* [PULL 0/9] target-arm queue
@ 2022-07-07 12:27 Peter Maydell
2022-07-07 12:27 ` [PULL 1/9] hw/arm/virt: dt: add rng-seed property Peter Maydell
` (9 more replies)
0 siblings, 10 replies; 18+ messages in thread
From: Peter Maydell @ 2022-07-07 12:27 UTC (permalink / raw)
To: qemu-devel
My OS Lock/DoubleLock patches, plus a small selection of other
bug fixes and minor things.
thanks
-- PMM
The following changes since commit 8e9398e3b1a860b8c29c670c1b6c36afe8d87849:
Merge tag 'pull-ppc-20220706' of https://gitlab.com/danielhb/qemu into staging (2022-07-07 06:21:05 +0530)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220707
for you to fetch changes up to c2360eaa0262a816faf8032b7762d0c73df2cc62:
target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem (2022-07-07 11:41:04 +0100)
----------------------------------------------------------------
target-arm queue:
* hw/arm/virt: dt: add rng-seed property
* Fix MTE check in sve_ldnfff1_r
* Record tagged bit for user-only in sve_probe_page
* Correctly implement OS Lock and OS DoubleLock
* Implement DBGDEVID, DBGDEVID1, DBGDEVID2 registers
* Fix qemu-system-arm handling of LPAE block descriptors for highmem
----------------------------------------------------------------
Jason A. Donenfeld (1):
hw/arm/virt: dt: add rng-seed property
Peter Maydell (6):
target/arm: Fix code style issues in debug helper functions
target/arm: Move define_debug_regs() to debug_helper.c
target/arm: Suppress debug exceptions when OS Lock set
target/arm: Implement AArch32 DBGDEVID, DBGDEVID1, DBGDEVID2
target/arm: Correctly implement Feat_DoubleLock
target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem
Richard Henderson (2):
target/arm: Fix MTE check in sve_ldnfff1_r
target/arm: Record tagged bit for user-only in sve_probe_page
docs/about/deprecated.rst | 8 +
docs/system/arm/virt.rst | 17 +-
include/hw/arm/virt.h | 2 +-
target/arm/cpregs.h | 3 +
target/arm/cpu.h | 27 +++
target/arm/internals.h | 9 +
hw/arm/virt.c | 44 ++--
target/arm/cpu64.c | 6 +
target/arm/cpu_tcg.c | 6 +
target/arm/debug_helper.c | 580 ++++++++++++++++++++++++++++++++++++++++++++++
target/arm/helper.c | 513 +---------------------------------------
target/arm/ptw.c | 2 +-
target/arm/sve_helper.c | 5 +-
13 files changed, 684 insertions(+), 538 deletions(-)
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PULL 1/9] hw/arm/virt: dt: add rng-seed property
2022-07-07 12:27 [PULL 0/9] target-arm queue Peter Maydell
@ 2022-07-07 12:27 ` Peter Maydell
2022-07-07 12:27 ` [PULL 2/9] target/arm: Fix MTE check in sve_ldnfff1_r Peter Maydell
` (8 subsequent siblings)
9 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2022-07-07 12:27 UTC (permalink / raw)
To: qemu-devel
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
In 60592cfed2 ("hw/arm/virt: dt: add kaslr-seed property"), the
kaslr-seed property was added, but the equally as important rng-seed
property was forgotten about, which has identical semantics for a
similar purpose. This commit implements it in exactly the same way as
kaslr-seed. It then changes the name of the disabling option to reflect
that this has more to do with randomness vs determinism, rather than
something particular about kaslr.
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[PMM: added deprecated.rst section for the deprecation]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
docs/about/deprecated.rst | 8 +++++++
docs/system/arm/virt.rst | 17 +++++++++------
include/hw/arm/virt.h | 2 +-
hw/arm/virt.c | 44 ++++++++++++++++++++++++---------------
4 files changed, 47 insertions(+), 24 deletions(-)
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 19a91b575fb..7ee26626d5c 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -225,6 +225,14 @@ Use the more generic event ``DEVICE_UNPLUG_GUEST_ERROR`` instead.
System emulator machines
------------------------
+Arm ``virt`` machine ``dtb-kaslr-seed`` property
+''''''''''''''''''''''''''''''''''''''''''''''''
+
+The ``dtb-kaslr-seed`` property on the ``virt`` board has been
+deprecated; use the new name ``dtb-randomness`` instead. The new name
+better reflects the way this property affects all random data within
+the device tree blob, not just the ``kaslr-seed`` node.
+
PPC 405 ``taihu`` machine (since 7.0)
'''''''''''''''''''''''''''''''''''''
diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst
index 3d1058a80c0..3b6ba69a9a9 100644
--- a/docs/system/arm/virt.rst
+++ b/docs/system/arm/virt.rst
@@ -126,13 +126,18 @@ ras
Set ``on``/``off`` to enable/disable reporting host memory errors to a guest
using ACPI and guest external abort exceptions. The default is off.
+dtb-randomness
+ Set ``on``/``off`` to pass random seeds via the guest DTB
+ rng-seed and kaslr-seed nodes (in both "/chosen" and
+ "/secure-chosen") to use for features like the random number
+ generator and address space randomisation. The default is
+ ``on``. You will want to disable it if your trusted boot chain
+ will verify the DTB it is passed, since this option causes the
+ DTB to be non-deterministic. It would be the responsibility of
+ the firmware to come up with a seed and pass it on if it wants to.
+
dtb-kaslr-seed
- Set ``on``/``off`` to pass a random seed via the guest dtb
- kaslr-seed node (in both "/chosen" and /secure-chosen) to use
- for features like address space randomisation. The default is
- ``on``. You will want to disable it if your trusted boot chain will
- verify the DTB it is passed. It would be the responsibility of the
- firmware to come up with a seed and pass it on if it wants to.
+ A deprecated synonym for dtb-randomness.
Linux guest kernel configuration
""""""""""""""""""""""""""""""""
diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index 15feabac63d..6ec479ca2b7 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -152,7 +152,7 @@ struct VirtMachineState {
bool virt;
bool ras;
bool mte;
- bool dtb_kaslr_seed;
+ bool dtb_randomness;
OnOffAuto acpi;
VirtGICType gic_version;
VirtIOMMUType iommu;
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 5502aa60c83..9633f822f36 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -221,14 +221,18 @@ static bool cpu_type_valid(const char *cpu)
return false;
}
-static void create_kaslr_seed(MachineState *ms, const char *node)
+static void create_randomness(MachineState *ms, const char *node)
{
- uint64_t seed;
+ struct {
+ uint64_t kaslr;
+ uint8_t rng[32];
+ } seed;
if (qemu_guest_getrandom(&seed, sizeof(seed), NULL)) {
return;
}
- qemu_fdt_setprop_u64(ms->fdt, node, "kaslr-seed", seed);
+ qemu_fdt_setprop_u64(ms->fdt, node, "kaslr-seed", seed.kaslr);
+ qemu_fdt_setprop(ms->fdt, node, "rng-seed", seed.rng, sizeof(seed.rng));
}
static void create_fdt(VirtMachineState *vms)
@@ -251,14 +255,14 @@ static void create_fdt(VirtMachineState *vms)
/* /chosen must exist for load_dtb to fill in necessary properties later */
qemu_fdt_add_subnode(fdt, "/chosen");
- if (vms->dtb_kaslr_seed) {
- create_kaslr_seed(ms, "/chosen");
+ if (vms->dtb_randomness) {
+ create_randomness(ms, "/chosen");
}
if (vms->secure) {
qemu_fdt_add_subnode(fdt, "/secure-chosen");
- if (vms->dtb_kaslr_seed) {
- create_kaslr_seed(ms, "/secure-chosen");
+ if (vms->dtb_randomness) {
+ create_randomness(ms, "/secure-chosen");
}
}
@@ -2340,18 +2344,18 @@ static void virt_set_its(Object *obj, bool value, Error **errp)
vms->its = value;
}
-static bool virt_get_dtb_kaslr_seed(Object *obj, Error **errp)
+static bool virt_get_dtb_randomness(Object *obj, Error **errp)
{
VirtMachineState *vms = VIRT_MACHINE(obj);
- return vms->dtb_kaslr_seed;
+ return vms->dtb_randomness;
}
-static void virt_set_dtb_kaslr_seed(Object *obj, bool value, Error **errp)
+static void virt_set_dtb_randomness(Object *obj, bool value, Error **errp)
{
VirtMachineState *vms = VIRT_MACHINE(obj);
- vms->dtb_kaslr_seed = value;
+ vms->dtb_randomness = value;
}
static char *virt_get_oem_id(Object *obj, Error **errp)
@@ -2980,12 +2984,18 @@ static void virt_machine_class_init(ObjectClass *oc, void *data)
"Set on/off to enable/disable "
"ITS instantiation");
+ object_class_property_add_bool(oc, "dtb-randomness",
+ virt_get_dtb_randomness,
+ virt_set_dtb_randomness);
+ object_class_property_set_description(oc, "dtb-randomness",
+ "Set off to disable passing random or "
+ "non-deterministic dtb nodes to guest");
+
object_class_property_add_bool(oc, "dtb-kaslr-seed",
- virt_get_dtb_kaslr_seed,
- virt_set_dtb_kaslr_seed);
+ virt_get_dtb_randomness,
+ virt_set_dtb_randomness);
object_class_property_set_description(oc, "dtb-kaslr-seed",
- "Set off to disable passing of kaslr-seed "
- "dtb node to guest");
+ "Deprecated synonym of dtb-randomness");
object_class_property_add_str(oc, "x-oem-id",
virt_get_oem_id,
@@ -3053,8 +3063,8 @@ static void virt_instance_init(Object *obj)
/* MTE is disabled by default. */
vms->mte = false;
- /* Supply a kaslr-seed by default */
- vms->dtb_kaslr_seed = true;
+ /* Supply kaslr-seed and rng-seed by default */
+ vms->dtb_randomness = true;
vms->irqmap = a15irqmap;
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 2/9] target/arm: Fix MTE check in sve_ldnfff1_r
2022-07-07 12:27 [PULL 0/9] target-arm queue Peter Maydell
2022-07-07 12:27 ` [PULL 1/9] hw/arm/virt: dt: add rng-seed property Peter Maydell
@ 2022-07-07 12:27 ` Peter Maydell
2022-07-07 12:27 ` [PULL 3/9] target/arm: Record tagged bit for user-only in sve_probe_page Peter Maydell
` (7 subsequent siblings)
9 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2022-07-07 12:27 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
The comment was correct, but the test was not:
disable mte if tagged is *not* set.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/sve_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index 1654c0bbf9e..db15d03ded8 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -5986,7 +5986,7 @@ void sve_ldnfff1_r(CPUARMState *env, void *vg, const target_ulong addr,
* Disable MTE checking if the Tagged bit is not set. Since TBI must
* be set within MTEDESC for MTE, !mtedesc => !mte_active.
*/
- if (arm_tlb_mte_tagged(&info.page[0].attrs)) {
+ if (!arm_tlb_mte_tagged(&info.page[0].attrs)) {
mtedesc = 0;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 3/9] target/arm: Record tagged bit for user-only in sve_probe_page
2022-07-07 12:27 [PULL 0/9] target-arm queue Peter Maydell
2022-07-07 12:27 ` [PULL 1/9] hw/arm/virt: dt: add rng-seed property Peter Maydell
2022-07-07 12:27 ` [PULL 2/9] target/arm: Fix MTE check in sve_ldnfff1_r Peter Maydell
@ 2022-07-07 12:27 ` Peter Maydell
2022-07-07 12:27 ` [PULL 4/9] target/arm: Fix code style issues in debug helper functions Peter Maydell
` (6 subsequent siblings)
9 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2022-07-07 12:27 UTC (permalink / raw)
To: qemu-devel
From: Richard Henderson <richard.henderson@linaro.org>
Fixes a bug in that we were not honoring MTE from user-only
SVE. Copy the user-only MTE logic from allocation_tag_mem
into sve_probe_page.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/sve_helper.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c
index db15d03ded8..0c6379e6e80 100644
--- a/target/arm/sve_helper.c
+++ b/target/arm/sve_helper.c
@@ -5337,6 +5337,9 @@ bool sve_probe_page(SVEHostPage *info, bool nofault, CPUARMState *env,
#ifdef CONFIG_USER_ONLY
memset(&info->attrs, 0, sizeof(info->attrs));
+ /* Require both MAP_ANON and PROT_MTE -- see allocation_tag_mem. */
+ arm_tlb_mte_tagged(&info->attrs) =
+ (flags & PAGE_ANON) && (flags & PAGE_MTE);
#else
/*
* Find the iotlbentry for addr and return the transaction attributes.
