[Qemu-devel] [PATCH v2 00/19] Add support for multiple address spaces per CPU and use it for ARM TrustZone

[Qemu-devel] [PATCH v2 00/19] Add support for multiple address spaces per CPU and use it for ARM TrustZone

[Peter Maydell]

This patch series adds support to QEMU's core exec/memory code for
CPUs which have more than one address space, and uses it for
ARM TrustZone. In particular, a TZ CPU will have two physical
address spaces (Secure and Non-secure), and the patchset allows a
board model to create these both separately and connect them to
the CPU, so that we can have devices or memory which are visible
only in the Secure address space. (We already have support for
TZ in the CPU emulation itself, and support for devices like the
GIC which respond differently to Secure and Non-secure accesses,
so this is the last part of the puzzle for 32-bit.)

The general approach is that we allow a target-* cpu to define
more than one address space at initialization, allocating each
one a small integer "address space index" (asidx). The target CPU
also defines the mapping from memory transaction attributes to
the asidx via a new QOM CPU method asidx_from_attrs. The memory
and cputlb core code then use the asidx to look up memory regions
in the correct AddressSpace (both at TLB fill time and in the
io_read/write stage at runtime).

Changes since v1:
 * the biggest change is that rather than having the target-cpu
   code pass us an asidx and storing asidxes in the IOTLB, we
   now determine the address space index from the memory transaction
   attributes. This has had effects all through the patchstack.
 * some reshuffling of patch order (among other things, all the
   core patches are now at the front, with the target-arm patches
   next and the virt board last).
 * added missing object_ref(OBJECT(cpu->memory)) when setting the
   default value of cpu->memory
 * don't allow sharing of ASes that weren't created via
   address_space_init_shareable
 * now only allocate cpu_ases array once (target has to set
   cpu->num_ases before first call to cpu_address_space_init())
 * new patch documenting tlb_set_page_with_attrs -- I no longer need
   to add a new argument to this function, but didn't want to throw
   away the doc comment I'd written...

The 'add secure memory region to virt board' patch is still RFC
because the device tree binding to say "device is secure-only" is
still under discussion on the kernel mailing list; patch 19
is a pure hack, and is here for testing purposes only.

You can run OP-TEE on QEMU with these patches:
see https://github.com/OP-TEE/optee_os for details of how to
get, build and run it. The 'make run' will use the custom QEMU
version that comes with OP-TEE (do that first to make sure your
OP-TEE has built and works ok). To get it to use a locally built QEMU
with these patches do:

make run-only QEMU_PATH=/path/to/your/qemu/build/directory QEMU_EXTRA_ARGS='-machine secure=on'

Notes on a couple of things the patchset doesn't address:
 (1) image/romfile/kernel loading etc will load only into the nonsecure
address space. This would be conceptually simple to implement (you just
need to pass an AS into lots of functions) but since OP-TEE doesn't need
it I felt it could safely be left for later rather than making this
patchset bigger.

 (2) Using multiple address spaces in one CPU won't work with KVM
(and we assert if you try; nothing at the moment will attempt it).
Using different address spaces in different CPUs in an SMP setup
will also not work with KVM, but we don't assert on that because
I wasn't sure where best to put the assert. (Also, it would be
nice if we could do that, because the modelling for ARM SMP
setups would really be cleaner if we could put the per-CPU
devices and so on in a set of per-CPU ASes.)

You can find a git branch with this patchset in here:
 https://git.linaro.org/people/peter.maydell/qemu-arm.git multi-ases

thanks
-- PMM


Peter Crosthwaite (2):
  memory: Add address_space_init_shareable()
  qom/cpu: Add MemoryRegion property

Peter Maydell (17):
  exec.c: Don't set cpu->as until cpu_address_space_init
  exec.c: Allow target CPUs to define multiple AddressSpaces
  exec-all.h: Document tlb_set_page_with_attrs, tlb_set_page
  include/qom/cpu.h: Add new get_phys_page_attrs_debug method
  include/qom/cpu.h: Add new asidx_from_attrs method
  cputlb.c: Use correct address space when looking up
    MemoryRegionSection
  exec.c: Pass MemTxAttrs to iotlb_to_region so it uses the right AS
  exec.c: Add cpu_get_address_space()
  exec.c: Use cpu_get_phys_page_attrs_debug
  exec.c: Use correct AddressSpace in watch_mem_read and watch_mem_write
  target-arm: Add QOM property for Secure memory region
  target-arm: Implement asidx_from_attrs
  target-arm: Implement cpu_get_phys_page_attrs_debug
  target-arm: Support multiple address spaces in page table walks
  hw/arm/virt: Wire up memory region to CPUs explicitly
  [RFC] hw/arm/virt: add secure memory region and UART
  HACK: rearrange the virt memory map to suit OP-TEE

 cpus.c                  |  13 +++++-
 cputlb.c                |   9 +++--
 exec.c                  | 103 +++++++++++++++++++++++++++++++++++-------------
 hw/arm/virt.c           |  66 +++++++++++++++++++++++++------
 include/exec/exec-all.h |  69 ++++++++++++++++++++++++++++----
 include/exec/memory.h   |  18 +++++++++
 include/hw/arm/virt.h   |   1 +
 include/qom/cpu.h       |  57 ++++++++++++++++++++++++++-
 memory.c                |  27 +++++++++++++
 softmmu_template.h      |   4 +-
 target-arm/cpu-qom.h    |   6 ++-
 target-arm/cpu.c        |  35 +++++++++++++++-
 target-arm/cpu.h        |  23 +++++++++++
 target-arm/helper.c     |  15 ++++---
 target-i386/cpu.c       |   7 +++-
 15 files changed, 389 insertions(+), 64 deletions(-)

-- 
1.9.1

[Qemu-devel] [PATCH v2 01/19] exec.c: Don't set cpu->as until cpu_address_space_init

[Peter Maydell]

Rather than setting cpu->as unconditionally in cpu_exec_init
(and then having target-i386 override this later), don't set
it until the first call to cpu_address_space_init.

This requires us to initialise the address space for
both TCG and KVM (KVM doesn't need the AS listener but
it does require cpu->as to be set).

For target CPUs which don't set up any address spaces (currently
everything except i386), add the default address_space_memory
in qemu_init_vcpu().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
 cpus.c                  | 10 ++++++++--
 exec.c                  | 16 ++++++++++++----
 include/exec/exec-all.h | 16 +++++++++++++++-
 target-i386/cpu.c       |  6 ++++--
 4 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/cpus.c b/cpus.c
index 877bd70..b347e42 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1310,8 +1310,6 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
     static QemuCond *tcg_halt_cond;
     static QemuThread *tcg_cpu_thread;
 
-    tcg_cpu_address_space_init(cpu, cpu->as);
-
     /* share a single thread for all cpus with TCG */
     if (!tcg_cpu_thread) {
         cpu->thread = g_malloc0(sizeof(QemuThread));
@@ -1372,6 +1370,14 @@ void qemu_init_vcpu(CPUState *cpu)
     cpu->nr_cores = smp_cores;
     cpu->nr_threads = smp_threads;
     cpu->stopped = true;
+
+    if (!cpu->as) {
+        /* If the target cpu hasn't set up any address spaces itself,
+         * give it the default one.
+         */
+        cpu_address_space_init(cpu, &address_space_memory, 0);
+    }
+
     if (kvm_enabled()) {
         qemu_kvm_start_vcpu(cpu);
     } else if (tcg_enabled()) {
diff --git a/exec.c b/exec.c
index b09f18b..1313fad 100644
--- a/exec.c
+++ b/exec.c
@@ -551,8 +551,13 @@ CPUState *qemu_get_cpu(int index)
 }
 
 #if !defined(CONFIG_USER_ONLY)
-void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
+void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
 {
+    if (asidx == 0) {
+        /* address space 0 gets the convenience alias */
+        cpu->as = as;
+    }
+
     /* We only support one address space per cpu at the moment.  */
     assert(cpu->as == as);
 
@@ -564,8 +569,10 @@ void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
     cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
     cpu->cpu_ases[0].cpu = cpu;
     cpu->cpu_ases[0].as = as;
-    cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
-    memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
+    if (tcg_enabled()) {
+        cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
+        memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
+    }
 }
 #endif
 
@@ -620,8 +627,9 @@ void cpu_exec_init(CPUState *cpu, Error **errp)
     int cpu_index;
     Error *local_err = NULL;
 
+    cpu->as = NULL;
+
 #ifndef CONFIG_USER_ONLY
-    cpu->as = &address_space_memory;
     cpu->thread_id = qemu_get_thread_id();
 #endif
 
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index d900b0d..eb3890a 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -84,7 +84,21 @@ void QEMU_NORETURN cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc);
 
 #if !defined(CONFIG_USER_ONLY)
 void cpu_reloading_memory_map(void);
-void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as);
+/**
+ * cpu_address_space_init:
+ * @cpu: CPU to add this address space to
+ * @as: address space to add
+ * @asidx: integer index of this address space
+ *
+ * Add the specified address space to the CPU's cpu_ases list.
+ * The address space added with @asidx 0 is the one used for the
+ * convenience pointer cpu->as.
+ * The target-specific code which registers ASes is responsible
+ * for defining what semantics address space 0, 1, 2, etc have.
+ *
+ * Note that with KVM only one address space is supported.
+ */
+void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx);
 /* cputlb.c */
 /**
  * tlb_flush_page:
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index e5f1c5b..9cf9f02 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2857,9 +2857,10 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
 
 #ifndef CONFIG_USER_ONLY
     if (tcg_enabled()) {
+        AddressSpace *newas = g_new(AddressSpace, 1);
+
         cpu->cpu_as_mem = g_new(MemoryRegion, 1);
         cpu->cpu_as_root = g_new(MemoryRegion, 1);
-        cs->as = g_new(AddressSpace, 1);
 
         /* Outer container... */
         memory_region_init(cpu->cpu_as_root, OBJECT(cpu), "memory", ~0ull);
@@ -2872,7 +2873,8 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
                                  get_system_memory(), 0, ~0ull);
         memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->cpu_as_mem, 0);
         memory_region_set_enabled(cpu->cpu_as_mem, true);
-        address_space_init(cs->as, cpu->cpu_as_root, "CPU");
+        address_space_init(newas, cpu->cpu_as_root, "CPU");
+        cpu_address_space_init(cs, newas, 0);
 
         /* ... SMRAM with higher priority, linked from /machine/smram.  */
         cpu->machine_done.notify = x86_cpu_machine_done;
-- 
1.9.1

[Qemu-devel] [PATCH v2 02/19] exec.c: Allow target CPUs to define multiple AddressSpaces

[Peter Maydell]

Allow multiple calls to cpu_address_space_init(); each
call adds an entry to the cpu->ases array at the specified
index. It is up to the target-specific CPU code to actually use
these extra address spaces.

