From c8d8ef00a121ee7326c87a76cc9f49716ed68917 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 7 May 2019 12:55:01 +0100 Subject: [PATCH 01/15] pc: Rearrange pc_system_firmware_init()'s legacy -drive loop MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The loop does two things: map legacy -drive to properties, and collect all the backends for use after the loop. The next patch will factor out the former for reuse in hw/arm/virt.c. To make that easier, rearrange the loop so it does the first thing first, and the second thing second. Signed-off-by: Markus Armbruster Reviewed-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daudé Message-id: 20190416091348.26075-2-armbru@redhat.com Signed-off-by: Peter Maydell --- hw/i386/pc_sysfw.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index c628540774..75925f5d3f 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -280,21 +280,19 @@ void pc_system_firmware_init(PCMachineState *pcms, /* Map legacy -drive if=pflash to machine properties */ for (i = 0; i < ARRAY_SIZE(pcms->flash); i++) { - pflash_blk[i] = pflash_cfi01_get_blk(pcms->flash[i]); pflash_drv = drive_get(IF_PFLASH, 0, i); - if (!pflash_drv) { - continue; + if (pflash_drv) { + loc_push_none(&loc); + qemu_opts_loc_restore(pflash_drv->opts); + if (pflash_cfi01_get_blk(pcms->flash[i])) { + error_report("clashes with -machine"); + exit(1); + } + qdev_prop_set_drive(DEVICE(pcms->flash[i]), "drive", + blk_by_legacy_dinfo(pflash_drv), &error_fatal); + loc_pop(&loc); } - loc_push_none(&loc); - qemu_opts_loc_restore(pflash_drv->opts); - if (pflash_blk[i]) { - error_report("clashes with -machine"); - exit(1); - } - pflash_blk[i] = blk_by_legacy_dinfo(pflash_drv); - qdev_prop_set_drive(DEVICE(pcms->flash[i]), - "drive", pflash_blk[i], &error_fatal); - loc_pop(&loc); + pflash_blk[i] = pflash_cfi01_get_blk(pcms->flash[i]); } /* Reject gaps */ From 2d731dbd5e7173961cd76dc12c939e672cbca2bd Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 7 May 2019 12:55:02 +0100 Subject: [PATCH 02/15] pflash_cfi01: New pflash_cfi01_legacy_drive() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Factored out of pc_system_firmware_init() so the next commit can reuse it in hw/arm/virt.c. Signed-off-by: Markus Armbruster Reviewed-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daudé Message-id: 20190416091348.26075-3-armbru@redhat.com Signed-off-by: Peter Maydell --- hw/block/pflash_cfi01.c | 28 ++++++++++++++++++++++++++++ hw/i386/pc_sysfw.c | 16 ++-------------- include/hw/block/flash.h | 1 + 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c index 16dfae14b8..333b736277 100644 --- a/hw/block/pflash_cfi01.c +++ b/hw/block/pflash_cfi01.c @@ -44,9 +44,12 @@ #include "qapi/error.h" #include "qemu/timer.h" #include "qemu/bitops.h" +#include "qemu/error-report.h" #include "qemu/host-utils.h" #include "qemu/log.h" +#include "qemu/option.h" #include "hw/sysbus.h" +#include "sysemu/blockdev.h" #include "sysemu/sysemu.h" #include "trace.h" @@ -968,6 +971,31 @@ MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl) return &fl->mem; } +/* + * Handle -drive if=pflash for machines that use properties. + * If @dinfo is null, do nothing. + * Else if @fl's property "drive" is already set, fatal error. + * Else set it to the BlockBackend with @dinfo. + */ +void pflash_cfi01_legacy_drive(PFlashCFI01 *fl, DriveInfo *dinfo) +{ + Location loc; + + if (!dinfo) { + return; + } + + loc_push_none(&loc); + qemu_opts_loc_restore(dinfo->opts); + if (fl->blk) { + error_report("clashes with -machine"); + exit(1); + } + qdev_prop_set_drive(DEVICE(fl), "drive", + blk_by_legacy_dinfo(dinfo), &error_fatal); + loc_pop(&loc); +} + static void postload_update_cb(void *opaque, int running, RunState state) { PFlashCFI01 *pfl = opaque; diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 75925f5d3f..751fcafa12 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -269,9 +269,7 @@ void pc_system_firmware_init(PCMachineState *pcms, { PCMachineClass *pcmc = PC_MACHINE_GET_CLASS(pcms); int i; - DriveInfo *pflash_drv; BlockBackend *pflash_blk[ARRAY_SIZE(pcms->flash)]; - Location loc; if (!pcmc->pci_enabled) { old_pc_system_rom_init(rom_memory, true); @@ -280,18 +278,8 @@ void pc_system_firmware_init(PCMachineState *pcms, /* Map legacy -drive if=pflash to machine properties */ for (i = 0; i < ARRAY_SIZE(pcms->flash); i++) { - pflash_drv = drive_get(IF_PFLASH, 0, i); - if (pflash_drv) { - loc_push_none(&loc); - qemu_opts_loc_restore(pflash_drv->opts); - if (pflash_cfi01_get_blk(pcms->flash[i])) { - error_report("clashes with -machine"); - exit(1); - } - qdev_prop_set_drive(DEVICE(pcms->flash[i]), "drive", - blk_by_legacy_dinfo(pflash_drv), &error_fatal); - loc_pop(&loc); - } + pflash_cfi01_legacy_drive(pcms->flash[i], + drive_get(IF_PFLASH, 0, i)); pflash_blk[i] = pflash_cfi01_get_blk(pcms->flash[i]); } diff --git a/include/hw/block/flash.h b/include/hw/block/flash.h index a0f488732a..1acaf7de80 100644 --- a/include/hw/block/flash.h +++ b/include/hw/block/flash.h @@ -24,6 +24,7 @@ PFlashCFI01 *pflash_cfi01_register(hwaddr base, int be); BlockBackend *pflash_cfi01_get_blk(PFlashCFI01 *fl); MemoryRegion *pflash_cfi01_get_memory(PFlashCFI01 *fl); +void pflash_cfi01_legacy_drive(PFlashCFI01 *dev, DriveInfo *dinfo); /* pflash_cfi02.c */ From e0561e60f170b220c5d73d185fa8eaa66fa8e6ef Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 7 May 2019 12:55:02 +0100 Subject: [PATCH 03/15] hw/arm/virt: Support firmware configuration with -blockdev MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The ARM virt machines put firmware in flash memory. To configure it, you use -drive if=pflash,unit=0,... and optionally -drive if=pflash,unit=1,... Why two -drive? This permits setting up one part of the flash memory read-only, and the other part read/write. It also makes upgrading firmware on the host easier. Below the hood, we