Re: [Qemu-devel] [PATCH v7 2/6] virtio-pmem: Add virtio pmem driver
On Fri, Apr 26, 2019 at 10:30:35AM +0530, Pankaj Gupta wrote: > This patch adds virtio-pmem driver for KVM guest. > > Guest reads the persistent memory range information from > Qemu over VIRTIO and registers it on nvdimm_bus. It also > creates a nd_region object with the persistent memory > range information so that existing 'nvdimm/pmem' driver > can reserve this into system memory map. This way > 'virtio-pmem' driver uses existing functionality of pmem > driver to register persistent memory compatible for DAX > capable filesystems. > > This also provides function to perform guest flush over > VIRTIO from 'pmem' driver when userspace performs flush > on DAX memory range. > > Signed-off-by: Pankaj Gupta > --- > drivers/nvdimm/virtio_pmem.c | 114 + > drivers/virtio/Kconfig | 10 +++ > drivers/virtio/Makefile | 1 + > drivers/virtio/pmem.c| 118 +++ > include/linux/virtio_pmem.h | 60 > include/uapi/linux/virtio_ids.h | 1 + > include/uapi/linux/virtio_pmem.h | 10 +++ > 7 files changed, 314 insertions(+) > create mode 100644 drivers/nvdimm/virtio_pmem.c > create mode 100644 drivers/virtio/pmem.c > create mode 100644 include/linux/virtio_pmem.h > create mode 100644 include/uapi/linux/virtio_pmem.h > > diff --git a/drivers/nvdimm/virtio_pmem.c b/drivers/nvdimm/virtio_pmem.c > new file mode 100644 > index ..66b582f751a3 > --- /dev/null > +++ b/drivers/nvdimm/virtio_pmem.c > @@ -0,0 +1,114 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * virtio_pmem.c: Virtio pmem Driver > + * > + * Discovers persistent memory range information > + * from host and provides a virtio based flushing > + * interface. > + */ > +#include > +#include "nd.h" > + > + /* The interrupt handler */ > +void host_ack(struct virtqueue *vq) > +{ > + unsigned int len; > + unsigned long flags; > + struct virtio_pmem_request *req, *req_buf; > + struct virtio_pmem *vpmem = vq->vdev->priv; > + > + spin_lock_irqsave(>pmem_lock, flags); > + while ((req = virtqueue_get_buf(vq, )) != NULL) { > + req->done = true; > + wake_up(>host_acked); > + > + if (!list_empty(>req_list)) { > + req_buf = list_first_entry(>req_list, > + struct virtio_pmem_request, list); > + list_del(>req_list); > + req_buf->wq_buf_avail = true; > + wake_up(_buf->wq_buf); > + } > + } > + spin_unlock_irqrestore(>pmem_lock, flags); > +} > +EXPORT_SYMBOL_GPL(host_ack); > + > + /* The request submission function */ > +int virtio_pmem_flush(struct nd_region *nd_region) > +{ > + int err; > + unsigned long flags; > + struct scatterlist *sgs[2], sg, ret; > + struct virtio_device *vdev = nd_region->provider_data; > + struct virtio_pmem *vpmem = vdev->priv; > + struct virtio_pmem_request *req; > + > + might_sleep(); > + req = kmalloc(sizeof(*req), GFP_KERNEL); > + if (!req) > + return -ENOMEM; > + > + req->done = req->wq_buf_avail = false; > + strcpy(req->name, "FLUSH"); > + init_waitqueue_head(>host_acked); > + init_waitqueue_head(>wq_buf); > + sg_init_one(, req->name, strlen(req->name)); > + sgs[0] = > + sg_init_one(, >ret, sizeof(req->ret)); > + sgs[1] = > + > + spin_lock_irqsave(>pmem_lock, flags); > + err = virtqueue_add_sgs(vpmem->req_vq, sgs, 1, 1, req, GFP_ATOMIC); > + if (err) { > + dev_err(>dev, "failed to send command to virtio pmem > device\n"); > + > + list_add_tail(>req_list, >list); > + spin_unlock_irqrestore(>pmem_lock, flags); > + > + /* When host has read buffer, this completes via host_ack */ > + wait_event(req->wq_buf, req->wq_buf_avail); > + spin_lock_irqsave(>pmem_lock, flags); > + } > + err = virtqueue_kick(vpmem->req_vq); > + spin_unlock_irqrestore(>pmem_lock, flags); > + > + if (!err) { > + err = -EIO; > + goto ret; > + } > + /* When host has read buffer, this completes via host_ack */ > + wait_event(req->host_acked, req->done); > + err = req->ret; > +ret: > + kfree(req); > + return err; > +}; > + > + /* The asynchronous flush callback function */ > +int async_pmem_flush(struct nd_region *nd_region, struct bio *bio) > +{ > + int rc = 0; > + > + /* Create child bio for asynchronous flush and chain with > + * parent bio. Otherwise directly call nd_region flush. > + */ > + if (bio && bio->bi_iter.bi_sector != -1) { > + struct bio *child = bio_alloc(GFP_ATOMIC, 0); > + > + if (!child) > + return -ENOMEM; > + bio_copy_dev(child, bio); > + child->bi_opf = REQ_PREFLUSH; > + child->bi_iter.bi_sector = -1; > +
Re: [Qemu-devel] [PATCH 3/4] util/cacheinfo.c: Use uintptr_t instead of unsigned long in AArch64 arch_cache_info()
On 4/29/19 2:33 AM, driver1998 wrote: > Windows ARM64 uses LLP64 model, which breaks current assumptions. > > Signed-off-by: driver1998 > --- > util/cacheinfo.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/util/cacheinfo.c b/util/cacheinfo.c > index 3cd080b83d..a815cb0722 100644 > --- a/util/cacheinfo.c > +++ b/util/cacheinfo.c > @@ -107,7 +107,7 @@ static void sys_cache_info(int *isize, int *dsize) > static void arch_cache_info(int *isize, int *dsize) > { > if (*isize == 0 || *dsize == 0) { > -unsigned long ctr; > +uintptr_t ctr; > > /* The real cache geometry is in CCSIDR_EL1/CLIDR_EL1/CSSELR_EL1, > but (at least under Linux) these are marked protected by the > @@ -120,6 +120,8 @@ static void arch_cache_info(int *isize, int *dsize) > if (*dsize == 0) { > *dsize = 4 << ((ctr >> 16) & 0xf); > } > + > +printf("%d %d\n", *isize, *dsize); The patch looks correct (except your real name), but here you forgot to remove this debugging code. > } > } > >
Re: [Qemu-devel] [PATCH 4/4] include/qemu/osdep.h: Move the __USE_MINGW_ANSI_STDIO define up to avoid confliction.
Hi, On 4/29/19 2:33 AM, driver1998 wrote: > Signed-off-by: driver1998 Is driver1998 your real name? :) > --- > include/qemu/osdep.h | 10 +- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h > index 303d315c5d..af2b91f0b8 100644 > --- a/include/qemu/osdep.h > +++ b/include/qemu/osdep.h > @@ -85,17 +85,17 @@ extern int daemon(int, int); > #endif > #endif > > +/* enable C99/POSIX format strings (needs mingw32-runtime 3.15 or later) */ As the comment says, this definition is used by . I suppose you encountered an issue with one of the following headers including it earlier, which is odd... Can you paste the error you are trying to fix? Thanks, Phil. > +#ifdef __MINGW32__ > +#define __USE_MINGW_ANSI_STDIO 1 > +#endif > + > #include > #include > #include > #include > #include > #include > - > -/* enable C99/POSIX format strings (needs mingw32-runtime 3.15 or later) */ > -#ifdef __MINGW32__ > -#define __USE_MINGW_ANSI_STDIO 1 > -#endif > #include > > #include >
Re: [Qemu-devel] [PATCH v3 4/9] s390x/cpumodel: msa9 facility
On 29.04.19 21:24, David Hildenbrand wrote: > On 29.04.19 11:02, Christian Borntraeger wrote: >> Provide the MSA9 facility (stfle.155). >> This also contains pckmo functions for key wrapping. Keep them in a >> separate group to disable those as a block if necessary. >> >> Signed-off-by: Christian Borntraeger >> --- >> target/s390x/cpu_features.c | 32 + >> target/s390x/cpu_features.h | 1 + >> target/s390x/cpu_features_def.h | 31 >> target/s390x/cpu_models.c | 2 ++ >> target/s390x/gen-features.c | 42 + >> target/s390x/kvm.c | 6 + >> 6 files changed, 114 insertions(+) >> >> diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c >> index bbd8902087..154e2bb354 100644 >> --- a/target/s390x/cpu_features.c >> +++ b/target/s390x/cpu_features.c >> @@ -108,6 +108,7 @@ static const S390FeatDef s390_features[] = { >> FEAT_INIT("irbm", S390_FEAT_TYPE_STFL, 145, >> "Insert-reference-bits-multiple facility"), >> FEAT_INIT("msa8-base", S390_FEAT_TYPE_STFL, 146, >> "Message-security-assist-extension-8 facility (excluding subfunctions)"), >> FEAT_INIT("cmmnt", S390_FEAT_TYPE_STFL, 147, "CMM: ESSA-enhancement (no >> translate) facility"), >> +FEAT_INIT("msa9-base", S390_FEAT_TYPE_STFL, 155, >> "Message-security-assist-extension-9 facility (excluding subfunctions)"), >> FEAT_INIT("etoken", S390_FEAT_TYPE_STFL, 156, "Etoken facility"), >> >> /* SCLP SCCB Byte 80 - 98 (bit numbers relative to byte-80) */ >> @@ -242,6 +243,11 @@ static const S390FeatDef s390_features[] = { >> FEAT_INIT("pckmo-aes-128", S390_FEAT_TYPE_PCKMO, 18, "PCKMO >> Encrypted-AES-128-Key"), >> FEAT_INIT("pckmo-aes-192", S390_FEAT_TYPE_PCKMO, 19, "PCKMO >> Encrypted-AES-192-Key"), >> FEAT_INIT("pckmo-aes-256", S390_FEAT_TYPE_PCKMO, 20, "PCKMO >> Encrypted-AES-256-Key"), >> +FEAT_INIT("pckmo-ecc-p256", S390_FEAT_TYPE_PCKMO, 32, "PCKMO >> Encrypt-ECC-P256-Key"), >> +FEAT_INIT("pckmo-ecc-p384", S390_FEAT_TYPE_PCKMO, 33, "PCKMO >> Encrypt-ECC-P384-Key"), >> +FEAT_INIT("pckmo-ecc-p521", S390_FEAT_TYPE_PCKMO, 34, "PCKMO >> Encrypt-ECC-P521-Key"), >> +FEAT_INIT("pckmo-ecc-ed25519", S390_FEAT_TYPE_PCKMO, 40 , "PCKMO >> Encrypt-ECC-Ed25519-Key"), >> +FEAT_INIT("pckmo-ecc-ed448", S390_FEAT_TYPE_PCKMO, 41 , "PCKMO >> Encrypt-ECC-Ed448-Key"), >> >> FEAT_INIT("kmctr-dea", S390_FEAT_TYPE_KMCTR, 1, "KMCTR DEA"), >> FEAT_INIT("kmctr-tdea-128", S390_FEAT_TYPE_KMCTR, 2, "KMCTR TDEA-128"), >> @@ -298,6 +304,13 @@ static const S390FeatDef s390_features[] = { >> FEAT_INIT("pcc-xts-aes-256", S390_FEAT_TYPE_PCC, 52, "PCC >> Compute-XTS-Parameter-Using-AES-256"), >> FEAT_INIT("pcc-xts-eaes-128", S390_FEAT_TYPE_PCC, 58, "PCC >> Compute-XTS-Parameter-Using-Encrypted-AES-128"), >> FEAT_INIT("pcc-xts-eaes-256", S390_FEAT_TYPE_PCC, 60, "PCC >> Compute-XTS-Parameter-Using-Encrypted-AES-256"), >> +FEAT_INIT("pcc-scalar-mult-p256", S390_FEAT_TYPE_PCC, 64, "PCC >> Scalar-Multiply-P256"), >> +FEAT_INIT("pcc-scalar-mult-p384", S390_FEAT_TYPE_PCC, 65, "PCC >> Scalar-Multiply-P384"), >> +FEAT_INIT("pcc-scalar-mult-p521", S390_FEAT_TYPE_PCC, 66, "PCC >> Scalar-Multiply-P521"), >> +FEAT_INIT("pcc-scalar-mult-ed25519", S390_FEAT_TYPE_PCC, 72, "PCC >> Scalar-Multiply-Ed25519"), >> +FEAT_INIT("pcc-scalar-mult-ed448", S390_FEAT_TYPE_PCC, 73, "PCC >> Scalar-Multiply-Ed448"), >> +FEAT_INIT("pcc-scalar-mult-x25519", S390_FEAT_TYPE_PCC, 80, "PCC >> Scalar-Multiply-X25519"), >> +FEAT_INIT("pcc-scalar-mult-x448", S390_FEAT_TYPE_PCC, 81, "PCC >> Scalar-Multiply-X448"), >> >> FEAT_INIT("ppno-sha-512-drng", S390_FEAT_TYPE_PPNO, 3, "PPNO >> SHA-512-DRNG"), >> FEAT_INIT("prno-trng-qrtcr", S390_FEAT_TYPE_PPNO, 112, "PRNO >> TRNG-Query-Raw-to-Conditioned-Ratio"), >> @@ -309,6 +322,22 @@ static const S390FeatDef s390_features[] = { >> FEAT_INIT("kma-gcm-eaes-128", S390_FEAT_TYPE_KMA, 26, "KMA >> GCM-Encrypted-AES-128"), >> FEAT_INIT("kma-gcm-eaes-192", S390_FEAT_TYPE_KMA, 27, "KMA >> GCM-Encrypted-AES-192"), >> FEAT_INIT("kma-gcm-eaes-256", S390_FEAT_TYPE_KMA, 28, "KMA >> GCM-Encrypted-AES-256"), >> + >> +FEAT_INIT("kdsa-ecdsa-verify-p256", S390_FEAT_TYPE_KDSA, 1, "KDSA >> ECDSA-Verify-P256"), >> +FEAT_INIT("kdsa-ecdsa-verify-p384", S390_FEAT_TYPE_KDSA, 2, "KDSA >> ECDSA-Verify-P384"), >> +FEAT_INIT("kdsa-ecdsa-verify-p521", S390_FEAT_TYPE_KDSA, 3, "KDSA >> ECDSA-Verify-P521"), >> +FEAT_INIT("kdsa-ecdsa-sign-p256", S390_FEAT_TYPE_KDSA, 9, "KDSA >> ECDSA-Sign-P256"), >> +FEAT_INIT("kdsa-ecdsa-sign-p384", S390_FEAT_TYPE_KDSA, 10, "KDSA >> ECDSA-Sign-P384"), >> +FEAT_INIT("kdsa-ecdsa-sign-p521", S390_FEAT_TYPE_KDSA, 11, "KDSA >> ECDSA-Sign-P521"), >> +FEAT_INIT("kdsa-eecdsa-sign-p256", S390_FEAT_TYPE_KDSA, 17, "KDSA >> Encrypted-ECDSA-Sign-P256"), >> +
Re: [Qemu-devel] [PATCH] usb/xchi: avoid trigger assertion if guest write wrong epid
On 2019/4/30 13:06, Philippe Mathieu-Daudé wrote: > On 4/30/19 4:02 AM, Longpeng (Mike) wrote: >> On 2019/4/29 20:10, Philippe Mathieu-Daudé wrote: >>> On 4/29/19 1:42 PM, Longpeng (Mike) wrote: Hi Philippe, On 2019/4/29 19:16, Philippe Mathieu-Daudé wrote: > Hi Mike, > > On 4/29/19 9:39 AM, Longpeng(Mike) wrote: >> From: Longpeng >> >> we found the following core in our environment: >> 0 0x7fc6b06c2237 in raise () >> 1 0x7fc6b06c3928 in abort () >> 2 0x7fc6b06bb056 in __assert_fail_base () >> 3 0x7fc6b06bb102 in __assert_fail () >> 4 0x00702e36 in xhci_kick_ep (...) > > 5 xhci_doorbell_write? > >> 6 0x0047767f in access_with_adjusted_size (...) >> 7 0x0047944d in memory_region_dispatch_write (...) >> 8 0x0042df17 in address_space_write_continue (...) >> 10 0x0043084d in address_space_rw (...) >> 11 0x0047451b in kvm_cpu_exec (cpu=cpu@entry=0x1ab11b0) >> 12 0x0045dcf5 in qemu_kvm_cpu_thread_fn (arg=0x1ab11b0) >> 13 0x00870631 in qemu_thread_start (args=args@entry=0x1acfb50) >> 14 0x008959a7 in thread_entry_for_hotfix (pthread_cb=> out>) >> 15 0x7fc6b0a60dd5 in start_thread () >> 16 0x7fc6b078a59d in clone () >> (gdb) bt >> (gdb) f 5 > > This is the frame you removed... > >> (gdb) p /x tmp >> $9 = 0x62481a00 <-- last byte 0x00 is @epid > > I don't see 'tmp' in xhci_doorbell_write(). > > Can you use trace events? > > There we have trace_usb_xhci_doorbell_write(). > Sorry , I'm careless to remove the important information. This is our whole frame: (gdb) bt #0 0x7fc6b06c2237 in raise () from /usr/lib64/libc.so.6 #1 0x7fc6b06c3928 in abort () from /usr/lib64/libc.so.6 #2 0x7fc6b06bb056 in __assert_fail_base () from /usr/lib64/libc.so.6 #3 0x7fc6b06bb102 in __assert_fail () from /usr/lib64/libc.so.6 #4 0x00702e36 in xhci_kick_ep (...) #5 0x0047897a in memory_region_write_accessor (...) #6 0x0047767f in access_with_adjusted_size (...) #7 0x0047944d in memory_region_dispatch_write (mr=mr@entry=0x7fc6a0138df0, addr=addr@entry=156, data=1648892416, size=size@entry=4, attrs=attrs@entry=...) >>> >>> So this is a 32-bit access, to address 156 (which is the slotid) and >>> data=1648892416=0x62481a00 indeed. >>> >>> But watch out access_with_adjusted_size() calls adjust_endianness()... >>> #8 0x0042df17 in address_space_write_continue (...) #9 0x004302d5 in address_space_write (...) #10 0x0043084d in address_space_rw (...) #11 0x0047451b in kvm_cpu_exec (...) #12 0x0045dcf5 in qemu_kvm_cpu_thread_fn (arg=0x1ab11b0) #13 0x00870631 in qemu_thread_start (args=args@entry=0x1acfb50) #14 0x008959a7 in thread_entry_for_hotfix (pthread_cb=>>> out>) #15 0x7fc6b0a60dd5 in start_thread () from /usr/lib64/libpthread.so.0 #16 0x7fc6b078a59d in clone () from /usr/lib64/libc.so.6 (gdb) f 5 #5 0x0047897a in memory_region_write_accessor (...) 529mr->ops->write(mr->opaque, addr, tmp, size); (gdb) p /x tmp $9 = 0x62481a00 >>> >>> ... since memory_region_write_accessor() has the same argument, then I >>> can assume your guest is running in Little-Endian. >>> >> >> Yes. >> static void xhci_doorbell_write(void *ptr, hwaddr reg, uint64_t val, unsigned size) So, the @val is 0x62481a00, and the last byte is epid, right? >> >> xhci_doorbell_write() already check the upper bound of @slotid an @epid, >> it also need to check the lower bound. >> >> Cc: Gonglei >> Signed-off-by: Longpeng >> --- >> hw/usb/hcd-xhci.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c >> index ec28bee..b4e6bfc 100644 >> --- a/hw/usb/hcd-xhci.c >> +++ b/hw/usb/hcd-xhci.c >> @@ -3135,9 +3135,9 @@ static void xhci_doorbell_write(void *ptr, hwaddr >> reg, > > Expanding the diff: > >if (reg == 0) { >if (val == 0) { >xhci_process_commands(xhci); >} else { >DPRINTF("xhci: bad doorbell 0 write: 0x%x\n", >(uint32_t)val); >} >> } else { >> epid = val & 0xff; >> streamid = (val >> 16) & 0x; >> -if (reg > xhci->numslots) { >> +if (reg == 0 || reg > xhci->numslots) { > > So 'reg' can not be zero here... > Oh, you're right. >> DPRINTF("xhci: bad doorbell %d\n", (int)reg); >>
Re: [Qemu-devel] [PATCH] usb/xchi: avoid trigger assertion if guest write wrong epid
On 4/30/19 4:02 AM, Longpeng (Mike) wrote: > On 2019/4/29 20:10, Philippe Mathieu-Daudé wrote: >> On 4/29/19 1:42 PM, Longpeng (Mike) wrote: >>> Hi Philippe, >>> >>> On 2019/4/29 19:16, Philippe Mathieu-Daudé wrote: >>> Hi Mike, On 4/29/19 9:39 AM, Longpeng(Mike) wrote: > From: Longpeng > > we found the following core in our environment: > 0 0x7fc6b06c2237 in raise () > 1 0x7fc6b06c3928 in abort () > 2 0x7fc6b06bb056 in __assert_fail_base () > 3 0x7fc6b06bb102 in __assert_fail () > 4 0x00702e36 in xhci_kick_ep (...) 5 xhci_doorbell_write? > 6 0x0047767f in access_with_adjusted_size (...) > 7 0x0047944d in memory_region_dispatch_write (...) > 8 0x0042df17 in address_space_write_continue (...) > 10 0x0043084d in address_space_rw (...) > 11 0x0047451b in kvm_cpu_exec (cpu=cpu@entry=0x1ab11b0) > 12 0x0045dcf5 in qemu_kvm_cpu_thread_fn (arg=0x1ab11b0) > 13 0x00870631 in qemu_thread_start (args=args@entry=0x1acfb50) > 14 0x008959a7 in thread_entry_for_hotfix (pthread_cb= out>) > 15 0x7fc6b0a60dd5 in start_thread () > 16 0x7fc6b078a59d in clone () > (gdb) bt > (gdb) f 5 This is the frame you removed... > (gdb) p /x tmp > $9 = 0x62481a00 <-- last byte 0x00 is @epid I don't see 'tmp' in xhci_doorbell_write(). Can you use trace events? There we have trace_usb_xhci_doorbell_write(). >>> >>> Sorry , I'm careless to remove the important information. >>> >>> >>> This is our whole frame: >>> >>> (gdb) bt >>> #0 0x7fc6b06c2237 in raise () from /usr/lib64/libc.so.6 >>> #1 0x7fc6b06c3928 in abort () from /usr/lib64/libc.so.6 >>> #2 0x7fc6b06bb056 in __assert_fail_base () from /usr/lib64/libc.so.6 >>> #3 0x7fc6b06bb102 in __assert_fail () from /usr/lib64/libc.so.6 >>> #4 0x00702e36 in xhci_kick_ep (...) >>> #5 0x0047897a in memory_region_write_accessor (...) >>> #6 0x0047767f in access_with_adjusted_size (...) >>> #7 0x0047944d in memory_region_dispatch_write >>> (mr=mr@entry=0x7fc6a0138df0, addr=addr@entry=156, data=1648892416, >>> size=size@entry=4, attrs=attrs@entry=...) >> >> So this is a 32-bit access, to address 156 (which is the slotid) and >> data=1648892416=0x62481a00 indeed. >> >> But watch out access_with_adjusted_size() calls adjust_endianness()... >> >>> #8 0x0042df17 in address_space_write_continue (...) >>> #9 0x004302d5 in address_space_write (...) >>> #10 0x0043084d in address_space_rw (...) >>> #11 0x0047451b in kvm_cpu_exec (...) >>> #12 0x0045dcf5 in qemu_kvm_cpu_thread_fn (arg=0x1ab11b0) >>> #13 0x00870631 in qemu_thread_start (args=args@entry=0x1acfb50) >>> #14 0x008959a7 in thread_entry_for_hotfix (pthread_cb=>> out>) >>> #15 0x7fc6b0a60dd5 in start_thread () from /usr/lib64/libpthread.so.0 >>> #16 0x7fc6b078a59d in clone () from /usr/lib64/libc.so.6 >>> >>> (gdb) f 5 >>> #5 0x0047897a in memory_region_write_accessor (...) >>> 529 mr->ops->write(mr->opaque, addr, tmp, size); >>> (gdb) p /x tmp >>> $9 = 0x62481a00 >> >> ... since memory_region_write_accessor() has the same argument, then I >> can assume your guest is running in Little-Endian. >> > > Yes. > >>> static void xhci_doorbell_write(void *ptr, hwaddr reg, >>> uint64_t val, unsigned size) >>> So, the @val is 0x62481a00, and the last byte is epid, right? >>> > > xhci_doorbell_write() already check the upper bound of @slotid an @epid, > it also need to check the lower bound. > > Cc: Gonglei > Signed-off-by: Longpeng > --- > hw/usb/hcd-xhci.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c > index ec28bee..b4e6bfc 100644 > --- a/hw/usb/hcd-xhci.c > +++ b/hw/usb/hcd-xhci.c > @@ -3135,9 +3135,9 @@ static void xhci_doorbell_write(void *ptr, hwaddr > reg, Expanding the diff: if (reg == 0) { if (val == 0) { xhci_process_commands(xhci); } else { DPRINTF("xhci: bad doorbell 0 write: 0x%x\n", (uint32_t)val); } > } else { > epid = val & 0xff; > streamid = (val >> 16) & 0x; > -if (reg > xhci->numslots) { > +if (reg == 0 || reg > xhci->numslots) { So 'reg' can not be zero here... >>> >>> Oh, you're right. >>> > DPRINTF("xhci: bad doorbell %d\n", (int)reg); > -} else if (epid > 31) { > +} else if (epid == 0 || epid > 31) { Here neither. >>> >>> In our frame, the epid is zero. The @val is from guest which is
[Qemu-devel] [PATCH v3 2/2] hw/arm/aspeed: Add RTC to SoC
All systems have an RTC. The IRQ is hooked up but the model does not use it at this stage. There is no guest code that uses it, so this limitation is acceptable. Signed-off-by: Joel Stanley --- v3: Add commit message v2: Rebase on Cedric's patches (20190411161013.4514-4-...@kaod.org) --- hw/arm/aspeed_soc.c | 13 + include/hw/arm/aspeed_soc.h | 2 ++ 2 files changed, 15 insertions(+) diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c index 110956828c44..ea9700c35bc4 100644 --- a/hw/arm/aspeed_soc.c +++ b/hw/arm/aspeed_soc.c @@ -229,6 +229,9 @@ static void aspeed_soc_init(Object *obj) sysbus_init_child_obj(obj, "vic", OBJECT(>vic), sizeof(s->vic), TYPE_ASPEED_VIC); +sysbus_init_child_obj(obj, "rtc", OBJECT(>rtc), sizeof(s->rtc), + TYPE_ASPEED_RTC); + sysbus_init_child_obj(obj, "timerctrl", OBJECT(>timerctrl), sizeof(s->timerctrl), TYPE_ASPEED_TIMER); object_property_add_const_link(OBJECT(>timerctrl), "scu", @@ -315,6 +318,16 @@ static void aspeed_soc_realize(DeviceState *dev, Error **errp) sysbus_connect_irq(SYS_BUS_DEVICE(>vic), 1, qdev_get_gpio_in(DEVICE(>cpu), ARM_CPU_FIQ)); +/* RTC */ +object_property_set_bool(OBJECT(>rtc), true, "realized", ); +if (err) { +error_propagate(errp, err); +return; +} +sysbus_mmio_map(SYS_BUS_DEVICE(>rtc), 0, sc->info->memmap[ASPEED_RTC]); +sysbus_connect_irq(SYS_BUS_DEVICE(>rtc), 0, + aspeed_soc_get_irq(s, ASPEED_RTC)); + /* Timer */ object_property_set_bool(OBJECT(>timerctrl), true, "realized", ); if (err) { diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h index eda9094660b5..d124674f25d8 100644 --- a/include/hw/arm/aspeed_soc.h +++ b/include/hw/arm/aspeed_soc.h @@ -17,6 +17,7 @@ #include "hw/misc/aspeed_scu.h" #include "hw/misc/aspeed_sdmc.h" #include "hw/timer/aspeed_timer.h" +#include "hw/timer/aspeed_rtc.h" #include "hw/i2c/aspeed_i2c.h" #include "hw/ssi/aspeed_smc.h" #include "hw/watchdog/wdt_aspeed.h" @@ -33,6 +34,7 @@ typedef struct AspeedSoCState { ARMCPU cpu; MemoryRegion sram; AspeedVICState vic; +AspeedRtcState rtc; AspeedTimerCtrlState timerctrl; AspeedI2CState i2c; AspeedSCUState scu; -- 2.20.1
[Qemu-devel] [PATCH v3 1/2] hw: timer: Add ASPEED RTC device
The RTC is modeled to provide time and date functionality. It is initialised at zero to match the hardware. There is no modelling of the alarm functionality, which includes the IRQ line. As there is no guest code to exercise this function that is acceptable for now. Signed-off-by: Joel Stanley --- v3: Add commit message v2: Use g_assert_not_reached Add vmstate Add reset callback Annotate fall through cases --- hw/timer/Makefile.objs| 2 +- hw/timer/aspeed_rtc.c | 180 ++ hw/timer/trace-events | 4 + include/hw/timer/aspeed_rtc.h | 31 ++ 4 files changed, 216 insertions(+), 1 deletion(-) create mode 100644 hw/timer/aspeed_rtc.c create mode 100644 include/hw/timer/aspeed_rtc.h diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs index 0e9a4530f848..123d92c9692c 100644 --- a/hw/timer/Makefile.objs +++ b/hw/timer/Makefile.objs @@ -41,7 +41,7 @@ obj-$(CONFIG_MC146818RTC) += mc146818rtc.o obj-$(CONFIG_ALLWINNER_A10_PIT) += allwinner-a10-pit.o common-obj-$(CONFIG_STM32F2XX_TIMER) += stm32f2xx_timer.o -common-obj-$(CONFIG_ASPEED_SOC) += aspeed_timer.o +common-obj-$(CONFIG_ASPEED_SOC) += aspeed_timer.o aspeed_rtc.o common-obj-$(CONFIG_SUN4V_RTC) += sun4v-rtc.o common-obj-$(CONFIG_CMSDK_APB_TIMER) += cmsdk-apb-timer.o diff --git a/hw/timer/aspeed_rtc.c b/hw/timer/aspeed_rtc.c new file mode 100644 index ..19f061c846e8 --- /dev/null +++ b/hw/timer/aspeed_rtc.c @@ -0,0 +1,180 @@ +/* + * ASPEED Real Time Clock + * Joel Stanley + * + * Copyright 2019 IBM Corp + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "hw/timer/aspeed_rtc.h" +#include "qemu/log.h" +#include "qemu/timer.h" + +#include "trace.h" + +#define COUNTER1(0x00 / 4) +#define COUNTER2(0x04 / 4) +#define ALARM (0x08 / 4) +#define CONTROL (0x10 / 4) +#define ALARM_STATUS(0x14 / 4) + +#define RTC_UNLOCKEDBIT(1) +#define RTC_ENABLED BIT(0) + +static void aspeed_rtc_calc_offset(AspeedRtcState *rtc) +{ +struct tm tm; +uint32_t year, cent; +uint32_t reg1 = rtc->reg[COUNTER1]; +uint32_t reg2 = rtc->reg[COUNTER2]; + +tm.tm_mday = (reg1 >> 24) & 0x1f; +tm.tm_hour = (reg1 >> 16) & 0x1f; +tm.tm_min = (reg1 >> 8) & 0x3f; +tm.tm_sec = (reg1 >> 0) & 0x3f; + +cent = (reg2 >> 16) & 0x1f; +year = (reg2 >> 8) & 0x7f; +tm.tm_mon = ((reg2 >> 0) & 0x0f) - 1; +tm.tm_year = year + (cent * 100) - 1900; + +rtc->offset = qemu_timedate_diff(); +} + +static uint32_t aspeed_rtc_get_counter(AspeedRtcState *rtc, int r) +{ +uint32_t year, cent; +struct tm now; + +qemu_get_timedate(, rtc->offset); + +switch (r) { +case COUNTER1: +return (now.tm_mday << 24) | (now.tm_hour << 16) | +(now.tm_min << 8) | now.tm_sec; +case COUNTER2: +cent = (now.tm_year + 1900) / 100; +year = now.tm_year % 100; +return ((cent & 0x1f) << 16) | ((year & 0x7f) << 8) | +((now.tm_mon + 1) & 0xf); +default: +g_assert_not_reached(); +} +} + +static uint64_t aspeed_rtc_read(void *opaque, hwaddr addr, +unsigned size) +{ +AspeedRtcState *rtc = opaque; +uint64_t val; +uint32_t r = addr >> 2; + +switch (r) { +case COUNTER1: +case COUNTER2: +if (rtc->reg[CONTROL] & RTC_ENABLED) { +rtc->reg[r] = aspeed_rtc_get_counter(rtc, r); +} +/* fall through */ +case CONTROL: +val = rtc->reg[r]; +break; +case ALARM: +case ALARM_STATUS: +default: +qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx "\n", __func__, addr); +return 0; +} + +trace_aspeed_rtc_read(addr, val); + +return val; +} + +static void aspeed_rtc_write(void *opaque, hwaddr addr, + uint64_t val, unsigned size) +{ +AspeedRtcState *rtc = opaque; +uint32_t r = addr >> 2; + +switch (r) { +case COUNTER1: +case COUNTER2: +if (!(rtc->reg[CONTROL] & RTC_UNLOCKED)) { +break; +} +/* fall through */ +case CONTROL: +rtc->reg[r] = val; +aspeed_rtc_calc_offset(rtc); +break; +case ALARM: +case ALARM_STATUS: +default: +qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx "\n", __func__, addr); +break; +} +trace_aspeed_rtc_write(addr, val); +} + +static void aspeed_rtc_reset(DeviceState *d) +{ +AspeedRtcState *rtc = ASPEED_RTC(d); + +rtc->offset = 0; +memset(rtc->reg, 0, sizeof(rtc->reg)); +} + +static const MemoryRegionOps aspeed_rtc_ops = { +.read = aspeed_rtc_read, +.write = aspeed_rtc_write, +.endianness = DEVICE_NATIVE_ENDIAN, +}; + +static const VMStateDescription vmstate_aspeed_rtc = { +.name = TYPE_ASPEED_RTC, +.version_id = 1, +.fields = (VMStateField[]) { +VMSTATE_UINT32_ARRAY(reg,
[Qemu-devel] [PATCH v3 0/2] arm: aspeed: Add RTC Model
