* [Qemu-devel] [PULL 00/43] target-arm queue
@ 2017-12-13 18:11 Peter Maydell
2017-12-13 18:11 ` [Qemu-devel] [PULL 01/43] m25p80: Add support for continuous read out of RDSR and READ_FSR Peter Maydell
` (43 more replies)
0 siblings, 44 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:11 UTC (permalink / raw)
To: qemu-devel
First arm pullreq for the 2.12 cycle, with all the
things that queued up during the release phase.
2.11 isn't quite released yet, but might as well put
the pullreq on the mailing list :-)
thanks
-- PMM
The following changes since commit 0a0dc59d27527b78a195c2d838d28b7b49e5a639:
Update version for v2.11.0 release (2017-12-13 14:31:09 +0000)
are available in the git repository at:
git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171213
for you to fetch changes up to d3c348b6e3af3598bfcb755d59f8f4de80a2228a:
xilinx_spips: Use memset instead of a for loop to zero registers (2017-12-13 17:59:26 +0000)
----------------------------------------------------------------
target-arm queue:
* xilinx_spips: set reset values correctly
* MAINTAINERS: fix an email address
* hw/display/tc6393xb: limit irq handler index to TC6393XB_GPIOS
* nvic: Make systick banked for v8M
* refactor get_phys_addr() so we can return the right format PAR
for ATS operations
* implement v8M TT instruction
* fix some minor v8M bugs
* Implement reset for GICv3 ITS
* xlnx-zcu102: Add support for the ZynqMP QSPI
----------------------------------------------------------------
Alistair Francis (3):
xilinx_spips: Update the QSPI Mod ID reset value
xilinx_spips: Set all of the reset values
xilinx_spips: Use memset instead of a for loop to zero registers
Edgar E. Iglesias (1):
target/arm: Extend PAR format determination
Eric Auger (4):
hw/intc/arm_gicv3_its: Don't call post_load on reset
hw/intc/arm_gicv3_its: Implement a minimalist reset
linux-headers: update to 4.15-rc1
hw/intc/arm_gicv3_its: Implement full reset
Francisco Iglesias (13):
m25p80: Add support for continuous read out of RDSR and READ_FSR
m25p80: Add support for SST READ ID 0x90/0xAB commands
m25p80: Add support for BRRD/BRWR and BULK_ERASE (0x60)
m25p80: Add support for n25q512a11 and n25q512a13
xilinx_spips: Move FlashCMD, XilinxQSPIPS and XilinxSPIPSClass
xilinx_spips: Update striping to be big-endian bit order
xilinx_spips: Add support for RX discard and RX drain
xilinx_spips: Make tx/rx_data_bytes more generic and reusable
xilinx_spips: Add support for zero pumping
xilinx_spips: Add support for 4 byte addresses in the LQSPI
xilinx_spips: Don't set TX FIFO UNDERFLOW at cmd done
xilinx_spips: Add support for the ZynqMP Generic QSPI
xlnx-zcu102: Add support for the ZynqMP QSPI
Peter Maydell (20):
target/arm: Handle SPSEL and current stack being out of sync in MSP/PSP reads
target/arm: Allow explicit writes to CONTROL.SPSEL in Handler mode
target/arm: Add missing M profile case to regime_is_user()
target/arm: Split M profile MNegPri mmu index into user and priv
target/arm: Create new arm_v7m_mmu_idx_for_secstate_and_priv()
target/arm: Factor MPU lookup code out of get_phys_addr_pmsav8()
target/arm: Implement TT instruction
target/arm: Provide fault type enum and FSR conversion functions
target/arm: Remove fsr argument from arm_ld*_ptw()
target/arm: Convert get_phys_addr_v5() to not return FSC values
target/arm: Convert get_phys_addr_v6() to not return FSC values
target/arm: Convert get_phys_addr_lpae() to not return FSC values
target/arm: Convert get_phys_addr_pmsav5() to not return FSC values
target/arm: Convert get_phys_addr_pmsav7() to not return FSC values
target/arm: Convert get_phys_addr_pmsav8() to not return FSC values
target/arm: Use ARMMMUFaultInfo in deliver_fault()
target/arm: Ignore fsr from get_phys_addr() in do_ats_write()
target/arm: Remove fsr argument from get_phys_addr() and arm_tlb_fill()
nvic: Make nvic_sysreg_ns_ops work with any MemoryRegion
nvic: Make systick banked
Prasad J Pandit (1):
hw/display/tc6393xb: limit irq handler index to TC6393XB_GPIOS
Zhaoshenglong (1):
MAINTAINERS: replace the unavailable email address
include/hw/arm/xlnx-zynqmp.h | 5 +
include/hw/intc/armv7m_nvic.h | 4 +-
include/hw/ssi/xilinx_spips.h | 74 +-
include/standard-headers/asm-s390/virtio-ccw.h | 1 +
include/standard-headers/asm-x86/hyperv.h | 394 +--------
include/standard-headers/linux/input-event-codes.h | 2 +
include/standard-headers/linux/input.h | 1 +
include/standard-headers/linux/pci_regs.h | 45 +-
linux-headers/asm-arm/kvm.h | 8 +
linux-headers/asm-arm/kvm_para.h | 1 +
linux-headers/asm-arm/unistd.h | 2 +
linux-headers/asm-arm64/kvm.h | 8 +
linux-headers/asm-arm64/unistd.h | 1 +
linux-headers/asm-powerpc/epapr_hcalls.h | 1 +
linux-headers/asm-powerpc/kvm.h | 1 +
linux-headers/asm-powerpc/kvm_para.h | 1 +
linux-headers/asm-powerpc/unistd.h | 1 +
linux-headers/asm-s390/kvm.h | 1 +
linux-headers/asm-s390/kvm_para.h | 1 +
linux-headers/asm-s390/unistd.h | 4 +-
linux-headers/asm-x86/kvm.h | 1 +
linux-headers/asm-x86/kvm_para.h | 2 +-
linux-headers/asm-x86/unistd.h | 1 +
linux-headers/linux/kvm.h | 2 +
linux-headers/linux/kvm_para.h | 1 +
linux-headers/linux/psci.h | 1 +
linux-headers/linux/userfaultfd.h | 1 +
linux-headers/linux/vfio.h | 1 +
linux-headers/linux/vfio_ccw.h | 1 +
linux-headers/linux/vhost.h | 1 +
target/arm/cpu.h | 73 +-
target/arm/helper.h | 2 +
target/arm/internals.h | 193 ++++-
hw/arm/xlnx-zcu102.c | 23 +
hw/arm/xlnx-zynqmp.c | 26 +
hw/block/m25p80.c | 80 +-
hw/display/tc6393xb.c | 1 +
hw/intc/arm_gicv3_its_common.c | 2 -
hw/intc/arm_gicv3_its_kvm.c | 53 +-
hw/intc/armv7m_nvic.c | 100 ++-
hw/ssi/xilinx_spips.c | 928 +++++++++++++++++----
target/arm/helper.c | 489 +++++++----
target/arm/op_helper.c | 82 +-
target/arm/translate.c | 37 +-
MAINTAINERS | 2 +-
default-configs/arm-softmmu.mak | 2 +-
46 files changed, 1833 insertions(+), 828 deletions(-)
^ permalink raw reply [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 01/43] m25p80: Add support for continuous read out of RDSR and READ_FSR
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
@ 2017-12-13 18:11 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 02/43] m25p80: Add support for SST READ ID 0x90/0xAB commands Peter Maydell
` (42 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:11 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Add support for continuous read out of the RDSR and READ_FSR status
registers until the chip select is deasserted. This feature is supported
by amongst others 1 or more flashtypes manufactured by Numonyx (Micron),
Windbond, SST, Gigadevice, Eon and Macronix.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Acked-by: Marcin Krzemiński<mar.krzeminski@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20171126231634.9531-2-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/block/m25p80.c | 39 ++++++++++++++++++++++++++++++++++++++-
1 file changed, 38 insertions(+), 1 deletion(-)
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index a2438b9..d50acc1 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -423,6 +423,7 @@ typedef struct Flash {
uint8_t data[M25P80_INTERNAL_DATA_BUFFER_SZ];
uint32_t len;
uint32_t pos;
+ bool data_read_loop;
uint8_t needed_bytes;
uint8_t cmd_in_progress;
uint32_t cur_addr;
@@ -983,6 +984,7 @@ static void decode_new_cmd(Flash *s, uint32_t value)
}
s->pos = 0;
s->len = 1;
+ s->data_read_loop = true;
s->state = STATE_READING_DATA;
break;
@@ -993,6 +995,7 @@ static void decode_new_cmd(Flash *s, uint32_t value)
}
s->pos = 0;
s->len = 1;
+ s->data_read_loop = true;
s->state = STATE_READING_DATA;
break;
@@ -1133,6 +1136,7 @@ static int m25p80_cs(SSISlave *ss, bool select)
s->pos = 0;
s->state = STATE_IDLE;
flash_sync_dirty(s, -1);
+ s->data_read_loop = false;
}
DB_PRINT_L(0, "%sselect\n", select ? "de" : "");
@@ -1198,7 +1202,9 @@ static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx)
s->pos++;
if (s->pos == s->len) {
s->pos = 0;
- s->state = STATE_IDLE;
+ if (!s->data_read_loop) {
+ s->state = STATE_IDLE;
+ }
}
break;
@@ -1269,11 +1275,38 @@ static Property m25p80_properties[] = {
DEFINE_PROP_END_OF_LIST(),
};
+static int m25p80_pre_load(void *opaque)
+{
+ Flash *s = (Flash *)opaque;
+
+ s->data_read_loop = false;
+ return 0;
+}
+
+static bool m25p80_data_read_loop_needed(void *opaque)
+{
+ Flash *s = (Flash *)opaque;
+
+ return s->data_read_loop;
+}
+
+static const VMStateDescription vmstate_m25p80_data_read_loop = {
+ .name = "m25p80/data_read_loop",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = m25p80_data_read_loop_needed,
+ .fields = (VMStateField[]) {
+ VMSTATE_BOOL(data_read_loop, Flash),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
static const VMStateDescription vmstate_m25p80 = {
.name = "m25p80",
.version_id = 0,
.minimum_version_id = 0,
.pre_save = m25p80_pre_save,
+ .pre_load = m25p80_pre_load,
.fields = (VMStateField[]) {
VMSTATE_UINT8(state, Flash),
VMSTATE_UINT8_ARRAY(data, Flash, M25P80_INTERNAL_DATA_BUFFER_SZ),
@@ -1295,6 +1328,10 @@ static const VMStateDescription vmstate_m25p80 = {
VMSTATE_UINT8(spansion_cr3nv, Flash),
VMSTATE_UINT8(spansion_cr4nv, Flash),
VMSTATE_END_OF_LIST()
+ },
+ .subsections = (const VMStateDescription * []) {
+ &vmstate_m25p80_data_read_loop,
+ NULL
}
};
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 02/43] m25p80: Add support for SST READ ID 0x90/0xAB commands
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
2017-12-13 18:11 ` [Qemu-devel] [PULL 01/43] m25p80: Add support for continuous read out of RDSR and READ_FSR Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 03/43] m25p80: Add support for BRRD/BRWR and BULK_ERASE (0x60) Peter Maydell
` (41 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Add support for SST READ ID 0x90/0xAB commands for reading out the flash
manufacturer ID and device ID.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20171126231634.9531-3-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/block/m25p80.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index d50acc1..092c0c6 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -355,6 +355,8 @@ typedef enum {
DPP = 0xa2,
QPP = 0x32,
QPP_4 = 0x34,
+ RDID_90 = 0x90,
+ RDID_AB = 0xab,
ERASE_4K = 0x20,
ERASE4_4K = 0x21,
@@ -405,6 +407,7 @@ typedef enum {
MAN_MACRONIX,
MAN_NUMONYX,
MAN_WINBOND,
+ MAN_SST,
MAN_GENERIC,
} Manufacturer;
@@ -476,6 +479,8 @@ static inline Manufacturer get_man(Flash *s)
return MAN_SPANSION;
case 0xC2:
return MAN_MACRONIX;
+ case 0xBF:
+ return MAN_SST;
default:
return MAN_GENERIC;
}
@@ -711,6 +716,31 @@ static void complete_collecting_data(Flash *s)
case WEVCR:
s->enh_volatile_cfg = s->data[0];
break;
+ case RDID_90:
+ case RDID_AB:
+ if (get_man(s) == MAN_SST) {
+ if (s->cur_addr <= 1) {
+ if (s->cur_addr) {
+ s->data[0] = s->pi->id[2];
+ s->data[1] = s->pi->id[0];
+ } else {
+ s->data[0] = s->pi->id[0];
+ s->data[1] = s->pi->id[2];
+ }
+ s->pos = 0;
+ s->len = 2;
+ s->data_read_loop = true;
+ s->state = STATE_READING_DATA;
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "M25P80: Invalid read id address\n");
+ }
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "M25P80: Read id (command 0x90/0xAB) is not supported"
+ " by device\n");
+ }
+ break;
default:
break;
}
@@ -926,6 +956,8 @@ static void decode_new_cmd(Flash *s, uint32_t value)
case PP4:
case PP4_4:
case DIE_ERASE:
+ case RDID_90:
+ case RDID_AB:
s->needed_bytes = get_addr_length(s);
s->pos = 0;
s->len = 0;
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 03/43] m25p80: Add support for BRRD/BRWR and BULK_ERASE (0x60)
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
2017-12-13 18:11 ` [Qemu-devel] [PULL 01/43] m25p80: Add support for continuous read out of RDSR and READ_FSR Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 02/43] m25p80: Add support for SST READ ID 0x90/0xAB commands Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 04/43] m25p80: Add support for n25q512a11 and n25q512a13 Peter Maydell
` (40 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Add support for the bank address register access commands (BRRD/BRWR) and
the BULK_ERASE (0x60) command.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Acked-by: Marcin Krzemiński <mar.krzeminski@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20171126231634.9531-4-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/block/m25p80.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index 092c0c6..35efdf0 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -331,7 +331,10 @@ typedef enum {
WRDI = 0x4,
RDSR = 0x5,
WREN = 0x6,
+ BRRD = 0x16,
+ BRWR = 0x17,
JEDEC_READ = 0x9f,
+ BULK_ERASE_60 = 0x60,
BULK_ERASE = 0xc7,
READ_FSR = 0x70,
RDCR = 0x15,
@@ -704,6 +707,7 @@ static void complete_collecting_data(Flash *s)
s->write_enable = false;
}
break;
+ case BRWR:
case EXTEND_ADDR_WRITE:
s->ear = s->data[0];
break;
@@ -1050,6 +1054,7 @@ static void decode_new_cmd(Flash *s, uint32_t value)
s->state = STATE_READING_DATA;
break;
+ case BULK_ERASE_60:
case BULK_ERASE:
if (s->write_enable) {
DB_PRINT_L(0, "chip erase\n");
@@ -1067,12 +1072,14 @@ static void decode_new_cmd(Flash *s, uint32_t value)
case EX_4BYTE_ADDR:
s->four_bytes_address_mode = false;
break;
+ case BRRD:
case EXTEND_ADDR_READ:
s->data[0] = s->ear;
s->pos = 0;
s->len = 1;
s->state = STATE_READING_DATA;
break;
+ case BRWR:
case EXTEND_ADDR_WRITE:
if (s->write_enable) {
s->needed_bytes = 1;
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 04/43] m25p80: Add support for n25q512a11 and n25q512a13
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (2 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 03/43] m25p80: Add support for BRRD/BRWR and BULK_ERASE (0x60) Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 05/43] xilinx_spips: Move FlashCMD, XilinxQSPIPS and XilinxSPIPSClass Peter Maydell
` (39 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Add support for Micron (Numonyx) n25q512a11 and n25q512a13 flashes.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Acked-by: Marcin Krzemiński <mar.krzeminski@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20171126231634.9531-5-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/block/m25p80.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index 35efdf0..ea14216 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -240,6 +240,8 @@ static const FlashPartInfo known_devices[] = {
{ INFO("n25q128a13", 0x20ba18, 0, 64 << 10, 256, ER_4K) },
{ INFO("n25q256a11", 0x20bb19, 0, 64 << 10, 512, ER_4K) },
{ INFO("n25q256a13", 0x20ba19, 0, 64 << 10, 512, ER_4K) },
+ { INFO("n25q512a11", 0x20bb20, 0, 64 << 10, 1024, ER_4K) },
+ { INFO("n25q512a13", 0x20ba20, 0, 64 << 10, 1024, ER_4K) },
{ INFO("n25q128", 0x20ba18, 0, 64 << 10, 256, 0) },
{ INFO("n25q256a", 0x20ba19, 0, 64 << 10, 512, ER_4K) },
{ INFO("n25q512a", 0x20ba20, 0, 64 << 10, 1024, ER_4K) },
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 05/43] xilinx_spips: Move FlashCMD, XilinxQSPIPS and XilinxSPIPSClass
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (3 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 04/43] m25p80: Add support for n25q512a11 and n25q512a13 Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 06/43] xilinx_spips: Update striping to be big-endian bit order Peter Maydell
` (38 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Move the FlashCMD enum, XilinxQSPIPS and XilinxSPIPSClass structures to the
header for consistency (struct XilinxSPIPS is found there). Also move out
a define and remove two double included headers (while touching the code).
Finally, add 4 byte address commands to the FlashCMD enum.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20171126231634.9531-6-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
include/hw/ssi/xilinx_spips.h | 34 ++++++++++++++++++++++++++++++++++
hw/ssi/xilinx_spips.c | 35 -----------------------------------
2 files changed, 34 insertions(+), 35 deletions(-)
diff --git a/include/hw/ssi/xilinx_spips.h b/include/hw/ssi/xilinx_spips.h
index 06aa096..7f9e2fc 100644
--- a/include/hw/ssi/xilinx_spips.h
+++ b/include/hw/ssi/xilinx_spips.h
@@ -32,6 +32,22 @@ typedef struct XilinxSPIPS XilinxSPIPS;
#define XLNX_SPIPS_R_MAX (0x100 / 4)
+/* Bite off 4k chunks at a time */
+#define LQSPI_CACHE_SIZE 1024
+
+typedef enum {
+ READ = 0x3, READ_4 = 0x13,
+ FAST_READ = 0xb, FAST_READ_4 = 0x0c,
+ DOR = 0x3b, DOR_4 = 0x3c,
+ QOR = 0x6b, QOR_4 = 0x6c,
+ DIOR = 0xbb, DIOR_4 = 0xbc,
+ QIOR = 0xeb, QIOR_4 = 0xec,
+
+ PP = 0x2, PP_4 = 0x12,
+ DPP = 0xa2,
+ QPP = 0x32, QPP_4 = 0x34,
+} FlashCMD;
+
struct XilinxSPIPS {
SysBusDevice parent_obj;
@@ -56,6 +72,24 @@ struct XilinxSPIPS {
uint32_t regs[XLNX_SPIPS_R_MAX];
};
+typedef struct {
+ XilinxSPIPS parent_obj;
+
+ uint8_t lqspi_buf[LQSPI_CACHE_SIZE];
+ hwaddr lqspi_cached_addr;
+ Error *migration_blocker;
+ bool mmio_execution_enabled;
+} XilinxQSPIPS;
+
+typedef struct XilinxSPIPSClass {
+ SysBusDeviceClass parent_class;
+
+ const MemoryRegionOps *reg_ops;
+
+ uint32_t rx_fifo_size;
+ uint32_t tx_fifo_size;
+} XilinxSPIPSClass;
+
#define TYPE_XILINX_SPIPS "xlnx.ps7-spi"
#define TYPE_XILINX_QSPIPS "xlnx.ps7-qspi"
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index ef56d35..559fa79e 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -27,8 +27,6 @@
#include "sysemu/sysemu.h"
#include "hw/ptimer.h"
#include "qemu/log.h"
-#include "qemu/fifo8.h"
-#include "hw/ssi/ssi.h"
#include "qemu/bitops.h"
#include "hw/ssi/xilinx_spips.h"
#include "qapi/error.h"
@@ -116,44 +114,11 @@
/* 16MB per linear region */
#define LQSPI_ADDRESS_BITS 24
-/* Bite off 4k chunks at a time */
-#define LQSPI_CACHE_SIZE 1024
#define SNOOP_CHECKING 0xFF
#define SNOOP_NONE 0xFE
#define SNOOP_STRIPING 0
-typedef enum {
- READ = 0x3,
- FAST_READ = 0xb,
- DOR = 0x3b,
- QOR = 0x6b,
- DIOR = 0xbb,
- QIOR = 0xeb,
-
- PP = 0x2,
- DPP = 0xa2,
- QPP = 0x32,
-} FlashCMD;
-
-typedef struct {
- XilinxSPIPS parent_obj;
-
- uint8_t lqspi_buf[LQSPI_CACHE_SIZE];
- hwaddr lqspi_cached_addr;
- Error *migration_blocker;
- bool mmio_execution_enabled;
-} XilinxQSPIPS;
-
-typedef struct XilinxSPIPSClass {
- SysBusDeviceClass parent_class;
-
- const MemoryRegionOps *reg_ops;
-
- uint32_t rx_fifo_size;
- uint32_t tx_fifo_size;
-} XilinxSPIPSClass;
-
static inline int num_effective_busses(XilinxSPIPS *s)
{
return (s->regs[R_LQSPI_CFG] & LQSPI_CFG_SEP_BUS &&
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 06/43] xilinx_spips: Update striping to be big-endian bit order
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (4 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 05/43] xilinx_spips: Move FlashCMD, XilinxQSPIPS and XilinxSPIPSClass Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 07/43] xilinx_spips: Add support for RX discard and RX drain Peter Maydell
` (37 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Update striping functionality to be big-endian bit order (as according to
the Zynq-7000 Technical Reference Manual). Output thereafter the even bits
into the flash memory connected to the lower QSPI bus and the odd bits into
the flash memory connected to the upper QSPI bus.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Acked-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20171126231634.9531-7-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/ssi/xilinx_spips.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index 559fa79e..231aa5b 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -208,14 +208,14 @@ static void xilinx_spips_reset(DeviceState *d)
xilinx_spips_update_cs_lines(s);
}
-/* N way (num) in place bit striper. Lay out row wise bits (LSB to MSB)
+/* N way (num) in place bit striper. Lay out row wise bits (MSB to LSB)
* column wise (from element 0 to N-1). num is the length of x, and dir
* reverses the direction of the transform. Best illustrated by example:
* Each digit in the below array is a single bit (num == 3):
*
- * {{ 76543210, } ----- stripe (dir == false) -----> {{ FCheb630, }
- * { hgfedcba, } { GDAfc741, }
- * { HGFEDCBA, }} <---- upstripe (dir == true) ----- { HEBgda52, }}
+ * {{ 76543210, } ----- stripe (dir == false) -----> {{ 741gdaFC, }
+ * { hgfedcba, } { 630fcHEB, }
+ * { HGFEDCBA, }} <---- upstripe (dir == true) ----- { 52hebGDA, }}
*/
static inline void stripe8(uint8_t *x, int num, bool dir)
@@ -223,15 +223,15 @@ static inline void stripe8(uint8_t *x, int num, bool dir)
uint8_t r[num];
memset(r, 0, sizeof(uint8_t) * num);
int idx[2] = {0, 0};
- int bit[2] = {0, 0};
+ int bit[2] = {0, 7};
int d = dir;
for (idx[0] = 0; idx[0] < num; ++idx[0]) {
- for (bit[0] = 0; bit[0] < 8; ++bit[0]) {
- r[idx[d]] |= x[idx[!d]] & 1 << bit[!d] ? 1 << bit[d] : 0;
+ for (bit[0] = 7; bit[0] >= 0; bit[0]--) {
+ r[idx[!d]] |= x[idx[d]] & 1 << bit[d] ? 1 << bit[!d] : 0;
idx[1] = (idx[1] + 1) % num;
if (!idx[1]) {
- bit[1]++;
+ bit[1]--;
}
}
}
@@ -266,8 +266,9 @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
}
for (i = 0; i < num_effective_busses(s); ++i) {
+ int bus = num_effective_busses(s) - 1 - i;
DB_PRINT_L(debug_level, "tx = %02x\n", tx_rx[i]);
- tx_rx[i] = ssi_transfer(s->spi[i], (uint32_t)tx_rx[i]);
+ tx_rx[i] = ssi_transfer(s->spi[bus], (uint32_t)tx_rx[i]);
DB_PRINT_L(debug_level, "rx = %02x\n", tx_rx[i]);
}
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 07/43] xilinx_spips: Add support for RX discard and RX drain
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (5 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 06/43] xilinx_spips: Update striping to be big-endian bit order Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 08/43] xilinx_spips: Make tx/rx_data_bytes more generic and reusable Peter Maydell
` (36 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Add support for the RX discard and RX drain functionality. Also transmit
one byte per dummy cycle (to the flash memories) with commands that require
these.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20171126231634.9531-8-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
include/hw/ssi/xilinx_spips.h | 6 ++
hw/ssi/xilinx_spips.c | 167 +++++++++++++++++++++++++++++++++++++-----
2 files changed, 155 insertions(+), 18 deletions(-)
diff --git a/include/hw/ssi/xilinx_spips.h b/include/hw/ssi/xilinx_spips.h
index 7f9e2fc..bac90a5 100644
--- a/include/hw/ssi/xilinx_spips.h
+++ b/include/hw/ssi/xilinx_spips.h
@@ -61,13 +61,19 @@ struct XilinxSPIPS {
uint8_t num_busses;
uint8_t snoop_state;
+ int cmd_dummies;
+ uint8_t link_state;
+ uint8_t link_state_next;
+ uint8_t link_state_next_when;
qemu_irq *cs_lines;
+ bool *cs_lines_state;
SSIBus **spi;
Fifo8 rx_fifo;
Fifo8 tx_fifo;
uint8_t num_txrx_bytes;
+ uint32_t rx_discard;
uint32_t regs[XLNX_SPIPS_R_MAX];
};
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index 231aa5b..691d48d 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -30,6 +30,7 @@
#include "qemu/bitops.h"
#include "hw/ssi/xilinx_spips.h"
#include "qapi/error.h"
+#include "hw/register.h"
#include "migration/blocker.h"
#ifndef XILINX_SPIPS_ERR_DEBUG
@@ -100,6 +101,14 @@
#define LQSPI_CFG_DUMMY_SHIFT 8
#define LQSPI_CFG_INST_CODE 0xFF
+#define R_CMND (0xc0 / 4)
+ #define R_CMND_RXFIFO_DRAIN (1 << 19)
+ FIELD(CMND, PARTIAL_BYTE_LEN, 16, 3)
+#define R_CMND_EXT_ADD (1 << 15)
+ FIELD(CMND, RX_DISCARD, 8, 7)
+ FIELD(CMND, DUMMY_CYCLES, 2, 6)
+#define R_CMND_DMA_EN (1 << 1)
+#define R_CMND_PUSH_WAIT (1 << 0)
#define R_LQSPI_STS (0xA4 / 4)
#define LQSPI_STS_WR_RECVD (1 << 1)
@@ -116,7 +125,8 @@
#define LQSPI_ADDRESS_BITS 24
#define SNOOP_CHECKING 0xFF
-#define SNOOP_NONE 0xFE
+#define SNOOP_ADDR 0xF0
+#define SNOOP_NONE 0xEE
#define SNOOP_STRIPING 0
static inline int num_effective_busses(XilinxSPIPS *s)
@@ -146,9 +156,14 @@ static void xilinx_spips_update_cs_lines(XilinxSPIPS *s)
if (xilinx_spips_cs_is_set(s, i, field) && !found) {
DB_PRINT_L(0, "selecting slave %d\n", i);
qemu_set_irq(s->cs_lines[cs_to_set], 0);
+ if (s->cs_lines_state[cs_to_set]) {
+ s->cs_lines_state[cs_to_set] = false;
+ s->rx_discard = ARRAY_FIELD_EX32(s->regs, CMND, RX_DISCARD);
+ }
} else {
DB_PRINT_L(0, "deselecting slave %d\n", i);
qemu_set_irq(s->cs_lines[cs_to_set], 1);
+ s->cs_lines_state[cs_to_set] = true;
}
}
if (xilinx_spips_cs_is_set(s, i, field)) {
@@ -157,6 +172,10 @@ static void xilinx_spips_update_cs_lines(XilinxSPIPS *s)
}
if (!found) {
s->snoop_state = SNOOP_CHECKING;
+ s->cmd_dummies = 0;
+ s->link_state = 1;
+ s->link_state_next = 1;
+ s->link_state_next_when = 0;
DB_PRINT_L(1, "moving to snoop check state\n");
}
}
@@ -203,7 +222,11 @@ static void xilinx_spips_reset(DeviceState *d)
/* FIXME: move magic number definition somewhere sensible */
s->regs[R_MOD_ID] = 0x01090106;
s->regs[R_LQSPI_CFG] = R_LQSPI_CFG_RESET;
+ s->link_state = 1;
+ s->link_state_next = 1;
+ s->link_state_next_when = 0;
s->snoop_state = SNOOP_CHECKING;
+ s->cmd_dummies = 0;
xilinx_spips_update_ixr(s);
xilinx_spips_update_cs_lines(s);
}
@@ -238,14 +261,69 @@ static inline void stripe8(uint8_t *x, int num, bool dir)
memcpy(x, r, sizeof(uint8_t) * num);
}
+static int xilinx_spips_num_dummies(XilinxQSPIPS *qs, uint8_t command)
+{
+ if (!qs) {
+ /* The SPI device is not a QSPI device */
+ return -1;
+ }
+
+ switch (command) { /* check for dummies */
+ case READ: /* no dummy bytes/cycles */
+ case PP:
+ case DPP:
+ case QPP:
+ case READ_4:
+ case PP_4:
+ case QPP_4:
+ return 0;
+ case FAST_READ:
+ case DOR:
+ case QOR:
+ case DOR_4:
+ case QOR_4:
+ return 1;
+ case DIOR:
+ case FAST_READ_4:
+ case DIOR_4:
+ return 2;
+ case QIOR:
+ case QIOR_4:
+ return 5;
+ default:
+ return -1;
+ }
+}
+
+static inline uint8_t get_addr_length(XilinxSPIPS *s, uint8_t cmd)
+{
+ switch (cmd) {
+ case PP_4:
+ case QPP_4:
+ case READ_4:
+ case QIOR_4:
+ case FAST_READ_4:
+ case DOR_4:
+ case QOR_4:
+ case DIOR_4:
+ return 4;
+ default:
+ return (s->regs[R_CMND] & R_CMND_EXT_ADD) ? 4 : 3;
+ }
+}
+
static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
{
int debug_level = 0;
+ XilinxQSPIPS *q = (XilinxQSPIPS *) object_dynamic_cast(OBJECT(s),
+ TYPE_XILINX_QSPIPS);
for (;;) {
int i;
uint8_t tx = 0;
uint8_t tx_rx[num_effective_busses(s)];
+ uint8_t dummy_cycles = 0;
+ uint8_t addr_length;
if (fifo8_is_empty(&s->tx_fifo)) {
if (!(s->regs[R_LQSPI_CFG] & LQSPI_CFG_LQ_MODE)) {
@@ -258,54 +336,102 @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
tx_rx[i] = fifo8_pop(&s->tx_fifo);
}
stripe8(tx_rx, num_effective_busses(s), false);
- } else {
+ } else if (s->snoop_state >= SNOOP_ADDR) {
tx = fifo8_pop(&s->tx_fifo);
for (i = 0; i < num_effective_busses(s); ++i) {
tx_rx[i] = tx;
}
+ } else {
+ /* Extract a dummy byte and generate dummy cycles according to the
+ * link state */
+ tx = fifo8_pop(&s->tx_fifo);
+ dummy_cycles = 8 / s->link_state;
}
for (i = 0; i < num_effective_busses(s); ++i) {
int bus = num_effective_busses(s) - 1 - i;
- DB_PRINT_L(debug_level, "tx = %02x\n", tx_rx[i]);
- tx_rx[i] = ssi_transfer(s->spi[bus], (uint32_t)tx_rx[i]);
- DB_PRINT_L(debug_level, "rx = %02x\n", tx_rx[i]);
+ if (dummy_cycles) {
+ int d;
+ for (d = 0; d < dummy_cycles; ++d) {
+ tx_rx[0] = ssi_transfer(s->spi[bus], (uint32_t)tx_rx[0]);
+ }
+ } else {
+ DB_PRINT_L(debug_level, "tx = %02x\n", tx_rx[i]);
+ tx_rx[i] = ssi_transfer(s->spi[bus], (uint32_t)tx_rx[i]);
+ DB_PRINT_L(debug_level, "rx = %02x\n", tx_rx[i]);
+ }
}
- if (fifo8_is_full(&s->rx_fifo)) {
+ if (s->regs[R_CMND] & R_CMND_RXFIFO_DRAIN) {
+ DB_PRINT_L(debug_level, "dircarding drained rx byte\n");
+ /* Do nothing */
+ } else if (s->rx_discard) {
+ DB_PRINT_L(debug_level, "dircarding discarded rx byte\n");
+ s->rx_discard -= 8 / s->link_state;
+ } else if (fifo8_is_full(&s->rx_fifo)) {
s->regs[R_INTR_STATUS] |= IXR_RX_FIFO_OVERFLOW;
DB_PRINT_L(0, "rx FIFO overflow");
} else if (s->snoop_state == SNOOP_STRIPING) {
stripe8(tx_rx, num_effective_busses(s), true);
for (i = 0; i < num_effective_busses(s); ++i) {
fifo8_push(&s->rx_fifo, (uint8_t)tx_rx[i]);
+ DB_PRINT_L(debug_level, "pushing striped rx byte\n");
}
} else {
+ DB_PRINT_L(debug_level, "pushing unstriped rx byte\n");
fifo8_push(&s->rx_fifo, (uint8_t)tx_rx[0]);
}
+ if (s->link_state_next_when) {
+ s->link_state_next_when--;
+ if (!s->link_state_next_when) {
+ s->link_state = s->link_state_next;
+ }
+ }
+
DB_PRINT_L(debug_level, "initial snoop state: %x\n",
(unsigned)s->snoop_state);
switch (s->snoop_state) {
case (SNOOP_CHECKING):
- switch (tx) { /* new instruction code */
- case READ: /* 3 address bytes, no dummy bytes/cycles */
- case PP:
+ /* Store the count of dummy bytes in the txfifo */
+ s->cmd_dummies = xilinx_spips_num_dummies(q, tx);
+ addr_length = get_addr_length(s, tx);
+ if (s->cmd_dummies < 0) {
+ s->snoop_state = SNOOP_NONE;
+ } else {
+ s->snoop_state = SNOOP_ADDR + addr_length - 1;
+ }
+ switch (tx) {
case DPP:
- case QPP:
- s->snoop_state = 3;
- break;
- case FAST_READ: /* 3 address bytes, 1 dummy byte */
case DOR:
+ case DOR_4:
+ s->link_state_next = 2;
+ s->link_state_next_when = addr_length + s->cmd_dummies;
+ break;
+ case QPP:
+ case QPP_4:
case QOR:
- case DIOR: /* FIXME: these vary between vendor - set to spansion */
- s->snoop_state = 4;
+ case QOR_4:
+ s->link_state_next = 4;
+ s->link_state_next_when = addr_length + s->cmd_dummies;
+ break;
+ case DIOR:
+ case DIOR_4:
+ s->link_state = 2;
break;
- case QIOR: /* 3 address bytes, 2 dummy bytes */
- s->snoop_state = 6;
+ case QIOR:
+ case QIOR_4:
+ s->link_state = 4;
break;
- default:
+ }
+ break;
+ case (SNOOP_ADDR):
+ /* Address has been transmitted, transmit dummy cycles now if
+ * needed */
+ if (s->cmd_dummies < 0) {
s->snoop_state = SNOOP_NONE;
+ } else {
+ s->snoop_state = s->cmd_dummies;
}
break;
case (SNOOP_STRIPING):
@@ -483,6 +609,7 @@ static void xilinx_qspips_write(void *opaque, hwaddr addr,
uint64_t value, unsigned size)
{
XilinxQSPIPS *q = XILINX_QSPIPS(opaque);
+ XilinxSPIPS *s = XILINX_SPIPS(opaque);
xilinx_spips_write(opaque, addr, value, size);
addr >>= 2;
@@ -490,6 +617,9 @@ static void xilinx_qspips_write(void *opaque, hwaddr addr,
if (addr == R_LQSPI_CFG) {
xilinx_qspips_invalidate_mmio_ptr(q);
}
+ if (s->regs[R_CMND] & R_CMND_RXFIFO_DRAIN) {
+ fifo8_reset(&s->rx_fifo);
+ }
}
static const MemoryRegionOps qspips_ops = {
@@ -632,6 +762,7 @@ static void xilinx_spips_realize(DeviceState *dev, Error **errp)
}
s->cs_lines = g_new0(qemu_irq, s->num_cs * s->num_busses);
+ s->cs_lines_state = g_new0(bool, s->num_cs * s->num_busses);
for (i = 0, cs = s->cs_lines; i < s->num_busses; ++i, cs += s->num_cs) {
ssi_auto_connect_slaves(DEVICE(s), cs, s->spi[i]);
}
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 08/43] xilinx_spips: Make tx/rx_data_bytes more generic and reusable
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (6 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 07/43] xilinx_spips: Add support for RX discard and RX drain Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 09/43] xilinx_spips: Add support for zero pumping Peter Maydell
` (35 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Make tx/rx_data_bytes more generic so they can be reused (when adding
support for the Zynqmp Generic QSPI).
