From 14ec3cbd7c1e31dca4d23f028100c8f43e156573 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven Date: Thu, 26 Apr 2018 11:04:38 +0100 Subject: device_tree: Increase FDT_MAX_SIZE to 1 MiB It is not uncommon for a contemporary FDT to be larger than 64 KiB, leading to failures loading the device tree from sysfs: qemu-system-aarch64: qemu_fdt_setprop: Couldn't set ...: FDT_ERR_NOSPACE Hence increase the limit to 1 MiB, like on PPC. For reference, the largest arm64 DTB created from the Linux sources is ca. 75 KiB large (100 KiB when built with symbols/fixup support). Cc: qemu-stable@nongnu.org Signed-off-by: Geert Uytterhoeven Message-id: 1523541337-23919-1-git-send-email-geert+renesas@glider.be Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- device_tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/device_tree.c b/device_tree.c index 19458b32bf..52c3358a55 100644 --- a/device_tree.c +++ b/device_tree.c @@ -29,7 +29,7 @@ #include -#define FDT_MAX_SIZE 0x10000 +#define FDT_MAX_SIZE 0x100000 void *create_device_tree(int *sizep) { -- cgit v1.2.3 From 75ed2c02484101d5b4995c56e78a894ac244ce05 Mon Sep 17 00:00:00 2001 From: Igor Mammedov Date: Thu, 26 Apr 2018 11:04:38 +0100 Subject: arm: always start from first_cpu when registering loader cpu reset callback if arm_load_kernel() were passed non first_cpu, QEMU would end up with partially set do_cpu_reset() callback leaving some CPUs without it. Make sure that do_cpu_reset() is registered for all CPUs by enumerating CPUs from first_cpu. (In practice every board that we have was passing us the first CPU as the boot CPU, either directly or indirectly, so this wasn't causing incorrect behaviour.) Signed-off-by: Igor Mammedov Reviewed-by: Peter Maydell [PMM: added a note that this isn't a behaviour change] Signed-off-by: Peter Maydell --- hw/arm/boot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/arm/boot.c b/hw/arm/boot.c index 26184bcd7c..9ae6ab2689 100644 --- a/hw/arm/boot.c +++ b/hw/arm/boot.c @@ -1188,7 +1188,7 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info) * actually loading a kernel, the handler is also responsible for * arranging that we start it correctly. */ - for (cs = CPU(cpu); cs; cs = CPU_NEXT(cs)) { + for (cs = first_cpu; cs; cs = CPU_NEXT(cs)) { qemu_register_reset(do_cpu_reset, ARM_CPU(cs)); } } -- cgit v1.2.3 From 145772707fe80395b87c244ccf5699a756f1946b Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 26 Apr 2018 11:04:38 +0100 Subject: target/arm: Remove stale TODO comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove a stale TODO comment -- we have now made the arm_ldl_ptw() and arm_ldq_ptw() functions propagate physical memory read errors out to their callers. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-id: 20180419142151.9862-1-peter.maydell@linaro.org --- target/arm/helper.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index b14fdab140..3ad0371aeb 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8680,13 +8680,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx, return addr; } -/* All loads done in the course of a page table walk go through here. - * TODO: rather than ignoring errors from physical memory reads (which - * are external aborts in ARM terminology) we should propagate this - * error out so that we can turn it into a Data Abort if this walk - * was being done for a CPU load/store or an address translation instruction - * (but not if it was for a debug access). - */ +/* All loads done in the course of a page table walk go through here. */ static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure, ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi) { -- cgit v1.2.3 From 4818bad98c8212fbbb0525d10761b6b65279ab92 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 26 Apr 2018 11:04:38 +0100 Subject: target/arm: Use v7m_stack_read() for reading the frame signature MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In commit 95695effe8caa552b8f2 we changed the v7M/v8M stack pop code to use a new v7m_stack_read() function that checks whether the read should fail due to an MPU or bus abort. We missed one call though, the one which reads the signature word for the callee-saved register part of the frame. Correct the omission. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-id: 20180419142106.9694-1-peter.maydell@linaro.org --- target/arm/helper.