v3: Add some commit messages, resend as v2 didn't send properly v2: Minor fixes, added vmstate and reset, and rebased on Cédric's series Based-on: 20190411161013.4514-4-...@kaod.org [PATCH 3/3] aspeed: use sysbus_init_child_obj() to initialize children A model for the ASPEED BMC real time clock (RTC). The model is sufficient for running the guest Linux kernel driver, and ticks in time with the host when programmed. It does not implement the alarm functionality, which includes the interrupt. Joel Stanley (2): hw: timer: Add ASPEED RTC device hw/arm/aspeed: Add RTC to SoC hw/arm/aspeed_soc.c | 13 +++ hw/timer/Makefile.objs| 2 +- hw/timer/aspeed_rtc.c | 180 ++ hw/timer/trace-events | 4 + include/hw/arm/aspeed_soc.h | 2 + include/hw/timer/aspeed_rtc.h | 31 ++ 6 files changed, 231 insertions(+), 1 deletion(-) create mode 100644 hw/timer/aspeed_rtc.c create mode 100644 include/hw/timer/aspeed_rtc.h -- 2.20.1
[Qemu-devel] [PATCH 3/3] ram: RAMBlock->offset is always aligned to a word
RAMBlock->offset is calculated by find_ram_offset, which makes sure the offset is aligned to a word. This patch removes the alignment check on offset and unnecessary variable *word*. Signed-off-by: Wei Yang --- include/exec/ram_addr.h | 15 +-- 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h index 3dfb2d52fb..a7c81bdb32 100644 --- a/include/exec/ram_addr.h +++ b/include/exec/ram_addr.h @@ -413,18 +413,21 @@ uint64_t cpu_physical_memory_sync_dirty_bitmap(RAMBlock *rb, uint64_t *real_dirty_pages) { ram_addr_t addr; -unsigned long word = BIT_WORD(rb->offset >> TARGET_PAGE_BITS); uint64_t num_dirty = 0; unsigned long *dest = rb->bmap; -/* offset and length is aligned at the start of a word? */ -if (((word * BITS_PER_LONG) << TARGET_PAGE_BITS) == (rb->offset) && -!(length & ((BITS_PER_LONG << TARGET_PAGE_BITS) - 1))) { +/* + * Since RAMBlock->offset is guaranteed to be aligned to a word by + * find_ram_offset(), if length is aligned at the start of a word, go the + * fast path. + */ +if (!(length & ((BITS_PER_LONG << TARGET_PAGE_BITS) - 1))) { int k; int nr = BITS_TO_LONGS(length >> TARGET_PAGE_BITS); unsigned long * const *src; -unsigned long idx = (word * BITS_PER_LONG) / DIRTY_MEMORY_BLOCK_SIZE; -unsigned long offset = BIT_WORD((word * BITS_PER_LONG) % +unsigned long idx = (rb->offset >> TARGET_PAGE_BITS) / +DIRTY_MEMORY_BLOCK_SIZE; +unsigned long offset = BIT_WORD((rb->offset >> TARGET_PAGE_BITS) % DIRTY_MEMORY_BLOCK_SIZE); rcu_read_lock(); -- 2.19.1
[Qemu-devel] [PATCH 0/3] Cleanup migration/ram.c
The *start* of migration_bitmap_sync_range is always 0, we can remove this parameter. Since RAMBlock->offset is always *word* aligned, we can remove the check on offset and simplify the logic a little. Wei Yang (3): migration/ram.c: start of migration_bitmap_sync_range is always 0 migration/ram.c: start of cpu_physical_memory_sync_dirty_bitmap is always 0 ram: RAMBlock->offset is always aligned to a word include/exec/ram_addr.h | 24 migration/ram.c | 8 2 files changed, 16 insertions(+), 16 deletions(-) -- 2.19.1
[Qemu-devel] [PATCH 1/3] migration/ram.c: start of migration_bitmap_sync_range is always 0
We can eliminate to pass 0. Signed-off-by: Wei Yang --- migration/ram.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/migration/ram.c b/migration/ram.c index 35bd6213e9..9948b2d021 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -1643,10 +1643,10 @@ static inline bool migration_bitmap_clear_dirty(RAMState *rs, } static void migration_bitmap_sync_range(RAMState *rs, RAMBlock *rb, -ram_addr_t start, ram_addr_t length) +ram_addr_t length) { rs->migration_dirty_pages += -cpu_physical_memory_sync_dirty_bitmap(rb, start, length, +cpu_physical_memory_sync_dirty_bitmap(rb, 0, length, >num_dirty_pages_period); } @@ -1735,7 +1735,7 @@ static void migration_bitmap_sync(RAMState *rs) qemu_mutex_lock(>bitmap_mutex); rcu_read_lock(); RAMBLOCK_FOREACH_NOT_IGNORED(block) { -migration_bitmap_sync_range(rs, block, 0, block->used_length); +migration_bitmap_sync_range(rs, block, block->used_length); } ram_counters.remaining = ram_bytes_remaining(); rcu_read_unlock(); @@ -4156,7 +4156,7 @@ static void colo_flush_ram_cache(void) memory_global_dirty_log_sync(); rcu_read_lock(); RAMBLOCK_FOREACH_NOT_IGNORED(block) { -migration_bitmap_sync_range(ram_state, block, 0, block->used_length); +migration_bitmap_sync_range(ram_state, block, block->used_length); } rcu_read_unlock(); -- 2.19.1
[Qemu-devel] [PATCH 2/3] migration/ram.c: start of cpu_physical_memory_sync_dirty_bitmap is always 0
Since start of cpu_physical_memory_sync_dirty_bitmap is always 0, we can remove this parameter and simplify the calculation a bit. Signed-off-by: Wei Yang --- include/exec/ram_addr.h | 15 ++- migration/ram.c | 2 +- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h index 9ecd911c3e..3dfb2d52fb 100644 --- a/include/exec/ram_addr.h +++ b/include/exec/ram_addr.h @@ -409,18 +409,16 @@ static inline void cpu_physical_memory_clear_dirty_range(ram_addr_t start, static inline uint64_t cpu_physical_memory_sync_dirty_bitmap(RAMBlock *rb, - ram_addr_t start, ram_addr_t length, uint64_t *real_dirty_pages) { ram_addr_t addr; -unsigned long word = BIT_WORD((start + rb->offset) >> TARGET_PAGE_BITS); +unsigned long word = BIT_WORD(rb->offset >> TARGET_PAGE_BITS); uint64_t num_dirty = 0; unsigned long *dest = rb->bmap; -/* start address and length is aligned at the start of a word? */ -if (((word * BITS_PER_LONG) << TARGET_PAGE_BITS) == - (start + rb->offset) && +/* offset and length is aligned at the start of a word? */ +if (((word * BITS_PER_LONG) << TARGET_PAGE_BITS) == (rb->offset) && !(length & ((BITS_PER_LONG << TARGET_PAGE_BITS) - 1))) { int k; int nr = BITS_TO_LONGS(length >> TARGET_PAGE_BITS); @@ -428,14 +426,13 @@ uint64_t cpu_physical_memory_sync_dirty_bitmap(RAMBlock *rb, unsigned long idx = (word * BITS_PER_LONG) / DIRTY_MEMORY_BLOCK_SIZE; unsigned long offset = BIT_WORD((word * BITS_PER_LONG) % DIRTY_MEMORY_BLOCK_SIZE); -unsigned long page = BIT_WORD(start >> TARGET_PAGE_BITS); rcu_read_lock(); src = atomic_rcu_read( _list.dirty_memory[DIRTY_MEMORY_MIGRATION])->blocks; -for (k = page; k < page + nr; k++) { +for (k = 0; k < nr; k++) { if (src[idx][offset]) { unsigned long bits = atomic_xchg([idx][offset], 0); unsigned long new_dirty; @@ -458,11 +455,11 @@ uint64_t cpu_physical_memory_sync_dirty_bitmap(RAMBlock *rb, for (addr = 0; addr < length; addr += TARGET_PAGE_SIZE) { if (cpu_physical_memory_test_and_clear_dirty( -start + addr + offset, +addr + offset, TARGET_PAGE_SIZE, DIRTY_MEMORY_MIGRATION)) { *real_dirty_pages += 1; -long k = (start + addr) >> TARGET_PAGE_BITS; +long k = addr >> TARGET_PAGE_BITS; if (!test_and_set_bit(k, dest)) { num_dirty++; } diff --git a/migration/ram.c b/migration/ram.c index 9948b2d021..1def8122e9 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -1646,7 +1646,7 @@ static void migration_bitmap_sync_range(RAMState *rs, RAMBlock *rb, ram_addr_t length) { rs->migration_dirty_pages += -cpu_physical_memory_sync_dirty_bitmap(rb, 0, length, +cpu_physical_memory_sync_dirty_bitmap(rb, length, >num_dirty_pages_period); } -- 2.19.1
[Qemu-devel] [PATCH v1] target/arm/arm-powerctl: mask the cpuid with affinity bits when get cpu
Currently, the cpuid passed from the device tree may still contain non-affinity fields, which will cause arm_set_cpu_on failure. Therefore, we mask the cpuid with affinity fields here to improve qemu compatibility. Signed-off-by: Yang Chuanlong --- target/arm/arm-powerctl.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c index f77a950db6..ef9fec0b4d 100644 --- a/target/arm/arm-powerctl.c +++ b/target/arm/arm-powerctl.c @@ -31,7 +31,13 @@ CPUState *arm_get_cpu_by_id(uint64_t id) { CPUState *cpu; -DPRINTF("cpu %" PRId64 "\n", id); +#ifdef TARGET_AARCH64 +id &= ARM64_AFFINITY_MASK; +#else +id &= ARM32_AFFINITY_MASK; +#endif + +DPRINTF("cpu %" PRId64 " after mask affinity\n", id); CPU_FOREACH(cpu) { ARMCPU *armcpu = ARM_CPU(cpu); -- 2.21.0
Re: [Qemu-devel] [PATCH v3 0/2] commit: Make base read-only if there is an early failure
Patchew URL: https://patchew.org/QEMU/cover.1556540297.git.be...@igalia.com/ Hi, This series failed the docker-mingw@fedora build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #!/bin/bash time make docker-test-mingw@fedora SHOW_ENV=1 J=14 NETWORK=1 === TEST SCRIPT END === The full log is available at http://patchew.org/logs/cover.1556540297.git.be...@igalia.com/testing.docker-mingw@fedora/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-de...@redhat.com
Re: [Qemu-devel] [PATCH] usb/xchi: avoid trigger assertion if guest write wrong epid
On 2019/4/29 20:10, Philippe Mathieu-Daudé wrote: > On 4/29/19 1:42 PM, Longpeng (Mike) wrote: >> Hi Philippe, >> >> On 2019/4/29 19:16, Philippe Mathieu-Daudé wrote: >> >>> Hi Mike, >>> >>> On 4/29/19 9:39 AM, Longpeng(Mike) wrote: From: Longpeng we found the following core in our environment: 0 0x7fc6b06c2237 in raise () 1 0x7fc6b06c3928 in abort () 2 0x7fc6b06bb056 in __assert_fail_base () 3 0x7fc6b06bb102 in __assert_fail () 4 0x00702e36 in xhci_kick_ep (...) >>> >>> 5 xhci_doorbell_write? >>> 6 0x0047767f in access_with_adjusted_size (...) 7 0x0047944d in memory_region_dispatch_write (...) 8 0x0042df17 in address_space_write_continue (...) 10 0x0043084d in address_space_rw (...) 11 0x0047451b in kvm_cpu_exec (cpu=cpu@entry=0x1ab11b0) 12 0x0045dcf5 in qemu_kvm_cpu_thread_fn (arg=0x1ab11b0) 13 0x00870631 in qemu_thread_start (args=args@entry=0x1acfb50) 14 0x008959a7 in thread_entry_for_hotfix (pthread_cb=>>> out>) 15 0x7fc6b0a60dd5 in start_thread () 16 0x7fc6b078a59d in clone () (gdb) bt (gdb) f 5 >>> >>> This is the frame you removed... >>> (gdb) p /x tmp $9 = 0x62481a00 <-- last byte 0x00 is @epid >>> >>> I don't see 'tmp' in xhci_doorbell_write(). >>> >>> Can you use trace events? >>> >>> There we have trace_usb_xhci_doorbell_write(). >>> >> >> Sorry , I'm careless to remove the important information. >> >> >> This is our whole frame: >> >> (gdb) bt >> #0 0x7fc6b06c2237 in raise () from /usr/lib64/libc.so.6 >> #1 0x7fc6b06c3928 in abort () from /usr/lib64/libc.so.6 >> #2 0x7fc6b06bb056 in __assert_fail_base () from /usr/lib64/libc.so.6 >> #3 0x7fc6b06bb102 in __assert_fail () from /usr/lib64/libc.so.6 >> #4 0x00702e36 in xhci_kick_ep (...) >> #5 0x0047897a in memory_region_write_accessor (...) >> #6 0x0047767f in access_with_adjusted_size (...) >> #7 0x0047944d in memory_region_dispatch_write >> (mr=mr@entry=0x7fc6a0138df0, addr=addr@entry=156, data=1648892416, >> size=size@entry=4, attrs=attrs@entry=...) > > So this is a 32-bit access, to address 156 (which is the slotid) and > data=1648892416=0x62481a00 indeed. > > But watch out access_with_adjusted_size() calls adjust_endianness()... > >> #8 0x0042df17 in address_space_write_continue (...) >> #9 0x004302d5 in address_space_write (...) >> #10 0x0043084d in address_space_rw (...) >> #11 0x0047451b in kvm_cpu_exec (...) >> #12 0x0045dcf5 in qemu_kvm_cpu_thread_fn (arg=0x1ab11b0) >> #13 0x00870631 in qemu_thread_start (args=args@entry=0x1acfb50) >> #14 0x008959a7 in thread_entry_for_hotfix (pthread_cb=> out>) >> #15 0x7fc6b0a60dd5 in start_thread () from /usr/lib64/libpthread.so.0 >> #16 0x7fc6b078a59d in clone () from /usr/lib64/libc.so.6 >> >> (gdb) f 5 >> #5 0x0047897a in memory_region_write_accessor (...) >> 529 mr->ops->write(mr->opaque, addr, tmp, size); >> (gdb) p /x tmp >> $9 = 0x62481a00 > > ... since memory_region_write_accessor() has the same argument, then I > can assume your guest is running in Little-Endian. > Yes. >> static void xhci_doorbell_write(void *ptr, hwaddr reg, >> uint64_t val, unsigned size) >> So, the @val is 0x62481a00, and the last byte is epid, right? >> xhci_doorbell_write() already check the upper bound of @slotid an @epid, it also need to check the lower bound. Cc: Gonglei Signed-off-by: Longpeng --- hw/usb/hcd-xhci.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index ec28bee..b4e6bfc 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -3135,9 +3135,9 @@ static void xhci_doorbell_write(void *ptr, hwaddr reg, >>> >>> Expanding the diff: >>> >>>if (reg == 0) { >>>if (val == 0) { >>>xhci_process_commands(xhci); >>>} else { >>>DPRINTF("xhci: bad doorbell 0 write: 0x%x\n", >>>(uint32_t)val); >>>} } else { epid = val & 0xff; streamid = (val >> 16) & 0x; -if (reg > xhci->numslots) { +if (reg == 0 || reg > xhci->numslots) { >>> >>> So 'reg' can not be zero here... >>> >> >> Oh, you're right. >> DPRINTF("xhci: bad doorbell %d\n", (int)reg); -} else if (epid > 31) { +} else if (epid == 0 || epid > 31) { >>> >>> Here neither. >>> >> >> In our frame, the epid is zero. The @val is from guest which is untrusted, >> when >> this problem happened, I saw it wrote many invalid value, not only usb but >> also >> other devices. > > If you use mainstream QEMU, we have: > > static void
Re: [Qemu-devel] [PATCH] scsi-disk: handle invalid cdb length
>>> On 4/29/2019 at 7:37 PM, Eric Blake wrote: > On 4/29/19 6:51 PM, Bruce Rogers wrote: >> While investigating link-time-optimization, the compiler flagged this >> case of not handling the error return from scsi_cdb_length(). Handle >> this error case with a trace report. >> >> Signed-off-by: Bruce Rogers >> --- >> hw/scsi/scsi-disk.c | 4 >> 1 file changed, 4 insertions(+) >> >> diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c >> index e7e865ab3b..dc13c892ef 100644 >> --- a/hw/scsi/scsi-disk.c >> +++ b/hw/scsi/scsi-disk.c >> @@ -2520,6 +2520,10 @@ static void scsi_disk_new_request_dump(uint32_t lun, > uint32_t tag, uint8_t *buf) >> int len = scsi_cdb_length(buf); >> char *line_buffer, *p; >> >> +if (len < 0) { >> +trace_scsi_disk_new_request(lun, tag, "bad cdb length!"); > > I'd drop the !. We aren't shouting at the trace clients, after all :) Got it. Bruce
Re: [Qemu-devel] [PATCH] scsi-disk: handle invalid cdb length
On 4/29/19 6:51 PM, Bruce Rogers wrote: > While investigating link-time-optimization, the compiler flagged this > case of not handling the error return from scsi_cdb_length(). Handle > this error case with a trace report. > > Signed-off-by: Bruce Rogers > --- > hw/scsi/scsi-disk.c | 4 > 1 file changed, 4 insertions(+) > > diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c > index e7e865ab3b..dc13c892ef 100644 > --- a/hw/scsi/scsi-disk.c > +++ b/hw/scsi/scsi-disk.c > @@ -2520,6 +2520,10 @@ static void scsi_disk_new_request_dump(uint32_t lun, > uint32_t tag, uint8_t *buf) > int len = scsi_cdb_length(buf); > char *line_buffer, *p; > > +if (len < 0) { > +trace_scsi_disk_new_request(lun, tag, "bad cdb length!"); I'd drop the !. We aren't shouting at the trace clients, after all :) -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org signature.asc Description: OpenPGP digital signature
[Qemu-devel] [PATCH] scsi-disk: handle invalid cdb length
While investigating link-time-optimization, the compiler flagged this case of not handling the error return from scsi_cdb_length(). Handle this error case with a trace report. Signed-off-by: Bruce Rogers --- hw/scsi/scsi-disk.c | 4 1 file changed, 4 insertions(+) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index e7e865ab3b..dc13c892ef 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -2520,6 +2520,10 @@ static void scsi_disk_new_request_dump(uint32_t lun, uint32_t tag, uint8_t *buf) int len = scsi_cdb_length(buf); char *line_buffer, *p; +if (len < 0) { +trace_scsi_disk_new_request(lun, tag, "bad cdb length!"); +return; +} line_buffer = g_malloc(len * 5 + 1); for (i = 0, p = line_buffer; i < len; i++) { -- 2.21.0
[Qemu-devel] [Bug 1814352] Re: SIOCGIFNAME takes a struct ifreq not an integer
Please let me know if further work or another patch submission is required. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1814352 Title: SIOCGIFNAME takes a struct ifreq not an integer Status in QEMU: Confirmed Bug description: The ioctl SIOCGIFNAME takes a pointer to a struct ifreq, not an integer. This leads to if_indextoname() not correctly returning interface names (well, not if they're longer than 4 characters including the trailing NULL ;-). This is observed on v3.1.0. The following one-line patch will be sent to the qemu-devel mailing list: """ diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h index ae8951625f..37501f575c 100644 --- a/linux-user/ioctls.h +++ b/linux-user/ioctls.h @@ -178,7 +178,7 @@ #endif /* CONFIG_USBFS */ IOCTL(SIOCATMARK, IOC_R, MK_PTR(TYPE_INT)) - IOCTL(SIOCGIFNAME, IOC_RW, MK_PTR(TYPE_INT)) + IOCTL(SIOCGIFNAME, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_int_ifreq))) IOCTL(SIOCGIFFLAGS, IOC_W | IOC_R, MK_PTR(MK_STRUCT(STRUCT_short_ifreq))) IOCTL(SIOCSIFFLAGS, IOC_W, MK_PTR(MK_STRUCT(STRUCT_short_ifreq))) IOCTL(SIOCGIFADDR, IOC_W | IOC_R, MK_PTR(MK_STRUCT(STRUCT_sockaddr_ifreq))) """ To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1814352/+subscriptions
[Qemu-devel] [PULL v2 0/2] target/hppa patch queue
Rebased for v2. The following changes since commit 82b2865e0d0ea4c1001e9e7ed7920bcc0458f6de: Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190429' into staging (2019-04-29 18:05:56 +0100) are available in the Git repository at: https://github.com/rth7680/qemu.git tags/pull-hppa-20190429 for you to fetch changes up to affdb7e6ba23f8160cb88e11f83db54a35f03d6b: target/hppa: Always return EXCP_DMAR for protection id trap (2019-04-29 14:43:39 -0700) Implement fast tlb insert insns. Fix data tlb exception for pa 1.1. Nick Hudson (2): target/hppa: Implement Fast TLB Insert instructions target/hppa: Always return EXCP_DMAR for protection id trap target/hppa/mem_helper.c | 3 +-- target/hppa/translate.c | 54 target/hppa/insns.decode | 3 +++ 3 files changed, 58 insertions(+), 2 deletions(-)
Re: [Qemu-devel] [PATCH for-QEMU-4.1 v5 10/29] hw/arm: Express dependencies of stellaris with Kconfig
On 4/29/19 9:25 PM, Thomas Huth wrote: > On 25/04/2019 23.41, Philippe Mathieu-Daudé wrote: >> Hi Thomas, >> >> On 4/18/19 8:00 PM, Thomas Huth wrote: >>> This patch is slightly based on earlier work by Ákos Kovács (i.e. >>> his "hw/arm/Kconfig: Add ARM Kconfig" patch). >>> >>> Signed-off-by: Thomas Huth >>> --- >>> default-configs/arm-softmmu.mak | 7 +-- >>> hw/arm/Kconfig | 10 ++ >>> 2 files changed, 11 insertions(+), 6 deletions(-) >>> >>> diff --git a/default-configs/arm-softmmu.mak >>> b/default-configs/arm-softmmu.mak >>> index b7ed3c530b..3f82d635e4 100644 >>> --- a/default-configs/arm-softmmu.mak >>> +++ b/default-configs/arm-softmmu.mak >>> @@ -16,6 +16,7 @@ CONFIG_MUSCA=y >>> CONFIG_CHEETAH=y >>> CONFIG_SX1=y >>> CONFIG_NSERIES=y >>> +CONFIG_STELLARIS=y >>> >>> CONFIG_VGA=y >>> CONFIG_NAND=y >>> @@ -24,16 +25,10 @@ CONFIG_SERIAL=y >>> CONFIG_MAX7310=y >>> CONFIG_TMP421=y >>> CONFIG_PCA9552=y >>> -CONFIG_STELLARIS=y >>> -CONFIG_STELLARIS_INPUT=y >>> -CONFIG_STELLARIS_ENET=y >>> -CONFIG_SSD0303=y >>> -CONFIG_SSD0323=y >>> CONFIG_DDC=y >>> CONFIG_SII9022=y >>> CONFIG_ADS7846=y >>> CONFIG_MAX111X=y >>> -CONFIG_SSI_SD=y >>> CONFIG_SSI_M25P80=y >>> CONFIG_ALLWINNER_EMAC=y >>> CONFIG_IMX_FEC=y >>> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig >>> index 71126254ff..b91503f5a6 100644 >>> --- a/hw/arm/Kconfig >>> +++ b/hw/arm/Kconfig >>> @@ -91,6 +91,16 @@ config REALVIEW >>> >>> config STELLARIS >>> bool >>> +select ARM_V7M >>> +select I2C >>> +select PL011 # UART >>> +select PL022 # Serial port >>> +select PL061 # GPIO >>> +select SSD0303 # OLED display >>> +select SSD0323 # OLED display >>> +select SSI_SD >>> +select STELLARIS_INPUT >>> +select STELLARIS_ENET # ethernet >> >> This one misses CMSDK_APB_WATCHDOG: >> >> $ qemu-system-aarch64 -M lm3s811evb >> qemu-system-aarch64: Unknown device 'luminary-watchdog' for default sysbus >> Aborted (core dumped) > > Oh, well, looks like this has just been added recently in commit > 566528f823d1a2e9e, likely after I assembled and tested the initial > version of this patch... Ah yes, correct! This happens when we take too long to review a series, and since this one is huge, I was keeping procrastinating... > Thanks for catching it, I'll apply your fix in v6! > > Thomas >
Re: [Qemu-devel] [PATCH 00/38] tcg vector improvements
On 4/29/19 12:28 PM, David Hildenbrand wrote: > Hi Richard, > > what are your plans with this series? (and shlv and friends?) > I expect to submit them this week, barring any other comment on the patches themselves. r~
Re: [Qemu-devel] [PATCH v4 3/4] linux-user: Parse NT_GNU_PROPERTY_TYPE_0 notes
On 4/29/19 9:17 AM, Peter Maydell wrote: >> +struct elf_phdr *eppnt = phdr + i; >> + >> +switch (eppnt->p_type) { >> +case PT_LOAD: >> +{ > > I think you have an extra layer of indent here that we usually > don't do for switch statement cases. No, that indent is exactly right for a compound statement not associated with an if/while/whatnot. > #define GNU0_MAGIC const_le32('G' | 'N' << 8 | 'U' << 16) > > and then you can avoid the #ifdef HOST_WORDS_BIGENDIAN? Sure. r~
Re: [Qemu-devel] [Qemu-block] [PATCH v2 10/10] file-posix: Make auto-read-only dynamic
On 11.03.19 17:50, Kevin Wolf wrote: > Until now, with auto-read-only=on we tried to open the file read-write > first and if that failed, read-only was tried. This is actually not good > enough for libvirt, which gives QEMU SELinux permissions for read-write > only as soon as it actually intends to write to the image. So we need to > be able to switch between read-only and read-write at runtime. > > This patch makes auto-read-only dynamic, i.e. the file is opened > read-only as long as no user of the node has requested write > permissions, but it is automatically reopened read-write as soon as the > first writer is attached. Conversely, if the last writer goes away, the > file is reopened read-only again. > > bs->read_only is no longer set for auto-read-only=on files even if the > file descriptor is opened read-only because it will be transparently > upgraded as soon as a writer is attached. This changes the output of > qemu-iotests 232. > > Signed-off-by: Kevin Wolf > --- > block/file-posix.c | 36 +--- > tests/qemu-iotests/232.out | 12 ++-- > 2 files changed, 23 insertions(+), 25 deletions(-) https://bugzilla.redhat.com/show_bug.cgi?id=1703793 seems to be caused by this patch: When the mirror job completes, it drops all permissions on its target BB with an _abort. As of this patch, this may result in file-posix attempting to reopen the FD, which may fail. There are two problems I can see: First, the previous patch should have updated s->open_flags along with s->fd when the FD is switched. As it is now, s->open_flags is not updated, so it stays on O_RDONLY and every time the permissions are checked, the FD is reconfigured and then switched. That's simple to fix, just add BDRVRawState.perm_change_flags and set it to open_flags after raw_reconfigure_getfd() returned a ret != s->fd (when s->perm_change_fd is set). That fixes the problem of file-posix attempting to reopen the FD to O_RDWR all the time, which caused the crash. But that gives us another crash, because now dropping the permissions (correctly) reopens the FD to O_RDONLY, with the exact same implications as above: If the target becomes unavailable, opening the new FD will fail, and qemu will crash. I don't know what to do about this. In the spirit of "dropping permissions should always work", I presume raw_reconfigure_getfd() should just return the old FD if it had more permissions than the new one would have. But if the user issues an explicit reopen command, they probably want such an error to be reported. Max signature.asc Description: OpenPGP digital signature
Re: [Qemu-devel] [PATCH v4 2/4] linux-user: Set PAGE_TARGET_1 for TARGET_PROT_BTI
On 4/29/19 9:21 AM, Peter Maydell wrote: > This looks ok code-wise, but we'd need to hide it behind > a defaults-to-off x-something property if we wanted to > commit it before the kernel ABI is fixed. I'm not intending to change the user-level abi, only the internal abi within qemu, for handling of the elf notes. You think this should be done differently, so that there's zero possibility of a user-level setting the relevant bit? > Do we also need to handle this in mprotect() ? Not until there's a kernel abi. r~
[Qemu-devel] [Bug 1793904] Re: files are randomly overwritten by Zero Bytes
Please note the updates on: https://bugzilla.redhat.com/show_bug.cgi?id=1701736 It turns out that you can reproduce the broken images on glusterfs fuse mounts by using: aio=native cache=none, write-cache=on I have a set of vms running here on my fedora 29 desktop providing a test glusterfs and a vm to reproduce the bug, at least for the current ovirt case. ** Bug watch added: Red Hat Bugzilla #1701736 https://bugzilla.redhat.com/show_bug.cgi?id=1701736 -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1793904 Title: files are randomly overwritten by Zero Bytes Status in QEMU: New Bug description: Hello together, I am currently tracking down a "Hard to reproduce" bug on my systems that I first discovered during gitlab installation: Here is the Text from the Gitlab Bug https://gitlab.com/gitlab-org/gitlab-ce/issues/51023 -- Steps to reproduce I still do not have all the steps together to reproduce, so far it is: apt install gitlab-ce and gitlab-rake backup:recovery Then it works for some time before it fails. What is the current bug behavior? I have a 12 hour old Installation of gitlab ce 11.2.3-ce.0 for debian stretch on a fresh debian stretch system together with our imported data. However it turns out that some gitlab related files contain Zero bytes instead of actual data. root@gitlab:~# xxd -l 16 /opt/gitlab/bin/gitlab-ctl : This behaviour is somewhat strange because it was working for a few minutes/hours. I did write a shell script to find out which files are affected of this memory loss. It turns out that only files located under /opt/gitlab are affected, if I rule out files like /var/log/faillog and some postgresql table files. What I find even stranger is that it does not seem to affect Logfiles/databases/git_repositorys but application files, like .rb scripts. and not all of them. No non gitlab package is affected. What is the expected correct behavior? Binarys and .rb files should stay as they are. Possible fixes I am still investigating, I hope that it is not an infrastructure problem (libvirt/qemu/glusterfs) it can still be one but the point that files of /opt/gitlab are affected and not any logfile and that we to not have similar problems with any other system leads me to the application for now. If I would have used docker the same problem might have caused a reboot of the container. But for the Debian package it is a bit of work to recover. That is all a workaround, however. - I do have found 2 more systems having the same problem with different software: root@erp:~# xxd -l 16 /usr/share/perl/5.26.2/constant.pm : The Filesize itself is, compared with another machine 1660 Bytes for both the corrupted and the intact file. It looks to me from the outside that if some data in the qcow2 file is written too many bytes get written so it sometimes overwites data of existing files located right after the position in memory where the write goes to. I would like to rule out Linux+Ext4 filesystems because I find it highly unlikely that such an error keeps undiscovered in that part of the environment for long. I think the same might go for qemu. Which leaves qemu, gemu+gluster:// mount, qcow2 volumes, glusterfs, network. So I am now going to check if I can find any system which gets its volumes via fusermount instead of gluster:// path if the error is gone there. This may take a while. - some software versions--- QEMU emulator version 2.12.0 (Debian 1:2.12+dfsg-3) Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers libvirt-daemon-driver-storage-gluster/testing,unstable,now 4.6.0-2 amd64 [installed] ii glusterfs-client 4.1.3-1amd64 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1793904/+subscriptions