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20171126231634.9531-9-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/ssi/xilinx_spips.c | 64 +++++++++++++++++++++++++++++----------------------
1 file changed, 37 insertions(+), 27 deletions(-)
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index 691d48d..4621dbb 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -47,7 +47,7 @@
/* config register */
#define R_CONFIG (0x00 / 4)
#define IFMODE (1U << 31)
-#define ENDIAN (1 << 26)
+#define R_CONFIG_ENDIAN (1 << 26)
#define MODEFAIL_GEN_EN (1 << 17)
#define MAN_START_COM (1 << 16)
#define MAN_START_EN (1 << 15)
@@ -450,13 +450,28 @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
}
}
-static inline void rx_data_bytes(XilinxSPIPS *s, uint8_t *value, int max)
+static inline void tx_data_bytes(Fifo8 *fifo, uint32_t value, int num, bool be)
{
int i;
+ for (i = 0; i < num && !fifo8_is_full(fifo); ++i) {
+ if (be) {
+ fifo8_push(fifo, (uint8_t)(value >> 24));
+ value <<= 8;
+ } else {
+ fifo8_push(fifo, (uint8_t)value);
+ value >>= 8;
+ }
+ }
+}
- for (i = 0; i < max && !fifo8_is_empty(&s->rx_fifo); ++i) {
- value[i] = fifo8_pop(&s->rx_fifo);
+static inline int rx_data_bytes(Fifo8 *fifo, uint8_t *value, int max)
+{
+ int i;
+
+ for (i = 0; i < max && !fifo8_is_empty(fifo); ++i) {
+ value[i] = fifo8_pop(fifo);
}
+ return max - i;
}
static uint64_t xilinx_spips_read(void *opaque, hwaddr addr,
@@ -466,6 +481,7 @@ static uint64_t xilinx_spips_read(void *opaque, hwaddr addr,
uint32_t mask = ~0;
uint32_t ret;
uint8_t rx_buf[4];
+ int shortfall;
addr >>= 2;
switch (addr) {
@@ -496,9 +512,13 @@ static uint64_t xilinx_spips_read(void *opaque, hwaddr addr,
break;
case R_RX_DATA:
memset(rx_buf, 0, sizeof(rx_buf));
- rx_data_bytes(s, rx_buf, s->num_txrx_bytes);
- ret = s->regs[R_CONFIG] & ENDIAN ? cpu_to_be32(*(uint32_t *)rx_buf)
- : cpu_to_le32(*(uint32_t *)rx_buf);
+ shortfall = rx_data_bytes(&s->rx_fifo, rx_buf, s->num_txrx_bytes);
+ ret = s->regs[R_CONFIG] & R_CONFIG_ENDIAN ?
+ cpu_to_be32(*(uint32_t *)rx_buf) :
+ cpu_to_le32(*(uint32_t *)rx_buf);
+ if (!(s->regs[R_CONFIG] & R_CONFIG_ENDIAN)) {
+ ret <<= 8 * shortfall;
+ }
DB_PRINT_L(0, "addr=" TARGET_FMT_plx " = %x\n", addr * 4, ret);
xilinx_spips_update_ixr(s);
return ret;
@@ -509,20 +529,6 @@ static uint64_t xilinx_spips_read(void *opaque, hwaddr addr,
}
-static inline void tx_data_bytes(XilinxSPIPS *s, uint32_t value, int num)
-{
- int i;
- for (i = 0; i < num && !fifo8_is_full(&s->tx_fifo); ++i) {
- if (s->regs[R_CONFIG] & ENDIAN) {
- fifo8_push(&s->tx_fifo, (uint8_t)(value >> 24));
- value <<= 8;
- } else {
- fifo8_push(&s->tx_fifo, (uint8_t)value);
- value >>= 8;
- }
- }
-}
-
static void xilinx_spips_write(void *opaque, hwaddr addr,
uint64_t value, unsigned size)
{
@@ -563,16 +569,20 @@ static void xilinx_spips_write(void *opaque, hwaddr addr,
mask = 0;
break;
case R_TX_DATA:
- tx_data_bytes(s, (uint32_t)value, s->num_txrx_bytes);
+ tx_data_bytes(&s->tx_fifo, (uint32_t)value, s->num_txrx_bytes,
+ s->regs[R_CONFIG] & R_CONFIG_ENDIAN);
goto no_reg_update;
case R_TXD1:
- tx_data_bytes(s, (uint32_t)value, 1);
+ tx_data_bytes(&s->tx_fifo, (uint32_t)value, 1,
+ s->regs[R_CONFIG] & R_CONFIG_ENDIAN);
goto no_reg_update;
case R_TXD2:
- tx_data_bytes(s, (uint32_t)value, 2);
+ tx_data_bytes(&s->tx_fifo, (uint32_t)value, 2,
+ s->regs[R_CONFIG] & R_CONFIG_ENDIAN);
goto no_reg_update;
case R_TXD3:
- tx_data_bytes(s, (uint32_t)value, 3);
+ tx_data_bytes(&s->tx_fifo, (uint32_t)value, 3,
+ s->regs[R_CONFIG] & R_CONFIG_ENDIAN);
goto no_reg_update;
}
s->regs[addr] = (s->regs[addr] & ~mask) | (value & mask);
@@ -682,11 +692,11 @@ static void lqspi_load_cache(void *opaque, hwaddr addr)
while (cache_entry < LQSPI_CACHE_SIZE) {
for (i = 0; i < 64; ++i) {
- tx_data_bytes(s, 0, 1);
+ tx_data_bytes(&s->tx_fifo, 0, 1, false);
}
xilinx_spips_flush_txfifo(s);
for (i = 0; i < 64; ++i) {
- rx_data_bytes(s, &q->lqspi_buf[cache_entry++], 1);
+ rx_data_bytes(&s->rx_fifo, &q->lqspi_buf[cache_entry++], 1);
}
}
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 09/43] xilinx_spips: Add support for zero pumping
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (7 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 08/43] xilinx_spips: Make tx/rx_data_bytes more generic and reusable Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 10/43] xilinx_spips: Add support for 4 byte addresses in the LQSPI Peter Maydell
` (34 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Add support for zero pumping according to the transfer size register.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20171126231634.9531-10-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
include/hw/ssi/xilinx_spips.h | 2 ++
hw/ssi/xilinx_spips.c | 47 ++++++++++++++++++++++++++++++++++++-------
2 files changed, 42 insertions(+), 7 deletions(-)
diff --git a/include/hw/ssi/xilinx_spips.h b/include/hw/ssi/xilinx_spips.h
index bac90a5..ad2175a 100644
--- a/include/hw/ssi/xilinx_spips.h
+++ b/include/hw/ssi/xilinx_spips.h
@@ -76,6 +76,8 @@ struct XilinxSPIPS {
uint32_t rx_discard;
uint32_t regs[XLNX_SPIPS_R_MAX];
+
+ bool man_start_com;
};
typedef struct {
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index 4621dbb..878b17e 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -109,6 +109,7 @@
FIELD(CMND, DUMMY_CYCLES, 2, 6)
#define R_CMND_DMA_EN (1 << 1)
#define R_CMND_PUSH_WAIT (1 << 0)
+#define R_TRANSFER_SIZE (0xc4 / 4)
#define R_LQSPI_STS (0xA4 / 4)
#define LQSPI_STS_WR_RECVD (1 << 1)
@@ -227,6 +228,7 @@ static void xilinx_spips_reset(DeviceState *d)
s->link_state_next_when = 0;
s->snoop_state = SNOOP_CHECKING;
s->cmd_dummies = 0;
+ s->man_start_com = false;
xilinx_spips_update_ixr(s);
xilinx_spips_update_cs_lines(s);
}
@@ -464,6 +466,41 @@ static inline void tx_data_bytes(Fifo8 *fifo, uint32_t value, int num, bool be)
}
}
+static void xilinx_spips_check_zero_pump(XilinxSPIPS *s)
+{
+ if (!s->regs[R_TRANSFER_SIZE]) {
+ return;
+ }
+ if (!fifo8_is_empty(&s->tx_fifo) && s->regs[R_CMND] & R_CMND_PUSH_WAIT) {
+ return;
+ }
+ /*
+ * The zero pump must never fill tx fifo such that rx overflow is
+ * possible
+ */
+ while (s->regs[R_TRANSFER_SIZE] &&
+ s->rx_fifo.num + s->tx_fifo.num < RXFF_A_Q - 3) {
+ /* endianess just doesn't matter when zero pumping */
+ tx_data_bytes(&s->tx_fifo, 0, 4, false);
+ s->regs[R_TRANSFER_SIZE] &= ~0x03ull;
+ s->regs[R_TRANSFER_SIZE] -= 4;
+ }
+}
+
+static void xilinx_spips_check_flush(XilinxSPIPS *s)
+{
+ if (s->man_start_com ||
+ (!fifo8_is_empty(&s->tx_fifo) &&
+ !(s->regs[R_CONFIG] & MAN_START_EN))) {
+ xilinx_spips_check_zero_pump(s);
+ xilinx_spips_flush_txfifo(s);
+ }
+ if (fifo8_is_empty(&s->tx_fifo) && !s->regs[R_TRANSFER_SIZE]) {
+ s->man_start_com = false;
+ }
+ xilinx_spips_update_ixr(s);
+}
+
static inline int rx_data_bytes(Fifo8 *fifo, uint8_t *value, int max)
{
int i;
@@ -533,7 +570,6 @@ static void xilinx_spips_write(void *opaque, hwaddr addr,
uint64_t value, unsigned size)
{
int mask = ~0;
- int man_start_com = 0;
XilinxSPIPS *s = opaque;
DB_PRINT_L(0, "addr=" TARGET_FMT_plx " = %x\n", addr, (unsigned)value);
@@ -541,8 +577,8 @@ static void xilinx_spips_write(void *opaque, hwaddr addr,
switch (addr) {
case R_CONFIG:
mask = ~(R_CONFIG_RSVD | MAN_START_COM);
- if (value & MAN_START_COM) {
- man_start_com = 1;
+ if ((value & MAN_START_COM) && (s->regs[R_CONFIG] & MAN_START_EN)) {
+ s->man_start_com = true;
}
break;
case R_INTR_STATUS:
@@ -588,10 +624,7 @@ static void xilinx_spips_write(void *opaque, hwaddr addr,
s->regs[addr] = (s->regs[addr] & ~mask) | (value & mask);
no_reg_update:
xilinx_spips_update_cs_lines(s);
- if ((man_start_com && s->regs[R_CONFIG] & MAN_START_EN) ||
- (fifo8_is_empty(&s->tx_fifo) && s->regs[R_CONFIG] & MAN_START_EN)) {
- xilinx_spips_flush_txfifo(s);
- }
+ xilinx_spips_check_flush(s);
xilinx_spips_update_cs_lines(s);
xilinx_spips_update_ixr(s);
}
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 10/43] xilinx_spips: Add support for 4 byte addresses in the LQSPI
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (8 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 09/43] xilinx_spips: Add support for zero pumping Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 11/43] xilinx_spips: Don't set TX FIFO UNDERFLOW at cmd done Peter Maydell
` (33 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Add support for 4 byte addresses in the LQSPI and correct LQSPI_CFG_SEP_BUS.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20171126231634.9531-11-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/ssi/xilinx_spips.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index 878b17e..ab54da8 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -92,8 +92,9 @@
#define R_LQSPI_CFG_RESET 0x03A002EB
#define LQSPI_CFG_LQ_MODE (1U << 31)
#define LQSPI_CFG_TWO_MEM (1 << 30)
-#define LQSPI_CFG_SEP_BUS (1 << 30)
+#define LQSPI_CFG_SEP_BUS (1 << 29)
#define LQSPI_CFG_U_PAGE (1 << 28)
+#define LQSPI_CFG_ADDR4 (1 << 27)
#define LQSPI_CFG_MODE_EN (1 << 25)
#define LQSPI_CFG_MODE_WIDTH 8
#define LQSPI_CFG_MODE_SHIFT 16
@@ -702,6 +703,9 @@ static void lqspi_load_cache(void *opaque, hwaddr addr)
fifo8_push(&s->tx_fifo, s->regs[R_LQSPI_CFG] & LQSPI_CFG_INST_CODE);
/* read address */
DB_PRINT_L(0, "pushing read address %06x\n", flash_addr);
+ if (s->regs[R_LQSPI_CFG] & LQSPI_CFG_ADDR4) {
+ fifo8_push(&s->tx_fifo, (uint8_t)(flash_addr >> 24));
+ }
fifo8_push(&s->tx_fifo, (uint8_t)(flash_addr >> 16));
fifo8_push(&s->tx_fifo, (uint8_t)(flash_addr >> 8));
fifo8_push(&s->tx_fifo, (uint8_t)flash_addr);
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 11/43] xilinx_spips: Don't set TX FIFO UNDERFLOW at cmd done
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (9 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 10/43] xilinx_spips: Add support for 4 byte addresses in the LQSPI Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 12/43] xilinx_spips: Add support for the ZynqMP Generic QSPI Peter Maydell
` (32 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Don't set TX FIFO UNDERFLOW interrupt after transmitting the commands.
Also update interrupts after reading out the interrupt status.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Acked-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20171126231634.9531-12-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/ssi/xilinx_spips.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index ab54da8..3805d8b 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -329,9 +329,6 @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s)
uint8_t addr_length;
if (fifo8_is_empty(&s->tx_fifo)) {
- if (!(s->regs[R_LQSPI_CFG] & LQSPI_CFG_LQ_MODE)) {
- s->regs[R_INTR_STATUS] |= IXR_TX_FIFO_UNDERFLOW;
- }
xilinx_spips_update_ixr(s);
return;
} else if (s->snoop_state == SNOOP_STRIPING) {
@@ -530,6 +527,7 @@ static uint64_t xilinx_spips_read(void *opaque, hwaddr addr,
ret = s->regs[addr] & IXR_ALL;
s->regs[addr] = 0;
DB_PRINT_L(0, "addr=" TARGET_FMT_plx " = %x\n", addr * 4, ret);
+ xilinx_spips_update_ixr(s);
return ret;
case R_INTR_MASK:
mask = IXR_ALL;
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 12/43] xilinx_spips: Add support for the ZynqMP Generic QSPI
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (10 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 11/43] xilinx_spips: Don't set TX FIFO UNDERFLOW at cmd done Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 13/43] xlnx-zcu102: Add support for the ZynqMP QSPI Peter Maydell
` (31 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Add support for the Zynq Ultrascale MPSoc Generic QSPI.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 20171126231634.9531-13-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
include/hw/ssi/xilinx_spips.h | 32 ++-
hw/ssi/xilinx_spips.c | 579 ++++++++++++++++++++++++++++++++++++----
default-configs/arm-softmmu.mak | 2 +-
3 files changed, 564 insertions(+), 49 deletions(-)
diff --git a/include/hw/ssi/xilinx_spips.h b/include/hw/ssi/xilinx_spips.h
index ad2175a..75fc94c 100644
--- a/include/hw/ssi/xilinx_spips.h
+++ b/include/hw/ssi/xilinx_spips.h
@@ -26,11 +26,13 @@
#define XILINX_SPIPS_H
#include "hw/ssi/ssi.h"
-#include "qemu/fifo8.h"
+#include "qemu/fifo32.h"
+#include "hw/stream.h"
typedef struct XilinxSPIPS XilinxSPIPS;
#define XLNX_SPIPS_R_MAX (0x100 / 4)
+#define XLNX_ZYNQMP_SPIPS_R_MAX (0x200 / 4)
/* Bite off 4k chunks at a time */
#define LQSPI_CACHE_SIZE 1024
@@ -89,6 +91,30 @@ typedef struct {
bool mmio_execution_enabled;
} XilinxQSPIPS;
+typedef struct {
+ XilinxQSPIPS parent_obj;
+
+ StreamSlave *dma;
+ uint8_t dma_buf[4];
+ int gqspi_irqline;
+
+ uint32_t regs[XLNX_ZYNQMP_SPIPS_R_MAX];
+
+ /* GQSPI has seperate tx/rx fifos */
+ Fifo8 rx_fifo_g;
+ Fifo8 tx_fifo_g;
+ Fifo32 fifo_g;
+ /*
+ * At the end of each generic command, misaligned extra bytes are discard
+ * or padded to tx and rx respectively to round it out (and avoid need for
+ * individual byte access. Since we use byte fifos, keep track of the
+ * alignment WRT to word access.
+ */
+ uint8_t rx_fifo_g_align;
+ uint8_t tx_fifo_g_align;
+ bool man_start_com_g;
+} XlnxZynqMPQSPIPS;
+
typedef struct XilinxSPIPSClass {
SysBusDeviceClass parent_class;
@@ -100,6 +126,7 @@ typedef struct XilinxSPIPSClass {
#define TYPE_XILINX_SPIPS "xlnx.ps7-spi"
#define TYPE_XILINX_QSPIPS "xlnx.ps7-qspi"
+#define TYPE_XLNX_ZYNQMP_QSPIPS "xlnx.usmp-gqspi"
#define XILINX_SPIPS(obj) \
OBJECT_CHECK(XilinxSPIPS, (obj), TYPE_XILINX_SPIPS)
@@ -111,4 +138,7 @@ typedef struct XilinxSPIPSClass {
#define XILINX_QSPIPS(obj) \
OBJECT_CHECK(XilinxQSPIPS, (obj), TYPE_XILINX_QSPIPS)
+#define XLNX_ZYNQMP_QSPIPS(obj) \
+ OBJECT_CHECK(XlnxZynqMPQSPIPS, (obj), TYPE_XLNX_ZYNQMP_QSPIPS)
+
#endif /* XILINX_SPIPS_H */
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index 3805d8b..ad1b2ba 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -31,6 +31,7 @@
#include "hw/ssi/xilinx_spips.h"
#include "qapi/error.h"
#include "hw/register.h"
+#include "sysemu/dma.h"
#include "migration/blocker.h"
#ifndef XILINX_SPIPS_ERR_DEBUG
@@ -69,13 +70,30 @@
#define R_INTR_DIS (0x0C / 4)
#define R_INTR_MASK (0x10 / 4)
#define IXR_TX_FIFO_UNDERFLOW (1 << 6)
+/* Poll timeout not implemented */
+#define IXR_RX_FIFO_EMPTY (1 << 11)
+#define IXR_GENERIC_FIFO_FULL (1 << 10)
+#define IXR_GENERIC_FIFO_NOT_FULL (1 << 9)
+#define IXR_TX_FIFO_EMPTY (1 << 8)
+#define IXR_GENERIC_FIFO_EMPTY (1 << 7)
#define IXR_RX_FIFO_FULL (1 << 5)
#define IXR_RX_FIFO_NOT_EMPTY (1 << 4)
#define IXR_TX_FIFO_FULL (1 << 3)
#define IXR_TX_FIFO_NOT_FULL (1 << 2)
#define IXR_TX_FIFO_MODE_FAIL (1 << 1)
#define IXR_RX_FIFO_OVERFLOW (1 << 0)
-#define IXR_ALL ((IXR_TX_FIFO_UNDERFLOW<<1)-1)
+#define IXR_ALL ((1 << 13) - 1)
+#define GQSPI_IXR_MASK 0xFBE
+#define IXR_SELF_CLEAR \
+(IXR_GENERIC_FIFO_EMPTY \
+| IXR_GENERIC_FIFO_FULL \
+| IXR_GENERIC_FIFO_NOT_FULL \
+| IXR_TX_FIFO_EMPTY \
+| IXR_TX_FIFO_FULL \
+| IXR_TX_FIFO_NOT_FULL \
+| IXR_RX_FIFO_EMPTY \
+| IXR_RX_FIFO_FULL \
+| IXR_RX_FIFO_NOT_EMPTY)
#define R_EN (0x14 / 4)
#define R_DELAY (0x18 / 4)
@@ -116,9 +134,54 @@
#define R_MOD_ID (0xFC / 4)
+#define R_GQSPI_SELECT (0x144 / 4)
+ FIELD(GQSPI_SELECT, GENERIC_QSPI_EN, 0, 1)
+#define R_GQSPI_ISR (0x104 / 4)
+#define R_GQSPI_IER (0x108 / 4)
+#define R_GQSPI_IDR (0x10c / 4)
+#define R_GQSPI_IMR (0x110 / 4)
+#define R_GQSPI_TX_THRESH (0x128 / 4)
+#define R_GQSPI_RX_THRESH (0x12c / 4)
+#define R_GQSPI_CNFG (0x100 / 4)
+ FIELD(GQSPI_CNFG, MODE_EN, 30, 2)
+ FIELD(GQSPI_CNFG, GEN_FIFO_START_MODE, 29, 1)
+ FIELD(GQSPI_CNFG, GEN_FIFO_START, 28, 1)
+ FIELD(GQSPI_CNFG, ENDIAN, 26, 1)
+ /* Poll timeout not implemented */
+ FIELD(GQSPI_CNFG, EN_POLL_TIMEOUT, 20, 1)
+ /* QEMU doesnt care about any of these last three */
+ FIELD(GQSPI_CNFG, BR, 3, 3)
+ FIELD(GQSPI_CNFG, CPH, 2, 1)
+ FIELD(GQSPI_CNFG, CPL, 1, 1)
+#define R_GQSPI_GEN_FIFO (0x140 / 4)
+#define R_GQSPI_TXD (0x11c / 4)
+#define R_GQSPI_RXD (0x120 / 4)
+#define R_GQSPI_FIFO_CTRL (0x14c / 4)
+ FIELD(GQSPI_FIFO_CTRL, RX_FIFO_RESET, 2, 1)
+ FIELD(GQSPI_FIFO_CTRL, TX_FIFO_RESET, 1, 1)
+ FIELD(GQSPI_FIFO_CTRL, GENERIC_FIFO_RESET, 0, 1)
+#define R_GQSPI_GFIFO_THRESH (0x150 / 4)
+#define R_GQSPI_DATA_STS (0x15c / 4)
+/* We use the snapshot register to hold the core state for the currently
+ * or most recently executed command. So the generic fifo format is defined
+ * for the snapshot register
+ */
+#define R_GQSPI_GF_SNAPSHOT (0x160 / 4)
+ FIELD(GQSPI_GF_SNAPSHOT, POLL, 19, 1)
+ FIELD(GQSPI_GF_SNAPSHOT, STRIPE, 18, 1)
+ FIELD(GQSPI_GF_SNAPSHOT, RECIEVE, 17, 1)
+ FIELD(GQSPI_GF_SNAPSHOT, TRANSMIT, 16, 1)
+ FIELD(GQSPI_GF_SNAPSHOT, DATA_BUS_SELECT, 14, 2)
+ FIELD(GQSPI_GF_SNAPSHOT, CHIP_SELECT, 12, 2)
+ FIELD(GQSPI_GF_SNAPSHOT, SPI_MODE, 10, 2)
+ FIELD(GQSPI_GF_SNAPSHOT, EXPONENT, 9, 1)
+ FIELD(GQSPI_GF_SNAPSHOT, DATA_XFER, 8, 1)
+ FIELD(GQSPI_GF_SNAPSHOT, IMMEDIATE_DATA, 0, 8)
+#define R_GQSPI_MOD_ID (0x168 / 4)
+#define R_GQSPI_MOD_ID_VALUE 0x010A0000
/* size of TXRX FIFOs */
-#define RXFF_A 32
-#define TXFF_A 32
+#define RXFF_A (128)
+#define TXFF_A (128)
#define RXFF_A_Q (64 * 4)
#define TXFF_A_Q (64 * 4)
@@ -137,42 +200,22 @@ static inline int num_effective_busses(XilinxSPIPS *s)
s->regs[R_LQSPI_CFG] & LQSPI_CFG_TWO_MEM) ? s->num_busses : 1;
}
-static inline bool xilinx_spips_cs_is_set(XilinxSPIPS *s, int i, int field)
-{
- return ~field & (1 << i) && (s->regs[R_CONFIG] & MANUAL_CS
- || !fifo8_is_empty(&s->tx_fifo));
-}
-
-static void xilinx_spips_update_cs_lines(XilinxSPIPS *s)
+static void xilinx_spips_update_cs(XilinxSPIPS *s, int field)
{
- int i, j;
- bool found = false;
- int field = s->regs[R_CONFIG] >> CS_SHIFT;
+ int i;
for (i = 0; i < s->num_cs; i++) {
- for (j = 0; j < num_effective_busses(s); j++) {
- int upage = !!(s->regs[R_LQSPI_STS] & LQSPI_CFG_U_PAGE);
- int cs_to_set = (j * s->num_cs + i + upage) %
- (s->num_cs * s->num_busses);
-
- if (xilinx_spips_cs_is_set(s, i, field) && !found) {
- DB_PRINT_L(0, "selecting slave %d\n", i);
- qemu_set_irq(s->cs_lines[cs_to_set], 0);
- if (s->cs_lines_state[cs_to_set]) {
- s->cs_lines_state[cs_to_set] = false;
- s->rx_discard = ARRAY_FIELD_EX32(s->regs, CMND, RX_DISCARD);
- }
- } else {
- DB_PRINT_L(0, "deselecting slave %d\n", i);
- qemu_set_irq(s->cs_lines[cs_to_set], 1);
- s->cs_lines_state[cs_to_set] = true;
- }
- }
- if (xilinx_spips_cs_is_set(s, i, field)) {
- found = true;
+ bool old_state = s->cs_lines_state[i];
+ bool new_state = field & (1 << i);
+
+ if (old_state != new_state) {
+ s->cs_lines_state[i] = new_state;
+ s->rx_discard = ARRAY_FIELD_EX32(s->regs, CMND, RX_DISCARD);
+ DB_PRINT_L(1, "%sselecting slave %d\n", new_state ? "" : "de", i);
}
+ qemu_set_irq(s->cs_lines[i], !new_state);
}
- if (!found) {
+ if (!(field & ((1 << s->num_cs) - 1))) {
s->snoop_state = SNOOP_CHECKING;
s->cmd_dummies = 0;
s->link_state = 1;
@@ -182,21 +225,51 @@ static void xilinx_spips_update_cs_lines(XilinxSPIPS *s)
}
}
+static void xlnx_zynqmp_qspips_update_cs_lines(XlnxZynqMPQSPIPS *s)
+{
+ if (s->regs[R_GQSPI_GF_SNAPSHOT]) {
+ int field = ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, CHIP_SELECT);
+ xilinx_spips_update_cs(XILINX_SPIPS(s), field);
+ }
+}
+
+static void xilinx_spips_update_cs_lines(XilinxSPIPS *s)
+{
+ int field = ~((s->regs[R_CONFIG] & CS) >> CS_SHIFT);
+
+ /* In dual parallel, mirror low CS to both */
+ if (num_effective_busses(s) == 2) {
+ /* Single bit chip-select for qspi */
+ field &= 0x1;
+ field |= field << 1;
+ /* Dual stack U-Page */
+ } else if (s->regs[R_LQSPI_CFG] & LQSPI_CFG_TWO_MEM &&
+ s->regs[R_LQSPI_STS] & LQSPI_CFG_U_PAGE) {
+ /* Single bit chip-select for qspi */
+ field &= 0x1;
+ /* change from CS0 to CS1 */
+ field <<= 1;
+ }
+ /* Auto CS */
+ if (!(s->regs[R_CONFIG] & MANUAL_CS) &&
+ fifo8_is_empty(&s->tx_fifo)) {
+ field = 0;
+ }
+ xilinx_spips_update_cs(s, field);
+}
+
static void xilinx_spips_update_ixr(XilinxSPIPS *s)
{
- if (s->regs[R_LQSPI_CFG] & LQSPI_CFG_LQ_MODE) {
- return;
+ if (!(s->regs[R_LQSPI_CFG] & LQSPI_CFG_LQ_MODE)) {
+ s->regs[R_INTR_STATUS] &= ~IXR_SELF_CLEAR;
+ s->regs[R_INTR_STATUS] |=
+ (fifo8_is_full(&s->rx_fifo) ? IXR_RX_FIFO_FULL : 0) |
+ (s->rx_fifo.num >= s->regs[R_RX_THRES] ?
