ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

target-arm queue: 

* fix broken properties on MPS2 SCC device
  * fix MPU trace handling of write vs exec
  * fix MPU M profile bugs:
    - not handling system space or PPB region correctly
    - not resetting state
    - not migrating MPU_RNR
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJZfyDUAAoJEDwlJe0UNgzel1UP/iOfjpKXm1KWI6FvcF2uw8Jp
 VVFLt2SP+SOYG4GrMfapndLj22RvhOAQWSao98uOplMOjIC2nxD+Wx9a9N9FrSV1
 wsZL842rWRfmNT5PUOo/6g4pEZm0d+JbwZNLdq1+LsRhdOX11KHS8dUFHcZKybhP
 Ebh1UsFplTXHQgcKDxeGc6RRoGEI6EwpW+ms5IPvdDcBVct7ibgZNicZW0vSdISM
 /xI7nvMLZD4OJGi9CUPdAQV7+v+xg/zqk2YOrjbvQzxCzx1uzvjsrIlEjMWmwdMO
 LEMYPNYdB+OjoIUHTy2Rb1tw19x7jB2VUO4NRZkfrEqtwoQHV4dI/53ASwLaS5Zg
 1n3QQ1iv9Fewzs8htnSlC2KQQ5vxiimyzlkvQd5DDLDOpY9gAA7jWc+zQrJHcD5G
 cpIytYWt2mxqZrJstWirmKPYcblwTKCzAqyKdIXH+IPSmIlTLhkqWHKWSZKDqD6Q
 IQxH+Cq7PVciWQ4Gu76VCJGlx/quDmDKGMr2BZmXs2BFvCE5p127KcRkEWPLrEyI
 I4lB0rq93k5h36VOnjtgs8dH4j1sUsPNJcBIBh/5lqe2gCm0aZ315C8ZdbB2KTHu
 h58M7AfkSHpC29QR0Rjk3SNXCeSrPJudCKQH0YBPdzGlsp5+2PpAQrGj53oC6cla
 33qRTSmfIua/fwdCGVoq
 =VErx
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20170731' into staging

target-arm queue:
 * fix broken properties on MPS2 SCC device
 * fix MPU trace handling of write vs exec
 * fix MPU M profile bugs:
   - not handling system space or PPB region correctly
   - not resetting state
   - not migrating MPU_RNR

# gpg: Signature made Mon 31 Jul 2017 13:21:40 BST
# gpg:                using RSA key 0x3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20170731:
  hw/mps2_scc: fix incorrect properties
  target/arm: Migrate MPU_RNR register state for M profile cores
  target/arm: Move PMSAv7 reset into arm_cpu_reset() so M profile MPUs get reset
  target/arm: Rename cp15.c6_rgnr to pmsav7.rnr
  target/arm: Don't allow guest to make System space executable for M profile
  target/arm: Don't do MPU lookups for addresses in M profile PPB region
  target/arm: Correct MPU trace handling of write vs execute

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2017-07-31 14:45:42 +01:00
parent bdf211f884 89cbc3778a
commit 5619c17905
6 changed files with 101 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
hw/intc/armv7m_nvic.c
View File

@ -536,13 +536,13 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset)
case 0xd94: /* MPU_CTRL */
return cpu->env.v7m.mpu_ctrl;
case 0xd98: /* MPU_RNR */
return cpu->env.cp15.c6_rgnr;
return cpu->env.pmsav7.rnr;
case 0xd9c: /* MPU_RBAR */
case 0xda4: /* MPU_RBAR_A1 */
case 0xdac: /* MPU_RBAR_A2 */
case 0xdb4: /* MPU_RBAR_A3 */
{
int region = cpu->env.cp15.c6_rgnr;
int region = cpu->env.pmsav7.rnr;
if (region >= cpu->pmsav7_dregion) {
return 0;
@ -554,7 +554,7 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset)
case 0xdb0: /* MPU_RASR_A2 */
case 0xdb8: /* MPU_RASR_A3 */
{
int region = cpu->env.cp15.c6_rgnr;
int region = cpu->env.pmsav7.rnr;
if (region >= cpu->pmsav7_dregion) {
return 0;
@ -681,7 +681,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value)
PRIu32 "/%" PRIu32 "\n",
value, cpu->pmsav7_dregion);
} else {
cpu->env.cp15.c6_rgnr = value;
cpu->env.pmsav7.rnr = value;
}
break;
case 0xd9c: /* MPU_RBAR */
@ -702,9 +702,9 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value)
region, cpu->pmsav7_dregion);
return;
}
cpu->env.cp15.c6_rgnr = region;
cpu->env.pmsav7.rnr = region;
} else {
region = cpu->env.cp15.c6_rgnr;
region = cpu->env.pmsav7.rnr;
}
if (region >= cpu->pmsav7_dregion) {
@ -720,7 +720,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value)
case 0xdb0: /* MPU_RASR_A2 */
case 0xdb8: /* MPU_RASR_A3 */
{
int region = cpu->env.cp15.c6_rgnr;
int region = cpu->env.pmsav7.rnr;
if (region >= cpu->pmsav7_dregion) {
return;