Since this multiple AddressSpace support won't work with
KVM, add an assertion to avoid confusing failures.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 cpus.c                  |  1 +
 exec.c                  | 25 +++++++++++++++----------
 include/exec/exec-all.h |  4 ++++
 include/qom/cpu.h       |  2 ++
 target-i386/cpu.c       |  1 +
 5 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/cpus.c b/cpus.c
index b347e42..4cea798 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1375,6 +1375,7 @@ void qemu_init_vcpu(CPUState *cpu)
         /* If the target cpu hasn't set up any address spaces itself,
          * give it the default one.
          */
+        cpu->num_ases = 1;
         cpu_address_space_init(cpu, &address_space_memory, 0);
     }
 
diff --git a/exec.c b/exec.c
index 1313fad..ddb692c 100644
--- a/exec.c
+++ b/exec.c
@@ -553,25 +553,29 @@ CPUState *qemu_get_cpu(int index)
 #if !defined(CONFIG_USER_ONLY)
 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
 {
+    CPUAddressSpace *newas;
+
+    /* Target code should have set num_ases before calling us */
+    assert(asidx < cpu->num_ases);
+
     if (asidx == 0) {
         /* address space 0 gets the convenience alias */
         cpu->as = as;
     }
 
-    /* We only support one address space per cpu at the moment.  */
-    assert(cpu->as == as);
+    /* KVM cannot currently support multiple address spaces. */
+    assert(asidx == 0 || !kvm_enabled());
 
-    if (cpu->cpu_ases) {
-        /* We've already registered the listener for our only AS */
-        return;
+    if (!cpu->cpu_ases) {
+        cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
     }
 
-    cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
-    cpu->cpu_ases[0].cpu = cpu;
-    cpu->cpu_ases[0].as = as;
+    newas = &cpu->cpu_ases[asidx];
+    newas->cpu = cpu;
+    newas->as = as;
     if (tcg_enabled()) {
-        cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
-        memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
+        newas->tcg_as_listener.commit = tcg_commit;
+        memory_listener_register(&newas->tcg_as_listener, as);
     }
 }
 #endif
@@ -628,6 +632,7 @@ void cpu_exec_init(CPUState *cpu, Error **errp)
     Error *local_err = NULL;
 
     cpu->as = NULL;
+    cpu->num_ases = 0;
 
 #ifndef CONFIG_USER_ONLY
     cpu->thread_id = qemu_get_thread_id();
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index eb3890a..9be0165 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -96,6 +96,10 @@ void cpu_reloading_memory_map(void);
  * The target-specific code which registers ASes is responsible
  * for defining what semantics address space 0, 1, 2, etc have.
  *
+ * Before the first call to this function, the caller must set
+ * cpu->num_ases to the total number of address spaces it needs
+ * to support.
+ *
  * Note that with KVM only one address space is supported.
  */
 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx);
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 51a1323..ae17932 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -236,6 +236,7 @@ struct kvm_run;
  * so that interrupts take effect immediately.
  * @cpu_ases: Pointer to array of CPUAddressSpaces (which define the
  *            AddressSpaces this CPU has)
+ * @num_ases: number of CPUAddressSpaces in @cpu_ases
  * @as: Pointer to the first AddressSpace, for the convenience of targets which
  *      only have a single AddressSpace
  * @env_ptr: Pointer to subclass-specific CPUArchState field.
@@ -285,6 +286,7 @@ struct CPUState {
     struct qemu_work_item *queued_work_first, *queued_work_last;
 
     CPUAddressSpace *cpu_ases;
+    int num_ases;
     AddressSpace *as;
 
     void *env_ptr; /* CPUArchState */
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 9cf9f02..3f90323 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2874,6 +2874,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
         memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->cpu_as_mem, 0);
         memory_region_set_enabled(cpu->cpu_as_mem, true);
         address_space_init(newas, cpu->cpu_as_root, "CPU");
+        cs->num_ases = 1;
         cpu_address_space_init(cs, newas, 0);
 
         /* ... SMRAM with higher priority, linked from /machine/smram.  */
-- 
1.9.1

[Qemu-devel] [PATCH v2 03/19] exec-all.h: Document tlb_set_page_with_attrs, tlb_set_page

[Peter Maydell]

Add documentation comments for tlb_set_page_with_attrs()
and tlb_set_page().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/exec/exec-all.h | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 9be0165..caa78a9 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -144,12 +144,40 @@ void tlb_flush_page_by_mmuidx(CPUState *cpu, target_ulong addr, ...);
  * MMU indexes.
  */
 void tlb_flush_by_mmuidx(CPUState *cpu, ...);
-void tlb_set_page(CPUState *cpu, target_ulong vaddr,
-                  hwaddr paddr, int prot,
-                  int mmu_idx, target_ulong size);
+/**
+ * tlb_set_page_with_attrs:
+ * @cpu: CPU to add this TLB entry for
+ * @vaddr: virtual address of page to add entry for
+ * @paddr: physical address of the page
+ * @attrs: memory transaction attributes
+ * @prot: access permissions (PAGE_READ/PAGE_WRITE/PAGE_EXEC bits)
+ * @mmu_idx: MMU index to insert TLB entry for
+ * @size: size of the page in bytes
+ *
+ * Add an entry to this CPU's TLB (a mapping from virtual address
+ * @vaddr to physical address @paddr) with the specified memory
+ * transaction attributes. This is generally called by the target CPU
+ * specific code after it has been called through the tlb_fill()
+ * entry point and performed a successful page table walk to find
+ * the physical address and attributes for the virtual address
+ * which provoked the TLB miss.
+ *
+ * At most one entry for a given virtual address is permitted. Only a
+ * single TARGET_PAGE_SIZE region is mapped; the supplied @size is only
+ * used by tlb_flush_page.
+ */
 void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
                              hwaddr paddr, MemTxAttrs attrs,
                              int prot, int mmu_idx, target_ulong size);
+/* tlb_set_page:
+ *
+ * This function is equivalent to calling tlb_set_page_with_attrs()
+ * with an @attrs argument of MEMTXATTRS_UNSPECIFIED. It's provided
+ * as a convenience for CPUs which don't use memory transaction attributes.
+ */
+void tlb_set_page(CPUState *cpu, target_ulong vaddr,
+                  hwaddr paddr, int prot,
+                  int mmu_idx, target_ulong size);
 void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr);
 void probe_write(CPUArchState *env, target_ulong addr, int mmu_idx,
                  uintptr_t retaddr);
-- 
1.9.1

[Qemu-devel] [PATCH v2 04/19] include/qom/cpu.h: Add new get_phys_page_attrs_debug method

[Peter Maydell]

Add a new optional method get_phys_page_attrs_debug to CPUClass.
This is like the existing get_phys_page_debug, but also returns
the memory transaction attributes to use for the access.
This will be necessary for CPUs which have multiple address
spaces and use the attributes to select the correct address
space.

We provide a wrapper function cpu_get_phys_page_attrs_debug()
which falls back to the existing get_phys_page_debug(), so we
don't need to change every target CPU.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/qom/cpu.h | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index ae17932..58605a5 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -98,6 +98,10 @@ struct TranslationBlock;
  * #TranslationBlock.
  * @handle_mmu_fault: Callback for handling an MMU fault.
  * @get_phys_page_debug: Callback for obtaining a physical address.
+ * @get_phys_page_attrs_debug: Callback for obtaining a physical address and the
+ *       associated memory transaction attributes to use for the access.
+ *       CPUs which use memory transaction attributes should implement this
+ *       instead of get_phys_page_debug.
  * @gdb_read_register: Callback for letting GDB read a register.
  * @gdb_write_register: Callback for letting GDB write a register.
  * @debug_excp_handler: Callback for handling debug exceptions.
@@ -152,6 +156,8 @@ typedef struct CPUClass {
     int (*handle_mmu_fault)(CPUState *cpu, vaddr address, int rw,
                             int mmu_index);
     hwaddr (*get_phys_page_debug)(CPUState *cpu, vaddr addr);
+    hwaddr (*get_phys_page_attrs_debug)(CPUState *cpu, vaddr addr,
+                                        MemTxAttrs *attrs);
     int (*gdb_read_register)(CPUState *cpu, uint8_t *buf, int reg);
     int (*gdb_write_register)(CPUState *cpu, uint8_t *buf, int reg);
     void (*debug_excp_handler)(CPUState *cpu);
@@ -445,6 +451,32 @@ void cpu_dump_statistics(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
 
 #ifndef CONFIG_USER_ONLY
 /**
+ * cpu_get_phys_page_attrs_debug:
+ * @cpu: The CPU to obtain the physical page address for.
+ * @addr: The virtual address.
+ * @attrs: Updated on return with the memory transaction attributes to use
+ *         for this access.
+ *
+ * Obtains the physical page corresponding to a virtual one, together
+ * with the corresponding memory transaction attributes to use for the access.
+ * Use it only for debugging because no protection checks are done.
+ *
+ * Returns: Corresponding physical page address or -1 if no page found.
+ */
+static inline hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+                                                   MemTxAttrs *attrs)
+{
+    CPUClass *cc = CPU_GET_CLASS(cpu);
+
+    if (cc->get_phys_page_attrs_debug) {
+        return cc->get_phys_page_attrs_debug(cpu, addr, attrs);
+    }
+    /* Fallback for CPUs which don't implement the _attrs_ hook */
+    *attrs = MEMTXATTRS_UNSPECIFIED;
+    return cc->get_phys_page_debug(cpu, addr);
+}
+
+/**
  * cpu_get_phys_page_debug:
  * @cpu: The CPU to obtain the physical page address for.
  * @addr: The virtual address.
@@ -456,9 +488,9 @@ void cpu_dump_statistics(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
  */
 static inline hwaddr cpu_get_phys_page_debug(CPUState *cpu, vaddr addr)
 {
-    CPUClass *cc = CPU_GET_CLASS(cpu);
+    MemTxAttrs attrs = {};
 
-    return cc->get_phys_page_debug(cpu, addr);
+    return cpu_get_phys_page_attrs_debug(cpu, addr, &attrs);
 }
 #endif
 
-- 
1.9.1

[Qemu-devel] [PATCH v2 05/19] include/qom/cpu.h: Add new asidx_from_attrs method

[Peter Maydell]