Re: [Qemu-devel] [PATCH 0/5] Remove bdrv_read() and bdrv_write()
On 4/29/19 1:42 PM, Alberto Garcia wrote: > Hi, > > this API only had a few users left so it can be easily removed. Sounds very similar to my earlier attempt at the same: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02769.html > > Regards, > > Berto > > Alberto Garcia (5): > qcow2: Replace bdrv_write() with bdrv_pwrite() > vdi: Replace bdrv_{read,write}() with bdrv_{pread,pwrite}() > vvfat: Replace bdrv_{read,write}() with bdrv_{pread,pwrite}() > block: Remove bdrv_read() and bdrv_write() > qcow2: Remove BDRVQcow2State.cluster_sectors > > block/io.c | 36 > block/qcow2-refcount.c | 4 ++-- > block/qcow2.c | 1 - > block/qcow2.h | 1 - > block/vdi.c| 11 ++- > block/vvfat.c | 10 ++ > include/block/block.h | 4 > 7 files changed, 14 insertions(+), 53 deletions(-) > -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org signature.asc Description: OpenPGP digital signature
Re: [Qemu-devel] [PATCH v3 0/9] s390x: new guest features
Patchew URL: https://patchew.org/QEMU/20190429090250.7648-1-borntrae...@de.ibm.com/ Hi, This series seems to have some coding style problems. See output below for more information: Type: series Message-id: 20190429090250.7648-1-borntrae...@de.ibm.com Subject: [Qemu-devel] [PATCH v3 0/9] s390x: new guest features === TEST SCRIPT BEGIN === #!/bin/bash git rev-parse base > /dev/null || exit 0 git config --local diff.renamelimit 0 git config --local diff.renames True git config --local diff.algorithm histogram ./scripts/checkpatch.pl --mailback base.. === TEST SCRIPT END === Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384 From https://github.com/patchew-project/qemu t [tag update]patchew/20190429090250.7648-1-borntrae...@de.ibm.com -> patchew/20190429090250.7648-1-borntrae...@de.ibm.com Switched to a new branch 'test' 2bcae2ee9e s390x/cpumodel: wire up 8561 and 8562 as gen15 machines 2f800f6edb s390x/cpumodel: add gen15 defintions 0af201cd6e s390x/cpumodel: add Deflate-conversion facility 451dd145d3 s390x/cpumodel: enhanced sort facility 9aaaf489c6 s390x/cpumodel: vector enhancements 768edd46e6 s390x/cpumodel: msa9 facility dc3d28bcd3 s390x/cpumodel: Miscellaneous-Instruction-Extensions Facility 3 0a650d08dd s390x/cpumodel: ignore csske for expansion 606e1e12c3 linux header sync === OUTPUT BEGIN === 1/9 Checking commit 606e1e12c3f0 (linux header sync) 2/9 Checking commit 0a650d08ddae (s390x/cpumodel: ignore csske for expansion) 3/9 Checking commit dc3d28bcd3ac (s390x/cpumodel: Miscellaneous-Instruction-Extensions Facility 3) ERROR: line over 90 characters #22: FILE: target/s390x/cpu_features.c:86: +FEAT_INIT("minste3", S390_FEAT_TYPE_STFL, 61, "Miscellaneous-Instruction-Extensions Facility 3"), total: 1 errors, 0 warnings, 14 lines checked Patch 3/9 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 4/9 Checking commit 768edd46e63c (s390x/cpumodel: msa9 facility) ERROR: line over 90 characters #23: FILE: target/s390x/cpu_features.c:111: +FEAT_INIT("msa9-base", S390_FEAT_TYPE_STFL, 155, "Message-security-assist-extension-9 facility (excluding subfunctions)"), WARNING: line over 80 characters #31: FILE: target/s390x/cpu_features.c:246: +FEAT_INIT("pckmo-ecc-p256", S390_FEAT_TYPE_PCKMO, 32, "PCKMO Encrypt-ECC-P256-Key"), WARNING: line over 80 characters #32: FILE: target/s390x/cpu_features.c:247: +FEAT_INIT("pckmo-ecc-p384", S390_FEAT_TYPE_PCKMO, 33, "PCKMO Encrypt-ECC-P384-Key"), WARNING: line over 80 characters #33: FILE: target/s390x/cpu_features.c:248: +FEAT_INIT("pckmo-ecc-p521", S390_FEAT_TYPE_PCKMO, 34, "PCKMO Encrypt-ECC-P521-Key"), ERROR: line over 90 characters #34: FILE: target/s390x/cpu_features.c:249: +FEAT_INIT("pckmo-ecc-ed25519", S390_FEAT_TYPE_PCKMO, 40 , "PCKMO Encrypt-ECC-Ed25519-Key"), ERROR: line over 90 characters #35: FILE: target/s390x/cpu_features.c:250: +FEAT_INIT("pckmo-ecc-ed448", S390_FEAT_TYPE_PCKMO, 41 , "PCKMO Encrypt-ECC-Ed448-Key"), WARNING: line over 80 characters #43: FILE: target/s390x/cpu_features.c:307: +FEAT_INIT("pcc-scalar-mult-p256", S390_FEAT_TYPE_PCC, 64, "PCC Scalar-Multiply-P256"), WARNING: line over 80 characters #44: FILE: target/s390x/cpu_features.c:308: +FEAT_INIT("pcc-scalar-mult-p384", S390_FEAT_TYPE_PCC, 65, "PCC Scalar-Multiply-P384"), WARNING: line over 80 characters #45: FILE: target/s390x/cpu_features.c:309: +FEAT_INIT("pcc-scalar-mult-p521", S390_FEAT_TYPE_PCC, 66, "PCC Scalar-Multiply-P521"), ERROR: line over 90 characters #46: FILE: target/s390x/cpu_features.c:310: +FEAT_INIT("pcc-scalar-mult-ed25519", S390_FEAT_TYPE_PCC, 72, "PCC Scalar-Multiply-Ed25519"), ERROR: line over 90 characters #47: FILE: target/s390x/cpu_features.c:311: +FEAT_INIT("pcc-scalar-mult-ed448", S390_FEAT_TYPE_PCC, 73, "PCC Scalar-Multiply-Ed448"), ERROR: line over 90 characters #48: FILE: target/s390x/cpu_features.c:312: +FEAT_INIT("pcc-scalar-mult-x25519", S390_FEAT_TYPE_PCC, 80, "PCC Scalar-Multiply-X25519"), WARNING: line over 80 characters #49: FILE: target/s390x/cpu_features.c:313: +FEAT_INIT("pcc-scalar-mult-x448", S390_FEAT_TYPE_PCC, 81, "PCC Scalar-Multiply-X448"), WARNING: line over 80 characters #58: FILE: target/s390x/cpu_features.c:326: +FEAT_INIT("kdsa-ecdsa-verify-p256", S390_FEAT_TYPE_KDSA, 1, "KDSA ECDSA-Verify-P256"), WARNING: line over 80 characters #59: FILE: target/s390x/cpu_features.c:327: +FEAT_INIT("kdsa-ecdsa-verify-p384", S390_FEAT_TYPE_KDSA, 2, "KDSA ECDSA-Verify-P384"), WARNING: line over 80 characters #60: FILE: target/s390x/cpu_features.c:328: +FEAT_INIT("kdsa-ecdsa-verify-p521", S390_FEAT_TYPE_KDSA, 3, "KDSA ECDSA-Verify-P521"), WARNING: line over 80 characters #61: FILE: target/s390x/cpu_features.c:329: +FEAT_INIT("kdsa-ecdsa-sign-p256", S390_FEAT_TYPE_KDSA, 9, "KDSA ECDSA-Sign-P256"), WARNING: line over 80 characters #62: FILE:
Re: [Qemu-devel] [PATCH 00/38] tcg vector improvements
On 20.04.19 09:34, Richard Henderson wrote: > Based-on: tcg-next, which at present is only tcg_gen_extract2. > > The dupm patches have been on list before, with a larger context > of supporting tcg/ppc. The rest of the set was written to support > David's s390 vector patches. In particular: > > (1) Add vector absolute value. > (2) Add vector shift by non-constant scalar. > (3) Add vector shift by vector. > (4) Add vector select. > (5) Be more precise in handling target-specific vector expansions. > > And then there's a set of bugs that I encountered while working > on this across x86, aa64, and ppc hosts. Tested primarily with > aa64 as the guest, via RISU. > > > r~ Hi Richard, what are your plans with this series? (and shlv and friends?) -- Thanks, David / dhildenb
Re: [Qemu-devel] [PATCH for-QEMU-4.1 v5 10/29] hw/arm: Express dependencies of stellaris with Kconfig
On 25/04/2019 23.41, Philippe Mathieu-Daudé wrote: > Hi Thomas, > > On 4/18/19 8:00 PM, Thomas Huth wrote: >> This patch is slightly based on earlier work by Ákos Kovács (i.e. >> his "hw/arm/Kconfig: Add ARM Kconfig" patch). >> >> Signed-off-by: Thomas Huth >> --- >> default-configs/arm-softmmu.mak | 7 +-- >> hw/arm/Kconfig | 10 ++ >> 2 files changed, 11 insertions(+), 6 deletions(-) >> >> diff --git a/default-configs/arm-softmmu.mak >> b/default-configs/arm-softmmu.mak >> index b7ed3c530b..3f82d635e4 100644 >> --- a/default-configs/arm-softmmu.mak >> +++ b/default-configs/arm-softmmu.mak >> @@ -16,6 +16,7 @@ CONFIG_MUSCA=y >> CONFIG_CHEETAH=y >> CONFIG_SX1=y >> CONFIG_NSERIES=y >> +CONFIG_STELLARIS=y >> >> CONFIG_VGA=y >> CONFIG_NAND=y >> @@ -24,16 +25,10 @@ CONFIG_SERIAL=y >> CONFIG_MAX7310=y >> CONFIG_TMP421=y >> CONFIG_PCA9552=y >> -CONFIG_STELLARIS=y >> -CONFIG_STELLARIS_INPUT=y >> -CONFIG_STELLARIS_ENET=y >> -CONFIG_SSD0303=y >> -CONFIG_SSD0323=y >> CONFIG_DDC=y >> CONFIG_SII9022=y >> CONFIG_ADS7846=y >> CONFIG_MAX111X=y >> -CONFIG_SSI_SD=y >> CONFIG_SSI_M25P80=y >> CONFIG_ALLWINNER_EMAC=y >> CONFIG_IMX_FEC=y >> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig >> index 71126254ff..b91503f5a6 100644 >> --- a/hw/arm/Kconfig >> +++ b/hw/arm/Kconfig >> @@ -91,6 +91,16 @@ config REALVIEW >> >> config STELLARIS >> bool >> +select ARM_V7M >> +select I2C >> +select PL011 # UART >> +select PL022 # Serial port >> +select PL061 # GPIO >> +select SSD0303 # OLED display >> +select SSD0323 # OLED display >> +select SSI_SD >> +select STELLARIS_INPUT >> +select STELLARIS_ENET # ethernet > > This one misses CMSDK_APB_WATCHDOG: > > $ qemu-system-aarch64 -M lm3s811evb > qemu-system-aarch64: Unknown device 'luminary-watchdog' for default sysbus > Aborted (core dumped) Oh, well, looks like this has just been added recently in commit 566528f823d1a2e9e, likely after I assembled and tested the initial version of this patch... Thanks for catching it, I'll apply your fix in v6! Thomas
Re: [Qemu-devel] [PATCH v3 4/9] s390x/cpumodel: msa9 facility
On 29.04.19 11:02, Christian Borntraeger wrote: > Provide the MSA9 facility (stfle.155). > This also contains pckmo functions for key wrapping. Keep them in a > separate group to disable those as a block if necessary. > > Signed-off-by: Christian Borntraeger > --- > target/s390x/cpu_features.c | 32 + > target/s390x/cpu_features.h | 1 + > target/s390x/cpu_features_def.h | 31 > target/s390x/cpu_models.c | 2 ++ > target/s390x/gen-features.c | 42 + > target/s390x/kvm.c | 6 + > 6 files changed, 114 insertions(+) > > diff --git a/target/s390x/cpu_features.c b/target/s390x/cpu_features.c > index bbd8902087..154e2bb354 100644 > --- a/target/s390x/cpu_features.c > +++ b/target/s390x/cpu_features.c > @@ -108,6 +108,7 @@ static const S390FeatDef s390_features[] = { > FEAT_INIT("irbm", S390_FEAT_TYPE_STFL, 145, > "Insert-reference-bits-multiple facility"), > FEAT_INIT("msa8-base", S390_FEAT_TYPE_STFL, 146, > "Message-security-assist-extension-8 facility (excluding subfunctions)"), > FEAT_INIT("cmmnt", S390_FEAT_TYPE_STFL, 147, "CMM: ESSA-enhancement (no > translate) facility"), > +FEAT_INIT("msa9-base", S390_FEAT_TYPE_STFL, 155, > "Message-security-assist-extension-9 facility (excluding subfunctions)"), > FEAT_INIT("etoken", S390_FEAT_TYPE_STFL, 156, "Etoken facility"), > > /* SCLP SCCB Byte 80 - 98 (bit numbers relative to byte-80) */ > @@ -242,6 +243,11 @@ static const S390FeatDef s390_features[] = { > FEAT_INIT("pckmo-aes-128", S390_FEAT_TYPE_PCKMO, 18, "PCKMO > Encrypted-AES-128-Key"), > FEAT_INIT("pckmo-aes-192", S390_FEAT_TYPE_PCKMO, 19, "PCKMO > Encrypted-AES-192-Key"), > FEAT_INIT("pckmo-aes-256", S390_FEAT_TYPE_PCKMO, 20, "PCKMO > Encrypted-AES-256-Key"), > +FEAT_INIT("pckmo-ecc-p256", S390_FEAT_TYPE_PCKMO, 32, "PCKMO > Encrypt-ECC-P256-Key"), > +FEAT_INIT("pckmo-ecc-p384", S390_FEAT_TYPE_PCKMO, 33, "PCKMO > Encrypt-ECC-P384-Key"), > +FEAT_INIT("pckmo-ecc-p521", S390_FEAT_TYPE_PCKMO, 34, "PCKMO > Encrypt-ECC-P521-Key"), > +FEAT_INIT("pckmo-ecc-ed25519", S390_FEAT_TYPE_PCKMO, 40 , "PCKMO > Encrypt-ECC-Ed25519-Key"), > +FEAT_INIT("pckmo-ecc-ed448", S390_FEAT_TYPE_PCKMO, 41 , "PCKMO > Encrypt-ECC-Ed448-Key"), > > FEAT_INIT("kmctr-dea", S390_FEAT_TYPE_KMCTR, 1, "KMCTR DEA"), > FEAT_INIT("kmctr-tdea-128", S390_FEAT_TYPE_KMCTR, 2, "KMCTR TDEA-128"), > @@ -298,6 +304,13 @@ static const S390FeatDef s390_features[] = { > FEAT_INIT("pcc-xts-aes-256", S390_FEAT_TYPE_PCC, 52, "PCC > Compute-XTS-Parameter-Using-AES-256"), > FEAT_INIT("pcc-xts-eaes-128", S390_FEAT_TYPE_PCC, 58, "PCC > Compute-XTS-Parameter-Using-Encrypted-AES-128"), > FEAT_INIT("pcc-xts-eaes-256", S390_FEAT_TYPE_PCC, 60, "PCC > Compute-XTS-Parameter-Using-Encrypted-AES-256"), > +FEAT_INIT("pcc-scalar-mult-p256", S390_FEAT_TYPE_PCC, 64, "PCC > Scalar-Multiply-P256"), > +FEAT_INIT("pcc-scalar-mult-p384", S390_FEAT_TYPE_PCC, 65, "PCC > Scalar-Multiply-P384"), > +FEAT_INIT("pcc-scalar-mult-p521", S390_FEAT_TYPE_PCC, 66, "PCC > Scalar-Multiply-P521"), > +FEAT_INIT("pcc-scalar-mult-ed25519", S390_FEAT_TYPE_PCC, 72, "PCC > Scalar-Multiply-Ed25519"), > +FEAT_INIT("pcc-scalar-mult-ed448", S390_FEAT_TYPE_PCC, 73, "PCC > Scalar-Multiply-Ed448"), > +FEAT_INIT("pcc-scalar-mult-x25519", S390_FEAT_TYPE_PCC, 80, "PCC > Scalar-Multiply-X25519"), > +FEAT_INIT("pcc-scalar-mult-x448", S390_FEAT_TYPE_PCC, 81, "PCC > Scalar-Multiply-X448"), > > FEAT_INIT("ppno-sha-512-drng", S390_FEAT_TYPE_PPNO, 3, "PPNO > SHA-512-DRNG"), > FEAT_INIT("prno-trng-qrtcr", S390_FEAT_TYPE_PPNO, 112, "PRNO > TRNG-Query-Raw-to-Conditioned-Ratio"), > @@ -309,6 +322,22 @@ static const S390FeatDef s390_features[] = { > FEAT_INIT("kma-gcm-eaes-128", S390_FEAT_TYPE_KMA, 26, "KMA > GCM-Encrypted-AES-128"), > FEAT_INIT("kma-gcm-eaes-192", S390_FEAT_TYPE_KMA, 27, "KMA > GCM-Encrypted-AES-192"), > FEAT_INIT("kma-gcm-eaes-256", S390_FEAT_TYPE_KMA, 28, "KMA > GCM-Encrypted-AES-256"), > + > +FEAT_INIT("kdsa-ecdsa-verify-p256", S390_FEAT_TYPE_KDSA, 1, "KDSA > ECDSA-Verify-P256"), > +FEAT_INIT("kdsa-ecdsa-verify-p384", S390_FEAT_TYPE_KDSA, 2, "KDSA > ECDSA-Verify-P384"), > +FEAT_INIT("kdsa-ecdsa-verify-p521", S390_FEAT_TYPE_KDSA, 3, "KDSA > ECDSA-Verify-P521"), > +FEAT_INIT("kdsa-ecdsa-sign-p256", S390_FEAT_TYPE_KDSA, 9, "KDSA > ECDSA-Sign-P256"), > +FEAT_INIT("kdsa-ecdsa-sign-p384", S390_FEAT_TYPE_KDSA, 10, "KDSA > ECDSA-Sign-P384"), > +FEAT_INIT("kdsa-ecdsa-sign-p521", S390_FEAT_TYPE_KDSA, 11, "KDSA > ECDSA-Sign-P521"), > +FEAT_INIT("kdsa-eecdsa-sign-p256", S390_FEAT_TYPE_KDSA, 17, "KDSA > Encrypted-ECDSA-Sign-P256"), > +FEAT_INIT("kdsa-eecdsa-sign-p384", S390_FEAT_TYPE_KDSA, 18, "KDSA > Encrypted-ECDSA-Sign-P384"), > +FEAT_INIT("kdsa-eecdsa-sign-p521",
Re: [Qemu-devel] [PATCH] vl: fix -sandbox parsing crash when seccomp support is disabled
On 29/04/2019 16:46, Marc-André Lureau wrote: > Hi > > On Mon, Apr 29, 2019 at 4:26 PM Laurent Vivier wrote: >> >> On 29/04/2019 15:47, Marc-André Lureau wrote: >>> $ ./x86_64-softmmu/qemu-system-x86_64 -sandbox off >>> qemu-system-x86_64: -sandbox off: There is no option group 'sandbox' >>> Segmentation fault >>> >>> Commit 5780760f5e ("seccomp: check TSYNC host capability") wrapped one >>> use of the sandbox option group to produce a sensible error, it didn't >>> do the same for another call to qemu_opts_parse_noisily(): >>> >>> (gdb) bt >>> at util/qemu-option.c:829 >>> #0 0x105b36d8 in opts_parse (list=0x0, params=0x3ab5 >>> "off", permit_abbrev=true, defaults=false, errp=0x3080) >>> at util/qemu-option.c:829 >>> #1 0x105b3b74 in qemu_opts_parse_noisily (list=, >>> params=, permit_abbrev=) at >>> util/qemu-option.c:890 >>> #2 0x10024964 in main (argc=, argv=>> out>, envp=) at vl.c:3589 >>> >>> Fixes: 5780760f5ea6163939a5dabe7427318b4f07d1a2 >>> Cc: da...@gibson.dropbear.id.au >>> Cc: ot...@redhat.com >>> Signed-off-by: Marc-André Lureau >>> --- >>> vl.c | 18 ++ >>> 1 file changed, 10 insertions(+), 8 deletions(-) >>> >>> diff --git a/vl.c b/vl.c >>> index 4019a4387d..5fc4994d3c 100644 >>> --- a/vl.c >>> +++ b/vl.c >>> @@ -3866,17 +3866,19 @@ int main(int argc, char **argv, char **envp) >>> qtest_log = optarg; >>> break; >>> case QEMU_OPTION_sandbox: >>> -#ifdef CONFIG_SECCOMP >>> -opts = qemu_opts_parse_noisily(qemu_find_opts("sandbox"), >>> - optarg, true); >>> +olist = qemu_find_opts("sandbox"); >>> +if (!olist) { >>> +#ifndef CONFIG_SECCOMP >> >> Why do you move the #ifdef? We have two separate error cases here. >> And it seems better no to check for "-sandbox" when seccomp is disabled. > > I tried to remove the #ifdef altogether to simplify the code, then > realized the error message could be useful. > > I don't think it's a problem to lookup "-sandbox" when seccomp is disabled. > ok, so: Reviewed-by: Laurent Vivier
[Qemu-devel] [PATCH 0/5] Remove bdrv_read() and bdrv_write()
Hi, this API only had a few users left so it can be easily removed. Regards, Berto Alberto Garcia (5): qcow2: Replace bdrv_write() with bdrv_pwrite() vdi: Replace bdrv_{read,write}() with bdrv_{pread,pwrite}() vvfat: Replace bdrv_{read,write}() with bdrv_{pread,pwrite}() block: Remove bdrv_read() and bdrv_write() qcow2: Remove BDRVQcow2State.cluster_sectors block/io.c | 36 block/qcow2-refcount.c | 4 ++-- block/qcow2.c | 1 - block/qcow2.h | 1 - block/vdi.c| 11 ++- block/vvfat.c | 10 ++ include/block/block.h | 4 7 files changed, 14 insertions(+), 53 deletions(-) -- 2.11.0
[Qemu-devel] [PATCH 5/5] qcow2: Remove BDRVQcow2State.cluster_sectors
The last user of this field disappeared when we replace the sector-based bdrv_write() with the byte-based bdrv_pwrite(). Signed-off-by: Alberto Garcia --- block/qcow2.c | 1 - block/qcow2.h | 1 - 2 files changed, 2 deletions(-) diff --git a/block/qcow2.c b/block/qcow2.c index 3ace3b2209..3a3240fcca 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -1259,7 +1259,6 @@ static int coroutine_fn qcow2_do_open(BlockDriverState *bs, QDict *options, s->cluster_bits = header.cluster_bits; s->cluster_size = 1 << s->cluster_bits; -s->cluster_sectors = 1 << (s->cluster_bits - BDRV_SECTOR_BITS); /* Initialise version 3 header fields */ if (header.version == 2) { diff --git a/block/qcow2.h b/block/qcow2.h index fdee297f33..e62508d1ce 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -266,7 +266,6 @@ typedef struct Qcow2BitmapHeaderExt { typedef struct BDRVQcow2State { int cluster_bits; int cluster_size; -int cluster_sectors; int l2_slice_size; int l2_bits; int l2_size; -- 2.11.0
[Qemu-devel] [PATCH 2/5] vdi: Replace bdrv_{read, write}() with bdrv_{pread, pwrite}()
There's only a couple of bdrv_read() and bdrv_write() calls left in the vdi code, and they can be trivially replaced with the byte-based bdrv_pread() and bdrv_pwrite(). Signed-off-by: Alberto Garcia --- block/vdi.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/block/vdi.c b/block/vdi.c index e1c42ad732..8d849b2754 100644 --- a/block/vdi.c +++ b/block/vdi.c @@ -384,7 +384,7 @@ static int vdi_open(BlockDriverState *bs, QDict *options, int flags, logout("\n"); -ret = bdrv_read(bs->file, 0, (uint8_t *), 1); +ret = bdrv_pread(bs->file, 0, (uint8_t *), sizeof(header)); if (ret < 0) { goto fail; } @@ -484,8 +484,8 @@ static int vdi_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } -ret = bdrv_read(bs->file, s->bmap_sector, (uint8_t *)s->bmap, -bmap_size); +ret = bdrv_pread(bs->file, header.offset_bmap, (uint8_t *)s->bmap, + bmap_size * SECTOR_SIZE); if (ret < 0) { goto fail_free_bmap; } @@ -704,7 +704,7 @@ nonallocating_write: assert(VDI_IS_ALLOCATED(bmap_first)); *header = s->header; vdi_header_to_le(header); -ret = bdrv_write(bs->file, 0, block, 1); +ret = bdrv_pwrite(bs->file, 0, block, sizeof(*block)); g_free(block); block = NULL; @@ -722,7 +722,8 @@ nonallocating_write: base = ((uint8_t *)>bmap[0]) + bmap_first * SECTOR_SIZE; logout("will write %u block map sectors starting from entry %u\n", n_sectors, bmap_first); -ret = bdrv_write(bs->file, offset, base, n_sectors); +ret = bdrv_pwrite(bs->file, offset * SECTOR_SIZE, base, + n_sectors * SECTOR_SIZE); } return ret; -- 2.11.0
[Qemu-devel] [PATCH 3/5] vvfat: Replace bdrv_{read, write}() with bdrv_{pread, pwrite}()
There's only a couple of bdrv_read() and bdrv_write() calls left in the vvfat code, and they can be trivially replaced with the byte-based bdrv_pread() and bdrv_pwrite(). Signed-off-by: Alberto Garcia --- block/vvfat.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/block/vvfat.c b/block/vvfat.c index 5f66787890..35c7e2761f 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -1494,8 +1494,8 @@ static int vvfat_read(BlockDriverState *bs, int64_t sector_num, DLOG(fprintf(stderr, "sectors %" PRId64 "+%" PRId64 " allocated\n", sector_num, n >> BDRV_SECTOR_BITS)); -if (bdrv_read(s->qcow, sector_num, buf + i * 0x200, - n >> BDRV_SECTOR_BITS)) { +if (bdrv_pread(s->qcow, sector_num * BDRV_SECTOR_SIZE, + buf + i * 0x200, n)) { return -1; } i += (n >> BDRV_SECTOR_BITS) - 1; @@ -1983,7 +1983,8 @@ static uint32_t get_cluster_count_for_direntry(BDRVVVFATState* s, if (res) { return -1; } -res = bdrv_write(s->qcow, offset, s->cluster_buffer, 1); +res = bdrv_pwrite(s->qcow, offset * BDRV_SECTOR_SIZE, + s->cluster_buffer, BDRV_SECTOR_SIZE); if (res) { return -2; } @@ -3050,7 +3051,8 @@ DLOG(checkpoint()); * Use qcow backend. Commit later. */ DLOG(fprintf(stderr, "Write to qcow backend: %d + %d\n", (int)sector_num, nb_sectors)); -ret = bdrv_write(s->qcow, sector_num, buf, nb_sectors); +ret = bdrv_pwrite(s->qcow, sector_num * BDRV_SECTOR_SIZE, buf, + nb_sectors * BDRV_SECTOR_SIZE); if (ret < 0) { fprintf(stderr, "Error writing to qcow backend\n"); return ret; -- 2.11.0
[Qemu-devel] [PATCH 1/5] qcow2: Replace bdrv_write() with bdrv_pwrite()
There's only one bdrv_write() call left in the qcow2 code, and it can be trivially replaced with the byte-based bdrv_pwrite(). Signed-off-by: Alberto Garcia --- block/qcow2-refcount.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index e0fe322500..83f66eed7a 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -2409,8 +2409,8 @@ write_refblocks: on_disk_refblock = (void *)((char *) *refcount_table + refblock_index * s->cluster_size); -ret = bdrv_write(bs->file, refblock_offset / BDRV_SECTOR_SIZE, - on_disk_refblock, s->cluster_sectors); +ret = bdrv_pwrite(bs->file, refblock_offset, on_disk_refblock, + s->cluster_size); if (ret < 0) { fprintf(stderr, "ERROR writing refblock: %s\n", strerror(-ret)); goto fail; -- 2.11.0
[Qemu-devel] [PATCH 4/5] block: Remove bdrv_read() and bdrv_write()
No one is using these functions anymore, all callers have switched to the byte-based bdrv_pread() and bdrv_pwrite() Signed-off-by: Alberto Garcia --- block/io.c| 36 include/block/block.h | 4 2 files changed, 40 deletions(-) diff --git a/block/io.c b/block/io.c index dfc153b8d8..adf759171a 100644 --- a/block/io.c +++ b/block/io.c @@ -837,42 +837,6 @@ static int bdrv_prwv_co(BdrvChild *child, int64_t offset, return rwco.ret; } -/* - * Process a synchronous request using coroutines - */ -static int bdrv_rw_co(BdrvChild *child, int64_t sector_num, uint8_t *buf, - int nb_sectors, bool is_write, BdrvRequestFlags flags) -{ -QEMUIOVector qiov = QEMU_IOVEC_INIT_BUF(qiov, buf, -nb_sectors * BDRV_SECTOR_SIZE); - -if (nb_sectors < 0 || nb_sectors > BDRV_REQUEST_MAX_SECTORS) { -return -EINVAL; -} - -return bdrv_prwv_co(child, sector_num << BDRV_SECTOR_BITS, -, is_write, flags); -} - -/* return < 0 if error. See bdrv_write() for the return codes */ -int bdrv_read(BdrvChild *child, int64_t sector_num, - uint8_t *buf, int nb_sectors) -{ -return bdrv_rw_co(child, sector_num, buf, nb_sectors, false, 0); -} - -/* Return < 0 if error. Important errors are: - -EIO generic I/O error (may happen for all errors) - -ENOMEDIUM No media inserted. - -EINVAL Invalid sector number or nb_sectors - -EACCES Trying to write a read-only device -*/ -int bdrv_write(BdrvChild *child, int64_t sector_num, - const uint8_t *buf, int nb_sectors) -{ -return bdrv_rw_co(child, sector_num, (uint8_t *)buf, nb_sectors, true, 0); -} - int bdrv_pwrite_zeroes(BdrvChild *child, int64_t offset, int bytes, BdrvRequestFlags flags) { diff --git a/include/block/block.h b/include/block/block.h index c7a26199aa..5e2b98b0ee 100644 --- a/include/block/block.h +++ b/include/block/block.h @@ -316,10 +316,6 @@ int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue *queue, Error **errp); void bdrv_reopen_commit(BDRVReopenState *reopen_state); void bdrv_reopen_abort(BDRVReopenState *reopen_state); -int bdrv_read(BdrvChild *child, int64_t sector_num, - uint8_t *buf, int nb_sectors); -int bdrv_write(BdrvChild *child, int64_t sector_num, - const uint8_t *buf, int nb_sectors); int bdrv_pwrite_zeroes(BdrvChild *child, int64_t offset, int bytes, BdrvRequestFlags flags); int bdrv_make_zero(BdrvChild *child, BdrvRequestFlags flags); -- 2.11.0
Re: [Qemu-devel] [Qemu-arm] [PATCH v3 00/12] hw: Remove "hw/devices.h"
On 4/29/19 6:51 PM, Peter Maydell wrote: > On Fri, 12 Apr 2019 at 17:55, Philippe Mathieu-Daudé > wrote: >> >> Hi, >> >> As his first comment describes itself, the "hw/devices.h" contains >> declarations for "Devices that have nowhere better to go." >> This series remove it, creating new headers for devices covered there. >> MAINTAINERS is updated. >> I also included 2 cleanups while working on this, in "qemu/typedefs.h" >> and "hw/net/ne2000-isa.h" header guard. >> >> v3: >> - rebased >> - added 2 patches suggested by Markus >> - addressed Markus review comments >> - added Markus's R-b > > Since these are almost all arm devices I'll take this via the > target-arm tree (I'm going to make a pullreq later today). Thanks Peter!