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 3ad0371aeb..0fa02c31e1 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -6913,7 +6913,6 @@ static bool v7m_push_stack(ARMCPU *cpu) static void do_v7m_exception_exit(ARMCPU *cpu) { CPUARMState *env = &cpu->env; - CPUState *cs = CPU(cpu); uint32_t excret; uint32_t xpsr; bool ufault = false; @@ -7112,9 +7111,11 @@ static void do_v7m_exception_exit(ARMCPU *cpu) ((excret & R_V7M_EXCRET_ES_MASK) == 0 || (excret & R_V7M_EXCRET_DCRS_MASK) == 0)) { uint32_t expected_sig = 0xfefa125b; - uint32_t actual_sig = ldl_phys(cs->as, frameptr); + uint32_t actual_sig; + + pop_ok = v7m_stack_read(cpu, &actual_sig, frameptr, mmu_idx); - if (expected_sig != actual_sig) { + if (pop_ok && expected_sig != actual_sig) { /* Take a SecureFault on the current stack */ env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); @@ -7125,7 +7126,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) return; } - pop_ok = + pop_ok = pop_ok && v7m_stack_read(cpu, &env->regs[4], frameptr + 0x8, mmu_idx) && v7m_stack_read(cpu, &env->regs[4], frameptr + 0x8, mmu_idx) && v7m_stack_read(cpu, &env->regs[5], frameptr + 0xc, mmu_idx) && -- cgit v1.2.3 From ccbc0e338486b21cb0eb52e52cd309bbbe6a7507 Mon Sep 17 00:00:00 2001 From: Aaron Lindsay Date: Thu, 26 Apr 2018 11:04:38 +0100 Subject: target/arm: Check PMCNTEN for whether PMCCNTR is enabled Signed-off-by: Aaron Lindsay Reviewed-by: Peter Maydell Message-id: 1523997485-1905-2-git-send-email-alindsay@codeaurora.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 0fa02c31e1..1526724d64 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -994,7 +994,7 @@ static inline bool arm_ccnt_enabled(CPUARMState *env) { /* This does not support checking PMCCFILTR_EL0 register */ - if (!(env->cp15.c9_pmcr & PMCRE)) { + if (!(env->cp15.c9_pmcr & PMCRE) || !(env->cp15.c9_pmcnten & (1 << 31))) { return false; } -- cgit v1.2.3 From 169c893874977eee8303a6dad4a3f25c5464858f Mon Sep 17 00:00:00 2001 From: Aaron Lindsay Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: target/arm: Treat PMCCNTR as alias of PMCCNTR_EL0 They share the same underlying state Signed-off-by: Aaron Lindsay Reviewed-by: Peter Maydell Message-id: 1523997485-1905-3-git-send-email-alindsay@codeaurora.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 1526724d64..7bf4afa719 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1318,7 +1318,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = { .fieldoffset = offsetof(CPUARMState, cp15.c9_pmselr), .writefn = pmselr_write, .raw_writefn = raw_write, }, { .name = "PMCCNTR", .cp = 15, .crn = 9, .crm = 13, .opc1 = 0, .opc2 = 0, - .access = PL0_RW, .resetvalue = 0, .type = ARM_CP_IO, + .access = PL0_RW, .resetvalue = 0, .type = ARM_CP_ALIAS | ARM_CP_IO, .readfn = pmccntr_read, .writefn = pmccntr_write32, .accessfn = pmreg_access_ccntr }, { .name = "PMCCNTR_EL0", .state = ARM_CP_STATE_AA64, -- cgit v1.2.3 From 7ece99b17e832065236c07a158dfac62619ef99b Mon Sep 17 00:00:00 2001 From: Aaron Lindsay Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: target/arm: Mask PMU register writes based on PMCR_EL0.N This is in preparation for enabling counters other than PMCCNTR Signed-off-by: Aaron Lindsay Reviewed-by: Peter Maydell Message-id: 1523997485-1905-5-git-send-email-alindsay@codeaurora.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 7bf4afa719..3238aacaa6 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -52,11 +52,6 @@ typedef struct V8M_SAttributes { static void v8m_security_lookup(CPUARMState *env, uint32_t address, MMUAccessType access_type, ARMMMUIdx mmu_idx, V8M_SAttributes *sattrs); - -/* Definitions for the PMCCNTR and PMCR registers */ -#define PMCRD 0x8 -#define PMCRC 0x4 -#define PMCRE 0x1 #endif static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg) @@ -906,6 +901,24 @@ static const ARMCPRegInfo v6_cp_reginfo[] = { REGINFO_SENTINEL }; +/* Definitions for the PMU registers */ +#define PMCRN_MASK 0xf800 +#define PMCRN_SHIFT 11 +#define PMCRD 0x8 +#define PMCRC 0x4 +#define PMCRE 0x1 + +static inline uint32_t pmu_num_counters(CPUARMState *env) +{ + return (env->cp15.c9_pmcr & PMCRN_MASK) >> PMCRN_SHIFT; +} + +/* Bits allowed to be set/cleared for PMCNTEN* and PMINTEN* */ +static inline uint64_t pmu_counter_mask(CPUARMState *env) +{ + return (1 << 31) | ((1 << pmu_num_counters(env)) - 1); +} + static CPAccessResult pmreg_access(CPUARMState *env, const ARMCPRegInfo *ri, bool isread) { @@ -1113,14 +1126,14 @@ static void pmccfiltr_write(CPUARMState *env, const ARMCPRegInfo *ri, static void