get two separate flash devices, because we were too lazy to improve our flash device models to support sector protection. The problem at hand is to do the same with -blockdev somehow, as one more step towards deprecating -drive. We recently solved this problem for x86 PC machines, in commit ebc29e1beab. See the commit message for design rationale. This commit solves it for ARM virt basically the same way: new machine properties pflash0, pflash1 forward to the onboard flash devices' properties. Requires creating the onboard devices in the .instance_init() method virt_instance_init(). The existing code to pick up drives defined with -drive if=pflash is replaced by code to desugar into the machine properties. There are a few behavioral differences, though: * The flash devices are always present (x86: only present if configured) * Flash base addresses and sizes are fixed (x86: sizes depend on images, mapped back to back below a fixed address) * -bios configures contents of first pflash (x86: -bios configures ROM contents) * -bios is rejected when first pflash is also configured with -machine pflash0=... (x86: bios is silently ignored then) * -machine pflash1=... does not require -machine pflash0=... (x86: it does). The actual code is a bit simpler than for x86 mostly due to the first two differences. Before the patch, all the action is in create_flash(), called from the machine's .init() method machvirt_init(): main() machine_run_board_init() machvirt_init() create_flash() create_one_flash() for flash[0] create configure includes obeying -drive if=pflash,unit=0 realize map fall back to -bios create_one_flash() for flash[1] create configure includes obeying -drive if=pflash,unit=1 realize map update FDT To make the machine properties work, we need to move device creation to its .instance_init() method virt_instance_init(). Another complication is machvirt_init()'s computation of @firmware_loaded: it predicts what create_flash() will do. Instead of predicting what create_flash()'s replacement virt_firmware_init() will do, I decided to have virt_firmware_init() return what it did. Requires calling it a bit earlier. Resulting call tree: main() current_machine = object_new() ... virt_instance_init() virt_flash_create() virt_flash_create1() for flash[0] create configure: set defaults become child of machine [NEW] add machine prop pflash0 as alias for drive [NEW] virt_flash_create1() for flash[1] create configure: set defaults become child of machine [NEW] add machine prop pflash1 as alias for drive [NEW] for all machine props from the command line: machine_set_property() ... property_set_alias() for machine props pflash0, pflash1 ... set_drive() for cfi.pflash01 prop drive this is how -machine pflash0=... etc set machine_run_board_init(current_machine); virt_firmware_init() pflash_cfi01_legacy_drive() legacy -drive if=pflash,unit=0 and =1 [NEW] virt_flash_map() virt_flash_map1() for flash[0] configure: num-blocks realize map virt_flash_map1() for flash[1] configure: num-blocks realize map fall back to -bios virt_flash_fdt() update FDT You have László to thank for making me explain this in detail. Signed-off-by: Markus Armbruster Acked-by: Laszlo Ersek Message-id: 20190416091348.26075-4-armbru@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell --- hw/arm/virt.c | 202 +++++++++++++++++++++++++++--------------- include/hw/arm/virt.h | 2 + 2 files changed, 132 insertions(+), 72 deletions(-) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 16ba67f7a7..5331ab71e2 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -30,6 +30,7 @@ #include "qemu/osdep.h" #include "qemu/units.h" +#include "qemu/option.h" #include "qapi/error.h" #include "hw/sysbus.h" #include "hw/arm/arm.h" @@ -871,25 +872,19 @@ static void create_virtio_devices(const VirtMachineState *vms, qemu_irq *pic) } } -static void create_one_flash(const char *name, hwaddr flashbase, - hwaddr flashsize, const char *file, - MemoryRegion *sysmem) +#define VIRT_FLASH_SECTOR_SIZE (256 * KiB) + +static PFlashCFI01 *virt_flash_create1(VirtMachineState *vms, + const char *name, + const char *alias_prop_name) { - /* Create and map a single flash device. We use the same - * parameters as the flash devices on the Versatile Express board. + /* + * Create a single flash device. We use the same parameters as + * the flash devices on the Versatile Express board. */ - DriveInfo *dinfo = drive_get_next(IF_PFLASH); DeviceState *dev = qdev_create(NULL, TYPE_PFLASH_CFI01); - SysBusDevice *sbd = SYS_BUS_DEVICE(dev); - const uint64_t sectorlength = 256 * 1024; - if (dinfo) { - qdev_prop_set_drive(dev, "drive", blk_by_legacy_dinfo(dinfo), - &error_abort); - } - - qdev_prop_set_uint32(dev, "num-blocks", flashsize / sectorlength); - qdev_prop_set_uint64(dev, "sector-length", sectorlength); + qdev_prop_set_uint64(dev, "sector-length", VIRT_FLASH_SECTOR_SIZE); qdev_prop_set_uint8(dev, "width", 4); qdev_prop_set_uint8(dev, "device-width", 2); qdev_prop_set_bit(dev, "big-endian", false); @@ -898,41 +893,41 @@ static void create_one_flash(const char *name, hwaddr flashbase, qdev_prop_set_uint16(dev, "id2", 0x00); qdev_prop_set_uint16(dev, "id3", 0x00); qdev_prop_set_string(dev, "name", name); - qdev_init_nofail(dev); - - memory_region_add_subregion(sysmem, flashbase, - sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0)); - - if (file) { - char *fn; - int image_size; - - if (drive_get(IF_PFLASH, 0, 0)) { - error_report("The contents of the first flash device may be " - "specified with -bios or with -drive if=pflash... " - "but you cannot use both options at once"); - exit(1); - } - fn = qemu_find_file(QEMU_FILE_TYPE_BIOS, file); - if (!fn) { - error_report("Could not find ROM image '%s'", file); - exit(1); - } - image_size = load_image_mr(fn, sysbus_mmio_get_region(sbd, 0)); - g_free(fn); - if (image_size < 0) { - error_report("Could not load ROM