Add a new method to CPUClass which the memory system core can
use to obtain the correct address space index to use for a memory
access with a given set of transaction attributes, together
with the wrapper function cpu_asidx_from_attrs() which implements
the default behaviour ("always use asidx 0") for CPU classes
which don't provide the method.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/qom/cpu.h | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 58605a5..ed23246 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -102,6 +102,8 @@ struct TranslationBlock;
  *       associated memory transaction attributes to use for the access.
  *       CPUs which use memory transaction attributes should implement this
  *       instead of get_phys_page_debug.
+ * @asidx_from_attrs: Callback to return the CPU AddressSpace to use for
+ *       a memory access with the specified memory transaction attributes.
  * @gdb_read_register: Callback for letting GDB read a register.
  * @gdb_write_register: Callback for letting GDB write a register.
  * @debug_excp_handler: Callback for handling debug exceptions.
@@ -158,6 +160,7 @@ typedef struct CPUClass {
     hwaddr (*get_phys_page_debug)(CPUState *cpu, vaddr addr);
     hwaddr (*get_phys_page_attrs_debug)(CPUState *cpu, vaddr addr,
                                         MemTxAttrs *attrs);
+    int (*asidx_from_attrs)(CPUState *cpu, MemTxAttrs attrs);
     int (*gdb_read_register)(CPUState *cpu, uint8_t *buf, int reg);
     int (*gdb_write_register)(CPUState *cpu, uint8_t *buf, int reg);
     void (*debug_excp_handler)(CPUState *cpu);
@@ -492,6 +495,23 @@ static inline hwaddr cpu_get_phys_page_debug(CPUState *cpu, vaddr addr)
 
     return cpu_get_phys_page_attrs_debug(cpu, addr, &attrs);
 }
+
+/** cpu_asidx_from_attrs:
+ * @cpu: CPU
+ * @attrs: memory transaction attributes
+ *
+ * Returns the address space index specifying the CPU AddressSpace
+ * to use for a memory access with the given transaction attributes.
+ */
+static inline int cpu_asidx_from_attrs(CPUState *cpu, MemTxAttrs attrs)
+{
+    CPUClass *cc = CPU_GET_CLASS(cpu);
+
+    if (cc->asidx_from_attrs) {
+        return cc->asidx_from_attrs(cpu, attrs);
+    }
+    return 0;
+}
 #endif
 
 /**
-- 
1.9.1

[Qemu-devel] [PATCH v2 06/19] cputlb.c: Use correct address space when looking up MemoryRegionSection

[Peter Maydell]

When looking up the MemoryRegionSection for the new TLB entry in
tlb_set_page_with_attrs(), use cpu_asidx_from_attrs() to determine
the correct address space index for the lookup, and pass it into
address_space_translate_for_iotlb().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 cputlb.c                | 3 ++-
 exec.c                  | 7 ++++---
 include/exec/exec-all.h | 4 ++--
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/cputlb.c b/cputlb.c
index bf1d50a..f1c1082 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -356,6 +356,7 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
     CPUTLBEntry *te;
     hwaddr iotlb, xlat, sz;
     unsigned vidx = env->vtlb_index++ % CPU_VTLB_SIZE;
+    int asidx = cpu_asidx_from_attrs(cpu, attrs);
 
     assert(size >= TARGET_PAGE_SIZE);
     if (size != TARGET_PAGE_SIZE) {
@@ -363,7 +364,7 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
     }
 
     sz = size;
-    section = address_space_translate_for_iotlb(cpu, paddr, &xlat, &sz);
+    section = address_space_translate_for_iotlb(cpu, asidx, paddr, &xlat, &sz);
     assert(sz >= TARGET_PAGE_SIZE);
 
 #if defined(DEBUG_TLB)
diff --git a/exec.c b/exec.c
index ddb692c..92f9292 100644
--- a/exec.c
+++ b/exec.c
@@ -446,12 +446,13 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
 
 /* Called from RCU critical section */
 MemoryRegionSection *
-address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
+address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
                                   hwaddr *xlat, hwaddr *plen)
 {
     MemoryRegionSection *section;
-    section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
-                                               addr, xlat, plen, false);
+    AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
+
+    section = address_space_translate_internal(d, addr, xlat, plen, false);
 
     assert(!section->mr->iommu_ops);
     return section;
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index caa78a9..ee9757f 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -432,8 +432,8 @@ void tlb_set_dirty(CPUState *cpu, target_ulong vaddr);
 void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr);
 
 MemoryRegionSection *
-address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr, hwaddr *xlat,
-                                  hwaddr *plen);
+address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
+                                  hwaddr *xlat, hwaddr *plen);
 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
                                        MemoryRegionSection *section,
                                        target_ulong vaddr,
-- 
1.9.1

[Qemu-devel] [PATCH v2 07/19] exec.c: Pass MemTxAttrs to iotlb_to_region so it uses the right AS

[Peter Maydell]

Pass the MemTxAttrs for the memory access to iotlb_to_region(); this
allows it to determine the correct AddressSpace to use for the lookup.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 cputlb.c                | 6 ++++--
 exec.c                  | 5 +++--
 include/exec/exec-all.h | 2 +-
 softmmu_template.h      | 4 ++--
 4 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/cputlb.c b/cputlb.c
index f1c1082..f6fb161 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -449,6 +449,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr)
     void *p;
     MemoryRegion *mr;
     CPUState *cpu = ENV_GET_CPU(env1);
+    CPUIOTLBEntry *iotlbentry;
 
     page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     mmu_idx = cpu_mmu_index(env1, true);
@@ -456,8 +457,9 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr)
                  (addr & TARGET_PAGE_MASK))) {
         cpu_ldub_code(env1, addr);
     }
-    pd = env1->iotlb[mmu_idx][page_index].addr & ~TARGET_PAGE_MASK;
-    mr = iotlb_to_region(cpu, pd);
+    iotlbentry = &env1->iotlb[mmu_idx][page_index];
+    pd = iotlbentry->addr & ~TARGET_PAGE_MASK;
+    mr = iotlb_to_region(cpu, pd, iotlbentry->attrs);
     if (memory_region_is_unassigned(mr)) {
         CPUClass *cc = CPU_GET_CLASS(cpu);
 
diff --git a/exec.c b/exec.c
index 92f9292..edcfde0 100644
--- a/exec.c
+++ b/exec.c
@@ -2283,9 +2283,10 @@ static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
     return phys_section_add(map, &section);
 }
 
-MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
+MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
 {
-    CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
+    int asidx = cpu_asidx_from_attrs(cpu, attrs);
+    CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
     AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
     MemoryRegionSection *sections = d->map.sections;
 
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index ee9757f..587736e 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -403,7 +403,7 @@ extern uintptr_t tci_tb_ptr;
 #if !defined(CONFIG_USER_ONLY)
 
 struct MemoryRegion *iotlb_to_region(CPUState *cpu,
-                                     hwaddr index);
+                                     hwaddr index, MemTxAttrs attrs);
 
 void tlb_fill(CPUState *cpu, target_ulong addr, int is_write, int mmu_idx,
               uintptr_t retaddr);
diff --git a/softmmu_template.h b/softmmu_template.h
index 6803890..208f808 100644
--- a/softmmu_template.h
+++ b/softmmu_template.h
@@ -150,7 +150,7 @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState *env,
     uint64_t val;
     CPUState *cpu = ENV_GET_CPU(env);
     hwaddr physaddr = iotlbentry->addr;
-    MemoryRegion *mr = iotlb_to_region(cpu, physaddr);
+    MemoryRegion *mr = iotlb_to_region(cpu, physaddr, iotlbentry->attrs);
 
     physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
     cpu->mem_io_pc = retaddr;
@@ -357,7 +357,7 @@ static inline void glue(io_write, SUFFIX)(CPUArchState *env,
 {
     CPUState *cpu = ENV_GET_CPU(env);
     hwaddr physaddr = iotlbentry->addr;
-    MemoryRegion *mr = iotlb_to_region(cpu, physaddr);
+    MemoryRegion *mr = iotlb_to_region(cpu, physaddr, iotlbentry->attrs);
 
     physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
     if (mr != &io_mem_rom && mr != &io_mem_notdirty && !cpu->can_do_io) {
-- 
1.9.1

[Qemu-devel] [PATCH v2 08/19] exec.c: Add cpu_get_address_space()

[Peter Maydell]

Add a function to return the AddressSpace for a CPU based on
its numerical index. (Callers outside exec.c don't have access
to the CPUAddressSpace struct so can't just fish it out of the
CPUState struct directly.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 exec.c                  | 6 ++++++
 include/exec/exec-all.h | 9 +++++++++
 2 files changed, 15 insertions(+)

diff --git a/exec.c b/exec.c
index edcfde0..0d7af0c 100644
--- a/exec.c
+++ b/exec.c
@@ -579,6 +579,12 @@ void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
         memory_listener_register(&newas->tcg_as_listener, as);
     }
 }
+
+AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
+{
+    /* Return the AddressSpace corresponding to the specified index */
+    return cpu->cpu_ases[asidx].as;
+}
 #endif
 
 #ifndef CONFIG_USER_ONLY
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 587736e..05a151d 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -103,6 +103,15 @@ void cpu_reloading_memory_map(void);
  * Note that with KVM only one address space is supported.
  */
 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx);
+/**
+ * cpu_get_address_space:
+ * @cpu: CPU to get address space from
+ * @asidx: index identifying which address space to get
+ *
+ * Return the requested address space of this CPU. @asidx
+ * specifies which address space to read.
+ */
+AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx);
 /* cputlb.c */
 /**
  * tlb_flush_page:
-- 
1.9.1

[Qemu-devel] [PATCH v2 09/19] exec.c: Use cpu_get_phys_page_attrs_debug

[Peter Maydell]

Use cpu_get_phys_page_attrs_debug() when doing virtual-to-physical
conversions in debug related code, so that we can obtain the right
address space index and thus select the correct AddressSpace,
rather than always using cpu->as.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 exec.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/exec.c b/exec.c
index 0d7af0c..de540e4 100644
--- a/exec.c
+++ b/exec.c
@@ -682,9 +682,11 @@ static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
 #else
 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
 {
-    hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
+    MemTxAttrs attrs = {};
+    hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
+    int asidx = cpu_asidx_from_attrs(cpu, attrs);
     if (phys != -1) {
-        tb_invalidate_phys_addr(cpu->as,
+        tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
                                 phys | (pc & ~TARGET_PAGE_MASK));
     }
 }
@@ -3558,8 +3560,12 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
     target_ulong page;
 
     while (len > 0) {
+        int asidx;
+        MemTxAttrs attrs = {};
+
         page = addr & TARGET_PAGE_MASK;
-        phys_addr = cpu_get_phys_page_debug(cpu, page);
+        phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
+        asidx = cpu_asidx_from_attrs(cpu, attrs);
         /* if no physical page mapped, return an error */
         if (phys_addr == -1)
             return -1;
@@ -3568,9 +3574,11 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
             l = len;
         phys_addr += (addr & ~TARGET_PAGE_MASK);
         if (is_write) {
-            cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
+            cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
+                                          phys_addr, buf, l);
         } else {
-            address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
+            address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
+                             MEMTXATTRS_UNSPECIFIED,
                              buf, l, 0);
         }
         len -= l;
-- 
1.9.1

[Qemu-devel] [PATCH v2 10/19] exec.c: Use correct AddressSpace in watch_mem_read and watch_mem_write

[Peter Maydell]