pmcntenset_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { - value &= (1 << 31); + value &= pmu_counter_mask(env); env->cp15.c9_pmcnten |= value; } static void pmcntenclr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { - value &= (1 << 31); + value &= pmu_counter_mask(env); env->cp15.c9_pmcnten &= ~value; } @@ -1168,14 +1181,14 @@ static void pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { /* We have no event counters so only the C bit can be changed */ - value &= (1 << 31); + value &= pmu_counter_mask(env); env->cp15.c9_pminten |= value; } static void pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { - value &= (1 << 31); + value &= pmu_counter_mask(env); env->cp15.c9_pminten &= ~value; } -- cgit v1.2.3 From d5a5e4c93dae0dc3feb402cf7ee78d846da1a7e1 Mon Sep 17 00:00:00 2001 From: Aaron Lindsay Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: target/arm: Fetch GICv3 state directly from CPUARMState This eliminates the need for fetching it from el_change_hook_opaque, and allows for supporting multiple el_change_hooks without having to hack something together to find the registered opaque belonging to GICv3. Signed-off-by: Aaron Lindsay Reviewed-by: Peter Maydell Message-id: 1523997485-1905-6-git-send-email-alindsay@codeaurora.org Signed-off-by: Peter Maydell --- hw/intc/arm_gicv3_cpuif.c | 10 ++-------- target/arm/cpu.h | 10 ---------- 2 files changed, 2 insertions(+), 18 deletions(-) diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c index 26f5eeda94..cb9a3a542d 100644 --- a/hw/intc/arm_gicv3_cpuif.c +++ b/hw/intc/arm_gicv3_cpuif.c @@ -29,11 +29,7 @@ void gicv3_set_gicv3state(CPUState *cpu, GICv3CPUState *s) static GICv3CPUState *icc_cs_from_env(CPUARMState *env) { - /* Given the CPU, find the right GICv3CPUState struct. - * Since we registered the CPU interface with the EL change hook as - * the opaque pointer, we can just directly get from the CPU to it. - */ - return arm_get_el_change_hook_opaque(arm_env_get_cpu(env)); + return env->gicv3state; } static bool gicv3_use_ns_bank(CPUARMState *env) @@ -2615,9 +2611,7 @@ void gicv3_init_cpuif(GICv3State *s) * it might be with code translated by CPU 0 but run by CPU 1, in * which case we'd get the wrong value. * So instead we define the regs with no ri->opaque info, and - * get back to the GICv3CPUState from the ARMCPU by reading back - * the opaque pointer from the el_change_hook, which we're going - * to need to register anyway. + * get back to the GICv3CPUState from the CPUARMState. */ define_arm_cp_regs(cpu, gicv3_cpuif_reginfo); if (arm_feature(&cpu->env, ARM_FEATURE_EL2) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 19a0c03f9b..6bd8ff5917 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2902,16 +2902,6 @@ static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs) void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHook *hook, void *opaque); -/** - * arm_get_el_change_hook_opaque: - * Return the opaque data that will be used by the el_change_hook - * for this CPU. - */ -static inline void *arm_get_el_change_hook_opaque(ARMCPU *cpu) -{ - return cpu->el_change_hook_opaque; -} - /** * aa32_vfp_dreg: * Return a pointer to the Dn register within env in 32-bit mode. -- cgit v1.2.3 From 08267487c99e8150382420936ab72c1e0ad74ce3 Mon Sep 17 00:00:00 2001 From: Aaron Lindsay Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: target/arm: Support multiple EL change hooks Signed-off-by: Aaron Lindsay Message-id: 1523997485-1905-7-git-send-email-alindsay@codeaurora.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target/arm/cpu.c | 21 ++++++++++++++++----- target/arm/cpu.h | 20 ++++++++++---------- target/arm/internals.h | 7 ++++--- 3 files changed, 30 insertions(+), 18 deletions(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 022d8c5787..1f689f6817 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -55,13 +55,15 @@ static bool arm_cpu_has_work(CPUState *cs) | CPU_INTERRUPT_EXITTB); } -void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHook *hook, +void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook, void *opaque) { - /* We currently only support registering a single hook function */ - assert(!cpu->el_change_hook); - cpu->el_change_hook = hook; - cpu->el_change_hook_opaque = opaque; + ARMELChangeHook *entry = g_new0(ARMELChangeHook, 1); + + entry->hook = hook; + entry->opaque = opaque; + + QLIST_INSERT_HEAD(&cpu->el_change_hooks, entry, node); } static void cp_reg_reset(gpointer key, gpointer