image '%s'", file); - exit(1); - } - } + object_property_add_child(OBJECT(vms), name, OBJECT(dev), + &error_abort); + object_property_add_alias(OBJECT(vms), alias_prop_name, + OBJECT(dev), "drive", &error_abort); + return PFLASH_CFI01(dev); } -static void create_flash(const VirtMachineState *vms, - MemoryRegion *sysmem, - MemoryRegion *secure_sysmem) +static void virt_flash_create(VirtMachineState *vms) { - /* Create two flash devices to fill the VIRT_FLASH space in the memmap. - * Any file passed via -bios goes in the first of these. + vms->flash[0] = virt_flash_create1(vms, "virt.flash0", "pflash0"); + vms->flash[1] = virt_flash_create1(vms, "virt.flash1", "pflash1"); +} + +static void virt_flash_map1(PFlashCFI01 *flash, + hwaddr base, hwaddr size, + MemoryRegion *sysmem) +{ + DeviceState *dev = DEVICE(flash); + + assert(size % VIRT_FLASH_SECTOR_SIZE == 0); + assert(size / VIRT_FLASH_SECTOR_SIZE <= UINT32_MAX); + qdev_prop_set_uint32(dev, "num-blocks", size / VIRT_FLASH_SECTOR_SIZE); + qdev_init_nofail(dev); + + memory_region_add_subregion(sysmem, base, + sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), + 0)); +} + +static void virt_flash_map(VirtMachineState *vms, + MemoryRegion *sysmem, + MemoryRegion *secure_sysmem) +{ + /* + * Map two flash devices to fill the VIRT_FLASH space in the memmap. * sysmem is the system memory space. secure_sysmem is the secure view * of the system, and the first flash device should be made visible only * there. The second flash device is visible to both secure and nonsecure. @@ -941,12 +936,20 @@ static void create_flash(const VirtMachineState *vms, */ hwaddr flashsize = vms->memmap[VIRT_FLASH].size / 2; hwaddr flashbase = vms->memmap[VIRT_FLASH].base; - char *nodename; - create_one_flash("virt.flash0", flashbase, flashsize, - bios_name, secure_sysmem); - create_one_flash("virt.flash1", flashbase + flashsize, flashsize, - NULL, sysmem); + virt_flash_map1(vms->flash[0], flashbase, flashsize, + secure_sysmem); + virt_flash_map1(vms->flash[1], flashbase + flashsize, flashsize, + sysmem); +} + +static void virt_flash_fdt(VirtMachineState *vms, + MemoryRegion *sysmem, + MemoryRegion *secure_sysmem) +{ + hwaddr flashsize = vms->memmap[VIRT_FLASH].size / 2; + hwaddr flashbase = vms->memmap[VIRT_FLASH].base; + char *nodename; if (sysmem == secure_sysmem) { /* Report both flash devices as a single node in the DT */ @@ -959,7 +962,8 @@ static void create_flash(const VirtMachineState *vms, qemu_fdt_setprop_cell(vms->fdt, nodename, "bank-width", 4); g_free(nodename); } else { - /* Report the devices as separate nodes so we can mark one as + /* + * Report the devices as separate nodes so we can mark one as * only visible to the secure world. */ nodename = g_strdup_printf("/secflash@%" PRIx64, flashbase); @@ -982,6 +986,54 @@ static void create_flash(const VirtMachineState *vms, } } +static bool virt_firmware_init(VirtMachineState *vms, + MemoryRegion *sysmem, + MemoryRegion *secure_sysmem) +{ + int i; + BlockBackend *pflash_blk0; + + /* Map legacy -drive if=pflash to machine properties */ + for (i = 0; i < ARRAY_SIZE(vms->flash); i++) { + pflash_cfi01_legacy_drive(vms->flash[i], + drive_get(IF_PFLASH, 0, i)); + } + + virt_flash_map(vms, sysmem, secure_sysmem); + + pflash_blk0 = pflash_cfi01_get_blk(vms->flash[0]); + + if (bios_name) { + char *fname; + MemoryRegion *mr; + int image_size; + + if (pflash_blk0) { + error_report("The contents of the first flash device may be " + "specified with -bios or with -drive if=pflash... " + "but you cannot use both options at once"); + exit(1); + } + + /* Fall back to -bios */ + + fname = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name); + if (!fname) { + error_report("Could not find ROM image '%s'", bios_name); + exit(1); + } + mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(vms->flash[0]), 0); + image_size = load_image_mr(fname, mr); + g_free(fname); + if (image_size < 0) { + error_report("Could not load ROM image '%s'", bios_name); + exit(1); + } + } + + return pflash_blk0 || bios_name; +} + static FWCfgState *create_fw_cfg(const VirtMachineState *vms, AddressSpace *as) { hwaddr base = vms->memmap[VIRT_FW_CFG].base; @@ -1421,7 +1473,7 @@ static void machvirt_init(MachineState *machine) MemoryRegion *secure_sysmem = NULL; int n, virt_max_cpus; MemoryRegion *ram = g_new(MemoryRegion, 1); - bool firmware_loaded = bios_name || drive_get(IF_PFLASH, 0, 0); + bool firmware_loaded; bool aarch64 = true; /* @@ -1460,6 +1512,27 @@ static void machvirt_init(MachineState *machine) exit(1); } + if (vms->secure) { + if (kvm_enabled()) { + error_report("mach-virt: KVM does not support Security extensions"); + exit(1); + } + + /* + * The Secure view of the world is the same as the NonSecure, + * but with a few extra devices. Create it as a container region + * containing the system memory at low priority; any secure-only + * devices go in at higher priority and take precedence. + */ + secure_sysmem = g_new(MemoryRegion, 1); + memory_region_init(secure_sysmem, OBJECT(machine), "secure-memory", + UINT64_MAX); + memory_region_add_subregion_overlap(secure_sysmem, 0, sysmem, -1); + } + + firmware_loaded = virt_firmware_init(vms, sysmem, + secure_sysmem ?: sysmem); + /* If we have an EL3 boot ROM then the assumption is that it will * implement PSCI itself, so disable QEMU's internal implementation * so it doesn't get in the way. Instead of starting secondary @@ -1505,23 +1578,6 @@ static void machvirt_init(MachineState *machine) exit(1); } - if (vms->secure) { - if (kvm_enabled()) { - error_report("mach-virt: KVM does not support Security extensions"); - exit(1); - } - - /* The Secure view of the world is the same as the NonSecure, - * but with a few extra devices. Create it as a container region - * containing the system memory at low priority; any secure-only - * devices go in at higher priority and take