* Disallow return to an EL which is unimplemented or higher + * than the current one. + */ + goto illegal_return; + } + + if (new_el != 0 && arm_el_is_aa64(env, new_el) != return_to_aa64) { + /* Return to an EL which is configured for a different register width */ + goto illegal_return; + } + + if (!return_to_aa64) { env->aarch64 = 0; - new_el = 0; - env->uncached_cpsr = 0x10; + env->uncached_cpsr = spsr & CPSR_M; cpsr_write(env, spsr, ~0); if (!arm_singlestep_active(env)) { env->uncached_cpsr &= ~PSTATE_SS; } aarch64_sync_64_to_32(env); - env->regs[15] = env->elr_el[1] & ~0x1; + env->regs[15] = env->elr_el[cur_el] & ~0x1; } else { - new_el = extract32(spsr, 2, 2); - if (new_el > cur_el - || (new_el == 2 && !arm_feature(env, ARM_FEATURE_EL2))) { - /* Disallow return to an EL which is unimplemented or higher - * than the current one. - */ - goto illegal_return; - } - if (extract32(spsr, 1, 1)) { - /* Return with reserved M[1] bit set */ - goto illegal_return; - } - if (new_el == 0 && (spsr & PSTATE_SP)) { - /* Return to EL0 with M[0] bit set */ - goto illegal_return; - } env->aarch64 = 1; pstate_write(env, spsr); if (!arm_singlestep_active(env)) { -- cgit v1.2.3 From e393f339af87da7210f6c86902b321df6a2e8bf5 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:09 +0000 Subject: target-arm: Implement remaining illegal return event checks We already implement almost all the checks for the illegal return events from AArch64 state described in the ARM ARM section D1.11.2. Add the two missing ones: * return to EL2 when EL3 is implemented and SCR_EL3.NS is 0 * return to Non-secure EL1 when EL2 is implemented and HCR_EL2.TGE is 1 (We don't implement external debug, so the case of "debug state exit from EL0 using AArch64 state to EL0 using AArch32 state" doesn't apply for QEMU.) Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias --- target-arm/op_helper.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c index b9f51e0822..40224a8dfa 100644 --- a/target-arm/op_helper.c +++ b/target-arm/op_helper.c @@ -719,6 +719,16 @@ void HELPER(exception_return)(CPUARMState *env) goto illegal_return; } + if (new_el == 2 && arm_is_secure_below_el3(env)) { + /* Return to the non-existent secure-EL2 */ + goto illegal_return; + } + + if (new_el == 1 && (env->cp15.hcr_el2 & HCR_TGE) + && !arm_is_secure_below_el3(env)) { + goto illegal_return; + } + if (!return_to_aa64) { env->aarch64 = 0; env->uncached_cpsr = spsr & CPSR_M; -- cgit v1.2.3 From c1e0371442bf3a7e42ad53c2a3d816ed7099f81d Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:09 +0000 Subject: target-arm: ignore ELR_ELx[1] for exception return to 32-bit ARM mode The architecture requires that for an exception return to AArch32 the low bits of ELR_ELx are ignored when the PC is set from them: * if returning to Thumb mode, ignore ELR_ELx[0] * if returning to ARM mode, ignore ELR_ELx[1:0] We were only squashing bit 0; also squash bit 1 if the SPSR T bit indicates this is a return to ARM code. Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias --- target-arm/op_helper.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c index 40224a8dfa..a5ee65fe2f 100644 --- a/target-arm/op_helper.c +++ b/target-arm/op_helper.c @@ -738,7 +738,11 @@ void HELPER(exception_return)(CPUARMState *env) } aarch64_sync_64_to_32(env); - env->regs[15] = env->elr_el[cur_el] & ~0x1; + if (spsr & CPSR_T) { + env->regs[15] = env->elr_el[cur_el] & ~0x1; + } else { + env->regs[15] = env->elr_el[cur_el] & ~0x3; + } } else { env->aarch64 = 1; pstate_write(env, spsr); -- cgit v1.2.3 From 03fbf20f4da58f41998dc10ec7542f65d37ba759 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 21 Jan 2016 14:15:09 +0000 Subject: target-arm: Implement FPEXC32_EL2 system register The AArch64 FPEXC32_EL2 system register is visible at EL2 and EL3, and allows those exception levels to read and write the FPEXC register for a lower exception level that is using AArch32. Signed-off-by: Peter Maydell Reviewed-by: Edgar E. Iglesias Reviewed-by: Sergey Fedorov Message-id: 1453132414-8127-1-git-send-email-peter.maydell@linaro.org --- target-arm/helper.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/target-arm/helper.c b/target-arm/helper.c index 06eb7752c9..ae024869d0 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -2891,6 +2891,17 @@ static void sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri, tlb_flush(CPU(cpu), 1); } +static CPAccessResult fpexc32_access(CPUARMState *env, const ARMCPRegInfo *ri) +{ + if ((env->cp15.cptr_el[2] & CPTR_TFP) && arm_current_el(env) == 2) { + return CP_ACCESS_TRAP_EL2; + } + if (env->cp15.cptr_el[3] & CPTR_TFP) { + return CP_ACCESS_TRAP_EL3; + } + return CP_ACCESS_OK; +} + static const ARMCPRegInfo v8_cp_reginfo[] = { /* Minimal set of EL0-visible registers. This will need to be expanded * significantly for system emulation of AArch64 CPUs. @@ -3151,6 +3162,11 @@ static const ARMCPRegInfo v8_cp_reginfo[] = { .opc0 = 3, .opc1 = 0, .crn = 4, .crm = 2, .opc2 = 0, .type = ARM_CP_NO_RAW, .access = PL1_RW, .readfn = spsel_read, .writefn = spsel_write }, + { .name = "FPEXC32_EL2", .state = ARM_CP_STATE_AA64, + .opc0 = 3, .opc1 = 4, .crn = 5, .crm = 3, .opc2 = 0, + .type = ARM_CP_ALIAS, + .fieldoffset = offsetof(CPUARMState, vfp.xregs[ARM_VFP_FPEXC]), + .access = PL2_RW, .accessfn = fpexc32_access }, REGINFO_SENTINEL }; -- cgit v1.2.3