Re: [Qemu-devel] [PATCH] configure: Remove --source-path option
On Thu, 25 Apr 2019 at 17:42, Antonio Ospite wrote: > Now that 4.0 has been released, maybe we can move on with this minor change. > > I will send a fix for https://bugs.launchpad.net/qemu/+bug/1817345 after > this patch lands. This patch has just gone in to master, so that should be ok for you to rebase your patch on now. thanks -- PMM
Re: [Qemu-devel] [PULL 00/42] target-arm queue
On Mon, 29 Apr 2019 at 18:00, Peter Maydell wrote: > > First pullreq for arm of the 4.1 series, since I'm back from > holiday now. This is mostly my M-profile FPU series and Philippe's > devices.h cleanup. I have a pile of other patchsets to work through > in my to-review folder, but 42 patches is definitely quite > big enough to send now... > > thanks > -- PMM > > The following changes since commit 413a99a92c13ec408dcf2adaa87918dc81e890c8: > > Add Nios II semihosting support. (2019-04-29 16:09:51 +0100) > > are available in the Git repository at: > > https://git.linaro.org/people/pmaydell/qemu-arm.git > tags/pull-target-arm-20190429 > > for you to fetch changes up to 437cc27ddfded3bbab6afd5ac1761e0e195edba7: > > hw/devices: Move SMSC 91C111 declaration into a new header (2019-04-29 > 17:57:21 +0100) > > > target-arm queue: > * remove "bag of random stuff" hw/devices.h header > * implement FPU for Cortex-M and enable it for Cortex-M4 and -M33 > * hw/dma: Compile the bcm2835_dma device as common object > * configure: Remove --source-path option > * hw/ssi/xilinx_spips: Avoid variable length array > * hw/arm/smmuv3: Remove SMMUNotifierNode > Applied, thanks. Please update the changelog at https://wiki.qemu.org/ChangeLog/4.1 for any user-visible changes. -- PMM
Re: [Qemu-devel] [PATCH 18/26] target/sh4: Convert to CPUClass::tlb_fill
On Wed, 3 Apr 2019 at 05:01, Richard Henderson wrote: > > Cc: Aurelien Jarno > Signed-off-by: Richard Henderson > --- Reviewed-by: Peter Maydell thanks -- PMM
Re: [Qemu-devel] [PATCH] usb/xchi: avoid trigger assertion if guest write wrong epid
Patchew URL: https://patchew.org/QEMU/1556523569-44480-1-git-send-email-longpe...@huawei.com/ Hi, This series failed the asan build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #!/bin/bash time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1 === TEST SCRIPT END === The full log is available at http://patchew.org/logs/1556523569-44480-1-git-send-email-longpe...@huawei.com/testing.asan/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-de...@redhat.com
Re: [Qemu-devel] Following up questions related to QEMU and I/O Thread
Thanks Stefan! Does this mean the performance could be improved via adding Batch I/O submission support in Guest driver side which will be able to reduce the number of virtqueue kicks? Thanks, Wei On 4/29/19, 6:40 AM, "Stefan Hajnoczi" wrote: On Fri, Apr 26, 2019 at 10:14:16AM +0200, Paolo Bonzini wrote: > On 23/04/19 14:04, Stefan Hajnoczi wrote: > >> In addition, does Virtio-scsi support Batch I/O Submission feature > >> which may be able to increase the IOPS via reducing the number of > >> system calls? > > > > I don't see obvious batching support in drivers/scsi/virtio_scsi.c. > > The Linux block layer supports batching but I'm not sure if the SCSI > > layer does. > > I think he's referring to QEMU, in which case yes, virtio-scsi does > batch I/O submission. See virtio_scsi_handle_cmd_req_prepare and > virtio_scsi_handle_cmd_req_submit in hw/scsi/virtio-scsi.c, they do > blk_io_plug and blk_io_unplug in order to batch I/O requests from QEMU > to the host kernel. This isn't fully effective since the guest driver kicks once per request. Therefore QEMU-level batching you mentioned only works if QEMU is slower at handling virtqueue kicks than the guest is at submitting requests. I wonder if this is something that can be improved. Stefan
[Qemu-devel] [Bug 1818937] Re: Crash with HV_ERROR on macOS host
^This is on version: % qemu-system-x86_64 --version QEMU emulator version 4.0.50 (v4.0.0-rc4-52-g3284aa1281-dirty) Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1818937 Title: Crash with HV_ERROR on macOS host Status in QEMU: New Bug description: On macOS host running Windows 10 guest, qemu crashed with error message: Error: HV_ERROR. Host: macOS Mojave 10.14.3 (18D109) Late 2014 Mac mini presumably Core i5 4278U. QEMU: git commit a3e3b0a7bd5de211a62cdf2d6c12b96d3c403560 QEMU parameter: qemu-system-x86_64 -m 3000 -drive file=disk.img,if=virtio,discard=unmap -accel hvf -soundhw hda -smp 3 thread list Process 56054 stopped thread #1: tid = 0x2ffec8, 0x7fff48d0805a vImage`vLookupTable_Planar16 + 970, queue = 'com.apple.main-thread' thread #2: tid = 0x2ffecc, 0x7fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 thread #3: tid = 0x2ffecd, 0x7fff79d715aa libsystem_kernel.dylib`__select + 10 thread #4: tid = 0x2ffece, 0x7fff79d71d9a libsystem_kernel.dylib`__sigwait + 10 * thread #6: tid = 0x2ffed0, 0x7fff79d7023e libsystem_kernel.dylib`__pthread_kill + 10, stop reason = signal SIGABRT thread #7: tid = 0x2ffed1, 0x7fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 thread #8: tid = 0x2ffed2, 0x7fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 thread #11: tid = 0x2fff34, 0x7fff79d6a17a libsystem_kernel.dylib`mach_msg_trap + 10, name = 'com.apple.NSEventThread' thread #30: tid = 0x300c04, 0x7fff79e233f8 libsystem_pthread.dylib`start_wqthread thread #31: tid = 0x300c16, 0x7fff79e233f8 libsystem_pthread.dylib`start_wqthread thread #32: tid = 0x300c17, 0x thread #33: tid = 0x300c93, 0x7fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 Crashed thread: * thread #6, stop reason = signal SIGABRT * frame #0: 0x7fff79d7023e libsystem_kernel.dylib`__pthread_kill + 10 frame #1: 0x7fff79e26c1c libsystem_pthread.dylib`pthread_kill + 285 frame #2: 0x7fff79cd91c9 libsystem_c.dylib`abort + 127 frame #3: 0x00010baa476d qemu-system-x86_64`assert_hvf_ok(ret=) at hvf.c:106 [opt] frame #4: 0x00010baa4c8f qemu-system-x86_64`hvf_vcpu_exec(cpu=0x7f8e5283de00) at hvf.c:681 [opt] frame #5: 0x00010b988423 qemu-system-x86_64`qemu_hvf_cpu_thread_fn(arg=0x7f8e5283de00) at cpus.c:1636 [opt] frame #6: 0x00010bd9dfce qemu-system-x86_64`qemu_thread_start(args=) at qemu-thread-posix.c:502 [opt] frame #7: 0x7fff79e24305 libsystem_pthread.dylib`_pthread_body + 126 frame #8: 0x7fff79e2726f libsystem_pthread.dylib`_pthread_start + 70 frame #9: 0x7fff79e23415 libsystem_pthread.dylib`thread_start + 13 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1818937/+subscriptions
[Qemu-devel] [Bug 1818937] Re: Crash with HV_ERROR on macOS host
I can reproduce this by booting the Windows 10 x64 install ISO with the command line: + WINIMG=Win10.iso + VIRTIMG=virtio-win-0.1.164.iso + qemu-system-x86_64 -accel hvf -drive driver=raw,file=Win10.img,if=virtio -m 1536 -net nic,model=virtio -net user -cdrom Win10.iso -drive file=virtio-win-0.1.164.iso,index=3,media=cdrom -rtc base=localtime,clock=host -smp cores=2 -usb -device usb-tablet -net user qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.8001H:ECX.svm [bit 2] qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.8001H:ECX.svm [bit 2] Unimplemented handler (f80641601c38) for 0 (f 11) Unimplemented handler (f8064160192f) for 0 (f 7f) qemu-system-x86_64: Error: HV_ERROR ./qemu-boot.sh: line 20: 32294 Abort trap: 6 qemu-system-x86_64 -accel hvf -drive driver=raw,file=Win10.img,if=virtio -m 1536 -net nic,model=virtio -net user -cdrom ${WINIMG} -drive file=${VIRTIMG},index=3,media=cdrom -rtc base=localtime,clock=host -smp cores=2 -usb -device usb-tablet -net user ** Attachment added: "Crash log" https://bugs.launchpad.net/qemu/+bug/1818937/+attachment/5260023/+files/crash_log.txt -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1818937 Title: Crash with HV_ERROR on macOS host Status in QEMU: New Bug description: On macOS host running Windows 10 guest, qemu crashed with error message: Error: HV_ERROR. Host: macOS Mojave 10.14.3 (18D109) Late 2014 Mac mini presumably Core i5 4278U. QEMU: git commit a3e3b0a7bd5de211a62cdf2d6c12b96d3c403560 QEMU parameter: qemu-system-x86_64 -m 3000 -drive file=disk.img,if=virtio,discard=unmap -accel hvf -soundhw hda -smp 3 thread list Process 56054 stopped thread #1: tid = 0x2ffec8, 0x7fff48d0805a vImage`vLookupTable_Planar16 + 970, queue = 'com.apple.main-thread' thread #2: tid = 0x2ffecc, 0x7fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 thread #3: tid = 0x2ffecd, 0x7fff79d715aa libsystem_kernel.dylib`__select + 10 thread #4: tid = 0x2ffece, 0x7fff79d71d9a libsystem_kernel.dylib`__sigwait + 10 * thread #6: tid = 0x2ffed0, 0x7fff79d7023e libsystem_kernel.dylib`__pthread_kill + 10, stop reason = signal SIGABRT thread #7: tid = 0x2ffed1, 0x7fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 thread #8: tid = 0x2ffed2, 0x7fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 thread #11: tid = 0x2fff34, 0x7fff79d6a17a libsystem_kernel.dylib`mach_msg_trap + 10, name = 'com.apple.NSEventThread' thread #30: tid = 0x300c04, 0x7fff79e233f8 libsystem_pthread.dylib`start_wqthread thread #31: tid = 0x300c16, 0x7fff79e233f8 libsystem_pthread.dylib`start_wqthread thread #32: tid = 0x300c17, 0x thread #33: tid = 0x300c93, 0x7fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10 Crashed thread: * thread #6, stop reason = signal SIGABRT * frame #0: 0x7fff79d7023e libsystem_kernel.dylib`__pthread_kill + 10 frame #1: 0x7fff79e26c1c libsystem_pthread.dylib`pthread_kill + 285 frame #2: 0x7fff79cd91c9 libsystem_c.dylib`abort + 127 frame #3: 0x00010baa476d qemu-system-x86_64`assert_hvf_ok(ret=) at hvf.c:106 [opt] frame #4: 0x00010baa4c8f qemu-system-x86_64`hvf_vcpu_exec(cpu=0x7f8e5283de00) at hvf.c:681 [opt] frame #5: 0x00010b988423 qemu-system-x86_64`qemu_hvf_cpu_thread_fn(arg=0x7f8e5283de00) at cpus.c:1636 [opt] frame #6: 0x00010bd9dfce qemu-system-x86_64`qemu_thread_start(args=) at qemu-thread-posix.c:502 [opt] frame #7: 0x7fff79e24305 libsystem_pthread.dylib`_pthread_body + 126 frame #8: 0x7fff79e2726f libsystem_pthread.dylib`_pthread_start + 70 frame #9: 0x7fff79e23415 libsystem_pthread.dylib`thread_start + 13 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1818937/+subscriptions
[Qemu-devel] [Bug 1826599] Re: qemu crashes with HV_ERROR with any guest when using HVF on macos
*** This bug is a duplicate of bug 1818937 *** https://bugs.launchpad.net/bugs/1818937 ** This bug has been marked a duplicate of bug 1818937 Crash with HV_ERROR on macOS host -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1826599 Title: qemu crashes with HV_ERROR with any guest when using HVF on macos Status in QEMU: New Bug description: qemu reliably crashes (after some unknown amount of time) for any guest I've run on macOS (10.14.4) with HVF acceleration. I'm using the latest development tree: % qemu-system-x86_64 --version QEMU emulator version 4.0.50 (v4.0.0-rc4-52-g3284aa1281-dirty) Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers I'm currently running Haiku. After booting and running normally for a few minutes, it abruptly crashes and shows this error on stdout (I'm including the command line arguments): + ISO=haiku-release-anyboot.iso + ACCEL='-accel hvf -machine type=q35,accel=hvf' + MEM='-m 1G' + SMP='-c 2' + NET='-device virtio-net,netdev=vmnic -netdev user,id=vmnic' + IMG_CD='-cdrom haiku-release-anyboot.iso' + IMG_HDD='-device virtio-scsi-pci,id=scsi -drive if=none,id=vd0,file=haiku.img,format=raw -device scsi-hd,drive=vd0' + DISPLAY='-usb -device usb-tablet' + qemu-system-x86_64 -accel hvf -machine type=q35,accel=hvf -usb -device usb-tablet -m 1G -device virtio-net,netdev=vmnic -netdev user,id=vmnic -device virtio-scsi-pci,id=scsi -drive if=none,id=vd0,file=haiku.img,format=raw -device scsi-hd,drive=vd0 qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.8001H:ECX.svm [bit 2] qemu-system-x86_64: Error: HV_ERROR ./qemu-boot.sh: line 19: 67497 Abort trap: 6 qemu-system-x86_64 $ACCEL $CPU $EFI $DISPLAY $MEM $NET $IMG_HDD To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1826599/+subscriptions
Re: [Qemu-devel] Following up questions related to QEMU and I/O Thread
Thanks Paolo for your clarification! Just wanted to double confirm, does this mean batch I/O submission won't apply to aio=threads (which is the default mode)? Thanks, Wei On 4/26/19, 9:25 PM, "Paolo Bonzini" wrote: > Thanks Stefan and Paolo for your response and advice! > > Hi Paolo, > > As to the virtio-scsi batch I/O submission feature in QEMU which you > mentioned, is this feature turned on by default in QEMU 2.9 or there is a > tunable parameters to turn on/off the feature? Yes, it is available by default since 2.2.0. It cannot be turned off, however it is only possible to batch I/O with aio=native (and, since 2.12.0, with the NVMe backend). Paolo
Re: [Qemu-devel] [PATCH 03/26] target/alpha: Convert to CPUClass::tlb_fill
On Wed, 3 Apr 2019 at 04:49, Richard Henderson wrote: > > Signed-off-by: Richard Henderson > --- > target/alpha/cpu.h| 5 ++-- > target/alpha/cpu.c| 5 ++-- > target/alpha/helper.c | 50 +++ > target/alpha/mem_helper.c | 16 - > 4 files changed, 35 insertions(+), 41 deletions(-) Reviewed-by: Peter Maydell thanks -- PMM
Re: [Qemu-devel] [PATCH 3/3] hw/dma: Do not build the xlnx_dpdma device for the MicroBlaze machines
On Sat, Apr 27, 2019 at 7:15 AM Philippe Mathieu-Daudé wrote: > > The xlnx_dpdma device is only used by the ZynqMP AArch64 machine > (not the MicroBlaze PMU). Remove it from the ZynqMP generic objects. > (Note, this entry was duplicated for the AArch64). > > Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Alistair > --- > hw/dma/Makefile.objs | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/hw/dma/Makefile.objs b/hw/dma/Makefile.objs > index 79affecc390..a5b1276f52a 100644 > --- a/hw/dma/Makefile.objs > +++ b/hw/dma/Makefile.objs > @@ -8,7 +8,6 @@ common-obj-$(CONFIG_XILINX_AXI) += xilinx_axidma.o > common-obj-$(CONFIG_ZYNQ_DEVCFG) += xlnx-zynq-devcfg.o > common-obj-$(CONFIG_ETRAXFS) += etraxfs_dma.o > common-obj-$(CONFIG_STP2000) += sparc32_dma.o > -obj-$(CONFIG_XLNX_ZYNQMP) += xlnx_dpdma.o > obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx_dpdma.o > common-obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zdma.o > > -- > 2.20.1 > >
Re: [Qemu-devel] [PATCH 1/3] hw/Kconfig: Move the generic XLNX_ZYNQMP to the root hw/Kconfig
On Sat, Apr 27, 2019 at 7:15 AM Philippe Mathieu-Daudé wrote: > > The XLNX_ZYNQMP config is used in multiple subdirectories > (timer, intc). Move it to the root hw/Kconfig. > > Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Alistair > --- > hw/Kconfig | 3 +++ > hw/timer/Kconfig | 3 --- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/hw/Kconfig b/hw/Kconfig > index 88b9f150070..c3c78f43eb5 100644 > --- a/hw/Kconfig > +++ b/hw/Kconfig > @@ -72,3 +72,6 @@ config XILINX > config XILINX_AXI > bool > select PTIMER # for hw/dma/xilinx_axidma.c > + > +config XLNX_ZYNQMP > +bool > diff --git a/hw/timer/Kconfig b/hw/timer/Kconfig > index 51921eb63f1..eefc95f35ec 100644 > --- a/hw/timer/Kconfig > +++ b/hw/timer/Kconfig > @@ -34,9 +34,6 @@ config TWL92230 > bool > depends on I2C > > -config XLNX_ZYNQMP > -bool > - > config ALTERA_TIMER > bool > select PTIMER > -- > 2.20.1 > >
Re: [Qemu-devel] [PATCH 26/26] tcg: Use tlb_fill probe from tlb_vaddr_to_host
On Wed, 3 Apr 2019 at 05:05, Richard Henderson wrote: > > Most of the existing users would continue around a loop which > would fault the tlb entry in via a normal load/store. But for > SVE we have a true non-faulting case which requires the new > probing form of tlb_fill. So am I right in thinking that this fixes a bug where we previously would mark a load as faulted if the memory happened not to be in the TLB, whereas now we will correctly pull in the TLB entry and do the load ? (Since guest code ought to be handling the "non-first-load faulted" case by looping round or otherwise arranging to retry, nothing in practice would have noticed this bug, right?) > Signed-off-by: Richard Henderson > --- > include/exec/cpu_ldst.h | 40 > accel/tcg/cputlb.c | 69 - > target/arm/sve_helper.c | 6 +--- > 3 files changed, 68 insertions(+), 47 deletions(-) > > diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h > index d78041d7a0..be8c3f4da2 100644 > --- a/include/exec/cpu_ldst.h > +++ b/include/exec/cpu_ldst.h > @@ -440,43 +440,15 @@ static inline CPUTLBEntry *tlb_entry(CPUArchState *env, > uintptr_t mmu_idx, > * This is the equivalent of the initial fast-path code used by > * TCG backends for guest load and store accesses. > */ The doc comment which this is the last two lines of needs updating, I think -- with the changed implementation it's no longer just the equivalent of the fast-path bit of code, and it doesn't return NULL on a TLB miss any more. Otherwise Reviewed-by: Peter Maydell thanks -- PMM
Re: [Qemu-devel] [PATCH 24/26] tcg: Use CPUClass::tlb_fill in cputlb.c
On Wed, 3 Apr 2019 at 05:05, Richard Henderson wrote: > > We can now use the CPUClass hook instead of a named function. > > Create a static tlb_fill function to avoid other changes within > cputlb.c. This also which also isolates the asserts implied. I'm not sure what this sentence is trying to say ? > Remove the named tlb_fill function from all of the targets. > > Signed-off-by: Richard Henderson otherwise Reviewed-by: Peter Maydell thanks -- PMM
Re: [Qemu-devel] [PATCH 02/26] tcg: Add CPUClass::tlb_fill
On Wed, 3 Apr 2019 at 04:49, Richard Henderson wrote: > > This hook will replace the (user-only mode specific) handle_mmu_fault > hook, and the (system mode specific) tlb_fill function. > > The handle_mmu_fault hook was written as if there was a valid > way to recover from an mmu fault, and had 3 possible return states. > In reality, the only valid action is to raise an exception, > return to the main loop, and delver the SIGSEGV to the guest. "deliver" You might also mention here that all of the implementations of handle_mmu_fault for guest architectures which support linux-user do in fact only ever return 1. > > Using the hook for system mode requires that all targets be converted, > so for now the hook is (optionally) used only from user-only mode. > > Signed-off-by: Richard Henderson > --- > include/qom/cpu.h | 9 + > accel/tcg/user-exec.c | 42 ++ > 2 files changed, 23 insertions(+), 28 deletions(-) > > diff --git a/include/qom/cpu.h b/include/qom/cpu.h > index 1d6099e5d4..7e96a0aed3 100644 > --- a/include/qom/cpu.h > +++ b/include/qom/cpu.h > @@ -119,6 +119,12 @@ struct TranslationBlock; > * will need to do more. If this hook is not implemented then the > * default is to call @set_pc(tb->pc). > * @handle_mmu_fault: Callback for handling an MMU fault. > + * @tlb_fill: Callback for handling a softmmu tlb miss or user-only > + * address fault. For system mode, if the access is valid, call > + * tlb_set_page and return true; if the access is invalid, and > + * probe is true, return false; otherwise raise an exception and > + * do not return. For user-only mode, always raise an exception > + * and do not return. > * @get_phys_page_debug: Callback for obtaining a physical address. > * @get_phys_page_attrs_debug: Callback for obtaining a physical address and > the > * associated memory transaction attributes to use for the access. > @@ -194,6 +200,9 @@ typedef struct CPUClass { > void (*synchronize_from_tb)(CPUState *cpu, struct TranslationBlock *tb); > int (*handle_mmu_fault)(CPUState *cpu, vaddr address, int size, int rw, > int mmu_index); > +bool (*tlb_fill)(CPUState *cpu, vaddr address, int size, > + MMUAccessType access_type, int mmu_idx, > + bool probe, uintptr_t retaddr); > hwaddr (*get_phys_page_debug)(CPUState *cpu, vaddr addr); > hwaddr (*get_phys_page_attrs_debug)(CPUState *cpu, vaddr addr, > MemTxAttrs *attrs); > diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c > index fa9380a380..f13c0b2b67 100644 > --- a/accel/tcg/user-exec.c > +++ b/accel/tcg/user-exec.c > @@ -65,6 +65,7 @@ static inline int handle_cpu_signal(uintptr_t pc, siginfo_t > *info, > CPUClass *cc; > int ret; > unsigned long address = (unsigned long)info->si_addr; > +MMUAccessType access_type; > > /* We must handle PC addresses from two different sources: > * a call return address and a signal frame address. > @@ -151,40 +152,25 @@ static inline int handle_cpu_signal(uintptr_t pc, > siginfo_t *info, > #if TARGET_LONG_BITS == 32 && HOST_LONG_BITS == 64 > g_assert(h2g_valid(address)); > #endif > - > -/* Convert forcefully to guest address space, invalid addresses > - are still valid segv ones */ This comment is still valid so I don't think it should be deleted. > address = h2g_nocheck(address); Otherwise Reviewed-by: Peter Maydell thanks -- PMM
Re: [Qemu-devel] [PATCH v5 07/10] qcow2: qcow2_co_preadv: improve locking
On 29.04.19 18:37, Max Reitz wrote: > On 02.04.19 17:37, Vladimir Sementsov-Ogievskiy wrote: >> Background: decryption will be done in threads, to take benefit of it, >> we should move it out of the lock first. > > ...which is safe after your commit c972fa123c73501b4, I presume. > > (At first glance, the patched looked a bit weird to me because it > doesn't give a reason why dropping the lock around > qcrypto_block_decrypt() would be OK.) On second thought, I guess the actual reason it's safe is because the crypto code never yields. Max >> But let's go further: it turns out, that for locking around switch >> cases we have only two variants: when we just do memset(0) not >> releasing the lock (it is useless) and when we actually can handle the >> whole case out of the lock. So, refactor the whole thing to reduce >> locked code region and make it clean. >> >> Signed-off-by: Vladimir Sementsov-Ogievskiy >> Reviewed-by: Alberto Garcia >> --- >> block/qcow2.c | 46 ++ >> 1 file changed, 22 insertions(+), 24 deletions(-) >> >> diff --git a/block/qcow2.c b/block/qcow2.c >> index 46e8e39da5..fcf92a7eb6 100644 >> --- a/block/qcow2.c >> +++ b/block/qcow2.c >> @@ -1983,6 +1983,7 @@ static coroutine_fn int >> qcow2_co_preadv(BlockDriverState *bs, uint64_t offset, >> >> ret = qcow2_get_cluster_offset(bs, offset, _bytes, >> _offset); > > Isn't this the only function in the loop that actually needs the lock? > Wouldn't it make more sense to just take it around this call? > > Max > >> if (ret < 0) { >> +qemu_co_mutex_unlock(>lock); >> goto fail; >> } >> > signature.asc Description: OpenPGP digital signature
Re: [Qemu-devel] [PATCH v5 00/10] qcow2: encryption threads
On 02.04.19 17:37, Vladimir Sementsov-Ogievskiy wrote: > v5: rebase on master, some conflicts resolved due to data-file feature > > 01: new patch, just move test from cover letter to a file. I really hope that > it > will not hang the whole series, so, if we don't want it as is or with > really > tiny improvements, I'd prefer to skip it and queue 02-10 first. > 09: "true" parameter added to moved qcow2_pre_write_overlap_check() call due > to > rebase on master (both before and after patch). Seems OK, so keep > Alberto's r-b. Patches 2 – 6, 8 – 10: Reviewed-by: Max Reitz For 7 I wonder whether the locking can be even tighter. Max signature.asc Description: OpenPGP digital signature
[Qemu-devel] [PULL 14/42] target/arm: Implement v7m_update_fpccr()
Implement the code which updates the FPCCR register on an exception entry where we are going to use lazy FP stacking. We have to defer to the NVIC to determine whether the various exceptions are currently ready or not. Signed-off-by: Peter Maydell Message-id: 20190416125744.27770-12-peter.mayd...@linaro.org --- target/arm/cpu.h | 14 + hw/intc/armv7m_nvic.c | 34 ++ target/arm/helper.c | 67 ++- 3 files changed, 114 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 67e4e95d440..eb989d773af 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2044,6 +2044,20 @@ void armv7m_nvic_acknowledge_irq(void *opaque); * (Ignoring -1, this is the same as the RETTOBASE value before completion.) */ int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure); +/** + * armv7m_nvic_get_ready_status(void *opaque, int irq, bool secure) + * @opaque: the NVIC + * @irq: the exception number to mark pending + * @secure: false for non-banked exceptions or for the nonsecure + * version of a banked exception, true for the secure version of a banked + * exception. + * + * Return whether an exception is "ready", i.e. whether the exception is + * enabled and is configured at a priority which would allow it to + * interrupt the current execution priority. This controls whether the + * RDY bit for it in the FPCCR is set. + */ +bool armv7m_nvic_get_ready_status(void *opaque, int irq, bool secure); /** * armv7m_nvic_raw_execution_priority: return the raw execution priority * @opaque: the NVIC diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 5eb438f5409..53b4631dace 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -746,6 +746,40 @@ int armv7m_nvic_complete_irq(void *opaque, int irq, bool secure) return ret; } +bool armv7m_nvic_get_ready_status(void *opaque, int irq, bool secure) +{ +/* + * Return whether an exception is "ready", i.e. it is enabled and is + * configured at a priority which would allow it to interrupt the + * current execution priority. + * + * irq and secure have the same semantics as for armv7m_nvic_set_pending(): + * for non-banked exceptions secure is always false; for banked exceptions + * it indicates which of the exceptions is required. + */ +NVICState *s = (NVICState *)opaque; +bool banked = exc_is_banked(irq); +VecInfo *vec; +int running = nvic_exec_prio(s); + +assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq); +assert(!secure || banked); + +/* + * HardFault is an odd special case: we always check against -1, + * even if we're secure and HardFault has priority -3; we never + * need to check for enabled state. + */ +if (irq == ARMV7M_EXCP_HARD) { +return running > -1; +} + +vec = (banked && secure) ? >sec_vectors[irq] : >vectors[irq]; + +return vec->enabled && +exc_group_prio(s, vec->prio, secure) < running; +} + /* callback when external interrupt line is changed */ static void set_irq_level(void *opaque, int n, int level) { diff --git a/target/arm/helper.c b/target/arm/helper.c index 6e55da5c482..547898581a2 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8177,6 +8177,71 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain, env->thumb = addr & 1; } +static void v7m_update_fpccr(CPUARMState *env, uint32_t frameptr, + bool apply_splim) +{ +/* + * Like the pseudocode UpdateFPCCR: save state in FPCAR and FPCCR + * that we will need later in order to do lazy FP reg stacking. + */ +bool is_secure = env->v7m.secure; +void *nvic = env->nvic; +/* + * Some bits are unbanked and live always in fpccr[M_REG_S]; some bits + * are banked and we want to update the bit in the bank for the + * current security state; and in one case we want to specifically + * update the NS banked version of a bit even if we are secure. + */ +uint32_t *fpccr_s = >v7m.fpccr[M_REG_S]; +uint32_t *fpccr_ns = >v7m.fpccr[M_REG_NS]; +uint32_t *fpccr = >v7m.fpccr[is_secure]; +bool hfrdy, bfrdy, mmrdy, ns_ufrdy, s_ufrdy, sfrdy, monrdy; + +env->v7m.fpcar[is_secure] = frameptr & ~0x7; + +if (apply_splim && arm_feature(env, ARM_FEATURE_V8)) { +bool splimviol; +uint32_t splim = v7m_sp_limit(env); +bool ign = armv7m_nvic_neg_prio_requested(nvic, is_secure) && +(env->v7m.ccr[is_secure] & R_V7M_CCR_STKOFHFNMIGN_MASK); + +splimviol = !ign && frameptr < splim; +*fpccr = FIELD_DP32(*fpccr, V7M_FPCCR, SPLIMVIOL, splimviol); +} + +*fpccr = FIELD_DP32(*fpccr, V7M_FPCCR, LSPACT, 1); + +*fpccr_s = FIELD_DP32(*fpccr_s, V7M_FPCCR, S, is_secure); + +*fpccr = FIELD_DP32(*fpccr, V7M_FPCCR, USER, arm_current_el(env) == 0); + +*fpccr = FIELD_DP32(*fpccr, V7M_FPCCR, THREAD, +
Re: [Qemu-devel] [PATCH 25/26] tcg: Remove CPUClass::handle_mmu_fault
On Wed, 3 Apr 2019 at 05:03, Richard Henderson wrote: > > This hook is now completely replaced by tlb_fill. > > Signed-off-by: Richard Henderson Reviewed-by: Peter Maydell thanks -- PMM
[Qemu-devel] [PULL 31/42] hw/arm/aspeed: Use TYPE_TMP105/TYPE_PCA9552 instead of hardcoded string