+ IXR_RX_FIFO_NOT_EMPTY : 0) |
+ (fifo8_is_full(&s->tx_fifo) ? IXR_TX_FIFO_FULL : 0) |
+ (fifo8_is_empty(&s->tx_fifo) ? IXR_TX_FIFO_EMPTY : 0) |
+ (s->tx_fifo.num < s->regs[R_TX_THRES] ? IXR_TX_FIFO_NOT_FULL : 0);
}
- /* These are set/cleared as they occur */
- s->regs[R_INTR_STATUS] &= (IXR_TX_FIFO_UNDERFLOW | IXR_RX_FIFO_OVERFLOW |
- IXR_TX_FIFO_MODE_FAIL);
- /* these are pure functions of fifo state, set them here */
- s->regs[R_INTR_STATUS] |=
- (fifo8_is_full(&s->rx_fifo) ? IXR_RX_FIFO_FULL : 0) |
- (s->rx_fifo.num >= s->regs[R_RX_THRES] ? IXR_RX_FIFO_NOT_EMPTY : 0) |
- (fifo8_is_full(&s->tx_fifo) ? IXR_TX_FIFO_FULL : 0) |
- (s->tx_fifo.num < s->regs[R_TX_THRES] ? IXR_TX_FIFO_NOT_FULL : 0);
- /* drive external interrupt pin */
int new_irqline = !!(s->regs[R_INTR_MASK] & s->regs[R_INTR_STATUS] &
IXR_ALL);
if (new_irqline != s->irqline) {
@@ -205,6 +278,37 @@ static void xilinx_spips_update_ixr(XilinxSPIPS *s)
}
}
+static void xlnx_zynqmp_qspips_update_ixr(XlnxZynqMPQSPIPS *s)
+{
+ uint32_t gqspi_int;
+ int new_irqline;
+
+ s->regs[R_GQSPI_ISR] &= ~IXR_SELF_CLEAR;
+ s->regs[R_GQSPI_ISR] |=
+ (fifo32_is_empty(&s->fifo_g) ? IXR_GENERIC_FIFO_EMPTY : 0) |
+ (fifo32_is_full(&s->fifo_g) ? IXR_GENERIC_FIFO_FULL : 0) |
+ (s->fifo_g.fifo.num < s->regs[R_GQSPI_GFIFO_THRESH] ?
+ IXR_GENERIC_FIFO_NOT_FULL : 0) |
+ (fifo8_is_empty(&s->rx_fifo_g) ? IXR_RX_FIFO_EMPTY : 0) |
+ (fifo8_is_full(&s->rx_fifo_g) ? IXR_RX_FIFO_FULL : 0) |
+ (s->rx_fifo_g.num >= s->regs[R_GQSPI_RX_THRESH] ?
+ IXR_RX_FIFO_NOT_EMPTY : 0) |
+ (fifo8_is_empty(&s->tx_fifo_g) ? IXR_TX_FIFO_EMPTY : 0) |
+ (fifo8_is_full(&s->tx_fifo_g) ? IXR_TX_FIFO_FULL : 0) |
+ (s->tx_fifo_g.num < s->regs[R_GQSPI_TX_THRESH] ?
+ IXR_TX_FIFO_NOT_FULL : 0);
+
+ /* GQSPI Interrupt Trigger Status */
+ gqspi_int = (~s->regs[R_GQSPI_IMR]) & s->regs[R_GQSPI_ISR] & GQSPI_IXR_MASK;
+ new_irqline = !!(gqspi_int & IXR_ALL);
+
+ /* drive external interrupt pin */
+ if (new_irqline != s->gqspi_irqline) {
+ s->gqspi_irqline = new_irqline;
+ qemu_set_irq(XILINX_SPIPS(s)->irq, s->gqspi_irqline);
+ }
+}
+
static void xilinx_spips_reset(DeviceState *d)
{
XilinxSPIPS *s = XILINX_SPIPS(d);
@@ -234,6 +338,28 @@ static void xilinx_spips_reset(DeviceState *d)
xilinx_spips_update_cs_lines(s);
}
+static void xlnx_zynqmp_qspips_reset(DeviceState *d)
+{
+ XlnxZynqMPQSPIPS *s = XLNX_ZYNQMP_QSPIPS(d);
+ int i;
+
+ xilinx_spips_reset(d);
+
+ for (i = 0; i < XLNX_ZYNQMP_SPIPS_R_MAX; i++) {
+ s->regs[i] = 0;
+ }
+ fifo8_reset(&s->rx_fifo_g);
+ fifo8_reset(&s->rx_fifo_g);
+ fifo32_reset(&s->fifo_g);
+ s->regs[R_GQSPI_TX_THRESH] = 1;
+ s->regs[R_GQSPI_RX_THRESH] = 1;
+ s->regs[R_GQSPI_GFIFO_THRESH] = 1;
+ s->regs[R_GQSPI_IMR] = GQSPI_IXR_MASK;
+ s->man_start_com_g = false;
+ s->gqspi_irqline = 0;
+ xlnx_zynqmp_qspips_update_ixr(s);
+}
+
/* N way (num) in place bit striper. Lay out row wise bits (MSB to LSB)
* column wise (from element 0 to N-1). num is the length of x, and dir
* reverses the direction of the transform. Best illustrated by example:
@@ -264,6 +390,108 @@ static inline void stripe8(uint8_t *x, int num, bool dir)
memcpy(x, r, sizeof(uint8_t) * num);
}
+static void xlnx_zynqmp_qspips_flush_fifo_g(XlnxZynqMPQSPIPS *s)
+{
+ while (s->regs[R_GQSPI_DATA_STS] || !fifo32_is_empty(&s->fifo_g)) {
+ uint8_t tx_rx[2] = { 0 };
+ int num_stripes = 1;
+ uint8_t busses;
+ int i;
+
+ if (!s->regs[R_GQSPI_DATA_STS]) {
+ uint8_t imm;
+
+ s->regs[R_GQSPI_GF_SNAPSHOT] = fifo32_pop(&s->fifo_g);
+ DB_PRINT_L(0, "GQSPI command: %x\n", s->regs[R_GQSPI_GF_SNAPSHOT]);
+ if (!s->regs[R_GQSPI_GF_SNAPSHOT]) {
+ DB_PRINT_L(0, "Dummy GQSPI Delay Command Entry, Do nothing");
+ continue;
+ }
+ xlnx_zynqmp_qspips_update_cs_lines(s);
+
+ imm = ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, IMMEDIATE_DATA);
+ if (!ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, DATA_XFER)) {
+ /* immedate transfer */
+ if (ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, TRANSMIT) ||
+ ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, RECIEVE)) {
+ s->regs[R_GQSPI_DATA_STS] = 1;
+ /* CS setup/hold - do nothing */
+ } else {
+ s->regs[R_GQSPI_DATA_STS] = 0;
+ }
+ } else if (ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, EXPONENT)) {
+ if (imm > 31) {
+ qemu_log_mask(LOG_UNIMP, "QSPI exponential transfer too"
+ " long - 2 ^ %" PRId8 " requested\n", imm);
+ }
+ s->regs[R_GQSPI_DATA_STS] = 1ul << imm;
+ } else {
+ s->regs[R_GQSPI_DATA_STS] = imm;
+ }
+ }
+ /* Zero length transfer check */
+ if (!s->regs[R_GQSPI_DATA_STS]) {
+ continue;
+ }
+ if (ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, RECIEVE) &&
+ fifo8_is_full(&s->rx_fifo_g)) {
+ /* No space in RX fifo for transfer - try again later */
+ return;
+ }
+ if (ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, STRIPE) &&
+ (ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, TRANSMIT) ||
+ ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, RECIEVE))) {
+ num_stripes = 2;
+ }
+ if (!ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, DATA_XFER)) {
+ tx_rx[0] = ARRAY_FIELD_EX32(s->regs,
+ GQSPI_GF_SNAPSHOT, IMMEDIATE_DATA);
+ } else if (ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, TRANSMIT)) {
+ for (i = 0; i < num_stripes; ++i) {
+ if (!fifo8_is_empty(&s->tx_fifo_g)) {
+ tx_rx[i] = fifo8_pop(&s->tx_fifo_g);
+ s->tx_fifo_g_align++;
+ } else {
+ return;
+ }
+ }
+ }
+ if (num_stripes == 1) {
+ /* mirror */
+ tx_rx[1] = tx_rx[0];
+ }
+ busses = ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, DATA_BUS_SELECT);
+ for (i = 0; i < 2; ++i) {
+ DB_PRINT_L(1, "bus %d tx = %02x\n", i, tx_rx[i]);
+ tx_rx[i] = ssi_transfer(XILINX_SPIPS(s)->spi[i], tx_rx[i]);
+ DB_PRINT_L(1, "bus %d rx = %02x\n", i, tx_rx[i]);
+ }
+ if (s->regs[R_GQSPI_DATA_STS] > 1 &&
+ busses == 0x3 && num_stripes == 2) {
+ s->regs[R_GQSPI_DATA_STS] -= 2;
+ } else if (s->regs[R_GQSPI_DATA_STS] > 0) {
+ s->regs[R_GQSPI_DATA_STS]--;
+ }
+ if (ARRAY_FIELD_EX32(s->regs, GQSPI_GF_SNAPSHOT, RECIEVE)) {
+ for (i = 0; i < 2; ++i) {
+ if (busses & (1 << i)) {
+ DB_PRINT_L(1, "bus %d push_byte = %02x\n", i, tx_rx[i]);
+ fifo8_push(&s->rx_fifo_g, tx_rx[i]);
+ s->rx_fifo_g_align++;
+ }
+ }
+ }
+ if (!s->regs[R_GQSPI_DATA_STS]) {
+ for (; s->tx_fifo_g_align % 4; s->tx_fifo_g_align++) {
+ fifo8_pop(&s->tx_fifo_g);
+ }
+ for (; s->rx_fifo_g_align % 4; s->rx_fifo_g_align++) {
+ fifo8_push(&s->rx_fifo_g, 0);
+ }
+ }
+ }
+}
+
static int xilinx_spips_num_dummies(XilinxQSPIPS *qs, uint8_t command)
{
if (!qs) {
@@ -499,6 +727,25 @@ static void xilinx_spips_check_flush(XilinxSPIPS *s)
xilinx_spips_update_ixr(s);
}
+static void xlnx_zynqmp_qspips_check_flush(XlnxZynqMPQSPIPS *s)
+{
+ bool gqspi_has_work = s->regs[R_GQSPI_DATA_STS] ||
+ !fifo32_is_empty(&s->fifo_g);
+
+ if (ARRAY_FIELD_EX32(s->regs, GQSPI_SELECT, GENERIC_QSPI_EN)) {
+ if (s->man_start_com_g || (gqspi_has_work &&
+ !ARRAY_FIELD_EX32(s->regs, GQSPI_CNFG, GEN_FIFO_START_MODE))) {
+ xlnx_zynqmp_qspips_flush_fifo_g(s);
+ }
+ } else {
+ xilinx_spips_check_flush(XILINX_SPIPS(s));
+ }
+ if (!gqspi_has_work) {
+ s->man_start_com_g = false;
+ }
+ xlnx_zynqmp_qspips_update_ixr(s);
+}
+
static inline int rx_data_bytes(Fifo8 *fifo, uint8_t *value, int max)
{
int i;
@@ -509,6 +756,53 @@ static inline int rx_data_bytes(Fifo8 *fifo, uint8_t *value, int max)
return max - i;
}
+static const void *pop_buf(Fifo8 *fifo, uint32_t max, uint32_t *num)
+{
+ void *ret;
+
+ if (max == 0 || max > fifo->num) {
+ abort();
+ }
+ *num = MIN(fifo->capacity - fifo->head, max);
+ ret = &fifo->data[fifo->head];
+ fifo->head += *num;
+ fifo->head %= fifo->capacity;
+ fifo->num -= *num;
+ return ret;
+}
+
+static void xlnx_zynqmp_qspips_notify(void *opaque)
+{
+ XlnxZynqMPQSPIPS *rq = XLNX_ZYNQMP_QSPIPS(opaque);
+ XilinxSPIPS *s = XILINX_SPIPS(rq);
+ Fifo8 *recv_fifo;
+
+ if (ARRAY_FIELD_EX32(rq->regs, GQSPI_SELECT, GENERIC_QSPI_EN)) {
+ if (!(ARRAY_FIELD_EX32(rq->regs, GQSPI_CNFG, MODE_EN) == 2)) {
+ return;
+ }
+ recv_fifo = &rq->rx_fifo_g;
+ } else {
+ if (!(s->regs[R_CMND] & R_CMND_DMA_EN)) {
+ return;
+ }
+ recv_fifo = &s->rx_fifo;
+ }
+ while (recv_fifo->num >= 4
+ && stream_can_push(rq->dma, xlnx_zynqmp_qspips_notify, rq))
+ {
+ size_t ret;
+ uint32_t num;
+ const void *rxd = pop_buf(recv_fifo, 4, &num);
+
+ memcpy(rq->dma_buf, rxd, num);
+
+ ret = stream_push(rq->dma, rq->dma_buf, 4);
+ assert(ret == 4);
+ xlnx_zynqmp_qspips_check_flush(rq);
+ }
+}
+
static uint64_t xilinx_spips_read(void *opaque, hwaddr addr,
unsigned size)
{
@@ -556,6 +850,7 @@ static uint64_t xilinx_spips_read(void *opaque, hwaddr addr,
ret <<= 8 * shortfall;
}
DB_PRINT_L(0, "addr=" TARGET_FMT_plx " = %x\n", addr * 4, ret);
+ xilinx_spips_check_flush(s);
xilinx_spips_update_ixr(s);
return ret;
}
@@ -565,6 +860,43 @@ static uint64_t xilinx_spips_read(void *opaque, hwaddr addr,
}
+static uint64_t xlnx_zynqmp_qspips_read(void *opaque,
+ hwaddr addr, unsigned size)
+{
+ XlnxZynqMPQSPIPS *s = XLNX_ZYNQMP_QSPIPS(opaque);
+ uint32_t reg = addr / 4;
+ uint32_t ret;
+ uint8_t rx_buf[4];
+ int shortfall;
+
+ if (reg <= R_MOD_ID) {
+ return xilinx_spips_read(opaque, addr, size);
+ } else {
+ switch (reg) {
+ case R_GQSPI_RXD:
+ if (fifo8_is_empty(&s->rx_fifo_g)) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "Read from empty GQSPI RX FIFO\n");
+ return 0;
+ }
+ memset(rx_buf, 0, sizeof(rx_buf));
+ shortfall = rx_data_bytes(&s->rx_fifo_g, rx_buf,
+ XILINX_SPIPS(s)->num_txrx_bytes);
+ ret = ARRAY_FIELD_EX32(s->regs, GQSPI_CNFG, ENDIAN) ?
+ cpu_to_be32(*(uint32_t *)rx_buf) :
+ cpu_to_le32(*(uint32_t *)rx_buf);
+ if (!ARRAY_FIELD_EX32(s->regs, GQSPI_CNFG, ENDIAN)) {
+ ret <<= 8 * shortfall;
+ }
+ xlnx_zynqmp_qspips_check_flush(s);
+ xlnx_zynqmp_qspips_update_ixr(s);
+ return ret;
+ default:
+ return s->regs[reg];
+ }
+ }
+}
+
static void xilinx_spips_write(void *opaque, hwaddr addr,
uint64_t value, unsigned size)
{
@@ -664,12 +996,81 @@ static void xilinx_qspips_write(void *opaque, hwaddr addr,
}
}
+static void xlnx_zynqmp_qspips_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size)
+{
+ XlnxZynqMPQSPIPS *s = XLNX_ZYNQMP_QSPIPS(opaque);
+ uint32_t reg = addr / 4;
+
+ if (reg <= R_MOD_ID) {
+ xilinx_qspips_write(opaque, addr, value, size);
+ } else {
+ switch (reg) {
+ case R_GQSPI_CNFG:
+ if (FIELD_EX32(value, GQSPI_CNFG, GEN_FIFO_START) &&
+ ARRAY_FIELD_EX32(s->regs, GQSPI_CNFG, GEN_FIFO_START_MODE)) {
+ s->man_start_com_g = true;
+ }
+ s->regs[reg] = value & ~(R_GQSPI_CNFG_GEN_FIFO_START_MASK);
+ break;
+ case R_GQSPI_GEN_FIFO:
+ if (!fifo32_is_full(&s->fifo_g)) {
+ fifo32_push(&s->fifo_g, value);
+ }
+ break;
+ case R_GQSPI_TXD:
+ tx_data_bytes(&s->tx_fifo_g, (uint32_t)value, 4,
+ ARRAY_FIELD_EX32(s->regs, GQSPI_CNFG, ENDIAN));
+ break;
+ case R_GQSPI_FIFO_CTRL:
+ if (FIELD_EX32(value, GQSPI_FIFO_CTRL, GENERIC_FIFO_RESET)) {
+ fifo32_reset(&s->fifo_g);
+ }
+ if (FIELD_EX32(value, GQSPI_FIFO_CTRL, TX_FIFO_RESET)) {
+ fifo8_reset(&s->tx_fifo_g);
+ }
+ if (FIELD_EX32(value, GQSPI_FIFO_CTRL, RX_FIFO_RESET)) {
+ fifo8_reset(&s->rx_fifo_g);
+ }
+ break;
+ case R_GQSPI_IDR:
+ s->regs[R_GQSPI_IMR] |= value;
+ break;
+ case R_GQSPI_IER:
+ s->regs[R_GQSPI_IMR] &= ~value;
+ break;
+ case R_GQSPI_ISR:
+ s->regs[R_GQSPI_ISR] &= ~value;
+ break;
+ case R_GQSPI_IMR:
+ case R_GQSPI_RXD:
+ case R_GQSPI_GF_SNAPSHOT:
+ case R_GQSPI_MOD_ID:
+ break;
+ default:
+ s->regs[reg] = value;
+ break;
+ }
+ xlnx_zynqmp_qspips_update_cs_lines(s);
+ xlnx_zynqmp_qspips_check_flush(s);
+ xlnx_zynqmp_qspips_update_cs_lines(s);
+ xlnx_zynqmp_qspips_update_ixr(s);
+ }
+ xlnx_zynqmp_qspips_notify(s);
+}
+
static const MemoryRegionOps qspips_ops = {
.read = xilinx_spips_read,
.write = xilinx_qspips_write,
.endianness = DEVICE_LITTLE_ENDIAN,
};
+static const MemoryRegionOps xlnx_zynqmp_qspips_ops = {
+ .read = xlnx_zynqmp_qspips_read,
+ .write = xlnx_zynqmp_qspips_write,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
#define LQSPI_CACHE_SIZE 1024
static void lqspi_load_cache(void *opaque, hwaddr addr)
@@ -818,7 +1219,7 @@ static void xilinx_spips_realize(DeviceState *dev, Error **errp)
}
memory_region_init_io(&s->iomem, OBJECT(s), xsc->reg_ops, s,
- "spi", XLNX_SPIPS_R_MAX * 4);
+ "spi", XLNX_ZYNQMP_SPIPS_R_MAX * 4);
sysbus_init_mmio(sbd, &s->iomem);
s->irqline = -1;
@@ -856,6 +1257,28 @@ static void xilinx_qspips_realize(DeviceState *dev, Error **errp)
}
}
+static void xlnx_zynqmp_qspips_realize(DeviceState *dev, Error **errp)
+{
+ XlnxZynqMPQSPIPS *s = XLNX_ZYNQMP_QSPIPS(dev);
+ XilinxSPIPSClass *xsc = XILINX_SPIPS_GET_CLASS(s);
+
+ xilinx_qspips_realize(dev, errp);
+ fifo8_create(&s->rx_fifo_g, xsc->rx_fifo_size);
+ fifo8_create(&s->tx_fifo_g, xsc->tx_fifo_size);
+ fifo32_create(&s->fifo_g, 32);
+}
+
+static void xlnx_zynqmp_qspips_init(Object *obj)
+{
+ XlnxZynqMPQSPIPS *rq = XLNX_ZYNQMP_QSPIPS(obj);
+
+ object_property_add_link(obj, "stream-connected-dma", TYPE_STREAM_SLAVE,
+ (Object **)&rq->dma,
+ object_property_allow_set_link,
+ OBJ_PROP_LINK_UNREF_ON_RELEASE,
+ NULL);
+}
+
static int xilinx_spips_post_load(void *opaque, int version_id)
{
xilinx_spips_update_ixr((XilinxSPIPS *)opaque);
@@ -877,6 +1300,46 @@ static const VMStateDescription vmstate_xilinx_spips = {
}
};
+static int xlnx_zynqmp_qspips_post_load(void *opaque, int version_id)
+{
+ XlnxZynqMPQSPIPS *s = (XlnxZynqMPQSPIPS *)opaque;
+ XilinxSPIPS *qs = XILINX_SPIPS(s);
+
+ if (ARRAY_FIELD_EX32(s->regs, GQSPI_SELECT, GENERIC_QSPI_EN) &&
+ fifo8_is_empty(&qs->rx_fifo) && fifo8_is_empty(&qs->tx_fifo)) {
+ xlnx_zynqmp_qspips_update_ixr(s);
+ xlnx_zynqmp_qspips_update_cs_lines(s);
+ }
+ return 0;
+}
+
+static const VMStateDescription vmstate_xilinx_qspips = {
+ .name = "xilinx_qspips",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(parent_obj, XilinxQSPIPS, 0,
+ vmstate_xilinx_spips, XilinxSPIPS),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_xlnx_zynqmp_qspips = {
+ .name = "xlnx_zynqmp_qspips",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .post_load = xlnx_zynqmp_qspips_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(parent_obj, XlnxZynqMPQSPIPS, 0,
+ vmstate_xilinx_qspips, XilinxQSPIPS),
+ VMSTATE_FIFO8(tx_fifo_g, XlnxZynqMPQSPIPS),
+ VMSTATE_FIFO8(rx_fifo_g, XlnxZynqMPQSPIPS),
+ VMSTATE_FIFO32(fifo_g, XlnxZynqMPQSPIPS),
+ VMSTATE_UINT32_ARRAY(regs, XlnxZynqMPQSPIPS, XLNX_ZYNQMP_SPIPS_R_MAX),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
static Property xilinx_qspips_properties[] = {
/* We had to turn this off for 2.10 as it is not compatible with migration.
* It can be enabled but will prevent the device to be migrated.
@@ -921,6 +1384,19 @@ static void xilinx_spips_class_init(ObjectClass *klass, void *data)
xsc->tx_fifo_size = TXFF_A;
}
+static void xlnx_zynqmp_qspips_class_init(ObjectClass *klass, void * data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ XilinxSPIPSClass *xsc = XILINX_SPIPS_CLASS(klass);
+
+ dc->realize = xlnx_zynqmp_qspips_realize;
+ dc->reset = xlnx_zynqmp_qspips_reset;
+ dc->vmsd = &vmstate_xlnx_zynqmp_qspips;
+ xsc->reg_ops = &xlnx_zynqmp_qspips_ops;
+ xsc->rx_fifo_size = RXFF_A_Q;
+ xsc->tx_fifo_size = TXFF_A_Q;
+}
+
static const TypeInfo xilinx_spips_info = {
.name = TYPE_XILINX_SPIPS,
.parent = TYPE_SYS_BUS_DEVICE,
@@ -936,10 +1412,19 @@ static const TypeInfo xilinx_qspips_info = {
.class_init = xilinx_qspips_class_init,
};
+static const TypeInfo xlnx_zynqmp_qspips_info = {
+ .name = TYPE_XLNX_ZYNQMP_QSPIPS,
+ .parent = TYPE_XILINX_QSPIPS,
+ .instance_size = sizeof(XlnxZynqMPQSPIPS),
+ .instance_init = xlnx_zynqmp_qspips_init,
+ .class_init = xlnx_zynqmp_qspips_class_init,
+};
+
static void xilinx_spips_register_types(void)
{
type_register_static(&xilinx_spips_info);
type_register_static(&xilinx_qspips_info);
+ type_register_static(&xlnx_zynqmp_qspips_info);
}
type_init(xilinx_spips_register_types)
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index d37edc4..b0d6e65 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -130,5 +130,5 @@ CONFIG_SMBIOS=y
CONFIG_ASPEED_SOC=y
CONFIG_GPIO_KEY=y
CONFIG_MSF2=y
-
CONFIG_FW_CFG_DMA=y
+CONFIG_XILINX_AXI=y
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 13/43] xlnx-zcu102: Add support for the ZynqMP QSPI
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (11 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 12/43] xilinx_spips: Add support for the ZynqMP Generic QSPI Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 14/43] hw/intc/arm_gicv3_its: Don't call post_load on reset Peter Maydell
` (30 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Francisco Iglesias <frasse.iglesias@gmail.com>
Add support for the ZynqMP QSPI (consisting of the Generic QSPI and Legacy
QSPI) and connect Numonyx n25q512a11 flashes to it.
Signed-off-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20171126231634.9531-14-frasse.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
include/hw/arm/xlnx-zynqmp.h | 5 +++++
hw/arm/xlnx-zcu102.c | 23 +++++++++++++++++++++++
hw/arm/xlnx-zynqmp.c | 26 ++++++++++++++++++++++++++
3 files changed, 54 insertions(+)
diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
index 6eff81a..3e6fb9b 100644
--- a/include/hw/arm/xlnx-zynqmp.h
+++ b/include/hw/arm/xlnx-zynqmp.h
@@ -40,6 +40,10 @@
#define XLNX_ZYNQMP_NUM_SDHCI 2
#define XLNX_ZYNQMP_NUM_SPIS 2
+#define XLNX_ZYNQMP_NUM_QSPI_BUS 2
+#define XLNX_ZYNQMP_NUM_QSPI_BUS_CS 2
+#define XLNX_ZYNQMP_NUM_QSPI_FLASH 4
+
#define XLNX_ZYNQMP_NUM_OCM_BANKS 4
#define XLNX_ZYNQMP_OCM_RAM_0_ADDRESS 0xFFFC0000
#define XLNX_ZYNQMP_OCM_RAM_SIZE 0x10000
@@ -83,6 +87,7 @@ typedef struct XlnxZynqMPState {
SysbusAHCIState sata;
SDHCIState sdhci[XLNX_ZYNQMP_NUM_SDHCI];
XilinxSPIPS spi[XLNX_ZYNQMP_NUM_SPIS];
+ XlnxZynqMPQSPIPS qspi;
XlnxDPState dp;
XlnxDPDMAState dpdma;
diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c
index bbe7d04..b126cf1 100644
--- a/hw/arm/xlnx-zcu102.c
+++ b/hw/arm/xlnx-zcu102.c
@@ -151,6 +151,29 @@ static void xlnx_zynqmp_init(XlnxZCU102 *s, MachineState *machine)
sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.spi[i]), 1, cs_line);
}
+ for (i = 0; i < XLNX_ZYNQMP_NUM_QSPI_FLASH; i++) {
+ SSIBus *spi_bus;
+ DeviceState *flash_dev;
+ qemu_irq cs_line;
+ DriveInfo *dinfo = drive_get_next(IF_MTD);
+ int bus = i / XLNX_ZYNQMP_NUM_QSPI_BUS_CS;
+ gchar *bus_name = g_strdup_printf("qspi%d", bus);
+
+ spi_bus = (SSIBus *)qdev_get_child_bus(DEVICE(&s->soc), bus_name);
+ g_free(bus_name);
+
+ flash_dev = ssi_create_slave_no_init(spi_bus, "n25q512a11");
+ if (dinfo) {
+ qdev_prop_set_drive(flash_dev, "drive", blk_by_legacy_dinfo(dinfo),
+ &error_fatal);
+ }
+ qdev_init_nofail(flash_dev);
+
+ cs_line = qdev_get_gpio_in_named(flash_dev, SSI_GPIO_CS, 0);
+
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.qspi), i + 1, cs_line);
+ }
+
/* TODO create and connect IDE devices for ide_drive_get() */
xlnx_zcu102_binfo.ram_size = ram_size;
diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index c707c66..3256420 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -40,6 +40,10 @@
#define SATA_ADDR 0xFD0C0000
#define SATA_NUM_PORTS 2
+#define QSPI_ADDR 0xff0f0000
+#define LQSPI_ADDR 0xc0000000
+#define QSPI_IRQ 15
+
#define DP_ADDR 0xfd4a0000
#define DP_IRQ 113
@@ -171,6 +175,9 @@ static void xlnx_zynqmp_init(Object *obj)
qdev_set_parent_bus(DEVICE(&s->spi[i]), sysbus_get_default());
}
+ object_initialize(&s->qspi, sizeof(s->qspi), TYPE_XLNX_ZYNQMP_QSPIPS);
+ qdev_set_parent_bus(DEVICE(&s->qspi), sysbus_get_default());
+
object_initialize(&s->dp, sizeof(s->dp), TYPE_XLNX_DP);
qdev_set_parent_bus(DEVICE(&s->dp), sysbus_get_default());
@@ -411,6 +418,25 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error **errp)
g_free(bus_name);
}
+ object_property_set_bool(OBJECT(&s->qspi), true, "realized", &err);
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->qspi), 0, QSPI_ADDR);
+ sysbus_mmio_map(SYS_BUS_DEVICE(&s->qspi), 1, LQSPI_ADDR);
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->qspi), 0, gic_spi[QSPI_IRQ]);
+
+ for (i = 0; i < XLNX_ZYNQMP_NUM_QSPI_BUS; i++) {
+ gchar *bus_name;
+ gchar *target_bus;
+
+ /* Alias controller SPI bus to the SoC itself */
+ bus_name = g_strdup_printf("qspi%d", i);
+ target_bus = g_strdup_printf("spi%d", i);
+ object_property_add_alias(OBJECT(s), bus_name,
+ OBJECT(&s->qspi), target_bus,
+ &error_abort);
+ g_free(bus_name);
+ g_free(target_bus);
+ }
+
object_property_set_bool(OBJECT(&s->dp), true, "realized", &err);
if (err) {
error_propagate(errp, err);
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 14/43] hw/intc/arm_gicv3_its: Don't call post_load on reset
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (12 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 13/43] xlnx-zcu102: Add support for the ZynqMP QSPI Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 15/43] hw/intc/arm_gicv3_its: Implement a minimalist reset Peter Maydell
` (29 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Eric Auger <eric.auger@redhat.com>
>From the very beginning, post_load() was called from common
reset. This is not standard and obliged to discriminate the
reset case from the restore case using the iidr value.