In the watchpoint access routines watch_mem_read and watch_mem_write,
find the correct AddressSpace to use from current_cpu and the memory
transaction attributes, rather than always assuming address_space_memory.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 exec.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/exec.c b/exec.c
index de540e4..a455632 100644
--- a/exec.c
+++ b/exec.c
@@ -2101,17 +2101,19 @@ static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
 {
     MemTxResult res;
     uint64_t data;
+    int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
+    AddressSpace *as = current_cpu->cpu_ases[asidx].as;
 
     check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
     switch (size) {
     case 1:
-        data = address_space_ldub(&address_space_memory, addr, attrs, &res);
+        data = address_space_ldub(as, addr, attrs, &res);
         break;
     case 2:
-        data = address_space_lduw(&address_space_memory, addr, attrs, &res);
+        data = address_space_lduw(as, addr, attrs, &res);
         break;
     case 4:
-        data = address_space_ldl(&address_space_memory, addr, attrs, &res);
+        data = address_space_ldl(as, addr, attrs, &res);
         break;
     default: abort();
     }
@@ -2124,17 +2126,19 @@ static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
                                    MemTxAttrs attrs)
 {
     MemTxResult res;
+    int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
+    AddressSpace *as = current_cpu->cpu_ases[asidx].as;
 
     check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
     switch (size) {
     case 1:
-        address_space_stb(&address_space_memory, addr, val, attrs, &res);
+        address_space_stb(as, addr, val, attrs, &res);
         break;
     case 2:
-        address_space_stw(&address_space_memory, addr, val, attrs, &res);
+        address_space_stw(as, addr, val, attrs, &res);
         break;
     case 4:
-        address_space_stl(&address_space_memory, addr, val, attrs, &res);
+        address_space_stl(as, addr, val, attrs, &res);
         break;
     default: abort();
     }
-- 
1.9.1

[Qemu-devel] [PATCH v2 11/19] memory: Add address_space_init_shareable()

[Peter Maydell]

From: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

This will either create a new AS or return a pointer to an
already existing equivalent one, if we have already created
an AS for the specified root memory region.

The motivation is to reuse address spaces as much as possible.
It's going to be quite common that bus masters out in device land
have pointers to the same memory region for their mastering yet
each will need to create its own address space. Let the memory
API implement sharing for them.

Aside from the perf optimisations, this should reduce the amount
of redundant output on info mtree as well.

Thee returned value will be malloced, but the malloc will be
automatically freed when the AS runs out of refs.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[PMM: dropped check for NULL root as unused; added doc-comment;
 squashed Peter C's reference-counting patch into this one;
 don't compare name string when deciding if we can share ASes;
 read as->malloced before the unref of as->root to avoid possible
 read-after-free if as->root was the owner of as]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/exec/memory.h | 18 ++++++++++++++++++
 memory.c              | 27 +++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 0f07159..d156e8a 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -236,6 +236,8 @@ struct AddressSpace {
     struct rcu_head rcu;
     char *name;
     MemoryRegion *root;
+    int ref_count;
+    bool malloced;
 
     /* Accessed via RCU.  */
     struct FlatView *current_map;
@@ -1165,6 +1167,22 @@ MemTxResult memory_region_dispatch_write(MemoryRegion *mr,
  */
 void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name);
 
+/**
+ * address_space_init_shareable: return an address space for a memory region,
+ *                               creating it if it does not already exist
+ *
+ * @root: a #MemoryRegion that routes addresses for the address space
+ * @name: an address space name.  The name is only used for debugging
+ *        output.
+ *
+ * This function will return a pointer to an existing AddressSpace
+ * which was initialized with the specified MemoryRegion, or it will
+ * create and initialize one if it does not already exist. The ASes
+ * are reference-counted, so the memory will be freed automatically
+ * when the AddressSpace is destroyed via address_space_destroy.
+ */
+AddressSpace *address_space_init_shareable(MemoryRegion *root,
+                                           const char *name);
 
 /**
  * address_space_destroy: destroy an address space
diff --git a/memory.c b/memory.c
index e193658..a969ff8 100644
--- a/memory.c
+++ b/memory.c
@@ -2105,7 +2105,9 @@ void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name)
 {
     memory_region_ref(root);
     memory_region_transaction_begin();
+    as->ref_count = 1;
     as->root = root;
+    as->malloced = false;
     as->current_map = g_new(FlatView, 1);
     flatview_init(as->current_map);
     as->ioeventfd_nb = 0;
@@ -2120,6 +2122,7 @@ void address_space_init(AddressSpace *as, MemoryRegion *root, const char *name)
 static void do_address_space_destroy(AddressSpace *as)
 {
     MemoryListener *listener;
+    bool do_free = as->malloced;
 
     address_space_destroy_dispatch(as);
 
@@ -2131,12 +2134,36 @@ static void do_address_space_destroy(AddressSpace *as)
     g_free(as->name);
     g_free(as->ioeventfds);
     memory_region_unref(as->root);
+    if (do_free) {
+        g_free(as);
+    }
+}
+
+AddressSpace *address_space_init_shareable(MemoryRegion *root, const char *name)
+{
+    AddressSpace *as;
+
+    QTAILQ_FOREACH(as, &address_spaces, address_spaces_link) {
+        if (root == as->root && as->malloced) {
+            as->ref_count++;
+            return as;
+        }
+    }
+
+    as = g_malloc0(sizeof *as);
+    address_space_init(as, root, name);
+    as->malloced = true;
+    return as;
 }
 
 void address_space_destroy(AddressSpace *as)
 {
     MemoryRegion *root = as->root;
 
+    as->ref_count--;
+    if (as->ref_count) {
+        return;
+    }
     /* Flush out anything from MemoryListeners listening in on this */
     memory_region_transaction_begin();
     as->root = NULL;
-- 
1.9.1

[Qemu-devel] [PATCH v2 12/19] qom/cpu: Add MemoryRegion property

[Peter Maydell]

From: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

Add a MemoryRegion property, which if set is used to construct
the CPU's initial (default) AddressSpace.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[PMM: code is moved from qom/cpu.c to exec.c to avoid having to
 make qom/cpu.o be a non-common object file; code to use the
 MemoryRegion and to default it to system_memory added.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 cpus.c            |  4 +++-
 exec.c            | 14 ++++++++++++++
 include/qom/cpu.h |  1 +
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/cpus.c b/cpus.c
index 4cea798..aedcdd1 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1375,8 +1375,10 @@ void qemu_init_vcpu(CPUState *cpu)
         /* If the target cpu hasn't set up any address spaces itself,
          * give it the default one.
          */
+        AddressSpace *as = address_space_init_shareable(cpu->memory,
+                                                        "cpu-memory");
         cpu->num_ases = 1;
-        cpu_address_space_init(cpu, &address_space_memory, 0);
+        cpu_address_space_init(cpu, as, 0);
     }
 
     if (kvm_enabled()) {
diff --git a/exec.c b/exec.c
index a455632..ab55248 100644
--- a/exec.c
+++ b/exec.c
@@ -643,6 +643,20 @@ void cpu_exec_init(CPUState *cpu, Error **errp)
 
 #ifndef CONFIG_USER_ONLY
     cpu->thread_id = qemu_get_thread_id();
+
+    /* This is a softmmu CPU object, so create a property for it
+     * so users can wire up its memory. (This can't go in qom/cpu.c
+     * because that file is compiled only once for both user-mode
+     * and system builds.) The default if no link is set up is to use
+     * the system address space.
+     */
+    object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
+                             (Object **)&cpu->memory,
+                             qdev_prop_allow_set_link_before_realize,
+                             OBJ_PROP_LINK_UNREF_ON_RELEASE,
+                             &error_abort);
+    cpu->memory = system_memory;
+    object_ref(OBJECT(cpu->memory));
 #endif
 
 #if defined(CONFIG_USER_ONLY)
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index ed23246..2e5229d 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -297,6 +297,7 @@ struct CPUState {
     CPUAddressSpace *cpu_ases;
     int num_ases;
     AddressSpace *as;
+    MemoryRegion *memory;
 
     void *env_ptr; /* CPUArchState */
     struct TranslationBlock *current_tb;
-- 
1.9.1

[Qemu-devel] [PATCH v2 13/19] target-arm: Add QOM property for Secure memory region

[Peter Maydell]

Add QOM property to the ARM CPU which boards can use to tell us what
memory region to use for secure accesses. Nonsecure accesses
go via the memory region specified with the base CPU class 'memory'
property.

By default, if no secure region is specified it is the same as the
nonsecure region, and if no nonsecure region is specified we will use
address_space_memory.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu-qom.h |  3 +++
 target-arm/cpu.c     | 32 ++++++++++++++++++++++++++++++++
 target-arm/cpu.h     |  6 ++++++
 3 files changed, 41 insertions(+)

diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
index 25fb1ce..8cb5bd5 100644
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@@ -87,6 +87,9 @@ typedef struct ARMCPU {
     /* GPIO outputs for generic timer */
     qemu_irq gt_timer_outputs[NUM_GTIMERS];
 
+    /* MemoryRegion to use for secure physical accesses */
+    MemoryRegion *secure_memory;
+
     /* 'compatible' string for this CPU for Linux device trees */
     const char *dtb_compatible;
 
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 30739fc..690d984 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -542,6 +542,15 @@ static void arm_cpu_post_init(Object *obj)
          */
         qdev_property_add_static(DEVICE(obj), &arm_cpu_has_el3_property,
                                  &error_abort);
+
+#ifndef CONFIG_USER_ONLY
+        object_property_add_link(obj, "secure-memory",
+                                 TYPE_MEMORY_REGION,
+                                 (Object **)&cpu->secure_memory,
+                                 qdev_prop_allow_set_link_before_realize,
+                                 OBJ_PROP_LINK_UNREF_ON_RELEASE,
+                                 &error_abort);
+#endif
     }
 
     if (arm_feature(&cpu->env, ARM_FEATURE_MPU)) {
@@ -665,6 +674,29 @@ static void arm_cpu_realizefn(DeviceState *dev, Error **errp)
 
     init_cpreg_list(cpu);
 
+#ifndef CONFIG_USER_ONLY
+    if (cpu->has_el3) {
+        cs->num_ases = 2;
+    } else {
+        cs->num_ases = 1;
+    }
+
+    if (cpu->has_el3) {
+        AddressSpace *as;
+
+        if (!cpu->secure_memory) {
+            cpu->secure_memory = cs->memory;
+        }
+        as = address_space_init_shareable(cpu->secure_memory,
+                                          "cpu-secure-memory");
+        cpu_address_space_init(cs, as, ARMASIdx_S);
+    }
+    cpu_address_space_init(cs,
+                           address_space_init_shareable(cs->memory,
+                                                        "cpu-memory"),
+                           ARMASIdx_NS);
+#endif
+
     qemu_init_vcpu(cs);
     cpu_reset(cs);
 
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 815fef8..9108b5b 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -1720,6 +1720,12 @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)
     return el;
 }
 
+/* Indexes used when registering address spaces with cpu_address_space_init */
+typedef enum ARMASIdx {
+    ARMASIdx_NS = 0,
+    ARMASIdx_S = 1,
+} ARMASIdx;
+
 /* Return the Exception Level targeted by debug exceptions;
  * currently always EL1 since we don't implement EL2 or EL3.
  */
-- 
1.9.1

[Qemu-devel] [PATCH v2 14/19] target-arm: Implement asidx_from_attrs

[Peter Maydell]

Implement the asidx_from_attrs CPU method to return the
Secure or NonSecure address space as appropriate.