From: Philippe Mathieu-Daudé Reviewed-by: Thomas Huth Reviewed-by: Cédric Le Goater Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-2-phi...@redhat.com Signed-off-by: Peter Maydell --- hw/arm/aspeed.c | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c index 996812498dc..1c23ebd9925 100644 --- a/hw/arm/aspeed.c +++ b/hw/arm/aspeed.c @@ -19,6 +19,8 @@ #include "hw/arm/aspeed_soc.h" #include "hw/boards.h" #include "hw/i2c/smbus_eeprom.h" +#include "hw/misc/pca9552.h" +#include "hw/misc/tmp105.h" #include "qemu/log.h" #include "sysemu/block-backend.h" #include "hw/loader.h" @@ -267,7 +269,8 @@ static void ast2500_evb_i2c_init(AspeedBoardState *bmc) eeprom_buf); /* The AST2500 EVB expects a LM75 but a TMP105 is compatible */ -i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 7), "tmp105", 0x4d); +i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 7), + TYPE_TMP105, 0x4d); /* The AST2500 EVB does not have an RTC. Let's pretend that one is * plugged on the I2C bus header */ @@ -288,13 +291,15 @@ static void witherspoon_bmc_i2c_init(AspeedBoardState *bmc) AspeedSoCState *soc = >soc; uint8_t *eeprom_buf = g_malloc0(8 * 1024); -i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 3), "pca9552", 0x60); +i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 3), TYPE_PCA9552, + 0x60); i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 4), "tmp423", 0x4c); i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 5), "tmp423", 0x4c); /* The Witherspoon expects a TMP275 but a TMP105 is compatible */ -i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 9), "tmp105", 0x4a); +i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 9), TYPE_TMP105, + 0x4a); /* The witherspoon board expects Epson RX8900 I2C RTC but a ds1338 is * good enough */ @@ -302,7 +307,7 @@ static void witherspoon_bmc_i2c_init(AspeedBoardState *bmc) smbus_eeprom_init_one(aspeed_i2c_get_bus(DEVICE(>i2c), 11), 0x51, eeprom_buf); -i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 11), "pca9552", +i2c_create_slave(aspeed_i2c_get_bus(DEVICE(>i2c), 11), TYPE_PCA9552, 0x60); } -- 2.20.1
[Qemu-devel] [PULL 25/42] target/arm: Add lazy-FP-stacking support to v7m_stack_write()
Pushing registers to the stack for v7M needs to handle three cases: * the "normal" case where we pend exceptions * an "ignore faults" case where we set FSR bits but do not pend exceptions (this is used when we are handling some kinds of derived exception on exception entry) * a "lazy FP stacking" case, where different FSR bits are set and the exception is pended differently Implement this by changing the existing flag argument that tells us whether to ignore faults or not into an enum that specifies which of the 3 modes we should handle. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-23-peter.mayd...@linaro.org --- target/arm/helper.c | 118 +--- 1 file changed, 79 insertions(+), 39 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 1ed5f1a2513..41531390853 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -7575,8 +7575,18 @@ static bool v7m_cpacr_pass(CPUARMState *env, bool is_secure, bool is_priv) } } +/* + * What kind of stack write are we doing? This affects how exceptions + * generated during the stacking are treated. + */ +typedef enum StackingMode { +STACK_NORMAL, +STACK_IGNFAULTS, +STACK_LAZYFP, +} StackingMode; + static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value, -ARMMMUIdx mmu_idx, bool ignfault) +ARMMMUIdx mmu_idx, StackingMode mode) { CPUState *cs = CPU(cpu); CPUARMState *env = >env; @@ -7594,15 +7604,31 @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value, , , _size, , NULL)) { /* MPU/SAU lookup failed */ if (fi.type == ARMFault_QEMU_SFault) { -qemu_log_mask(CPU_LOG_INT, - "...SecureFault with SFSR.AUVIOL during stacking\n"); -env->v7m.sfsr |= R_V7M_SFSR_AUVIOL_MASK | R_V7M_SFSR_SFARVALID_MASK; +if (mode == STACK_LAZYFP) { +qemu_log_mask(CPU_LOG_INT, + "...SecureFault with SFSR.LSPERR " + "during lazy stacking\n"); +env->v7m.sfsr |= R_V7M_SFSR_LSPERR_MASK; +} else { +qemu_log_mask(CPU_LOG_INT, + "...SecureFault with SFSR.AUVIOL " + "during stacking\n"); +env->v7m.sfsr |= R_V7M_SFSR_AUVIOL_MASK; +} +env->v7m.sfsr |= R_V7M_SFSR_SFARVALID_MASK; env->v7m.sfar = addr; exc = ARMV7M_EXCP_SECURE; exc_secure = false; } else { -qemu_log_mask(CPU_LOG_INT, "...MemManageFault with CFSR.MSTKERR\n"); -env->v7m.cfsr[secure] |= R_V7M_CFSR_MSTKERR_MASK; +if (mode == STACK_LAZYFP) { +qemu_log_mask(CPU_LOG_INT, + "...MemManageFault with CFSR.MLSPERR\n"); +env->v7m.cfsr[secure] |= R_V7M_CFSR_MLSPERR_MASK; +} else { +qemu_log_mask(CPU_LOG_INT, + "...MemManageFault with CFSR.MSTKERR\n"); +env->v7m.cfsr[secure] |= R_V7M_CFSR_MSTKERR_MASK; +} exc = ARMV7M_EXCP_MEM; exc_secure = secure; } @@ -7612,8 +7638,13 @@ static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value, attrs, ); if (txres != MEMTX_OK) { /* BusFault trying to write the data */ -qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.STKERR\n"); -env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_STKERR_MASK; +if (mode == STACK_LAZYFP) { +qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.LSPERR\n"); +env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_LSPERR_MASK; +} else { +qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.STKERR\n"); +env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_STKERR_MASK; +} exc = ARMV7M_EXCP_BUS; exc_secure = false; goto pend_fault; @@ -7628,11 +7659,19 @@ pend_fault: * later if we have two derived exceptions. * The only case when we must not pend the exception but instead * throw it away is if we are doing the push of the callee registers - * and we've already generated a derived exception. Even in this - * case we will still update the fault status registers. + * and we've already generated a derived exception (this is indicated + * by the caller passing STACK_IGNFAULTS). Even in this case we will + * still update the fault status registers. */ -if (!ignfault) { +switch (mode) { +case STACK_NORMAL: armv7m_nvic_set_pending_derived(env->nvic, exc, exc_secure); +break; +case STACK_LAZYFP: +armv7m_nvic_set_pending_lazyfp(env->nvic, exc, exc_secure); +break; +case
[Qemu-devel] [PULL 26/42] target/arm: Implement M-profile lazy FP state preservation
The M-profile architecture floating point system supports lazy FP state preservation, where FP registers are not pushed to the stack when an exception occurs but are instead only saved if and when the first FP instruction in the exception handler is executed. Implement this in QEMU, corresponding to the check of LSPACT in the pseudocode ExecuteFPCheck(). Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-24-peter.mayd...@linaro.org --- target/arm/cpu.h | 3 ++ target/arm/helper.h| 2 + target/arm/translate.h | 1 + target/arm/helper.c| 112 + target/arm/translate.c | 22 5 files changed, 140 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index ed3069341d2..0b10aefb93d 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -57,6 +57,7 @@ #define EXCP_NOCP 17 /* v7M NOCP UsageFault */ #define EXCP_INVSTATE 18 /* v7M INVSTATE UsageFault */ #define EXCP_STKOF 19 /* v8M STKOF UsageFault */ +#define EXCP_LAZYFP 20 /* v7M fault during lazy FP stacking */ /* NB: add new EXCP_ defines to the array in arm_log_exception() too */ #define ARMV7M_EXCP_RESET 1 @@ -3172,6 +3173,8 @@ FIELD(TBFLAG_A32, NS, 6, 1) FIELD(TBFLAG_A32, VFPEN, 7, 1) FIELD(TBFLAG_A32, CONDEXEC, 8, 8) FIELD(TBFLAG_A32, SCTLR_B, 16, 1) +/* For M profile only, set if FPCCR.LSPACT is set */ +FIELD(TBFLAG_A32, LSPACT, 18, 1) /* For M profile only, set if we must create a new FP context */ FIELD(TBFLAG_A32, NEW_FP_CTXT_NEEDED, 19, 1) /* For M profile only, set if FPCCR.S does not match current security state */ diff --git a/target/arm/helper.h b/target/arm/helper.h index a09566f795c..0a3a80528c7 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -69,6 +69,8 @@ DEF_HELPER_2(v7m_blxns, void, env, i32) DEF_HELPER_3(v7m_tt, i32, env, i32, i32) +DEF_HELPER_1(v7m_preserve_fp_state, void, env) + DEF_HELPER_2(v8m_stackcheck, void, env, i32) DEF_HELPER_4(access_check_cp_reg, void, env, ptr, i32, i32) diff --git a/target/arm/translate.h b/target/arm/translate.h index ed8ae2e7e3b..c2348def0d1 100644 --- a/target/arm/translate.h +++ b/target/arm/translate.h @@ -42,6 +42,7 @@ typedef struct DisasContext { bool v8m_stackcheck; /* true if we need to perform v8M stack limit checks */ bool v8m_fpccr_s_wrong; /* true if v8M FPCCR.S != v8m_secure */ bool v7m_new_fp_ctxt_needed; /* ASPEN set but no active FP context */ +bool v7m_lspact; /* FPCCR.LSPACT set */ /* Immediate value in AArch32 SVC insn; must be set if is_jmp == DISAS_SWI * so that top level loop can generate correct syndrome information. */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 41531390853..b11f8aa14df 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -7378,6 +7378,12 @@ void HELPER(v7m_blxns)(CPUARMState *env, uint32_t dest) g_assert_not_reached(); } +void HELPER(v7m_preserve_fp_state)(CPUARMState *env) +{ +/* translate.c should never generate calls here in user-only mode */ +g_assert_not_reached(); +} + uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op) { /* The TT instructions can be used by unprivileged code, but in @@ -7737,6 +7743,97 @@ pend_fault: return false; } +void HELPER(v7m_preserve_fp_state)(CPUARMState *env) +{ +/* + * Preserve FP state (because LSPACT was set and we are about + * to execute an FP instruction). This corresponds to the + * PreserveFPState() pseudocode. + * We may throw an exception if the stacking fails. + */ +ARMCPU *cpu = arm_env_get_cpu(env); +bool is_secure = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK; +bool negpri = !(env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_HFRDY_MASK); +bool is_priv = !(env->v7m.fpccr[is_secure] & R_V7M_FPCCR_USER_MASK); +bool splimviol = env->v7m.fpccr[is_secure] & R_V7M_FPCCR_SPLIMVIOL_MASK; +uint32_t fpcar = env->v7m.fpcar[is_secure]; +bool stacked_ok = true; +bool ts = is_secure && (env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK); +bool take_exception; + +/* Take the iothread lock as we are going to touch the NVIC */ +qemu_mutex_lock_iothread(); + +/* Check the background context had access to the FPU */ +if (!v7m_cpacr_pass(env, is_secure, is_priv)) { +armv7m_nvic_set_pending_lazyfp(env->nvic, ARMV7M_EXCP_USAGE, is_secure); +env->v7m.cfsr[is_secure] |= R_V7M_CFSR_NOCP_MASK; +stacked_ok = false; +} else if (!is_secure && !extract32(env->v7m.nsacr, 10, 1)) { +armv7m_nvic_set_pending_lazyfp(env->nvic, ARMV7M_EXCP_USAGE, M_REG_S); +env->v7m.cfsr[M_REG_S] |= R_V7M_CFSR_NOCP_MASK; +stacked_ok = false; +} + +if (!splimviol && stacked_ok) { +/* We only stack if the stack limit wasn't violated */ +int i; +ARMMMUIdx mmu_idx; + +mmu_idx = arm_v7m_mmu_idx_all(env, is_secure,
Re: [Qemu-devel] [PATCH 2/3] hw/intc: Only build the xlnx-iomod-intc device for the MicroBlaze PMU
On Sat, Apr 27, 2019 at 7:17 AM Philippe Mathieu-Daudé wrote: > > The Xilinx I/O Module Interrupt Controller is only used by the > MicroBlaze PMU, not by the AArch64 machine. > Move it from the generic ZynqMP object list to the PMU specific. > > Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Alistair > --- > hw/intc/Makefile.objs | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs > index df712c3e6c9..247e8016cb8 100644 > --- a/hw/intc/Makefile.objs > +++ b/hw/intc/Makefile.objs > @@ -3,7 +3,7 @@ common-obj-$(CONFIG_I8259) += i8259_common.o i8259.o > common-obj-$(CONFIG_PL190) += pl190.o > common-obj-$(CONFIG_PUV3) += puv3_intc.o > common-obj-$(CONFIG_XILINX) += xilinx_intc.o > -common-obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-pmu-iomod-intc.o > +common-obj-$(CONFIG_XLNX_ZYNQMP_PMU) += xlnx-pmu-iomod-intc.o > common-obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp-ipi.o > common-obj-$(CONFIG_ETRAXFS) += etraxfs_pic.o > common-obj-$(CONFIG_IMX) += imx_avic.o imx_gpcv2.o > -- > 2.20.1 > >
[Qemu-devel] [PULL 36/42] hw/devices: Move CBus declarations into a new header
From: Philippe Mathieu-Daudé Reviewed-by: Thomas Huth Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-7-phi...@redhat.com Signed-off-by: Peter Maydell --- include/hw/devices.h | 14 -- include/hw/misc/cbus.h | 32 hw/arm/nseries.c | 1 + hw/misc/cbus.c | 2 +- MAINTAINERS| 1 + 5 files changed, 35 insertions(+), 15 deletions(-) create mode 100644 include/hw/misc/cbus.h diff --git a/include/hw/devices.h b/include/hw/devices.h index 77d66113021..e400f9eac09 100644 --- a/include/hw/devices.h +++ b/include/hw/devices.h @@ -29,18 +29,4 @@ void tsc2005_set_transform(void *opaque, MouseTransformInfo *info); /* stellaris_input.c */ void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode); -/* cbus.c */ -typedef struct { -qemu_irq clk; -qemu_irq dat; -qemu_irq sel; -} CBus; -CBus *cbus_init(qemu_irq dat_out); -void cbus_attach(CBus *bus, void *slave_opaque); - -void *retu_init(qemu_irq irq, int vilma); -void *tahvo_init(qemu_irq irq, int betty); - -void retu_key_event(void *retu, int state); - #endif diff --git a/include/hw/misc/cbus.h b/include/hw/misc/cbus.h new file mode 100644 index 000..c899943e035 --- /dev/null +++ b/include/hw/misc/cbus.h @@ -0,0 +1,32 @@ +/* + * CBUS three-pin bus and the Retu / Betty / Tahvo / Vilma / Avilma / + * Hinku / Vinku / Ahne / Pihi chips used in various Nokia platforms. + * Based on reverse-engineering of a linux driver. + * + * Copyright (C) 2008 Nokia Corporation + * Written by Andrzej Zaborowski + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifndef HW_MISC_CBUS_H +#define HW_MISC_CBUS_H + +#include "hw/irq.h" + +typedef struct { +qemu_irq clk; +qemu_irq dat; +qemu_irq sel; +} CBus; + +CBus *cbus_init(qemu_irq dat_out); +void cbus_attach(CBus *bus, void *slave_opaque); + +void *retu_init(qemu_irq irq, int vilma); +void *tahvo_init(qemu_irq irq, int betty); + +void retu_key_event(void *retu, int state); + +#endif diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c index ef09b3bf79f..6889f13d699 100644 --- a/hw/arm/nseries.c +++ b/hw/arm/nseries.c @@ -32,6 +32,7 @@ #include "hw/i2c/i2c.h" #include "hw/devices.h" #include "hw/display/blizzard.h" +#include "hw/misc/cbus.h" #include "hw/misc/tmp105.h" #include "hw/block/flash.h" #include "hw/hw.h" diff --git a/hw/misc/cbus.c b/hw/misc/cbus.c index 25e337ea77a..16ee704bcaa 100644 --- a/hw/misc/cbus.c +++ b/hw/misc/cbus.c @@ -23,7 +23,7 @@ #include "qemu/osdep.h" #include "hw/hw.h" #include "hw/irq.h" -#include "hw/devices.h" +#include "hw/misc/cbus.h" #include "sysemu/sysemu.h" //#define DEBUG diff --git a/MAINTAINERS b/MAINTAINERS index c069c274ec0..4e6fd82c664 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -669,6 +669,7 @@ F: hw/input/tsc2005.c F: hw/misc/cbus.c F: hw/timer/twl92230.c F: include/hw/display/blizzard.h +F: include/hw/misc/cbus.h Palm M: Andrzej Zaborowski -- 2.20.1
[Qemu-devel] [PULL 40/42] hw/net/ne2000-isa: Add guards to the header
From: Philippe Mathieu-Daudé Reviewed-by: Thomas Huth Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-11-phi...@redhat.com Signed-off-by: Peter Maydell --- include/hw/net/ne2000-isa.h | 6 ++ 1 file changed, 6 insertions(+) diff --git a/include/hw/net/ne2000-isa.h b/include/hw/net/ne2000-isa.h index ff2bed9c95d..527337c4548 100644 --- a/include/hw/net/ne2000-isa.h +++ b/include/hw/net/ne2000-isa.h @@ -6,6 +6,10 @@ * This work is licensed under the terms of the GNU GPL, version 2 or later. * See the COPYING file in the top-level directory. */ + +#ifndef HW_NET_NE2K_ISA_H +#define HW_NET_NE2K_ISA_H + #include "hw/hw.h" #include "hw/qdev.h" #include "hw/isa/isa.h" @@ -31,3 +35,5 @@ static inline ISADevice *isa_ne2000_init(ISABus *bus, int base, int irq, } return d; } + +#endif -- 2.20.1
[Qemu-devel] [PULL 37/42] hw/devices: Move Gamepad declarations into a new header
From: Philippe Mathieu-Daudé Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-8-phi...@redhat.com Signed-off-by: Peter Maydell --- include/hw/devices.h | 3 --- include/hw/input/gamepad.h | 19 +++ hw/arm/stellaris.c | 2 +- hw/input/stellaris_input.c | 2 +- MAINTAINERS| 1 + 5 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 include/hw/input/gamepad.h diff --git a/include/hw/devices.h b/include/hw/devices.h index e400f9eac09..7a630da47f7 100644 --- a/include/hw/devices.h +++ b/include/hw/devices.h @@ -26,7 +26,4 @@ void *tsc2005_init(qemu_irq pintdav); uint32_t tsc2005_txrx(void *opaque, uint32_t value, int len); void tsc2005_set_transform(void *opaque, MouseTransformInfo *info); -/* stellaris_input.c */ -void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode); - #endif diff --git a/include/hw/input/gamepad.h b/include/hw/input/gamepad.h new file mode 100644 index 000..e20211baef8 --- /dev/null +++ b/include/hw/input/gamepad.h @@ -0,0 +1,19 @@ +/* + * Gamepad style buttons connected to IRQ/GPIO lines + * + * Copyright (c) 2007 CodeSourcery. + * Written by Paul Brook + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifndef HW_INPUT_GAMEPAD_H +#define HW_INPUT_GAMEPAD_H + +#include "hw/irq.h" + +/* stellaris_input.c */ +void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode); + +#endif diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c index 05f86749f40..5059aedbaa2 100644 --- a/hw/arm/stellaris.c +++ b/hw/arm/stellaris.c @@ -12,7 +12,6 @@ #include "hw/sysbus.h" #include "hw/ssi/ssi.h" #include "hw/arm/arm.h" -#include "hw/devices.h" #include "qemu/timer.h" #include "hw/i2c/i2c.h" #include "net/net.h" @@ -22,6 +21,7 @@ #include "sysemu/sysemu.h" #include "hw/arm/armv7m.h" #include "hw/char/pl011.h" +#include "hw/input/gamepad.h" #include "hw/watchdog/cmsdk-apb-watchdog.h" #include "hw/misc/unimp.h" #include "cpu.h" diff --git a/hw/input/stellaris_input.c b/hw/input/stellaris_input.c index 99168bfeef1..20c87d86f40 100644 --- a/hw/input/stellaris_input.c +++ b/hw/input/stellaris_input.c @@ -8,7 +8,7 @@ */ #include "qemu/osdep.h" #include "hw/hw.h" -#include "hw/devices.h" +#include "hw/input/gamepad.h" #include "ui/console.h" typedef struct { diff --git a/MAINTAINERS b/MAINTAINERS index 4e6fd82c664..39a3216e1c4 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -744,6 +744,7 @@ M: Peter Maydell L: qemu-...@nongnu.org S: Maintained F: hw/*/stellaris* +F: include/hw/input/gamepad.h Versatile Express M: Peter Maydell -- 2.20.1
[Qemu-devel] [PULL 42/42] hw/devices: Move SMSC 91C111 declaration into a new header
From: Philippe Mathieu-Daudé This commit finally deletes "hw/devices.h". Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-13-phi...@redhat.com Signed-off-by: Peter Maydell --- include/hw/devices.h | 11 --- include/hw/net/smc91c111.h | 19 +++ hw/arm/gumstix.c | 2 +- hw/arm/integratorcp.c | 2 +- hw/arm/mainstone.c | 2 +- hw/arm/realview.c | 2 +- hw/arm/versatilepb.c | 2 +- hw/net/smc91c111.c | 2 +- 8 files changed, 25 insertions(+), 17 deletions(-) delete mode 100644 include/hw/devices.h create mode 100644 include/hw/net/smc91c111.h diff --git a/include/hw/devices.h b/include/hw/devices.h deleted file mode 100644 index ebc45c87997..000 --- a/include/hw/devices.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef QEMU_DEVICES_H -#define QEMU_DEVICES_H - -/* Devices that have nowhere better to go. */ - -#include "hw/hw.h" - -/* smc91c111.c */ -void smc91c111_init(NICInfo *, uint32_t, qemu_irq); - -#endif diff --git a/include/hw/net/smc91c111.h b/include/hw/net/smc91c111.h new file mode 100644 index 000..a66ba4112f8 --- /dev/null +++ b/include/hw/net/smc91c111.h @@ -0,0 +1,19 @@ +/* + * SMSC 91C111 Ethernet interface emulation + * + * Copyright (c) 2005 CodeSourcery, LLC. + * Written by Paul Brook + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifndef HW_NET_SMC91C111_H +#define HW_NET_SMC91C111_H + +#include "hw/irq.h" +#include "net/net.h" + +void smc91c111_init(NICInfo *, uint32_t, qemu_irq); + +#endif diff --git a/hw/arm/gumstix.c b/hw/arm/gumstix.c index 79886ce3787..343cbfd7da8 100644 --- a/hw/arm/gumstix.c +++ b/hw/arm/gumstix.c @@ -40,7 +40,7 @@ #include "hw/arm/pxa.h" #include "net/net.h" #include "hw/block/flash.h" -#include "hw/devices.h" +#include "hw/net/smc91c111.h" #include "hw/boards.h" #include "exec/address-spaces.h" #include "sysemu/qtest.h" diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c index 4eceebb9ea7..0b6f24465e4 100644 --- a/hw/arm/integratorcp.c +++ b/hw/arm/integratorcp.c @@ -12,10 +12,10 @@ #include "qemu-common.h" #include "cpu.h" #include "hw/sysbus.h" -#include "hw/devices.h" #include "hw/boards.h" #include "hw/arm/arm.h" #include "hw/misc/arm_integrator_debug.h" +#include "hw/net/smc91c111.h" #include "net/net.h" #include "exec/address-spaces.h" #include "sysemu/sysemu.h" diff --git a/hw/arm/mainstone.c b/hw/arm/mainstone.c index e96738ad267..c1cec590379 100644 --- a/hw/arm/mainstone.c +++ b/hw/arm/mainstone.c @@ -18,7 +18,7 @@ #include "hw/arm/pxa.h" #include "hw/arm/arm.h" #include "net/net.h" -#include "hw/devices.h" +#include "hw/net/smc91c111.h" #include "hw/boards.h" #include "hw/block/flash.h" #include "hw/sysbus.h" diff --git a/hw/arm/realview.c b/hw/arm/realview.c index e9983c87639..05a244df255 100644 --- a/hw/arm/realview.c +++ b/hw/arm/realview.c @@ -14,8 +14,8 @@ #include "hw/sysbus.h" #include "hw/arm/arm.h" #include "hw/arm/primecell.h" -#include "hw/devices.h" #include "hw/net/lan9118.h" +#include "hw/net/smc91c111.h" #include "hw/pci/pci.h" #include "net/net.h" #include "sysemu/sysemu.h" diff --git a/hw/arm/versatilepb.c b/hw/arm/versatilepb.c index d67181810a6..25166e15171 100644 --- a/hw/arm/versatilepb.c +++ b/hw/arm/versatilepb.c @@ -13,7 +13,7 @@ #include "cpu.h" #include "hw/sysbus.h" #include "hw/arm/arm.h" -#include "hw/devices.h" +#include "hw/net/smc91c111.h" #include "net/net.h" #include "sysemu/sysemu.h" #include "hw/pci/pci.h" diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c index 99da2d92973..d19ea0750d3 100644 --- a/hw/net/smc91c111.c +++ b/hw/net/smc91c111.c @@ -10,7 +10,7 @@ #include "qemu/osdep.h" #include "hw/sysbus.h" #include "net/net.h" -#include "hw/devices.h" +#include "hw/net/smc91c111.h" #include "qemu/log.h" /* For crc32 */ #include -- 2.20.1
Re: [Qemu-devel] [PATCH v1 4/5] hw/arm: Add the STM32F4xx SoC
On Mon, Apr 29, 2019 at 5:43 AM Philippe Mathieu-Daudé wrote: > > On 4/29/19 7:33 AM, Alistair Francis wrote: > > Signed-off-by: Alistair Francis > > --- > > MAINTAINERS | 8 + > > default-configs/arm-softmmu.mak | 1 + > > hw/arm/Kconfig | 3 + > > hw/arm/Makefile.objs| 1 + > > hw/arm/stm32f405_soc.c | 292 > > include/hw/arm/stm32f405_soc.h | 70 > > 6 files changed, 375 insertions(+) > > create mode 100644 hw/arm/stm32f405_soc.c > > create mode 100644 include/hw/arm/stm32f405_soc.h > > > > diff --git a/MAINTAINERS b/MAINTAINERS > > index dabbfccf9c..c9772735cf 100644 > > --- a/MAINTAINERS > > +++ b/MAINTAINERS > > @@ -803,6 +803,14 @@ F: hw/adc/* > > F: hw/ssi/stm32f2xx_spi.c > > F: include/hw/*/stm32*.h > > > > +STM32F405 > > +M: Alistair Francis > > +M: Peter Maydell > > +S: Maintained > > +F: hw/arm/stm32f405_soc.c > > +F: hw/misc/stm32f4xx_syscfg.c > > +F: hw/misc/stm32f4xx_exti.c > > + > > Netduino 2 > > M: Alistair Francis > > M: Peter Maydell > > diff --git a/default-configs/arm-softmmu.mak > > b/default-configs/arm-softmmu.mak > > index 8eb57de211..e079f10624 100644 > > --- a/default-configs/arm-softmmu.mak > > +++ b/default-configs/arm-softmmu.mak > > @@ -98,6 +98,7 @@ CONFIG_STM32F2XX_SPI=y > > CONFIG_STM32F205_SOC=y > > CONFIG_STM32F4XX_SYSCFG=y > > CONFIG_STM32F4XX_EXTI=y > > +CONFIG_STM32F405_SOC=y > > CONFIG_NRF51_SOC=y > > > > CONFIG_CMSDK_APB_TIMER=y > > diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig > > index d298fbdc89..3a98bce15a 100644 > > --- a/hw/arm/Kconfig > > +++ b/hw/arm/Kconfig > > @@ -62,6 +62,9 @@ config RASPI > > config STM32F205_SOC > > bool > > > > +config STM32F405_SOC > > +bool > > + > > config XLNX_ZYNQMP_ARM > > bool > > > > diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs > > index fa57c7c770..36c3ff54c3 100644 > > --- a/hw/arm/Makefile.objs > > +++ b/hw/arm/Makefile.objs > > @@ -26,6 +26,7 @@ obj-$(CONFIG_STRONGARM) += strongarm.o > > obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o > > obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o > > obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o > > +obj-$(CONFIG_STM32F405_SOC) += stm32f405_soc.o > > obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zynqmp.o xlnx-zcu102.o > > obj-$(CONFIG_XLNX_VERSAL) += xlnx-versal.o xlnx-versal-virt.o > > obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o > > diff --git a/hw/arm/stm32f405_soc.c b/hw/arm/stm32f405_soc.c > > new file mode 100644 > > index 00..83adec51a2 > > --- /dev/null > > +++ b/hw/arm/stm32f405_soc.c > > @@ -0,0 +1,292 @@ > > +/* > > + * STM32F405 SoC > > + * > > + * Copyright (c) 2014 Alistair Francis > > 2019? I never know how this works. It was originally written in 2014, do I update the year based on the upstream submission? > > > + * > > + * Permission is hereby granted, free of charge, to any person obtaining a > > copy > > + * of this software and associated documentation files (the "Software"), > > to deal > > + * in the Software without restriction, including without limitation the > > rights > > + * to use, copy, modify, merge, publish, distribute, sublicense, and/or > > sell > > + * copies of the Software, and to permit persons to whom the Software is > > + * furnished to do so, subject to the following conditions: > > + * > > + * The above copyright notice and this permission notice shall be included > > in > > + * all copies or substantial portions of the Software. > > + * > > + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS > > OR > > + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, > > + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL > > + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR > > OTHER > > + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING > > FROM, > > + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS > > IN > > + * THE SOFTWARE. > > + */ > > + > > +#include "qemu/osdep.h" > > +#include "qapi/error.h" > > +#include "qemu-common.h" > > +#include "hw/arm/arm.h" > > +#include "exec/address-spaces.h" > > +#include "hw/arm/stm32f405_soc.h" > > +#include "hw/misc/unimp.h" > > + > > +#define SYSCFG_ADD 0x40013800 > > +static const uint32_t usart_addr[] = { 0x40011000, 0x40004400, 0x40004800, > > + 0x40004C00, 0x40005000, 0x40011400, > > + 0x40007800, 0x40007C00 }; > > +/* At the moment only Timer 2 to 5 are modelled */ > > +static const uint32_t timer_addr[] = { 0x4000, 0x4400, > > + 0x4800, 0x4C00 }; > > +#define ADC_ADDR 0x40012000 > > +static const uint32_t spi_addr[] = { 0x40013000, 0x40003800, 0x40003C00, > > +
[Qemu-devel] [PULL 23/42] target/arm: New helper function arm_v7m_mmu_idx_all()
Add a new helper function which returns the MMU index to use for v7M, where the caller specifies all of the security state, privilege level and whether the execution priority is negative, and reimplement the existing arm_v7m_mmu_idx_for_secstate_and_priv() in terms of it. We are going to need this for the lazy-FP-stacking code. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-21-peter.mayd...@linaro.org --- target/arm/cpu.h| 7 +++ target/arm/helper.c | 14 +++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index d4996a4d204..920cf367020 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2911,6 +2911,13 @@ static inline int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx) } } +/* + * Return the MMU index for a v7M CPU with all relevant information + * manually specified. + */ +ARMMMUIdx arm_v7m_mmu_idx_all(CPUARMState *env, + bool secstate, bool priv, bool negpri); + /* Return the MMU index for a v7M CPU in the specified security and * privilege state. */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 84e3790a9de..1ed5f1a2513 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -13230,8 +13230,8 @@ int fp_exception_el(CPUARMState *env, int cur_el) return 0; } -ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env, -bool secstate, bool priv) +ARMMMUIdx arm_v7m_mmu_idx_all(CPUARMState *env, + bool secstate, bool priv, bool negpri) { ARMMMUIdx mmu_idx = ARM_MMU_IDX_M; @@ -13239,7 +13239,7 @@ ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env, mmu_idx |= ARM_MMU_IDX_M_PRIV; } -if (armv7m_nvic_neg_prio_requested(env->nvic, secstate)) { +if (negpri) { mmu_idx |= ARM_MMU_IDX_M_NEGPRI; } @@ -13250,6 +13250,14 @@ ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env, return mmu_idx; } +ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env, +bool secstate, bool priv) +{ +bool negpri = armv7m_nvic_neg_prio_requested(env->nvic, secstate); + +return arm_v7m_mmu_idx_all(env, secstate, priv, negpri); +} + /* Return the MMU index for a v7M CPU in the specified security state */ ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env, bool secstate) { -- 2.20.1
[Qemu-devel] [PULL 41/42] hw/net/lan9118: Export TYPE_LAN9118 and use it instead of hardcoded string