precedence. - */ - secure_sysmem = g_new(MemoryRegion, 1); - memory_region_init(secure_sysmem, OBJECT(machine), "secure-memory", - UINT64_MAX); - memory_region_add_subregion_overlap(secure_sysmem, 0, sysmem, -1); - } - create_fdt(vms); possible_cpus = mc->possible_cpu_arch_ids(machine); @@ -1610,7 +1666,7 @@ static void machvirt_init(MachineState *machine) &machine->device_memory->mr); } - create_flash(vms, sysmem, secure_sysmem ? secure_sysmem : sysmem); + virt_flash_fdt(vms, sysmem, secure_sysmem); create_gic(vms, pic); @@ -1956,6 +2012,8 @@ static void virt_instance_init(Object *obj) NULL); vms->irqmap = a15irqmap; + + virt_flash_create(vms); } static const TypeInfo virt_machine_info = { diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h index 507517c603..424070924e 100644 --- a/include/hw/arm/virt.h +++ b/include/hw/arm/virt.h @@ -35,6 +35,7 @@ #include "qemu/notify.h" #include "hw/boards.h" #include "hw/arm/arm.h" +#include "hw/block/flash.h" #include "sysemu/kvm.h" #include "hw/intc/arm_gicv3_common.h" @@ -113,6 +114,7 @@ typedef struct { Notifier machine_done; DeviceState *platform_bus_dev; FWCfgState *fw_cfg; + PFlashCFI01 *flash[2]; bool secure; bool highmem; bool highmem_ecam; From ff3dcf28c0b7a3ac261399c3754bf2f410c2e91e Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 7 May 2019 12:55:02 +0100 Subject: [PATCH 04/15] hw/arm/raspi: Diagnose requests for too much RAM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Raspberry Pi boards have a physical memory map which does not allow for more than 1GB of RAM. Currently if the user tries to ask for more then we fail in a confusing way: $ qemu-system-aarch64 --machine raspi3 -m 8G Unexpected error in visit_type_uintN() at qapi/qapi-visit-core.c:164: qemu-system-aarch64: Parameter 'vcram-base' expects uint32_t Aborted (core dumped) Catch this earlier and diagnose it with a more friendly message: $ qemu-system-aarch64 --machine raspi3 -m 8G qemu-system-aarch64: Requested ram size is too large for this machine: maximum is 1GB Fixes: https://bugs.launchpad.net/qemu/+bug/1794187 Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Reviewed-by: Wainer dos Santos Moschetta --- hw/arm/raspi.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index 66899c28dc..fe2bb511b9 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -12,6 +12,7 @@ */ #include "qemu/osdep.h" +#include "qemu/units.h" #include "qapi/error.h" #include "qemu-common.h" #include "cpu.h" @@ -175,6 +176,12 @@ static void raspi_init(MachineState *machine, int version) BusState *bus; DeviceState *carddev; + if (machine->ram_size > 1 * GiB) { + error_report("Requested ram size is too large for this machine: " + "maximum is 1GB"); + exit(1); + } + object_initialize(&s->soc, sizeof(s->soc), version == 3 ? TYPE_BCM2837 : TYPE_BCM2836); object_property_add_child(OBJECT(machine), "soc", OBJECT(&s->soc), From b698e4eef5111e2df7598261b09dcef8249b7ae6 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 7 May 2019 12:55:02 +0100 Subject: [PATCH 05/15] arm: Allow system registers for KVM guests to be changed by QEMU code At the moment the Arm implementations of kvm_arch_{get,put}_registers() don't support having QEMU change the values of system registers (aka coprocessor registers for AArch32). This is because although kvm_arch_get_registers() calls write_list_to_cpustate() to update the CPU state struct fields (so QEMU code can read the values in the usual way), kvm_arch_put_registers() does not call write_cpustate_to_list(), meaning that any changes to the CPU state struct fields will not be passed back to KVM. The rationale for this design is documented in a comment in the AArch32 kvm_arch_put_registers() -- writing the values in the cpregs list into the CPU state struct is "lossy" because the write of a register might not succeed, and so if we blindly copy the CPU state values back again we will incorrectly change register values for the guest. The assumption was that no QEMU code would need to write to the registers. However, when we implemented debug support for KVM guests, we broke that assumption: the code to handle "set the guest up to take a breakpoint exception" does so by updating various guest registers including ESR_EL1. Support this by making kvm_arch_put_registers() synchronize CPU state back into the list. We sync only those registers where the initial write succeeds, which should be sufficient. This commit is the same as commit 823e1b3818f9b10b824ddc which we had to revert in commit 942f99c825fc94c8b1a4, except that the bug which was preventing EDK2 guest firmware running has been fixed: kvm_arm_reset_vcpu() now calls write_list_to_cpustate(). Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Tested-by: Eric Auger --- target/arm/cpu.h | 9 ++++++++- target/arm/helper.c | 27 +++++++++++++++++++++++++-- target/arm/kvm.c | 8 ++++++++ target/arm/kvm32.c | 20 ++------------------ target/arm/kvm64.c | 2 ++ target/arm/machine.c | 2 +- 6 files changed, 46 insertions(+), 22 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 22bc6e00ab..0304ddd9f1 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -2610,18 +2610,25 @@ bool write_list_to_cpustate(ARMCPU *cpu); /** * write_cpustate_to_list: * @cpu: ARMCPU + * @kvm_sync: true if this is for syncing back to KVM * * For each register listed in the ARMCPU cpreg_indexes list, write * its value from the ARMCPUState structure into the cpreg_values list. * This is used to copy info from TCG's working data structures into * KVM or for outbound migration. * + * @kvm_sync is true if we are doing this in order to sync the + * register state back to KVM. In this case we will only update + * values in the list if the previous list->cpustate sync actually + * successfully wrote the CPU state. Otherwise we will keep the value + * that is in the list. + * * Returns: true if all register values were read correctly, * false