(The function is inline so we can use it directly in target-arm
code to be added in later patches.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.c | 1 +
 target-arm/cpu.h | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 690d984..32d0b5c 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -1450,6 +1450,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void *data)
 #else
     cc->do_interrupt = arm_cpu_do_interrupt;
     cc->get_phys_page_debug = arm_cpu_get_phys_page_debug;
+    cc->asidx_from_attrs = arm_asidx_from_attrs;
     cc->vmsd = &vmstate_arm_cpu;
     cc->virtio_is_big_endian = arm_cpu_is_big_endian;
 #endif
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 9108b5b..ee873b7 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -1997,4 +1997,12 @@ enum {
     QEMU_PSCI_CONDUIT_HVC = 2,
 };
 
+#ifndef CONFIG_USER_ONLY
+/* Return the address space index to use for a memory access */
+static inline int arm_asidx_from_attrs(CPUState *cs, MemTxAttrs attrs)
+{
+    return attrs.secure ? ARMASIdx_S : ARMASIdx_NS;
+}
+#endif
+
 #endif
-- 
1.9.1

[Qemu-devel] [PATCH v2 15/19] target-arm: Implement cpu_get_phys_page_attrs_debug

[Peter Maydell]

Implement cpu_get_phys_page_attrs_debug instead of cpu_get_phys_page_debug.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu-qom.h | 3 ++-
 target-arm/cpu.c     | 2 +-
 target-arm/helper.c  | 7 +++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
index 8cb5bd5..e4d4270 100644
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@@ -219,7 +219,8 @@ bool arm_cpu_exec_interrupt(CPUState *cpu, int int_req);
 void arm_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
                         int flags);
 
-hwaddr arm_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+                                         MemTxAttrs *attrs);
 
 int arm_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
 int arm_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index 32d0b5c..6b3cf32 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -1449,7 +1449,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void *data)
     cc->handle_mmu_fault = arm_cpu_handle_mmu_fault;
 #else
     cc->do_interrupt = arm_cpu_do_interrupt;
-    cc->get_phys_page_debug = arm_cpu_get_phys_page_debug;
+    cc->get_phys_page_attrs_debug = arm_cpu_get_phys_page_attrs_debug;
     cc->asidx_from_attrs = arm_asidx_from_attrs;
     cc->vmsd = &vmstate_arm_cpu;
     cc->virtio_is_big_endian = arm_cpu_is_big_endian;
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 4ecae61..ac388d1 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -7323,7 +7323,8 @@ bool arm_tlb_fill(CPUState *cs, vaddr address,
     return ret;
 }
 
-hwaddr arm_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
+                                         MemTxAttrs *attrs)
 {
     ARMCPU *cpu = ARM_CPU(cs);
     CPUARMState *env = &cpu->env;
@@ -7332,16 +7333,14 @@ hwaddr arm_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
     int prot;
     bool ret;
     uint32_t fsr;
-    MemTxAttrs attrs = {};
     ARMMMUFaultInfo fi = {};
 
     ret = get_phys_addr(env, addr, 0, cpu_mmu_index(env, false), &phys_addr,
-                        &attrs, &prot, &page_size, &fsr, &fi);
+                        attrs, &prot, &page_size, &fsr, &fi);
 
     if (ret) {
         return -1;
     }
-
     return phys_addr;
 }
 
-- 
1.9.1

[Qemu-devel] [PATCH v2 16/19] target-arm: Support multiple address spaces in page table walks

[Peter Maydell]

If we have a secure address space, use it in page table walks:
when doing the physical accesses to read descriptors, make them
through the correct address space.

(The descriptor reads are the only direct physical accesses
made in target-arm/ for CPUs which might have TrustZone.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target-arm/cpu.h    | 9 +++++++++
 target-arm/helper.c | 8 ++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index ee873b7..5f81342 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -2003,6 +2003,15 @@ static inline int arm_asidx_from_attrs(CPUState *cs, MemTxAttrs attrs)
 {
     return attrs.secure ? ARMASIdx_S : ARMASIdx_NS;
 }
+
+/* Return the AddressSpace to use for a memory access
+ * (which depends on whether the access is S or NS, and whether
+ * the board gave us a separate AddressSpace for S accesses).
+ */
+static inline AddressSpace *arm_addressspace(CPUState *cs, MemTxAttrs attrs)
+{
+    return cpu_get_address_space(cs, arm_asidx_from_attrs(cs, attrs));
+}
 #endif
 
 #endif
diff --git a/target-arm/helper.c b/target-arm/helper.c
index ac388d1..415aa21 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -6260,13 +6260,15 @@ static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure,
     ARMCPU *cpu = ARM_CPU(cs);
     CPUARMState *env = &cpu->env;
     MemTxAttrs attrs = {};
+    AddressSpace *as;
 
     attrs.secure = is_secure;
+    as = arm_addressspace(cs, attrs);
     addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fsr, fi);
     if (fi->s1ptw) {
         return 0;
     }
-    return address_space_ldl(cs->as, addr, attrs, NULL);
+    return address_space_ldl(as, addr, attrs, NULL);
 }
 
 static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure,
@@ -6276,13 +6278,15 @@ static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure,
     ARMCPU *cpu = ARM_CPU(cs);
     CPUARMState *env = &cpu->env;
     MemTxAttrs attrs = {};
+    AddressSpace *as;
 
     attrs.secure = is_secure;
+    as = arm_addressspace(cs, attrs);
     addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fsr, fi);
     if (fi->s1ptw) {
         return 0;
     }
-    return address_space_ldq(cs->as, addr, attrs, NULL);
+    return address_space_ldq(as, addr, attrs, NULL);
 }
 
 static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
-- 
1.9.1

[Qemu-devel] [PATCH v2 17/19] hw/arm/virt: Wire up memory region to CPUs explicitly

[Peter Maydell]

Wire up the system memory region to the CPUs explicitly
by setting the QOM property. This doesn't change anything
over letting it default, but will be needed for adding
a secure memory region later.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
 hw/arm/virt.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 9c6792c..47cc196 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1020,6 +1020,9 @@ static void machvirt_init(MachineState *machine)
                                     "reset-cbar", &error_abort);
         }
 
+        object_property_set_link(cpuobj, OBJECT(sysmem), "memory",
+                                 &error_abort);
+
         object_property_set_bool(cpuobj, true, "realized", NULL);
     }
     g_strfreev(cpustr);
-- 
1.9.1

[Qemu-devel] [PATCH v2 18/19] [RFC] hw/arm/virt: add secure memory region and UART

[Peter Maydell]

Add a secure memory region to the virt board, which is the
same as the nonsecure memory region except that it also has
a secure-only UART in it. This is only created if the
board is started with the '-machine secure=on' property.

This is an RFC patch, beacuse the device tree bindings for
indicating secure vs nonsecure devices are still under
discussion upstream:
      https://lkml.org/lkml/2015/10/29/287

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c         | 55 ++++++++++++++++++++++++++++++++++++++++++++-------
 include/hw/arm/virt.h |  1 +
 2 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 47cc196..623e835 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -120,6 +120,7 @@ static const MemMapEntry a15memmap[] = {
     [VIRT_UART] =               { 0x09000000, 0x00001000 },
     [VIRT_RTC] =                { 0x09010000, 0x00001000 },
     [VIRT_FW_CFG] =             { 0x09020000, 0x00000018 },
+    [VIRT_SECURE_UART] =        { 0x09030000, 0x00001000 },
     [VIRT_MMIO] =               { 0x0a000000, 0x00000200 },
     /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
     [VIRT_PLATFORM_BUS] =       { 0x0c000000, 0x02000000 },
@@ -135,6 +136,7 @@ static const int a15irqmap[] = {
     [VIRT_UART] = 1,
     [VIRT_RTC] = 2,
     [VIRT_PCIE] = 3, /* ... to 6 */
+    [VIRT_SECURE_UART] = 7,
     [VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */
     [VIRT_GIC_V2M] = 48, /* ...to 48 + NUM_GICV2M_SPIS - 1 */
     [VIRT_PLATFORM_BUS] = 112, /* ...to 112 + PLATFORM_BUS_NUM_IRQS -1 */
@@ -485,16 +487,22 @@ static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic, int type, bool secure)
     }
 }
 
-static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic)
+static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic, int uart,
+                        MemoryRegion *mem)
 {
     char *nodename;
-    hwaddr base = vbi->memmap[VIRT_UART].base;
-    hwaddr size = vbi->memmap[VIRT_UART].size;
-    int irq = vbi->irqmap[VIRT_UART];
+    hwaddr base = vbi->memmap[uart].base;
+    hwaddr size = vbi->memmap[uart].size;
+    int irq = vbi->irqmap[uart];
     const char compat[] = "arm,pl011\0arm,primecell";
     const char clocknames[] = "uartclk\0apb_pclk";
+    DeviceState *dev = qdev_create(NULL, "pl011");
+    SysBusDevice *s = SYS_BUS_DEVICE(dev);
 
-    sysbus_create_simple("pl011", base, pic[irq]);
+    qdev_init_nofail(dev);
+    memory_region_add_subregion(mem, base,
+                                sysbus_mmio_get_region(s, 0));
+    sysbus_connect_irq(s, 0, pic[irq]);
 
     nodename = g_strdup_printf("/pl011@%" PRIx64, base);
     qemu_fdt_add_subnode(vbi->fdt, nodename);
@@ -511,7 +519,14 @@ static void create_uart(const VirtBoardInfo *vbi, qemu_irq *pic)
     qemu_fdt_setprop(vbi->fdt, nodename, "clock-names",
                          clocknames, sizeof(clocknames));
 
-    qemu_fdt_setprop_string(vbi->fdt, "/chosen", "stdout-path", nodename);
+    if (uart == VIRT_UART) {
+        qemu_fdt_setprop_string(vbi->fdt, "/chosen", "stdout-path", nodename);
+    } else {
+        /* Mark as not usable by the normal world */
+        qemu_fdt_setprop_string(vbi->fdt, nodename, "status", "secure");
+        qemu_fdt_setprop_string(vbi->fdt, nodename, "secure-status", "okay");
+    }
+
     g_free(nodename);
 }
 
@@ -922,6 +937,7 @@ static void machvirt_init(MachineState *machine)
     VirtMachineState *vms = VIRT_MACHINE(machine);
     qemu_irq pic[NUM_IRQS];
     MemoryRegion *sysmem = get_system_memory();
+    MemoryRegion *secure_sysmem = NULL;
     int gic_version = vms->gic_version;
     int n, max_cpus;
     MemoryRegion *ram = g_new(MemoryRegion, 1);
@@ -980,6 +996,23 @@ static void machvirt_init(MachineState *machine)
         exit(1);
     }
 