From: Philippe Mathieu-Daudé Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-12-phi...@redhat.com Signed-off-by: Peter Maydell --- include/hw/net/lan9118.h | 2 ++ hw/arm/exynos4_boards.c | 3 ++- hw/arm/mps2-tz.c | 3 ++- hw/net/lan9118.c | 1 - 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/include/hw/net/lan9118.h b/include/hw/net/lan9118.h index d13d8cd3d22..500acb4c143 100644 --- a/include/hw/net/lan9118.h +++ b/include/hw/net/lan9118.h @@ -14,6 +14,8 @@ #include "hw/irq.h" #include "net/net.h" +#define TYPE_LAN9118 "lan9118" + void lan9118_init(NICInfo *, uint32_t, qemu_irq); #endif diff --git a/hw/arm/exynos4_boards.c b/hw/arm/exynos4_boards.c index 750162cc95a..ea8100f65a8 100644 --- a/hw/arm/exynos4_boards.c +++ b/hw/arm/exynos4_boards.c @@ -32,6 +32,7 @@ #include "hw/arm/arm.h" #include "exec/address-spaces.h" #include "hw/arm/exynos4210.h" +#include "hw/net/lan9118.h" #include "hw/boards.h" #undef DEBUG @@ -92,7 +93,7 @@ static void lan9215_init(uint32_t base, qemu_irq irq) /* This should be a 9215 but the 9118 is close enough */ if (nd_table[0].used) { qemu_check_nic_model(_table[0], "lan9118"); -dev = qdev_create(NULL, "lan9118"); +dev = qdev_create(NULL, TYPE_LAN9118); qdev_set_nic_properties(dev, _table[0]); qdev_prop_set_uint32(dev, "mode_16bit", 1); qdev_init_nofail(dev); diff --git a/hw/arm/mps2-tz.c b/hw/arm/mps2-tz.c index f79f090a4ac..7832408bb70 100644 --- a/hw/arm/mps2-tz.c +++ b/hw/arm/mps2-tz.c @@ -56,6 +56,7 @@ #include "hw/arm/armsse.h" #include "hw/dma/pl080.h" #include "hw/ssi/pl022.h" +#include "hw/net/lan9118.h" #include "net/net.h" #include "hw/core/split-irq.h" @@ -244,7 +245,7 @@ static MemoryRegion *make_eth_dev(MPS2TZMachineState *mms, void *opaque, * except that it doesn't support the checksum-offload feature. */ qemu_check_nic_model(nd, "lan9118"); -mms->lan9118 = qdev_create(NULL, "lan9118"); +mms->lan9118 = qdev_create(NULL, TYPE_LAN9118); qdev_set_nic_properties(mms->lan9118, nd); qdev_init_nofail(mms->lan9118); diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index a428b16eda5..b29e3fee49f 100644 --- a/hw/net/lan9118.c +++ b/hw/net/lan9118.c @@ -175,7 +175,6 @@ static const VMStateDescription vmstate_lan9118_packet = { } }; -#define TYPE_LAN9118 "lan9118" #define LAN9118(obj) OBJECT_CHECK(lan9118_state, (obj), TYPE_LAN9118) typedef struct { -- 2.20.1
[Qemu-devel] [PULL 18/42] target/arm: Handle floating point registers in exception return
Handle floating point registers in exception return. This corresponds to pseudocode functions ValidateExceptionReturn(), ExceptionReturn(), PopStack() and ConsumeExcStackFrame(). Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-16-peter.mayd...@linaro.org --- target/arm/helper.c | 142 +++- 1 file changed, 141 insertions(+), 1 deletion(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index c7b1a8d231d..14604f49a4c 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8447,6 +8447,8 @@ static void do_v7m_exception_exit(ARMCPU *cpu) bool rettobase = false; bool exc_secure = false; bool return_to_secure; +bool ftype; +bool restore_s16_s31; /* If we're not in Handler mode then jumps to magic exception-exit * addresses don't have magic behaviour. However for the v8M @@ -8484,6 +8486,16 @@ static void do_v7m_exception_exit(ARMCPU *cpu) excret); } +ftype = excret & R_V7M_EXCRET_FTYPE_MASK; + +if (!arm_feature(env, ARM_FEATURE_VFP) && !ftype) { +qemu_log_mask(LOG_GUEST_ERROR, "M profile: zero FTYPE in exception " + "exit PC value 0x%" PRIx32 " is UNPREDICTABLE " + "if FPU not present\n", + excret); +ftype = true; +} + if (arm_feature(env, ARM_FEATURE_M_SECURITY)) { /* EXC_RETURN.ES validation check (R_SMFL). We must do this before * we pick which FAULTMASK to clear. @@ -8584,6 +8596,30 @@ static void do_v7m_exception_exit(ARMCPU *cpu) */ write_v7m_control_spsel_for_secstate(env, return_to_sp_process, exc_secure); +/* + * Clear scratch FP values left in caller saved registers; this + * must happen before any kind of tail chaining. + */ +if ((env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_CLRONRET_MASK) && +(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK)) { +if (env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPACT_MASK) { +env->v7m.sfsr |= R_V7M_SFSR_LSERR_MASK; +armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); +qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing " + "stackframe: error during lazy state deactivation\n"); +v7m_exception_taken(cpu, excret, true, false); +return; +} else { +/* Clear s0..s15 and FPSCR */ +int i; + +for (i = 0; i < 16; i += 2) { +*aa32_vfp_dreg(env, i / 2) = 0; +} +vfp_set_fpscr(env, 0); +} +} + if (sfault) { env->v7m.sfsr |= R_V7M_SFSR_INVER_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); @@ -8745,8 +8781,105 @@ static void do_v7m_exception_exit(ARMCPU *cpu) } } +if (!ftype) { +/* FP present and we need to handle it */ +if (!return_to_secure && +(env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPACT_MASK)) { +armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); +env->v7m.sfsr |= R_V7M_SFSR_LSERR_MASK; +qemu_log_mask(CPU_LOG_INT, + "...taking SecureFault on existing stackframe: " + "Secure LSPACT set but exception return is " + "not to secure state\n"); +v7m_exception_taken(cpu, excret, true, false); +return; +} + +restore_s16_s31 = return_to_secure && +(env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK); + +if (env->v7m.fpccr[return_to_secure] & R_V7M_FPCCR_LSPACT_MASK) { +/* State in FPU is still valid, just clear LSPACT */ +env->v7m.fpccr[return_to_secure] &= ~R_V7M_FPCCR_LSPACT_MASK; +} else { +int i; +uint32_t fpscr; +bool cpacr_pass, nsacr_pass; + +cpacr_pass = v7m_cpacr_pass(env, return_to_secure, +return_to_priv); +nsacr_pass = return_to_secure || +extract32(env->v7m.nsacr, 10, 1); + +if (!cpacr_pass) { +armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, +return_to_secure); +env->v7m.cfsr[return_to_secure] |= R_V7M_CFSR_NOCP_MASK; +qemu_log_mask(CPU_LOG_INT, + "...taking UsageFault on existing " + "stackframe: CPACR.CP10 prevents unstacking " + "FP regs\n"); +v7m_exception_taken(cpu, excret, true, false); +return; +} else if (!nsacr_pass) { +
[Qemu-devel] [PULL 33/42] hw/display/tc6393xb: Remove unused functions
From: Philippe Mathieu-Daudé No code used the tc6393xb_gpio_in_get() and tc6393xb_gpio_out_set() functions since their introduction in commit 88d2c950b002. Time to remove them. Suggested-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-4-phi...@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- include/hw/devices.h | 3 --- hw/display/tc6393xb.c | 16 2 files changed, 19 deletions(-) diff --git a/include/hw/devices.h b/include/hw/devices.h index 1ed5be32967..0850f697451 100644 --- a/include/hw/devices.h +++ b/include/hw/devices.h @@ -54,9 +54,6 @@ void retu_key_event(void *retu, int state); typedef struct TC6393xbState TC6393xbState; TC6393xbState *tc6393xb_init(struct MemoryRegion *sysmem, uint32_t base, qemu_irq irq); -void tc6393xb_gpio_out_set(TC6393xbState *s, int line, -qemu_irq handler); -qemu_irq *tc6393xb_gpio_in_get(TC6393xbState *s); qemu_irq tc6393xb_l3v_get(TC6393xbState *s); #endif diff --git a/hw/display/tc6393xb.c b/hw/display/tc6393xb.c index e1b1e302f23..6d133d9a66c 100644 --- a/hw/display/tc6393xb.c +++ b/hw/display/tc6393xb.c @@ -137,11 +137,6 @@ struct TC6393xbState { blanked : 1; }; -qemu_irq *tc6393xb_gpio_in_get(TC6393xbState *s) -{ -return s->gpio_in; -} - static void tc6393xb_gpio_set(void *opaque, int line, int level) { //TC6393xbState *s = opaque; @@ -154,17 +149,6 @@ static void tc6393xb_gpio_set(void *opaque, int line, int level) // FIXME: how does the chip reflect the GPIO input level change? } -void tc6393xb_gpio_out_set(TC6393xbState *s, int line, -qemu_irq handler) -{ -if (line >= TC6393XB_GPIOS) { -fprintf(stderr, "TC6393xb: no GPIO pin %d\n", line); -return; -} - -s->handler[line] = handler; -} - static void tc6393xb_gpio_handler_update(TC6393xbState *s) { uint32_t level, diff; -- 2.20.1
[Qemu-devel] [PULL 39/42] hw/devices: Move LAN9118 declarations into a new header
From: Philippe Mathieu-Daudé Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-10-phi...@redhat.com Signed-off-by: Peter Maydell --- include/hw/devices.h | 3 --- include/hw/net/lan9118.h | 19 +++ hw/arm/kzm.c | 2 +- hw/arm/mps2.c| 2 +- hw/arm/realview.c| 1 + hw/arm/vexpress.c| 2 +- hw/net/lan9118.c | 2 +- 7 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 include/hw/net/lan9118.h diff --git a/include/hw/devices.h b/include/hw/devices.h index ba9034050b4..ebc45c87997 100644 --- a/include/hw/devices.h +++ b/include/hw/devices.h @@ -8,7 +8,4 @@ /* smc91c111.c */ void smc91c111_init(NICInfo *, uint32_t, qemu_irq); -/* lan9118.c */ -void lan9118_init(NICInfo *, uint32_t, qemu_irq); - #endif diff --git a/include/hw/net/lan9118.h b/include/hw/net/lan9118.h new file mode 100644 index 000..d13d8cd3d22 --- /dev/null +++ b/include/hw/net/lan9118.h @@ -0,0 +1,19 @@ +/* + * SMSC LAN9118 Ethernet interface emulation + * + * Copyright (c) 2009 CodeSourcery, LLC. + * Written by Paul Brook + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifndef HW_NET_LAN9118_H +#define HW_NET_LAN9118_H + +#include "hw/irq.h" +#include "net/net.h" + +void lan9118_init(NICInfo *, uint32_t, qemu_irq); + +#endif diff --git a/hw/arm/kzm.c b/hw/arm/kzm.c index 864c7bd4114..139934c4ecf 100644 --- a/hw/arm/kzm.c +++ b/hw/arm/kzm.c @@ -22,7 +22,7 @@ #include "qemu/error-report.h" #include "exec/address-spaces.h" #include "net/net.h" -#include "hw/devices.h" +#include "hw/net/lan9118.h" #include "hw/char/serial.h" #include "sysemu/qtest.h" diff --git a/hw/arm/mps2.c b/hw/arm/mps2.c index e3d698ba6c4..54b7395849f 100644 --- a/hw/arm/mps2.c +++ b/hw/arm/mps2.c @@ -36,7 +36,7 @@ #include "hw/timer/cmsdk-apb-timer.h" #include "hw/timer/cmsdk-apb-dualtimer.h" #include "hw/misc/mps2-scc.h" -#include "hw/devices.h" +#include "hw/net/lan9118.h" #include "net/net.h" typedef enum MPS2FPGAType { diff --git a/hw/arm/realview.c b/hw/arm/realview.c index 242f5a87b6a..e9983c87639 100644 --- a/hw/arm/realview.c +++ b/hw/arm/realview.c @@ -15,6 +15,7 @@ #include "hw/arm/arm.h" #include "hw/arm/primecell.h" #include "hw/devices.h" +#include "hw/net/lan9118.h" #include "hw/pci/pci.h" #include "net/net.h" #include "sysemu/sysemu.h" diff --git a/hw/arm/vexpress.c b/hw/arm/vexpress.c index f07134c4245..d8634f3dd29 100644 --- a/hw/arm/vexpress.c +++ b/hw/arm/vexpress.c @@ -28,7 +28,7 @@ #include "hw/sysbus.h" #include "hw/arm/arm.h" #include "hw/arm/primecell.h" -#include "hw/devices.h" +#include "hw/net/lan9118.h" #include "hw/i2c/i2c.h" #include "net/net.h" #include "sysemu/sysemu.h" diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index a6269d9463b..a428b16eda5 100644 --- a/hw/net/lan9118.c +++ b/hw/net/lan9118.c @@ -14,7 +14,7 @@ #include "hw/sysbus.h" #include "net/net.h" #include "net/eth.h" -#include "hw/devices.h" +#include "hw/net/lan9118.h" #include "sysemu/sysemu.h" #include "hw/ptimer.h" #include "qemu/log.h" -- 2.20.1
[Qemu-devel] [PULL 11/42] target/arm: Handle SFPA and FPCA bits in reads and writes of CONTROL
The M-profile CONTROL register has two bits -- SFPA and FPCA -- which relate to floating-point support, and should be RES0 otherwise. Handle them correctly in the MSR/MRS register access code. Neither is banked between security states, so they are stored in v7m.control[M_REG_S] regardless of current security state. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-9-peter.mayd...@linaro.org --- target/arm/helper.c | 57 ++--- 1 file changed, 49 insertions(+), 8 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 45a9d92e505..e801744673f 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -12027,7 +12027,14 @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg) return xpsr_read(env) & mask; break; case 20: /* CONTROL */ -return env->v7m.control[env->v7m.secure]; +{ +uint32_t value = env->v7m.control[env->v7m.secure]; +if (!env->v7m.secure) { +/* SFPA is RAZ/WI from NS; FPCA is stored in the M_REG_S bank */ +value |= env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK; +} +return value; +} case 0x94: /* CONTROL_NS */ /* We have to handle this here because unprivileged Secure code * can read the NS CONTROL register. @@ -12035,7 +12042,8 @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg) if (!env->v7m.secure) { return 0; } -return env->v7m.control[M_REG_NS]; +return env->v7m.control[M_REG_NS] | +(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK); } if (el == 0) { @@ -12141,9 +12149,13 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val) */ uint32_t mask = extract32(maskreg, 8, 4); uint32_t reg = extract32(maskreg, 0, 8); +int cur_el = arm_current_el(env); -if (arm_current_el(env) == 0 && reg > 7) { -/* only xPSR sub-fields may be written by unprivileged */ +if (cur_el == 0 && reg > 7 && reg != 20) { +/* + * only xPSR sub-fields and CONTROL.SFPA may be written by + * unprivileged code + */ return; } @@ -12202,6 +12214,15 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val) env->v7m.control[M_REG_NS] &= ~R_V7M_CONTROL_NPRIV_MASK; env->v7m.control[M_REG_NS] |= val & R_V7M_CONTROL_NPRIV_MASK; } +/* + * SFPA is RAZ/WI from NS. FPCA is RO if NSACR.CP10 == 0, + * RES0 if the FPU is not present, and is stored in the S bank + */ +if (arm_feature(env, ARM_FEATURE_VFP) && +extract32(env->v7m.nsacr, 10, 1)) { +env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_FPCA_MASK; +env->v7m.control[M_REG_S] |= val & R_V7M_CONTROL_FPCA_MASK; +} return; case 0x98: /* SP_NS */ { @@ -12304,21 +12325,41 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val) env->v7m.faultmask[env->v7m.secure] = val & 1; break; case 20: /* CONTROL */ -/* Writing to the SPSEL bit only has an effect if we are in +/* + * Writing to the SPSEL bit only has an effect if we are in * thread mode; other bits can be updated by any privileged code. * write_v7m_control_spsel() deals with updating the SPSEL bit in * env->v7m.control, so we only need update the others. * For v7M, we must just ignore explicit writes to SPSEL in handler * mode; for v8M the write is permitted but will have no effect. + * All these bits are writes-ignored from non-privileged code, + * except for SFPA. */ -if (arm_feature(env, ARM_FEATURE_V8) || -!arm_v7m_is_handler_mode(env)) { +if (cur_el > 0 && (arm_feature(env, ARM_FEATURE_V8) || + !arm_v7m_is_handler_mode(env))) { write_v7m_control_spsel(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0); } -if (arm_feature(env, ARM_FEATURE_M_MAIN)) { +if (cur_el > 0 && arm_feature(env, ARM_FEATURE_M_MAIN)) { env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK; env->v7m.control[env->v7m.secure] |= val & R_V7M_CONTROL_NPRIV_MASK; } +if (arm_feature(env, ARM_FEATURE_VFP)) { +/* + * SFPA is RAZ/WI from NS or if no FPU. + * FPCA is RO if NSACR.CP10 == 0, RES0 if the FPU is not present. + * Both are stored in the S bank. + */ +if (env->v7m.secure) { +env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_SFPA_MASK; +env->v7m.control[M_REG_S] |= val & R_V7M_CONTROL_SFPA_MASK; +} +if (cur_el > 0 && +
[Qemu-devel] [PULL 35/42] hw/devices: Move Blizzard declarations into a new header
From: Philippe Mathieu-Daudé Add an entries the Blizzard device in MAINTAINERS. Reviewed-by: Thomas Huth Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-6-phi...@redhat.com Signed-off-by: Peter Maydell --- include/hw/devices.h | 7 --- include/hw/display/blizzard.h | 22 ++ hw/arm/nseries.c | 1 + hw/display/blizzard.c | 2 +- MAINTAINERS | 2 ++ 5 files changed, 26 insertions(+), 8 deletions(-) create mode 100644 include/hw/display/blizzard.h diff --git a/include/hw/devices.h b/include/hw/devices.h index 1e2141caad1..77d66113021 100644 --- a/include/hw/devices.h +++ b/include/hw/devices.h @@ -29,13 +29,6 @@ void tsc2005_set_transform(void *opaque, MouseTransformInfo *info); /* stellaris_input.c */ void stellaris_gamepad_init(int n, qemu_irq *irq, const int *keycode); -/* blizzard.c */ -void *s1d13745_init(qemu_irq gpio_int); -void s1d13745_write(void *opaque, int dc, uint16_t value); -void s1d13745_write_block(void *opaque, int dc, -void *buf, size_t len, int pitch); -uint16_t s1d13745_read(void *opaque, int dc); - /* cbus.c */ typedef struct { qemu_irq clk; diff --git a/include/hw/display/blizzard.h b/include/hw/display/blizzard.h new file mode 100644 index 000..ef72bbc1865 --- /dev/null +++ b/include/hw/display/blizzard.h @@ -0,0 +1,22 @@ +/* + * Epson S1D13744/S1D13745 (Blizzard/Hailstorm/Tornado) LCD/TV controller. + * + * Copyright (C) 2008 Nokia Corporation + * Written by Andrzej Zaborowski + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifndef HW_DISPLAY_BLIZZARD_H +#define HW_DISPLAY_BLIZZARD_H + +#include "hw/irq.h" + +void *s1d13745_init(qemu_irq gpio_int); +void s1d13745_write(void *opaque, int dc, uint16_t value); +void s1d13745_write_block(void *opaque, int dc, + void *buf, size_t len, int pitch); +uint16_t s1d13745_read(void *opaque, int dc); + +#endif diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c index 2b710c3d49f..ef09b3bf79f 100644 --- a/hw/arm/nseries.c +++ b/hw/arm/nseries.c @@ -31,6 +31,7 @@ #include "hw/boards.h" #include "hw/i2c/i2c.h" #include "hw/devices.h" +#include "hw/display/blizzard.h" #include "hw/misc/tmp105.h" #include "hw/block/flash.h" #include "hw/hw.h" diff --git a/hw/display/blizzard.c b/hw/display/blizzard.c index 291abe6fcae..471bd0ed997 100644 --- a/hw/display/blizzard.c +++ b/hw/display/blizzard.c @@ -21,7 +21,7 @@ #include "qemu/osdep.h" #include "qemu-common.h" #include "ui/console.h" -#include "hw/devices.h" +#include "hw/display/blizzard.h" #include "ui/pixel_ops.h" typedef void (*blizzard_fn_t)(uint8_t *, const uint8_t *, unsigned int); diff --git a/MAINTAINERS b/MAINTAINERS index 51eecd0ac19..c069c274ec0 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -663,10 +663,12 @@ M: Peter Maydell L: qemu-...@nongnu.org S: Odd Fixes F: hw/arm/nseries.c +F: hw/display/blizzard.c F: hw/input/lm832x.c F: hw/input/tsc2005.c F: hw/misc/cbus.c F: hw/timer/twl92230.c +F: include/hw/display/blizzard.h Palm M: Andrzej Zaborowski -- 2.20.1
[Qemu-devel] [PULL 29/42] target/arm: Enable FPU for Cortex-M4 and Cortex-M33
Enable the FPU by default for the Cortex-M4 and Cortex-M33. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-27-peter.mayd...@linaro.org --- target/arm/cpu.c | 8 1 file changed, 8 insertions(+) diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 7deccda2404..a181fa8dc1a 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1493,8 +1493,12 @@ static void cortex_m4_initfn(Object *obj) set_feature(>env, ARM_FEATURE_M); set_feature(>env, ARM_FEATURE_M_MAIN); set_feature(>env, ARM_FEATURE_THUMB_DSP); +set_feature(>env, ARM_FEATURE_VFP4); cpu->midr = 0x410fc240; /* r0p0 */ cpu->pmsav7_dregion = 8; +cpu->isar.mvfr0 = 0x10110021; +cpu->isar.mvfr1 = 0x1111; +cpu->isar.mvfr2 = 0x; cpu->id_pfr0 = 0x0030; cpu->id_pfr1 = 0x0200; cpu->id_dfr0 = 0x0010; @@ -1521,9 +1525,13 @@ static void cortex_m33_initfn(Object *obj) set_feature(>env, ARM_FEATURE_M_MAIN); set_feature(>env, ARM_FEATURE_M_SECURITY); set_feature(>env, ARM_FEATURE_THUMB_DSP); +set_feature(>env, ARM_FEATURE_VFP4); cpu->midr = 0x410fd213; /* r0p3 */ cpu->pmsav7_dregion = 16; cpu->sau_sregion = 8; +cpu->isar.mvfr0 = 0x10110021; +cpu->isar.mvfr1 = 0x1111; +cpu->isar.mvfr2 = 0x0040; cpu->id_pfr0 = 0x0030; cpu->id_pfr1 = 0x0210; cpu->id_dfr0 = 0x0020; -- 2.20.1
[Qemu-devel] [PULL 27/42] target/arm: Implement VLSTM for v7M CPUs with an FPU
Implement the VLSTM instruction for v7M for the FPU present case. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-25-peter.mayd...@linaro.org --- target/arm/cpu.h | 2 + target/arm/helper.h| 2 + target/arm/helper.c| 84 ++ target/arm/translate.c | 15 +++- 4 files changed, 102 insertions(+), 1 deletion(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 0b10aefb93d..22bc6e00ab9 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -58,6 +58,8 @@ #define EXCP_INVSTATE 18 /* v7M INVSTATE UsageFault */ #define EXCP_STKOF 19 /* v8M STKOF UsageFault */ #define EXCP_LAZYFP 20 /* v7M fault during lazy FP stacking */ +#define EXCP_LSERR 21 /* v8M LSERR SecureFault */ +#define EXCP_UNALIGNED 22 /* v7M UNALIGNED UsageFault */ /* NB: add new EXCP_ defines to the array in arm_log_exception() too */ #define ARMV7M_EXCP_RESET 1 diff --git a/target/arm/helper.h b/target/arm/helper.h index 0a3a80528c7..62051ae6d51 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -71,6 +71,8 @@ DEF_HELPER_3(v7m_tt, i32, env, i32, i32) DEF_HELPER_1(v7m_preserve_fp_state, void, env) +DEF_HELPER_2(v7m_vlstm, void, env, i32) + DEF_HELPER_2(v8m_stackcheck, void, env, i32) DEF_HELPER_4(access_check_cp_reg, void, env, ptr, i32, i32) diff --git a/target/arm/helper.c b/target/arm/helper.c index b11f8aa14df..b821037c3b6 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -7384,6 +7384,12 @@ void HELPER(v7m_preserve_fp_state)(CPUARMState *env) g_assert_not_reached(); } +void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) +{ +/* translate.c should never generate calls here in user-only mode */ +g_assert_not_reached(); +} + uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op) { /* The TT instructions can be used by unprivileged code, but in @@ -8400,6 +8406,74 @@ static void v7m_update_fpccr(CPUARMState *env, uint32_t frameptr, } } +void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) +{ +/* fptr is the value of Rn, the frame pointer we store the FP regs to */ +bool s = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK; +bool lspact = env->v7m.fpccr[s] & R_V7M_FPCCR_LSPACT_MASK; + +assert(env->v7m.secure); + +if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_SFPA_MASK)) { +return; +} + +/* Check access to the coprocessor is permitted */ +if (!v7m_cpacr_pass(env, true, arm_current_el(env) != 0)) { +raise_exception_ra(env, EXCP_NOCP, 0, 1, GETPC()); +} + +if (lspact) { +/* LSPACT should not be active when there is active FP state */ +raise_exception_ra(env, EXCP_LSERR, 0, 1, GETPC()); +} + +if (fptr & 7) { +raise_exception_ra(env, EXCP_UNALIGNED, 0, 1, GETPC()); +} + +/* + * Note that we do not use v7m_stack_write() here, because the + * accesses should not set the FSR bits for stacking errors if they + * fail. (In pseudocode terms, they are AccType_NORMAL, not AccType_STACK + * or AccType_LAZYFP). Faults in cpu_stl_data() will throw exceptions + * and longjmp out. + */ +if (!(env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPEN_MASK)) { +bool ts = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK; +int i; + +for (i = 0; i < (ts ? 32 : 16); i += 2) { +uint64_t dn = *aa32_vfp_dreg(env, i / 2); +uint32_t faddr = fptr + 4 * i; +uint32_t slo = extract64(dn, 0, 32); +uint32_t shi = extract64(dn, 32, 32); + +if (i >= 16) { +faddr += 8; /* skip the slot for the FPSCR */ +} +cpu_stl_data(env, faddr, slo); +cpu_stl_data(env, faddr + 4, shi); +} +cpu_stl_data(env, fptr + 0x40, vfp_get_fpscr(env)); + +/* + * If TS is 0 then s0 to s15 and FPSCR are UNKNOWN; we choose to + * leave them unchanged, matching our choice in v7m_preserve_fp_state. + */ +if (ts) { +for (i = 0; i < 32; i += 2) { +*aa32_vfp_dreg(env, i / 2) = 0; +} +vfp_set_fpscr(env, 0); +} +} else { +v7m_update_fpccr(env, fptr, false); +} + +env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_FPCA_MASK; +} + static bool v7m_push_stack(ARMCPU *cpu) { /* Do the "set up stack frame" part of exception entry, @@ -9160,6 +9234,8 @@ static void arm_log_exception(int idx) [EXCP_INVSTATE] = "v7M INVSTATE UsageFault", [EXCP_STKOF] = "v8M STKOF UsageFault", [EXCP_LAZYFP] = "v7M exception during lazy FP stacking", +[EXCP_LSERR] = "v8M LSERR UsageFault", +[EXCP_UNALIGNED] = "v7M UNALIGNED UsageFault", }; if (idx >= 0 && idx < ARRAY_SIZE(excnames)) { @@ -9334,6 +9410,14 @@ void arm_v7m_cpu_do_interrupt(CPUState
[Qemu-devel] [PULL 28/42] target/arm: Implement VLLDM for v7M CPUs with an FPU
Implement the VLLDM instruction for v7M for the FPU present cas. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-26-peter.mayd...@linaro.org --- target/arm/helper.h| 1 + target/arm/helper.c| 54 ++ target/arm/translate.c | 2 +- 3 files changed, 56 insertions(+), 1 deletion(-) diff --git a/target/arm/helper.h b/target/arm/helper.h index 62051ae6d51..50cb036378b 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -72,6 +72,7 @@ DEF_HELPER_3(v7m_tt, i32, env, i32, i32) DEF_HELPER_1(v7m_preserve_fp_state, void, env) DEF_HELPER_2(v7m_vlstm, void, env, i32) +DEF_HELPER_2(v7m_vlldm, void, env, i32) DEF_HELPER_2(v8m_stackcheck, void, env, i32) diff --git a/target/arm/helper.c b/target/arm/helper.c index b821037c3b6..81a92ab4911 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -7390,6 +7390,12 @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) g_assert_not_reached(); } +void HELPER(v7m_vlldm)(CPUARMState *env, uint32_t fptr) +{ +/* translate.c should never generate calls here in user-only mode */ +g_assert_not_reached(); +} + uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op) { /* The TT instructions can be used by unprivileged code, but in @@ -8474,6 +8480,54 @@ void HELPER(v7m_vlstm)(CPUARMState *env, uint32_t fptr) env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_FPCA_MASK; } +void HELPER(v7m_vlldm)(CPUARMState *env, uint32_t fptr) +{ +/* fptr is the value of Rn, the frame pointer we load the FP regs from */ +assert(env->v7m.secure); + +if (!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_SFPA_MASK)) { +return; +} + +/* Check access to the coprocessor is permitted */ +if (!v7m_cpacr_pass(env, true, arm_current_el(env) != 0)) { +raise_exception_ra(env, EXCP_NOCP, 0, 1, GETPC()); +} + +if (env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPACT_MASK) { +/* State in FP is still valid */ +env->v7m.fpccr[M_REG_S] &= ~R_V7M_FPCCR_LSPACT_MASK; +} else { +bool ts = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK; +int i; +uint32_t fpscr; + +if (fptr & 7) { +raise_exception_ra(env, EXCP_UNALIGNED, 0, 1, GETPC()); +} + +for (i = 0; i < (ts ? 32 : 16); i += 2) { +uint32_t slo, shi; +uint64_t dn; +uint32_t faddr = fptr + 4 * i; + +if (i >= 16) { +faddr += 8; /* skip the slot for the FPSCR */ +} + +slo = cpu_ldl_data(env, faddr); +shi = cpu_ldl_data(env, faddr + 4); + +dn = (uint64_t) shi << 32 | slo; +*aa32_vfp_dreg(env, i / 2) = dn; +} +fpscr = cpu_ldl_data(env, fptr + 0x40); +vfp_set_fpscr(env, fpscr); +} + +env->v7m.control[M_REG_S] |= R_V7M_CONTROL_FPCA_MASK; +} + static bool v7m_push_stack(ARMCPU *cpu) { /* Do the "set up stack frame" part of exception entry, diff --git a/target/arm/translate.c b/target/arm/translate.c index 99b38dd5f2b..10bc53f91c6 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -11823,7 +11823,7 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) TCGv_i32 fptr = load_reg(s, rn); if (extract32(insn, 20, 1)) { -/* VLLDM */ +gen_helper_v7m_vlldm(cpu_env, fptr); } else { gen_helper_v7m_vlstm(cpu_env, fptr); } -- 2.20.1
[Qemu-devel] [PULL 24/42] target/arm: New function armv7m_nvic_set_pending_lazyfp()
In the v7M architecture, if an exception is generated in the process of doing the lazy stacking of FP registers, the handling of possible escalation to HardFault is treated differently to the normal approach: it works based on the saved information about exception readiness that was stored in the FPCCR when the stack frame was created. Provide a new function armv7m_nvic_set_pending_lazyfp() which pends exceptions during lazy stacking, and implements this logic. This corresponds to the pseudocode TakePreserveFPException(). Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-22-peter.mayd...@linaro.org --- target/arm/cpu.h | 12 ++ hw/intc/armv7m_nvic.c | 96 +++ 2 files changed, 108 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 920cf367020..ed3069341d2 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2008,6 +2008,18 @@ void armv7m_nvic_set_pending(void *opaque, int irq, bool secure); * a different exception). */ void armv7m_nvic_set_pending_derived(void *opaque, int irq, bool secure); +/** + * armv7m_nvic_set_pending_lazyfp: mark this lazy FP exception as pending + * @opaque: the NVIC + * @irq: the exception number to mark pending + * @secure: false for non-banked exceptions or for the nonsecure + * version of a banked exception, true for the secure version of a banked + * exception. + * + * Similar to armv7m_nvic_set_pending(), but specifically for exceptions + * generated in the course of lazy stacking of FP registers. + */ +void armv7m_nvic_set_pending_lazyfp(void *opaque, int irq, bool secure); /** * armv7m_nvic_get_pending_irq_info: return highest priority pending *exception, and whether it targets Secure state diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 53b4631dace..fff6e694e60 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -655,6 +655,102 @@ void armv7m_nvic_set_pending_derived(void *opaque, int irq, bool secure) do_armv7m_nvic_set_pending(opaque, irq, secure, true); } +void armv7m_nvic_set_pending_lazyfp(void *opaque, int irq, bool secure) +{ +/* + * Pend an exception during lazy FP stacking. This differs + * from the usual exception pending because the logic for + * whether we should escalate depends on the saved context + * in the FPCCR register, not on the current state of the CPU/NVIC. + */ +NVICState *s = (NVICState *)opaque; +bool banked = exc_is_banked(irq); +VecInfo *vec; +bool targets_secure; +bool escalate = false; +/* + * We will only look at bits in fpccr if this is a banked exception + * (in which case 'secure' tells us whether it is the S or NS version). + * All the bits for the non-banked exceptions are in fpccr_s. + */ +uint32_t fpccr_s = s->cpu->env.v7m.fpccr[M_REG_S]; +uint32_t fpccr = s->cpu->env.v7m.fpccr[secure]; + +assert(irq > ARMV7M_EXCP_RESET && irq < s->num_irq); +assert(!secure || banked); + +vec = (banked && secure) ? >sec_vectors[irq] : >vectors[irq]; + +targets_secure = banked ? secure : exc_targets_secure(s, irq); + +switch (irq) { +case ARMV7M_EXCP_DEBUG: +if (!(fpccr_s & R_V7M_FPCCR_MONRDY_MASK)) { +/* Ignore DebugMonitor exception */ +return; +} +break; +case ARMV7M_EXCP_MEM: +escalate = !(fpccr & R_V7M_FPCCR_MMRDY_MASK); +break; +case ARMV7M_EXCP_USAGE: +escalate = !(fpccr & R_V7M_FPCCR_UFRDY_MASK); +break; +case ARMV7M_EXCP_BUS: +escalate = !(fpccr_s & R_V7M_FPCCR_BFRDY_MASK); +break; +case ARMV7M_EXCP_SECURE: +escalate = !(fpccr_s & R_V7M_FPCCR_SFRDY_MASK); +break; +default: +g_assert_not_reached(); +} + +if (escalate) { +/* + * Escalate to HardFault: faults that initially targeted Secure + * continue to do so, even if HF normally targets NonSecure. + */ +irq = ARMV7M_EXCP_HARD; +if (arm_feature(>cpu->env, ARM_FEATURE_M_SECURITY) && +(targets_secure || + !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK))) { +vec = >sec_vectors[irq]; +} else { +vec = >vectors[irq]; +} +} + +if (!vec->enabled || +nvic_exec_prio(s) <= exc_group_prio(s, vec->prio, secure)) { +if (!(fpccr_s & R_V7M_FPCCR_HFRDY_MASK)) { +/* + * We want to escalate to HardFault but the context the + * FP state belongs to prevents the exception pre-empting. + */ +cpu_abort(>cpu->parent_obj, + "Lockup: can't escalate to HardFault during " + "lazy FP register stacking\n"); +} +} + +if (escalate) { +s->cpu->env.v7m.hfsr |= R_V7M_HFSR_FORCED_MASK; +} +if (!vec->pending) { +vec->pending = 1; +/* +