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 4/9] target/arm: Fix code style issues in debug helper functions
2022-07-07 12:27 [PULL 0/9] target-arm queue Peter Maydell
` (2 preceding siblings ...)
2022-07-07 12:27 ` [PULL 3/9] target/arm: Record tagged bit for user-only in sve_probe_page Peter Maydell
@ 2022-07-07 12:27 ` Peter Maydell
2022-07-07 12:27 ` [PULL 5/9] target/arm: Move define_debug_regs() to debug_helper.c Peter Maydell
` (5 subsequent siblings)
9 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2022-07-07 12:27 UTC (permalink / raw)
To: qemu-devel
Before moving debug system register helper functions to a
different file, fix the code style issues (mostly block
comment syntax) so checkpatch doesn't complain about the
code-motion patch.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220630194116.3438513-2-peter.maydell@linaro.org
---
target/arm/helper.c | 58 +++++++++++++++++++++++++++++----------------
1 file changed, 38 insertions(+), 20 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index f6dcb1a1152..1c7ec2f8678 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -307,7 +307,8 @@ static uint64_t arm_mdcr_el2_eff(CPUARMState *env)
return arm_is_el2_enabled(env) ? env->cp15.mdcr_el2 : 0;
}
-/* Check for traps to "powerdown debug" registers, which are controlled
+/*
+ * Check for traps to "powerdown debug" registers, which are controlled
* by MDCR.TDOSA
*/
static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -327,7 +328,8 @@ static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri,
return CP_ACCESS_OK;
}
-/* Check for traps to "debug ROM" registers, which are controlled
+/*
+ * Check for traps to "debug ROM" registers, which are controlled
* by MDCR_EL2.TDRA for EL2 but by the more general MDCR_EL3.TDA for EL3.
*/
static CPAccessResult access_tdra(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -347,7 +349,8 @@ static CPAccessResult access_tdra(CPUARMState *env, const ARMCPRegInfo *ri,
return CP_ACCESS_OK;
}
-/* Check for traps to general debug registers, which are controlled
+/*
+ * Check for traps to general debug registers, which are controlled
* by MDCR_EL2.TDA for EL2 and MDCR_EL3.TDA for EL3.
*/
static CPAccessResult access_tda(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -5982,7 +5985,8 @@ static CPAccessResult ctr_el0_access(CPUARMState *env, const ARMCPRegInfo *ri,
static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
uint64_t value)
{
- /* Writes to OSLAR_EL1 may update the OS lock status, which can be
+ /*
+ * Writes to OSLAR_EL1 may update the OS lock status, which can be
* read via a bit in OSLSR_EL1.
*/
int oslock;
@@ -5997,7 +6001,8 @@ static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
}
static const ARMCPRegInfo debug_cp_reginfo[] = {
- /* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
+ /*
+ * DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
* debug components. The AArch64 version of DBGDRAR is named MDRAR_EL1;
* unlike DBGDRAR it is never accessible from EL0.
* DBGDSAR is deprecated and must RAZ from v8 anyway, so it has no AArch64
@@ -6052,21 +6057,24 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 4,
.access = PL1_RW, .accessfn = access_tdosa,
.type = ARM_CP_NOP },
- /* Dummy DBGVCR: Linux wants to clear this on startup, but we don't
+ /*
+ * Dummy DBGVCR: Linux wants to clear this on startup, but we don't
* implement vector catch debug events yet.
*/
{ .name = "DBGVCR",
.cp = 14, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
.access = PL1_RW, .accessfn = access_tda,
.type = ARM_CP_NOP },
- /* Dummy DBGVCR32_EL2 (which is only for a 64-bit hypervisor
+ /*
+ * Dummy DBGVCR32_EL2 (which is only for a 64-bit hypervisor
* to save and restore a 32-bit guest's DBGVCR)
*/
{ .name = "DBGVCR32_EL2", .state = ARM_CP_STATE_AA64,
.opc0 = 2, .opc1 = 4, .crn = 0, .crm = 7, .opc2 = 0,
.access = PL2_RW, .accessfn = access_tda,
.type = ARM_CP_NOP | ARM_CP_EL3_NO_EL2_KEEP },
- /* Dummy MDCCINT_EL1, since we don't implement the Debug Communications
+ /*
+ * Dummy MDCCINT_EL1, since we don't implement the Debug Communications
* Channel but Linux may try to access this register. The 32-bit
* alias is DBGDCCINT.
*/
@@ -6079,9 +6087,9 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
/* 64 bit access versions of the (dummy) debug registers */
{ .name = "DBGDRAR", .cp = 14, .crm = 1, .opc1 = 0,
- .access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
+ .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
{ .name = "DBGDSAR", .cp = 14, .crm = 2, .opc1 = 0,
- .access = PL0_R, .type = ARM_CP_CONST|ARM_CP_64BIT, .resetvalue = 0 },
+ .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
};
/*
@@ -6496,13 +6504,15 @@ void hw_watchpoint_update(ARMCPU *cpu, int n)
break;
}
- /* Attempts to use both MASK and BAS fields simultaneously are
+ /*
+ * Attempts to use both MASK and BAS fields simultaneously are
* CONSTRAINED UNPREDICTABLE; we opt to ignore BAS in this case,
* thus generating a watchpoint for every byte in the masked region.
*/
mask = FIELD_EX64(wcr, DBGWCR, MASK);
if (mask == 1 || mask == 2) {
- /* Reserved values of MASK; we must act as if the mask value was
+ /*
+ * Reserved values of MASK; we must act as if the mask value was
* some non-reserved value, or as if the watchpoint were disabled.
* We choose the latter.
*/
@@ -6510,7 +6520,8 @@ void hw_watchpoint_update(ARMCPU *cpu, int n)
} else if (mask) {
/* Watchpoint covers an aligned area up to 2GB in size */
len = 1ULL << mask;
- /* If masked bits in WVR are not zero it's CONSTRAINED UNPREDICTABLE
+ /*
+ * If masked bits in WVR are not zero it's CONSTRAINED UNPREDICTABLE
* whether the watchpoint fires when the unmasked bits match; we opt
* to generate the exceptions.
*/
@@ -6521,7 +6532,8 @@ void hw_watchpoint_update(ARMCPU *cpu, int n)
int basstart;
if (extract64(wvr, 2, 1)) {
- /* Deprecated case of an only 4-aligned address. BAS[7:4] are
+ /*
+ * Deprecated case of an only 4-aligned address. BAS[7:4] are
* ignored, and BAS[3:0] define which bytes to watch.
*/
bas &= 0xf;
@@ -6532,7 +6544,8 @@ void hw_watchpoint_update(ARMCPU *cpu, int n)
return;
}
- /* The BAS bits are supposed to be programmed to indicate a contiguous
+ /*
+ * The BAS bits are supposed to be programmed to indicate a contiguous
* range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether
* we fire for each byte in the word/doubleword addressed by the WVR.
* We choose to ignore any non-zero bits after the first range of 1s.
@@ -6551,7 +6564,8 @@ void hw_watchpoint_update_all(ARMCPU *cpu)
int i;
CPUARMState *env = &cpu->env;
- /* Completely clear out existing QEMU watchpoints and our array, to
+ /*
+ * Completely clear out existing QEMU watchpoints and our array, to
* avoid possible stale entries following migration load.
*/
cpu_watchpoint_remove_all(CPU(cpu), BP_CPU);
@@ -6669,7 +6683,8 @@ void hw_breakpoint_update(ARMCPU *cpu, int n)
case 11: /* linked context ID and VMID match (reserved if no EL2) */
case 3: /* linked context ID match */
default:
- /* We must generate no events for Linked context matches (unless
+ /*
+ * We must generate no events for Linked context matches (unless
* they are linked to by some other bp/wp, which is handled in
* updates for the linking bp/wp). We choose to also generate no events
* for reserved values.
@@ -6685,7 +6700,8 @@ void hw_breakpoint_update_all(ARMCPU *cpu)
int i;
CPUARMState *env = &cpu->env;
- /* Completely clear out existing QEMU breakpoints and our array, to
+ /*
+ * Completely clear out existing QEMU breakpoints and our array, to
* avoid possible stale entries following migration load.
*/
cpu_breakpoint_remove_all(CPU(cpu), BP_CPU);
@@ -6712,7 +6728,8 @@ static void dbgbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
ARMCPU *cpu = env_archcpu(env);
int i = ri->crm;
- /* BAS[3] is a read-only copy of BAS[2], and BAS[1] a read-only
+ /*
+ * BAS[3] is a read-only copy of BAS[2], and BAS[1] a read-only
* copy of BAS[0].
*/
value = deposit64(value, 6, 1, extract64(value, 5, 1));
@@ -6724,7 +6741,8 @@ static void dbgbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
static void define_debug_regs(ARMCPU *cpu)
{
- /* Define v7 and v8 architectural debug registers.
+ /*
+ * Define v7 and v8 architectural debug registers.
* These are just dummy implementations for now.
*/
int i;
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 5/9] target/arm: Move define_debug_regs() to debug_helper.c
2022-07-07 12:27 [PULL 0/9] target-arm queue Peter Maydell
` (3 preceding siblings ...)
2022-07-07 12:27 ` [PULL 4/9] target/arm: Fix code style issues in debug helper functions Peter Maydell
@ 2022-07-07 12:27 ` Peter Maydell
2022-07-07 12:27 ` [PULL 6/9] target/arm: Suppress debug exceptions when OS Lock set Peter Maydell
` (4 subsequent siblings)
9 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2022-07-07 12:27 UTC (permalink / raw)
To: qemu-devel
The target/arm/helper.c file is very long and is a grabbag of all
kinds of functionality. We have already a debug_helper.c which has
code for implementing architectural debug. Move the code which
defines the debug-related system registers out to this file also.
This affects the define_debug_regs() function and the various
functions and arrays which are used only by it.