Let's get rid of that call.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1511883692-11511-2-git-send-email-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/intc/arm_gicv3_its_common.c | 2 --
hw/intc/arm_gicv3_its_kvm.c | 4 ----
2 files changed, 6 deletions(-)
diff --git a/hw/intc/arm_gicv3_its_common.c b/hw/intc/arm_gicv3_its_common.c
index f2cce59..2bd2f0f 100644
--- a/hw/intc/arm_gicv3_its_common.c
+++ b/hw/intc/arm_gicv3_its_common.c
@@ -131,8 +131,6 @@ static void gicv3_its_common_reset(DeviceState *dev)
s->creadr = 0;
s->iidr = 0;
memset(&s->baser, 0, sizeof(s->baser));
-
- gicv3_its_post_load(s, 0);
}
static void gicv3_its_common_class_init(ObjectClass *klass, void *data)
diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c
index 6fb45df..b1b322b 100644
--- a/hw/intc/arm_gicv3_its_kvm.c
+++ b/hw/intc/arm_gicv3_its_kvm.c
@@ -155,10 +155,6 @@ static void kvm_arm_its_post_load(GICv3ITSState *s)
{
int i;
- if (!s->iidr) {
- return;
- }
-
kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_ITS_REGS,
GITS_IIDR, &s->iidr, true, &error_abort);
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 15/43] hw/intc/arm_gicv3_its: Implement a minimalist reset
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (13 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 14/43] hw/intc/arm_gicv3_its: Don't call post_load on reset Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 16/43] linux-headers: update to 4.15-rc1 Peter Maydell
` (28 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Eric Auger <eric.auger@redhat.com>
At the moment the ITS is not properly reset and this causes
various bugs on save/restore. We implement a minimalist reset
through individual register writes but for kernel versions
before v4.15 this fails voiding the vITS cache. We cannot
claim we have a comprehensive reset (hence the error message)
but that's better than nothing.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1511883692-11511-3-git-send-email-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/intc/arm_gicv3_its_kvm.c | 42 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c
index b1b322b..1c663ac 100644
--- a/hw/intc/arm_gicv3_its_kvm.c
+++ b/hw/intc/arm_gicv3_its_kvm.c
@@ -28,6 +28,16 @@
#define TYPE_KVM_ARM_ITS "arm-its-kvm"
#define KVM_ARM_ITS(obj) OBJECT_CHECK(GICv3ITSState, (obj), TYPE_KVM_ARM_ITS)
+#define KVM_ARM_ITS_CLASS(klass) \
+ OBJECT_CLASS_CHECK(KVMARMITSClass, (klass), TYPE_KVM_ARM_ITS)
+#define KVM_ARM_ITS_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(KVMARMITSClass, (obj), TYPE_KVM_ARM_ITS)
+
+typedef struct KVMARMITSClass {
+ GICv3ITSCommonClass parent_class;
+ void (*parent_reset)(DeviceState *dev);
+} KVMARMITSClass;
+
static int kvm_its_send_msi(GICv3ITSState *s, uint32_t value, uint16_t devid)
{
@@ -186,6 +196,34 @@ static void kvm_arm_its_post_load(GICv3ITSState *s)
GITS_CTLR, &s->ctlr, true, &error_abort);
}
+static void kvm_arm_its_reset(DeviceState *dev)
+{
+ GICv3ITSState *s = ARM_GICV3_ITS_COMMON(dev);
+ KVMARMITSClass *c = KVM_ARM_ITS_GET_CLASS(s);
+ int i;
+
+ c->parent_reset(dev);
+
+ error_report("ITS KVM: full reset is not supported by QEMU");
+
+ if (!kvm_device_check_attr(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_ITS_REGS,
+ GITS_CTLR)) {
+ return;
+ }
+
+ kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_ITS_REGS,
+ GITS_CTLR, &s->ctlr, true, &error_abort);
+
+ kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_ITS_REGS,
+ GITS_CBASER, &s->cbaser, true, &error_abort);
+
+ for (i = 0; i < 8; i++) {
+ kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_ITS_REGS,
+ GITS_BASER + i * 8, &s->baser[i], true,
+ &error_abort);
+ }
+}
+
static Property kvm_arm_its_props[] = {
DEFINE_PROP_LINK("parent-gicv3", GICv3ITSState, gicv3, "kvm-arm-gicv3",
GICv3State *),
@@ -196,12 +234,15 @@ static void kvm_arm_its_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
GICv3ITSCommonClass *icc = ARM_GICV3_ITS_COMMON_CLASS(klass);
+ KVMARMITSClass *ic = KVM_ARM_ITS_CLASS(klass);
dc->realize = kvm_arm_its_realize;
dc->props = kvm_arm_its_props;
+ ic->parent_reset = dc->reset;
icc->send_msi = kvm_its_send_msi;
icc->pre_save = kvm_arm_its_pre_save;
icc->post_load = kvm_arm_its_post_load;
+ dc->reset = kvm_arm_its_reset;
}
static const TypeInfo kvm_arm_its_info = {
@@ -209,6 +250,7 @@ static const TypeInfo kvm_arm_its_info = {
.parent = TYPE_ARM_GICV3_ITS_COMMON,
.instance_size = sizeof(GICv3ITSState),
.class_init = kvm_arm_its_class_init,
+ .class_size = sizeof(KVMARMITSClass),
};
static void kvm_arm_its_register_types(void)
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 16/43] linux-headers: update to 4.15-rc1
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (14 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 15/43] hw/intc/arm_gicv3_its: Implement a minimalist reset Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 17/43] hw/intc/arm_gicv3_its: Implement full reset Peter Maydell
` (27 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Eric Auger <eric.auger@redhat.com>
Update headers against v4.15-rc1.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 1511883692-11511-4-git-send-email-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
include/standard-headers/asm-s390/virtio-ccw.h | 1 +
include/standard-headers/asm-x86/hyperv.h | 394 +--------------------
include/standard-headers/linux/input-event-codes.h | 2 +
include/standard-headers/linux/input.h | 1 +
include/standard-headers/linux/pci_regs.h | 45 ++-
| 8 +
| 1 +
| 2 +
| 8 +
| 1 +
| 1 +
| 1 +
| 1 +
| 1 +
| 1 +
| 1 +
| 4 +-
| 1 +
| 2 +-
| 1 +
| 2 +
| 1 +
| 1 +
| 1 +
| 1 +
| 1 +
| 1 +
27 files changed, 74 insertions(+), 411 deletions(-)
diff --git a/include/standard-headers/asm-s390/virtio-ccw.h b/include/standard-headers/asm-s390/virtio-ccw.h
index a9a4ebf..967aad3 100644
--- a/include/standard-headers/asm-s390/virtio-ccw.h
+++ b/include/standard-headers/asm-s390/virtio-ccw.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Definitions for virtio-ccw devices.
*
diff --git a/include/standard-headers/asm-x86/hyperv.h b/include/standard-headers/asm-x86/hyperv.h
index 5f95d5e..ce87d0c 100644
--- a/include/standard-headers/asm-x86/hyperv.h
+++ b/include/standard-headers/asm-x86/hyperv.h
@@ -1,393 +1 @@
-#ifndef _ASM_X86_HYPERV_H
-#define _ASM_X86_HYPERV_H
-
-#include "standard-headers/linux/types.h"
-
-/*
- * The below CPUID leaves are present if VersionAndFeatures.HypervisorPresent
- * is set by CPUID(HvCpuIdFunctionVersionAndFeatures).
- */
-#define HYPERV_CPUID_VENDOR_AND_MAX_FUNCTIONS 0x40000000
-#define HYPERV_CPUID_INTERFACE 0x40000001
-#define HYPERV_CPUID_VERSION 0x40000002
-#define HYPERV_CPUID_FEATURES 0x40000003
-#define HYPERV_CPUID_ENLIGHTMENT_INFO 0x40000004
-#define HYPERV_CPUID_IMPLEMENT_LIMITS 0x40000005
-
-#define HYPERV_HYPERVISOR_PRESENT_BIT 0x80000000
-#define HYPERV_CPUID_MIN 0x40000005
-#define HYPERV_CPUID_MAX 0x4000ffff
-
-/*
- * Feature identification. EAX indicates which features are available
- * to the partition based upon the current partition privileges.
- */
-
-/* VP Runtime (HV_X64_MSR_VP_RUNTIME) available */
-#define HV_X64_MSR_VP_RUNTIME_AVAILABLE (1 << 0)
-/* Partition Reference Counter (HV_X64_MSR_TIME_REF_COUNT) available*/
-#define HV_X64_MSR_TIME_REF_COUNT_AVAILABLE (1 << 1)
-/* Partition reference TSC MSR is available */
-#define HV_X64_MSR_REFERENCE_TSC_AVAILABLE (1 << 9)
-
-/* A partition's reference time stamp counter (TSC) page */
-#define HV_X64_MSR_REFERENCE_TSC 0x40000021
-
-/*
- * There is a single feature flag that signifies if the partition has access
- * to MSRs with local APIC and TSC frequencies.
- */
-#define HV_X64_ACCESS_FREQUENCY_MSRS (1 << 11)
-
-/*
- * Basic SynIC MSRs (HV_X64_MSR_SCONTROL through HV_X64_MSR_EOM
- * and HV_X64_MSR_SINT0 through HV_X64_MSR_SINT15) available
- */
-#define HV_X64_MSR_SYNIC_AVAILABLE (1 << 2)
-/*
- * Synthetic Timer MSRs (HV_X64_MSR_STIMER0_CONFIG through
- * HV_X64_MSR_STIMER3_COUNT) available
- */
-#define HV_X64_MSR_SYNTIMER_AVAILABLE (1 << 3)
-/*
- * APIC access MSRs (HV_X64_MSR_EOI, HV_X64_MSR_ICR and HV_X64_MSR_TPR)
- * are available
- */
-#define HV_X64_MSR_APIC_ACCESS_AVAILABLE (1 << 4)
-/* Hypercall MSRs (HV_X64_MSR_GUEST_OS_ID and HV_X64_MSR_HYPERCALL) available*/
-#define HV_X64_MSR_HYPERCALL_AVAILABLE (1 << 5)
-/* Access virtual processor index MSR (HV_X64_MSR_VP_INDEX) available*/
-#define HV_X64_MSR_VP_INDEX_AVAILABLE (1 << 6)
-/* Virtual system reset MSR (HV_X64_MSR_RESET) is available*/
-#define HV_X64_MSR_RESET_AVAILABLE (1 << 7)
- /*
- * Access statistics pages MSRs (HV_X64_MSR_STATS_PARTITION_RETAIL_PAGE,
- * HV_X64_MSR_STATS_PARTITION_INTERNAL_PAGE, HV_X64_MSR_STATS_VP_RETAIL_PAGE,
- * HV_X64_MSR_STATS_VP_INTERNAL_PAGE) available
- */
-#define HV_X64_MSR_STAT_PAGES_AVAILABLE (1 << 8)
-
-/* Frequency MSRs available */
-#define HV_FEATURE_FREQUENCY_MSRS_AVAILABLE (1 << 8)
-
-/* Crash MSR available */
-#define HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE (1 << 10)
-
-/*
- * Feature identification: EBX indicates which flags were specified at
- * partition creation. The format is the same as the partition creation
- * flag structure defined in section Partition Creation Flags.
- */
-#define HV_X64_CREATE_PARTITIONS (1 << 0)
-#define HV_X64_ACCESS_PARTITION_ID (1 << 1)
-#define HV_X64_ACCESS_MEMORY_POOL (1 << 2)
-#define HV_X64_ADJUST_MESSAGE_BUFFERS (1 << 3)
-#define HV_X64_POST_MESSAGES (1 << 4)
-#define HV_X64_SIGNAL_EVENTS (1 << 5)
-#define HV_X64_CREATE_PORT (1 << 6)
-#define HV_X64_CONNECT_PORT (1 << 7)
-#define HV_X64_ACCESS_STATS (1 << 8)
-#define HV_X64_DEBUGGING (1 << 11)
-#define HV_X64_CPU_POWER_MANAGEMENT (1 << 12)
-#define HV_X64_CONFIGURE_PROFILER (1 << 13)
-
-/*
- * Feature identification. EDX indicates which miscellaneous features
- * are available to the partition.
- */
-/* The MWAIT instruction is available (per section MONITOR / MWAIT) */
-#define HV_X64_MWAIT_AVAILABLE (1 << 0)
-/* Guest debugging support is available */
-#define HV_X64_GUEST_DEBUGGING_AVAILABLE (1 << 1)
-/* Performance Monitor support is available*/
-#define HV_X64_PERF_MONITOR_AVAILABLE (1 << 2)
-/* Support for physical CPU dynamic partitioning events is available*/
-#define HV_X64_CPU_DYNAMIC_PARTITIONING_AVAILABLE (1 << 3)
-/*
- * Support for passing hypercall input parameter block via XMM
- * registers is available
- */
-#define HV_X64_HYPERCALL_PARAMS_XMM_AVAILABLE (1 << 4)
-/* Support for a virtual guest idle state is available */
-#define HV_X64_GUEST_IDLE_STATE_AVAILABLE (1 << 5)
-/* Guest crash data handler available */
-#define HV_X64_GUEST_CRASH_MSR_AVAILABLE (1 << 10)
-
-/*
- * Implementation recommendations. Indicates which behaviors the hypervisor
- * recommends the OS implement for optimal performance.
- */
- /*
- * Recommend using hypercall for address space switches rather
- * than MOV to CR3 instruction
- */
-#define HV_X64_AS_SWITCH_RECOMMENDED (1 << 0)
-/* Recommend using hypercall for local TLB flushes rather
- * than INVLPG or MOV to CR3 instructions */
-#define HV_X64_LOCAL_TLB_FLUSH_RECOMMENDED (1 << 1)
-/*
- * Recommend using hypercall for remote TLB flushes rather
- * than inter-processor interrupts
- */
-#define HV_X64_REMOTE_TLB_FLUSH_RECOMMENDED (1 << 2)
-/*
- * Recommend using MSRs for accessing APIC registers
- * EOI, ICR and TPR rather than their memory-mapped counterparts
- */
-#define HV_X64_APIC_ACCESS_RECOMMENDED (1 << 3)
-/* Recommend using the hypervisor-provided MSR to initiate a system RESET */
-#define HV_X64_SYSTEM_RESET_RECOMMENDED (1 << 4)
-/*
- * Recommend using relaxed timing for this partition. If used,
- * the VM should disable any watchdog timeouts that rely on the
- * timely delivery of external interrupts
- */
-#define HV_X64_RELAXED_TIMING_RECOMMENDED (1 << 5)
-
-/*
- * Virtual APIC support
- */
-#define HV_X64_DEPRECATING_AEOI_RECOMMENDED (1 << 9)
-
-/* Recommend using the newer ExProcessorMasks interface */
-#define HV_X64_EX_PROCESSOR_MASKS_RECOMMENDED (1 << 11)
-
-/*
- * Crash notification flag.
- */
-#define HV_CRASH_CTL_CRASH_NOTIFY (1ULL << 63)
-
-/* MSR used to identify the guest OS. */
-#define HV_X64_MSR_GUEST_OS_ID 0x40000000
-
-/* MSR used to setup pages used to communicate with the hypervisor. */
-#define HV_X64_MSR_HYPERCALL 0x40000001
-
-/* MSR used to provide vcpu index */
-#define HV_X64_MSR_VP_INDEX 0x40000002
-
-/* MSR used to reset the guest OS. */
-#define HV_X64_MSR_RESET 0x40000003
-
-/* MSR used to provide vcpu runtime in 100ns units */
-#define HV_X64_MSR_VP_RUNTIME 0x40000010
-
-/* MSR used to read the per-partition time reference counter */
-#define HV_X64_MSR_TIME_REF_COUNT 0x40000020
-
-/* MSR used to retrieve the TSC frequency */
-#define HV_X64_MSR_TSC_FREQUENCY 0x40000022
-
-/* MSR used to retrieve the local APIC timer frequency */
-#define HV_X64_MSR_APIC_FREQUENCY 0x40000023
-
-/* Define the virtual APIC registers */
-#define HV_X64_MSR_EOI 0x40000070
-#define HV_X64_MSR_ICR 0x40000071
-#define HV_X64_MSR_TPR 0x40000072
-#define HV_X64_MSR_APIC_ASSIST_PAGE 0x40000073
-
-/* Define synthetic interrupt controller model specific registers. */
-#define HV_X64_MSR_SCONTROL 0x40000080
-#define HV_X64_MSR_SVERSION 0x40000081
-#define HV_X64_MSR_SIEFP 0x40000082
-#define HV_X64_MSR_SIMP 0x40000083
-#define HV_X64_MSR_EOM 0x40000084
-#define HV_X64_MSR_SINT0 0x40000090
-#define HV_X64_MSR_SINT1 0x40000091
-#define HV_X64_MSR_SINT2 0x40000092
-#define HV_X64_MSR_SINT3 0x40000093
-#define HV_X64_MSR_SINT4 0x40000094
-#define HV_X64_MSR_SINT5 0x40000095
-#define HV_X64_MSR_SINT6 0x40000096
-#define HV_X64_MSR_SINT7 0x40000097
-#define HV_X64_MSR_SINT8 0x40000098
-#define HV_X64_MSR_SINT9 0x40000099
-#define HV_X64_MSR_SINT10 0x4000009A
-#define HV_X64_MSR_SINT11 0x4000009B
-#define HV_X64_MSR_SINT12 0x4000009C
-#define HV_X64_MSR_SINT13 0x4000009D
-#define HV_X64_MSR_SINT14 0x4000009E
-#define HV_X64_MSR_SINT15 0x4000009F
-
-/*
- * Synthetic Timer MSRs. Four timers per vcpu.
- */
-#define HV_X64_MSR_STIMER0_CONFIG 0x400000B0
-#define HV_X64_MSR_STIMER0_COUNT 0x400000B1
-#define HV_X64_MSR_STIMER1_CONFIG 0x400000B2
-#define HV_X64_MSR_STIMER1_COUNT 0x400000B3
-#define HV_X64_MSR_STIMER2_CONFIG 0x400000B4
-#define HV_X64_MSR_STIMER2_COUNT 0x400000B5
-#define HV_X64_MSR_STIMER3_CONFIG 0x400000B6
-#define HV_X64_MSR_STIMER3_COUNT 0x400000B7
-
-/* Hyper-V guest crash notification MSR's */
-#define HV_X64_MSR_CRASH_P0 0x40000100
-#define HV_X64_MSR_CRASH_P1 0x40000101
-#define HV_X64_MSR_CRASH_P2 0x40000102
-#define HV_X64_MSR_CRASH_P3 0x40000103
-#define HV_X64_MSR_CRASH_P4 0x40000104
-#define HV_X64_MSR_CRASH_CTL 0x40000105
-#define HV_X64_MSR_CRASH_CTL_NOTIFY (1ULL << 63)
-#define HV_X64_MSR_CRASH_PARAMS \
- (1 + (HV_X64_MSR_CRASH_P4 - HV_X64_MSR_CRASH_P0))
-
-#define HV_X64_MSR_HYPERCALL_ENABLE 0x00000001
-#define HV_X64_MSR_HYPERCALL_PAGE_ADDRESS_SHIFT 12
-#define HV_X64_MSR_HYPERCALL_PAGE_ADDRESS_MASK \
- (~((1ull << HV_X64_MSR_HYPERCALL_PAGE_ADDRESS_SHIFT) - 1))
-
-/* Declare the various hypercall operations. */
-#define HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE 0x0002
-#define HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST 0x0003
-#define HVCALL_NOTIFY_LONG_SPIN_WAIT 0x0008
-#define HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE_EX 0x0013
-#define HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX 0x0014
-#define HVCALL_POST_MESSAGE 0x005c
-#define HVCALL_SIGNAL_EVENT 0x005d
-
-#define HV_X64_MSR_APIC_ASSIST_PAGE_ENABLE 0x00000001
-#define HV_X64_MSR_APIC_ASSIST_PAGE_ADDRESS_SHIFT 12
-#define HV_X64_MSR_APIC_ASSIST_PAGE_ADDRESS_MASK \
- (~((1ull << HV_X64_MSR_APIC_ASSIST_PAGE_ADDRESS_SHIFT) - 1))
-
-#define HV_X64_MSR_TSC_REFERENCE_ENABLE 0x00000001
-#define HV_X64_MSR_TSC_REFERENCE_ADDRESS_SHIFT 12
-
-#define HV_PROCESSOR_POWER_STATE_C0 0
-#define HV_PROCESSOR_POWER_STATE_C1 1
-#define HV_PROCESSOR_POWER_STATE_C2 2
-#define HV_PROCESSOR_POWER_STATE_C3 3
-
-#define HV_FLUSH_ALL_PROCESSORS BIT(0)
-#define HV_FLUSH_ALL_VIRTUAL_ADDRESS_SPACES BIT(1)
-#define HV_FLUSH_NON_GLOBAL_MAPPINGS_ONLY BIT(2)
-#define HV_FLUSH_USE_EXTENDED_RANGE_FORMAT BIT(3)
-
-enum HV_GENERIC_SET_FORMAT {
- HV_GENERIC_SET_SPARCE_4K,
- HV_GENERIC_SET_ALL,
-};
-
-/* hypercall status code */
-#define HV_STATUS_SUCCESS 0
-#define HV_STATUS_INVALID_HYPERCALL_CODE 2
-#define HV_STATUS_INVALID_HYPERCALL_INPUT 3
-#define HV_STATUS_INVALID_ALIGNMENT 4
-#define HV_STATUS_INSUFFICIENT_MEMORY 11
-#define HV_STATUS_INVALID_CONNECTION_ID 18
-#define HV_STATUS_INSUFFICIENT_BUFFERS 19
-
-typedef struct _HV_REFERENCE_TSC_PAGE {
- uint32_t tsc_sequence;
- uint32_t res1;
- uint64_t tsc_scale;
- int64_t tsc_offset;
-} HV_REFERENCE_TSC_PAGE, *PHV_REFERENCE_TSC_PAGE;
-
-/* Define the number of synthetic interrupt sources. */
-#define HV_SYNIC_SINT_COUNT (16)
-/* Define the expected SynIC version. */
-#define HV_SYNIC_VERSION_1 (0x1)
-
-#define HV_SYNIC_CONTROL_ENABLE (1ULL << 0)
-#define HV_SYNIC_SIMP_ENABLE (1ULL << 0)
-#define HV_SYNIC_SIEFP_ENABLE (1ULL << 0)
-#define HV_SYNIC_SINT_MASKED (1ULL << 16)
-#define HV_SYNIC_SINT_AUTO_EOI (1ULL << 17)
-#define HV_SYNIC_SINT_VECTOR_MASK (0xFF)
-
-#define HV_SYNIC_STIMER_COUNT (4)
-
-/* Define synthetic interrupt controller message constants. */
-#define HV_MESSAGE_SIZE (256)
-#define HV_MESSAGE_PAYLOAD_BYTE_COUNT (240)
-#define HV_MESSAGE_PAYLOAD_QWORD_COUNT (30)
-
-/* Define hypervisor message types. */
-enum hv_message_type {
- HVMSG_NONE = 0x00000000,
-
- /* Memory access messages. */
- HVMSG_UNMAPPED_GPA = 0x80000000,
- HVMSG_GPA_INTERCEPT = 0x80000001,
-
- /* Timer notification messages. */
- HVMSG_TIMER_EXPIRED = 0x80000010,
-
- /* Error messages. */
- HVMSG_INVALID_VP_REGISTER_VALUE = 0x80000020,
- HVMSG_UNRECOVERABLE_EXCEPTION = 0x80000021,
- HVMSG_UNSUPPORTED_FEATURE = 0x80000022,
-
- /* Trace buffer complete messages. */
- HVMSG_EVENTLOG_BUFFERCOMPLETE = 0x80000040,
-
- /* Platform-specific processor intercept messages. */
- HVMSG_X64_IOPORT_INTERCEPT = 0x80010000,
- HVMSG_X64_MSR_INTERCEPT = 0x80010001,
- HVMSG_X64_CPUID_INTERCEPT = 0x80010002,
- HVMSG_X64_EXCEPTION_INTERCEPT = 0x80010003,
- HVMSG_X64_APIC_EOI = 0x80010004,
- HVMSG_X64_LEGACY_FP_ERROR = 0x80010005
-};
-
-/* Define synthetic interrupt controller message flags. */
-union hv_message_flags {
- uint8_t asu8;
- struct {
- uint8_t msg_pending:1;
- uint8_t reserved:7;
- };
-};
-
-/* Define port identifier type. */
-union hv_port_id {
- uint32_t asu32;
- struct {
- uint32_t id:24;
- uint32_t reserved:8;
- } u;
-};
-
-/* Define synthetic interrupt controller message header. */
-struct hv_message_header {
- uint32_t message_type;
- uint8_t payload_size;
- union hv_message_flags message_flags;
- uint8_t reserved[2];
- union {
- uint64_t sender;
- union hv_port_id port;
- };
-};
-
-/* Define synthetic interrupt controller message format. */
-struct hv_message {
- struct hv_message_header header;
- union {
- uint64_t payload[HV_MESSAGE_PAYLOAD_QWORD_COUNT];
- } u;
-};
-
-/* Define the synthetic interrupt message page layout. */
-struct hv_message_page {
- struct hv_message sint_message[HV_SYNIC_SINT_COUNT];
-};
-
-/* Define timer message payload structure. */
-struct hv_timer_message_payload {
- uint32_t timer_index;
- uint32_t reserved;
- uint64_t expiration_time; /* When the timer expired */
- uint64_t delivery_time; /* When the message was delivered */
-};
-
-#define HV_STIMER_ENABLE (1ULL << 0)
-#define HV_STIMER_PERIODIC (1ULL << 1)
-#define HV_STIMER_LAZY (1ULL << 2)
-#define HV_STIMER_AUTOENABLE (1ULL << 3)
-#define HV_STIMER_SINT(config) (uint8_t)(((config) >> 16) & 0x0F)
-
-#endif
+ /* this is a temporary placeholder until kvm_para.h stops including it */
diff --git a/include/standard-headers/linux/input-event-codes.h b/include/standard-headers/linux/input-event-codes.h
index 2fa0f4e..79841b5 100644
--- a/include/standard-headers/linux/input-event-codes.h
+++ b/include/standard-headers/linux/input-event-codes.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Input event codes
*
@@ -406,6 +407,7 @@
#define BTN_TOOL_MOUSE 0x146
#define BTN_TOOL_LENS 0x147
#define BTN_TOOL_QUINTTAP 0x148 /* Five fingers on trackpad */
+#define BTN_STYLUS3 0x149
#define BTN_TOUCH 0x14a
#define BTN_STYLUS 0x14b
#define BTN_STYLUS2 0x14c
diff --git a/include/standard-headers/linux/input.h b/include/standard-headers/linux/input.h
index 666e201..bc3e6d3 100644
--- a/include/standard-headers/linux/input.h
+++ b/include/standard-headers/linux/input.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Copyright (c) 1999-2002 Vojtech Pavlik
*
diff --git a/include/standard-headers/linux/pci_regs.h b/include/standard-headers/linux/pci_regs.h
index f8d5804..70c2b2a 100644
--- a/include/standard-headers/linux/pci_regs.h
+++ b/include/standard-headers/linux/pci_regs.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* pci_regs.h
*
@@ -746,6 +747,7 @@
#define PCI_ERR_ROOT_FIRST_FATAL 0x00000010 /* First UNC is Fatal */
#define PCI_ERR_ROOT_NONFATAL_RCV 0x00000020 /* Non-Fatal Received */
#define PCI_ERR_ROOT_FATAL_RCV 0x00000040 /* Fatal Received */
+#define PCI_ERR_ROOT_AER_IRQ 0xf8000000 /* Advanced Error Interrupt Message Number */
#define PCI_ERR_ROOT_ERR_SRC 52 /* Error Source Identification */
/* Virtual Channel */
@@ -939,9 +941,13 @@
#define PCI_SATA_SIZEOF_LONG 16
/* Resizable BARs */
+#define PCI_REBAR_CAP 4 /* capability register */
+#define PCI_REBAR_CAP_SIZES 0x00FFFFF0 /* supported BAR sizes */
#define PCI_REBAR_CTRL 8 /* control register */
-#define PCI_REBAR_CTRL_NBAR_MASK (7 << 5) /* mask for # bars */
-#define PCI_REBAR_CTRL_NBAR_SHIFT 5 /* shift for # bars */
+#define PCI_REBAR_CTRL_BAR_IDX 0x00000007 /* BAR index */
+#define PCI_REBAR_CTRL_NBAR_MASK 0x000000E0 /* # of resizable BARs */
+#define PCI_REBAR_CTRL_NBAR_SHIFT 5 /* shift for # of BARs */
+#define PCI_REBAR_CTRL_BAR_SIZE 0x00001F00 /* BAR size */
/* Dynamic Power Allocation */
#define PCI_DPA_CAP 4 /* capability register */
@@ -960,6 +966,7 @@
/* Downstream Port Containment */
#define PCI_EXP_DPC_CAP 4 /* DPC Capability */
+#define PCI_EXP_DPC_IRQ 0x1f /* DPC Interrupt Message Number */
#define PCI_EXP_DPC_CAP_RP_EXT 0x20 /* Root Port Extensions for DPC */
#define PCI_EXP_DPC_CAP_POISONED_TLP 0x40 /* Poisoned TLP Egress Blocking Supported */
#define PCI_EXP_DPC_CAP_SW_TRIGGER 0x80 /* Software Triggering Supported */
@@ -995,19 +1002,25 @@
#define PCI_PTM_CTRL_ENABLE 0x00000001 /* PTM enable */
#define PCI_PTM_CTRL_ROOT 0x00000002 /* Root select */
-/* L1 PM Substates */
-#define PCI_L1SS_CAP 4 /* capability register */
-#define PCI_L1SS_CAP_PCIPM_L1_2 1 /* PCI PM L1.2 Support */
-#define PCI_L1SS_CAP_PCIPM_L1_1 2 /* PCI PM L1.1 Support */
-#define PCI_L1SS_CAP_ASPM_L1_2 4 /* ASPM L1.2 Support */
-#define PCI_L1SS_CAP_ASPM_L1_1 8 /* ASPM L1.1 Support */
-#define PCI_L1SS_CAP_L1_PM_SS 16 /* L1 PM Substates Support */
-#define PCI_L1SS_CTL1 8 /* Control Register 1 */
-#define PCI_L1SS_CTL1_PCIPM_L1_2 1 /* PCI PM L1.2 Enable */
-#define PCI_L1SS_CTL1_PCIPM_L1_1 2 /* PCI PM L1.1 Support */
-#define PCI_L1SS_CTL1_ASPM_L1_2 4 /* ASPM L1.2 Support */
-#define PCI_L1SS_CTL1_ASPM_L1_1 8 /* ASPM L1.1 Support */
-#define PCI_L1SS_CTL1_L1SS_MASK 0x0000000F
-#define PCI_L1SS_CTL2 0xC /* Control Register 2 */
+/* ASPM L1 PM Substates */
+#define PCI_L1SS_CAP 0x04 /* Capabilities Register */
+#define PCI_L1SS_CAP_PCIPM_L1_2 0x00000001 /* PCI-PM L1.2 Supported */
+#define PCI_L1SS_CAP_PCIPM_L1_1 0x00000002 /* PCI-PM L1.1 Supported */
+#define PCI_L1SS_CAP_ASPM_L1_2 0x00000004 /* ASPM L1.2 Supported */
+#define PCI_L1SS_CAP_ASPM_L1_1 0x00000008 /* ASPM L1.1 Supported */
+#define PCI_L1SS_CAP_L1_PM_SS 0x00000010 /* L1 PM Substates Supported */
+#define PCI_L1SS_CAP_CM_RESTORE_TIME 0x0000ff00 /* Port Common_Mode_Restore_Time */
+#define PCI_L1SS_CAP_P_PWR_ON_SCALE 0x00030000 /* Port T_POWER_ON scale */
+#define PCI_L1SS_CAP_P_PWR_ON_VALUE 0x00f80000 /* Port T_POWER_ON value */
+#define PCI_L1SS_CTL1 0x08 /* Control 1 Register */
+#define PCI_L1SS_CTL1_PCIPM_L1_2 0x00000001 /* PCI-PM L1.2 Enable */
+#define PCI_L1SS_CTL1_PCIPM_L1_1 0x00000002 /* PCI-PM L1.1 Enable */
+#define PCI_L1SS_CTL1_ASPM_L1_2 0x00000004 /* ASPM L1.2 Enable */
+#define PCI_L1SS_CTL1_ASPM_L1_1 0x00000008 /* ASPM L1.1 Enable */
+#define PCI_L1SS_CTL1_L1SS_MASK 0x0000000f
+#define PCI_L1SS_CTL1_CM_RESTORE_TIME 0x0000ff00 /* Common_Mode_Restore_Time */
+#define PCI_L1SS_CTL1_LTR_L12_TH_VALUE 0x03ff0000 /* LTR_L1.2_THRESHOLD_Value */
+#define PCI_L1SS_CTL1_LTR_L12_TH_SCALE 0xe0000000 /* LTR_L1.2_THRESHOLD_Scale */
+#define PCI_L1SS_CTL2 0x0c /* Control 2 Register */
#endif /* LINUX_PCI_REGS_H */
--git a/linux-headers/asm-arm/kvm.h b/linux-headers/asm-arm/kvm.h
index fa9fae8..4392955 100644
--- a/linux-headers/asm-arm/kvm.h
+++ b/linux-headers/asm-arm/kvm.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Copyright (C) 2012 - Virtual Open Systems and Columbia University
* Author: Christoffer Dall <c.dall@virtualopensystems.com>
@@ -151,6 +152,12 @@ struct kvm_arch_memory_slot {
(__ARM_CP15_REG(op1, 0, crm, 0) | KVM_REG_SIZE_U64)
#define ARM_CP15_REG64(...) __ARM_CP15_REG64(__VA_ARGS__)
+/* PL1 Physical Timer Registers */
+#define KVM_REG_ARM_PTIMER_CTL ARM_CP15_REG32(0, 14, 2, 1)
+#define KVM_REG_ARM_PTIMER_CNT ARM_CP15_REG64(0, 14)
+#define KVM_REG_ARM_PTIMER_CVAL ARM_CP15_REG64(2, 14)
+
+/* Virtual Timer Registers */
#define KVM_REG_ARM_TIMER_CTL ARM_CP15_REG32(0, 14, 3, 1)
#define KVM_REG_ARM_TIMER_CNT ARM_CP15_REG64(1, 14)
#define KVM_REG_ARM_TIMER_CVAL ARM_CP15_REG64(3, 14)
@@ -215,6 +222,7 @@ struct kvm_arch_memory_slot {
#define KVM_DEV_ARM_ITS_SAVE_TABLES 1
#define KVM_DEV_ARM_ITS_RESTORE_TABLES 2
#define KVM_DEV_ARM_VGIC_SAVE_PENDING_TABLES 3
+#define KVM_DEV_ARM_ITS_CTRL_RESET 4
/* KVM_IRQ_LINE irq field index values */
#define KVM_ARM_IRQ_TYPE_SHIFT 24
--git a/linux-headers/asm-arm/kvm_para.h b/linux-headers/asm-arm/kvm_para.h
index 14fab8f..baacc49 100644
--- a/linux-headers/asm-arm/kvm_para.h
+++ b/linux-headers/asm-arm/kvm_para.h
@@ -1 +1,2 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#include <asm-generic/kvm_para.h>
--git a/linux-headers/asm-arm/unistd.h b/linux-headers/asm-arm/unistd.h
index 155571b..18b0825 100644
--- a/linux-headers/asm-arm/unistd.h
+++ b/linux-headers/asm-arm/unistd.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* arch/arm/include/asm/unistd.h
*
@@ -35,5 +36,6 @@
#define __ARM_NR_usr26 (__ARM_NR_BASE+3)
#define __ARM_NR_usr32 (__ARM_NR_BASE+4)
#define __ARM_NR_set_tls (__ARM_NR_BASE+5)
+#define __ARM_NR_get_tls (__ARM_NR_BASE+6)
#endif /* __ASM_ARM_UNISTD_H */
--git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h
index d254700..4e80651 100644
--- a/linux-headers/asm-arm64/kvm.h
+++ b/linux-headers/asm-arm64/kvm.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Copyright (C) 2012,2013 - ARM Ltd
* Author: Marc Zyngier <marc.zyngier@arm.com>
@@ -195,6 +196,12 @@ struct kvm_arch_memory_slot {
#define ARM64_SYS_REG(...) (__ARM64_SYS_REG(__VA_ARGS__) | KVM_REG_SIZE_U64)
+/* Physical Timer EL0 Registers */
+#define KVM_REG_ARM_PTIMER_CTL ARM64_SYS_REG(3, 3, 14, 2, 1)
+#define KVM_REG_ARM_PTIMER_CVAL ARM64_SYS_REG(3, 3, 14, 2, 2)
+#define KVM_REG_ARM_PTIMER_CNT ARM64_SYS_REG(3, 3, 14, 0, 1)
+
+/* EL0 Virtual Timer Registers */
#define KVM_REG_ARM_TIMER_CTL ARM64_SYS_REG(3, 3, 14, 3, 1)
#define KVM_REG_ARM_TIMER_CNT ARM64_SYS_REG(3, 3, 14, 3, 2)
#define KVM_REG_ARM_TIMER_CVAL ARM64_SYS_REG(3, 3, 14, 0, 2)
@@ -227,6 +234,7 @@ struct kvm_arch_memory_slot {
#define KVM_DEV_ARM_ITS_SAVE_TABLES 1
#define KVM_DEV_ARM_ITS_RESTORE_TABLES 2
#define KVM_DEV_ARM_VGIC_SAVE_PENDING_TABLES 3
+#define KVM_DEV_ARM_ITS_CTRL_RESET 4
/* Device Control API on vcpu fd */
#define KVM_ARM_VCPU_PMU_V3_CTRL 0
--git a/linux-headers/asm-arm64/unistd.h b/linux-headers/asm-arm64/unistd.h
index 043d17a..5072cbd 100644
--- a/linux-headers/asm-arm64/unistd.h
+++ b/linux-headers/asm-arm64/unistd.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Copyright (C) 2012 ARM Ltd.