if some register was unknown or could not be read. * Note that we do not stop early on failure -- we will attempt * reading all registers in the list. */ -bool write_cpustate_to_list(ARMCPU *cpu); +bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync); #define ARM_CPUID_TI915T 0x54029152 #define ARM_CPUID_TI925T 0x54029252 diff --git a/target/arm/helper.c b/target/arm/helper.c index 81a92ab491..9b805d0e6b 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -266,7 +266,7 @@ static bool raw_accessors_invalid(const ARMCPRegInfo *ri) return true; } -bool write_cpustate_to_list(ARMCPU *cpu) +bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync) { /* Write the coprocessor state from cpu->env to the (index,value) list. */ int i; @@ -275,6 +275,7 @@ bool write_cpustate_to_list(ARMCPU *cpu) for (i = 0; i < cpu->cpreg_array_len; i++) { uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]); const ARMCPRegInfo *ri; + uint64_t newval; ri = get_arm_cp_reginfo(cpu->cp_regs, regidx); if (!ri) { @@ -284,7 +285,29 @@ bool write_cpustate_to_list(ARMCPU *cpu) if (ri->type & ARM_CP_NO_RAW) { continue; } - cpu->cpreg_values[i] = read_raw_cp_reg(&cpu->env, ri); + + newval = read_raw_cp_reg(&cpu->env, ri); + if (kvm_sync) { + /* + * Only sync if the previous list->cpustate sync succeeded. + * Rather than tracking the success/failure state for every + * item in the list, we just recheck "does the raw write we must + * have made in write_list_to_cpustate() read back OK" here. + */ + uint64_t oldval = cpu->cpreg_values[i]; + + if (oldval == newval) { + continue; + } + + write_raw_cp_reg(&cpu->env, ri, oldval); + if (read_raw_cp_reg(&cpu->env, ri) != oldval) { + continue; + } + + write_raw_cp_reg(&cpu->env, ri, newval); + } + cpu->cpreg_values[i] = newval; } return ok; } diff --git a/target/arm/kvm.c b/target/arm/kvm.c index 79a79f0190..5995634612 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -497,6 +497,14 @@ void kvm_arm_reset_vcpu(ARMCPU *cpu) fprintf(stderr, "write_kvmstate_to_list failed\n"); abort(); } + /* + * Sync the reset values also into the CPUState. This is necessary + * because the next thing we do will be a kvm_arch_put_registers() + * which will update the list values from the CPUState before copying + * the list values back to KVM. It's OK to ignore failure returns here + * for the same reason we do so in kvm_arch_get_registers(). + */ + write_list_to_cpustate(cpu); } /* diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c index 50327989dc..327375f625 100644 --- a/target/arm/kvm32.c +++ b/target/arm/kvm32.c @@ -384,24 +384,8 @@ int kvm_arch_put_registers(CPUState *cs, int level) return ret; } - /* Note that we do not call write_cpustate_to_list() - * here, so we are only writing the tuple list back to - * KVM. This is safe because nothing can change the - * CPUARMState cp15 fields (in particular gdb accesses cannot) - * and so there are no changes to sync. In fact syncing would - * be wrong at this point: for a constant register where TCG and - * KVM disagree about its value, the preceding write_list_to_cpustate() - * would not have had any effect on the CPUARMState value (since the - * register is read-only), and a write_cpustate_to_list() here would - * then try to write the TCG value back into KVM -- this would either - * fail or incorrectly change the value the guest sees. - * - * If we ever want to allow the user to modify cp15 registers via - * the gdb stub, we would need to be more clever here (for instance - * tracking the set of registers kvm_arch_get_registers() successfully - * managed to update the CPUARMState with, and only allowing those - * to be written back up into the kernel). - */ + write_cpustate_to_list(cpu, true); + if (!write_list_to_kvmstate(cpu, level)) { return EINVAL; } diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c index 089af9c5f0..e3ba149248 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -838,6 +838,8 @@ int kvm_arch_put_registers(CPUState *cs, int level) return ret; } + write_cpustate_to_list(cpu, true); + if (!write_list_to_kvmstate(cpu, level)) { return EINVAL; } diff --git a/target/arm/machine.c b/target/arm/machine.c index 09567d4fc6..96d032f2a7 100644 --- a/target/arm/machine.c +++ b/target/arm/machine.c @@ -646,7 +646,7 @@ static int cpu_pre_save(void *opaque) abort(); } } else { - if (!write_cpustate_to_list(cpu)) { + if (!write_cpustate_to_list(cpu, false)) { /* This should never fail. */ abort(); } From a9df9622bc28ff94bb65e4264ddbf7e600d911dc Mon Sep 17 00:00:00 2001 From: Joel Stanley Date: Tue, 7 May 2019 12:55:02 +0100 Subject: [PATCH 06/15] arm: aspeed: Set SDRAM size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We currently use Qemu's default of 128MB. As we know how much ram each machine ships with, make it easier on users by setting a default. It can still be overridden with -m on the command line. Signed-off-by: Joel Stanley Reviewed-by: Andrew Jeffery Reviewed-by: Richard Henderson Message-id: 20190503022958.1394-1-joel@jms.id.au Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Peter Maydell --- hw/arm/aspeed.c | 8 ++++++++ include/hw/arm/aspeed.h | 1 + 2 files changed, 9 insertions(+) diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c index 1c23ebd992..29d225ed14 100644 --- a/hw/arm/aspeed.c +++ b/hw/arm/aspeed.c @@ -25,6 +25,7 @@ #include "sysemu/block-backend.h" #include "hw/loader.h" #include "qemu/error-report.h" +#include "qemu/units.h" static struct arm_boot_info aspeed_board_binfo = { .board_id = -1, /* device-tree-only board */ @@ -331,6 +332,9 @@ static void aspeed_machine_class_init(ObjectClass *oc, void *data) mc->no_floppy = 1; mc->no_cdrom = 1; mc->no_parallel = 1; + if (board->ram) { + mc->default_ram_size = board->ram; + } amc->board = board; } @@ -352,6 +356,7 @@ static const AspeedBoardConfig aspeed_boards[] = { .spi_model = "mx25l25635e", .num_cs = 1, .i2c_init = palmetto_bmc_i2c_init, + .ram = 256 * MiB, }, { .name = MACHINE_TYPE_NAME("ast2500-evb"), .desc = "Aspeed AST2500 EVB (ARM1176)", @@ -361,6 +366,7 @@ static const AspeedBoardConfig aspeed_boards[] = { .spi_model = "mx25l25635e", .num_cs = 1, .i2c_init = ast2500_evb_i2c_init, + .ram = 512 * MiB, }, { .name = MACHINE_TYPE_NAME("romulus-bmc"), .desc = "OpenPOWER Romulus BMC (ARM1176)", @@ -370,6 +376,7 @@ static const AspeedBoardConfig aspeed_boards[] = { .spi_model = "mx66l1g45g", .num_cs = 2, .i2c_init = romulus_bmc_i2c_init, + .ram = 512 * MiB, }, { .name = MACHINE_TYPE_NAME("witherspoon-bmc"), .desc = "OpenPOWER Witherspoon BMC (ARM1176)", @@ -379,6 +386,7 @@ static const AspeedBoardConfig aspeed_boards[] = { .spi_model = "mx66l1g45g", .num_cs = 2, .i2c_init = witherspoon_bmc_i2c_init, + .ram = 512 * MiB, }, }; diff --git a/include/hw/arm/aspeed.h b/include/hw/arm/aspeed.h index 325c091d09..02073a6b4d 100644 --- a/include/hw/arm/aspeed.h +++ b/include/hw/arm/aspeed.h @@ -22,6 +22,7 @@ typedef struct AspeedBoardConfig { const char *spi_model; uint32_t num_cs; void (*i2c_init)(AspeedBoardState *bmc); + uint32_t ram; } AspeedBoardConfig; #define TYPE_ASPEED_MACHINE MACHINE_TYPE_NAME("aspeed") From 48bb55bfaa4e8c4799e0ee3dda3b1dde0e25ef72 Mon Sep 17 00:00:00 2001 From: Cao Jiaxi Date: Tue, 7 May 2019 12:55:02 +0100 Subject: [PATCH 07/15] QEMU_PACKED: Remove gcc_struct attribute in Windows non x86 targets gcc_struct is for x86 only, and it generates an warning on ARM64 Clang/MinGW targets. Signed-off-by: Cao Jiaxi Reviewed-by: Thomas Huth Message-id: 20190503003618.10089-1-driver1998@foxmail.com [PMM: dropped the slirp change as slirp is now a submodule] Signed-off-by: Peter Maydell --- contrib/libvhost-user/libvhost-user.h | 2 +- include/qemu/compiler.h | 2 +- scripts/cocci-macro-file.h | 7 ++++++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/contrib/libvhost-user/libvhost-user.h b/contrib/libvhost-user/libvhost-user.h index 414ceb0a2f..78b33306e8 100644 --- a/contrib/libvhost-user/libvhost-user.h +++ b/contrib/libvhost-user/libvhost-user.h @@ -148,7 +148,7 @@ typedef struct VhostUserInflight { uint16_t queue_size; } VhostUserInflight; -#if defined(_WIN32) +#if defined(_WIN32) && (defined(__x86_64__) || defined(__i386__)) # define VU_PACKED __attribute__((gcc_struct, packed)) #else # define VU_PACKED __attribute__((packed)) diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h index 296b2fd572..09fc44cca4 100644 --- a/include/qemu/compiler.h +++ b/include/qemu/compiler.h @@ -28,7 +28,7 @@ #define QEMU_SENTINEL __attribute__((sentinel)) -#if defined(_WIN32) +#if defined(_WIN32) && (defined(__x86_64__) || defined(__i386__)) # define QEMU_PACKED __attribute__((gcc_struct, packed)) #else # define QEMU_PACKED __attribute__((packed)) diff --git a/scripts/cocci-macro-file.h b/scripts/cocci-macro-file.h index e485cdccae..c6bbc05ba3 100644 --- a/scripts/cocci-macro-file.h +++ b/scripts/cocci-macro-file.h @@ -23,7 +23,12 @@ #define QEMU_NORETURN __attribute__ ((__noreturn__)) #define QEMU_WARN_UNUSED_RESULT __attribute__((warn_unused_result)) #define QEMU_SENTINEL __attribute__((sentinel)) -#define QEMU_PACKED __attribute__((gcc_struct, packed)) + +#if defined(_WIN32) && (defined(__x86_64__) || defined(__i386__)) +# define QEMU_PACKED __attribute__((gcc_struct, packed)) +#else +# define QEMU_PACKED __attribute__((packed)) +#endif #define cat(x,y) x ## y #define cat2(x,y) cat(x,y) From 8ac65578920a98a845aa8c80ea19140a51440185 Mon Sep 17 00:00:00 2001 From: Cao Jiaxi Date: Tue, 7 May 2019 12:55:03 +0100 Subject: [PATCH 08/15] qga: Fix mingw compilation warnings on enum conversion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The win2qemu[] is supposed to be the conversion table to convert between STORAGE_BUS_TYPE in Windows SDK and GuestDiskBusType in qga. But it was incorrectly written that it forces to set a GuestDiskBusType value to STORAGE_BUS_TYPE, which generates an enum conversion warning in clang. Suggested-by: Eric Blake Signed-off-by: Cao Jiaxi Reviewed-by: Richard Henderson Reviewed-by: Thomas Huth Message-id: 20190503003650.10137-1-driver1998@foxmail.com Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Signed-off-by: Peter Maydell --- qga/commands-win32.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qga/commands-win32.c b/qga/commands-win32.c index d40d61f605..6b67f16faf 100644 --- a/qga/commands-win32.c +++ b/qga/commands-win32.c @@ -457,7 +457,7 @@ void qmp_guest_file_flush(int64_t handle, Error **errp) #ifdef CONFIG_QGA_NTDDSCSI -static STORAGE_BUS_TYPE win2qemu[] = { +static GuestDiskBusType win2qemu[] = { [BusTypeUnknown] = GUEST_DISK_BUS_TYPE_UNKNOWN, [BusTypeScsi] = GUEST_DISK_BUS_TYPE_SCSI, [BusTypeAtapi] = GUEST_DISK_BUS_TYPE_IDE, From 8041336ef74e19ca607c1601016333c986de8f9c Mon Sep 17 00:00:00 2001 From: Cao Jiaxi Date: Tue, 7 May 2019 12:55:03 +0100 Subject: [PATCH 09/15] util/cacheinfo: Use uint64_t on LLP64 model to satisfy Windows ARM64 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Windows ARM64 uses LLP64 model, which breaks current assumptions. Signed-off-by: Cao Jiaxi Reviewed-by: Richard Henderson Reviewed-by: Thomas Huth Message-id: 20190503003707.10185-1-driver1998@foxmail.com Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Signed-off-by: Peter Maydell --- util/cacheinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/cacheinfo.c b/util/cacheinfo.c index 3cd080b83d..eebe1ce9c5 100644 --- a/util/cacheinfo.c +++ b/util/cacheinfo.c @@ -107,7 +107,7 @@ static void sys_cache_info(int *isize, int *dsize) static void arch_cache_info(int *isize, int *dsize) { if (*isize == 0 || *dsize == 0) { - unsigned long ctr; + uint64_t ctr; /* The real cache geometry is in CCSIDR_EL1/CLIDR_EL1/CSSELR_EL1, but (at least under Linux) these are marked protected by the From 946376c21be1cd9dcc3c7936b204b113781603f7 Mon Sep 17 00:00:00 