The functions raw_write() and arm_mdcr_el2_eff() and
define_debug_regs() now need to be global rather than local to
helper.c; everything else is pure code movement.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220630194116.3438513-3-peter.maydell@linaro.org
---
target/arm/cpregs.h | 3 +
target/arm/internals.h | 9 +
target/arm/debug_helper.c | 525 +++++++++++++++++++++++++++++++++++++
target/arm/helper.c | 531 +-------------------------------------
4 files changed, 538 insertions(+), 530 deletions(-)
diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h
index d30758ee713..7e78c2c05c6 100644
--- a/target/arm/cpregs.h
+++ b/target/arm/cpregs.h
@@ -442,6 +442,9 @@ void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
/* CPReadFn that can be used for read-as-zero behaviour */
uint64_t arm_cp_read_zero(CPUARMState *env, const ARMCPRegInfo *ri);
+/* CPWriteFn that just writes the value to ri->fieldoffset */
+void raw_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value);
+
/*
* CPResetFn that does nothing, for use if no reset is required even
* if fieldoffset is non zero.
diff --git a/target/arm/internals.h b/target/arm/internals.h
index c66f74a0db1..00e2e710f6c 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1307,6 +1307,15 @@ int exception_target_el(CPUARMState *env);
bool arm_singlestep_active(CPUARMState *env);
bool arm_generate_debug_exceptions(CPUARMState *env);
+/* Add the cpreg definitions for debug related system registers */
+void define_debug_regs(ARMCPU *cpu);
+
+/* Effective value of MDCR_EL2 */
+static inline uint64_t arm_mdcr_el2_eff(CPUARMState *env)
+{
+ return arm_is_el2_enabled(env) ? env->cp15.mdcr_el2 : 0;
+}
+
/* Powers of 2 for sve_vq_map et al. */
#define SVE_VQ_POW2_MAP \
((1 << (1 - 1)) | (1 << (2 - 1)) | \
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index b18a6bd3a23..9a78c1db966 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -6,8 +6,10 @@
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "qemu/osdep.h"
+#include "qemu/log.h"
#include "cpu.h"
#include "internals.h"
+#include "cpregs.h"
#include "exec/exec-all.h"
#include "exec/helper-proto.h"
@@ -528,6 +530,529 @@ void HELPER(exception_swstep)(CPUARMState *env, uint32_t syndrome)
raise_exception_debug(env, EXCP_UDEF, syndrome);
}
+/*
+ * Check for traps to "powerdown debug" registers, which are controlled
+ * by MDCR.TDOSA
+ */
+static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri,
+ bool isread)
+{
+ int el = arm_current_el(env);
+ uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
+ bool mdcr_el2_tdosa = (mdcr_el2 & MDCR_TDOSA) || (mdcr_el2 & MDCR_TDE) ||
+ (arm_hcr_el2_eff(env) & HCR_TGE);
+
+ if (el < 2 && mdcr_el2_tdosa) {
+ return CP_ACCESS_TRAP_EL2;
+ }
+ if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDOSA)) {
+ return CP_ACCESS_TRAP_EL3;
+ }
+ return CP_ACCESS_OK;
+}
+
+/*
+ * Check for traps to "debug ROM" registers, which are controlled
+ * by MDCR_EL2.TDRA for EL2 but by the more general MDCR_EL3.TDA for EL3.
+ */
+static CPAccessResult access_tdra(CPUARMState *env, const ARMCPRegInfo *ri,
+ bool isread)
+{
+ int el = arm_current_el(env);
+ uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
+ bool mdcr_el2_tdra = (mdcr_el2 & MDCR_TDRA) || (mdcr_el2 & MDCR_TDE) ||
+ (arm_hcr_el2_eff(env) & HCR_TGE);
+
+ if (el < 2 && mdcr_el2_tdra) {
+ return CP_ACCESS_TRAP_EL2;
+ }
+ if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDA)) {
+ return CP_ACCESS_TRAP_EL3;
+ }
+ return CP_ACCESS_OK;
+}
+
+/*
+ * Check for traps to general debug registers, which are controlled
+ * by MDCR_EL2.TDA for EL2 and MDCR_EL3.TDA for EL3.
+ */
+static CPAccessResult access_tda(CPUARMState *env, const ARMCPRegInfo *ri,
+ bool isread)
+{
+ int el = arm_current_el(env);
+ uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
+ bool mdcr_el2_tda = (mdcr_el2 & MDCR_TDA) || (mdcr_el2 & MDCR_TDE) ||
+ (arm_hcr_el2_eff(env) & HCR_TGE);
+
+ if (el < 2 && mdcr_el2_tda) {
+ return CP_ACCESS_TRAP_EL2;
+ }
+ if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDA)) {
+ return CP_ACCESS_TRAP_EL3;
+ }
+ return CP_ACCESS_OK;
+}
+
+static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ /*
+ * Writes to OSLAR_EL1 may update the OS lock status, which can be
+ * read via a bit in OSLSR_EL1.
+ */
+ int oslock;
+
+ if (ri->state == ARM_CP_STATE_AA32) {
+ oslock = (value == 0xC5ACCE55);
+ } else {
+ oslock = value & 1;
+ }
+
+ env->cp15.oslsr_el1 = deposit32(env->cp15.oslsr_el1, 1, 1, oslock);
+}
+
+static const ARMCPRegInfo debug_cp_reginfo[] = {
+ /*
+ * DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
+ * debug components. The AArch64 version of DBGDRAR is named MDRAR_EL1;
+ * unlike DBGDRAR it is never accessible from EL0.
+ * DBGDSAR is deprecated and must RAZ from v8 anyway, so it has no AArch64
+ * accessor.
+ */
+ { .name = "DBGDRAR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL0_R, .accessfn = access_tdra,
+ .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "MDRAR_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 0,
+ .access = PL1_R, .accessfn = access_tdra,
+ .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "DBGDSAR", .cp = 14, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
+ .access = PL0_R, .accessfn = access_tdra,
+ .type = ARM_CP_CONST, .resetvalue = 0 },
+ /* Monitor debug system control register; the 32-bit alias is DBGDSCRext. */
+ { .name = "MDSCR_EL1", .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
+ .access = PL1_RW, .accessfn = access_tda,
+ .fieldoffset = offsetof(CPUARMState, cp15.mdscr_el1),
+ .resetvalue = 0 },
+ /*
+ * MDCCSR_EL0[30:29] map to EDSCR[30:29]. Simply RAZ as the external
+ * Debug Communication Channel is not implemented.
+ */
+ { .name = "MDCCSR_EL0", .state = ARM_CP_STATE_AA64,
+ .opc0 = 2, .opc1 = 3, .crn = 0, .crm = 1, .opc2 = 0,
+ .access = PL0_R, .accessfn = access_tda,
+ .type = ARM_CP_CONST, .resetvalue = 0 },
+ /*
+ * DBGDSCRint[15,12,5:2] map to MDSCR_EL1[15,12,5:2]. Map all bits as
+ * it is unlikely a guest will care.
+ * We don't implement the configurable EL0 access.
+ */
+ { .name = "DBGDSCRint", .state = ARM_CP_STATE_AA32,
+ .cp = 14, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 0,
+ .type = ARM_CP_ALIAS,
+ .access = PL1_R, .accessfn = access_tda,
+ .fieldoffset = offsetof(CPUARMState, cp15.mdscr_el1), },
+ { .name = "OSLAR_EL1", .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 4,
+ .access = PL1_W, .type = ARM_CP_NO_RAW,
+ .accessfn = access_tdosa,
+ .writefn = oslar_write },
+ { .name = "OSLSR_EL1", .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 4,
+ .access = PL1_R, .resetvalue = 10,
+ .accessfn = access_tdosa,
+ .fieldoffset = offsetof(CPUARMState, cp15.oslsr_el1) },
+ /* Dummy OSDLR_EL1: 32-bit Linux will read this */
+ { .name = "OSDLR_EL1", .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 4,
+ .access = PL1_RW, .accessfn = access_tdosa,
+ .type = ARM_CP_NOP },
+ /*
+ * Dummy DBGVCR: Linux wants to clear this on startup, but we don't
+ * implement vector catch debug events yet.
+ */
+ { .name = "DBGVCR",
+ .cp = 14, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
+ .access = PL1_RW, .accessfn = access_tda,
+ .type = ARM_CP_NOP },
+ /*
+ * Dummy DBGVCR32_EL2 (which is only for a 64-bit hypervisor
+ * to save and restore a 32-bit guest's DBGVCR)
+ */
+ { .name = "DBGVCR32_EL2", .state = ARM_CP_STATE_AA64,
+ .opc0 = 2, .opc1 = 4, .crn = 0, .crm = 7, .opc2 = 0,
+ .access = PL2_RW, .accessfn = access_tda,
+ .type = ARM_CP_NOP | ARM_CP_EL3_NO_EL2_KEEP },
+ /*
+ * Dummy MDCCINT_EL1, since we don't implement the Debug Communications
+ * Channel but Linux may try to access this register. The 32-bit
+ * alias is DBGDCCINT.
+ */
+ { .name = "MDCCINT_EL1", .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
+ .access = PL1_RW, .accessfn = access_tda,
+ .type = ARM_CP_NOP },
+};
+
+static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
+ /* 64 bit access versions of the (dummy) debug registers */
+ { .name = "DBGDRAR", .cp = 14, .crm = 1, .opc1 = 0,
+ .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
+ { .name = "DBGDSAR", .cp = 14, .crm = 2, .opc1 = 0,
+ .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
+};
+
+void hw_watchpoint_update(ARMCPU *cpu, int n)
+{
+ CPUARMState *env = &cpu->env;
+ vaddr len = 0;
+ vaddr wvr = env->cp15.dbgwvr[n];
+ uint64_t wcr = env->cp15.dbgwcr[n];
+ int mask;
+ int flags = BP_CPU | BP_STOP_BEFORE_ACCESS;
+
+ if (env->cpu_watchpoint[n]) {
+ cpu_watchpoint_remove_by_ref(CPU(cpu), env->cpu_watchpoint[n]);
+ env->cpu_watchpoint[n] = NULL;
+ }
+
+ if (!FIELD_EX64(wcr, DBGWCR, E)) {
+ /* E bit clear : watchpoint disabled */
+ return;
+ }
+
+ switch (FIELD_EX64(wcr, DBGWCR, LSC)) {
+ case 0:
+ /* LSC 00 is reserved and must behave as if the wp is disabled */
+ return;
+ case 1:
+ flags |= BP_MEM_READ;
+ break;
+ case 2:
+ flags |= BP_MEM_WRITE;
+ break;
+ case 3:
+ flags |= BP_MEM_ACCESS;
+ break;
+ }
+
+ /*
+ * Attempts to use both MASK and BAS fields simultaneously are
+ * CONSTRAINED UNPREDICTABLE; we opt to ignore BAS in this case,
+ * thus generating a watchpoint for every byte in the masked region.
+ */
+ mask = FIELD_EX64(wcr, DBGWCR, MASK);
+ if (mask == 1 || mask == 2) {
+ /*
+ * Reserved values of MASK; we must act as if the mask value was
+ * some non-reserved value, or as if the watchpoint were disabled.
+ * We choose the latter.
+ */
+ return;
+ } else if (mask) {
+ /* Watchpoint covers an aligned area up to 2GB in size */
+ len = 1ULL << mask;
+ /*
+ * If masked bits in WVR are not zero it's CONSTRAINED UNPREDICTABLE
+ * whether the watchpoint fires when the unmasked bits match; we opt
+ * to generate the exceptions.
+ */
+ wvr &= ~(len - 1);
+ } else {
+ /* Watchpoint covers bytes defined by the byte address select bits */
+ int bas = FIELD_EX64(wcr, DBGWCR, BAS);
+ int basstart;
+
+ if (extract64(wvr, 2, 1)) {
+ /*
+ * Deprecated case of an only 4-aligned address. BAS[7:4] are
+ * ignored, and BAS[3:0] define which bytes to watch.
+ */
+ bas &= 0xf;
+ }
+
+ if (bas == 0) {
+ /* This must act as if the watchpoint is disabled */
+ return;
+ }
+
+ /*
+ * The BAS bits are supposed to be programmed to indicate a contiguous
+ * range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether
+ * we fire for each byte in the word/doubleword addressed by the WVR.
+ * We choose to ignore any non-zero bits after the first range of 1s.
+ */
+ basstart = ctz32(bas);
+ len = cto32(bas >> basstart);
+ wvr += basstart;
+ }
+
+ cpu_watchpoint_insert(CPU(cpu), wvr, len, flags,
+ &env->cpu_watchpoint[n]);
+}
+
+void hw_watchpoint_update_all(ARMCPU *cpu)
+{
+ int i;
+ CPUARMState *env = &cpu->env;
+
+ /*
+ * Completely clear out existing QEMU watchpoints and our array, to
+ * avoid possible stale entries following migration load.
+ */
+ cpu_watchpoint_remove_all(CPU(cpu), BP_CPU);
+ memset(env->cpu_watchpoint, 0, sizeof(env->cpu_watchpoint));
+
+ for (i = 0; i < ARRAY_SIZE(cpu->env.cpu_watchpoint); i++) {
+ hw_watchpoint_update(cpu, i);
+ }
+}
+
+static void dbgwvr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ ARMCPU *cpu = env_archcpu(env);
+ int i = ri->crm;
+
+ /*
+ * Bits [1:0] are RES0.