4
hw/misc/mps2-scc.c
View File

@ -270,9 +270,9 @@ static Property mps2_scc_properties[] = {
/* Values for various read-only ID registers (which are specific
* to the board model or FPGA image)
*/
DEFINE_PROP_UINT32("scc-cfg4", MPS2SCC, aid, 0),
DEFINE_PROP_UINT32("scc-cfg4", MPS2SCC, cfg4, 0),
DEFINE_PROP_UINT32("scc-aid", MPS2SCC, aid, 0),
DEFINE_PROP_UINT32("scc-id", MPS2SCC, aid, 0),
DEFINE_PROP_UINT32("scc-id", MPS2SCC, id, 0),
/* These are the initial settings for the source clocks on the board.
* In hardware they can be configured via a config file read by the
* motherboard configuration controller to suit the FPGA image.

14
target/arm/cpu.c
View File

@ -232,6 +232,20 @@ static void arm_cpu_reset(CPUState *s)
env->vfp.xregs[ARM_VFP_FPEXC] = 0;
#endif
if (arm_feature(env, ARM_FEATURE_PMSA) &&
arm_feature(env, ARM_FEATURE_V7)) {
if (cpu->pmsav7_dregion > 0) {
memset(env->pmsav7.drbar, 0,
sizeof(*env->pmsav7.drbar) * cpu->pmsav7_dregion);
memset(env->pmsav7.drsr, 0,
sizeof(*env->pmsav7.drsr) * cpu->pmsav7_dregion);
memset(env->pmsav7.dracr, 0,
sizeof(*env->pmsav7.dracr) * cpu->pmsav7_dregion);
}
env->pmsav7.rnr = 0;
}
set_flush_to_zero(1, &env->vfp.standard_fp_status);
set_flush_inputs_to_zero(1, &env->vfp.standard_fp_status);
set_default_nan_mode(1, &env->vfp.standard_fp_status);

3
target/arm/cpu.h
View File

@ -305,8 +305,6 @@ typedef struct CPUARMState {
uint64_t par_el[4];
};
uint32_t c6_rgnr;
uint32_t c9_insn; /* Cache lockdown registers. */
uint32_t c9_data;
uint64_t c9_pmcr; /* performance monitor control register */
@ -519,6 +517,7 @@ typedef struct CPUARMState {
uint32_t *drbar;
uint32_t *drsr;
uint32_t *dracr;
uint32_t rnr;
} pmsav7;
void *nvic;