*
--git a/linux-headers/asm-powerpc/epapr_hcalls.h b/linux-headers/asm-powerpc/epapr_hcalls.h
index 33b3f89..6cca559 100644
--- a/linux-headers/asm-powerpc/epapr_hcalls.h
+++ b/linux-headers/asm-powerpc/epapr_hcalls.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) */
/*
* ePAPR hcall interface
*
--git a/linux-headers/asm-powerpc/kvm.h b/linux-headers/asm-powerpc/kvm.h
index 8cf8f0c..61d6049 100644
--- a/linux-headers/asm-powerpc/kvm.h
+++ b/linux-headers/asm-powerpc/kvm.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License, version 2, as
--git a/linux-headers/asm-powerpc/kvm_para.h b/linux-headers/asm-powerpc/kvm_para.h
index 2abcc46..9beb49c 100644
--- a/linux-headers/asm-powerpc/kvm_para.h
+++ b/linux-headers/asm-powerpc/kvm_para.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License, version 2, as
--git a/linux-headers/asm-powerpc/unistd.h b/linux-headers/asm-powerpc/unistd.h
index a178634..36abf58 100644
--- a/linux-headers/asm-powerpc/unistd.h
+++ b/linux-headers/asm-powerpc/unistd.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* This file contains the system call numbers.
*
--git a/linux-headers/asm-s390/kvm.h b/linux-headers/asm-s390/kvm.h
index 7b750ef..32d372e 100644
--- a/linux-headers/asm-s390/kvm.h
+++ b/linux-headers/asm-s390/kvm.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_KVM_S390_H
#define __LINUX_KVM_S390_H
/*
--git a/linux-headers/asm-s390/kvm_para.h b/linux-headers/asm-s390/kvm_para.h
index ff1f4e7..0dc86b3 100644
--- a/linux-headers/asm-s390/kvm_para.h
+++ b/linux-headers/asm-s390/kvm_para.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* User API definitions for paravirtual devices on s390
*
--git a/linux-headers/asm-s390/unistd.h b/linux-headers/asm-s390/unistd.h
index 65e7e59..99223b8 100644
--- a/linux-headers/asm-s390/unistd.h
+++ b/linux-headers/asm-s390/unistd.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* S390 version
*
@@ -315,7 +316,8 @@
#define __NR_pwritev2 377
#define __NR_s390_guarded_storage 378
#define __NR_statx 379
-#define NR_syscalls 380
+#define __NR_s390_sthyi 380
+#define NR_syscalls 381
/*
* There are some system calls that are not present on 64 bit, some
--git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
index c2824d0..f3a9604 100644
--- a/linux-headers/asm-x86/kvm.h
+++ b/linux-headers/asm-x86/kvm.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _ASM_X86_KVM_H
#define _ASM_X86_KVM_H
--git a/linux-headers/asm-x86/kvm_para.h b/linux-headers/asm-x86/kvm_para.h
index cefa127..4c300f6 100644
--- a/linux-headers/asm-x86/kvm_para.h
+++ b/linux-headers/asm-x86/kvm_para.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _ASM_X86_KVM_PARA_H
#define _ASM_X86_KVM_PARA_H
@@ -109,5 +110,4 @@ struct kvm_vcpu_pv_apf_data {
#define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK
#define KVM_PV_EOI_DISABLED 0x0
-
#endif /* _ASM_X86_KVM_PARA_H */
--git a/linux-headers/asm-x86/unistd.h b/linux-headers/asm-x86/unistd.h
index 1f99b12..c04f638 100644
--- a/linux-headers/asm-x86/unistd.h
+++ b/linux-headers/asm-x86/unistd.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _ASM_X86_UNISTD_H
#define _ASM_X86_UNISTD_H
--git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index dd8a918..ce6c2f1 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_KVM_H
#define __LINUX_KVM_H
@@ -930,6 +931,7 @@ struct kvm_ppc_resize_hpt {
#define KVM_CAP_PPC_SMT_POSSIBLE 147
#define KVM_CAP_HYPERV_SYNIC2 148
#define KVM_CAP_HYPERV_VP_INDEX 149
+#define KVM_CAP_S390_AIS_MIGRATION 150
#ifdef KVM_CAP_IRQ_ROUTING
--git a/linux-headers/linux/kvm_para.h b/linux-headers/linux/kvm_para.h
index 15b24ff..8bcd0aa 100644
--- a/linux-headers/linux/kvm_para.h
+++ b/linux-headers/linux/kvm_para.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_KVM_PARA_H
#define __LINUX_KVM_PARA_H
--git a/linux-headers/linux/psci.h b/linux-headers/linux/psci.h
index 08d443f..ccd1773 100644
--- a/linux-headers/linux/psci.h
+++ b/linux-headers/linux/psci.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* ARM Power State and Coordination Interface (PSCI) header
*
--git a/linux-headers/linux/userfaultfd.h b/linux-headers/linux/userfaultfd.h
index b43cf0d..ce78878 100644
--- a/linux-headers/linux/userfaultfd.h
+++ b/linux-headers/linux/userfaultfd.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* include/linux/userfaultfd.h
*
--git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
index 4e7ab4c..4312e96 100644
--- a/linux-headers/linux/vfio.h
+++ b/linux-headers/linux/vfio.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* VFIO API definition
*
--git a/linux-headers/linux/vfio_ccw.h b/linux-headers/linux/vfio_ccw.h
index 3a56551..5bf96c3 100644
--- a/linux-headers/linux/vfio_ccw.h
+++ b/linux-headers/linux/vfio_ccw.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Interfaces for vfio-ccw
*
--git a/linux-headers/linux/vhost.h b/linux-headers/linux/vhost.h
index 1e86a3d..e336395 100644
--- a/linux-headers/linux/vhost.h
+++ b/linux-headers/linux/vhost.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _LINUX_VHOST_H
#define _LINUX_VHOST_H
/* Userspace interface for in-kernel virtio accelerators. */
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 17/43] hw/intc/arm_gicv3_its: Implement full reset
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (15 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 16/43] linux-headers: update to 4.15-rc1 Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 18/43] target/arm: Handle SPSEL and current stack being out of sync in MSP/PSP reads Peter Maydell
` (26 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Eric Auger <eric.auger@redhat.com>
Voiding the ITS caches is not supposed to happen via
individual register writes. So we introduced a dedicated
ITS KVM device ioctl to perform a cold reset of the ITS:
KVM_DEV_ARM_VGIC_GRP_CTRL/KVM_DEV_ARM_ITS_CTRL_RESET. Let's
use this latter if the kernel supports it.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1511883692-11511-5-git-send-email-eric.auger@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/intc/arm_gicv3_its_kvm.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c
index 1c663ac..bf290b8 100644
--- a/hw/intc/arm_gicv3_its_kvm.c
+++ b/hw/intc/arm_gicv3_its_kvm.c
@@ -204,7 +204,14 @@ static void kvm_arm_its_reset(DeviceState *dev)
c->parent_reset(dev);
- error_report("ITS KVM: full reset is not supported by QEMU");
+ if (kvm_device_check_attr(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CTRL,
+ KVM_DEV_ARM_ITS_CTRL_RESET)) {
+ kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CTRL,
+ KVM_DEV_ARM_ITS_CTRL_RESET, NULL, true, &error_abort);
+ return;
+ }
+
+ error_report("ITS KVM: full reset is not supported by the host kernel");
if (!kvm_device_check_attr(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_ITS_REGS,
GITS_CTLR)) {
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 18/43] target/arm: Handle SPSEL and current stack being out of sync in MSP/PSP reads
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (16 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 17/43] hw/intc/arm_gicv3_its: Implement full reset Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 19/43] target/arm: Allow explicit writes to CONTROL.SPSEL in Handler mode Peter Maydell
` (25 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
For v8M it is possible for the CONTROL.SPSEL bit value and the
current stack to be out of sync. This means we need to update
the checks used in reads and writes of the PSP and MSP special
registers to use v7m_using_psp() rather than directly checking
the SPSEL bit in the control register.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-2-git-send-email-peter.maydell@linaro.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
target/arm/helper.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 91a9300..88394d4 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -9953,11 +9953,9 @@ uint32_t HELPER(v7m_mrs)(CPUARMState *env, uint32_t reg)
switch (reg) {
case 8: /* MSP */
- return (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) ?
- env->v7m.other_sp : env->regs[13];
+ return v7m_using_psp(env) ? env->v7m.other_sp : env->regs[13];
case 9: /* PSP */
- return (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) ?
- env->regs[13] : env->v7m.other_sp;
+ return v7m_using_psp(env) ? env->regs[13] : env->v7m.other_sp;
case 16: /* PRIMASK */
return env->v7m.primask[env->v7m.secure];
case 17: /* BASEPRI */
@@ -10059,14 +10057,14 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
}
break;
case 8: /* MSP */
- if (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) {
+ if (v7m_using_psp(env)) {
env->v7m.other_sp = val;
} else {
env->regs[13] = val;
}
break;
case 9: /* PSP */
- if (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_SPSEL_MASK) {
+ if (v7m_using_psp(env)) {
env->regs[13] = val;
} else {
env->v7m.other_sp = val;
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 19/43] target/arm: Allow explicit writes to CONTROL.SPSEL in Handler mode
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (17 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 18/43] target/arm: Handle SPSEL and current stack being out of sync in MSP/PSP reads Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 20/43] target/arm: Add missing M profile case to regime_is_user() Peter Maydell
` (24 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
In ARMv7M the CPU ignores explicit writes to CONTROL.SPSEL
in Handler mode. In v8M the behaviour is slightly different:
writes to the bit are permitted but will have no effect.
We've already done the hard work to handle the value in
CONTROL.SPSEL being out of sync with what stack pointer is
actually in use, so all we need to do to fix this last loose
end is to update the condition we use to guard whether we
call write_v7m_control_spsel() on the register write.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-3-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 88394d4..f21c142 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -10091,8 +10091,11 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
* thread mode; other bits can be updated by any privileged code.
* write_v7m_control_spsel() deals with updating the SPSEL bit in
* env->v7m.control, so we only need update the others.
+ * For v7M, we must just ignore explicit writes to SPSEL in handler
+ * mode; for v8M the write is permitted but will have no effect.
*/
- if (!arm_v7m_is_handler_mode(env)) {
+ if (arm_feature(env, ARM_FEATURE_V8) ||
+ !arm_v7m_is_handler_mode(env)) {
write_v7m_control_spsel(env, (val & R_V7M_CONTROL_SPSEL_MASK) != 0);
}
env->v7m.control[env->v7m.secure] &= ~R_V7M_CONTROL_NPRIV_MASK;
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 20/43] target/arm: Add missing M profile case to regime_is_user()
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (18 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 19/43] target/arm: Allow explicit writes to CONTROL.SPSEL in Handler mode Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 21/43] target/arm: Split M profile MNegPri mmu index into user and priv Peter Maydell
` (23 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
When we added the ARMMMUIdx_MSUser MMU index we forgot to
add it to the case statement in regime_is_user(), so we
weren't treating it as unprivileged when doing MPU lookups.
Correct the omission.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-4-git-send-email-peter.maydell@linaro.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
target/arm/helper.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index f21c142..c4c8d5a 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8016,6 +8016,7 @@ static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
case ARMMMUIdx_S1SE0:
case ARMMMUIdx_S1NSE0:
case ARMMMUIdx_MUser:
+ case ARMMMUIdx_MSUser:
return true;
default:
return false;
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 21/43] target/arm: Split M profile MNegPri mmu index into user and priv
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (19 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 20/43] target/arm: Add missing M profile case to regime_is_user() Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 22/43] target/arm: Create new arm_v7m_mmu_idx_for_secstate_and_priv() Peter Maydell
` (22 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
For M profile, we currently have an mmu index MNegPri for
"requested execution priority negative". This fails to
distinguish "requested execution priority negative, privileged"
from "requested execution priority negative, usermode", but
the two can return different results for MPU lookups. Fix this
by splitting MNegPri into MNegPriPriv and MNegPriUser, and
similarly for the Secure equivalent MSNegPri.
This takes us from 6 M profile MMU modes to 8, which means
we need to bump NB_MMU_MODES; this is OK since the point
where we are forced to reduce TLB sizes is 9 MMU modes.
(It would in theory be possible to stick with 6 MMU indexes:
{mpu-disabled,user,privileged} x {secure,nonsecure} since
in the MPU-disabled case the result of an MPU lookup is
always the same for both user and privileged code. However
we would then need to rework the TB flags handling to put
user/priv into the TB flags separately from the mmuidx.
Adding an extra couple of mmu indexes is simpler.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-5-git-send-email-peter.maydell@linaro.org
---
target/arm/cpu.h | 54 ++++++++++++++++++++++++++++++--------------------
target/arm/internals.h | 6 ++++--
target/arm/helper.c | 11 ++++++----
target/arm/translate.c | 8 ++++++--
4 files changed, 50 insertions(+), 29 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 89d49cd..c42d62d 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -112,7 +112,7 @@ enum {
#define ARM_CPU_VIRQ 2
#define ARM_CPU_VFIQ 3
-#define NB_MMU_MODES 7
+#define NB_MMU_MODES 8
/* ARM-specific extra insn start words:
* 1: Conditional execution bits
* 2: Partial exception syndrome for data aborts
@@ -2226,13 +2226,13 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
* They have the following different MMU indexes:
* User
* Privileged
- * Execution priority negative (this is like privileged, but the
- * MPU HFNMIENA bit means that it may have different access permission
- * check results to normal privileged code, so can't share a TLB).
+ * User, execution priority negative (ie the MPU HFNMIENA bit may apply)
+ * Privileged, execution priority negative (ditto)
* If the CPU supports the v8M Security Extension then there are also:
* Secure User
* Secure Privileged
- * Secure, execution priority negative
+ * Secure User, execution priority negative
+ * Secure Privileged, execution priority negative
*
* The ARMMMUIdx and the mmu index value used by the core QEMU TLB code
* are not quite the same -- different CPU types (most notably M profile
@@ -2251,11 +2251,18 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
* The constant names here are patterned after the general style of the names
* of the AT/ATS operations.
* The values used are carefully arranged to make mmu_idx => EL lookup easy.
+ * For M profile we arrange them to have a bit for priv, a bit for negpri
+ * and a bit for secure.
*/
#define ARM_MMU_IDX_A 0x10 /* A profile */
#define ARM_MMU_IDX_NOTLB 0x20 /* does not have a TLB */
#define ARM_MMU_IDX_M 0x40 /* M profile */
+/* meanings of the bits for M profile mmu idx values */
+#define ARM_MMU_IDX_M_PRIV 0x1
+#define ARM_MMU_IDX_M_NEGPRI 0x2
+#define ARM_MMU_IDX_M_S 0x4
+
#define ARM_MMU_IDX_TYPE_MASK (~0x7)
#define ARM_MMU_IDX_COREIDX_MASK 0x7
@@ -2269,10 +2276,12 @@ typedef enum ARMMMUIdx {
ARMMMUIdx_S2NS = 6 | ARM_MMU_IDX_A,
ARMMMUIdx_MUser = 0 | ARM_MMU_IDX_M,
ARMMMUIdx_MPriv = 1 | ARM_MMU_IDX_M,
- ARMMMUIdx_MNegPri = 2 | ARM_MMU_IDX_M,
- ARMMMUIdx_MSUser = 3 | ARM_MMU_IDX_M,
- ARMMMUIdx_MSPriv = 4 | ARM_MMU_IDX_M,
- ARMMMUIdx_MSNegPri = 5 | ARM_MMU_IDX_M,
+ ARMMMUIdx_MUserNegPri = 2 | ARM_MMU_IDX_M,
+ ARMMMUIdx_MPrivNegPri = 3 | ARM_MMU_IDX_M,
+ ARMMMUIdx_MSUser = 4 | ARM_MMU_IDX_M,
+ ARMMMUIdx_MSPriv = 5 | ARM_MMU_IDX_M,
+ ARMMMUIdx_MSUserNegPri = 6 | ARM_MMU_IDX_M,
+ ARMMMUIdx_MSPrivNegPri = 7 | ARM_MMU_IDX_M,
/* Indexes below here don't have TLBs and are used only for AT system
* instructions or for the first stage of an S12 page table walk.
*/
@@ -2293,10 +2302,12 @@ typedef enum ARMMMUIdxBit {
ARMMMUIdxBit_S2NS = 1 << 6,
ARMMMUIdxBit_MUser = 1 << 0,
ARMMMUIdxBit_MPriv = 1 << 1,
- ARMMMUIdxBit_MNegPri = 1 << 2,
- ARMMMUIdxBit_MSUser = 1 << 3,
- ARMMMUIdxBit_MSPriv = 1 << 4,
- ARMMMUIdxBit_MSNegPri = 1 << 5,
+ ARMMMUIdxBit_MUserNegPri = 1 << 2,
+ ARMMMUIdxBit_MPrivNegPri = 1 << 3,
+ ARMMMUIdxBit_MSUser = 1 << 4,
+ ARMMMUIdxBit_MSPriv = 1 << 5,
+ ARMMMUIdxBit_MSUserNegPri = 1 << 6,
+ ARMMMUIdxBit_MSPrivNegPri = 1 << 7,
} ARMMMUIdxBit;
#define MMU_USER_IDX 0
@@ -2322,8 +2333,7 @@ static inline int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
case ARM_MMU_IDX_A:
return mmu_idx & 3;
case ARM_MMU_IDX_M:
- return (mmu_idx == ARMMMUIdx_MUser || mmu_idx == ARMMMUIdx_MSUser)
- ? 0 : 1;
+ return mmu_idx & ARM_MMU_IDX_M_PRIV;
default:
g_assert_not_reached();
}
@@ -2334,16 +2344,18 @@ static inline ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env,
bool secstate)
{
int el = arm_current_el(env);
- ARMMMUIdx mmu_idx;
+ ARMMMUIdx mmu_idx = ARM_MMU_IDX_M;
- if (el == 0) {
- mmu_idx = secstate ? ARMMMUIdx_MSUser : ARMMMUIdx_MUser;
- } else {
- mmu_idx = secstate ? ARMMMUIdx_MSPriv : ARMMMUIdx_MPriv;
+ if (el != 0) {
+ mmu_idx |= ARM_MMU_IDX_M_PRIV;
}
if (armv7m_nvic_neg_prio_requested(env->nvic, secstate)) {
- mmu_idx = secstate ? ARMMMUIdx_MSNegPri : ARMMMUIdx_MNegPri;
+ mmu_idx |= ARM_MMU_IDX_M_NEGPRI;
+ }
+
+ if (secstate) {
+ mmu_idx |= ARM_MMU_IDX_M_S;
}
return mmu_idx;
diff --git a/target/arm/internals.h b/target/arm/internals.h
index d9cc75e..aa9c91b 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -544,15 +544,17 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx)
case ARMMMUIdx_S1NSE1:
case ARMMMUIdx_S1E2:
case ARMMMUIdx_S2NS:
+ case ARMMMUIdx_MPrivNegPri:
+ case ARMMMUIdx_MUserNegPri:
case ARMMMUIdx_MPriv:
- case ARMMMUIdx_MNegPri:
case ARMMMUIdx_MUser:
return false;
case ARMMMUIdx_S1E3:
case ARMMMUIdx_S1SE0:
case ARMMMUIdx_S1SE1:
+ case ARMMMUIdx_MSPrivNegPri:
+ case ARMMMUIdx_MSUserNegPri:
case ARMMMUIdx_MSPriv:
- case ARMMMUIdx_MSNegPri:
case ARMMMUIdx_MSUser:
return true;
default:
diff --git a/target/arm/helper.c b/target/arm/helper.c
index c4c8d5a..70cf313 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -7856,11 +7856,13 @@ static inline uint32_t regime_el(CPUARMState *env, ARMMMUIdx mmu_idx)
case ARMMMUIdx_S1SE1:
case ARMMMUIdx_S1NSE0:
case ARMMMUIdx_S1NSE1:
+ case ARMMMUIdx_MPrivNegPri:
+ case ARMMMUIdx_MUserNegPri:
case ARMMMUIdx_MPriv:
- case ARMMMUIdx_MNegPri:
case ARMMMUIdx_MUser:
+ case ARMMMUIdx_MSPrivNegPri:
+ case ARMMMUIdx_MSUserNegPri:
case ARMMMUIdx_MSPriv:
- case ARMMMUIdx_MSNegPri:
case ARMMMUIdx_MSUser:
return 1;
default:
@@ -7883,8 +7885,7 @@ static inline bool regime_translation_disabled(CPUARMState *env,
(R_V7M_MPU_CTRL_ENABLE_MASK | R_V7M_MPU_CTRL_HFNMIENA_MASK)) {
case R_V7M_MPU_CTRL_ENABLE_MASK:
/* Enabled, but not for HardFault and NMI */
- return mmu_idx == ARMMMUIdx_MNegPri ||
- mmu_idx == ARMMMUIdx_MSNegPri;
+ return mmu_idx & ARM_MMU_IDX_M_NEGPRI;
case R_V7M_MPU_CTRL_ENABLE_MASK | R_V7M_MPU_CTRL_HFNMIENA_MASK:
/* Enabled for all cases */
return false;
@@ -8017,6 +8018,8 @@ static inline bool regime_is_user(CPUARMState *env, ARMMMUIdx mmu_idx)
case ARMMMUIdx_S1NSE0:
case ARMMMUIdx_MUser:
case ARMMMUIdx_MSUser:
+ case ARMMMUIdx_MUserNegPri:
+ case ARMMMUIdx_MSUserNegPri:
return true;
default:
return false;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index f120932..50339e7 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -159,12 +159,16 @@ static inline int get_a32_user_mem_index(DisasContext *s)
return arm_to_core_mmu_idx(ARMMMUIdx_S1SE0);
case ARMMMUIdx_MUser:
case ARMMMUIdx_MPriv:
- case ARMMMUIdx_MNegPri:
return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
+ case ARMMMUIdx_MUserNegPri:
+ case ARMMMUIdx_MPrivNegPri:
+ return arm_to_core_mmu_idx(ARMMMUIdx_MUserNegPri);
case ARMMMUIdx_MSUser:
case ARMMMUIdx_MSPriv:
- case ARMMMUIdx_MSNegPri:
return arm_to_core_mmu_idx(ARMMMUIdx_MSUser);
+ case ARMMMUIdx_MSUserNegPri:
+ case ARMMMUIdx_MSPrivNegPri:
+ return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
case ARMMMUIdx_S2NS:
default:
g_assert_not_reached();
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 22/43] target/arm: Create new arm_v7m_mmu_idx_for_secstate_and_priv()
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (20 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 21/43] target/arm: Split M profile MNegPri mmu index into user and priv Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 23/43] target/arm: Factor MPU lookup code out of get_phys_addr_pmsav8() Peter Maydell
` (21 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
The TT instruction is going to need to look up the MMU index
for a specified security and privilege state. Refactor the
existing arm_v7m_mmu_idx_for_secstate() into a version that
lets you specify the privilege state and one that uses the
current state of the CPU.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-6-git-send-email-peter.maydell@linaro.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
target/arm/cpu.h | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c42d62d..9631670 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2339,14 +2339,16 @@ static inline int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
}
}
-/* Return the MMU index for a v7M CPU in the specified security state */
-static inline ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env,
- bool secstate)
+/* Return the MMU index for a v7M CPU in the specified security and
+ * privilege state
+ */
+static inline ARMMMUIdx arm_v7m_mmu_idx_for_secstate_and_priv(CPUARMState *env,
+ bool secstate,
+ bool priv)
{
- int el = arm_current_el(env);
ARMMMUIdx mmu_idx = ARM_MMU_IDX_M;
- if (el != 0) {
+ if (priv) {
mmu_idx |= ARM_MMU_IDX_M_PRIV;
}
@@ -2361,6 +2363,15 @@ static inline ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env,
return mmu_idx;
}
+/* Return the MMU index for a v7M CPU in the specified security state */
+static inline ARMMMUIdx arm_v7m_mmu_idx_for_secstate(CPUARMState *env,
+ bool secstate)
+{
+ bool priv = arm_current_el(env) != 0;
+
+ return arm_v7m_mmu_idx_for_secstate_and_priv(env, secstate, priv);
+}
+
/* Determine the current mmu_idx to use for normal loads/stores */
static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)
{
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 23/43] target/arm: Factor MPU lookup code out of get_phys_addr_pmsav8()
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (21 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 22/43] target/arm: Create new arm_v7m_mmu_idx_for_secstate_and_priv() Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 24/43] target/arm: Implement TT instruction Peter Maydell
` (20 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
For the TT instruction we're going to need to do an MPU lookup that
also tells us which MPU region the access hit. This requires us
to do the MPU lookup without first doing the SAU security access
check, so pull the MPU lookup parts of get_phys_addr_pmsav8()
out into their own function.