+ *
+ * It is IMPLEMENTATION DEFINED whether [63:49] ([63:53] with FEAT_LVA)
+ * are hardwired to the value of bit [48] ([52] with FEAT_LVA), or if
+ * they contain the value written. It is CONSTRAINED UNPREDICTABLE
+ * whether the RESS bits are ignored when comparing an address.
+ *
+ * Therefore we are allowed to compare the entire register, which lets
+ * us avoid considering whether or not FEAT_LVA is actually enabled.
+ */
+ value &= ~3ULL;
+
+ raw_write(env, ri, value);
+ hw_watchpoint_update(cpu, i);
+}
+
+static void dbgwcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ ARMCPU *cpu = env_archcpu(env);
+ int i = ri->crm;
+
+ raw_write(env, ri, value);
+ hw_watchpoint_update(cpu, i);
+}
+
+void hw_breakpoint_update(ARMCPU *cpu, int n)
+{
+ CPUARMState *env = &cpu->env;
+ uint64_t bvr = env->cp15.dbgbvr[n];
+ uint64_t bcr = env->cp15.dbgbcr[n];
+ vaddr addr;
+ int bt;
+ int flags = BP_CPU;
+
+ if (env->cpu_breakpoint[n]) {
+ cpu_breakpoint_remove_by_ref(CPU(cpu), env->cpu_breakpoint[n]);
+ env->cpu_breakpoint[n] = NULL;
+ }
+
+ if (!extract64(bcr, 0, 1)) {
+ /* E bit clear : watchpoint disabled */
+ return;
+ }
+
+ bt = extract64(bcr, 20, 4);
+
+ switch (bt) {
+ case 4: /* unlinked address mismatch (reserved if AArch64) */
+ case 5: /* linked address mismatch (reserved if AArch64) */
+ qemu_log_mask(LOG_UNIMP,
+ "arm: address mismatch breakpoint types not implemented\n");
+ return;
+ case 0: /* unlinked address match */
+ case 1: /* linked address match */
+ {
+ /*
+ * Bits [1:0] are RES0.
+ *
+ * It is IMPLEMENTATION DEFINED whether bits [63:49]
+ * ([63:53] for FEAT_LVA) are hardwired to a copy of the sign bit
+ * of the VA field ([48] or [52] for FEAT_LVA), or whether the
+ * value is read as written. It is CONSTRAINED UNPREDICTABLE
+ * whether the RESS bits are ignored when comparing an address.
+ * Therefore we are allowed to compare the entire register, which
+ * lets us avoid considering whether FEAT_LVA is actually enabled.
+ *
+ * The BAS field is used to allow setting breakpoints on 16-bit
+ * wide instructions; it is CONSTRAINED UNPREDICTABLE whether
+ * a bp will fire if the addresses covered by the bp and the addresses
+ * covered by the insn overlap but the insn doesn't start at the
+ * start of the bp address range. We choose to require the insn and
+ * the bp to have the same address. The constraints on writing to
+ * BAS enforced in dbgbcr_write mean we have only four cases:
+ * 0b0000 => no breakpoint
+ * 0b0011 => breakpoint on addr
+ * 0b1100 => breakpoint on addr + 2
+ * 0b1111 => breakpoint on addr
+ * See also figure D2-3 in the v8 ARM ARM (DDI0487A.c).
+ */
+ int bas = extract64(bcr, 5, 4);
+ addr = bvr & ~3ULL;
+ if (bas == 0) {
+ return;
+ }
+ if (bas == 0xc) {
+ addr += 2;
+ }
+ break;
+ }
+ case 2: /* unlinked context ID match */
+ case 8: /* unlinked VMID match (reserved if no EL2) */
+ case 10: /* unlinked context ID and VMID match (reserved if no EL2) */
+ qemu_log_mask(LOG_UNIMP,
+ "arm: unlinked context breakpoint types not implemented\n");
+ return;
+ case 9: /* linked VMID match (reserved if no EL2) */
+ case 11: /* linked context ID and VMID match (reserved if no EL2) */
+ case 3: /* linked context ID match */
+ default:
+ /*
+ * We must generate no events for Linked context matches (unless
+ * they are linked to by some other bp/wp, which is handled in
+ * updates for the linking bp/wp). We choose to also generate no events
+ * for reserved values.
+ */
+ return;
+ }
+
+ cpu_breakpoint_insert(CPU(cpu), addr, flags, &env->cpu_breakpoint[n]);
+}
+
+void hw_breakpoint_update_all(ARMCPU *cpu)
+{
+ int i;
+ CPUARMState *env = &cpu->env;
+
+ /*
+ * Completely clear out existing QEMU breakpoints and our array, to
+ * avoid possible stale entries following migration load.
+ */
+ cpu_breakpoint_remove_all(CPU(cpu), BP_CPU);
+ memset(env->cpu_breakpoint, 0, sizeof(env->cpu_breakpoint));
+
+ for (i = 0; i < ARRAY_SIZE(cpu->env.cpu_breakpoint); i++) {
+ hw_breakpoint_update(cpu, i);
+ }
+}
+
+static void dbgbvr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ ARMCPU *cpu = env_archcpu(env);
+ int i = ri->crm;
+
+ raw_write(env, ri, value);
+ hw_breakpoint_update(cpu, i);
+}
+
+static void dbgbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ ARMCPU *cpu = env_archcpu(env);
+ int i = ri->crm;
+
+ /*
+ * BAS[3] is a read-only copy of BAS[2], and BAS[1] a read-only
+ * copy of BAS[0].
+ */
+ value = deposit64(value, 6, 1, extract64(value, 5, 1));
+ value = deposit64(value, 8, 1, extract64(value, 7, 1));
+
+ raw_write(env, ri, value);
+ hw_breakpoint_update(cpu, i);
+}
+
+void define_debug_regs(ARMCPU *cpu)
+{
+ /*
+ * Define v7 and v8 architectural debug registers.
+ * These are just dummy implementations for now.
+ */
+ int i;
+ int wrps, brps, ctx_cmps;
+
+ /*
+ * The Arm ARM says DBGDIDR is optional and deprecated if EL1 cannot
+ * use AArch32. Given that bit 15 is RES1, if the value is 0 then
+ * the register must not exist for this cpu.
+ */
+ if (cpu->isar.dbgdidr != 0) {
+ ARMCPRegInfo dbgdidr = {
+ .name = "DBGDIDR", .cp = 14, .crn = 0, .crm = 0,
+ .opc1 = 0, .opc2 = 0,
+ .access = PL0_R, .accessfn = access_tda,
+ .type = ARM_CP_CONST, .resetvalue = cpu->isar.dbgdidr,
+ };
+ define_one_arm_cp_reg(cpu, &dbgdidr);
+ }
+
+ brps = arm_num_brps(cpu);
+ wrps = arm_num_wrps(cpu);
+ ctx_cmps = arm_num_ctx_cmps(cpu);
+
+ assert(ctx_cmps <= brps);
+
+ define_arm_cp_regs(cpu, debug_cp_reginfo);
+
+ if (arm_feature(&cpu->env, ARM_FEATURE_LPAE)) {
+ define_arm_cp_regs(cpu, debug_lpae_cp_reginfo);
+ }
+
+ for (i = 0; i < brps; i++) {
+ char *dbgbvr_el1_name = g_strdup_printf("DBGBVR%d_EL1", i);
+ char *dbgbcr_el1_name = g_strdup_printf("DBGBCR%d_EL1", i);
+ ARMCPRegInfo dbgregs[] = {
+ { .name = dbgbvr_el1_name, .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 4,
+ .access = PL1_RW, .accessfn = access_tda,
+ .fieldoffset = offsetof(CPUARMState, cp15.dbgbvr[i]),
+ .writefn = dbgbvr_write, .raw_writefn = raw_write
+ },
+ { .name = dbgbcr_el1_name, .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 5,
+ .access = PL1_RW, .accessfn = access_tda,
+ .fieldoffset = offsetof(CPUARMState, cp15.dbgbcr[i]),
+ .writefn = dbgbcr_write, .raw_writefn = raw_write
+ },
+ };
+ define_arm_cp_regs(cpu, dbgregs);
+ g_free(dbgbvr_el1_name);
+ g_free(dbgbcr_el1_name);
+ }
+
+ for (i = 0; i < wrps; i++) {
+ char *dbgwvr_el1_name = g_strdup_printf("DBGWVR%d_EL1", i);
+ char *dbgwcr_el1_name = g_strdup_printf("DBGWCR%d_EL1", i);
+ ARMCPRegInfo dbgregs[] = {
+ { .name = dbgwvr_el1_name, .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 6,
+ .access = PL1_RW, .accessfn = access_tda,
+ .fieldoffset = offsetof(CPUARMState, cp15.dbgwvr[i]),
+ .writefn = dbgwvr_write, .raw_writefn = raw_write
+ },
+ { .name = dbgwcr_el1_name, .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 7,
+ .access = PL1_RW, .accessfn = access_tda,
+ .fieldoffset = offsetof(CPUARMState, cp15.dbgwcr[i]),
+ .writefn = dbgwcr_write, .raw_writefn = raw_write
+ },
+ };
+ define_arm_cp_regs(cpu, dbgregs);
+ g_free(dbgwvr_el1_name);
+ g_free(dbgwcr_el1_name);
+ }
+}
+
#if !defined(CONFIG_USER_ONLY)
vaddr arm_adjust_watchpoint_address(CPUState *cs, vaddr addr, int len)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 1c7ec2f8678..e6f37e160f8 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -51,8 +51,7 @@ static uint64_t raw_read(CPUARMState *env, const ARMCPRegInfo *ri)
}
}
-static void raw_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
+void raw_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)
{
assert(ri->fieldoffset);
if (cpreg_field_is_64bit(ri)) {
@@ -302,74 +301,6 @@ static CPAccessResult access_trap_aa32s_el1(CPUARMState *env,
return CP_ACCESS_TRAP_UNCATEGORIZED;
}
-static uint64_t arm_mdcr_el2_eff(CPUARMState *env)
-{
- return arm_is_el2_enabled(env) ? env->cp15.mdcr_el2 : 0;
-}
-
-/*
- * Check for traps to "powerdown debug" registers, which are controlled
- * by MDCR.TDOSA
- */
-static CPAccessResult access_tdosa(CPUARMState *env, const ARMCPRegInfo *ri,
- bool isread)
-{
- int el = arm_current_el(env);
- uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
- bool mdcr_el2_tdosa = (mdcr_el2 & MDCR_TDOSA) || (mdcr_el2 & MDCR_TDE) ||
- (arm_hcr_el2_eff(env) & HCR_TGE);
-
- if (el < 2 && mdcr_el2_tdosa) {
- return CP_ACCESS_TRAP_EL2;
- }
- if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDOSA)) {
- return CP_ACCESS_TRAP_EL3;
- }
- return CP_ACCESS_OK;
-}
-
-/*
- * Check for traps to "debug ROM" registers, which are controlled
- * by MDCR_EL2.TDRA for EL2 but by the more general MDCR_EL3.TDA for EL3.
- */
-static CPAccessResult access_tdra(CPUARMState *env, const ARMCPRegInfo *ri,
- bool isread)
-{
- int el = arm_current_el(env);
- uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
- bool mdcr_el2_tdra = (mdcr_el2 & MDCR_TDRA) || (mdcr_el2 & MDCR_TDE) ||
- (arm_hcr_el2_eff(env) & HCR_TGE);
-
- if (el < 2 && mdcr_el2_tdra) {
- return CP_ACCESS_TRAP_EL2;
- }
- if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDA)) {
- return CP_ACCESS_TRAP_EL3;
- }
- return CP_ACCESS_OK;
-}
-
-/*
- * Check for traps to general debug registers, which are controlled
- * by MDCR_EL2.TDA for EL2 and MDCR_EL3.TDA for EL3.