value, gpointer opaque) @@ -552,6 +554,8 @@ static void arm_cpu_initfn(Object *obj) cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal, g_free, g_free); + QLIST_INIT(&cpu->el_change_hooks); + #ifndef CONFIG_USER_ONLY /* Our inbound IRQ and FIQ lines */ if (kvm_enabled()) { @@ -713,7 +717,14 @@ static void arm_cpu_post_init(Object *obj) static void arm_cpu_finalizefn(Object *obj) { ARMCPU *cpu = ARM_CPU(obj); + ARMELChangeHook *hook, *next; + g_hash_table_destroy(cpu->cp_regs); + + QLIST_FOREACH_SAFE(hook, &cpu->el_change_hooks, node, next) { + QLIST_REMOVE(hook, node); + g_free(hook); + } } static void arm_cpu_realizefn(DeviceState *dev, Error **errp) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 6bd8ff5917..b3def5afad 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -632,12 +632,17 @@ typedef struct CPUARMState { } CPUARMState; /** - * ARMELChangeHook: + * ARMELChangeHookFn: * type of a function which can be registered via arm_register_el_change_hook() * to get callbacks when the CPU changes its exception level or mode. */ -typedef void ARMELChangeHook(ARMCPU *cpu, void *opaque); - +typedef void ARMELChangeHookFn(ARMCPU *cpu, void *opaque); +typedef struct ARMELChangeHook ARMELChangeHook; +struct ARMELChangeHook { + ARMELChangeHookFn *hook; + void *opaque; + QLIST_ENTRY(ARMELChangeHook) node; +}; /* These values map onto the return values for * QEMU_PSCI_0_2_FN_AFFINITY_INFO */ @@ -826,8 +831,7 @@ struct ARMCPU { */ bool cfgend; - ARMELChangeHook *el_change_hook; - void *el_change_hook_opaque; + QLIST_HEAD(, ARMELChangeHook) el_change_hooks; int32_t node_id; /* NUMA node this CPU belongs to */ @@ -2894,12 +2898,8 @@ static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs) * CPU changes exception level or mode. The hook function will be * passed a pointer to the ARMCPU and the opaque data pointer passed * to this function when the hook was registered. - * - * Note that we currently only support registering a single hook function, - * and will assert if this function is called twice. - * This facility is intended for the use of the GICv3 emulation. */ -void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHook *hook, +void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook, void *opaque); /** diff --git a/target/arm/internals.h b/target/arm/internals.h index 8ce944b7a0..6358c2ad5a 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -727,11 +727,12 @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr, int mmu_idx, MemTxAttrs attrs, MemTxResult response, uintptr_t retaddr); -/* Call the EL change hook if one has been registered */ +/* Call any registered EL change hooks */ static inline void arm_call_el_change_hook(ARMCPU *cpu) { - if (cpu->el_change_hook) { - cpu->el_change_hook(cpu, cpu->el_change_hook_opaque); + ARMELChangeHook *hook, *next; + QLIST_FOREACH_SAFE(hook, &cpu->el_change_hooks, node, next) { + hook->hook(cpu, hook->opaque); } } -- cgit v1.2.3 From b5c53d1b3886387874f8c8582b205aeb3e4c3df6 Mon Sep 17 00:00:00 2001 From: Aaron Lindsay Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: target/arm: Add pre-EL change hooks Because the design of the PMU requires that the counter values be converted between their delta and guest-visible forms for mode filtering, an additional hook which occurs before the EL is changed is necessary. Signed-off-by: Aaron Lindsay Message-id: 1523997485-1905-8-git-send-email-alindsay@codeaurora.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target/arm/cpu.c | 16 ++++++++++++++++ target/arm/cpu.h | 22 +++++++++++++++++++--- target/arm/helper.c | 14 ++++++++------ target/arm/internals.h | 7 +++++++ target/arm/op_helper.c | 8 ++++++++ 5 files changed, 58 insertions(+), 9 deletions(-) diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 1f689f6817..d175c5e94f 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -55,6 +55,17 @@ static bool arm_cpu_has_work(CPUState *cs) | CPU_INTERRUPT_EXITTB); } +void arm_register_pre_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook, + void *opaque) +{ + ARMELChangeHook *entry = g_new0(ARMELChangeHook, 1); + + entry->hook = hook; + entry->opaque = opaque; + + QLIST_INSERT_HEAD(&cpu->pre_el_change_hooks, entry, node); +} + void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook, void *opaque) { @@ -554,6 +565,7 @@ static void arm_cpu_initfn(Object *obj) cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal, g_free, g_free); + QLIST_INIT(&cpu->pre_el_change_hooks); QLIST_INIT(&cpu->el_change_hooks); #ifndef