2001 From: Cao Jiaxi Date: Tue, 7 May 2019 12:55:03 +0100 Subject: [PATCH 10/15] osdep: Fix mingw compilation regarding stdio formats MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I encountered the following compilation error on mingw: /mnt/d/qemu/include/qemu/osdep.h:97:9: error: '__USE_MINGW_ANSI_STDIO' macro redefined [-Werror,-Wmacro-redefined] #define __USE_MINGW_ANSI_STDIO 1 ^ /mnt/d/llvm-mingw/aarch64-w64-mingw32/include/_mingw.h:433:9: note: previous definition is here #define __USE_MINGW_ANSI_STDIO 0 /* was not defined so it should be 0 */ It turns out that __USE_MINGW_ANSI_STDIO must be set before any system headers are included, not just before stdio.h. Signed-off-by: Cao Jiaxi Reviewed-by: Thomas Huth Reviewed-by: Stefan Weil Message-id: 20190503003719.10233-1-driver1998@foxmail.com Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Peter Maydell --- include/qemu/osdep.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h index 303d315c5d..af2b91f0b8 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -85,17 +85,17 @@ extern int daemon(int, int); #endif #endif +/* enable C99/POSIX format strings (needs mingw32-runtime 3.15 or later) */ +#ifdef __MINGW32__ +#define __USE_MINGW_ANSI_STDIO 1 +#endif + #include #include #include #include #include #include - -/* enable C99/POSIX format strings (needs mingw32-runtime 3.15 or later) */ -#ifdef __MINGW32__ -#define __USE_MINGW_ANSI_STDIO 1 -#endif #include #include From b01e2f0284a2df11aef990219104e3f52c317061 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 7 May 2019 12:55:03 +0100 Subject: [PATCH 11/15] hw/arm/armv7m_nvic: Check subpriority in nvic_recompute_state_secure() Rule R_CQRV says that if two pending interrupts have the same group priority then ties are broken by looking at the subpriority. We had a comment describing this but had forgotten to actually implement the subpriority comparison. Correct the omission. (The further tie break rules of "lowest exception number" and "secure before non-secure" are handled implicitly by the order in which we iterate through the exceptions in the loops.) Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190430131439.25251-2-peter.maydell@linaro.org --- hw/intc/armv7m_nvic.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index fff6e694e6..131b5938b9 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -213,6 +213,7 @@ static void nvic_recompute_state_secure(NVICState *s) int active_prio = NVIC_NOEXC_PRIO; int pend_irq = 0; bool pending_is_s_banked = false; + int pend_subprio = 0; /* R_CQRV: precedence is by: * - lowest group priority; if both the same then @@ -226,7 +227,7 @@ static void nvic_recompute_state_secure(NVICState *s) for (i = 1; i < s->num_irq; i++) { for (bank = M_REG_S; bank >= M_REG_NS; bank--) { VecInfo *vec; - int prio; + int prio, subprio; bool targets_secure; if (bank == M_REG_S) { @@ -241,8 +242,12 @@ static void nvic_recompute_state_secure(NVICState *s) } prio = exc_group_prio(s, vec->prio, targets_secure); - if (vec->enabled && vec->pending && prio < pend_prio) { + subprio = vec->prio & ~nvic_gprio_mask(s, targets_secure); + if (vec->enabled && vec->pending && + ((prio < pend_prio) || + (prio == pend_prio && prio >= 0 && subprio < pend_subprio))) { pend_prio = prio; + pend_subprio = subprio; pend_irq = i; pending_is_s_banked = (bank == M_REG_S); } From 339327b6d4a2830cba230c6be7a17a4a2fc3d546 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 7 May 2019 12:55:03 +0100 Subject: [PATCH 12/15] hw/intc/armv7m_nvic: NS BFAR and BFSR are RAZ/WI if BFHFNMINS == 0 The non-secure versions of the BFAR and BFSR registers are supposed to be RAZ/WI if AICR.BFHFNMINS == 0; we were incorrectly allowing NS code to access the real values. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190430131439.25251-3-peter.maydell@linaro.org --- hw/intc/armv7m_nvic.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 131b5938b9..15cba63c96 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -1167,6 +1167,10 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, MemTxAttrs attrs) if (!arm_feature(&cpu->env, ARM_FEATURE_M_MAIN)) { goto bad_offset; } + if (!attrs.secure && + !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) { + return 0; + } return cpu->env.v7m.bfar; case 0xd3c: /* Aux Fault Status. */ /* TODO: Implement fault status registers. */ @@ -1646,6 +1650,10 @@ static void nvic_writel(NVICState *s, uint32_t offset, uint32_t value, if (!arm_feature(&cpu->env, ARM_FEATURE_M_MAIN)) { goto bad_offset; } + if (!attrs.secure && + !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) { + return; + } cpu->env.v7m.bfar = value; return; case 0xd3c: /* Aux Fault Status. */ @@ -2130,11 +2138,18 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr, val = 0; break; }; - /* The BFSR bits [15:8] are shared between security states - * and we store them in the NS copy + /* + * The BFSR bits [15:8] are shared between security states + * and we store them in the NS copy. They are RAZ/WI for + * NS code if AIRCR.BFHFNMINS is 0. */ val = s->cpu->env.v7m.cfsr[attrs.secure]; - val |= s->cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK; + if (!attrs.secure && + !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) { + val &= ~R_V7M_CFSR_BFSR_MASK; + } else { + val |= s->cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK; + } val = extract32(val, (offset - 0xd28) * 8, size * 8); break; case 0xfe0 ... 0xfff: /* ID. */ @@ -2249,6 +2264,12 @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr, */ value <<= ((offset - 0xd28) * 8); + if (!attrs.secure && + !