- */
-static CPAccessResult access_tda(CPUARMState *env, const ARMCPRegInfo *ri,
- bool isread)
-{
- int el = arm_current_el(env);
- uint64_t mdcr_el2 = arm_mdcr_el2_eff(env);
- bool mdcr_el2_tda = (mdcr_el2 & MDCR_TDA) || (mdcr_el2 & MDCR_TDE) ||
- (arm_hcr_el2_eff(env) & HCR_TGE);
-
- if (el < 2 && mdcr_el2_tda) {
- return CP_ACCESS_TRAP_EL2;
- }
- if (el < 3 && (env->cp15.mdcr_el3 & MDCR_TDA)) {
- return CP_ACCESS_TRAP_EL3;
- }
- return CP_ACCESS_OK;
-}
-
/* Check for traps to performance monitor registers, which are controlled
* by MDCR_EL2.TPM for EL2 and MDCR_EL3.TPM for EL3.
*/
@@ -5982,116 +5913,6 @@ static CPAccessResult ctr_el0_access(CPUARMState *env, const ARMCPRegInfo *ri,
return CP_ACCESS_OK;
}
-static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
- /*
- * Writes to OSLAR_EL1 may update the OS lock status, which can be
- * read via a bit in OSLSR_EL1.
- */
- int oslock;
-
- if (ri->state == ARM_CP_STATE_AA32) {
- oslock = (value == 0xC5ACCE55);
- } else {
- oslock = value & 1;
- }
-
- env->cp15.oslsr_el1 = deposit32(env->cp15.oslsr_el1, 1, 1, oslock);
-}
-
-static const ARMCPRegInfo debug_cp_reginfo[] = {
- /*
- * DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
- * debug components. The AArch64 version of DBGDRAR is named MDRAR_EL1;
- * unlike DBGDRAR it is never accessible from EL0.
- * DBGDSAR is deprecated and must RAZ from v8 anyway, so it has no AArch64
- * accessor.
- */
- { .name = "DBGDRAR", .cp = 14, .crn = 1, .crm = 0, .opc1 = 0, .opc2 = 0,
- .access = PL0_R, .accessfn = access_tdra,
- .type = ARM_CP_CONST, .resetvalue = 0 },
- { .name = "MDRAR_EL1", .state = ARM_CP_STATE_AA64,
- .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 0,
- .access = PL1_R, .accessfn = access_tdra,
- .type = ARM_CP_CONST, .resetvalue = 0 },
- { .name = "DBGDSAR", .cp = 14, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 0,
- .access = PL0_R, .accessfn = access_tdra,
- .type = ARM_CP_CONST, .resetvalue = 0 },
- /* Monitor debug system control register; the 32-bit alias is DBGDSCRext. */
- { .name = "MDSCR_EL1", .state = ARM_CP_STATE_BOTH,
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 2,
- .access = PL1_RW, .accessfn = access_tda,
- .fieldoffset = offsetof(CPUARMState, cp15.mdscr_el1),
- .resetvalue = 0 },
- /*
- * MDCCSR_EL0[30:29] map to EDSCR[30:29]. Simply RAZ as the external
- * Debug Communication Channel is not implemented.
- */
- { .name = "MDCCSR_EL0", .state = ARM_CP_STATE_AA64,
- .opc0 = 2, .opc1 = 3, .crn = 0, .crm = 1, .opc2 = 0,
- .access = PL0_R, .accessfn = access_tda,
- .type = ARM_CP_CONST, .resetvalue = 0 },
- /*
- * DBGDSCRint[15,12,5:2] map to MDSCR_EL1[15,12,5:2]. Map all bits as
- * it is unlikely a guest will care.
- * We don't implement the configurable EL0 access.
- */
- { .name = "DBGDSCRint", .state = ARM_CP_STATE_AA32,
- .cp = 14, .opc1 = 0, .crn = 0, .crm = 1, .opc2 = 0,
- .type = ARM_CP_ALIAS,
- .access = PL1_R, .accessfn = access_tda,
- .fieldoffset = offsetof(CPUARMState, cp15.mdscr_el1), },
- { .name = "OSLAR_EL1", .state = ARM_CP_STATE_BOTH,
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 4,
- .access = PL1_W, .type = ARM_CP_NO_RAW,
- .accessfn = access_tdosa,
- .writefn = oslar_write },
- { .name = "OSLSR_EL1", .state = ARM_CP_STATE_BOTH,
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 4,
- .access = PL1_R, .resetvalue = 10,
- .accessfn = access_tdosa,
- .fieldoffset = offsetof(CPUARMState, cp15.oslsr_el1) },
- /* Dummy OSDLR_EL1: 32-bit Linux will read this */
- { .name = "OSDLR_EL1", .state = ARM_CP_STATE_BOTH,
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 4,
- .access = PL1_RW, .accessfn = access_tdosa,
- .type = ARM_CP_NOP },
- /*
- * Dummy DBGVCR: Linux wants to clear this on startup, but we don't
- * implement vector catch debug events yet.
- */
- { .name = "DBGVCR",
- .cp = 14, .opc1 = 0, .crn = 0, .crm = 7, .opc2 = 0,
- .access = PL1_RW, .accessfn = access_tda,
- .type = ARM_CP_NOP },
- /*
- * Dummy DBGVCR32_EL2 (which is only for a 64-bit hypervisor
- * to save and restore a 32-bit guest's DBGVCR)
- */
- { .name = "DBGVCR32_EL2", .state = ARM_CP_STATE_AA64,
- .opc0 = 2, .opc1 = 4, .crn = 0, .crm = 7, .opc2 = 0,
- .access = PL2_RW, .accessfn = access_tda,
- .type = ARM_CP_NOP | ARM_CP_EL3_NO_EL2_KEEP },
- /*
- * Dummy MDCCINT_EL1, since we don't implement the Debug Communications
- * Channel but Linux may try to access this register. The 32-bit
- * alias is DBGDCCINT.
- */
- { .name = "MDCCINT_EL1", .state = ARM_CP_STATE_BOTH,
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = 2, .opc2 = 0,
- .access = PL1_RW, .accessfn = access_tda,
- .type = ARM_CP_NOP },
-};
-
-static const ARMCPRegInfo debug_lpae_cp_reginfo[] = {
- /* 64 bit access versions of the (dummy) debug registers */
- { .name = "DBGDRAR", .cp = 14, .crm = 1, .opc1 = 0,
- .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
- { .name = "DBGDSAR", .cp = 14, .crm = 2, .opc1 = 0,
- .access = PL0_R, .type = ARM_CP_CONST | ARM_CP_64BIT, .resetvalue = 0 },
-};
-
/*
* Check for traps to RAS registers, which are controlled
* by HCR_EL2.TERR and SCR_EL3.TERR.
@@ -6470,356 +6291,6 @@ static const ARMCPRegInfo sme_reginfo[] = {
};
#endif /* TARGET_AARCH64 */
-void hw_watchpoint_update(ARMCPU *cpu, int n)
-{
- CPUARMState *env = &cpu->env;
- vaddr len = 0;
- vaddr wvr = env->cp15.dbgwvr[n];
- uint64_t wcr = env->cp15.dbgwcr[n];
- int mask;
- int flags = BP_CPU | BP_STOP_BEFORE_ACCESS;
-
- if (env->cpu_watchpoint[n]) {
- cpu_watchpoint_remove_by_ref(CPU(cpu), env->cpu_watchpoint[n]);
- env->cpu_watchpoint[n] = NULL;
- }
-
- if (!FIELD_EX64(wcr, DBGWCR, E)) {
- /* E bit clear : watchpoint disabled */
- return;
- }
-
- switch (FIELD_EX64(wcr, DBGWCR, LSC)) {
- case 0:
- /* LSC 00 is reserved and must behave as if the wp is disabled */
- return;
- case 1:
- flags |= BP_MEM_READ;
- break;
- case 2:
- flags |= BP_MEM_WRITE;
- break;
- case 3:
- flags |= BP_MEM_ACCESS;
- break;
- }
-
- /*
- * Attempts to use both MASK and BAS fields simultaneously are
- * CONSTRAINED UNPREDICTABLE; we opt to ignore BAS in this case,
- * thus generating a watchpoint for every byte in the masked region.
- */
- mask = FIELD_EX64(wcr, DBGWCR, MASK);
- if (mask == 1 || mask == 2) {
- /*
- * Reserved values of MASK; we must act as if the mask value was
- * some non-reserved value, or as if the watchpoint were disabled.
- * We choose the latter.
- */
- return;
- } else if (mask) {
- /* Watchpoint covers an aligned area up to 2GB in size */
- len = 1ULL << mask;
- /*
- * If masked bits in WVR are not zero it's CONSTRAINED UNPREDICTABLE
- * whether the watchpoint fires when the unmasked bits match; we opt
- * to generate the exceptions.
- */
- wvr &= ~(len - 1);
- } else {
- /* Watchpoint covers bytes defined by the byte address select bits */
- int bas = FIELD_EX64(wcr, DBGWCR, BAS);
- int basstart;
-
- if (extract64(wvr, 2, 1)) {
- /*
- * Deprecated case of an only 4-aligned address. BAS[7:4] are
- * ignored, and BAS[3:0] define which bytes to watch.
- */
- bas &= 0xf;
- }
-
- if (bas == 0) {
- /* This must act as if the watchpoint is disabled */
- return;
- }
-
- /*
- * The BAS bits are supposed to be programmed to indicate a contiguous
- * range of bytes. Otherwise it is CONSTRAINED UNPREDICTABLE whether
- * we fire for each byte in the word/doubleword addressed by the WVR.
- * We choose to ignore any non-zero bits after the first range of 1s.
- */
- basstart = ctz32(bas);
- len = cto32(bas >> basstart);
- wvr += basstart;
- }
-
- cpu_watchpoint_insert(CPU(cpu), wvr, len, flags,
- &env->cpu_watchpoint[n]);
-}
-
-void hw_watchpoint_update_all(ARMCPU *cpu)
-{
- int i;
- CPUARMState *env = &cpu->env;
-
- /*
- * Completely clear out existing QEMU watchpoints and our array, to
- * avoid possible stale entries following migration load.
- */
- cpu_watchpoint_remove_all(CPU(cpu), BP_CPU);
- memset(env->cpu_watchpoint, 0, sizeof(env->cpu_watchpoint));
-
- for (i = 0; i < ARRAY_SIZE(cpu->env.cpu_watchpoint); i++) {
- hw_watchpoint_update(cpu, i);
- }
-}
-
-static void dbgwvr_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
- ARMCPU *cpu = env_archcpu(env);
- int i = ri->crm;
-
- /*
- * Bits [1:0] are RES0.
- *
- * It is IMPLEMENTATION DEFINED whether [63:49] ([63:53] with FEAT_LVA)
- * are hardwired to the value of bit [48] ([52] with FEAT_LVA), or if
- * they contain the value written. It is CONSTRAINED UNPREDICTABLE
- * whether the RESS bits are ignored when comparing an address.
- *
- * Therefore we are allowed to compare the entire register, which lets
- * us avoid considering whether or not FEAT_LVA is actually enabled.