+    if (vms->secure) {
+        if (kvm_enabled()) {
+            error_report("mach-virt: KVM does not support Security extensions");
+            exit(1);
+        }
+
+        /* The Secure view of the world is the same as the NonSecure,
+         * but with a few extra devices. Create it as a container region
+         * containing the system memory at low priority; any secure-only
+         * devices go in at higher priority and take precedence.
+         */
+        secure_sysmem = g_new(MemoryRegion, 1);
+        memory_region_init(secure_sysmem, OBJECT(machine), "secure-memory",
+                           UINT64_MAX);
+        memory_region_add_subregion_overlap(secure_sysmem, 0, sysmem, -1);
+    }
+
     create_fdt(vbi);
 
     for (n = 0; n < smp_cpus; n++) {
@@ -1022,6 +1055,10 @@ static void machvirt_init(MachineState *machine)
 
         object_property_set_link(cpuobj, OBJECT(sysmem), "memory",
                                  &error_abort);
+        if (vms->secure) {
+            object_property_set_link(cpuobj, OBJECT(secure_sysmem),
+                                     "secure-memory", &error_abort);
+        }
 
         object_property_set_bool(cpuobj, true, "realized", NULL);
     }
@@ -1038,7 +1075,11 @@ static void machvirt_init(MachineState *machine)
 
     create_gic(vbi, pic, gic_version, vms->secure);
 
-    create_uart(vbi, pic);
+    create_uart(vbi, pic, VIRT_UART, sysmem);
+
+    if (vms->secure) {
+        create_uart(vbi, pic, VIRT_SECURE_UART, secure_sysmem);
+    }
 
     create_rtc(vbi, pic);
 
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index f464586..9622e9f 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -59,6 +59,7 @@ enum {
     VIRT_PCIE_ECAM,
     VIRT_PLATFORM_BUS,
     VIRT_PCIE_MMIO_HIGH,
+    VIRT_SECURE_UART,
 };
 
 typedef struct MemMapEntry {
-- 
1.9.1

[Qemu-devel] [PATCH v2 19/19] HACK: rearrange the virt memory map to suit OP-TEE

[Peter Maydell]

The current OP-TEE codebase expects the secure UART to
be at 0x09010000 and irq 2 (it is based on an old
non-upstream patch to add a second uart, and upstream
used that memory map area for something else). When
the TZ support is upstream in QEMU we can move OP-TEE
on to a proper upstream QEMU and update it to use the
new UART location, but for now this hack patch allows
running a more-or-less unmodified OP-TEE.

Put the secure UART at the address and irq where OP-TEE
expects it, moving some other devices down to make space.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/virt.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 623e835..ced42be 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -118,9 +118,9 @@ static const MemMapEntry a15memmap[] = {
     /* This redistributor space allows up to 2*64kB*123 CPUs */
     [VIRT_GIC_REDIST] =         { 0x080A0000, 0x00F60000 },
     [VIRT_UART] =               { 0x09000000, 0x00001000 },
-    [VIRT_RTC] =                { 0x09010000, 0x00001000 },
-    [VIRT_FW_CFG] =             { 0x09020000, 0x00000018 },
-    [VIRT_SECURE_UART] =        { 0x09030000, 0x00001000 },
+    [VIRT_RTC] =                { 0x09020000, 0x00001000 },
+    [VIRT_FW_CFG] =             { 0x09030000, 0x00000018 },
+    [VIRT_SECURE_UART] =        { 0x09010000, 0x00001000 },
     [VIRT_MMIO] =               { 0x0a000000, 0x00000200 },
     /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
     [VIRT_PLATFORM_BUS] =       { 0x0c000000, 0x02000000 },
@@ -134,9 +134,9 @@ static const MemMapEntry a15memmap[] = {
 
 static const int a15irqmap[] = {
     [VIRT_UART] = 1,
-    [VIRT_RTC] = 2,
-    [VIRT_PCIE] = 3, /* ... to 6 */
-    [VIRT_SECURE_UART] = 7,
+    [VIRT_RTC] = 3,
+    [VIRT_PCIE] = 4, /* ... to 7 */
+    [VIRT_SECURE_UART] = 2,
     [VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */
     [VIRT_GIC_V2M] = 48, /* ...to 48 + NUM_GICV2M_SPIS - 1 */
     [VIRT_PLATFORM_BUS] = 112, /* ...to 112 + PLATFORM_BUS_NUM_IRQS -1 */
-- 
1.9.1

Re: [Qemu-devel] [PATCH v2 04/19] include/qom/cpu.h: Add new get_phys_page_attrs_debug method

[Andreas Färber]

Am 16.11.2015 um 15:05 schrieb Peter Maydell:
> Add a new optional method get_phys_page_attrs_debug to CPUClass.
> This is like the existing get_phys_page_debug, but also returns
> the memory transaction attributes to use for the access.
> This will be necessary for CPUs which have multiple address
> spaces and use the attributes to select the correct address
> space.
> 
> We provide a wrapper function cpu_get_phys_page_attrs_debug()
> which falls back to the existing get_phys_page_debug(), so we
> don't need to change every target CPU.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  include/qom/cpu.h | 36 ++++++++++++++++++++++++++++++++++--
>  1 file changed, 34 insertions(+), 2 deletions(-)

Please use "qom:" and () by convention, otherwise looks fine.

Regards,
Andreas

-- 
SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton; HRB 21284 (AG Nürnberg)

Re: [Qemu-devel] [PATCH v2 04/19] include/qom/cpu.h: Add new get_phys_page_attrs_debug method

[Andreas Färber]

Am 16.11.2015 um 15:07 schrieb Andreas Färber:
> Am 16.11.2015 um 15:05 schrieb Peter Maydell:
>> Add a new optional method get_phys_page_attrs_debug to CPUClass.
>> This is like the existing get_phys_page_debug, but also returns
>> the memory transaction attributes to use for the access.
>> This will be necessary for CPUs which have multiple address
>> spaces and use the attributes to select the correct address
>> space.
>>
>> We provide a wrapper function cpu_get_phys_page_attrs_debug()
>> which falls back to the existing get_phys_page_debug(), so we
>> don't need to change every target CPU.
>>
>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>> ---
>>  include/qom/cpu.h | 36 ++++++++++++++++++++++++++++++++++--
>>  1 file changed, 34 insertions(+), 2 deletions(-)
> 
> Please use "qom:" and () by convention, otherwise looks fine.

Err, obviously I meant "cpu:".

> 
> Regards,
> Andreas

-- 
SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton; HRB 21284 (AG Nürnberg)

Re: [Qemu-devel] [Qemu-arm] [PATCH v2 18/19] [RFC] hw/arm/virt: add secure memory region and UART

[Peter Maydell]

On 16 November 2015 at 14:05, Peter Maydell <peter.maydell@linaro.org> wrote:
> Add a secure memory region to the virt board, which is the
> same as the nonsecure memory region except that it also has
> a secure-only UART in it. This is only created if the
> board is started with the '-machine secure=on' property.
>
> This is an RFC patch, beacuse the device tree bindings for
> indicating secure vs nonsecure devices are still under
> discussion upstream:
>       https://lkml.org/lkml/2015/10/29/287

The bindings have been accepted upstream, so we can take the
'RFC' tag off this patch now.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 00/19] Add support for multiple address spaces per CPU and use it for ARM TrustZone

[Peter Maydell]

Ping for a review request now we're pretty nearly done with 2.5 ?

thanks
-- PMM


On 16 November 2015 at 14:05, Peter Maydell <peter.maydell@linaro.org> wrote:
> This patch series adds support to QEMU's core exec/memory code for
> CPUs which have more than one address space, and uses it for
> ARM TrustZone. In particular, a TZ CPU will have two physical
> address spaces (Secure and Non-secure), and the patchset allows a
> board model to create these both separately and connect them to
> the CPU, so that we can have devices or memory which are visible
> only in the Secure address space. (We already have support for
> TZ in the CPU emulation itself, and support for devices like the
> GIC which respond differently to Secure and Non-secure accesses,
> so this is the last part of the puzzle for 32-bit.)
>
> The general approach is that we allow a target-* cpu to define
> more than one address space at initialization, allocating each
> one a small integer "address space index" (asidx). The target CPU
> also defines the mapping from memory transaction attributes to
> the asidx via a new QOM CPU method asidx_from_attrs. The memory
> and cputlb core code then use the asidx to look up memory regions
> in the correct AddressSpace (both at TLB fill time and in the
> io_read/write stage at runtime).
>
> Changes since v1:
>  * the biggest change is that rather than having the target-cpu
>    code pass us an asidx and storing asidxes in the IOTLB, we
>    now determine the address space index from the memory transaction
>    attributes. This has had effects all through the patchstack.
>  * some reshuffling of patch order (among other things, all the
>    core patches are now at the front, with the target-arm patches
>    next and the virt board last).
>  * added missing object_ref(OBJECT(cpu->memory)) when setting the
>    default value of cpu->memory
>  * don't allow sharing of ASes that weren't created via
>    address_space_init_shareable
>  * now only allocate cpu_ases array once (target has to set
>    cpu->num_ases before first call to cpu_address_space_init())
>  * new patch documenting tlb_set_page_with_attrs -- I no longer need
>    to add a new argument to this function, but didn't want to throw
>    away the doc comment I'd written...
>
> The 'add secure memory region to virt board' patch is still RFC
> because the device tree binding to say "device is secure-only" is
> still under discussion on the kernel mailing list; patch 19
> is a pure hack, and is here for testing purposes only.
>
> You can run OP-TEE on QEMU with these patches:
> see https://github.com/OP-TEE/optee_os for details of how to
> get, build and run it. The 'make run' will use the custom QEMU
> version that comes with OP-TEE (do that first to make sure your
> OP-TEE has built and works ok). To get it to use a locally built QEMU
> with these patches do:
>
> make run-only QEMU_PATH=/path/to/your/qemu/build/directory QEMU_EXTRA_ARGS='-machine secure=on'
>
> Notes on a couple of things the patchset doesn't address:
>  (1) image/romfile/kernel loading etc will load only into the nonsecure
> address space. This would be conceptually simple to implement (you just
> need to pass an AS into lots of functions) but since OP-TEE doesn't need
> it I felt it could safely be left for later rather than making this
> patchset bigger.
>
>  (2) Using multiple address spaces in one CPU won't work with KVM
> (and we assert if you try; nothing at the moment will attempt it).
> Using different address spaces in different CPUs in an SMP setup
> will also not work with KVM, but we don't assert on that because
> I wasn't sure where best to put the assert. (Also, it would be
> nice if we could do that, because the modelling for ARM SMP
> setups would really be cleaner if we could put the per-CPU
> devices and so on in a set of per-CPU ASes.)
>
> You can find a git branch with this patchset in here:
>  https://git.linaro.org/people/peter.maydell/qemu-arm.git multi-ases
>
> thanks
> -- PMM
>
>
> Peter Crosthwaite (2):
>   memory: Add address_space_init_shareable()
>   qom/cpu: Add MemoryRegion property
>
> Peter Maydell (17):
>   exec.c: Don't set cpu->as until cpu_address_space_init
>   exec.c: Allow target CPUs to define multiple AddressSpaces
>   exec-all.h: Document tlb_set_page_with_attrs, tlb_set_page
>   include/qom/cpu.h: Add new get_phys_page_attrs_debug method
>   include/qom/cpu.h: Add new asidx_from_attrs method
>   cputlb.c: Use correct address space when looking up
>     MemoryRegionSection
>   exec.c: Pass MemTxAttrs to iotlb_to_region so it uses the right AS
>   exec.c: Add cpu_get_address_space()
>   exec.c: Use cpu_get_phys_page_attrs_debug
>   exec.c: Use correct AddressSpace in watch_mem_read and watch_mem_write
>   target-arm: Add QOM property for Secure memory region
>   target-arm: Implement asidx_from_attrs
>   target-arm: Implement cpu_get_phys_page_attrs_debug
>   target-arm: Support multiple address spaces in page table walks
>   hw/arm/virt: Wire up memory region to CPUs explicitly
>   [RFC] hw/arm/virt: add secure memory region and UART
>   HACK: rearrange the virt memory map to suit OP-TEE
>
>  cpus.c                  |  13 +++++-
>  cputlb.c                |   9 +++--
>  exec.c                  | 103 +++++++++++++++++++++++++++++++++++-------------
>  hw/arm/virt.c           |  66 +++++++++++++++++++++++++------
>  include/exec/exec-all.h |  69 ++++++++++++++++++++++++++++----
>  include/exec/memory.h   |  18 +++++++++
>  include/hw/arm/virt.h   |   1 +
>  include/qom/cpu.h       |  57 ++++++++++++++++++++++++++-
>  memory.c                |  27 +++++++++++++
>  softmmu_template.h      |   4 +-
>  target-arm/cpu-qom.h    |   6 ++-
>  target-arm/cpu.c        |  35 +++++++++++++++-
>  target-arm/cpu.h        |  23 +++++++++++
>  target-arm/helper.c     |  15 ++++---
>  target-i386/cpu.c       |   7 +++-
>  15 files changed, 389 insertions(+), 64 deletions(-)
>
> --
> 1.9.1