[Qemu-devel] [PULL 19/42] target/arm: Move NS TBFLAG from bit 19 to bit 6
Move the NS TBFLAG down from bit 19 to bit 6, which has not been used since commit c1e3781090b9d36c60 in 2015, when we started passing the entire MMU index in the TB flags rather than just a 'privilege level' bit. This rearrangement is not strictly necessary, but means that we can put M-profile-only bits next to each other rather than scattered across the flag word. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-17-peter.mayd...@linaro.org --- target/arm/cpu.h | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index eb989d773af..0ea448034b3 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -3138,6 +3138,12 @@ FIELD(TBFLAG_ANY, BE_DATA, 23, 1) FIELD(TBFLAG_A32, THUMB, 0, 1) FIELD(TBFLAG_A32, VECLEN, 1, 3) FIELD(TBFLAG_A32, VECSTRIDE, 4, 2) +/* + * Indicates whether cp register reads and writes by guest code should access + * the secure or nonsecure bank of banked registers; note that this is not + * the same thing as the current security state of the processor! + */ +FIELD(TBFLAG_A32, NS, 6, 1) FIELD(TBFLAG_A32, VFPEN, 7, 1) FIELD(TBFLAG_A32, CONDEXEC, 8, 8) FIELD(TBFLAG_A32, SCTLR_B, 16, 1) @@ -3145,11 +3151,6 @@ FIELD(TBFLAG_A32, SCTLR_B, 16, 1) * checks on the other bits at runtime */ FIELD(TBFLAG_A32, XSCALE_CPAR, 17, 2) -/* Indicates whether cp register reads and writes by guest code should access - * the secure or nonsecure bank of banked registers; note that this is not - * the same thing as the current security state of the processor! - */ -FIELD(TBFLAG_A32, NS, 19, 1) /* For M profile only, Handler (ie not Thread) mode */ FIELD(TBFLAG_A32, HANDLER, 21, 1) /* For M profile only, whether we should generate stack-limit checks */ -- 2.20.1
[Qemu-devel] [PULL 38/42] hw/devices: Move TI touchscreen declarations into a new header
From: Philippe Mathieu-Daudé Since uWireSlave is only used in this new header, there is no need to expose it via "qemu/typedefs.h". Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-9-phi...@redhat.com Signed-off-by: Peter Maydell --- include/hw/arm/omap.h | 6 +- include/hw/devices.h | 15 --- include/hw/input/tsc2xxx.h | 36 include/qemu/typedefs.h| 1 - hw/arm/nseries.c | 2 +- hw/arm/palm.c | 2 +- hw/input/tsc2005.c | 2 +- hw/input/tsc210x.c | 4 ++-- MAINTAINERS| 2 ++ 9 files changed, 44 insertions(+), 26 deletions(-) create mode 100644 include/hw/input/tsc2xxx.h diff --git a/include/hw/arm/omap.h b/include/hw/arm/omap.h index e7fbd340f37..9de867daa46 100644 --- a/include/hw/arm/omap.h +++ b/include/hw/arm/omap.h @@ -20,6 +20,7 @@ #include "exec/memory.h" # define hw_omap_h "omap.h" #include "hw/irq.h" +#include "hw/input/tsc2xxx.h" #include "target/arm/cpu-qom.h" #include "qemu/log.h" @@ -679,11 +680,6 @@ qemu_irq *omap_mpuio_in_get(struct omap_mpuio_s *s); void omap_mpuio_out_set(struct omap_mpuio_s *s, int line, qemu_irq handler); void omap_mpuio_key(struct omap_mpuio_s *s, int row, int col, int down); -struct uWireSlave { -uint16_t (*receive)(void *opaque); -void (*send)(void *opaque, uint16_t data); -void *opaque; -}; struct omap_uwire_s; void omap_uwire_attach(struct omap_uwire_s *s, uWireSlave *slave, int chipselect); diff --git a/include/hw/devices.h b/include/hw/devices.h index 7a630da47f7..ba9034050b4 100644 --- a/include/hw/devices.h +++ b/include/hw/devices.h @@ -4,7 +4,6 @@ /* Devices that have nowhere better to go. */ #include "hw/hw.h" -#include "ui/console.h" /* smc91c111.c */ void smc91c111_init(NICInfo *, uint32_t, qemu_irq); @@ -12,18 +11,4 @@ void smc91c111_init(NICInfo *, uint32_t, qemu_irq); /* lan9118.c */ void lan9118_init(NICInfo *, uint32_t, qemu_irq); -/* tsc210x.c */ -uWireSlave *tsc2102_init(qemu_irq pint); -uWireSlave *tsc2301_init(qemu_irq penirq, qemu_irq kbirq, qemu_irq dav); -I2SCodec *tsc210x_codec(uWireSlave *chip); -uint32_t tsc210x_txrx(void *opaque, uint32_t value, int len); -void tsc210x_set_transform(uWireSlave *chip, -MouseTransformInfo *info); -void tsc210x_key_event(uWireSlave *chip, int key, int down); - -/* tsc2005.c */ -void *tsc2005_init(qemu_irq pintdav); -uint32_t tsc2005_txrx(void *opaque, uint32_t value, int len); -void tsc2005_set_transform(void *opaque, MouseTransformInfo *info); - #endif diff --git a/include/hw/input/tsc2xxx.h b/include/hw/input/tsc2xxx.h new file mode 100644 index 000..dbfe5c55c1f --- /dev/null +++ b/include/hw/input/tsc2xxx.h @@ -0,0 +1,36 @@ +/* + * TI touchscreen controller + * + * Copyright (c) 2006 Andrzej Zaborowski + * Copyright (C) 2008 Nokia Corporation + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifndef HW_INPUT_TSC2XXX_H +#define HW_INPUT_TSC2XXX_H + +#include "hw/irq.h" +#include "ui/console.h" + +typedef struct uWireSlave { +uint16_t (*receive)(void *opaque); +void (*send)(void *opaque, uint16_t data); +void *opaque; +} uWireSlave; + +/* tsc210x.c */ +uWireSlave *tsc2102_init(qemu_irq pint); +uWireSlave *tsc2301_init(qemu_irq penirq, qemu_irq kbirq, qemu_irq dav); +I2SCodec *tsc210x_codec(uWireSlave *chip); +uint32_t tsc210x_txrx(void *opaque, uint32_t value, int len); +void tsc210x_set_transform(uWireSlave *chip, MouseTransformInfo *info); +void tsc210x_key_event(uWireSlave *chip, int key, int down); + +/* tsc2005.c */ +void *tsc2005_init(qemu_irq pintdav); +uint32_t tsc2005_txrx(void *opaque, uint32_t value, int len); +void tsc2005_set_transform(void *opaque, MouseTransformInfo *info); + +#endif diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h index e4a0a656d1c..fcdaae58c44 100644 --- a/include/qemu/typedefs.h +++ b/include/qemu/typedefs.h @@ -99,7 +99,6 @@ typedef struct RAMBlock RAMBlock; typedef struct Range Range; typedef struct SHPCDevice SHPCDevice; typedef struct SSIBus SSIBus; -typedef struct uWireSlave uWireSlave; typedef struct VirtIODevice VirtIODevice; typedef struct Visitor Visitor; typedef void SaveStateHandler(QEMUFile *f, void *opaque); diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c index 6889f13d699..303f7a31e1c 100644 --- a/hw/arm/nseries.c +++ b/hw/arm/nseries.c @@ -30,8 +30,8 @@ #include "ui/console.h" #include "hw/boards.h" #include "hw/i2c/i2c.h" -#include "hw/devices.h" #include "hw/display/blizzard.h" +#include "hw/input/tsc2xxx.h" #include "hw/misc/cbus.h" #include "hw/misc/tmp105.h" #include "hw/block/flash.h" diff --git a/hw/arm/palm.c b/hw/arm/palm.c index 285f43709dd..139d27d1cc0 100644 --- a/hw/arm/palm.c +++ b/hw/arm/palm.c @@ -26,7 +26,7 @@ #include "hw/arm/omap.h"
[Qemu-devel] [PULL 32/42] hw/arm/nseries: Use TYPE_TMP105 instead of hardcoded string
From: Philippe Mathieu-Daudé Suggested-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-3-phi...@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/nseries.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c index 906b7ca22d4..2b710c3d49f 100644 --- a/hw/arm/nseries.c +++ b/hw/arm/nseries.c @@ -31,6 +31,7 @@ #include "hw/boards.h" #include "hw/i2c/i2c.h" #include "hw/devices.h" +#include "hw/misc/tmp105.h" #include "hw/block/flash.h" #include "hw/hw.h" #include "hw/bt.h" @@ -218,7 +219,7 @@ static void n8x0_i2c_setup(struct n800_s *s) qemu_register_powerdown_notifier(_system_powerdown_notifier); /* Attach a TMP105 PM chip (A0 wired to ground) */ -dev = i2c_create_slave(i2c, "tmp105", N8X0_TMP105_ADDR); +dev = i2c_create_slave(i2c, TYPE_TMP105, N8X0_TMP105_ADDR); qdev_connect_gpio_out(dev, 0, tmp_irq); } -- 2.20.1
[Qemu-devel] [PULL 08/42] target/arm: Honour M-profile FP enable bits
Like AArch64, M-profile floating point has no FPEXC enable bit to gate floating point; so always set the VFPEN TB flag. M-profile also has CPACR and NSACR similar to A-profile; they behave slightly differently: * the CPACR is banked between Secure and Non-Secure * if the NSACR forces a trap then this is taken to the Secure state, not the Non-Secure state Honour the CPACR and NSACR settings. The NSACR handling requires us to borrow the exception.target_el field (usually meaningless for M profile) to distinguish the NOCP UsageFault taken to Secure state from the more usual fault taken to the current security state. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-6-peter.mayd...@linaro.org --- target/arm/helper.c| 55 +++--- target/arm/translate.c | 10 ++-- 2 files changed, 60 insertions(+), 5 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 57ef75b3fcb..c3d5fe09cdc 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -7556,6 +7556,25 @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx, return target_el; } +/* + * Return true if the v7M CPACR permits access to the FPU for the specified + * security state and privilege level. + */ +static bool v7m_cpacr_pass(CPUARMState *env, bool is_secure, bool is_priv) +{ +switch (extract32(env->v7m.cpacr[is_secure], 20, 2)) { +case 0: +case 2: /* UNPREDICTABLE: we treat like 0 */ +return false; +case 1: +return is_priv; +case 3: +return true; +default: +g_assert_not_reached(); +} +} + static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value, ARMMMUIdx mmu_idx, bool ignfault) { @@ -8815,9 +8834,23 @@ void arm_v7m_cpu_do_interrupt(CPUState *cs) env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_UNDEFINSTR_MASK; break; case EXCP_NOCP: -armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); -env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_NOCP_MASK; +{ +/* + * NOCP might be directed to something other than the current + * security state if this fault is because of NSACR; we indicate + * the target security state using exception.target_el. + */ +int target_secstate; + +if (env->exception.target_el == 3) { +target_secstate = M_REG_S; +} else { +target_secstate = env->v7m.secure; +} +armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, target_secstate); +env->v7m.cfsr[target_secstate] |= R_V7M_CFSR_NOCP_MASK; break; +} case EXCP_INVSTATE: armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVSTATE_MASK; @@ -12751,6 +12784,22 @@ int fp_exception_el(CPUARMState *env, int cur_el) return 0; } +if (arm_feature(env, ARM_FEATURE_M)) { +/* CPACR can cause a NOCP UsageFault taken to current security state */ +if (!v7m_cpacr_pass(env, env->v7m.secure, cur_el != 0)) { +return 1; +} + +if (arm_feature(env, ARM_FEATURE_M_SECURITY) && !env->v7m.secure) { +if (!extract32(env->v7m.nsacr, 10, 1)) { +/* FP insns cause a NOCP UsageFault taken to Secure */ +return 3; +} +} + +return 0; +} + /* The CPACR controls traps to EL1, or PL1 if we're 32 bit: * 0, 2 : trap EL0 and EL1/PL1 accesses * 1: trap only EL0 accesses @@ -12938,7 +12987,7 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc, flags = FIELD_DP32(flags, TBFLAG_A32, SCTLR_B, arm_sctlr_b(env)); flags = FIELD_DP32(flags, TBFLAG_A32, NS, !access_secure_reg(env)); if (env->vfp.xregs[ARM_VFP_FPEXC] & (1 << 30) -|| arm_el_is_aa64(env, 1)) { +|| arm_el_is_aa64(env, 1) || arm_feature(env, ARM_FEATURE_M)) { flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1); } flags = FIELD_DP32(flags, TBFLAG_A32, XSCALE_CPAR, env->cp15.c15_cpar); diff --git a/target/arm/translate.c b/target/arm/translate.c index a9784535069..6a11921d0b8 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -3399,8 +3399,14 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn) * for attempts to execute invalid vfp/neon encodings with FP disabled. */ if (s->fp_excp_el) { -gen_exception_insn(s, 4, EXCP_UDEF, - syn_fp_access_trap(1, 0xe, false), s->fp_excp_el); +if (arm_dc_feature(s, ARM_FEATURE_M)) { +gen_exception_insn(s, 4, EXCP_NOCP, syn_uncategorized(), + s->fp_excp_el); +} else { +gen_exception_insn(s, 4, EXCP_UDEF, + syn_fp_access_trap(1,
[Qemu-devel] [PULL 12/42] target/arm/helper: don't return early for STKOF faults during stacking
Currently the code in v7m_push_stack() which detects a violation of the v8M stack limit simply returns early if it does so. This is OK for the current integer-only code, but won't work for the floating point handling we're about to add. We need to continue executing the rest of the function so that we check for other exceptions like not having permission to use the FPU and so that we correctly set the FPCCR state if we are doing lazy stacking. Refactor to avoid the early return. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-10-peter.mayd...@linaro.org --- target/arm/helper.c | 23 ++- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index e801744673f..142d301b651 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8182,7 +8182,7 @@ static bool v7m_push_stack(ARMCPU *cpu) * should ignore further stack faults trying to process * that derived exception.) */ -bool stacked_ok; +bool stacked_ok = true, limitviol = false; CPUARMState *env = >env; uint32_t xpsr = xpsr_read(env); uint32_t frameptr = env->regs[13]; @@ -8213,7 +8213,14 @@ static bool v7m_push_stack(ARMCPU *cpu) armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure); env->regs[13] = limit; -return true; +/* + * We won't try to perform any further memory accesses but + * we must continue through the following code to check for + * permission faults during FPU state preservation, and we + * must update FPCCR if lazy stacking is enabled. + */ +limitviol = true; +stacked_ok = false; } } @@ -8222,7 +8229,7 @@ static bool v7m_push_stack(ARMCPU *cpu) * (which may be taken in preference to the one we started with * if it has higher priority). */ -stacked_ok = +stacked_ok = stacked_ok && v7m_stack_write(cpu, frameptr, env->regs[0], mmu_idx, false) && v7m_stack_write(cpu, frameptr + 4, env->regs[1], mmu_idx, false) && v7m_stack_write(cpu, frameptr + 8, env->regs[2], mmu_idx, false) && @@ -8232,8 +8239,14 @@ static bool v7m_push_stack(ARMCPU *cpu) v7m_stack_write(cpu, frameptr + 24, env->regs[15], mmu_idx, false) && v7m_stack_write(cpu, frameptr + 28, xpsr, mmu_idx, false); -/* Update SP regardless of whether any of the stack accesses failed. */ -env->regs[13] = frameptr; +/* + * If we broke a stack limit then SP was already updated earlier; + * otherwise we update SP regardless of whether any of the stack + * accesses failed or we took some other kind of fault. + */ +if (!limitviol) { +env->regs[13] = frameptr; +} return !stacked_ok; } -- 2.20.1
[Qemu-devel] [PULL 04/42] target/arm: Make sure M-profile FPSCR RES0 bits are not settable
Enforce that for M-profile various FPSCR bits which are RES0 there but have defined meanings on A-profile are never settable. This ensures that M-profile code can't enable the A-profile behaviour (notably vector length/stride handling) by accident. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-2-peter.mayd...@linaro.org --- target/arm/vfp_helper.c | 8 1 file changed, 8 insertions(+) diff --git a/target/arm/vfp_helper.c b/target/arm/vfp_helper.c index 2468fc16294..7a46d991486 100644 --- a/target/arm/vfp_helper.c +++ b/target/arm/vfp_helper.c @@ -105,6 +105,14 @@ void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val) val &= ~FPCR_FZ16; } +if (arm_feature(env, ARM_FEATURE_M)) { +/* + * M profile FPSCR is RES0 for the QC, STRIDE, FZ16, LEN bits + * and also for the trapped-exception-handling bits IxE. + */ +val &= 0xf7c0009f; +} + /* * We don't implement trapped exception handling, so the * trap enable bits, IDE|IXE|UFE|OFE|DZE|IOE are all RAZ/WI (not RES0!) -- 2.20.1
[Qemu-devel] [PULL 16/42] target/arm: Clean excReturn bits when tail chaining
The TailChain() pseudocode specifies that a tail chaining exception should sanitize the excReturn all-ones bits and (if there is no FPU) the excReturn FType bits; we weren't doing this. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-14-peter.mayd...@linaro.org --- target/arm/helper.c | 8 1 file changed, 8 insertions(+) diff --git a/target/arm/helper.c b/target/arm/helper.c index 088852ceb96..da0b6202400 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8076,6 +8076,14 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain, qemu_log_mask(CPU_LOG_INT, "...taking pending %s exception %d\n", targets_secure ? "secure" : "nonsecure", exc); +if (dotailchain) { +/* Sanitize LR FType and PREFIX bits */ +if (!arm_feature(env, ARM_FEATURE_VFP)) { +lr |= R_V7M_EXCRET_FTYPE_MASK; +} +lr = deposit32(lr, 24, 8, 0xff); +} + if (arm_feature(env, ARM_FEATURE_V8)) { if (arm_feature(env, ARM_FEATURE_M_SECURITY) && (lr & R_V7M_EXCRET_S_MASK)) { -- 2.20.1
[Qemu-devel] [PULL 10/42] target/arm: Clear CONTROL_S.SFPA in SG insn if FPU present
If the floating point extension is present, then the SG instruction must clear the CONTROL_S.SFPA bit. Implement this. (On a no-FPU system the bit will always be zero, so we don't need to make the clearing of the bit conditional on ARM_FEATURE_VFP.) Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-8-peter.mayd...@linaro.org --- target/arm/helper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/arm/helper.c b/target/arm/helper.c index c3d5fe09cdc..45a9d92e505 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8804,6 +8804,7 @@ static bool v7m_handle_execute_nsc(ARMCPU *cpu) qemu_log_mask(CPU_LOG_INT, "...really an SG instruction at 0x%08" PRIx32 ", executing it\n", env->regs[15]); env->regs[14] &= ~1; +env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_SFPA_MASK; switch_v7m_security_state(env, true); xpsr_write(env, 0, XPSR_IT); env->regs[15] += 4; -- 2.20.1
[Qemu-devel] [PULL 20/42] target/arm: Overlap VECSTRIDE and XSCALE_CPAR TB flags
We are close to running out of TB flags for AArch32; we could start using the cs_base word, but before we do that we can economise on our usage by sharing the same bits for the VFP VECSTRIDE field and the XScale XSCALE_CPAR field. This works because no XScale CPU ever had VFP. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-18-peter.mayd...@linaro.org --- target/arm/cpu.h | 10 ++ target/arm/cpu.c | 7 +++ target/arm/helper.c| 6 +- target/arm/translate.c | 9 +++-- 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 0ea448034b3..99ccb4824d4 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -3138,6 +3138,12 @@ FIELD(TBFLAG_ANY, BE_DATA, 23, 1) FIELD(TBFLAG_A32, THUMB, 0, 1) FIELD(TBFLAG_A32, VECLEN, 1, 3) FIELD(TBFLAG_A32, VECSTRIDE, 4, 2) +/* + * We store the bottom two bits of the CPAR as TB flags and handle + * checks on the other bits at runtime. This shares the same bits as + * VECSTRIDE, which is OK as no XScale CPU has VFP. + */ +FIELD(TBFLAG_A32, XSCALE_CPAR, 4, 2) /* * Indicates whether cp register reads and writes by guest code should access * the secure or nonsecure bank of banked registers; note that this is not @@ -3147,10 +3153,6 @@ FIELD(TBFLAG_A32, NS, 6, 1) FIELD(TBFLAG_A32, VFPEN, 7, 1) FIELD(TBFLAG_A32, CONDEXEC, 8, 8) FIELD(TBFLAG_A32, SCTLR_B, 16, 1) -/* We store the bottom two bits of the CPAR as TB flags and handle - * checks on the other bits at runtime - */ -FIELD(TBFLAG_A32, XSCALE_CPAR, 17, 2) /* For M profile only, Handler (ie not Thread) mode */ FIELD(TBFLAG_A32, HANDLER, 21, 1) /* For M profile only, whether we should generate stack-limit checks */ diff --git a/target/arm/cpu.c b/target/arm/cpu.c index be81e197ee9..7deccda2404 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1034,6 +1034,13 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp) set_feature(env, ARM_FEATURE_THUMB_DSP); } +/* + * We rely on no XScale CPU having VFP so we can use the same bits in the + * TB flags field for VECSTRIDE and XSCALE_CPAR. + */ +assert(!(arm_feature(env, ARM_FEATURE_VFP) && + arm_feature(env, ARM_FEATURE_XSCALE))); + if (arm_feature(env, ARM_FEATURE_V7) && !arm_feature(env, ARM_FEATURE_M) && !arm_feature(env, ARM_FEATURE_PMSA)) { diff --git a/target/arm/helper.c b/target/arm/helper.c index 14604f49a4c..9be5fe581df 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -13370,7 +13370,11 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc, || arm_el_is_aa64(env, 1) || arm_feature(env, ARM_FEATURE_M)) { flags = FIELD_DP32(flags, TBFLAG_A32, VFPEN, 1); } -flags = FIELD_DP32(flags, TBFLAG_A32, XSCALE_CPAR, env->cp15.c15_cpar); +/* Note that XSCALE_CPAR shares bits with VECSTRIDE */ +if (arm_feature(env, ARM_FEATURE_XSCALE)) { +flags = FIELD_DP32(flags, TBFLAG_A32, + XSCALE_CPAR, env->cp15.c15_cpar); +} } flags = FIELD_DP32(flags, TBFLAG_ANY, MMUIDX, arm_to_core_mmu_idx(mmu_idx)); diff --git a/target/arm/translate.c b/target/arm/translate.c index 0747f7847a9..ffaa4f1e095 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -13330,8 +13330,13 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL); dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN); dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN); -dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE); -dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR); +if (arm_feature(env, ARM_FEATURE_XSCALE)) { +dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR); +dc->vec_stride = 0; +} else { +dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE); +dc->c15_cpar = 0; +} dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_A32, HANDLER); dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) && regime_is_secure(env, dc->mmu_idx); -- 2.20.1
[Qemu-devel] [PULL 09/42] target/arm: Decode FP instructions for M profile
Correct the decode of the M-profile "coprocessor and floating-point instructions" space: * op0 == 0b11 is always unallocated * if the CPU has an FPU then all insns with op1 == 0b101 are floating point and go to disas_vfp_insn() For the moment we leave VLLDM and VLSTM as NOPs; in a later commit we will fill in the proper implementation for the case where an FPU is present. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-7-peter.mayd...@linaro.org --- target/arm/translate.c | 26 ++ 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/target/arm/translate.c b/target/arm/translate.c index 6a11921d0b8..0747f7847a9 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -11728,10 +11728,19 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) case 6: case 7: case 14: case 15: /* Coprocessor. */ if (arm_dc_feature(s, ARM_FEATURE_M)) { -/* We don't currently implement M profile FP support, - * so this entire space should give a NOCP fault, with - * the exception of the v8M VLLDM and VLSTM insns, which - * must be NOPs in Secure state and UNDEF in Nonsecure state. +/* 0b111x_11xx______ */ +if (extract32(insn, 24, 2) == 3) { +goto illegal_op; /* op0 = 0b11 : unallocated */ +} + +/* + * Decode VLLDM and VLSTM first: these are nonstandard because: + * * if there is no FPU then these insns must NOP in + *Secure state and UNDEF in Nonsecure state + * * if there is an FPU then these insns do not have + *the usual behaviour that disas_vfp_insn() provides of + *being controlled by CPACR/NSACR enable bits or the + *lazy-stacking logic. */ if (arm_dc_feature(s, ARM_FEATURE_V8) && (insn & 0xffa00f00) == 0xec200a00) { @@ -11745,6 +11754,15 @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn) /* Just NOP since FP support is not implemented */ break; } +if (arm_dc_feature(s, ARM_FEATURE_VFP) && +((insn >> 8) & 0xe) == 10) { +/* FP, and the CPU supports it */ +if (disas_vfp_insn(s, insn)) { +goto illegal_op; +} +break; +} + /* All other insns: NOCP */ gen_exception_insn(s, 4, EXCP_NOCP, syn_uncategorized(), default_exception_el(s)); -- 2.20.1
[Qemu-devel] [PULL 30/42] hw/dma: Compile the bcm2835_dma device as common object
From: Philippe Mathieu-Daudé This device is used by both ARM (BCM2836, for raspi2) and AArch64 (BCM2837, for raspi3) targets, and is not CPU-specific. Move it to common object, so we build it once for all targets. Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190427133028.12874-1-phi...@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/dma/Makefile.objs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/dma/Makefile.objs b/hw/dma/Makefile.objs index 79affecc390..8b39f9c6004 100644 --- a/hw/dma/Makefile.objs +++ b/hw/dma/Makefile.objs @@ -14,4 +14,4 @@ common-obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zdma.o obj-$(CONFIG_OMAP) += omap_dma.o soc_dma.o obj-$(CONFIG_PXA2XX) += pxa2xx_dma.o -obj-$(CONFIG_RASPI) += bcm2835_dma.o +common-obj-$(CONFIG_RASPI) += bcm2835_dma.o -- 2.20.1
[Qemu-devel] [PULL 22/42] target/arm: Activate M-profile floating point context when FPCCR.ASPEN is set
The M-profile FPCCR.ASPEN bit indicates that automatic floating-point context preservation is enabled. Before executing any floating-point instruction, if FPCCR.ASPEN is set and the CONTROL FPCA/SFPA bits indicate that there is no active floating point context then we must create a new context (by initializing FPSCR and setting FPCA/SFPA to indicate that the context is now active). In the pseudocode this is handled by ExecuteFPCheck(). Implement this with a new TB flag which tracks whether we need to create a new FP context. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-20-peter.mayd...@linaro.org --- target/arm/cpu.h | 2 ++ target/arm/translate.h | 1 + target/arm/helper.c| 13 + target/arm/translate.c | 29 + 4 files changed, 45 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index a2cf9aae3a1..d4996a4d204 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -3153,6 +3153,8 @@ FIELD(TBFLAG_A32, NS, 6, 1) FIELD(TBFLAG_A32, VFPEN, 7, 1) FIELD(TBFLAG_A32, CONDEXEC, 8, 8) FIELD(TBFLAG_A32, SCTLR_B, 16, 1) +/* For M profile only, set if we must create a new FP context */ +FIELD(TBFLAG_A32, NEW_FP_CTXT_NEEDED, 19, 1) /* For M profile only, set if FPCCR.S does not match current security state */ FIELD(TBFLAG_A32, FPCCR_S_WRONG, 20, 1) /* For M profile only, Handler (ie not Thread) mode */ diff --git a/target/arm/translate.h b/target/arm/translate.h index 93abff645ad..ed8ae2e7e3b 100644 --- a/target/arm/translate.h +++ b/target/arm/translate.h @@ -41,6 +41,7 @@ typedef struct DisasContext { bool v8m_secure; /* true if v8M and we're in Secure mode */ bool v8m_stackcheck; /* true if we need to perform v8M stack limit checks */ bool v8m_fpccr_s_wrong; /* true if v8M FPCCR.S != v8m_secure */ +bool v7m_new_fp_ctxt_needed; /* ASPEN set but no active FP context */ /* Immediate value in AArch32 SVC insn; must be set if is_jmp == DISAS_SWI * so that top level loop can generate correct syndrome information. */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 8290f56c658..84e3790a9de 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -13422,6 +13422,19 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc, flags = FIELD_DP32(flags, TBFLAG_A32, FPCCR_S_WRONG, 1); } +if (arm_feature(env, ARM_FEATURE_M) && +(env->v7m.fpccr[env->v7m.secure] & R_V7M_FPCCR_ASPEN_MASK) && +(!(env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK) || + (env->v7m.secure && + !(env->v7m.control[M_REG_S] & R_V7M_CONTROL_SFPA_MASK { +/* + * ASPEN is set, but FPCA/SFPA indicate that there is no active + * FP context; we must create a new FP context before executing + * any FP insn. + */ +flags = FIELD_DP32(flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED, 1); +} + *pflags = flags; *cs_base = 0; } diff --git a/target/arm/translate.c b/target/arm/translate.c index f0332ac19ec..edb66e7be8e 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -3438,6 +3438,33 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn) /* Don't need to do this for any further FP insns in this TB */ s->v8m_fpccr_s_wrong = false; } + +if (s->v7m_new_fp_ctxt_needed) { +/* + * Create new FP context by updating CONTROL.FPCA, CONTROL.SFPA + * and the FPSCR. + */ +TCGv_i32 control, fpscr; +uint32_t bits = R_V7M_CONTROL_FPCA_MASK; + +fpscr = load_cpu_field(v7m.fpdscr[s->v8m_secure]); +gen_helper_vfp_set_fpscr(cpu_env, fpscr); +tcg_temp_free_i32(fpscr); +/* + * We don't need to arrange to end the TB, because the only + * parts of FPSCR which we cache in the TB flags are the VECLEN + * and VECSTRIDE, and those don't exist for M-profile. + */ + +if (s->v8m_secure) { +bits |= R_V7M_CONTROL_SFPA_MASK; +} +control = load_cpu_field(v7m.control[M_REG_S]); +tcg_gen_ori_i32(control, control, bits); +store_cpu_field(control, v7m.control[M_REG_S]); +/* Don't need to do this for any further FP insns in this TB */ +s->v7m_new_fp_ctxt_needed = false; +} } if (extract32(insn, 28, 4) == 0xf) { @@ -13361,6 +13388,8 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) regime_is_secure(env, dc->mmu_idx); dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_A32, STACKCHECK); dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG); +dc->v7m_new_fp_ctxt_needed = +FIELD_EX32(tb_flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED); dc->cp_regs = cpu->cp_regs; dc->features = env->features; --