- */
- value &= ~3ULL;
-
- raw_write(env, ri, value);
- hw_watchpoint_update(cpu, i);
-}
-
-static void dbgwcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
- ARMCPU *cpu = env_archcpu(env);
- int i = ri->crm;
-
- raw_write(env, ri, value);
- hw_watchpoint_update(cpu, i);
-}
-
-void hw_breakpoint_update(ARMCPU *cpu, int n)
-{
- CPUARMState *env = &cpu->env;
- uint64_t bvr = env->cp15.dbgbvr[n];
- uint64_t bcr = env->cp15.dbgbcr[n];
- vaddr addr;
- int bt;
- int flags = BP_CPU;
-
- if (env->cpu_breakpoint[n]) {
- cpu_breakpoint_remove_by_ref(CPU(cpu), env->cpu_breakpoint[n]);
- env->cpu_breakpoint[n] = NULL;
- }
-
- if (!extract64(bcr, 0, 1)) {
- /* E bit clear : watchpoint disabled */
- return;
- }
-
- bt = extract64(bcr, 20, 4);
-
- switch (bt) {
- case 4: /* unlinked address mismatch (reserved if AArch64) */
- case 5: /* linked address mismatch (reserved if AArch64) */
- qemu_log_mask(LOG_UNIMP,
- "arm: address mismatch breakpoint types not implemented\n");
- return;
- case 0: /* unlinked address match */
- case 1: /* linked address match */
- {
- /*
- * Bits [1:0] are RES0.
- *
- * It is IMPLEMENTATION DEFINED whether bits [63:49]
- * ([63:53] for FEAT_LVA) are hardwired to a copy of the sign bit
- * of the VA field ([48] or [52] for FEAT_LVA), or whether the
- * value is read as written. It is CONSTRAINED UNPREDICTABLE
- * whether the RESS bits are ignored when comparing an address.
- * Therefore we are allowed to compare the entire register, which
- * lets us avoid considering whether FEAT_LVA is actually enabled.
- *
- * The BAS field is used to allow setting breakpoints on 16-bit
- * wide instructions; it is CONSTRAINED UNPREDICTABLE whether
- * a bp will fire if the addresses covered by the bp and the addresses
- * covered by the insn overlap but the insn doesn't start at the
- * start of the bp address range. We choose to require the insn and
- * the bp to have the same address. The constraints on writing to
- * BAS enforced in dbgbcr_write mean we have only four cases:
- * 0b0000 => no breakpoint
- * 0b0011 => breakpoint on addr
- * 0b1100 => breakpoint on addr + 2
- * 0b1111 => breakpoint on addr
- * See also figure D2-3 in the v8 ARM ARM (DDI0487A.c).
- */
- int bas = extract64(bcr, 5, 4);
- addr = bvr & ~3ULL;
- if (bas == 0) {
- return;
- }
- if (bas == 0xc) {
- addr += 2;
- }
- break;
- }
- case 2: /* unlinked context ID match */
- case 8: /* unlinked VMID match (reserved if no EL2) */
- case 10: /* unlinked context ID and VMID match (reserved if no EL2) */
- qemu_log_mask(LOG_UNIMP,
- "arm: unlinked context breakpoint types not implemented\n");
- return;
- case 9: /* linked VMID match (reserved if no EL2) */
- case 11: /* linked context ID and VMID match (reserved if no EL2) */
- case 3: /* linked context ID match */
- default:
- /*
- * We must generate no events for Linked context matches (unless
- * they are linked to by some other bp/wp, which is handled in
- * updates for the linking bp/wp). We choose to also generate no events
- * for reserved values.
- */
- return;
- }
-
- cpu_breakpoint_insert(CPU(cpu), addr, flags, &env->cpu_breakpoint[n]);
-}
-
-void hw_breakpoint_update_all(ARMCPU *cpu)
-{
- int i;
- CPUARMState *env = &cpu->env;
-
- /*
- * Completely clear out existing QEMU breakpoints and our array, to
- * avoid possible stale entries following migration load.
- */
- cpu_breakpoint_remove_all(CPU(cpu), BP_CPU);
- memset(env->cpu_breakpoint, 0, sizeof(env->cpu_breakpoint));
-
- for (i = 0; i < ARRAY_SIZE(cpu->env.cpu_breakpoint); i++) {
- hw_breakpoint_update(cpu, i);
- }
-}
-
-static void dbgbvr_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
- ARMCPU *cpu = env_archcpu(env);
- int i = ri->crm;
-
- raw_write(env, ri, value);
- hw_breakpoint_update(cpu, i);
-}
-
-static void dbgbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
- uint64_t value)
-{
- ARMCPU *cpu = env_archcpu(env);
- int i = ri->crm;
-
- /*
- * BAS[3] is a read-only copy of BAS[2], and BAS[1] a read-only
- * copy of BAS[0].
- */
- value = deposit64(value, 6, 1, extract64(value, 5, 1));
- value = deposit64(value, 8, 1, extract64(value, 7, 1));
-
- raw_write(env, ri, value);
- hw_breakpoint_update(cpu, i);
-}
-
-static void define_debug_regs(ARMCPU *cpu)
-{
- /*
- * Define v7 and v8 architectural debug registers.
- * These are just dummy implementations for now.
- */
- int i;
- int wrps, brps, ctx_cmps;
-
- /*
- * The Arm ARM says DBGDIDR is optional and deprecated if EL1 cannot
- * use AArch32. Given that bit 15 is RES1, if the value is 0 then
- * the register must not exist for this cpu.
- */
- if (cpu->isar.dbgdidr != 0) {
- ARMCPRegInfo dbgdidr = {
- .name = "DBGDIDR", .cp = 14, .crn = 0, .crm = 0,
- .opc1 = 0, .opc2 = 0,
- .access = PL0_R, .accessfn = access_tda,
- .type = ARM_CP_CONST, .resetvalue = cpu->isar.dbgdidr,
- };
- define_one_arm_cp_reg(cpu, &dbgdidr);
- }
-
- brps = arm_num_brps(cpu);
- wrps = arm_num_wrps(cpu);
- ctx_cmps = arm_num_ctx_cmps(cpu);
-
- assert(ctx_cmps <= brps);
-
- define_arm_cp_regs(cpu, debug_cp_reginfo);
-
- if (arm_feature(&cpu->env, ARM_FEATURE_LPAE)) {
- define_arm_cp_regs(cpu, debug_lpae_cp_reginfo);
- }
-
- for (i = 0; i < brps; i++) {
- char *dbgbvr_el1_name = g_strdup_printf("DBGBVR%d_EL1", i);
- char *dbgbcr_el1_name = g_strdup_printf("DBGBCR%d_EL1", i);
- ARMCPRegInfo dbgregs[] = {
- { .name = dbgbvr_el1_name, .state = ARM_CP_STATE_BOTH,
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 4,
- .access = PL1_RW, .accessfn = access_tda,
- .fieldoffset = offsetof(CPUARMState, cp15.dbgbvr[i]),
- .writefn = dbgbvr_write, .raw_writefn = raw_write
- },
- { .name = dbgbcr_el1_name, .state = ARM_CP_STATE_BOTH,
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 5,
- .access = PL1_RW, .accessfn = access_tda,
- .fieldoffset = offsetof(CPUARMState, cp15.dbgbcr[i]),
- .writefn = dbgbcr_write, .raw_writefn = raw_write
- },
- };
- define_arm_cp_regs(cpu, dbgregs);
- g_free(dbgbvr_el1_name);
- g_free(dbgbcr_el1_name);
- }
-
- for (i = 0; i < wrps; i++) {
- char *dbgwvr_el1_name = g_strdup_printf("DBGWVR%d_EL1", i);
- char *dbgwcr_el1_name = g_strdup_printf("DBGWCR%d_EL1", i);
- ARMCPRegInfo dbgregs[] = {
- { .name = dbgwvr_el1_name, .state = ARM_CP_STATE_BOTH,
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 6,
- .access = PL1_RW, .accessfn = access_tda,
- .fieldoffset = offsetof(CPUARMState, cp15.dbgwvr[i]),
- .writefn = dbgwvr_write, .raw_writefn = raw_write
- },
- { .name = dbgwcr_el1_name, .state = ARM_CP_STATE_BOTH,
- .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 0, .crm = i, .opc2 = 7,
- .access = PL1_RW, .accessfn = access_tda,
- .fieldoffset = offsetof(CPUARMState, cp15.dbgwcr[i]),
- .writefn = dbgwcr_write, .raw_writefn = raw_write
- },
- };
- define_arm_cp_regs(cpu, dbgregs);
- g_free(dbgwvr_el1_name);
- g_free(dbgwcr_el1_name);
- }
-}
-
static void define_pmu_regs(ARMCPU *cpu)
{
/*
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 6/9] target/arm: Suppress debug exceptions when OS Lock set
2022-07-07 12:27 [PULL 0/9] target-arm queue Peter Maydell
` (4 preceding siblings ...)
2022-07-07 12:27 ` [PULL 5/9] target/arm: Move define_debug_regs() to debug_helper.c Peter Maydell
@ 2022-07-07 12:27 ` Peter Maydell
2022-07-07 12:27 ` [PULL 7/9] target/arm: Implement AArch32 DBGDEVID, DBGDEVID1, DBGDEVID2 Peter Maydell
` (3 subsequent siblings)
9 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2022-07-07 12:27 UTC (permalink / raw)
To: qemu-devel
The "OS Lock" in the Arm debug architecture is a way for software
to suppress debug exceptions while it is trying to power down
a CPU and save the state of the breakpoint and watchpoint
registers. In QEMU we implemented the support for writing
the OS Lock bit via OSLAR_EL1 and reading it via OSLSR_EL1,
but didn't implement the actual behaviour.
The required behaviour with the OS Lock set is:
* debug exceptions (apart from BKPT insns) are suppressed
* some MDSCR_EL1 bits allow write access to the corresponding
EDSCR external debug status register that they shadow
(we can ignore this because we don't implement external debug)
* similarly with the OSECCR_EL1 which shadows the EDECCR
(but we don't implement OSECCR_EL1 anyway)
Implement the missing behaviour of suppressing debug
exceptions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220630194116.3438513-4-peter.maydell@linaro.org
---
target/arm/debug_helper.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index 9a78c1db966..691b9b74c4a 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -142,6 +142,9 @@ static bool aa32_generate_debug_exceptions(CPUARMState *env)
*/
bool arm_generate_debug_exceptions(CPUARMState *env)
{
+ if (env->cp15.oslsr_el1 & 1) {
+ return false;
+ }
if (is_a64(env)) {
return aa64_generate_debug_exceptions(env);
} else {
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 7/9] target/arm: Implement AArch32 DBGDEVID, DBGDEVID1, DBGDEVID2
2022-07-07 12:27 [PULL 0/9] target-arm queue Peter Maydell
` (5 preceding siblings ...)
2022-07-07 12:27 ` [PULL 6/9] target/arm: Suppress debug exceptions when OS Lock set Peter Maydell
@ 2022-07-07 12:27 ` Peter Maydell
2022-07-07 12:27 ` [PULL 8/9] target/arm: Correctly implement Feat_DoubleLock Peter Maydell
` (2 subsequent siblings)
9 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2022-07-07 12:27 UTC (permalink / raw)
To: qemu-devel
Starting with v7 of the debug architecture, there are three extra
ID registers that add information on top of that provided in
DBGDIDR. These are DBGDEVID, DBGDEVID1 and DBGDEVID2. In the
v7 debug architecture, DBGDEVID is optional, present only of
DBGDIDR.DEVID_imp is set. In v7.1 all three must be present.