CONFIG_USER_ONLY @@ -721,6 +733,10 @@ static void arm_cpu_finalizefn(Object *obj) g_hash_table_destroy(cpu->cp_regs); + QLIST_FOREACH_SAFE(hook, &cpu->pre_el_change_hooks, node, next) { + QLIST_REMOVE(hook, node); + g_free(hook); + } QLIST_FOREACH_SAFE(hook, &cpu->el_change_hooks, node, next) { QLIST_REMOVE(hook, node); g_free(hook); diff --git a/target/arm/cpu.h b/target/arm/cpu.h index b3def5afad..b9b47f4b22 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -831,6 +831,7 @@ struct ARMCPU { */ bool cfgend; + QLIST_HEAD(, ARMELChangeHook) pre_el_change_hooks; QLIST_HEAD(, ARMELChangeHook) el_change_hooks; int32_t node_id; /* NUMA node this CPU belongs to */ @@ -2893,14 +2894,29 @@ static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs) #endif /** - * arm_register_el_change_hook: - * Register a hook function which will be called back whenever this + * arm_register_pre_el_change_hook: + * Register a hook function which will be called immediately before this * CPU changes exception level or mode. The hook function will be * passed a pointer to the ARMCPU and the opaque data pointer passed * to this function when the hook was registered. + * + * Note that if a pre-change hook is called, any registered post-change hooks + * are guaranteed to subsequently be called. */ -void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook, +void arm_register_pre_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook, void *opaque); +/** + * arm_register_el_change_hook: + * Register a hook function which will be called immediately after this + * CPU changes exception level or mode. The hook function will be + * passed a pointer to the ARMCPU and the opaque data pointer passed + * to this function when the hook was registered. + * + * Note that any registered hooks registered here are guaranteed to be called + * if pre-change hooks have been. + */ +void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook, void + *opaque); /** * aa32_vfp_dreg: diff --git a/target/arm/helper.c b/target/arm/helper.c index 3238aacaa6..81e88f255b 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8249,6 +8249,14 @@ void arm_cpu_do_interrupt(CPUState *cs) return; } + /* Hooks may change global state so BQL should be held, also the + * BQL needs to be held for any modification of + * cs->interrupt_request. + */ + g_assert(qemu_mutex_iothread_locked()); + + arm_call_pre_el_change_hook(cpu); + assert(!excp_is_internal(cs->exception_index)); if (arm_el_is_aa64(env, new_el)) { arm_cpu_do_interrupt_aarch64(cs); @@ -8256,12 +8264,6 @@ void arm_cpu_do_interrupt(CPUState *cs) arm_cpu_do_interrupt_aarch32(cs); } - /* Hooks may change global state so BQL should be held, also the - * BQL needs to be held for any modification of - * cs->interrupt_request. - */ - g_assert(qemu_mutex_iothread_locked()); - arm_call_el_change_hook(cpu); if (!kvm_enabled()) { diff --git a/target/arm/internals.h b/target/arm/internals.h index 6358c2ad5a..dc9357766c 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -728,6 +728,13 @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr, MemTxResult response, uintptr_t retaddr); /* Call any registered EL change hooks */ +static inline void arm_call_pre_el_change_hook(ARMCPU *cpu) +{ + ARMELChangeHook *hook, *next; + QLIST_FOREACH_SAFE(hook, &cpu->pre_el_change_hooks, node, next) { + hook->hook(cpu, hook->opaque); + } +} static inline void arm_call_el_change_hook(ARMCPU *cpu) { ARMELChangeHook *hook, *next; diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index 84f08bf815..f728f25e4b 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -511,6 +511,10 @@ void HELPER(cpsr_write)(CPUARMState *env, uint32_t val, uint32_t mask) /* Write the CPSR for a 32-bit exception return */ void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val) { + qemu_mutex_lock_iothread(); + arm_call_pre_el_change_hook(arm_env_get_cpu(env)); + qemu_mutex_unlock_iothread(); + cpsr_write(env, val, CPSR_ERET_MASK, CPSRWriteExceptionReturn); /* Generated code has already stored the new PC value, but @@ -1028,6 +1032,10 @@ void HELPER(exception_return)(CPUARMState *env) goto illegal_return; } + qemu_mutex_lock_iothread(); + arm_call_pre_el_change_hook(arm_env_get_cpu(env)); + qemu_mutex_unlock_iothread(); + if (!return_to_aa64) { env->aarch64 = 0; /* We do a raw CPSR write because aarch64_sync_64_to_32() -- cgit v1.2.3 From e69ad9df6c2fe98713e5391a9161da9c6d7a9f22 Mon Sep 17 00:00:00 2001 From: Aaron Lindsay Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: target/arm: Allow EL change hooks to do IO During code generation, surround CPSR writes and exception returns which call the EL change hooks with gen_io_start/end. The immediate need is for the PMU to access the clock and icount during EL change to support mode filtering. Signed-off-by: Aaron Lindsay Message-id: 1523997485-1905-9-git-send-email-alindsay@codeaurora.