The TT instruction also needs to know the MPU region number which
the lookup hit, so provide this information to the caller of the
MPU lookup code, even though get_phys_addr_pmsav8() doesn't
need to know it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-7-git-send-email-peter.maydell@linaro.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
target/arm/helper.c | 130 +++++++++++++++++++++++++++++++---------------------
1 file changed, 79 insertions(+), 51 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 70cf313..9e7eaa1 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -9348,67 +9348,28 @@ static void v8m_security_lookup(CPUARMState *env, uint32_t address,
}
}
-static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
- MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, MemTxAttrs *txattrs,
- int *prot, uint32_t *fsr)
+static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ hwaddr *phys_ptr, MemTxAttrs *txattrs,
+ int *prot, uint32_t *fsr, uint32_t *mregion)
{
+ /* Perform a PMSAv8 MPU lookup (without also doing the SAU check
+ * that a full phys-to-virt translation does).
+ * mregion is (if not NULL) set to the region number which matched,
+ * or -1 if no region number is returned (MPU off, address did not
+ * hit a region, address hit in multiple regions).
+ */
ARMCPU *cpu = arm_env_get_cpu(env);
bool is_user = regime_is_user(env, mmu_idx);
uint32_t secure = regime_is_secure(env, mmu_idx);
int n;
int matchregion = -1;
bool hit = false;
- V8M_SAttributes sattrs = {};
*phys_ptr = address;
*prot = 0;
-
- if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
- v8m_security_lookup(env, address, access_type, mmu_idx, &sattrs);
- if (access_type == MMU_INST_FETCH) {
- /* Instruction fetches always use the MMU bank and the
- * transaction attribute determined by the fetch address,
- * regardless of CPU state. This is painful for QEMU
- * to handle, because it would mean we need to encode
- * into the mmu_idx not just the (user, negpri) information
- * for the current security state but also that for the
- * other security state, which would balloon the number
- * of mmu_idx values needed alarmingly.
- * Fortunately we can avoid this because it's not actually
- * possible to arbitrarily execute code from memory with
- * the wrong security attribute: it will always generate
- * an exception of some kind or another, apart from the
- * special case of an NS CPU executing an SG instruction
- * in S&NSC memory. So we always just fail the translation
- * here and sort things out in the exception handler
- * (including possibly emulating an SG instruction).
- */
- if (sattrs.ns != !secure) {
- *fsr = sattrs.nsc ? M_FAKE_FSR_NSC_EXEC : M_FAKE_FSR_SFAULT;
- return true;
- }
- } else {
- /* For data accesses we always use the MMU bank indicated
- * by the current CPU state, but the security attributes
- * might downgrade a secure access to nonsecure.
- */
- if (sattrs.ns) {
- txattrs->secure = false;
- } else if (!secure) {
- /* NS access to S memory must fault.
- * Architecturally we should first check whether the
- * MPU information for this address indicates that we
- * are doing an unaligned access to Device memory, which
- * should generate a UsageFault instead. QEMU does not
- * currently check for that kind of unaligned access though.
- * If we added it we would need to do so as a special case
- * for M_FAKE_FSR_SFAULT in arm_v7m_cpu_do_interrupt().
- */
- *fsr = M_FAKE_FSR_SFAULT;
- return true;
- }
- }
+ if (mregion) {
+ *mregion = -1;
}
/* Unlike the ARM ARM pseudocode, we don't need to check whether this
@@ -9497,12 +9458,79 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
/* We don't need to look the attribute up in the MAIR0/MAIR1
* registers because that only tells us about cacheability.
*/
+ if (mregion) {
+ *mregion = matchregion;
+ }
}
*fsr = 0x00d; /* Permission fault */
return !(*prot & (1 << access_type));
}
+
+static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
+ MMUAccessType access_type, ARMMMUIdx mmu_idx,
+ hwaddr *phys_ptr, MemTxAttrs *txattrs,
+ int *prot, uint32_t *fsr)
+{
+ uint32_t secure = regime_is_secure(env, mmu_idx);
+ V8M_SAttributes sattrs = {};
+
+ if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
+ v8m_security_lookup(env, address, access_type, mmu_idx, &sattrs);
+ if (access_type == MMU_INST_FETCH) {
+ /* Instruction fetches always use the MMU bank and the
+ * transaction attribute determined by the fetch address,
+ * regardless of CPU state. This is painful for QEMU
+ * to handle, because it would mean we need to encode
+ * into the mmu_idx not just the (user, negpri) information
+ * for the current security state but also that for the
+ * other security state, which would balloon the number
+ * of mmu_idx values needed alarmingly.
+ * Fortunately we can avoid this because it's not actually
+ * possible to arbitrarily execute code from memory with
+ * the wrong security attribute: it will always generate
+ * an exception of some kind or another, apart from the
+ * special case of an NS CPU executing an SG instruction
+ * in S&NSC memory. So we always just fail the translation
+ * here and sort things out in the exception handler
+ * (including possibly emulating an SG instruction).
+ */
+ if (sattrs.ns != !secure) {
+ *fsr = sattrs.nsc ? M_FAKE_FSR_NSC_EXEC : M_FAKE_FSR_SFAULT;
+ *phys_ptr = address;
+ *prot = 0;
+ return true;
+ }
+ } else {
+ /* For data accesses we always use the MMU bank indicated
+ * by the current CPU state, but the security attributes
+ * might downgrade a secure access to nonsecure.
+ */
+ if (sattrs.ns) {
+ txattrs->secure = false;
+ } else if (!secure) {
+ /* NS access to S memory must fault.
+ * Architecturally we should first check whether the
+ * MPU information for this address indicates that we
+ * are doing an unaligned access to Device memory, which
+ * should generate a UsageFault instead. QEMU does not
+ * currently check for that kind of unaligned access though.
+ * If we added it we would need to do so as a special case
+ * for M_FAKE_FSR_SFAULT in arm_v7m_cpu_do_interrupt().
+ */
+ *fsr = M_FAKE_FSR_SFAULT;
+ *phys_ptr = address;
+ *prot = 0;
+ return true;
+ }
+ }
+ }
+
+ return pmsav8_mpu_lookup(env, address, access_type, mmu_idx, phys_ptr,
+ txattrs, prot, fsr, NULL);
+}
+
static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, int *prot, uint32_t *fsr)
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 24/43] target/arm: Implement TT instruction
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (22 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 23/43] target/arm: Factor MPU lookup code out of get_phys_addr_pmsav8() Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 25/43] target/arm: Provide fault type enum and FSR conversion functions Peter Maydell
` (19 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
Implement the TT instruction which queries the security
state and access permissions of a memory location.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1512153879-5291-8-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.h | 2 +
target/arm/helper.c | 108 +++++++++++++++++++++++++++++++++++++++++++++++++
target/arm/translate.c | 29 ++++++++++++-
3 files changed, 138 insertions(+), 1 deletion(-)
diff --git a/target/arm/helper.h b/target/arm/helper.h
index 439d228..066729e 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -66,6 +66,8 @@ DEF_HELPER_2(v7m_mrs, i32, env, i32)
DEF_HELPER_2(v7m_bxns, void, env, i32)
DEF_HELPER_2(v7m_blxns, void, env, i32)
+DEF_HELPER_3(v7m_tt, i32, env, i32, i32)
+
DEF_HELPER_4(access_check_cp_reg, void, env, ptr, i32, i32)
DEF_HELPER_3(set_cp_reg, void, env, ptr, i32)
DEF_HELPER_2(get_cp_reg, i32, env, ptr)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 9e7eaa1..6140e84 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -5947,6 +5947,28 @@ void HELPER(v7m_blxns)(CPUARMState *env, uint32_t dest)
g_assert_not_reached();
}
+uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
+{
+ /* The TT instructions can be used by unprivileged code, but in
+ * user-only emulation we don't have the MPU.
+ * Luckily since we know we are NonSecure unprivileged (and that in
+ * turn means that the A flag wasn't specified), all the bits in the
+ * register must be zero:
+ * IREGION: 0 because IRVALID is 0
+ * IRVALID: 0 because NS
+ * S: 0 because NS
+ * NSRW: 0 because NS
+ * NSR: 0 because NS
+ * RW: 0 because unpriv and A flag not set
+ * R: 0 because unpriv and A flag not set
+ * SRVALID: 0 because NS
+ * MRVALID: 0 because unpriv and A flag not set
+ * SREGION: 0 becaus SRVALID is 0
+ * MREGION: 0 because MRVALID is 0
+ */
+ return 0;
+}
+
void switch_mode(CPUARMState *env, int mode)
{
ARMCPU *cpu = arm_env_get_cpu(env);
@@ -10140,6 +10162,92 @@ void HELPER(v7m_msr)(CPUARMState *env, uint32_t maskreg, uint32_t val)
}
}
+uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
+{
+ /* Implement the TT instruction. op is bits [7:6] of the insn. */
+ bool forceunpriv = op & 1;
+ bool alt = op & 2;
+ V8M_SAttributes sattrs = {};
+ uint32_t tt_resp;
+ bool r, rw, nsr, nsrw, mrvalid;
+ int prot;
+ MemTxAttrs attrs = {};
+ hwaddr phys_addr;
+ uint32_t fsr;
+ ARMMMUIdx mmu_idx;
+ uint32_t mregion;
+ bool targetpriv;
+ bool targetsec = env->v7m.secure;
+
+ /* Work out what the security state and privilege level we're
+ * interested in is...
+ */
+ if (alt) {
+ targetsec = !targetsec;
+ }
+
+ if (forceunpriv) {
+ targetpriv = false;
+ } else {
+ targetpriv = arm_v7m_is_handler_mode(env) ||
+ !(env->v7m.control[targetsec] & R_V7M_CONTROL_NPRIV_MASK);
+ }
+
+ /* ...and then figure out which MMU index this is */
+ mmu_idx = arm_v7m_mmu_idx_for_secstate_and_priv(env, targetsec, targetpriv);
+
+ /* We know that the MPU and SAU don't care about the access type
+ * for our purposes beyond that we don't want to claim to be
+ * an insn fetch, so we arbitrarily call this a read.
+ */
+
+ /* MPU region info only available for privileged or if
+ * inspecting the other MPU state.
+ */
+ if (arm_current_el(env) != 0 || alt) {
+ /* We can ignore the return value as prot is always set */
+ pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
+ &phys_addr, &attrs, &prot, &fsr, &mregion);
+ if (mregion == -1) {
+ mrvalid = false;
+ mregion = 0;
+ } else {
+ mrvalid = true;
+ }
+ r = prot & PAGE_READ;
+ rw = prot & PAGE_WRITE;
+ } else {
+ r = false;
+ rw = false;
+ mrvalid = false;
+ mregion = 0;
+ }
+
+ if (env->v7m.secure) {
+ v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx, &sattrs);
+ nsr = sattrs.ns && r;
+ nsrw = sattrs.ns && rw;
+ } else {
+ sattrs.ns = true;
+ nsr = false;
+ nsrw = false;
+ }
+
+ tt_resp = (sattrs.iregion << 24) |
+ (sattrs.irvalid << 23) |
+ ((!sattrs.ns) << 22) |
+ (nsrw << 21) |
+ (nsr << 20) |
+ (rw << 19) |
+ (r << 18) |
+ (sattrs.srvalid << 17) |
+ (mrvalid << 16) |
+ (sattrs.sregion << 8) |
+ mregion;
+
+ return tt_resp;
+}
+
#endif
void HELPER(dc_zva)(CPUARMState *env, uint64_t vaddr_in)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 50339e7..e15192d 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -9810,7 +9810,7 @@ static int disas_thumb2_insn(DisasContext *s, uint32_t insn)
if (insn & (1 << 22)) {
/* 0b1110_100x_x1xx_xxxx_xxxx_xxxx_xxxx_xxxx
* - load/store doubleword, load/store exclusive, ldacq/strel,
- * table branch.
+ * table branch, TT.
*/
if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_M) &&
arm_dc_feature(s, ARM_FEATURE_V8)) {
@@ -9887,8 +9887,35 @@ static int disas_thumb2_insn(DisasContext *s, uint32_t insn)
} else if ((insn & (1 << 23)) == 0) {
/* 0b1110_1000_010x_xxxx_xxxx_xxxx_xxxx_xxxx
* - load/store exclusive word
+ * - TT (v8M only)
*/
if (rs == 15) {
+ if (!(insn & (1 << 20)) &&
+ arm_dc_feature(s, ARM_FEATURE_M) &&
+ arm_dc_feature(s, ARM_FEATURE_V8)) {
+ /* 0b1110_1000_0100_xxxx_1111_xxxx_xxxx_xxxx
+ * - TT (v8M only)
+ */
+ bool alt = insn & (1 << 7);
+ TCGv_i32 addr, op, ttresp;
+
+ if ((insn & 0x3f) || rd == 13 || rd == 15 || rn == 15) {
+ /* we UNDEF for these UNPREDICTABLE cases */
+ goto illegal_op;
+ }
+
+ if (alt && !s->v8m_secure) {
+ goto illegal_op;
+ }
+
+ addr = load_reg(s, rn);
+ op = tcg_const_i32(extract32(insn, 6, 2));
+ ttresp = tcg_temp_new_i32();
+ gen_helper_v7m_tt(ttresp, cpu_env, addr, op);
+ tcg_temp_free_i32(addr);
+ tcg_temp_free_i32(op);
+ store_reg(s, rd, ttresp);
+ }
goto illegal_op;
}
addr = tcg_temp_local_new_i32();
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 25/43] target/arm: Provide fault type enum and FSR conversion functions
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (23 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 24/43] target/arm: Implement TT instruction Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 26/43] target/arm: Remove fsr argument from arm_ld*_ptw() Peter Maydell
` (18 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
Currently get_phys_addr() and its various subfunctions return
a hard-coded fault status register value for translation
failures. This is awkward because FSR values these days may
be either long-descriptor format or short-descriptor format.
Worse, the right FSR type to use doesn't depend only on the
translation table being walked -- some cases, like fault
info reported to AArch32 EL2 for some kinds of ATS operation,
must be in long-descriptor format even if the translation
table being walked was short format. We can't get those cases
right with our current approach.
Provide fields in the ARMMMUFaultInfo struct which allow
get_phys_addr() to provide sufficient information for a caller to
construct an FSR value themselves, and utility functions which do
this for both long and short format FSR values, as a first step in
switching get_phys_addr() and its children to only returning the
failure cause in the ARMMMUFaultInfo struct.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-2-git-send-email-peter.maydell@linaro.org
---
target/arm/internals.h | 185 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 185 insertions(+)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index aa9c91b..67b9a52 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -488,7 +488,39 @@ static inline void arm_clear_exclusive(CPUARMState *env)
}
/**
+ * ARMFaultType: type of an ARM MMU fault
+ * This corresponds to the v8A pseudocode's Fault enumeration,
+ * with extensions for QEMU internal conditions.
+ */
+typedef enum ARMFaultType {
+ ARMFault_None,
+ ARMFault_AccessFlag,
+ ARMFault_Alignment,
+ ARMFault_Background,
+ ARMFault_Domain,
+ ARMFault_Permission,
+ ARMFault_Translation,
+ ARMFault_AddressSize,
+ ARMFault_SyncExternal,
+ ARMFault_SyncExternalOnWalk,
+ ARMFault_SyncParity,
+ ARMFault_SyncParityOnWalk,
+ ARMFault_AsyncParity,
+ ARMFault_AsyncExternal,
+ ARMFault_Debug,
+ ARMFault_TLBConflict,
+ ARMFault_Lockdown,
+ ARMFault_Exclusive,
+ ARMFault_ICacheMaint,
+ ARMFault_QEMU_NSCExec, /* v8M: NS executing in S&NSC memory */
+ ARMFault_QEMU_SFault, /* v8M: SecureFault INVTRAN, INVEP or AUVIOL */
+} ARMFaultType;
+
+/**
* ARMMMUFaultInfo: Information describing an ARM MMU Fault
+ * @type: Type of fault
+ * @level: Table walk level (for translation, access flag and permission faults)
+ * @domain: Domain of the fault address (for non-LPAE CPUs only)
* @s2addr: Address that caused a fault at stage 2
* @stage2: True if we faulted at stage 2
* @s1ptw: True if we faulted at stage 2 while doing a stage 1 page-table walk
@@ -496,12 +528,165 @@ static inline void arm_clear_exclusive(CPUARMState *env)
*/
typedef struct ARMMMUFaultInfo ARMMMUFaultInfo;
struct ARMMMUFaultInfo {
+ ARMFaultType type;
target_ulong s2addr;
+ int level;
+ int domain;
bool stage2;
bool s1ptw;
bool ea;
};
+/**
+ * arm_fi_to_sfsc: Convert fault info struct to short-format FSC
+ * Compare pseudocode EncodeSDFSC(), though unlike that function
+ * we set up a whole FSR-format code including domain field and
+ * putting the high bit of the FSC into bit 10.
+ */
+static inline uint32_t arm_fi_to_sfsc(ARMMMUFaultInfo *fi)
+{
+ uint32_t fsc;
+
+ switch (fi->type) {
+ case ARMFault_None:
+ return 0;
+ case ARMFault_AccessFlag:
+ fsc = fi->level == 1 ? 0x3 : 0x6;
+ break;
+ case ARMFault_Alignment:
+ fsc = 0x1;
+ break;
+ case ARMFault_Permission:
+ fsc = fi->level == 1 ? 0xd : 0xf;
+ break;
+ case ARMFault_Domain:
+ fsc = fi->level == 1 ? 0x9 : 0xb;
+ break;
+ case ARMFault_Translation:
+ fsc = fi->level == 1 ? 0x5 : 0x7;
+ break;
+ case ARMFault_SyncExternal:
+ fsc = 0x8 | (fi->ea << 12);
+ break;
+ case ARMFault_SyncExternalOnWalk:
+ fsc = fi->level == 1 ? 0xc : 0xe;
+ fsc |= (fi->ea << 12);
+ break;
+ case ARMFault_SyncParity:
+ fsc = 0x409;
+ break;
+ case ARMFault_SyncParityOnWalk:
+ fsc = fi->level == 1 ? 0x40c : 0x40e;
+ break;
+ case ARMFault_AsyncParity:
+ fsc = 0x408;
+ break;
+ case ARMFault_AsyncExternal:
+ fsc = 0x406 | (fi->ea << 12);
+ break;
+ case ARMFault_Debug:
+ fsc = 0x2;
+ break;
+ case ARMFault_TLBConflict:
+ fsc = 0x400;
+ break;
+ case ARMFault_Lockdown:
+ fsc = 0x404;
+ break;
+ case ARMFault_Exclusive:
+ fsc = 0x405;
+ break;
+ case ARMFault_ICacheMaint:
+ fsc = 0x4;
+ break;
+ case ARMFault_Background:
+ fsc = 0x0;
+ break;
+ case ARMFault_QEMU_NSCExec:
+ fsc = M_FAKE_FSR_NSC_EXEC;
+ break;
+ case ARMFault_QEMU_SFault:
+ fsc = M_FAKE_FSR_SFAULT;
+ break;
+ default:
+ /* Other faults can't occur in a context that requires a
+ * short-format status code.
+ */
+ g_assert_not_reached();
+ }
+
+ fsc |= (fi->domain << 4);
+ return fsc;
+}
+
+/**
+ * arm_fi_to_lfsc: Convert fault info struct to long-format FSC
+ * Compare pseudocode EncodeLDFSC(), though unlike that function
+ * we fill in also the LPAE bit 9 of a DFSR format.
+ */
+static inline uint32_t arm_fi_to_lfsc(ARMMMUFaultInfo *fi)
+{
+ uint32_t fsc;
+
+ switch (fi->type) {
+ case ARMFault_None:
+ return 0;
+ case ARMFault_AddressSize:
+ fsc = fi->level & 3;
+ break;
+ case ARMFault_AccessFlag:
+ fsc = (fi->level & 3) | (0x2 << 2);
+ break;
+ case ARMFault_Permission:
+ fsc = (fi->level & 3) | (0x3 << 2);
+ break;
+ case ARMFault_Translation:
+ fsc = (fi->level & 3) | (0x1 << 2);
+ break;
+ case ARMFault_SyncExternal:
+ fsc = 0x10 | (fi->ea << 12);
+ break;
+ case ARMFault_SyncExternalOnWalk:
+ fsc = (fi->level & 3) | (0x5 << 2) | (fi->ea << 12);
+ break;
+ case ARMFault_SyncParity:
+ fsc = 0x18;
+ break;
+ case ARMFault_SyncParityOnWalk:
+ fsc = (fi->level & 3) | (0x7 << 2);
+ break;
+ case ARMFault_AsyncParity:
+ fsc = 0x19;
+ break;
+ case ARMFault_AsyncExternal:
+ fsc = 0x11 | (fi->ea << 12);
+ break;
+ case ARMFault_Alignment:
+ fsc = 0x21;
+ break;
+ case ARMFault_Debug:
+ fsc = 0x22;
+ break;
+ case ARMFault_TLBConflict:
+ fsc = 0x30;
+ break;
+ case ARMFault_Lockdown:
+ fsc = 0x34;
+ break;
+ case ARMFault_Exclusive:
+ fsc = 0x35;
+ break;
+ default:
+ /* Other faults can't occur in a context that requires a
+ * long-format status code.
+ */
+ g_assert_not_reached();
+ }
+
+ fsc |= 1 << 9;
+ return fsc;
+}
+
/* Do a page table walk and add page to TLB if possible */
bool arm_tlb_fill(CPUState *cpu, vaddr address,
MMUAccessType access_type, int mmu_idx,
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 26/43] target/arm: Remove fsr argument from arm_ld*_ptw()
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (24 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 25/43] target/arm: Provide fault type enum and FSR conversion functions Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 27/43] target/arm: Convert get_phys_addr_v5() to not return FSC values Peter Maydell
` (17 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
All the callers of arm_ldq_ptw() and arm_ldl_ptw() ignore the value
that those functions store in the fsr argument on failure: if they
return failure to their callers they will always overwrite the fsr
value with something else.
Remove the argument from these functions and S1_ptw_translate().
This will simplify removing fsr from the calling functions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-3-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.c | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 6140e84..c43159e 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8266,7 +8266,6 @@ static bool get_level1_table_address(CPUARMState *env, ARMMMUIdx mmu_idx,
/* Translate a S1 pagetable walk through S2 if needed. */
static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
hwaddr addr, MemTxAttrs txattrs,
- uint32_t *fsr,
ARMMMUFaultInfo *fi)
{
if ((mmu_idx == ARMMMUIdx_S1NSE0 || mmu_idx == ARMMMUIdx_S1NSE1) &&
@@ -8275,9 +8274,10 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
hwaddr s2pa;
int s2prot;
int ret;
+ uint32_t fsr;
ret = get_phys_addr_lpae(env, addr, 0, ARMMMUIdx_S2NS, &s2pa,
- &txattrs, &s2prot, &s2size, fsr, fi, NULL);
+ &txattrs, &s2prot, &s2size, &fsr, fi, NULL);
if (ret) {
fi->s2addr = addr;
fi->stage2 = true;
@@ -8297,8 +8297,7 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
* (but not if it was for a debug access).
*/
static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure,
- ARMMMUIdx mmu_idx, uint32_t *fsr,
- ARMMMUFaultInfo *fi)
+ ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
@@ -8307,7 +8306,7 @@ static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure,
attrs.secure = is_secure;
as = arm_addressspace(cs, attrs);
- addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fsr, fi);
+ addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fi);
if (fi->s1ptw) {
return 0;
}
@@ -8319,8 +8318,7 @@ static uint32_t arm_ldl_ptw(CPUState *cs, hwaddr addr, bool is_secure,
}
static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure,
- ARMMMUIdx mmu_idx, uint32_t *fsr,
- ARMMMUFaultInfo *fi)
+ ARMMMUIdx mmu_idx, ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = ARM_CPU(cs);
CPUARMState *env = &cpu->env;
@@ -8329,7 +8327,7 @@ static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure,
attrs.secure = is_secure;
as = arm_addressspace(cs, attrs);
- addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fsr, fi);
+ addr = S1_ptw_translate(env, mmu_idx, addr, attrs, fi);
if (fi->s1ptw) {
return 0;
}
@@ -8365,7 +8363,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
goto do_fault;
}
desc = arm_ldl_ptw(cs, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fsr, fi);
+ mmu_idx, fi);
type = (desc & 3);
domain = (desc >> 5) & 0x0f;
if (regime_el(env, mmu_idx) == 1) {
@@ -8402,7 +8400,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
table = (desc & 0xfffff000) | ((address >> 8) & 0xffc);
}
desc = arm_ldl_ptw(cs, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fsr, fi);
+ mmu_idx, fi);
switch (desc & 3) {
case 0: /* Page translation fault. */
code = 7;
@@ -8484,7 +8482,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
goto do_fault;
}
desc = arm_ldl_ptw(cs, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fsr, fi);
+ mmu_idx, fi);
type = (desc & 3);
if (type == 0 || (type == 3 && !arm_feature(env, ARM_FEATURE_PXN))) {
/* Section translation fault, or attempt to use the encoding
@@ -8536,7 +8534,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
/* Lookup l2 entry. */
table = (desc & 0xfffffc00) | ((address >> 10) & 0x3fc);
desc = arm_ldl_ptw(cs, table, regime_is_secure(env, mmu_idx),
- mmu_idx, fsr, fi);
+ mmu_idx, fi);
ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
switch (desc & 3) {
case 0: /* Page translation fault. */
@@ -8947,7 +8945,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
descaddr |= (address >> (stride * (4 - level))) & indexmask;
descaddr &= ~7ULL;
nstable = extract32(tableattrs, 4, 1);
- descriptor = arm_ldq_ptw(cs, descaddr, !nstable, mmu_idx, fsr, fi);
+ descriptor = arm_ldq_ptw(cs, descaddr, !nstable, mmu_idx, fi);
if (fi->s1ptw) {
goto do_fault;
}
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 27/43] target/arm: Convert get_phys_addr_v5() to not return FSC values
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (25 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 26/43] target/arm: Remove fsr argument from arm_ld*_ptw() Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 28/43] target/arm: Convert get_phys_addr_v6() " Peter Maydell
` (16 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
Make get_phys_addr_v5() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-4-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.c | 33 ++++++++++++++++++---------------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index c43159e..5f2f004 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8341,11 +8341,11 @@ static uint64_t arm_ldq_ptw(CPUState *cs, hwaddr addr, bool is_secure,
static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, int *prot,
- target_ulong *page_size, uint32_t *fsr,
+ target_ulong *page_size,
ARMMMUFaultInfo *fi)
{
CPUState *cs = CPU(arm_env_get_cpu(env));
- int code;
+ int level = 1;
uint32_t table;
uint32_t desc;
int type;
@@ -8359,7 +8359,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* Lookup l1 descriptor. */
if (!get_level1_table_address(env, mmu_idx, &table, address)) {
/* Section translation fault if page walk is disabled by PD0 or PD1 */
- code = 5;
+ fi->type = ARMFault_Translation;
goto do_fault;
}
desc = arm_ldl_ptw(cs, table, regime_is_secure(env, mmu_idx),
@@ -8374,21 +8374,20 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
domain_prot = (dacr >> (domain * 2)) & 3;
if (type == 0) {
/* Section translation fault. */
- code = 5;
+ fi->type = ARMFault_Translation;
goto do_fault;
}
+ if (type != 2) {
+ level = 2;
+ }
if (domain_prot == 0 || domain_prot == 2) {
- if (type == 2)
- code = 9; /* Section domain fault. */
- else
- code = 11; /* Page domain fault. */
+ fi->type = ARMFault_Domain;
goto do_fault;
}
if (type == 2) {
/* 1Mb section. */
phys_addr = (desc & 0xfff00000) | (address & 0x000fffff);
ap = (desc >> 10) & 3;
- code = 13;
*page_size = 1024 * 1024;
} else {
/* Lookup l2 entry. */
@@ -8403,7 +8402,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
mmu_idx, fi);
switch (desc & 3) {
case 0: /* Page translation fault. */
- code = 7;
+ fi->type = ARMFault_Translation;
goto do_fault;
case 1: /* 64k page. */
phys_addr = (desc & 0xffff0000) | (address & 0xffff);
@@ -8426,7 +8425,7 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* UNPREDICTABLE in ARMv5; we choose to take a
* page translation fault.
*/
- code = 7;
+ fi->type = ARMFault_Translation;
goto do_fault;
}
} else {
@@ -8439,18 +8438,19 @@ static bool get_phys_addr_v5(CPUARMState *env, uint32_t address,
/* Never happens, but compiler isn't smart enough to tell. */
abort();
}
- code = 15;
}
*prot = ap_to_rw_prot(env, mmu_idx, ap, domain_prot);
*prot |= *prot ? PAGE_EXEC : 0;
if (!(*prot & (1 << access_type))) {
/* Access permission fault. */
+ fi->type = ARMFault_Permission;
goto do_fault;
}
*phys_ptr = phys_addr;
return false;
do_fault:
- *fsr = code | (domain << 4);
+ fi->domain = domain;
+ fi->level = level;
return true;
}
@@ -9860,8 +9860,11 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
return get_phys_addr_v6(env, address, access_type, mmu_idx, phys_ptr,
attrs, prot, page_size, fsr, fi);
} else {
- return get_phys_addr_v5(env, address, access_type, mmu_idx, phys_ptr,
- prot, page_size, fsr, fi);
+ bool ret = get_phys_addr_v5(env, address, access_type, mmu_idx,
+ phys_ptr, prot, page_size, fi);
+
+ *fsr = arm_fi_to_sfsc(fi);
+ return ret;
}
}
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 28/43] target/arm: Convert get_phys_addr_v6() to not return FSC values
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (26 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 27/43] target/arm: Convert get_phys_addr_v5() to not return FSC values Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 29/43] target/arm: Convert get_phys_addr_lpae() " Peter Maydell
` (15 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
Make get_phys_addr_v6() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-5-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.c | 40 ++++++++++++++++++++++------------------
1 file changed, 22 insertions(+), 18 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 5f2f004..37357d2 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8457,11 +8457,10 @@ do_fault:
static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size, uint32_t *fsr,
- ARMMMUFaultInfo *fi)
+ target_ulong *page_size, ARMMMUFaultInfo *fi)
{
CPUState *cs = CPU(arm_env_get_cpu(env));
- int code;
+ int level = 1;
uint32_t table;
uint32_t desc;
uint32_t xn;
@@ -8478,7 +8477,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
/* Lookup l1 descriptor. */
if (!get_level1_table_address(env, mmu_idx, &table, address)) {
/* Section translation fault if page walk is disabled by PD0 or PD1 */
- code = 5;
+ fi->type = ARMFault_Translation;
goto do_fault;
}
desc = arm_ldl_ptw(cs, table, regime_is_secure(env, mmu_idx),
@@ -8488,7 +8487,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
/* Section translation fault, or attempt to use the encoding
* which is Reserved on implementations without PXN.