(s->cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK)) { + /* BFSR bits are RAZ/WI for NS if BFHFNMINS is set */ + value &= ~R_V7M_CFSR_BFSR_MASK; + } + s->cpu->env.v7m.cfsr[attrs.secure] &= ~value; if (attrs.secure) { /* The BFSR bits [15:8] are shared between security states From a03ffaefce5dbb455ee1bc7c7709faf377dfbd45 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 7 May 2019 12:55:03 +0100 Subject: [PATCH 13/15] hw/intc/armv7m_nvic: Don't enable ARMV7M_EXCP_DEBUG from reset The M-profile architecture specifies that the DebugMonitor exception should be initially disabled, not enabled. It should be controlled by the DEMCR register's MON_EN bit, but we don't implement that register yet (like most of the debug architecture for M-profile). Note that BKPT instructions will still work, because they will be escalated to HardFault. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190430131439.25251-4-peter.maydell@linaro.org --- hw/intc/armv7m_nvic.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c index 15cba63c96..3a346a682a 100644 --- a/hw/intc/armv7m_nvic.c +++ b/hw/intc/armv7m_nvic.c @@ -2491,10 +2491,12 @@ static void armv7m_nvic_reset(DeviceState *dev) * the System Handler Control register */ s->vectors[ARMV7M_EXCP_SVC].enabled = 1; - s->vectors[ARMV7M_EXCP_DEBUG].enabled = 1; s->vectors[ARMV7M_EXCP_PENDSV].enabled = 1; s->vectors[ARMV7M_EXCP_SYSTICK].enabled = 1; + /* DebugMonitor is enabled via DEMCR.MON_EN */ + s->vectors[ARMV7M_EXCP_DEBUG].enabled = 0; + resetprio = arm_feature(&s->cpu->env, ARM_FEATURE_V8) ? -4 : -3; s->vectors[ARMV7M_EXCP_RESET].prio = resetprio; s->vectors[ARMV7M_EXCP_NMI].prio = -2; From f1e2598c46d480c9e21213a244bc514200762828 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 7 May 2019 12:55:04 +0100 Subject: [PATCH 14/15] target/arm: Implement XPSR GE bits In the M-profile architecture, if the CPU implements the DSP extension then the XPSR has GE bits, in the same way as the A-profile CPSR. When we added DSP extension support we forgot to add support for reading and writing the GE bits, which are stored in env->GE. We did put in the code to add XPSR_GE to the mask of bits to update in the v7m_msr helper, but forgot it in v7m_mrs. We also must not allow the XPSR we pull off the stack on exception return to set the nonexistent GE bits. Correct these errors: * read and write env->GE in xpsr_read() and xpsr_write() * only set GE bits on exception return if DSP present * read GE bits for MRS if DSP present Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20190430131439.25251-5-peter.maydell@linaro.org --- target/arm/cpu.h | 4 ++++ target/arm/helper.c | 12 ++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 0304ddd9f1..733b840a71 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1285,6 +1285,7 @@ static inline uint32_t xpsr_read(CPUARMState *env) | (env->CF << 29) | ((env->VF & 0x80000000) >> 3) | (env->QF << 27) | (env->thumb << 24) | ((env->condexec_bits & 3) << 25) | ((env->condexec_bits & 0xfc) << 8) + | (env->GE << 16) | env->v7m.exception; } @@ -1300,6 +1301,9 @@ static inline void xpsr_write(CPUARMState *env, uint32_t val, uint32_t mask) if (mask & XPSR_Q) { env->QF = ((val & XPSR_Q) != 0); } + if (mask & XPSR_GE) { + env->GE = (val & XPSR_GE) >> 16; + } if (mask & XPSR_T) { env->thumb = ((val & XPSR_T) != 0); } diff --git a/target/arm/helper.c b/target/arm/helper.c index 9b805d0e6b..b9745a42ba 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -8727,7 +8727,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu) { CPUARMState *env = &cpu->env; uint32_t excret; - uint32_t xpsr; + uint32_t xpsr, xpsr_mask; bool ufault = false; bool sfault = false; bool return_to_sp_process; @@ -9179,8 +9179,13 @@ static void do_v7m_exception_exit(ARMCPU *cpu) } *frame_sp_p = frameptr; } + + xpsr_mask = ~(XPSR_SPREALIGN | XPSR_SFPA); + if (!arm_feature(env, ARM_FEATURE_THUMB_DSP)) { + xpsr_mask &= ~XPSR_GE; + } /* This xpsr_write() will invalidate frame_sp_p as it may switch stack */ - xpsr_write(env, xpsr, ~(XPSR_SPREALIGN | XPSR_SFPA)); + xpsr_write(env, xpsr, xpsr_mask); if (env->v7m.secure) { bool sfpa = xpsr & XPSR_SFPA; @@ -12665,6 +12670,9 @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg) } if (!(reg & 4)) { mask |= XPSR_NZCV | XPSR_Q; /* APSR */ + if (arm_feature(env, ARM_FEATURE_THUMB_DSP)) { + mask |= XPSR_GE; + } } /* EPSR reads as zero */ return xpsr_read(env) & mask; From 63159601fb3e396b28da14cbb71e50ed3f5a0331 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 7 May 2019 12:55:04 +0100 Subject: [PATCH 15/15] target/arm: Stop using variable length array in dc_zva MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently the dc_zva helper function uses a variable length array. In fact we know (as the comment above remarks) that the length of this array is bounded because the architecture limits the block size and QEMU limits the target page size. Use a fixed array size and assert that we don't run off it. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Message-id: 20190503120448.13385-1-peter.maydell@linaro.org --- target/arm/helper.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index b9745a42ba..1e6eb0d0f3 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1,4 +1,5 @@ #include "qemu/osdep.h" +#include "qemu/units.h" #include "target/arm/idau.h" #include "trace.h" #include "cpu.h" @@ -13130,14 +13131,17 @@ void HELPER(dc_zva)(CPUARMState *env, uint64_t vaddr_in) * We know that in fact for any v8 CPU the page size is at least 4K * and the block size must be 2K or less, but TARGET_PAGE_SIZE is only * 1K as an artefact of legacy v5 subpage support being present in the - * same QEMU executable. + * same QEMU executable. So in practice the hostaddr[] array has + * two entries, given the current setting of TARGET_PAGE_BITS_MIN. */ int maxidx = DIV_ROUND_UP(blocklen, TARGET_PAGE_SIZE); - void *hostaddr[maxidx]; + void *hostaddr[DIV_ROUND_UP(2 * KiB, 1 << TARGET_PAGE_BITS_MIN)]; int try, i; unsigned mmu_idx = cpu_mmu_index(env, false); TCGMemOpIdx oi = make_memop_idx(MO_UB, mmu_idx); + assert(maxidx <= ARRAY_SIZE(hostaddr)); + for (try = 0; try < 2; try++) { for (i = 0; i < maxidx; i++) {