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target/arm/translate-a64.c | 6 ++++++ target/arm/translate.c | 12 ++++++++++++ 2 files changed, 18 insertions(+) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index c91329249d..bff4e13bf6 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -1930,7 +1930,13 @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn) unallocated_encoding(s); return; } + if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { + gen_io_start(); + } gen_helper_exception_return(cpu_env); + if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { + gen_io_end(); + } /* Must exit loop to check un-masked IRQs */ s->base.is_jmp = DISAS_EXIT; return; diff --git a/target/arm/translate.c b/target/arm/translate.c index db1ce6510a..9bc2ce1a0b 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -4548,7 +4548,13 @@ static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr) * appropriately depending on the new Thumb bit, so it must * be called after storing the new PC. */ + if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { + gen_io_start(); + } gen_helper_cpsr_write_eret(cpu_env, cpsr); + if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { + gen_io_end(); + } tcg_temp_free_i32(cpsr); /* Must exit loop to check un-masked IRQs */ s->base.is_jmp = DISAS_EXIT; @@ -9843,7 +9849,13 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn) if (exc_return) { /* Restore CPSR from SPSR. */ tmp = load_cpu_field(spsr); + if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { + gen_io_start(); + } gen_helper_cpsr_write_eret(cpu_env, tmp); + if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { + gen_io_end(); + } tcg_temp_free_i32(tmp); /* Must exit loop to check un-masked IRQs */ s->base.is_jmp = DISAS_EXIT; -- cgit v1.2.3 From ac57fd24cd864d42e7551f82266bc0930bd39547 Mon Sep 17 00:00:00 2001 From: Aaron Lindsay Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: target/arm: Fix bitmask for PMCCFILTR writes It was shifted to the left one bit too few. Signed-off-by: Aaron Lindsay Reviewed-by: Peter Maydell Message-id: 1523997485-1905-10-git-send-email-alindsay@codeaurora.org Signed-off-by: Peter Maydell --- target/arm/helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 81e88f255b..85c289f3b9 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1119,7 +1119,7 @@ static void pmccfiltr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { pmccntr_sync(env); - env->cp15.pmccfiltr_el0 = value & 0x7E000000; + env->cp15.pmccfiltr_el0 = value & 0xfc000000; pmccntr_sync(env); } -- cgit v1.2.3 From e4e91a217c17fff4045dd4b423cdcb471b3d6a0e Mon Sep 17 00:00:00 2001 From: Aaron Lindsay Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: target/arm: Make PMOVSCLR and PMUSERENR 64 bits wide This is a bug fix to ensure 64-bit reads of these registers don't read adjacent data. Signed-off-by: Aaron Lindsay Message-id: 1523997485-1905-13-git-send-email-alindsay@codeaurora.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- target/arm/cpu.h | 4 ++-- target/arm/helper.c | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index b9b47f4b22..44e6b77151 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -367,8 +367,8 @@ typedef struct CPUARMState { uint32_t c9_data; uint64_t c9_pmcr; /* performance monitor control register */ uint64_t c9_pmcnten; /* perf monitor counter enables */ - uint32_t c9_pmovsr; /* perf monitor overflow status */ - uint32_t c9_pmuserenr; /* perf monitor user enable */ + uint64_t c9_pmovsr; /* perf monitor overflow status */ + uint64_t c9_pmuserenr; /* perf monitor user enable */ uint64_t c9_pmselr; /* perf monitor counter selection register */ uint64_t c9_pminten; /* perf monitor interrupt enables */ union { /* Memory attribute redirection */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 85c289f3b9..52a88e0297 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1305,7 +1305,8 @@ static const ARMCPRegInfo v7_cp_reginfo[] = { .fieldoffset = offsetof(CPUARMState, cp15.c9_pmcnten), .writefn = pmcntenclr_write }, { .name = "PMOVSR", .cp = 15, .crn = 9, .crm = 12, .opc1 = 0, .opc2 = 3, - .access = PL0_RW, .fieldoffset = offsetof(CPUARMState, cp15.c9_pmovsr), + .access = PL0_RW, + .