*/
- code = 5;
+ fi->type = ARMFault_Translation;
goto do_fault;
}
if ((type == 1) || !(desc & (1 << 18))) {
@@ -8500,13 +8499,13 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
} else {
dacr = env->cp15.dacr_s;
}
+ if (type == 1) {
+ level = 2;
+ }
domain_prot = (dacr >> (domain * 2)) & 3;
if (domain_prot == 0 || domain_prot == 2) {
- if (type != 1) {
- code = 9; /* Section domain fault. */
- } else {
- code = 11; /* Page domain fault. */
- }
+ /* Section or Page domain fault */
+ fi->type = ARMFault_Domain;
goto do_fault;
}
if (type != 1) {
@@ -8524,7 +8523,6 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
ap = ((desc >> 10) & 3) | ((desc >> 13) & 4);
xn = desc & (1 << 4);
pxn = desc & 1;
- code = 13;
ns = extract32(desc, 19, 1);
} else {
if (arm_feature(env, ARM_FEATURE_PXN)) {
@@ -8538,7 +8536,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
ap = ((desc >> 4) & 3) | ((desc >> 7) & 4);
switch (desc & 3) {
case 0: /* Page translation fault. */
- code = 7;
+ fi->type = ARMFault_Translation;
goto do_fault;
case 1: /* 64k page. */
phys_addr = (desc & 0xffff0000) | (address & 0xffff);
@@ -8554,7 +8552,6 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
/* Never happens, but compiler isn't smart enough to tell. */
abort();
}
- code = 15;
}
if (domain_prot == 3) {
*prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
@@ -8562,15 +8559,17 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
if (pxn && !regime_is_user(env, mmu_idx)) {
xn = 1;
}
- if (xn && access_type == MMU_INST_FETCH)
+ if (xn && access_type == MMU_INST_FETCH) {
+ fi->type = ARMFault_Permission;
goto do_fault;
+ }
if (arm_feature(env, ARM_FEATURE_V6K) &&
(regime_sctlr(env, mmu_idx) & SCTLR_AFE)) {
/* The simplified model uses AP[0] as an access control bit. */
if ((ap & 1) == 0) {
/* Access flag fault. */
- code = (code == 15) ? 6 : 3;
+ fi->type = ARMFault_AccessFlag;
goto do_fault;
}
*prot = simple_ap_to_rw_prot(env, mmu_idx, ap >> 1);
@@ -8582,6 +8581,7 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
}
if (!(*prot & (1 << access_type))) {
/* Access permission fault. */
+ fi->type = ARMFault_Permission;
goto do_fault;
}
}
@@ -8595,7 +8595,8 @@ static bool get_phys_addr_v6(CPUARMState *env, uint32_t address,
*phys_ptr = phys_addr;
return false;
do_fault:
- *fsr = code | (domain << 4);
+ fi->domain = domain;
+ fi->level = level;
return true;
}
@@ -9857,8 +9858,11 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
return get_phys_addr_lpae(env, address, access_type, mmu_idx, phys_ptr,
attrs, prot, page_size, fsr, fi, cacheattrs);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
- return get_phys_addr_v6(env, address, access_type, mmu_idx, phys_ptr,
- attrs, prot, page_size, fsr, fi);
+ bool ret = get_phys_addr_v6(env, address, access_type, mmu_idx,
+ phys_ptr, attrs, prot, page_size, fi);
+
+ *fsr = arm_fi_to_sfsc(fi);
+ return ret;
} else {
bool ret = get_phys_addr_v5(env, address, access_type, mmu_idx,
phys_ptr, prot, page_size, fi);
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 29/43] target/arm: Convert get_phys_addr_lpae() to not return FSC values
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (27 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 28/43] target/arm: Convert get_phys_addr_v6() " Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 30/43] target/arm: Convert get_phys_addr_pmsav5() " Peter Maydell
` (14 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
Make get_phys_addr_v6() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-6-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.c | 41 ++++++++++++++++++-----------------------
1 file changed, 18 insertions(+), 23 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 37357d2..ce9cb6f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -34,7 +34,7 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, MemTxAttrs *txattrs, int *prot,
- target_ulong *page_size_ptr, uint32_t *fsr,
+ target_ulong *page_size_ptr,
ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs);
/* Security attributes for an address, as returned by v8m_security_lookup. */
@@ -8274,10 +8274,9 @@ static hwaddr S1_ptw_translate(CPUARMState *env, ARMMMUIdx mmu_idx,
hwaddr s2pa;
int s2prot;
int ret;
- uint32_t fsr;
ret = get_phys_addr_lpae(env, addr, 0, ARMMMUIdx_S2NS, &s2pa,
- &txattrs, &s2prot, &s2size, &fsr, fi, NULL);
+ &txattrs, &s2prot, &s2size, fi, NULL);
if (ret) {
fi->s2addr = addr;
fi->stage2 = true;
@@ -8600,15 +8599,6 @@ do_fault:
return true;
}
-/* Fault type for long-descriptor MMU fault reporting; this corresponds
- * to bits [5..2] in the STATUS field in long-format DFSR/IFSR.
- */
-typedef enum {
- translation_fault = 1,
- access_fault = 2,
- permission_fault = 3,
-} MMUFaultType;
-
/*
* check_s2_mmu_setup
* @cpu: ARMCPU
@@ -8710,13 +8700,13 @@ static uint8_t convert_stage2_attrs(CPUARMState *env, uint8_t s2attrs)
static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, MemTxAttrs *txattrs, int *prot,
- target_ulong *page_size_ptr, uint32_t *fsr,
+ target_ulong *page_size_ptr,
ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
{
ARMCPU *cpu = arm_env_get_cpu(env);
CPUState *cs = CPU(cpu);
/* Read an LPAE long-descriptor translation table. */
- MMUFaultType fault_type = translation_fault;
+ ARMFaultType fault_type = ARMFault_Translation;
uint32_t level;
uint32_t epd = 0;
int32_t t0sz, t1sz;
@@ -8826,7 +8816,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
ttbr_select = 1;
} else {
/* in the gap between the two regions, this is a Translation fault */
- fault_type = translation_fault;
+ fault_type = ARMFault_Translation;
goto do_fault;
}
@@ -8912,7 +8902,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
ok = check_s2_mmu_setup(cpu, aarch64, startlevel,
inputsize, stride);
if (!ok) {
- fault_type = translation_fault;
+ fault_type = ARMFault_Translation;
goto do_fault;
}
level = startlevel;
@@ -8998,7 +8988,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
/* Here descaddr is the final physical address, and attributes
* are all in attrs.
*/
- fault_type = access_fault;
+ fault_type = ARMFault_AccessFlag;
if ((attrs & (1 << 8)) == 0) {
/* Access flag */
goto do_fault;
@@ -9016,7 +9006,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
*prot = get_S1prot(env, mmu_idx, aarch64, ap, ns, xn, pxn);
}
- fault_type = permission_fault;
+ fault_type = ARMFault_Permission;
if (!(*prot & (1 << access_type))) {
goto do_fault;
}
@@ -9048,8 +9038,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
return false;
do_fault:
- /* Long-descriptor format IFSR/DFSR value */
- *fsr = (1 << 9) | (fault_type << 2) | level;
+ fi->type = fault_type;
+ fi->level = level;
/* Tag the error as S2 for failed S1 PTW at S2 or ordinary S2. */
fi->stage2 = fi->s1ptw || (mmu_idx == ARMMMUIdx_S2NS);
return true;
@@ -9775,8 +9765,9 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
/* S1 is done. Now do S2 translation. */
ret = get_phys_addr_lpae(env, ipa, access_type, ARMMMUIdx_S2NS,
phys_ptr, attrs, &s2_prot,
- page_size, fsr, fi,
+ page_size, fi,
cacheattrs != NULL ? &cacheattrs2 : NULL);
+ *fsr = arm_fi_to_lfsc(fi);
fi->s2addr = ipa;
/* Combine the S1 and S2 perms. */
*prot &= s2_prot;
@@ -9855,8 +9846,12 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
}
if (regime_using_lpae_format(env, mmu_idx)) {
- return get_phys_addr_lpae(env, address, access_type, mmu_idx, phys_ptr,
- attrs, prot, page_size, fsr, fi, cacheattrs);
+ bool ret = get_phys_addr_lpae(env, address, access_type, mmu_idx,
+ phys_ptr, attrs, prot, page_size,
+ fi, cacheattrs);
+
+ *fsr = arm_fi_to_lfsc(fi);
+ return ret;
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
bool ret = get_phys_addr_v6(env, address, access_type, mmu_idx,
phys_ptr, attrs, prot, page_size, fi);
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 30/43] target/arm: Convert get_phys_addr_pmsav5() to not return FSC values
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (28 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 29/43] target/arm: Convert get_phys_addr_lpae() " Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 31/43] target/arm: Convert get_phys_addr_pmsav7() " Peter Maydell
` (13 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
Make get_phys_addr_pmsav5() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.
Note that PMSAv5 does not define any guest-visible fault status
register, so the different "fsr" values we were previously
returning are entirely arbitrary. So we can just switch to using
the most appropriae fi->type values without worrying that we
need to special-case FaultInfo->FSC conversion for PMSAv5.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-7-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index ce9cb6f..b08910b 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -9544,7 +9544,8 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, int *prot, uint32_t *fsr)
+ hwaddr *phys_ptr, int *prot,
+ ARMMMUFaultInfo *fi)
{
int n;
uint32_t mask;
@@ -9573,7 +9574,7 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
}
}
if (n < 0) {
- *fsr = 2;
+ fi->type = ARMFault_Background;
return true;
}
@@ -9585,11 +9586,13 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
mask = (mask >> (n * 4)) & 0xf;
switch (mask) {
case 0:
- *fsr = 1;
+ fi->type = ARMFault_Permission;
+ fi->level = 1;
return true;
case 1:
if (is_user) {
- *fsr = 1;
+ fi->type = ARMFault_Permission;
+ fi->level = 1;
return true;
}
*prot = PAGE_READ | PAGE_WRITE;
@@ -9605,7 +9608,8 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
break;
case 5:
if (is_user) {
- *fsr = 1;
+ fi->type = ARMFault_Permission;
+ fi->level = 1;
return true;
}
*prot = PAGE_READ;
@@ -9615,7 +9619,8 @@ static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
break;
default:
/* Bad permission. */
- *fsr = 1;
+ fi->type = ARMFault_Permission;
+ fi->level = 1;
return true;
}
*prot |= PAGE_EXEC;
@@ -9820,7 +9825,8 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
- phys_ptr, prot, fsr);
+ phys_ptr, prot, fi);
+ *fsr = arm_fi_to_sfsc(fi);
}
qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
" mmu_idx %u -> %s (prot %c%c%c)\n",
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 31/43] target/arm: Convert get_phys_addr_pmsav7() to not return FSC values
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (29 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 30/43] target/arm: Convert get_phys_addr_pmsav5() " Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 32/43] target/arm: Convert get_phys_addr_pmsav8() " Peter Maydell
` (12 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
Make get_phys_addr_pmsav7() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-8-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index b08910b..2752d9e 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -9123,7 +9123,8 @@ static inline bool m_is_system_region(CPUARMState *env, uint32_t address)
static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
- hwaddr *phys_ptr, int *prot, uint32_t *fsr)
+ hwaddr *phys_ptr, int *prot,
+ ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = arm_env_get_cpu(env);
int n;
@@ -9218,7 +9219,7 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
if (n == -1) { /* no hits */
if (!pmsav7_use_background_region(cpu, mmu_idx, is_user)) {
/* background fault */
- *fsr = 0;
+ fi->type = ARMFault_Background;
return true;
}
get_phys_addr_pmsav7_default(env, mmu_idx, address, prot);
@@ -9276,7 +9277,8 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address,
}
}
- *fsr = 0x00d; /* Permission fault */
+ fi->type = ARMFault_Permission;
+ fi->level = 1;
return !(*prot & (1 << access_type));
}
@@ -9821,7 +9823,8 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
- phys_ptr, prot, fsr);
+ phys_ptr, prot, fi);
+ *fsr = arm_fi_to_sfsc(fi);
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 32/43] target/arm: Convert get_phys_addr_pmsav8() to not return FSC values
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (30 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 31/43] target/arm: Convert get_phys_addr_pmsav7() " Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 33/43] target/arm: Use ARMMMUFaultInfo in deliver_fault() Peter Maydell
` (11 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
Make get_phys_addr_pmsav8() return a fault type in the ARMMMUFaultInfo
structure, which we convert to the FSC at the callsite.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-9-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.c | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 2752d9e..e611b0f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -9364,7 +9364,7 @@ static void v8m_security_lookup(CPUARMState *env, uint32_t address,
static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, MemTxAttrs *txattrs,
- int *prot, uint32_t *fsr, uint32_t *mregion)
+ int *prot, ARMMMUFaultInfo *fi, uint32_t *mregion)
{
/* Perform a PMSAv8 MPU lookup (without also doing the SAU check
* that a full phys-to-virt translation does).
@@ -9420,7 +9420,8 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
/* Multiple regions match -- always a failure (unlike
* PMSAv7 where highest-numbered-region wins)
*/
- *fsr = 0x00d; /* permission fault */
+ fi->type = ARMFault_Permission;
+ fi->level = 1;
return true;
}
@@ -9448,7 +9449,7 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
if (!hit) {
/* background fault */
- *fsr = 0;
+ fi->type = ARMFault_Background;
return true;
}
@@ -9476,7 +9477,8 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
}
}
- *fsr = 0x00d; /* Permission fault */
+ fi->type = ARMFault_Permission;
+ fi->level = 1;
return !(*prot & (1 << access_type));
}
@@ -9484,7 +9486,7 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, MemTxAttrs *txattrs,
- int *prot, uint32_t *fsr)
+ int *prot, ARMMMUFaultInfo *fi)
{
uint32_t secure = regime_is_secure(env, mmu_idx);
V8M_SAttributes sattrs = {};
@@ -9510,7 +9512,11 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
* (including possibly emulating an SG instruction).
*/
if (sattrs.ns != !secure) {
- *fsr = sattrs.nsc ? M_FAKE_FSR_NSC_EXEC : M_FAKE_FSR_SFAULT;
+ if (sattrs.nsc) {
+ fi->type = ARMFault_QEMU_NSCExec;
+ } else {
+ fi->type = ARMFault_QEMU_SFault;
+ }
*phys_ptr = address;
*prot = 0;
return true;
@@ -9532,7 +9538,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
* If we added it we would need to do so as a special case
* for M_FAKE_FSR_SFAULT in arm_v7m_cpu_do_interrupt().
*/
- *fsr = M_FAKE_FSR_SFAULT;
+ fi->type = ARMFault_QEMU_SFault;
*phys_ptr = address;
*prot = 0;
return true;
@@ -9541,7 +9547,7 @@ static bool get_phys_addr_pmsav8(CPUARMState *env, uint32_t address,
}
return pmsav8_mpu_lookup(env, address, access_type, mmu_idx, phys_ptr,
- txattrs, prot, fsr, NULL);
+ txattrs, prot, fi, NULL);
}
static bool get_phys_addr_pmsav5(CPUARMState *env, uint32_t address,
@@ -9819,7 +9825,8 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
if (arm_feature(env, ARM_FEATURE_V8)) {
/* PMSAv8 */
ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx,
- phys_ptr, attrs, prot, fsr);
+ phys_ptr, attrs, prot, fi);
+ *fsr = arm_fi_to_sfsc(fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
@@ -10180,9 +10187,9 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
uint32_t tt_resp;
bool r, rw, nsr, nsrw, mrvalid;
int prot;
+ ARMMMUFaultInfo fi = {};
MemTxAttrs attrs = {};
hwaddr phys_addr;
- uint32_t fsr;
ARMMMUIdx mmu_idx;
uint32_t mregion;
bool targetpriv;
@@ -10216,7 +10223,7 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op)
if (arm_current_el(env) != 0 || alt) {
/* We can ignore the return value as prot is always set */
pmsav8_mpu_lookup(env, addr, MMU_DATA_LOAD, mmu_idx,
- &phys_addr, &attrs, &prot, &fsr, &mregion);
+ &phys_addr, &attrs, &prot, &fi, &mregion);
if (mregion == -1) {
mrvalid = false;
mregion = 0;
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 33/43] target/arm: Use ARMMMUFaultInfo in deliver_fault()
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (31 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 32/43] target/arm: Convert get_phys_addr_pmsav8() " Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 34/43] target/arm: Ignore fsr from get_phys_addr() in do_ats_write() Peter Maydell
` (10 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
Now that ARMMMUFaultInfo is guaranteed to have enough information
to construct a fault status code, we can pass it in to the
deliver_fault() function and let it generate the correct type
of FSR for the destination, rather than relying on the value
provided by get_phys_addr().
I don't think there are any cases the old code was getting
wrong, but this is more obviously correct.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-10-git-send-email-peter.maydell@linaro.org
---
target/arm/op_helper.c | 79 ++++++++++++++------------------------------------
1 file changed, 22 insertions(+), 57 deletions(-)
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index a40a84a..38e6993 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -116,12 +116,13 @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn,
}
static void deliver_fault(ARMCPU *cpu, vaddr addr, MMUAccessType access_type,
- uint32_t fsr, uint32_t fsc, ARMMMUFaultInfo *fi)
+ int mmu_idx, ARMMMUFaultInfo *fi)
{
CPUARMState *env = &cpu->env;
int target_el;
bool same_el;
- uint32_t syn, exc;
+ uint32_t syn, exc, fsr, fsc;
+ ARMMMUIdx arm_mmu_idx = core_to_arm_mmu_idx(env, mmu_idx);
target_el = exception_target_el(env);
if (fi->stage2) {
@@ -130,14 +131,21 @@ static void deliver_fault(ARMCPU *cpu, vaddr addr, MMUAccessType access_type,
}
same_el = (arm_current_el(env) == target_el);
- if (fsc == 0x3f) {
- /* Caller doesn't have a long-format fault status code. This
- * should only happen if this fault will never actually be reported
- * to an EL that uses a syndrome register. Check that here.
- * 0x3f is a (currently) reserved FSC code, in case the constructed
- * syndrome does leak into the guest somehow.
+ if (target_el == 2 || arm_el_is_aa64(env, target_el) ||
+ arm_s1_regime_using_lpae_format(env, arm_mmu_idx)) {
+ /* LPAE format fault status register : bottom 6 bits are
+ * status code in the same form as needed for syndrome
+ */
+ fsr = arm_fi_to_lfsc(fi);
+ fsc = extract32(fsr, 0, 6);
+ } else {
+ fsr = arm_fi_to_sfsc(fi);
+ /* Short format FSR : this fault will never actually be reported
+ * to an EL that uses a syndrome register. Use a (currently)
+ * reserved FSR code in case the constructed syndrome does leak
+ * into the guest somehow.
*/
- assert(target_el != 2 && !arm_el_is_aa64(env, target_el));
+ fsc = 0x3f;
}
if (access_type == MMU_INST_FETCH) {
@@ -174,29 +182,13 @@ void tlb_fill(CPUState *cs, target_ulong addr, MMUAccessType access_type,
ret = arm_tlb_fill(cs, addr, access_type, mmu_idx, &fsr, &fi);
if (unlikely(ret)) {
ARMCPU *cpu = ARM_CPU(cs);
- uint32_t fsc;
if (retaddr) {
/* now we have a real cpu fault */
cpu_restore_state(cs, retaddr);
}
- if (fsr & (1 << 9)) {
- /* LPAE format fault status register : bottom 6 bits are
- * status code in the same form as needed for syndrome
- */
- fsc = extract32(fsr, 0, 6);
- } else {
- /* Short format FSR : this fault will never actually be reported
- * to an EL that uses a syndrome register. Use a (currently)
- * reserved FSR code in case the constructed syndrome does leak
- * into the guest somehow. deliver_fault will assert that
- * we don't target an EL using the syndrome.
- */
- fsc = 0x3f;
- }
-
- deliver_fault(cpu, addr, access_type, fsr, fsc, &fi);
+ deliver_fault(cpu, addr, access_type, mmu_idx, &fi);
}
}
@@ -206,27 +198,15 @@ void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
int mmu_idx, uintptr_t retaddr)
{
ARMCPU *cpu = ARM_CPU(cs);
- CPUARMState *env = &cpu->env;
- uint32_t fsr, fsc;
ARMMMUFaultInfo fi = {};
- ARMMMUIdx arm_mmu_idx = core_to_arm_mmu_idx(env, mmu_idx);
if (retaddr) {
/* now we have a real cpu fault */
cpu_restore_state(cs, retaddr);
}
- /* the DFSR for an alignment fault depends on whether we're using
- * the LPAE long descriptor format, or the short descriptor format
- */
- if (arm_s1_regime_using_lpae_format(env, arm_mmu_idx)) {
- fsr = (1 << 9) | 0x21;
- } else {
- fsr = 0x1;
- }
- fsc = 0x21;
-
- deliver_fault(cpu, vaddr, access_type, fsr, fsc, &fi);
+ fi.type = ARMFault_Alignment;
+ deliver_fault(cpu, vaddr, access_type, mmu_idx, &fi);
}
/* arm_cpu_do_transaction_failed: handle a memory system error response
@@ -240,10 +220,7 @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
MemTxResult response, uintptr_t retaddr)
{
ARMCPU *cpu = ARM_CPU(cs);
- CPUARMState *env = &cpu->env;
- uint32_t fsr, fsc;
ARMMMUFaultInfo fi = {};
- ARMMMUIdx arm_mmu_idx = core_to_arm_mmu_idx(env, mmu_idx);
if (retaddr) {
/* now we have a real cpu fault */
@@ -256,20 +233,8 @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
* Slave error (1); in QEMU we follow that.
*/
fi.ea = (response != MEMTX_DECODE_ERROR);
-
- /* The fault status register format depends on whether we're using
- * the LPAE long descriptor format, or the short descriptor format.
- */
- if (arm_s1_regime_using_lpae_format(env, arm_mmu_idx)) {
- /* long descriptor form, STATUS 0b010000: synchronous ext abort */
- fsr = (fi.ea << 12) | (1 << 9) | 0x10;
- } else {
- /* short descriptor form, FSR 0b01000 : synchronous ext abort */
- fsr = (fi.ea << 12) | 0x8;
- }
- fsc = 0x10;
-
- deliver_fault(cpu, addr, access_type, fsr, fsc, &fi);
+ fi.type = ARMFault_SyncExternal;
+ deliver_fault(cpu, addr, access_type, mmu_idx, &fi);
}
#endif /* !defined(CONFIG_USER_ONLY) */
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 34/43] target/arm: Ignore fsr from get_phys_addr() in do_ats_write()
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (32 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 33/43] target/arm: Use ARMMMUFaultInfo in deliver_fault() Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 35/43] target/arm: Remove fsr argument from get_phys_addr() and arm_tlb_fill() Peter Maydell
` (9 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
In do_ats_write(), rather than using the FSR value from get_phys_addr(),
construct the PAR values using the information in the ARMMMUFaultInfo
struct. This allows us to create a PAR of the correct format regardless
of what the translation table format is.
For the moment we leave the condition for "when should this be a
64 bit PAR" as it was previously; this will need to be fixed to
properly support AArch32 Hyp mode.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-11-git-send-email-peter.maydell@linaro.org
---
target/arm/helper.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index e611b0f..79ab277 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2160,7 +2160,7 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
hwaddr phys_addr;
target_ulong page_size;
int prot;
- uint32_t fsr;
+ uint32_t fsr_unused;
bool ret;
uint64_t par64;
MemTxAttrs attrs = {};
@@ -2168,12 +2168,12 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
ARMCacheAttrs cacheattrs = {};
ret = get_phys_addr(env, value, access_type, mmu_idx, &phys_addr, &attrs,
- &prot, &page_size, &fsr, &fi, &cacheattrs);
+ &prot, &page_size, &fsr_unused, &fi, &cacheattrs);
+ /* TODO: this is not the correct condition to use to decide whether
+ * to report a PAR in 64-bit or 32-bit format.
+ */
if (arm_s1_regime_using_lpae_format(env, mmu_idx)) {
- /* fsr is a DFSR/IFSR value for the long descriptor
- * translation table format, but with WnR always clear.
- * Convert it to a 64-bit PAR.
- */
+ /* Create a 64-bit PAR */
par64 = (1 << 11); /* LPAE bit always set */
if (!ret) {
par64 |= phys_addr & ~0xfffULL;
@@ -2183,6 +2183,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
par64 |= (uint64_t)cacheattrs.attrs << 56; /* ATTR */
par64 |= cacheattrs.shareability << 7; /* SH */
} else {
+ uint32_t fsr = arm_fi_to_lfsc(&fi);
+
par64 |= 1; /* F */
par64 |= (fsr & 0x3f) << 1; /* FS */
/* Note that S2WLK and FSTAGE are always zero, because we don't
@@ -2207,6 +2209,8 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
par64 |= (1 << 9); /* NS */
}
} else {
+ uint32_t fsr = arm_fi_to_sfsc(&fi);
+
par64 = ((fsr & (1 << 10)) >> 5) | ((fsr & (1 << 12)) >> 6) |
((fsr & 0xf) << 1) | 1;
}
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 35/43] target/arm: Remove fsr argument from get_phys_addr() and arm_tlb_fill()
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (33 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 34/43] target/arm: Ignore fsr from get_phys_addr() in do_ats_write() Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 36/43] target/arm: Extend PAR format determination Peter Maydell
` (8 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
All of the callers of get_phys_addr() and arm_tlb_fill() now ignore
the FSR values they return, so we can just remove the argument
entirely.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Message-id: 1512503192-2239-12-git-send-email-peter.maydell@linaro.org
---
target/arm/internals.h | 2 +-
target/arm/helper.c | 45 ++++++++++++++-------------------------------
target/arm/op_helper.c | 3 +--
3 files changed, 16 insertions(+), 34 deletions(-)
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 67b9a52..876854d 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -690,7 +690,7 @@ static inline uint32_t arm_fi_to_lfsc(ARMMMUFaultInfo *fi)
/* Do a page table walk and add page to TLB if possible */
bool arm_tlb_fill(CPUState *cpu, vaddr address,
MMUAccessType access_type, int mmu_idx,
- uint32_t *fsr, ARMMMUFaultInfo *fi);
+ ARMMMUFaultInfo *fi);
/* Return true if the stage 1 translation regime is using LPAE format page
* tables */
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 79ab277..c469e6a 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -28,7 +28,7 @@ typedef struct ARMCacheAttrs {
static bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size, uint32_t *fsr,
+ target_ulong *page_size,
ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs);
static bool get_phys_addr_lpae(CPUARMState *env, target_ulong address,
@@ -2160,7 +2160,6 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
hwaddr phys_addr;
target_ulong page_size;
int prot;
- uint32_t fsr_unused;
bool ret;
uint64_t par64;
MemTxAttrs attrs = {};
@@ -2168,7 +2167,7 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
ARMCacheAttrs cacheattrs = {};
ret = get_phys_addr(env, value, access_type, mmu_idx, &phys_addr, &attrs,
- &prot, &page_size, &fsr_unused, &fi, &cacheattrs);
+ &prot, &page_size, &fi, &cacheattrs);
/* TODO: this is not the correct condition to use to decide whether
* to report a PAR in 64-bit or 32-bit format.
*/
@@ -6981,7 +6980,6 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
target_ulong page_size;
hwaddr physaddr;
int prot;
- uint32_t fsr;
v8m_security_lookup(env, addr, MMU_INST_FETCH, mmu_idx, &sattrs);
if (!sattrs.nsc || sattrs.ns) {
@@ -6995,7 +6993,7 @@ static bool v7m_read_half_insn(ARMCPU *cpu, ARMMMUIdx mmu_idx,
return false;
}
if (get_phys_addr(env, addr, MMU_INST_FETCH, mmu_idx,
- &physaddr, &attrs, &prot, &page_size, &fsr, &fi, NULL)) {
+ &physaddr, &attrs, &prot, &page_size, &fi, NULL)) {
/* the MPU lookup failed */
env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_IACCVIOL_MASK;
armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_MEM, env->v7m.secure);
@@ -9749,14 +9747,13 @@ static ARMCacheAttrs combine_cacheattrs(ARMCacheAttrs s1, ARMCacheAttrs s2)
* @attrs: set to the memory transaction attributes to use
* @prot: set to the permissions for the page containing phys_ptr
* @page_size: set to the size of the page containing phys_ptr
- * @fsr: set to the DFSR/IFSR value on failure
* @fi: set to fault info if the translation fails
* @cacheattrs: (if non-NULL) set to the cacheability/shareability attributes
*/
static bool get_phys_addr(CPUARMState *env, target_ulong address,
MMUAccessType access_type, ARMMMUIdx mmu_idx,
hwaddr *phys_ptr, MemTxAttrs *attrs, int *prot,
- target_ulong *page_size, uint32_t *fsr,
+ target_ulong *page_size,
ARMMMUFaultInfo *fi, ARMCacheAttrs *cacheattrs)
{
if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
@@ -9771,7 +9768,7 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
ret = get_phys_addr(env, address, access_type,
stage_1_mmu_idx(mmu_idx), &ipa, attrs,
- prot, page_size, fsr, fi, cacheattrs);
+ prot, page_size, fi, cacheattrs);
/* If S1 fails or S2 is disabled, return early. */
if (ret || regime_translation_disabled(env, ARMMMUIdx_S2NS)) {
@@ -9784,7 +9781,6 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
phys_ptr, attrs, &s2_prot,
page_size, fi,
cacheattrs != NULL ? &cacheattrs2 : NULL);
- *fsr = arm_fi_to_lfsc(fi);
fi->s2addr = ipa;
/* Combine the S1 and S2 perms. */
*prot &= s2_prot;
@@ -9830,17 +9826,14 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
/* PMSAv8 */
ret = get_phys_addr_pmsav8(env, address, access_type, mmu_idx,
phys_ptr, attrs, prot, fi);
- *fsr = arm_fi_to_sfsc(fi);
} else if (arm_feature(env, ARM_FEATURE_V7)) {
/* PMSAv7 */
ret = get_phys_addr_pmsav7(env, address, access_type, mmu_idx,
phys_ptr, prot, fi);
- *fsr = arm_fi_to_sfsc(fi);
} else {
/* Pre-v7 MPU */
ret = get_phys_addr_pmsav5(env, address, access_type, mmu_idx,
phys_ptr, prot, fi);
- *fsr = arm_fi_to_sfsc(fi);
}
qemu_log_mask(CPU_LOG_MMU, "PMSA MPU lookup for %s at 0x%08" PRIx32
" mmu_idx %u -> %s (prot %c%c%c)\n",
@@ -9866,24 +9859,15 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
}
if (regime_using_lpae_format(env, mmu_idx)) {
- bool ret = get_phys_addr_lpae(env, address, access_type, mmu_idx,
- phys_ptr, attrs, prot, page_size,
- fi, cacheattrs);
-
- *fsr = arm_fi_to_lfsc(fi);
- return ret;
+ return get_phys_addr_lpae(env, address, access_type, mmu_idx,
+ phys_ptr, attrs, prot, page_size,
+ fi, cacheattrs);
} else if (regime_sctlr(env, mmu_idx) & SCTLR_XP) {
- bool ret = get_phys_addr_v6(env, address, access_type, mmu_idx,
- phys_ptr, attrs, prot, page_size, fi);
-
- *fsr = arm_fi_to_sfsc(fi);
- return ret;
+ return get_phys_addr_v6(env, address, access_type, mmu_idx,
+ phys_ptr, attrs, prot, page_size, fi);
} else {
- bool ret = get_phys_addr_v5(env, address, access_type, mmu_idx,
+ return get_phys_addr_v5(env, address, access_type, mmu_idx,
phys_ptr, prot, page_size, fi);
-
- *fsr = arm_fi_to_sfsc(fi);
- return ret;
}
}
@@ -9892,7 +9876,7 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address,
* fsr with ARM DFSR/IFSR fault register format value on failure.