Implement the missing registers. Note that we only need to set the
values in the ARMISARegisters struct for the CPUs Cortex-A7, A15,
A53, A57 and A72 (plus the 32-bit 'max' which uses the Cortex-A53
values): earlier CPUs didn't implement v7 of the architecture, and
our other 64-bit CPUs (Cortex-A76, Neoverse-N1 and A64fx) don't have
AArch32 support at EL1.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220630194116.3438513-5-peter.maydell@linaro.org
---
target/arm/cpu.h | 7 +++++++
target/arm/cpu64.c | 6 ++++++
target/arm/cpu_tcg.c | 6 ++++++
target/arm/debug_helper.c | 36 ++++++++++++++++++++++++++++++++++++
4 files changed, 55 insertions(+)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 4a4342f2622..c533ad0b64d 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -988,6 +988,8 @@ struct ArchCPU {
uint32_t mvfr2;
uint32_t id_dfr0;
uint32_t dbgdidr;
+ uint32_t dbgdevid;
+ uint32_t dbgdevid1;
uint64_t id_aa64isar0;
uint64_t id_aa64isar1;
uint64_t id_aa64pfr0;
@@ -3719,6 +3721,11 @@ static inline bool isar_feature_aa32_ssbs(const ARMISARegisters *id)
return FIELD_EX32(id->id_pfr2, ID_PFR2, SSBS) != 0;
}
+static inline bool isar_feature_aa32_debugv7p1(const ARMISARegisters *id)
+{
+ return FIELD_EX32(id->id_dfr0, ID_DFR0, COPDBG) >= 5;
+}
+
static inline bool isar_feature_aa32_debugv8p2(const ARMISARegisters *id)
{
return FIELD_EX32(id->id_dfr0, ID_DFR0, COPDBG) >= 8;
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 19188d6cc2a..b4fd4b7ec87 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -79,6 +79,8 @@ static void aarch64_a57_initfn(Object *obj)
cpu->isar.id_aa64isar0 = 0x00011120;
cpu->isar.id_aa64mmfr0 = 0x00001124;
cpu->isar.dbgdidr = 0x3516d000;
+ cpu->isar.dbgdevid = 0x01110f13;
+ cpu->isar.dbgdevid1 = 0x2;
cpu->isar.reset_pmcr_el0 = 0x41013000;
cpu->clidr = 0x0a200023;
cpu->ccsidr[0] = 0x701fe00a; /* 32KB L1 dcache */
@@ -134,6 +136,8 @@ static void aarch64_a53_initfn(Object *obj)
cpu->isar.id_aa64isar0 = 0x00011120;
cpu->isar.id_aa64mmfr0 = 0x00001122; /* 40 bit physical addr */
cpu->isar.dbgdidr = 0x3516d000;
+ cpu->isar.dbgdevid = 0x00110f13;
+ cpu->isar.dbgdevid1 = 0x1;
cpu->isar.reset_pmcr_el0 = 0x41033000;
cpu->clidr = 0x0a200023;
cpu->ccsidr[0] = 0x700fe01a; /* 32KB L1 dcache */
@@ -187,6 +191,8 @@ static void aarch64_a72_initfn(Object *obj)
cpu->isar.id_aa64isar0 = 0x00011120;
cpu->isar.id_aa64mmfr0 = 0x00001124;
cpu->isar.dbgdidr = 0x3516d000;
+ cpu->isar.dbgdevid = 0x01110f13;
+ cpu->isar.dbgdevid1 = 0x2;
cpu->isar.reset_pmcr_el0 = 0x41023000;
cpu->clidr = 0x0a200023;
cpu->ccsidr[0] = 0x701fe00a; /* 32KB L1 dcache */
diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
index b751a19c8a7..3099b38e32b 100644
--- a/target/arm/cpu_tcg.c
+++ b/target/arm/cpu_tcg.c
@@ -563,6 +563,8 @@ static void cortex_a7_initfn(Object *obj)
cpu->isar.id_isar3 = 0x11112131;
cpu->isar.id_isar4 = 0x10011142;
cpu->isar.dbgdidr = 0x3515f005;
+ cpu->isar.dbgdevid = 0x01110f13;
+ cpu->isar.dbgdevid1 = 0x1;
cpu->clidr = 0x0a200023;
cpu->ccsidr[0] = 0x701fe00a; /* 32K L1 dcache */
cpu->ccsidr[1] = 0x201fe00a; /* 32K L1 icache */
@@ -606,6 +608,8 @@ static void cortex_a15_initfn(Object *obj)
cpu->isar.id_isar3 = 0x11112131;
cpu->isar.id_isar4 = 0x10011142;
cpu->isar.dbgdidr = 0x3515f021;
+ cpu->isar.dbgdevid = 0x01110f13;
+ cpu->isar.dbgdevid1 = 0x0;
cpu->clidr = 0x0a200023;
cpu->ccsidr[0] = 0x701fe00a; /* 32K L1 dcache */
cpu->ccsidr[1] = 0x201fe00a; /* 32K L1 icache */
@@ -1098,6 +1102,8 @@ static void arm_max_initfn(Object *obj)
cpu->isar.id_isar5 = 0x00011121;
cpu->isar.id_isar6 = 0;
cpu->isar.dbgdidr = 0x3516d000;
+ cpu->isar.dbgdevid = 0x00110f13;
+ cpu->isar.dbgdevid1 = 0x2;
cpu->isar.reset_pmcr_el0 = 0x41013000;
cpu->clidr = 0x0a200023;
cpu->ccsidr[0] = 0x701fe00a; /* 32KB L1 dcache */
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index 691b9b74c4a..e96a4ffd28d 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -999,6 +999,42 @@ void define_debug_regs(ARMCPU *cpu)
define_one_arm_cp_reg(cpu, &dbgdidr);
}
+ /*
+ * DBGDEVID is present in the v7 debug architecture if
+ * DBGDIDR.DEVID_imp is 1 (bit 15); from v7.1 and on it is
+ * mandatory (and bit 15 is RES1). DBGDEVID1 and DBGDEVID2 exist
+ * from v7.1 of the debug architecture. Because no fields have yet
+ * been defined in DBGDEVID2 (and quite possibly none will ever
+ * be) we don't define an ARMISARegisters field for it.
+ * These registers exist only if EL1 can use AArch32, but that
+ * happens naturally because they are only PL1 accessible anyway.
+ */
+ if (extract32(cpu->isar.dbgdidr, 15, 1)) {
+ ARMCPRegInfo dbgdevid = {
+ .name = "DBGDEVID",
+ .cp = 14, .opc1 = 0, .crn = 7, .opc2 = 2, .crn = 7,
+ .access = PL1_R, .accessfn = access_tda,
+ .type = ARM_CP_CONST, .resetvalue = cpu->isar.dbgdevid,
+ };
+ define_one_arm_cp_reg(cpu, &dbgdevid);
+ }
+ if (cpu_isar_feature(aa32_debugv7p1, cpu)) {
+ ARMCPRegInfo dbgdevid12[] = {
+ {
+ .name = "DBGDEVID1",
+ .cp = 14, .opc1 = 0, .crn = 7, .opc2 = 1, .crn = 7,
+ .access = PL1_R, .accessfn = access_tda,
+ .type = ARM_CP_CONST, .resetvalue = cpu->isar.dbgdevid1,
+ }, {
+ .name = "DBGDEVID2",
+ .cp = 14, .opc1 = 0, .crn = 7, .opc2 = 0, .crn = 7,
+ .access = PL1_R, .accessfn = access_tda,
+ .type = ARM_CP_CONST, .resetvalue = 0,
+ },
+ };
+ define_arm_cp_regs(cpu, dbgdevid12);
+ }
+
brps = arm_num_brps(cpu);
wrps = arm_num_wrps(cpu);
ctx_cmps = arm_num_ctx_cmps(cpu);
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 8/9] target/arm: Correctly implement Feat_DoubleLock
2022-07-07 12:27 [PULL 0/9] target-arm queue Peter Maydell
` (6 preceding siblings ...)
2022-07-07 12:27 ` [PULL 7/9] target/arm: Implement AArch32 DBGDEVID, DBGDEVID1, DBGDEVID2 Peter Maydell
@ 2022-07-07 12:27 ` Peter Maydell
2022-07-07 12:27 ` [PULL 9/9] target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem Peter Maydell
2022-07-08 2:32 ` [PULL 0/9] target-arm queue Richard Henderson
9 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2022-07-07 12:27 UTC (permalink / raw)
To: qemu-devel
The architecture defines the OS DoubleLock as a register which
(similarly to the OS Lock) suppresses debug events for use in CPU
powerdown sequences. This functionality is required in Arm v7 and
v8.0; from v8.2 it becomes optional and in v9 it must not be
implemented.
Currently in QEMU we implement the OSDLR_EL1 register as a NOP. This
is wrong both for the "feature implemented" and the "feature not
implemented" cases: if the feature is implemented then the DLK bit
should read as written and cause suppression of debug exceptions, and
if it is not implemented then the bit must be RAZ/WI.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu.h | 20 ++++++++++++++++++++
target/arm/debug_helper.c | 20 ++++++++++++++++++--
2 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c533ad0b64d..1f4f3e0485c 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -500,6 +500,7 @@ typedef struct CPUArchState {
uint64_t dbgwcr[16]; /* watchpoint control registers */
uint64_t mdscr_el1;
uint64_t oslsr_el1; /* OS Lock Status */
+ uint64_t osdlr_el1; /* OS DoubleLock status */
uint64_t mdcr_el2;
uint64_t mdcr_el3;
/* Stores the architectural value of the counter *the last time it was
@@ -2253,6 +2254,15 @@ FIELD(DBGDIDR, CTX_CMPS, 20, 4)
FIELD(DBGDIDR, BRPS, 24, 4)
FIELD(DBGDIDR, WRPS, 28, 4)
+FIELD(DBGDEVID, PCSAMPLE, 0, 4)
+FIELD(DBGDEVID, WPADDRMASK, 4, 4)
+FIELD(DBGDEVID, BPADDRMASK, 8, 4)
+FIELD(DBGDEVID, VECTORCATCH, 12, 4)
+FIELD(DBGDEVID, VIRTEXTNS, 16, 4)
+FIELD(DBGDEVID, DOUBLELOCK, 20, 4)
+FIELD(DBGDEVID, AUXREGS, 24, 4)
+FIELD(DBGDEVID, CIDMASK, 28, 4)
+
FIELD(MVFR0, SIMDREG, 0, 4)
FIELD(MVFR0, FPSP, 4, 4)
FIELD(MVFR0, FPDP, 8, 4)
@@ -3731,6 +3741,11 @@ static inline bool isar_feature_aa32_debugv8p2(const ARMISARegisters *id)
return FIELD_EX32(id->id_dfr0, ID_DFR0, COPDBG) >= 8;
}
+static inline bool isar_feature_aa32_doublelock(const ARMISARegisters *id)
+{
+ return FIELD_EX32(id->dbgdevid, DBGDEVID, DOUBLELOCK) > 0;
+}
+
/*
* 64-bit feature tests via id registers.
*/
@@ -4155,6 +4170,11 @@ static inline bool isar_feature_aa64_sme_fa64(const ARMISARegisters *id)
return FIELD_EX64(id->id_aa64smfr0, ID_AA64SMFR0, FA64);
}
+static inline bool isar_feature_aa64_doublelock(const ARMISARegisters *id)
+{
+ return FIELD_SEX64(id->id_aa64dfr0, ID_AA64DFR0, DOUBLELOCK) >= 0;
+}
+
/*
* Feature tests for "does this exist in either 32-bit or 64-bit?"
*/
diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
index e96a4ffd28d..d09fccb0a4f 100644
--- a/target/arm/debug_helper.c
+++ b/target/arm/debug_helper.c
@@ -142,7 +142,7 @@ static bool aa32_generate_debug_exceptions(CPUARMState *env)
*/
bool arm_generate_debug_exceptions(CPUARMState *env)
{
- if (env->cp15.oslsr_el1 & 1) {
+ if ((env->cp15.oslsr_el1 & 1) || (env->cp15.osdlr_el1 & 1)) {
return false;
}
if (is_a64(env)) {
@@ -614,6 +614,21 @@ static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
env->cp15.oslsr_el1 = deposit32(env->cp15.oslsr_el1, 1, 1, oslock);
}
+static void osdlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ ARMCPU *cpu = env_archcpu(env);
+ /*
+ * Only defined bit is bit 0 (DLK); if Feat_DoubleLock is not
+ * implemented this is RAZ/WI.