71
target/arm/helper.c
View File

@ -2385,7 +2385,7 @@ static uint64_t pmsav7_read(CPUARMState *env, const ARMCPRegInfo *ri)
return 0;
}
u32p += env->cp15.c6_rgnr;
u32p += env->pmsav7.rnr;
return *u32p;
}
@ -2399,23 +2399,11 @@ static void pmsav7_write(CPUARMState *env, const ARMCPRegInfo *ri,
return;
}
u32p += env->cp15.c6_rgnr;
u32p += env->pmsav7.rnr;
tlb_flush(CPU(cpu)); /* Mappings may have changed - purge! */
*u32p = value;
}
static void pmsav7_reset(CPUARMState *env, const ARMCPRegInfo *ri)
{
ARMCPU *cpu = arm_env_get_cpu(env);
uint32_t *u32p = *(uint32_t **)raw_ptr(env, ri);
if (!u32p) {
return;
}
memset(u32p, 0, sizeof(*u32p) * cpu->pmsav7_dregion);
}
static void pmsav7_rgnr_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
@ -2433,22 +2421,30 @@ static void pmsav7_rgnr_write(CPUARMState *env, const ARMCPRegInfo *ri,
}
static const ARMCPRegInfo pmsav7_cp_reginfo[] = {
/* Reset for all these registers is handled in arm_cpu_reset(),
* because the PMSAv7 is also used by M-profile CPUs, which do
* not register cpregs but still need the state to be reset.
*/
{ .name = "DRBAR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 1, .opc2 = 0,
.access = PL1_RW, .type = ARM_CP_NO_RAW,
.fieldoffset = offsetof(CPUARMState, pmsav7.drbar),
.readfn = pmsav7_read, .writefn = pmsav7_write, .resetfn = pmsav7_reset },
.readfn = pmsav7_read, .writefn = pmsav7_write,
.resetfn = arm_cp_reset_ignore },
{ .name = "DRSR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 1, .opc2 = 2,
.access = PL1_RW, .type = ARM_CP_NO_RAW,
.fieldoffset = offsetof(CPUARMState, pmsav7.drsr),
.readfn = pmsav7_read, .writefn = pmsav7_write, .resetfn = pmsav7_reset },
.readfn = pmsav7_read, .writefn = pmsav7_write,
.resetfn = arm_cp_reset_ignore },
{ .name = "DRACR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 1, .opc2 = 4,
.access = PL1_RW, .type = ARM_CP_NO_RAW,
.fieldoffset = offsetof(CPUARMState, pmsav7.dracr),
.readfn = pmsav7_read, .writefn = pmsav7_write, .resetfn = pmsav7_reset },
.readfn = pmsav7_read, .writefn = pmsav7_write,
.resetfn = arm_cp_reset_ignore },
{ .name = "RGNR", .cp = 15, .crn = 6, .opc1 = 0, .crm = 2, .opc2 = 0,
.access = PL1_RW,
.fieldoffset = offsetof(CPUARMState, cp15.c6_rgnr),
.writefn = pmsav7_rgnr_write },
.fieldoffset = offsetof(CPUARMState, pmsav7.rnr),
.writefn = pmsav7_rgnr_write,
.resetfn = arm_cp_reset_ignore },
REGINFO_SENTINEL
};
@ -8244,6 +8240,21 @@ static bool pmsav7_use_background_region(ARMCPU *cpu,
}
}
static inline bool m_is_ppb_region(CPUARMState *env, uint32_t address)
{
/* True if address is in the M profile PPB region 0xe0000000 - 0xe00fffff */
return arm_feature(env, ARM_FEATURE_M) &&
extract32(address, 20, 12) == 0xe00;
}
static inline bool m_is_system_region(CPUARMState *env, uint32_t address)
{
/* True if address is in the M profile system region
* 0xe0000000 - 0xffffffff
*/
return arm_feature(env, ARM_FEATURE_M) && extract32(address, 29, 3) == 0x7;
}
static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
int access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, int *prot, uint32_t *fsr)
@ -8255,7 +8266,15 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
*phys_ptr = address;
*prot = 0;
if (regime_translation_disabled(env, mmu_idx)) { /* MPU disabled */
if (regime_translation_disabled(env, mmu_idx) ||
m_is_ppb_region(env, address)) {
/* MPU disabled or M profile PPB access: use default memory map.
* The other case which uses the default memory map in the
* v7M ARM ARM pseudocode is exception vector reads from the vector
* table. In QEMU those accesses are done in arm_v7m_load_vector(),
* which always does a direct read using address_space_ldl(), rather
* than going via this function, so we don't need to check that here.
*/
get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
} else { /* MPU enabled */
for (n = (int)cpu->pmsav7_dregion - 1; n >= 0; n--) {
@ -8339,6 +8358,12 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
} else { /* a MPU hit! */
uint32_t ap = extract32(env->pmsav7.dracr[n], 8, 3);
uint32_t xn = extract32(env->pmsav7.dracr[n], 12, 1);
if (m_is_system_region(env, address)) {
/* System space is always execute never */
xn = 1;
}
if (is_user) { /* User mode AP bit decoding */
switch (ap) {
@ -8379,7 +8404,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
}
/* execute never */
if (env->pmsav7.dracr[n] & (1 << 12)) {
if (xn) {
*prot &= ~PAGE_EXEC;
}
}
@ -8558,8 +8583,8 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
phys_ptr, prot, fsr);
qemu_log_mask(CPU_LOG_MMU, "PMSAv7 MPU lookup for %s at 0x%08" PRIx32
" mmu_idx %u -> %s (prot %c%c%c)\n",
access_type == 1 ? "reading" :
(access_type == 2 ? "writing" : "execute"),
access_type == MMU_DATA_LOAD ? "reading" :
(access_type == MMU_DATA_STORE ? "writing" : "execute"),
(uint32_t)address, mmu_idx,
ret ? "Miss" : "Hit",
*prot & PAGE_READ ? 'r' : '-',

30
target/arm/machine.c
View File

@ -151,7 +151,7 @@ static bool pmsav7_rgnr_vmstate_validate(void *opaque, int version_id)
{
ARMCPU *cpu = opaque;
return cpu->env.cp15.c6_rgnr < cpu->pmsav7_dregion;
return cpu->env.pmsav7.rnr < cpu->pmsav7_dregion;
}
static const VMStateDescription vmstate_pmsav7 = {
@ -171,6 +171,29 @@ static const VMStateDescription vmstate_pmsav7 = {
}
};
static bool pmsav7_rnr_needed(void *opaque)
{
ARMCPU *cpu = opaque;
CPUARMState *env = &cpu->env;
/* For R profile cores pmsav7.rnr is migrated via the cpreg
* "RGNR" definition in helper.h. For M profile we have to
* migrate it separately.
*/
return arm_feature(env, ARM_FEATURE_M);
}
static const VMStateDescription vmstate_pmsav7_rnr = {
.name = "cpu/pmsav7-rnr",
.version_id = 1,
.minimum_version_id = 1,
.needed = pmsav7_rnr_needed,
.fields = (VMStateField[]) {
VMSTATE_UINT32(env.pmsav7.rnr, ARMCPU),
VMSTATE_END_OF_LIST()
}
};
static int get_cpsr(QEMUFile *f, void *opaque, size_t size,
VMStateField *field)
{
@ -377,6 +400,11 @@ const VMStateDescription vmstate_arm_cpu = {
&vmstate_iwmmxt,
&vmstate_m,
&vmstate_thumb2ee,
/* pmsav7_rnr must come before pmsav7 so that we have the
* region number before we test it in the VMSTATE_VALIDATE
* in vmstate_pmsav7.
*/
&vmstate_pmsav7_rnr,
&vmstate_pmsav7,
NULL
}