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmovsr), .accessfn = pmreg_access, .writefn = pmovsr_write, .raw_writefn = raw_write }, @@ -1360,7 +1361,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = { .accessfn = pmreg_access_xevcntr }, { .name = "PMUSERENR", .cp = 15, .crn = 9, .crm = 14, .opc1 = 0, .opc2 = 0, .access = PL0_R | PL1_RW, .accessfn = access_tpm, - .fieldoffset = offsetof(CPUARMState, cp15.c9_pmuserenr), + .fieldoffset = offsetoflow32(CPUARMState, cp15.c9_pmuserenr), .resetvalue = 0, .writefn = pmuserenr_write, .raw_writefn = raw_write }, { .name = "PMUSERENR_EL0", .state = ARM_CP_STATE_AA64, -- cgit v1.2.3 From b901a172455cfbb96cc36e916ebc65f0bfed8109 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: hw/arm/raspi: Don't bother setting default_cpu_type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In commit 210f47840dd62, we changed the bcm2836 SoC object to always create a CPU of the correct type for that SoC model. This makes the default_cpu_type settings in the MachineClass structs for the raspi2 and raspi3 boards redundant. We didn't change those at the time because it would have meant a temporary regression in a corner case of error handling if the user requested a non-existing CPU type. The -cpu parse handling changes in 2278b93941d42c3 mean that it no longer implicitly depends on default_cpu_type for this to work, so we can now delete the redundant default_cpu_type fields. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-id: 20180420155547.9497-1-peter.maydell@linaro.org --- hw/arm/raspi.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index 955a7c4e80..66899c28dc 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -226,7 +226,6 @@ static void raspi2_machine_init(MachineClass *mc) mc->no_parallel = 1; mc->no_floppy = 1; mc->no_cdrom = 1; - mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a7"); mc->max_cpus = BCM283X_NCPUS; mc->min_cpus = BCM283X_NCPUS; mc->default_cpus = BCM283X_NCPUS; @@ -249,7 +248,6 @@ static void raspi3_machine_init(MachineClass *mc) mc->no_parallel = 1; mc->no_floppy = 1; mc->no_cdrom = 1; - mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53"); mc->max_cpus = BCM283X_NCPUS; mc->min_cpus = BCM283X_NCPUS; mc->default_cpus = BCM283X_NCPUS; -- cgit v1.2.3 From eb7d1f176381466660a730f14eff3d521686aa31 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: hw/arm/highbank: don't make sysram 'nomigrate' Currently we use memory_region_init_ram_nomigrate() to create the "highbank.sysram" memory region, and we don't manually register it with vmstate_register_ram(). This currently means that its contents are migrated but as a ram block whose name is the empty string; in future it may mean they are not migrated at all. Use memory_region_init_ram() instead. Note that this is a cross-version migration compatibility break for the "highbank" and "midway" machines. Signed-off-by: Peter Maydell Message-id: 20180420124835.7268-2-peter.maydell@linaro.org --- hw/arm/highbank.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c index 1742cf6f6c..88326d1bfd 100644 --- a/hw/arm/highbank.c +++ b/hw/arm/highbank.c @@ -291,7 +291,7 @@ static void calxeda_init(MachineState *machine, enum cxmachines machine_id) memory_region_add_subregion(sysmem, 0, dram); sysram = g_new(MemoryRegion, 1); - memory_region_init_ram_nomigrate(sysram, NULL, "highbank.sysram", 0x8000, + memory_region_init_ram(sysram, NULL, "highbank.sysram", 0x8000, &error_fatal); memory_region_add_subregion(sysmem, 0xfff88000, sysram); if (bios_name != NULL) { -- cgit v1.2.3 From 44cf837d38c3af178711781ffdc61776763e40d1 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: hw/arm/aspeed: don't make 'boot_rom' region 'nomigrate' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we use memory_region_init_ram_nomigrate() to create the "aspeed.boot_rom" memory region, and we don't manually register it with vmstate_register_ram(). This currently means that its contents are migrated but as a ram block whose name is the empty string; in future it may mean they are not migrated at all. Use memory_region_init_ram() instead. Note that would be a cross-version migration compatibility break for the "palmetto-bmc", "ast2500-evb" and "romulus-bmc" machines, but migration is currently broken for them. Signed-off-by: Peter Maydell