Re: [Qemu-devel] [PATCH v2 00/19] Add support for multiple address spaces per CPU and use it for ARM TrustZone

[Peter Maydell]

Ping again (though I know Paolo said on IRC he'd put this on
his list to look at). I have a rebased branch at
  https://git.linaro.org/people/peter.maydell/qemu-arm.git multi-ases-2
but the only differences are some minor fixes to conflicts in
the virt board patches following the GPIO device going into master,
so I'm not going to resend the patchset unless somebody specifically
wants me to -- I think the patches on list should be ok for review
purposes.

thanks
-- PMM

On 15 December 2015 at 16:26, Peter Maydell <peter.maydell@linaro.org> wrote:
> Ping for a review request now we're pretty nearly done with 2.5 ?
>
> thanks
> -- PMM
>
>
> On 16 November 2015 at 14:05, Peter Maydell <peter.maydell@linaro.org> wrote:
>> This patch series adds support to QEMU's core exec/memory code for
>> CPUs which have more than one address space, and uses it for
>> ARM TrustZone. In particular, a TZ CPU will have two physical
>> address spaces (Secure and Non-secure), and the patchset allows a
>> board model to create these both separately and connect them to
>> the CPU, so that we can have devices or memory which are visible
>> only in the Secure address space. (We already have support for
>> TZ in the CPU emulation itself, and support for devices like the
>> GIC which respond differently to Secure and Non-secure accesses,
>> so this is the last part of the puzzle for 32-bit.)
>>
>> The general approach is that we allow a target-* cpu to define
>> more than one address space at initialization, allocating each
>> one a small integer "address space index" (asidx). The target CPU
>> also defines the mapping from memory transaction attributes to
>> the asidx via a new QOM CPU method asidx_from_attrs. The memory
>> and cputlb core code then use the asidx to look up memory regions
>> in the correct AddressSpace (both at TLB fill time and in the
>> io_read/write stage at runtime).
>>
>> Changes since v1:
>>  * the biggest change is that rather than having the target-cpu
>>    code pass us an asidx and storing asidxes in the IOTLB, we
>>    now determine the address space index from the memory transaction
>>    attributes. This has had effects all through the patchstack.
>>  * some reshuffling of patch order (among other things, all the
>>    core patches are now at the front, with the target-arm patches
>>    next and the virt board last).
>>  * added missing object_ref(OBJECT(cpu->memory)) when setting the
>>    default value of cpu->memory
>>  * don't allow sharing of ASes that weren't created via
>>    address_space_init_shareable
>>  * now only allocate cpu_ases array once (target has to set
>>    cpu->num_ases before first call to cpu_address_space_init())
>>  * new patch documenting tlb_set_page_with_attrs -- I no longer need
>>    to add a new argument to this function, but didn't want to throw
>>    away the doc comment I'd written...
>>
>> The 'add secure memory region to virt board' patch is still RFC
>> because the device tree binding to say "device is secure-only" is
>> still under discussion on the kernel mailing list; patch 19
>> is a pure hack, and is here for testing purposes only.
>>
>> You can run OP-TEE on QEMU with these patches:
>> see https://github.com/OP-TEE/optee_os for details of how to
>> get, build and run it. The 'make run' will use the custom QEMU
>> version that comes with OP-TEE (do that first to make sure your
>> OP-TEE has built and works ok). To get it to use a locally built QEMU
>> with these patches do:
>>
>> make run-only QEMU_PATH=/path/to/your/qemu/build/directory QEMU_EXTRA_ARGS='-machine secure=on'
>>
>> Notes on a couple of things the patchset doesn't address:
>>  (1) image/romfile/kernel loading etc will load only into the nonsecure
>> address space. This would be conceptually simple to implement (you just
>> need to pass an AS into lots of functions) but since OP-TEE doesn't need
>> it I felt it could safely be left for later rather than making this
>> patchset bigger.
>>
>>  (2) Using multiple address spaces in one CPU won't work with KVM
>> (and we assert if you try; nothing at the moment will attempt it).
>> Using different address spaces in different CPUs in an SMP setup
>> will also not work with KVM, but we don't assert on that because
>> I wasn't sure where best to put the assert. (Also, it would be
>> nice if we could do that, because the modelling for ARM SMP
>> setups would really be cleaner if we could put the per-CPU
>> devices and so on in a set of per-CPU ASes.)
>>
>> You can find a git branch with this patchset in here:
>>  https://git.linaro.org/people/peter.maydell/qemu-arm.git multi-ases
>>
>> thanks
>> -- PMM
>>
>>
>> Peter Crosthwaite (2):
>>   memory: Add address_space_init_shareable()
>>   qom/cpu: Add MemoryRegion property
>>
>> Peter Maydell (17):
>>   exec.c: Don't set cpu->as until cpu_address_space_init
>>   exec.c: Allow target CPUs to define multiple AddressSpaces
>>   exec-all.h: Document tlb_set_page_with_attrs, tlb_set_page
>>   include/qom/cpu.h: Add new get_phys_page_attrs_debug method
>>   include/qom/cpu.h: Add new asidx_from_attrs method
>>   cputlb.c: Use correct address space when looking up
>>     MemoryRegionSection
>>   exec.c: Pass MemTxAttrs to iotlb_to_region so it uses the right AS
>>   exec.c: Add cpu_get_address_space()
>>   exec.c: Use cpu_get_phys_page_attrs_debug
>>   exec.c: Use correct AddressSpace in watch_mem_read and watch_mem_write
>>   target-arm: Add QOM property for Secure memory region
>>   target-arm: Implement asidx_from_attrs
>>   target-arm: Implement cpu_get_phys_page_attrs_debug
>>   target-arm: Support multiple address spaces in page table walks
>>   hw/arm/virt: Wire up memory region to CPUs explicitly
>>   [RFC] hw/arm/virt: add secure memory region and UART
>>   HACK: rearrange the virt memory map to suit OP-TEE
>>
>>  cpus.c                  |  13 +++++-
>>  cputlb.c                |   9 +++--
>>  exec.c                  | 103 +++++++++++++++++++++++++++++++++++-------------
>>  hw/arm/virt.c           |  66 +++++++++++++++++++++++++------
>>  include/exec/exec-all.h |  69 ++++++++++++++++++++++++++++----
>>  include/exec/memory.h   |  18 +++++++++
>>  include/hw/arm/virt.h   |   1 +
>>  include/qom/cpu.h       |  57 ++++++++++++++++++++++++++-
>>  memory.c                |  27 +++++++++++++
>>  softmmu_template.h      |   4 +-
>>  target-arm/cpu-qom.h    |   6 ++-
>>  target-arm/cpu.c        |  35 +++++++++++++++-
>>  target-arm/cpu.h        |  23 +++++++++++
>>  target-arm/helper.c     |  15 ++++---
>>  target-i386/cpu.c       |   7 +++-
>>  15 files changed, 389 insertions(+), 64 deletions(-)
>>
>> --
>> 1.9.1

Re: [Qemu-devel] [PATCH v2 09/19] exec.c: Use cpu_get_phys_page_attrs_debug

[Paolo Bonzini]

On 16/11/2015 15:05, Peter Maydell wrote:
> -    hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
> +    MemTxAttrs attrs = {};
> +    hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
> +    int asidx = cpu_asidx_from_attrs(cpu, attrs);
>      if (phys != -1) {
> -        tb_invalidate_phys_addr(cpu->as,
> +        tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
>                                  phys | (pc & ~TARGET_PAGE_MASK));
>      }

The only question I have is whether it is right to have empty MemTxAttrs
here.  Is there any way to use the MemTxAttrs for the "current state" of
the CPU, whatever that is (on x86 I have added cpu_get_mem_attrs to
target-i386/cpu.h)?

Paolo

Re: [Qemu-devel] [PATCH v2 09/19] exec.c: Use cpu_get_phys_page_attrs_debug

[Peter Maydell]

On 11 January 2016 at 13:47, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
>
> On 16/11/2015 15:05, Peter Maydell wrote:
>> -    hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
>> +    MemTxAttrs attrs = {};
>> +    hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
>> +    int asidx = cpu_asidx_from_attrs(cpu, attrs);
>>      if (phys != -1) {
>> -        tb_invalidate_phys_addr(cpu->as,
>> +        tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
>>                                  phys | (pc & ~TARGET_PAGE_MASK));
>>      }
>
> The only question I have is whether it is right to have empty MemTxAttrs
> here.  Is there any way to use the MemTxAttrs for the "current state" of
> the CPU, whatever that is (on x86 I have added cpu_get_mem_attrs to
> target-i386/cpu.h)?