[Qemu-devel] [PULL 34/42] hw/devices: Move TC6393XB declarations into a new header
From: Philippe Mathieu-Daudé Reviewed-by: Markus Armbruster Signed-off-by: Philippe Mathieu-Daudé Message-id: 20190412165416.7977-5-phi...@redhat.com Signed-off-by: Peter Maydell --- include/hw/devices.h | 6 -- include/hw/display/tc6393xb.h | 24 hw/arm/tosa.c | 2 +- hw/display/tc6393xb.c | 2 +- MAINTAINERS | 1 + 5 files changed, 27 insertions(+), 8 deletions(-) create mode 100644 include/hw/display/tc6393xb.h diff --git a/include/hw/devices.h b/include/hw/devices.h index 0850f697451..1e2141caad1 100644 --- a/include/hw/devices.h +++ b/include/hw/devices.h @@ -50,10 +50,4 @@ void *tahvo_init(qemu_irq irq, int betty); void retu_key_event(void *retu, int state); -/* tc6393xb.c */ -typedef struct TC6393xbState TC6393xbState; -TC6393xbState *tc6393xb_init(struct MemoryRegion *sysmem, - uint32_t base, qemu_irq irq); -qemu_irq tc6393xb_l3v_get(TC6393xbState *s); - #endif diff --git a/include/hw/display/tc6393xb.h b/include/hw/display/tc6393xb.h new file mode 100644 index 000..5c4da91f80d --- /dev/null +++ b/include/hw/display/tc6393xb.h @@ -0,0 +1,24 @@ +/* + * Toshiba TC6393XB I/O Controller. + * Found in Sharp Zaurus SL-6000 (tosa) or some + * Toshiba e-Series PDAs. + * + * Copyright (c) 2007 Hervé Poussineau + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifndef HW_DISPLAY_TC6393XB_H +#define HW_DISPLAY_TC6393XB_H + +#include "exec/memory.h" +#include "hw/irq.h" + +typedef struct TC6393xbState TC6393xbState; + +TC6393xbState *tc6393xb_init(struct MemoryRegion *sysmem, + uint32_t base, qemu_irq irq); +qemu_irq tc6393xb_l3v_get(TC6393xbState *s); + +#endif diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c index eef9d427e76..9a1247797fe 100644 --- a/hw/arm/tosa.c +++ b/hw/arm/tosa.c @@ -16,10 +16,10 @@ #include "hw/hw.h" #include "hw/arm/pxa.h" #include "hw/arm/arm.h" -#include "hw/devices.h" #include "hw/arm/sharpsl.h" #include "hw/pcmcia.h" #include "hw/boards.h" +#include "hw/display/tc6393xb.h" #include "hw/i2c/i2c.h" #include "hw/ssi/ssi.h" #include "hw/sysbus.h" diff --git a/hw/display/tc6393xb.c b/hw/display/tc6393xb.c index 6d133d9a66c..0b7c59cde7d 100644 --- a/hw/display/tc6393xb.c +++ b/hw/display/tc6393xb.c @@ -14,7 +14,7 @@ #include "qapi/error.h" #include "qemu/host-utils.h" #include "hw/hw.h" -#include "hw/devices.h" +#include "hw/display/tc6393xb.h" #include "hw/block/flash.h" #include "ui/console.h" #include "ui/pixel_ops.h" diff --git a/MAINTAINERS b/MAINTAINERS index dabbfccf9c5..51eecd0ac19 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -714,6 +714,7 @@ F: hw/misc/mst_fpga.c F: hw/misc/max111x.c F: include/hw/arm/pxa.h F: include/hw/arm/sharpsl.h +F: include/hw/display/tc6393xb.h SABRELITE / i.MX6 M: Peter Maydell -- 2.20.1
[Qemu-devel] [PULL 07/42] target/arm: Disable most VFP sysregs for M-profile
The only "system register" that M-profile floating point exposes via the VMRS/VMRS instructions is FPSCR, and it does not have the odd special case for rd==15. Add a check to ensure we only expose FPSCR. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-5-peter.mayd...@linaro.org --- target/arm/translate.c | 19 +-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/target/arm/translate.c b/target/arm/translate.c index 4ea4018e2b8..a9784535069 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -3513,12 +3513,27 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn) } } } else { /* !dp */ +bool is_sysreg; + if ((insn & 0x6f) != 0x00) return 1; rn = VFP_SREG_N(insn); + +is_sysreg = extract32(insn, 21, 1); + +if (arm_dc_feature(s, ARM_FEATURE_M)) { +/* + * The only M-profile VFP vmrs/vmsr sysreg is FPSCR. + * Writes to R15 are UNPREDICTABLE; we choose to undef. + */ +if (is_sysreg && (rd == 15 || (rn >> 1) != ARM_VFP_FPSCR)) { +return 1; +} +} + if (insn & ARM_CP_RW_BIT) { /* vfp->arm */ -if (insn & (1 << 21)) { +if (is_sysreg) { /* system register */ rn >>= 1; @@ -3585,7 +3600,7 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn) } } else { /* arm->vfp */ -if (insn & (1 << 21)) { +if (is_sysreg) { rn >>= 1; /* system register */ switch (rn) { -- 2.20.1
[Qemu-devel] [PULL 21/42] target/arm: Set FPCCR.S when executing M-profile floating point insns
The M-profile FPCCR.S bit indicates the security status of the floating point context. In the pseudocode ExecuteFPCheck() function it is unconditionally set to match the current security state whenever a floating point instruction is executed. Implement this by adding a new TB flag which tracks whether FPCCR.S is different from the current security state, so that we only need to emit the code to update it in the less-common case when it is not already set correctly. Note that we will add the handling for the other work done by ExecuteFPCheck() in later commits. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-19-peter.mayd...@linaro.org --- target/arm/cpu.h | 2 ++ target/arm/translate.h | 1 + target/arm/helper.c| 5 + target/arm/translate.c | 20 4 files changed, 28 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 99ccb4824d4..a2cf9aae3a1 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -3153,6 +3153,8 @@ FIELD(TBFLAG_A32, NS, 6, 1) FIELD(TBFLAG_A32, VFPEN, 7, 1) FIELD(TBFLAG_A32, CONDEXEC, 8, 8) FIELD(TBFLAG_A32, SCTLR_B, 16, 1) +/* For M profile only, set if FPCCR.S does not match current security state */ +FIELD(TBFLAG_A32, FPCCR_S_WRONG, 20, 1) /* For M profile only, Handler (ie not Thread) mode */ FIELD(TBFLAG_A32, HANDLER, 21, 1) /* For M profile only, whether we should generate stack-limit checks */ diff --git a/target/arm/translate.h b/target/arm/translate.h index 984617786d6..93abff645ad 100644 --- a/target/arm/translate.h +++ b/target/arm/translate.h @@ -40,6 +40,7 @@ typedef struct DisasContext { bool v7m_handler_mode; bool v8m_secure; /* true if v8M and we're in Secure mode */ bool v8m_stackcheck; /* true if we need to perform v8M stack limit checks */ +bool v8m_fpccr_s_wrong; /* true if v8M FPCCR.S != v8m_secure */ /* Immediate value in AArch32 SVC insn; must be set if is_jmp == DISAS_SWI * so that top level loop can generate correct syndrome information. */ diff --git a/target/arm/helper.c b/target/arm/helper.c index 9be5fe581df..8290f56c658 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -13417,6 +13417,11 @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc, flags = FIELD_DP32(flags, TBFLAG_A32, STACKCHECK, 1); } +if (arm_feature(env, ARM_FEATURE_M_SECURITY) && +FIELD_EX32(env->v7m.fpccr[M_REG_S], V7M_FPCCR, S) != env->v7m.secure) { +flags = FIELD_DP32(flags, TBFLAG_A32, FPCCR_S_WRONG, 1); +} + *pflags = flags; *cs_base = 0; } diff --git a/target/arm/translate.c b/target/arm/translate.c index ffaa4f1e095..f0332ac19ec 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -3421,6 +3421,25 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn) } } +if (arm_dc_feature(s, ARM_FEATURE_M)) { +/* Handle M-profile lazy FP state mechanics */ + +/* Update ownership of FP context: set FPCCR.S to match current state */ +if (s->v8m_fpccr_s_wrong) { +TCGv_i32 tmp; + +tmp = load_cpu_field(v7m.fpccr[M_REG_S]); +if (s->v8m_secure) { +tcg_gen_ori_i32(tmp, tmp, R_V7M_FPCCR_S_MASK); +} else { +tcg_gen_andi_i32(tmp, tmp, ~R_V7M_FPCCR_S_MASK); +} +store_cpu_field(tmp, v7m.fpccr[M_REG_S]); +/* Don't need to do this for any further FP insns in this TB */ +s->v8m_fpccr_s_wrong = false; +} +} + if (extract32(insn, 28, 4) == 0xf) { /* * Encodings with T=1 (Thumb) or unconditional (ARM): @@ -13341,6 +13360,7 @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) && regime_is_secure(env, dc->mmu_idx); dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_A32, STACKCHECK); +dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG); dc->cp_regs = cpu->cp_regs; dc->features = env->features; -- 2.20.1
[Qemu-devel] [PULL 17/42] target/arm: Allow for floating point in callee stack integrity check
The magic value pushed onto the callee stack as an integrity check is different if floating point is present. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-15-peter.mayd...@linaro.org --- target/arm/helper.c | 22 +++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index da0b6202400..c7b1a8d231d 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -7979,6 +7979,21 @@ load_fail: return false; } +static uint32_t v7m_integrity_sig(CPUARMState *env, uint32_t lr) +{ +/* + * Return the integrity signature value for the callee-saves + * stack frame section. @lr is the exception return payload/LR value + * whose FType bit forms bit 0 of the signature if FP is present. + */ +uint32_t sig = 0xfefa125a; + +if (!arm_feature(env, ARM_FEATURE_VFP) || (lr & R_V7M_EXCRET_FTYPE_MASK)) { +sig |= 1; +} +return sig; +} + static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain, bool ignore_faults) { @@ -7993,6 +8008,7 @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain, bool stacked_ok; uint32_t limit; bool want_psp; +uint32_t sig; if (dotailchain) { bool mode = lr & R_V7M_EXCRET_MODE_MASK; @@ -8034,8 +8050,9 @@ static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain, /* Write as much of the stack frame as we can. A write failure may * cause us to pend a derived exception. */ +sig = v7m_integrity_sig(env, lr); stacked_ok = -v7m_stack_write(cpu, frameptr, 0xfefa125b, mmu_idx, ignore_faults) && +v7m_stack_write(cpu, frameptr, sig, mmu_idx, ignore_faults) && v7m_stack_write(cpu, frameptr + 0x8, env->regs[4], mmu_idx, ignore_faults) && v7m_stack_write(cpu, frameptr + 0xc, env->regs[5], mmu_idx, @@ -8640,12 +8657,11 @@ static void do_v7m_exception_exit(ARMCPU *cpu) if (return_to_secure && ((excret & R_V7M_EXCRET_ES_MASK) == 0 || (excret & R_V7M_EXCRET_DCRS_MASK) == 0)) { -uint32_t expected_sig = 0xfefa125b; uint32_t actual_sig; pop_ok = v7m_stack_read(cpu, _sig, frameptr, mmu_idx); -if (pop_ok && expected_sig != actual_sig) { +if (pop_ok && v7m_integrity_sig(env, excret) != actual_sig) { /* Take a SecureFault on the current stack */ env->v7m.sfsr |= R_V7M_SFSR_INVIS_MASK; armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); -- 2.20.1
Re: [Qemu-devel] [PATCH v1 4/5] hw/arm: Add the STM32F4xx SoC
On Mon, Apr 29, 2019 at 5:38 AM KONRAD Frederic wrote: > > Hi Alistair, > > Le 4/29/19 à 7:33 AM, Alistair Francis a écrit : > > Signed-off-by: Alistair Francis > > --- > > MAINTAINERS | 8 + > > default-configs/arm-softmmu.mak | 1 + > > hw/arm/Kconfig | 3 + > > hw/arm/Makefile.objs| 1 + > > hw/arm/stm32f405_soc.c | 292 > > include/hw/arm/stm32f405_soc.h | 70 > > 6 files changed, 375 insertions(+) > > create mode 100644 hw/arm/stm32f405_soc.c > > create mode 100644 include/hw/arm/stm32f405_soc.h > > > > diff --git a/MAINTAINERS b/MAINTAINERS > > index dabbfccf9c..c9772735cf 100644 > > --- a/MAINTAINERS > > +++ b/MAINTAINERS > > @@ -803,6 +803,14 @@ F: hw/adc/* > > F: hw/ssi/stm32f2xx_spi.c > > F: include/hw/*/stm32*.h > > > > +STM32F405 > > +M: Alistair Francis > > +M: Peter Maydell > > +S: Maintained > > +F: hw/arm/stm32f405_soc.c > > +F: hw/misc/stm32f4xx_syscfg.c > > +F: hw/misc/stm32f4xx_exti.c > > + > > Netduino 2 > > M: Alistair Francis > > M: Peter Maydell > > diff --git a/default-configs/arm-softmmu.mak > > b/default-configs/arm-softmmu.mak > > index 8eb57de211..e079f10624 100644 > > --- a/default-configs/arm-softmmu.mak > > +++ b/default-configs/arm-softmmu.mak > > @@ -98,6 +98,7 @@ CONFIG_STM32F2XX_SPI=y > > CONFIG_STM32F205_SOC=y > > CONFIG_STM32F4XX_SYSCFG=y > > CONFIG_STM32F4XX_EXTI=y > > +CONFIG_STM32F405_SOC=y > > Why not using 4xx instead of 405 in this patch as well? I'm not sure if all the SoC variants are generic like that. Looking at the datasheet https://www.st.com/content/ccc/resource/technical/document/datasheet/ef/92/76/6d/bb/c2/4f/f7/DM00037051.pdf/files/DM00037051.pdf/jcr:content/translations/en.DM00037051.pdf it only specified the 405 and 407 variants. This is mostly a way just to say that I have tested it as a 405, it might work with others but I don't know. I think it's harder to make the SoC generic without having tested the other optinos (or knowing they are all interchangable). Alistair > > > CONFIG_NRF51_SOC=y > > > > CONFIG_CMSDK_APB_TIMER=y > > diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig > > index d298fbdc89..3a98bce15a 100644 > > --- a/hw/arm/Kconfig > > +++ b/hw/arm/Kconfig > > @@ -62,6 +62,9 @@ config RASPI > > config STM32F205_SOC > > bool > > > > +config STM32F405_SOC > > +bool > > + > > config XLNX_ZYNQMP_ARM > > bool > > > > diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs > > index fa57c7c770..36c3ff54c3 100644 > > --- a/hw/arm/Makefile.objs > > +++ b/hw/arm/Makefile.objs > > @@ -26,6 +26,7 @@ obj-$(CONFIG_STRONGARM) += strongarm.o > > obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o > > obj-$(CONFIG_RASPI) += bcm2835_peripherals.o bcm2836.o raspi.o > > obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o > > +obj-$(CONFIG_STM32F405_SOC) += stm32f405_soc.o > > obj-$(CONFIG_XLNX_ZYNQMP_ARM) += xlnx-zynqmp.o xlnx-zcu102.o > > obj-$(CONFIG_XLNX_VERSAL) += xlnx-versal.o xlnx-versal-virt.o > > obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o > > diff --git a/hw/arm/stm32f405_soc.c b/hw/arm/stm32f405_soc.c > > new file mode 100644 > > index 00..83adec51a2 > > --- /dev/null > > +++ b/hw/arm/stm32f405_soc.c > > @@ -0,0 +1,292 @@ > > +/* > > + * STM32F405 SoC > > + * > > + * Copyright (c) 2014 Alistair Francis > > + * > > + * Permission is hereby granted, free of charge, to any person obtaining a > > copy > > + * of this software and associated documentation files (the "Software"), > > to deal > > + * in the Software without restriction, including without limitation the > > rights > > + * to use, copy, modify, merge, publish, distribute, sublicense, and/or > > sell > > + * copies of the Software, and to permit persons to whom the Software is > > + * furnished to do so, subject to the following conditions: > > + * > > + * The above copyright notice and this permission notice shall be included > > in > > + * all copies or substantial portions of the Software. > > + * > > + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS > > OR > > + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, > > + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL > > + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR > > OTHER > > + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING > > FROM, > > + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS > > IN > > + * THE SOFTWARE. > > + */ > > + > > +#include "qemu/osdep.h" > > +#include "qapi/error.h" > > +#include "qemu-common.h" > > +#include "hw/arm/arm.h" > > +#include "exec/address-spaces.h" > > +#include "hw/arm/stm32f405_soc.h" > > +#include "hw/misc/unimp.h" > > + > > +#define SYSCFG_ADD 0x40013800 > > +static const uint32_t usart_addr[] = { 0x40011000, 0x40004400,
[Qemu-devel] [PULL 13/42] target/arm: Handle floating point registers in exception entry
Handle floating point registers in exception entry. This corresponds to the FP-specific parts of the pseudocode functions ActivateException() and PushStack(). We defer the code corresponding to UpdateFPCCR() to a later patch. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-11-peter.mayd...@linaro.org --- target/arm/helper.c | 98 +++-- 1 file changed, 95 insertions(+), 3 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 142d301b651..6e55da5c482 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8167,6 +8167,9 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain, switch_v7m_security_state(env, targets_secure); write_v7m_control_spsel(env, 0); arm_clear_exclusive(env); +/* Clear SFPA and FPCA (has no effect if no FPU) */ +env->v7m.control[M_REG_S] &= +~(R_V7M_CONTROL_FPCA_MASK | R_V7M_CONTROL_SFPA_MASK); /* Clear IT bits */ env->condexec_bits = 0; env->regs[14] = lr; @@ -8187,6 +8190,20 @@ static bool v7m_push_stack(ARMCPU *cpu) uint32_t xpsr = xpsr_read(env); uint32_t frameptr = env->regs[13]; ARMMMUIdx mmu_idx = arm_mmu_idx(env); +uint32_t framesize; +bool nsacr_cp10 = extract32(env->v7m.nsacr, 10, 1); + +if ((env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK) && +(env->v7m.secure || nsacr_cp10)) { +if (env->v7m.secure && +env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK) { +framesize = 0xa8; +} else { +framesize = 0x68; +} +} else { +framesize = 0x20; +} /* Align stack pointer if the guest wants that */ if ((frameptr & 4) && @@ -8195,7 +8212,13 @@ static bool v7m_push_stack(ARMCPU *cpu) xpsr |= XPSR_SPREALIGN; } -frameptr -= 0x20; +xpsr &= ~XPSR_SFPA; +if (env->v7m.secure && +(env->v7m.control[M_REG_S] & R_V7M_CONTROL_SFPA_MASK)) { +xpsr |= XPSR_SFPA; +} + +frameptr -= framesize; if (arm_feature(env, ARM_FEATURE_V8)) { uint32_t limit = v7m_sp_limit(env); @@ -8239,6 +8262,73 @@ static bool v7m_push_stack(ARMCPU *cpu) v7m_stack_write(cpu, frameptr + 24, env->regs[15], mmu_idx, false) && v7m_stack_write(cpu, frameptr + 28, xpsr, mmu_idx, false); +if (env->v7m.control[M_REG_S] & R_V7M_CONTROL_FPCA_MASK) { +/* FPU is active, try to save its registers */ +bool fpccr_s = env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_S_MASK; +bool lspact = env->v7m.fpccr[fpccr_s] & R_V7M_FPCCR_LSPACT_MASK; + +if (lspact && arm_feature(env, ARM_FEATURE_M_SECURITY)) { +qemu_log_mask(CPU_LOG_INT, + "...SecureFault because LSPACT and FPCA both set\n"); +env->v7m.sfsr |= R_V7M_SFSR_LSERR_MASK; +armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false); +} else if (!env->v7m.secure && !nsacr_cp10) { +qemu_log_mask(CPU_LOG_INT, + "...Secure UsageFault with CFSR.NOCP because " + "NSACR.CP10 prevents stacking FP regs\n"); +armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, M_REG_S); +env->v7m.cfsr[M_REG_S] |= R_V7M_CFSR_NOCP_MASK; +} else { +if (!(env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_LSPEN_MASK)) { +/* Lazy stacking disabled, save registers now */ +int i; +bool cpacr_pass = v7m_cpacr_pass(env, env->v7m.secure, + arm_current_el(env) != 0); + +if (stacked_ok && !cpacr_pass) { +/* + * Take UsageFault if CPACR forbids access. The pseudocode + * here does a full CheckCPEnabled() but we know the NSACR + * check can never fail as we have already handled that. + */ +qemu_log_mask(CPU_LOG_INT, + "...UsageFault with CFSR.NOCP because " + "CPACR.CP10 prevents stacking FP regs\n"); +armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, +env->v7m.secure); +env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_NOCP_MASK; +stacked_ok = false; +} + +for (i = 0; i < ((framesize == 0xa8) ? 32 : 16); i += 2) { +uint64_t dn = *aa32_vfp_dreg(env, i / 2); +uint32_t faddr = frameptr + 0x20 + 4 * i; +uint32_t slo = extract64(dn, 0, 32); +uint32_t shi = extract64(dn, 32, 32); + +if (i >= 16) { +faddr += 8; /* skip the slot for the FPSCR */ +} +stacked_ok = stacked_ok && +
[Qemu-devel] [PULL 06/42] target/arm: Implement dummy versions of M-profile FP-related registers
The M-profile floating point support has three associated config registers: FPCAR, FPCCR and FPDSCR. It also makes the registers CPACR and NSACR have behaviour other than reads-as-zero. Add support for all of these as simple reads-as-written registers. We will hook up actual functionality later. The main complexity here is handling the FPCCR register, which has a mix of banked and unbanked bits. Note that we don't share storage with the A-profile cpu->cp15.nsacr and cpu->cp15.cpacr_el1, though the behaviour is quite similar, for two reasons: * the M profile CPACR is banked between security states * it preserves the invariant that M profile uses no state inside the cp15 substruct Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-4-peter.mayd...@linaro.org --- target/arm/cpu.h | 34 hw/intc/armv7m_nvic.c | 125 ++ target/arm/cpu.c | 5 ++ target/arm/machine.c | 16 ++ 4 files changed, 180 insertions(+) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index f7f2f5a99c8..67e4e95d440 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -533,6 +533,11 @@ typedef struct CPUARMState { uint32_t scr[M_REG_NUM_BANKS]; uint32_t msplim[M_REG_NUM_BANKS]; uint32_t psplim[M_REG_NUM_BANKS]; +uint32_t fpcar[M_REG_NUM_BANKS]; +uint32_t fpccr[M_REG_NUM_BANKS]; +uint32_t fpdscr[M_REG_NUM_BANKS]; +uint32_t cpacr[M_REG_NUM_BANKS]; +uint32_t nsacr; } v7m; /* Information associated with an exception about to be taken: @@ -1576,6 +1581,35 @@ FIELD(V7M_CSSELR, LEVEL, 1, 3) */ FIELD(V7M_CSSELR, INDEX, 0, 4) +/* v7M FPCCR bits */ +FIELD(V7M_FPCCR, LSPACT, 0, 1) +FIELD(V7M_FPCCR, USER, 1, 1) +FIELD(V7M_FPCCR, S, 2, 1) +FIELD(V7M_FPCCR, THREAD, 3, 1) +FIELD(V7M_FPCCR, HFRDY, 4, 1) +FIELD(V7M_FPCCR, MMRDY, 5, 1) +FIELD(V7M_FPCCR, BFRDY, 6, 1) +FIELD(V7M_FPCCR, SFRDY, 7, 1) +FIELD(V7M_FPCCR, MONRDY, 8, 1) +FIELD(V7M_FPCCR, SPLIMVIOL, 9, 1) +FIELD(V7M_FPCCR, UFRDY, 10, 1) +FIELD(V7M_FPCCR, RES0, 11, 15) +FIELD(V7M_FPCCR, TS, 26, 1) +FIELD(V7M_FPCCR, CLRONRETS, 27, 1) +FIELD(V7M_FPCCR, CLRONRET, 28, 1) +FIELD(V7M_FPCCR, LSPENS, 29, 1) +FIELD(V7M_FPCCR, LSPEN, 30, 1) +FIELD(V7M_FPCCR, ASPEN, 31, 1) +/* These bits are banked. Others are non-banked and live in the M_REG_S bank */ +#define R_V7M_FPCCR_BANKED_MASK \ +(R_V7M_FPCCR_LSPACT_MASK | \ + R_V7M_FPCCR_USER_MASK |\ + R_V7M_FPCCR_THREAD_MASK | \ + R_V7M_FPCCR_MMRDY_MASK | \ + R_V7M_FPCCR_SPLIMVIOL_MASK | \ + R_V7M_FPCCR_UFRDY_MASK | \ + R_V7M_FPCCR_ASPEN_MASK) + /* * System register ID fields. */ diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 45d72f86bdf..5eb438f5409 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -1077,6 +1077,16 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) } case 0xd84: /* CSSELR */ return cpu->env.v7m.csselr[attrs.secure]; +case 0xd88: /* CPACR */ +if (!arm_feature(>env, ARM_FEATURE_VFP)) { +return 0; +} +return cpu->env.v7m.cpacr[attrs.secure]; +case 0xd8c: /* NSACR */ +if (!attrs.secure || !arm_feature(>env, ARM_FEATURE_VFP)) { +return 0; +} +return cpu->env.v7m.nsacr; /* TODO: Implement debug registers. */ case 0xd90: /* MPU_TYPE */ /* Unified MPU; if the MPU is not present this value is zero */ @@ -1222,6 +1232,43 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) return 0; } return cpu->env.v7m.sfar; +case 0xf34: /* FPCCR */ +if (!arm_feature(>env, ARM_FEATURE_VFP)) { +return 0; +} +if (attrs.secure) { +return cpu->env.v7m.fpccr[M_REG_S]; +} else { +/* + * NS can read LSPEN, CLRONRET and MONRDY. It can read + * BFRDY and HFRDY if AIRCR.BFHFNMINS != 0; + * other non-banked bits RAZ. + * TODO: MONRDY should RAZ/WI if DEMCR.SDME is set. + */ +uint32_t value = cpu->env.v7m.fpccr[M_REG_S]; +uint32_t mask = R_V7M_FPCCR_LSPEN_MASK | +R_V7M_FPCCR_CLRONRET_MASK | +R_V7M_FPCCR_MONRDY_MASK; + +if (s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) { +mask |= R_V7M_FPCCR_BFRDY_MASK | R_V7M_FPCCR_HFRDY_MASK; +} + +value &= mask; + +value |= cpu->env.v7m.fpccr[M_REG_NS]; +return value; +} +case 0xf38: /* FPCAR */ +if (!arm_feature(>env, ARM_FEATURE_VFP)) { +return 0; +} +return cpu->env.v7m.fpcar[attrs.secure]; +case 0xf3c: /* FPDSCR */ +if
[Qemu-devel] [PULL 00/42] target-arm queue
First pullreq for arm of the 4.1 series, since I'm back from holiday now. This is mostly my M-profile FPU series and Philippe's devices.h cleanup. I have a pile of other patchsets to work through in my to-review folder, but 42 patches is definitely quite big enough to send now... thanks -- PMM The following changes since commit 413a99a92c13ec408dcf2adaa87918dc81e890c8: Add Nios II semihosting support. (2019-04-29 16:09:51 +0100) are available in the Git repository at: https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190429 for you to fetch changes up to 437cc27ddfded3bbab6afd5ac1761e0e195edba7: hw/devices: Move SMSC 91C111 declaration into a new header (2019-04-29 17:57:21 +0100) target-arm queue: * remove "bag of random stuff" hw/devices.h header * implement FPU for Cortex-M and enable it for Cortex-M4 and -M33 * hw/dma: Compile the bcm2835_dma device as common object * configure: Remove --source-path option * hw/ssi/xilinx_spips: Avoid variable length array * hw/arm/smmuv3: Remove SMMUNotifierNode Eric Auger (1): hw/arm/smmuv3: Remove SMMUNotifierNode Peter Maydell (28): hw/ssi/xilinx_spips: Avoid variable length array configure: Remove --source-path option target/arm: Make sure M-profile FPSCR RES0 bits are not settable hw/intc/armv7m_nvic: Allow reading of M-profile MVFR* registers target/arm: Implement dummy versions of M-profile FP-related registers target/arm: Disable most VFP sysregs for M-profile target/arm: Honour M-profile FP enable bits target/arm: Decode FP instructions for M profile target/arm: Clear CONTROL_S.SFPA in SG insn if FPU present target/arm: Handle SFPA and FPCA bits in reads and writes of CONTROL target/arm/helper: don't return early for STKOF faults during stacking target/arm: Handle floating point registers in exception entry target/arm: Implement v7m_update_fpccr() target/arm: Clear CONTROL.SFPA in BXNS and BLXNS target/arm: Clean excReturn bits when tail chaining target/arm: Allow for floating point in callee stack integrity check target/arm: Handle floating point registers in exception return target/arm: Move NS TBFLAG from bit 19 to bit 6 target/arm: Overlap VECSTRIDE and XSCALE_CPAR TB flags target/arm: Set FPCCR.S when executing M-profile floating point insns target/arm: Activate M-profile floating point context when FPCCR.ASPEN is set target/arm: New helper function arm_v7m_mmu_idx_all() target/arm: New function armv7m_nvic_set_pending_lazyfp() target/arm: Add lazy-FP-stacking support to v7m_stack_write() target/arm: Implement M-profile lazy FP state preservation target/arm: Implement VLSTM for v7M CPUs with an FPU target/arm: Implement VLLDM for v7M CPUs with an FPU target/arm: Enable FPU for Cortex-M4 and Cortex-M33 Philippe Mathieu-Daudé (13): hw/dma: Compile the bcm2835_dma device as common object hw/arm/aspeed: Use TYPE_TMP105/TYPE_PCA9552 instead of hardcoded string hw/arm/nseries: Use TYPE_TMP105 instead of hardcoded string hw/display/tc6393xb: Remove unused functions hw/devices: Move TC6393XB declarations into a new header hw/devices: Move Blizzard declarations into a new header hw/devices: Move CBus declarations into a new header hw/devices: Move Gamepad declarations into a new header hw/devices: Move TI touchscreen declarations into a new header hw/devices: Move LAN9118 declarations into a new header hw/net/ne2000-isa: Add guards to the header hw/net/lan9118: Export TYPE_LAN9118 and use it instead of hardcoded string hw/devices: Move SMSC 91C111 declaration into a new header configure | 10 +- hw/dma/Makefile.objs | 2 +- include/hw/arm/omap.h | 6 +- include/hw/arm/smmu-common.h | 8 +- include/hw/devices.h | 62 --- include/hw/display/blizzard.h | 22 ++ include/hw/display/tc6393xb.h | 24 ++ include/hw/input/gamepad.h| 19 + include/hw/input/tsc2xxx.h| 36 ++ include/hw/misc/cbus.h| 32 ++ include/hw/net/lan9118.h | 21 + include/hw/net/ne2000-isa.h | 6 + include/hw/net/smc91c111.h| 19 + include/qemu/typedefs.h | 1 - target/arm/cpu.h | 95 - target/arm/helper.h | 5 + target/arm/translate.h| 3 + hw/arm/aspeed.c | 13 +- hw/arm/exynos4_boards.c | 3 +- hw/arm/gumstix.c | 2 +- hw/arm/integratorcp.c | 2 +- hw/arm/kzm.c | 2 +- hw/arm/mainstone.c| 2 +- hw/arm/mps2-tz.c | 3 +- hw/arm/mps2.c | 2 +- hw/arm/nseries.c | 7 +- hw/arm/palm.c |
[Qemu-devel] [PULL 15/42] target/arm: Clear CONTROL.SFPA in BXNS and BLXNS
For v8M floating point support, transitions from Secure to Non-secure state via BLNS and BLXNS must clear the CONTROL.SFPA bit. (This corresponds to the pseudocode BranchToNS() function.) Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190416125744.27770-13-peter.mayd...@linaro.org --- target/arm/helper.c | 4 1 file changed, 4 insertions(+) diff --git a/target/arm/helper.c b/target/arm/helper.c index 547898581a2..088852ceb96 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -7819,6 +7819,9 @@ void HELPER(v7m_bxns)(CPUARMState *env, uint32_t dest) /* translate.c should have made BXNS UNDEF unless we're secure */ assert(env->v7m.secure); +if (!(dest & 1)) { +env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_SFPA_MASK; +} switch_v7m_security_state(env, dest & 1); env->thumb = 1; env->regs[15] = dest & ~1; @@ -7876,6 +7879,7 @@ void HELPER(v7m_blxns)(CPUARMState *env, uint32_t dest) */ write_v7m_exception(env, 1); } +env->v7m.control[M_REG_S] &= ~R_V7M_CONTROL_SFPA_MASK; switch_v7m_security_state(env, 0); env->thumb = 1; env->regs[15] = dest; -- 2.20.1