Reviewed-by: Cédric Le Goater Tested-by: Cédric Le Goater Message-id: 20180420124835.7268-3-peter.maydell@linaro.org --- hw/arm/aspeed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c index 7088c907bd..aecb3c1e75 100644 --- a/hw/arm/aspeed.c +++ b/hw/arm/aspeed.c @@ -225,7 +225,7 @@ static void aspeed_board_init(MachineState *machine, * SoC and 128MB for the AST2500 SoC, which is twice as big as * needed by the flash modules of the Aspeed machines. */ - memory_region_init_rom_nomigrate(boot_rom, OBJECT(bmc), "aspeed.boot_rom", + memory_region_init_rom(boot_rom, OBJECT(bmc), "aspeed.boot_rom", fl->size, &error_abort); memory_region_add_subregion(get_system_memory(), FIRMWARE_ADDR, boot_rom); -- cgit v1.2.3 From a2e9989c96aaa0e0d993e7b44eb6c2da2f9214ac Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: hw/arm/aspeed_soc: don't use vmstate_register_ram_global for SRAM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we use vmstate_register_ram_global() for the SRAM; this is not a good idea for devices, because it means that you can only ever create one instance of the device, as the second instance would get a RAM block name clash. Instead, use memory_region_init_ram(), which automatically registers the RAM block with a local-to-the-device name. Note that this would be a cross-version migration compatibility break for the "palmetto-bmc", "ast2500-evb" and "romulus-bmc" machines, but migration is currently broken for them. Signed-off-by: Peter Maydell Reviewed-by: Cédric Le Goater Tested-by: Cédric Le Goater Message-id: 20180420124835.7268-4-peter.maydell@linaro.org --- hw/arm/aspeed_soc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c index 30d25f8b06..407f10d0d4 100644 --- a/hw/arm/aspeed_soc.c +++ b/hw/arm/aspeed_soc.c @@ -186,13 +186,12 @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp) } /* SRAM */ - memory_region_init_ram_nomigrate(&s->sram, OBJECT(dev), "aspeed.sram", + memory_region_init_ram(&s->sram, OBJECT(dev), "aspeed.sram", sc->info->sram_size, &err); if (err) { error_propagate(errp, err); return; } - vmstate_register_ram_global(&s->sram); memory_region_add_subregion(get_system_memory(), ASPEED_SOC_SRAM_BASE, &s->sram); -- cgit v1.2.3 From 6b892b2f79796989c78d6977e4c906448cda69c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Thu, 26 Apr 2018 11:04:39 +0100 Subject: timer/aspeed: fix vmstate version id MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 1d3e65aa7ac5 ("hw/timer: Add value matching support to aspeed_timer") increased the vmstate version of aspeed.timer because the state had changed, but it also bumped the version of the VMSTATE_STRUCT_ARRAY under the aspeed.timerctrl which did not need to. Change back this version to fix migration. Signed-off-by: Cédric Le Goater Message-id: 20180423101433.17759-1-clg@kaod.org Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/timer/aspeed_timer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/timer/aspeed_timer.c b/hw/timer/aspeed_timer.c index 50acbf530a..1e31e22b6f 100644 --- a/hw/timer/aspeed_timer.c +++ b/hw/timer/aspeed_timer.c @@ -504,7 +504,7 @@ static const VMStateDescription vmstate_aspeed_timer_state = { VMSTATE_UINT32(ctrl, AspeedTimerCtrlState), VMSTATE_UINT32(ctrl2, AspeedTimerCtrlState), VMSTATE_STRUCT_ARRAY(timers, AspeedTimerCtrlState, - ASPEED_TIMER_NR_TIMERS, 2, vmstate_aspeed_timer, + ASPEED_TIMER_NR_TIMERS, 1, vmstate_aspeed_timer, AspeedTimer), VMSTATE_END_OF_LIST() } -- cgit v1.2.3 From fbf32752663878947de455ff57cb5b9318f14bec Mon Sep 17 00:00:00 2001 From: Sai Pavan Boddu Date: Thu, 26 Apr 2018 11:04:40 +0100 Subject: xilinx_spips: Correct SNOOP_NONE state when flushing the txfifo SNOOP_NONE state handle is moved above in the if ladder, as it's same as SNOOP_STRIPPING during data cycles. Signed-off-by: Sai Pavan Boddu Reviewed-by: Francisco Iglesias Message-id: 1524119244-1240-1-git-send-email-saipava@xilinx.com Signed-off-by: Peter Maydell --- hw/ssi/xilinx_spips.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c index 426f971311..03f5faee4b 100644 --- a/hw/ssi/xilinx_spips.c +++ b/hw/ssi/xilinx_spips.c @@ -616,7 +616,8 @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s) if (fifo8_is_empty(&s->tx_fifo)) { xilinx_spips_update_ixr(s); return; - } else if (s->snoop_state == SNOOP_STRIPING) { + } else if (s->snoop_state == SNOOP_STRIPING || + s->snoop_state == SNOOP_NONE) { for (i = 0; i < num_effective_busses(s); ++i) { tx_rx[i] = fifo8_pop(&s->tx_fifo); } -- cgit v1.2.3