That's what the call to cpu_get_phys_page_attrs_debug() does:
it fills in the MemTxAttrs :secure and :user fields, and then
cpu_asidx_from_attrs() uses the returned attributes to pick
the right address space. (cpu_get_phys_page_attrs_debug()
only fills in attribute fields it knows about, which is why
we pass it an empty attrs struct to start with.)

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 09/19] exec.c: Use cpu_get_phys_page_attrs_debug

[Paolo Bonzini]

On 11/01/2016 15:18, Peter Maydell wrote:
> On 11 January 2016 at 13:47, Paolo Bonzini <pbonzini@redhat.com> wrote:
>>
>>
>> On 16/11/2015 15:05, Peter Maydell wrote:
>>> -    hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
>>> +    MemTxAttrs attrs = {};
>>> +    hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
>>> +    int asidx = cpu_asidx_from_attrs(cpu, attrs);
>>>      if (phys != -1) {
>>> -        tb_invalidate_phys_addr(cpu->as,
>>> +        tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
>>>                                  phys | (pc & ~TARGET_PAGE_MASK));
>>>      }
>>
>> The only question I have is whether it is right to have empty MemTxAttrs
>> here.  Is there any way to use the MemTxAttrs for the "current state" of
>> the CPU, whatever that is (on x86 I have added cpu_get_mem_attrs to
>> target-i386/cpu.h)?
> 
> That's what the call to cpu_get_phys_page_attrs_debug() does:
> it fills in the MemTxAttrs :secure and :user fields, and then
> cpu_asidx_from_attrs() uses the returned attributes to pick
> the right address space. (cpu_get_phys_page_attrs_debug()
> only fills in attribute fields it knows about, which is why
> we pass it an empty attrs struct to start with.)

Oops, that's not clear from the documentation in patch 4.  But if that
was the case, shouldn't cpu_get_phys_page_attrs_debug leave *attrs
completely alone when using the fallback?

I think it's clearer if you pass uninitialized MemTxAttrs to
cpu_get_phys_page_attrs_debug, assuming you can do it.  I can see why
the current semantics make sense for helper.c's get_phys_addr, but I
think they are confusing for the topmost function call.

Paolo

Re: [Qemu-devel] [PATCH v2 09/19] exec.c: Use cpu_get_phys_page_attrs_debug

[Peter Maydell]

On 11 January 2016 at 14:59, Paolo Bonzini <pbonzini@redhat.com> wrote:
> On 11/01/2016 15:18, Peter Maydell wrote:
>> That's what the call to cpu_get_phys_page_attrs_debug() does:
>> it fills in the MemTxAttrs :secure and :user fields, and then
>> cpu_asidx_from_attrs() uses the returned attributes to pick
>> the right address space. (cpu_get_phys_page_attrs_debug()
>> only fills in attribute fields it knows about, which is why
>> we pass it an empty attrs struct to start with.)
>
> Oops, that's not clear from the documentation in patch 4. But if that
> was the case, shouldn't cpu_get_phys_page_attrs_debug leave *attrs
> completely alone when using the fallback?
>
> I think it's clearer if you pass uninitialized MemTxAttrs to
> cpu_get_phys_page_attrs_debug, assuming you can do it.  I can see why
> the current semantics make sense for helper.c's get_phys_addr, but I
> think they are confusing for the topmost function call.

Yes, I think you're right (and the doc comment I wrote for
cpu_get_phys_page_attrs_debug agrees ;-)).

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 00/19] Add support for multiple address spaces per CPU and use it for ARM TrustZone

[Edgar E. Iglesias]

On Mon, Jan 11, 2016 at 01:04:29PM +0000, Peter Maydell wrote:
> Ping again (though I know Paolo said on IRC he'd put this on
> his list to look at). I have a rebased branch at
>   https://git.linaro.org/people/peter.maydell/qemu-arm.git multi-ases-2
> but the only differences are some minor fixes to conflicts in
> the virt board patches following the GPIO device going into master,
> so I'm not going to resend the patchset unless somebody specifically
> wants me to -- I think the patches on list should be ok for review
> purposes.

I haven't done a full review again but overall it looks good to me.

Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>

Cheers,
Edgar


> 
> thanks
> -- PMM
> 
> On 15 December 2015 at 16:26, Peter Maydell <peter.maydell@linaro.org> wrote:
> > Ping for a review request now we're pretty nearly done with 2.5 ?
> >
> > thanks
> > -- PMM
> >
> >
> > On 16 November 2015 at 14:05, Peter Maydell <peter.maydell@linaro.org> wrote:
> >> This patch series adds support to QEMU's core exec/memory code for
> >> CPUs which have more than one address space, and uses it for
> >> ARM TrustZone. In particular, a TZ CPU will have two physical
> >> address spaces (Secure and Non-secure), and the patchset allows a
> >> board model to create these both separately and connect them to
> >> the CPU, so that we can have devices or memory which are visible
> >> only in the Secure address space. (We already have support for
> >> TZ in the CPU emulation itself, and support for devices like the
> >> GIC which respond differently to Secure and Non-secure accesses,
> >> so this is the last part of the puzzle for 32-bit.)
> >>
> >> The general approach is that we allow a target-* cpu to define
> >> more than one address space at initialization, allocating each
> >> one a small integer "address space index" (asidx). The target CPU
> >> also defines the mapping from memory transaction attributes to
> >> the asidx via a new QOM CPU method asidx_from_attrs. The memory
> >> and cputlb core code then use the asidx to look up memory regions
> >> in the correct AddressSpace (both at TLB fill time and in the
> >> io_read/write stage at runtime).
> >>
> >> Changes since v1:
> >>  * the biggest change is that rather than having the target-cpu
> >>    code pass us an asidx and storing asidxes in the IOTLB, we
> >>    now determine the address space index from the memory transaction
> >>    attributes. This has had effects all through the patchstack.
> >>  * some reshuffling of patch order (among other things, all the
> >>    core patches are now at the front, with the target-arm patches
> >>    next and the virt board last).
> >>  * added missing object_ref(OBJECT(cpu->memory)) when setting the
> >>    default value of cpu->memory
> >>  * don't allow sharing of ASes that weren't created via
> >>    address_space_init_shareable
> >>  * now only allocate cpu_ases array once (target has to set
> >>    cpu->num_ases before first call to cpu_address_space_init())
> >>  * new patch documenting tlb_set_page_with_attrs -- I no longer need
> >>    to add a new argument to this function, but didn't want to throw
> >>    away the doc comment I'd written...
> >>
> >> The 'add secure memory region to virt board' patch is still RFC
> >> because the device tree binding to say "device is secure-only" is
> >> still under discussion on the kernel mailing list; patch 19
> >> is a pure hack, and is here for testing purposes only.
> >>
> >> You can run OP-TEE on QEMU with these patches:
> >> see https://github.com/OP-TEE/optee_os for details of how to
> >> get, build and run it. The 'make run' will use the custom QEMU
> >> version that comes with OP-TEE (do that first to make sure your
> >> OP-TEE has built and works ok). To get it to use a locally built QEMU
> >> with these patches do:
> >>
> >> make run-only QEMU_PATH=/path/to/your/qemu/build/directory QEMU_EXTRA_ARGS='-machine secure=on'
> >>
> >> Notes on a couple of things the patchset doesn't address:
> >>  (1) image/romfile/kernel loading etc will load only into the nonsecure
> >> address space. This would be conceptually simple to implement (you just
> >> need to pass an AS into lots of functions) but since OP-TEE doesn't need
> >> it I felt it could safely be left for later rather than making this
> >> patchset bigger.
> >>
> >>  (2) Using multiple address spaces in one CPU won't work with KVM
> >> (and we assert if you try; nothing at the moment will attempt it).
> >> Using different address spaces in different CPUs in an SMP setup
> >> will also not work with KVM, but we don't assert on that because
> >> I wasn't sure where best to put the assert. (Also, it would be
> >> nice if we could do that, because the modelling for ARM SMP
> >> setups would really be cleaner if we could put the per-CPU
> >> devices and so on in a set of per-CPU ASes.)
> >>
> >> You can find a git branch with this patchset in here:
> >>  https://git.linaro.org/people/peter.maydell/qemu-arm.git multi-ases
> >>
> >> thanks
> >> -- PMM
> >>
> >>
> >> Peter Crosthwaite (2):
> >>   memory: Add address_space_init_shareable()
> >>   qom/cpu: Add MemoryRegion property
> >>
> >> Peter Maydell (17):
> >>   exec.c: Don't set cpu->as until cpu_address_space_init
> >>   exec.c: Allow target CPUs to define multiple AddressSpaces
> >>   exec-all.h: Document tlb_set_page_with_attrs, tlb_set_page
> >>   include/qom/cpu.h: Add new get_phys_page_attrs_debug method
> >>   include/qom/cpu.h: Add new asidx_from_attrs method
> >>   cputlb.c: Use correct address space when looking up
> >>     MemoryRegionSection
> >>   exec.c: Pass MemTxAttrs to iotlb_to_region so it uses the right AS
> >>   exec.c: Add cpu_get_address_space()
> >>   exec.c: Use cpu_get_phys_page_attrs_debug
> >>   exec.c: Use correct AddressSpace in watch_mem_read and watch_mem_write
> >>   target-arm: Add QOM property for Secure memory region
> >>   target-arm: Implement asidx_from_attrs
> >>   target-arm: Implement cpu_get_phys_page_attrs_debug
> >>   target-arm: Support multiple address spaces in page table walks
> >>   hw/arm/virt: Wire up memory region to CPUs explicitly
> >>   [RFC] hw/arm/virt: add secure memory region and UART
> >>   HACK: rearrange the virt memory map to suit OP-TEE
> >>
> >>  cpus.c                  |  13 +++++-
> >>  cputlb.c                |   9 +++--
> >>  exec.c                  | 103 +++++++++++++++++++++++++++++++++++-------------
> >>  hw/arm/virt.c           |  66 +++++++++++++++++++++++++------
> >>  include/exec/exec-all.h |  69 ++++++++++++++++++++++++++++----
> >>  include/exec/memory.h   |  18 +++++++++
> >>  include/hw/arm/virt.h   |   1 +
> >>  include/qom/cpu.h       |  57 ++++++++++++++++++++++++++-
> >>  memory.c                |  27 +++++++++++++
> >>  softmmu_template.h      |   4 +-
> >>  target-arm/cpu-qom.h    |   6 ++-
> >>  target-arm/cpu.c        |  35 +++++++++++++++-
> >>  target-arm/cpu.h        |  23 +++++++++++
> >>  target-arm/helper.c     |  15 ++++---
> >>  target-i386/cpu.c       |   7 +++-
> >>  15 files changed, 389 insertions(+), 64 deletions(-)
> >>
> >> --
> >> 1.9.1