*/
bool arm_tlb_fill(CPUState *cs, vaddr address,
- MMUAccessType access_type, int mmu_idx, uint32_t *fsr,
+ MMUAccessType access_type, int mmu_idx,
ARMMMUFaultInfo *fi)
{
ARMCPU *cpu = ARM_CPU(cs);
@@ -9905,7 +9889,7 @@ bool arm_tlb_fill(CPUState *cs, vaddr address,
ret = get_phys_addr(env, address, access_type,
core_to_arm_mmu_idx(env, mmu_idx), &phys_addr,
- &attrs, &prot, &page_size, fsr, fi, NULL);
+ &attrs, &prot, &page_size, fi, NULL);
if (!ret) {
/* Map a single [sub]page. */
phys_addr &= TARGET_PAGE_MASK;
@@ -9927,14 +9911,13 @@ hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
target_ulong page_size;
int prot;
bool ret;
- uint32_t fsr;
ARMMMUFaultInfo fi = {};
ARMMMUIdx mmu_idx = core_to_arm_mmu_idx(env, cpu_mmu_index(env, false));
*attrs = (MemTxAttrs) {};
ret = get_phys_addr(env, addr, 0, mmu_idx, &phys_addr,
- attrs, &prot, &page_size, &fsr, &fi, NULL);
+ attrs, &prot, &page_size, &fi, NULL);
if (ret) {
return -1;
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index 38e6993..c2bb4f3 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -176,10 +176,9 @@ void tlb_fill(CPUState *cs, target_ulong addr, MMUAccessType access_type,
int mmu_idx, uintptr_t retaddr)
{
bool ret;
- uint32_t fsr = 0;
ARMMMUFaultInfo fi = {};
- ret = arm_tlb_fill(cs, addr, access_type, mmu_idx, &fsr, &fi);
+ ret = arm_tlb_fill(cs, addr, access_type, mmu_idx, &fi);
if (unlikely(ret)) {
ARMCPU *cpu = ARM_CPU(cs);
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 36/43] target/arm: Extend PAR format determination
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (34 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 35/43] target/arm: Remove fsr argument from get_phys_addr() and arm_tlb_fill() Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 37/43] nvic: Make nvic_sysreg_ns_ops work with any MemoryRegion Peter Maydell
` (7 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>
Now that do_ats_write() is entirely in control of whether to
generate a 32-bit PAR or a 64-bit PAR, we can make it use the
correct (complicated) condition for doing so.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1512503192-2239-13-git-send-email-peter.maydell@linaro.org
[PMM: Rebased Edgar's patch on top of get_phys_addr() refactoring;
use arm_s1_regime_using_lpae_format() rather than
regime_using_lpae_format() because the latter will assert
if passed ARMMMUIdx_S12NSE0 or ARMMMUIdx_S12NSE1;
updated commit message appropriately]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/helper.c | 33 +++++++++++++++++++++++++++++----
1 file changed, 29 insertions(+), 4 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index c469e6a..d1395f9 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2162,16 +2162,41 @@ static uint64_t do_ats_write(CPUARMState *env, uint64_t value,
int prot;
bool ret;
uint64_t par64;
+ bool format64 = false;
MemTxAttrs attrs = {};
ARMMMUFaultInfo fi = {};
ARMCacheAttrs cacheattrs = {};
ret = get_phys_addr(env, value, access_type, mmu_idx, &phys_addr, &attrs,
&prot, &page_size, &fi, &cacheattrs);
- /* TODO: this is not the correct condition to use to decide whether
- * to report a PAR in 64-bit or 32-bit format.
- */
- if (arm_s1_regime_using_lpae_format(env, mmu_idx)) {
+
+ if (is_a64(env)) {
+ format64 = true;
+ } else if (arm_feature(env, ARM_FEATURE_LPAE)) {
+ /*
+ * ATS1Cxx:
+ * * TTBCR.EAE determines whether the result is returned using the
+ * 32-bit or the 64-bit PAR format
+ * * Instructions executed in Hyp mode always use the 64bit format
+ *
+ * ATS1S2NSOxx uses the 64bit format if any of the following is true:
+ * * The Non-secure TTBCR.EAE bit is set to 1
+ * * The implementation includes EL2, and the value of HCR.VM is 1
+ *
+ * ATS1Hx always uses the 64bit format (not supported yet).
+ */
+ format64 = arm_s1_regime_using_lpae_format(env, mmu_idx);
+
+ if (arm_feature(env, ARM_FEATURE_EL2)) {
+ if (mmu_idx == ARMMMUIdx_S12NSE0 || mmu_idx == ARMMMUIdx_S12NSE1) {
+ format64 |= env->cp15.hcr_el2 & HCR_VM;
+ } else {
+ format64 |= arm_current_el(env) == 2;
+ }
+ }
+ }
+
+ if (format64) {
/* Create a 64-bit PAR */
par64 = (1 << 11); /* LPAE bit always set */
if (!ret) {
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 37/43] nvic: Make nvic_sysreg_ns_ops work with any MemoryRegion
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (35 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 36/43] target/arm: Extend PAR format determination Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 38/43] nvic: Make systick banked Peter Maydell
` (6 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
Generalize nvic_sysreg_ns_ops so that we can pass it an
arbitrary MemoryRegion which it will use as the underlying
register implementation to apply the NS-alias behaviour
to. We'll want this so we can do the same with systick.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1512154296-5652-2-git-send-email-peter.maydell@linaro.org
---
hw/intc/armv7m_nvic.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 5d9c883..63f2743 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -1786,10 +1786,12 @@ static MemTxResult nvic_sysreg_ns_write(void *opaque, hwaddr addr,
uint64_t value, unsigned size,
MemTxAttrs attrs)
{
+ MemoryRegion *mr = opaque;
+
if (attrs.secure) {
/* S accesses to the alias act like NS accesses to the real region */
attrs.secure = 0;
- return nvic_sysreg_write(opaque, addr, value, size, attrs);
+ return memory_region_dispatch_write(mr, addr, value, size, attrs);
} else {
/* NS attrs are RAZ/WI for privileged, and BusFault for user */
if (attrs.user) {
@@ -1803,10 +1805,12 @@ static MemTxResult nvic_sysreg_ns_read(void *opaque, hwaddr addr,
uint64_t *data, unsigned size,
MemTxAttrs attrs)
{
+ MemoryRegion *mr = opaque;
+
if (attrs.secure) {
/* S accesses to the alias act like NS accesses to the real region */
attrs.secure = 0;
- return nvic_sysreg_read(opaque, addr, data, size, attrs);
+ return memory_region_dispatch_read(mr, addr, data, size, attrs);
} else {
/* NS attrs are RAZ/WI for privileged, and BusFault for user */
if (attrs.user) {
@@ -2075,7 +2079,7 @@ static void armv7m_nvic_realize(DeviceState *dev, Error **errp)
if (arm_feature(&s->cpu->env, ARM_FEATURE_V8)) {
memory_region_init_io(&s->sysreg_ns_mem, OBJECT(s),
- &nvic_sysreg_ns_ops, s,
+ &nvic_sysreg_ns_ops, &s->sysregmem,
"nvic_sysregs_ns", 0x1000);
memory_region_add_subregion(&s->container, 0x20000, &s->sysreg_ns_mem);
}
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 38/43] nvic: Make systick banked
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (36 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 37/43] nvic: Make nvic_sysreg_ns_ops work with any MemoryRegion Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 39/43] hw/display/tc6393xb: limit irq handler index to TC6393XB_GPIOS Peter Maydell
` (5 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
For the v8M security extension, there should be two systick
devices, which use separate banked systick exceptions. The
register interface is banked in the same way as for other
banked registers, including the existence of an NS alias
region for secure code to access the nonsecure timer.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1512154296-5652-3-git-send-email-peter.maydell@linaro.org
---
include/hw/intc/armv7m_nvic.h | 4 +-
hw/intc/armv7m_nvic.c | 90 ++++++++++++++++++++++++++++++++++++-------
2 files changed, 80 insertions(+), 14 deletions(-)
diff --git a/include/hw/intc/armv7m_nvic.h b/include/hw/intc/armv7m_nvic.h
index ac7997c..8bc2911 100644
--- a/include/hw/intc/armv7m_nvic.h
+++ b/include/hw/intc/armv7m_nvic.h
@@ -78,13 +78,15 @@ typedef struct NVICState {
MemoryRegion sysregmem;
MemoryRegion sysreg_ns_mem;
+ MemoryRegion systickmem;
+ MemoryRegion systick_ns_mem;
MemoryRegion container;
uint32_t num_irq;
qemu_irq excpout;
qemu_irq sysresetreq;
- SysTickState systick;
+ SysTickState systick[M_REG_NUM_BANKS];
} NVICState;
#endif
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 63f2743..dd49b6c 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -1827,6 +1827,36 @@ static const MemoryRegionOps nvic_sysreg_ns_ops = {
.endianness = DEVICE_NATIVE_ENDIAN,
};
+static MemTxResult nvic_systick_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned size,
+ MemTxAttrs attrs)
+{
+ NVICState *s = opaque;
+ MemoryRegion *mr;
+
+ /* Direct the access to the correct systick */
+ mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->systick[attrs.secure]), 0);
+ return memory_region_dispatch_write(mr, addr, value, size, attrs);
+}
+
+static MemTxResult nvic_systick_read(void *opaque, hwaddr addr,
+ uint64_t *data, unsigned size,
+ MemTxAttrs attrs)
+{
+ NVICState *s = opaque;
+ MemoryRegion *mr;
+
+ /* Direct the access to the correct systick */
+ mr = sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->systick[attrs.secure]), 0);
+ return memory_region_dispatch_read(mr, addr, data, size, attrs);
+}
+
+static const MemoryRegionOps nvic_systick_ops = {
+ .read_with_attrs = nvic_systick_read,
+ .write_with_attrs = nvic_systick_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
static int nvic_post_load(void *opaque, int version_id)
{
NVICState *s = opaque;
@@ -2005,17 +2035,16 @@ static void nvic_systick_trigger(void *opaque, int n, int level)
/* SysTick just asked us to pend its exception.
* (This is different from an external interrupt line's
* behaviour.)
- * TODO: when we implement the banked systicks we must make
- * this pend the correct banked exception.
+ * n == 0 : NonSecure systick
+ * n == 1 : Secure systick
*/
- armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK, false);
+ armv7m_nvic_set_pending(s, ARMV7M_EXCP_SYSTICK, n);
}
}
static void armv7m_nvic_realize(DeviceState *dev, Error **errp)
{
NVICState *s = NVIC(dev);
- SysBusDevice *systick_sbd;
Error *err = NULL;
int regionlen;
@@ -2032,14 +2061,35 @@ static void armv7m_nvic_realize(DeviceState *dev, Error **errp)
/* include space for internal exception vectors */
s->num_irq += NVIC_FIRST_IRQ;
- object_property_set_bool(OBJECT(&s->systick), true, "realized", &err);
+ object_property_set_bool(OBJECT(&s->systick[M_REG_NS]), true,
+ "realized", &err);
if (err != NULL) {
error_propagate(errp, err);
return;
}
- systick_sbd = SYS_BUS_DEVICE(&s->systick);
- sysbus_connect_irq(systick_sbd, 0,
- qdev_get_gpio_in_named(dev, "systick-trigger", 0));
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->systick[M_REG_NS]), 0,
+ qdev_get_gpio_in_named(dev, "systick-trigger",
+ M_REG_NS));
+
+ if (arm_feature(&s->cpu->env, ARM_FEATURE_M_SECURITY)) {
+ /* We couldn't init the secure systick device in instance_init
+ * as we didn't know then if the CPU had the security extensions;
+ * so we have to do it here.
+ */
+ object_initialize(&s->systick[M_REG_S], sizeof(s->systick[M_REG_S]),
+ TYPE_SYSTICK);
+ qdev_set_parent_bus(DEVICE(&s->systick[M_REG_S]), sysbus_get_default());
+
+ object_property_set_bool(OBJECT(&s->systick[M_REG_S]), true,
+ "realized", &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ return;
+ }
+ sysbus_connect_irq(SYS_BUS_DEVICE(&s->systick[M_REG_S]), 0,
+ qdev_get_gpio_in_named(dev, "systick-trigger",
+ M_REG_S));
+ }
/* The NVIC and System Control Space (SCS) starts at 0xe000e000
* and looks like this:
@@ -2073,15 +2123,24 @@ static void armv7m_nvic_realize(DeviceState *dev, Error **errp)
memory_region_init_io(&s->sysregmem, OBJECT(s), &nvic_sysreg_ops, s,
"nvic_sysregs", 0x1000);
memory_region_add_subregion(&s->container, 0, &s->sysregmem);
+
+ memory_region_init_io(&s->systickmem, OBJECT(s),
+ &nvic_systick_ops, s,
+ "nvic_systick", 0xe0);
+
memory_region_add_subregion_overlap(&s->container, 0x10,
- sysbus_mmio_get_region(systick_sbd, 0),
- 1);
+ &s->systickmem, 1);
if (arm_feature(&s->cpu->env, ARM_FEATURE_V8)) {
memory_region_init_io(&s->sysreg_ns_mem, OBJECT(s),
&nvic_sysreg_ns_ops, &s->sysregmem,
"nvic_sysregs_ns", 0x1000);
memory_region_add_subregion(&s->container, 0x20000, &s->sysreg_ns_mem);
+ memory_region_init_io(&s->systick_ns_mem, OBJECT(s),
+ &nvic_sysreg_ns_ops, &s->systickmem,
+ "nvic_systick_ns", 0xe0);
+ memory_region_add_subregion_overlap(&s->container, 0x20010,
+ &s->systick_ns_mem, 1);
}
sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->container);
@@ -2099,12 +2158,17 @@ static void armv7m_nvic_instance_init(Object *obj)
NVICState *nvic = NVIC(obj);
SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
- object_initialize(&nvic->systick, sizeof(nvic->systick), TYPE_SYSTICK);
- qdev_set_parent_bus(DEVICE(&nvic->systick), sysbus_get_default());
+ object_initialize(&nvic->systick[M_REG_NS],
+ sizeof(nvic->systick[M_REG_NS]), TYPE_SYSTICK);
+ qdev_set_parent_bus(DEVICE(&nvic->systick[M_REG_NS]), sysbus_get_default());
+ /* We can't initialize the secure systick here, as we don't know
+ * yet if we need it.
+ */
sysbus_init_irq(sbd, &nvic->excpout);
qdev_init_gpio_out_named(dev, &nvic->sysresetreq, "SYSRESETREQ", 1);
- qdev_init_gpio_in_named(dev, nvic_systick_trigger, "systick-trigger", 1);
+ qdev_init_gpio_in_named(dev, nvic_systick_trigger, "systick-trigger",
+ M_REG_NUM_BANKS);
}
static void armv7m_nvic_class_init(ObjectClass *klass, void *data)
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 39/43] hw/display/tc6393xb: limit irq handler index to TC6393XB_GPIOS
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (37 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 38/43] nvic: Make systick banked Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 40/43] MAINTAINERS: replace the unavailable email address Peter Maydell
` (4 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Prasad J Pandit <pjp@fedoraproject.org>
The ctz32() routine could return a value greater than
TC6393XB_GPIOS=16, because the device has 24 GPIO level
bits but we only implement 16 outgoing lines. This could
lead to an OOB array access. Mask 'level' to avoid it.
Reported-by: Moguofang <moguofang@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20171212041539.25700-1-ppandit@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/display/tc6393xb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/display/tc6393xb.c b/hw/display/tc6393xb.c
index 74d10af..0ae6360 100644
--- a/hw/display/tc6393xb.c
+++ b/hw/display/tc6393xb.c
@@ -172,6 +172,7 @@ static void tc6393xb_gpio_handler_update(TC6393xbState *s)
int bit;
level = s->gpio_level & s->gpio_dir;
+ level &= MAKE_64BIT_MASK(0, TC6393XB_GPIOS);
for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
bit = ctz32(diff);
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 40/43] MAINTAINERS: replace the unavailable email address
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (38 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 39/43] hw/display/tc6393xb: limit irq handler index to TC6393XB_GPIOS Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 41/43] xilinx_spips: Update the QSPI Mod ID reset value Peter Maydell
` (3 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Zhaoshenglong <zhaoshenglong@huawei.com>
Since I'm not working as an assignee in Linaro, replace the Linaro email
address with my personal one.
Signed-off-by: Zhaoshenglong <zhaoshenglong@huawei.com>
Message-id: 1513058845-9768-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
MAINTAINERS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index 0255113..45e2e20 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -543,7 +543,7 @@ F: include/hw/*/xlnx*.h
ARM ACPI Subsystem
M: Shannon Zhao <zhaoshenglong@huawei.com>
-M: Shannon Zhao <shannon.zhao@linaro.org>
+M: Shannon Zhao <shannon.zhaosl@gmail.com>
L: qemu-arm@nongnu.org
S: Maintained
F: hw/arm/virt-acpi-build.c
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 41/43] xilinx_spips: Update the QSPI Mod ID reset value
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (39 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 40/43] MAINTAINERS: replace the unavailable email address Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 42/43] xilinx_spips: Set all of the reset values Peter Maydell
` (2 subsequent siblings)
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Alistair Francis <alistair.francis@xilinx.com>
Update the reset value to match the latest ZynqMP register spec.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: c03e51d041db7f055596084891aeb1e856e32b9f.1513104804.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/ssi/xilinx_spips.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index ad1b2ba..899db81 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -355,6 +355,7 @@ static void xlnx_zynqmp_qspips_reset(DeviceState *d)
s->regs[R_GQSPI_RX_THRESH] = 1;
s->regs[R_GQSPI_GFIFO_THRESH] = 1;
s->regs[R_GQSPI_IMR] = GQSPI_IXR_MASK;
+ s->regs[R_MOD_ID] = 0x01090101;
s->man_start_com_g = false;
s->gqspi_irqline = 0;
xlnx_zynqmp_qspips_update_ixr(s);
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 42/43] xilinx_spips: Set all of the reset values
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (40 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 41/43] xilinx_spips: Update the QSPI Mod ID reset value Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 43/43] xilinx_spips: Use memset instead of a for loop to zero registers Peter Maydell
2017-12-14 15:32 ` [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Alistair Francis <alistair.francis@xilinx.com>
Following the ZynqMP register spec let's ensure that all reset values
are set.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: 19836f3e0a298b13343c5a59c87425355e7fd8bd.1513104804.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
include/hw/ssi/xilinx_spips.h | 2 +-
hw/ssi/xilinx_spips.c | 35 ++++++++++++++++++++++++++++++-----
2 files changed, 31 insertions(+), 6 deletions(-)
diff --git a/include/hw/ssi/xilinx_spips.h b/include/hw/ssi/xilinx_spips.h
index 75fc94c..d398a4e 100644
--- a/include/hw/ssi/xilinx_spips.h
+++ b/include/hw/ssi/xilinx_spips.h
@@ -32,7 +32,7 @@
typedef struct XilinxSPIPS XilinxSPIPS;
#define XLNX_SPIPS_R_MAX (0x100 / 4)
-#define XLNX_ZYNQMP_SPIPS_R_MAX (0x200 / 4)
+#define XLNX_ZYNQMP_SPIPS_R_MAX (0x830 / 4)
/* Bite off 4k chunks at a time */
#define LQSPI_CACHE_SIZE 1024
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index 899db81..42d9b04 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -66,6 +66,7 @@
/* interrupt mechanism */
#define R_INTR_STATUS (0x04 / 4)
+#define R_INTR_STATUS_RESET (0x104)
#define R_INTR_EN (0x08 / 4)
#define R_INTR_DIS (0x0C / 4)
#define R_INTR_MASK (0x10 / 4)
@@ -102,6 +103,9 @@
#define R_SLAVE_IDLE_COUNT (0x24 / 4)
#define R_TX_THRES (0x28 / 4)
#define R_RX_THRES (0x2C / 4)
+#define R_GPIO (0x30 / 4)
+#define R_LPBK_DLY_ADJ (0x38 / 4)
+#define R_LPBK_DLY_ADJ_RESET (0x33)
#define R_TXD1 (0x80 / 4)
#define R_TXD2 (0x84 / 4)
#define R_TXD3 (0x88 / 4)
@@ -140,8 +144,12 @@
#define R_GQSPI_IER (0x108 / 4)
#define R_GQSPI_IDR (0x10c / 4)
#define R_GQSPI_IMR (0x110 / 4)
+#define R_GQSPI_IMR_RESET (0xfbe)
#define R_GQSPI_TX_THRESH (0x128 / 4)
#define R_GQSPI_RX_THRESH (0x12c / 4)
+#define R_GQSPI_GPIO (0x130 / 4)
+#define R_GQSPI_LPBK_DLY_ADJ (0x138 / 4)
+#define R_GQSPI_LPBK_DLY_ADJ_RESET (0x33)
#define R_GQSPI_CNFG (0x100 / 4)
FIELD(GQSPI_CNFG, MODE_EN, 30, 2)
FIELD(GQSPI_CNFG, GEN_FIFO_START_MODE, 29, 1)
@@ -177,8 +185,16 @@
FIELD(GQSPI_GF_SNAPSHOT, EXPONENT, 9, 1)
FIELD(GQSPI_GF_SNAPSHOT, DATA_XFER, 8, 1)
FIELD(GQSPI_GF_SNAPSHOT, IMMEDIATE_DATA, 0, 8)
-#define R_GQSPI_MOD_ID (0x168 / 4)
-#define R_GQSPI_MOD_ID_VALUE 0x010A0000
+#define R_GQSPI_MOD_ID (0x1fc / 4)
+#define R_GQSPI_MOD_ID_RESET (0x10a0000)
+
+#define R_QSPIDMA_DST_CTRL (0x80c / 4)
+#define R_QSPIDMA_DST_CTRL_RESET (0x803ffa00)
+#define R_QSPIDMA_DST_I_MASK (0x820 / 4)
+#define R_QSPIDMA_DST_I_MASK_RESET (0xfe)
+#define R_QSPIDMA_DST_CTRL2 (0x824 / 4)
+#define R_QSPIDMA_DST_CTRL2_RESET (0x081bfff8)
+
/* size of TXRX FIFOs */
#define RXFF_A (128)
#define TXFF_A (128)
@@ -351,11 +367,20 @@ static void xlnx_zynqmp_qspips_reset(DeviceState *d)
fifo8_reset(&s->rx_fifo_g);
fifo8_reset(&s->rx_fifo_g);
fifo32_reset(&s->fifo_g);
+ s->regs[R_INTR_STATUS] = R_INTR_STATUS_RESET;
+ s->regs[R_GPIO] = 1;
+ s->regs[R_LPBK_DLY_ADJ] = R_LPBK_DLY_ADJ_RESET;
+ s->regs[R_GQSPI_GFIFO_THRESH] = 0x10;
+ s->regs[R_MOD_ID] = 0x01090101;
+ s->regs[R_GQSPI_IMR] = R_GQSPI_IMR_RESET;
s->regs[R_GQSPI_TX_THRESH] = 1;
s->regs[R_GQSPI_RX_THRESH] = 1;
- s->regs[R_GQSPI_GFIFO_THRESH] = 1;
- s->regs[R_GQSPI_IMR] = GQSPI_IXR_MASK;
- s->regs[R_MOD_ID] = 0x01090101;
+ s->regs[R_GQSPI_GPIO] = 1;
+ s->regs[R_GQSPI_LPBK_DLY_ADJ] = R_GQSPI_LPBK_DLY_ADJ_RESET;
+ s->regs[R_GQSPI_MOD_ID] = R_GQSPI_MOD_ID_RESET;
+ s->regs[R_QSPIDMA_DST_CTRL] = R_QSPIDMA_DST_CTRL_RESET;
+ s->regs[R_QSPIDMA_DST_I_MASK] = R_QSPIDMA_DST_I_MASK_RESET;
+ s->regs[R_QSPIDMA_DST_CTRL2] = R_QSPIDMA_DST_CTRL2_RESET;
s->man_start_com_g = false;
s->gqspi_irqline = 0;
xlnx_zynqmp_qspips_update_ixr(s);
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* [Qemu-devel] [PULL 43/43] xilinx_spips: Use memset instead of a for loop to zero registers
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (41 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 42/43] xilinx_spips: Set all of the reset values Peter Maydell
@ 2017-12-13 18:12 ` Peter Maydell
2017-12-14 15:32 ` [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-13 18:12 UTC (permalink / raw)
To: qemu-devel
From: Alistair Francis <alistair.francis@xilinx.com>
Use memset() instead of a for loop to zero all of the registers.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: c076e907f355923864cb1afde31b938ffb677778.1513104804.git.alistair.francis@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/ssi/xilinx_spips.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index 42d9b04..d8187fa 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -329,10 +329,7 @@ static void xilinx_spips_reset(DeviceState *d)
{
XilinxSPIPS *s = XILINX_SPIPS(d);
- int i;
- for (i = 0; i < XLNX_SPIPS_R_MAX; i++) {
- s->regs[i] = 0;
- }
+ memset(s->regs, 0, sizeof(s->regs));
fifo8_reset(&s->rx_fifo);
fifo8_reset(&s->rx_fifo);
@@ -357,13 +354,11 @@ static void xilinx_spips_reset(DeviceState *d)
static void xlnx_zynqmp_qspips_reset(DeviceState *d)
{
XlnxZynqMPQSPIPS *s = XLNX_ZYNQMP_QSPIPS(d);
- int i;
xilinx_spips_reset(d);
- for (i = 0; i < XLNX_ZYNQMP_SPIPS_R_MAX; i++) {
- s->regs[i] = 0;
- }
+ memset(s->regs, 0, sizeof(s->regs));
+
fifo8_reset(&s->rx_fifo_g);
fifo8_reset(&s->rx_fifo_g);
fifo32_reset(&s->fifo_g);
--
2.7.4
^ permalink raw reply related [flat|nested] 45+ messages in thread
* Re: [Qemu-devel] [PULL 00/43] target-arm queue
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
` (42 preceding siblings ...)
2017-12-13 18:12 ` [Qemu-devel] [PULL 43/43] xilinx_spips: Use memset instead of a for loop to zero registers Peter Maydell
@ 2017-12-14 15:32 ` Peter Maydell
43 siblings, 0 replies; 45+ messages in thread
From: Peter Maydell @ 2017-12-14 15:32 UTC (permalink / raw)
To: QEMU Developers
On 13 December 2017 at 18:11, Peter Maydell <peter.maydell@linaro.org> wrote:
> First arm pullreq for the 2.12 cycle, with all the
> things that queued up during the release phase.
> 2.11 isn't quite released yet, but might as well put
> the pullreq on the mailing list :-)
>
> thanks
> -- PMM
>
> The following changes since commit 0a0dc59d27527b78a195c2d838d28b7b49e5a639:
>
> Update version for v2.11.0 release (2017-12-13 14:31:09 +0000)
>
> are available in the git repository at:
>
> git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20171213
>
> for you to fetch changes up to d3c348b6e3af3598bfcb755d59f8f4de80a2228a:
>
> xilinx_spips: Use memset instead of a for loop to zero registers (2017-12-13 17:59:26 +0000)
>
Applied, thanks.
-- PMM
^ permalink raw reply [flat|nested] 45+ messages in thread
end of thread, other threads:[~2017-12-14 15:32 UTC | newest]
Thread overview: 45+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-13 18:11 [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
2017-12-13 18:11 ` [Qemu-devel] [PULL 01/43] m25p80: Add support for continuous read out of RDSR and READ_FSR Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 02/43] m25p80: Add support for SST READ ID 0x90/0xAB commands Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 03/43] m25p80: Add support for BRRD/BRWR and BULK_ERASE (0x60) Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 04/43] m25p80: Add support for n25q512a11 and n25q512a13 Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 05/43] xilinx_spips: Move FlashCMD, XilinxQSPIPS and XilinxSPIPSClass Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 06/43] xilinx_spips: Update striping to be big-endian bit order Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 07/43] xilinx_spips: Add support for RX discard and RX drain Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 08/43] xilinx_spips: Make tx/rx_data_bytes more generic and reusable Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 09/43] xilinx_spips: Add support for zero pumping Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 10/43] xilinx_spips: Add support for 4 byte addresses in the LQSPI Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 11/43] xilinx_spips: Don't set TX FIFO UNDERFLOW at cmd done Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 12/43] xilinx_spips: Add support for the ZynqMP Generic QSPI Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 13/43] xlnx-zcu102: Add support for the ZynqMP QSPI Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 14/43] hw/intc/arm_gicv3_its: Don't call post_load on reset Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 15/43] hw/intc/arm_gicv3_its: Implement a minimalist reset Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 16/43] linux-headers: update to 4.15-rc1 Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 17/43] hw/intc/arm_gicv3_its: Implement full reset Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 18/43] target/arm: Handle SPSEL and current stack being out of sync in MSP/PSP reads Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 19/43] target/arm: Allow explicit writes to CONTROL.SPSEL in Handler mode Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 20/43] target/arm: Add missing M profile case to regime_is_user() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 21/43] target/arm: Split M profile MNegPri mmu index into user and priv Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 22/43] target/arm: Create new arm_v7m_mmu_idx_for_secstate_and_priv() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 23/43] target/arm: Factor MPU lookup code out of get_phys_addr_pmsav8() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 24/43] target/arm: Implement TT instruction Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 25/43] target/arm: Provide fault type enum and FSR conversion functions Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 26/43] target/arm: Remove fsr argument from arm_ld*_ptw() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 27/43] target/arm: Convert get_phys_addr_v5() to not return FSC values Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 28/43] target/arm: Convert get_phys_addr_v6() " Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 29/43] target/arm: Convert get_phys_addr_lpae() " Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 30/43] target/arm: Convert get_phys_addr_pmsav5() " Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 31/43] target/arm: Convert get_phys_addr_pmsav7() " Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 32/43] target/arm: Convert get_phys_addr_pmsav8() " Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 33/43] target/arm: Use ARMMMUFaultInfo in deliver_fault() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 34/43] target/arm: Ignore fsr from get_phys_addr() in do_ats_write() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 35/43] target/arm: Remove fsr argument from get_phys_addr() and arm_tlb_fill() Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 36/43] target/arm: Extend PAR format determination Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 37/43] nvic: Make nvic_sysreg_ns_ops work with any MemoryRegion Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 38/43] nvic: Make systick banked Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 39/43] hw/display/tc6393xb: limit irq handler index to TC6393XB_GPIOS Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 40/43] MAINTAINERS: replace the unavailable email address Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 41/43] xilinx_spips: Update the QSPI Mod ID reset value Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 42/43] xilinx_spips: Set all of the reset values Peter Maydell
2017-12-13 18:12 ` [Qemu-devel] [PULL 43/43] xilinx_spips: Use memset instead of a for loop to zero registers Peter Maydell
2017-12-14 15:32 ` [Qemu-devel] [PULL 00/43] target-arm queue Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.