+ */
+ if(arm_feature(env, ARM_FEATURE_AARCH64)
+ ? cpu_isar_feature(aa64_doublelock, cpu)
+ : cpu_isar_feature(aa32_doublelock, cpu)) {
+ env->cp15.osdlr_el1 = value & 1;
+ }
+}
+
static const ARMCPRegInfo debug_cp_reginfo[] = {
/*
* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
@@ -670,7 +685,8 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
{ .name = "OSDLR_EL1", .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 4,
.access = PL1_RW, .accessfn = access_tdosa,
- .type = ARM_CP_NOP },
+ .writefn = osdlr_write,
+ .fieldoffset = offsetof(CPUARMState, cp15.osdlr_el1) },
/*
* Dummy DBGVCR: Linux wants to clear this on startup, but we don't
* implement vector catch debug events yet.
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 9/9] target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem
2022-07-07 12:27 [PULL 0/9] target-arm queue Peter Maydell
` (7 preceding siblings ...)
2022-07-07 12:27 ` [PULL 8/9] target/arm: Correctly implement Feat_DoubleLock Peter Maydell
@ 2022-07-07 12:27 ` Peter Maydell
2022-07-08 2:32 ` [PULL 0/9] target-arm queue Richard Henderson
9 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2022-07-07 12:27 UTC (permalink / raw)
To: qemu-devel
In commit 39a1fd25287f5d we fixed a bug in the handling of LPAE block
descriptors where we weren't correctly zeroing out some RES0 bits.
However this fix has a bug because the calculation of the mask is
done at the wrong width: in
descaddr &= ~(page_size - 1);
page_size is a target_ulong, so in the 'qemu-system-arm' binary it is
only 32 bits, and the effect is that we always zero out the top 32
bits of the calculated address. Fix the calculation by forcing the
mask to be calculated with the same type as descaddr.
This only affects 32-bit CPUs which support LPAE (e.g. cortex-a15)
when used on board models which put RAM or devices above the 4GB
mark and when the 'qemu-system-arm' executable is being used.
It was also masked in 7.0 by the main bug reported in
https://gitlab.com/qemu-project/qemu/-/issues/1078 where the
virt board incorrectly does not enable 'highmem' for 32-bit CPUs.
The workaround is to use 'qemu-system-aarch64' with the same
command line.
Reported-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220627134620.3190252-1-peter.maydell@linaro.org
Fixes: 39a1fd25287f5de ("target/arm: Fix handling of LPAE block descriptors")
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/ptw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index da478104f05..e71fc1f4293 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -1257,7 +1257,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, uint64_t address,
* clear the lower bits here before ORing in the low vaddr bits.
*/
page_size = (1ULL << ((stride * (4 - level)) + 3));
- descaddr &= ~(page_size - 1);
+ descaddr &= ~(hwaddr)(page_size - 1);
descaddr |= (address & (page_size - 1));
/* Extract attributes from the descriptor */
attrs = extract64(descriptor, 2, 10)
--
2.25.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PULL 0/9] target-arm queue
2022-07-07 12:27 [PULL 0/9] target-arm queue Peter Maydell
` (8 preceding siblings ...)
2022-07-07 12:27 ` [PULL 9/9] target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem Peter Maydell
@ 2022-07-08 2:32 ` Richard Henderson
9 siblings, 0 replies; 18+ messages in thread
From: Richard Henderson @ 2022-07-08 2:32 UTC (permalink / raw)
To: Peter Maydell, qemu-devel
On 7/7/22 17:57, Peter Maydell wrote:
> My OS Lock/DoubleLock patches, plus a small selection of other
> bug fixes and minor things.
>
> thanks
> -- PMM
>
> The following changes since commit 8e9398e3b1a860b8c29c670c1b6c36afe8d87849:
>
> Merge tag 'pull-ppc-20220706' of https://gitlab.com/danielhb/qemu into staging (2022-07-07 06:21:05 +0530)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220707
>
> for you to fetch changes up to c2360eaa0262a816faf8032b7762d0c73df2cc62:
>
> target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem (2022-07-07 11:41:04 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
> * hw/arm/virt: dt: add rng-seed property
> * Fix MTE check in sve_ldnfff1_r
> * Record tagged bit for user-only in sve_probe_page
> * Correctly implement OS Lock and OS DoubleLock
> * Implement DBGDEVID, DBGDEVID1, DBGDEVID2 registers
> * Fix qemu-system-arm handling of LPAE block descriptors for highmem
Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate.
r~
>
> ----------------------------------------------------------------
> Jason A. Donenfeld (1):
> hw/arm/virt: dt: add rng-seed property
>
> Peter Maydell (6):
> target/arm: Fix code style issues in debug helper functions
> target/arm: Move define_debug_regs() to debug_helper.c
> target/arm: Suppress debug exceptions when OS Lock set
> target/arm: Implement AArch32 DBGDEVID, DBGDEVID1, DBGDEVID2
> target/arm: Correctly implement Feat_DoubleLock
> target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem
>
> Richard Henderson (2):
> target/arm: Fix MTE check in sve_ldnfff1_r
> target/arm: Record tagged bit for user-only in sve_probe_page
>
> docs/about/deprecated.rst | 8 +
> docs/system/arm/virt.rst | 17 +-
> include/hw/arm/virt.h | 2 +-
> target/arm/cpregs.h | 3 +
> target/arm/cpu.h | 27 +++
> target/arm/internals.h | 9 +
> hw/arm/virt.c | 44 ++--
> target/arm/cpu64.c | 6 +
> target/arm/cpu_tcg.c | 6 +
> target/arm/debug_helper.c | 580 ++++++++++++++++++++++++++++++++++++++++++++++
> target/arm/helper.c | 513 +---------------------------------------
> target/arm/ptw.c | 2 +-
> target/arm/sve_helper.c | 5 +-
> 13 files changed, 684 insertions(+), 538 deletions(-)
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PULL 0/9] target-arm queue
2022-07-26 15:20 Peter Maydell
@ 2022-07-26 18:36 ` Richard Henderson
0 siblings, 0 replies; 18+ messages in thread
From: Richard Henderson @ 2022-07-26 18:36 UTC (permalink / raw)
To: Peter Maydell, qemu-devel
On 7/26/22 08:20, Peter Maydell wrote:
> A last lot of bug fixes before rc0...
>
> thanks
> -- PMM
>
> The following changes since commit 0d0275c31f00b71b49eb80bbdca2cfe244cf80fb:
>
> Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging (2022-07-26 10:31:02 +0100)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220726
>
> for you to fetch changes up to 5865d99fe88d8c8fa437c18c6b63fb2a8165634f:
>
> hw/display/bcm2835_fb: Fix framebuffer allocation address (2022-07-26 14:09:44 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
> * Update Coverity component definitions
> * target/arm: Add MO_128 entry to pred_esz_masks[]
> * configure: Fix portability issues
> * hw/display/bcm2835_fb: Fix framebuffer allocation address
Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate.
r~
>
> ----------------------------------------------------------------
> Alan Jian (1):
> hw/display/bcm2835_fb: Fix framebuffer allocation address
>
> Peter Maydell (8):
> scripts/coverity-scan/COMPONENTS.md: Add loongarch component
> scripts/coverity-scan/COMPONENTS.md: Update slirp component info
> target/arm: Add MO_128 entry to pred_esz_masks[]
> configure: Add missing POSIX-required space
> configure: Add braces to clarify intent of $emu[[:space:]]
> configure: Don't use bash-specific string-replacement syntax
> configure: Drop dead code attempting to use -msmall-data on alpha hosts
> configure: Avoid '==' bashism
>
> configure | 20 +++++++-------------
> target/arm/cpu.h | 2 +-
> hw/display/bcm2835_fb.c | 3 +--
> target/arm/translate-sve.c | 5 +++--
> scripts/coverity-scan/COMPONENTS.md | 7 +++++--
> 5 files changed, 17 insertions(+), 20 deletions(-)
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PULL 0/9] target-arm queue
@ 2022-07-26 15:20 Peter Maydell
2022-07-26 18:36 ` Richard Henderson
0 siblings, 1 reply; 18+ messages in thread
From: Peter Maydell @ 2022-07-26 15:20 UTC (permalink / raw)
To: qemu-devel
A last lot of bug fixes before rc0...
thanks
-- PMM
The following changes since commit 0d0275c31f00b71b49eb80bbdca2cfe244cf80fb:
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging (2022-07-26 10:31:02 +0100)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220726
for you to fetch changes up to 5865d99fe88d8c8fa437c18c6b63fb2a8165634f:
hw/display/bcm2835_fb: Fix framebuffer allocation address (2022-07-26 14:09:44 +0100)
----------------------------------------------------------------
target-arm queue:
* Update Coverity component definitions
* target/arm: Add MO_128 entry to pred_esz_masks[]
* configure: Fix portability issues
* hw/display/bcm2835_fb: Fix framebuffer allocation address
----------------------------------------------------------------
Alan Jian (1):
hw/display/bcm2835_fb: Fix framebuffer allocation address
Peter Maydell (8):
scripts/coverity-scan/COMPONENTS.md: Add loongarch component
scripts/coverity-scan/COMPONENTS.md: Update slirp component info
target/arm: Add MO_128 entry to pred_esz_masks[]
configure: Add missing POSIX-required space
configure: Add braces to clarify intent of $emu[[:space:]]
configure: Don't use bash-specific string-replacement syntax
configure: Drop dead code attempting to use -msmall-data on alpha hosts
configure: Avoid '==' bashism
configure | 20 +++++++-------------
target/arm/cpu.h | 2 +-
hw/display/bcm2835_fb.c | 3 +--
target/arm/translate-sve.c | 5 +++--
scripts/coverity-scan/COMPONENTS.md | 7 +++++--
5 files changed, 17 insertions(+), 20 deletions(-)
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PULL 0/9] target-arm queue
2020-11-17 13:48 Peter Maydell
2020-11-17 14:00 ` no-reply
@ 2020-11-17 21:06 ` Peter Maydell
1 sibling, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2020-11-17 21:06 UTC (permalink / raw)
To: QEMU Developers
On Tue, 17 Nov 2020 at 13:48, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Arm queue; bugfixes only.
>
> thanks
> -- PMM
>
> The following changes since commit 48aa8f0ac536db3550a35c295ff7de94e4c33739:
>
> Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2020-11-16' into staging (2020-11-17 11:07:00 +0000)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201117
>
> for you to fetch changes up to ab135622cf478585bdfcb68b85e4a817d74a0c42:
>
> tmp105: Correct handling of temperature limit checks (2020-11-17 12:56:33 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
> * hw/arm/virt: ARM_VIRT must select ARM_GIC
> * exynos: Fix bad printf format specifiers
> * hw/input/ps2.c: Remove remnants of printf debug
> * target/openrisc: Remove dead code attempting to check "is timer disabled"
> * register: Remove unnecessary NULL check
> * util/cutils: Fix Coverity array overrun in freq_to_str()
> * configure: Make "does libgio work" test pull in some actual functions
> * tmp105: reset the T_low and T_High registers
> * tmp105: Correct handling of temperature limit checks
>
> ----------------------------------------------------------------
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/5.2
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PULL 0/9] target-arm queue
2020-11-17 13:48 Peter Maydell
@ 2020-11-17 14:00 ` no-reply
2020-11-17 21:06 ` Peter Maydell
1 sibling, 0 replies; 18+ messages in thread
From: no-reply @ 2020-11-17 14:00 UTC (permalink / raw)
To: peter.maydell; +Cc: qemu-devel
Patchew URL: https://patchew.org/QEMU/20201117134834.31731-1-peter.maydell@linaro.org/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Message-id: 20201117134834.31731-1-peter.maydell@linaro.org
Type: series
Subject: [PULL 0/9] target-arm queue
=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
* [new tag] patchew/20201117134834.31731-1-peter.maydell@linaro.org -> patchew/20201117134834.31731-1-peter.maydell@linaro.org
Switched to a new branch 'test'
bebbfa8 tmp105: Correct handling of temperature limit checks
7dbe228 hw/misc/tmp105: reset the T_low and T_High registers
46d5e2f configure: Make "does libgio work" test pull in some actual functions
4f56b5c util/cutils: Fix Coverity array overrun in freq_to_str()
1ed468a register: Remove unnecessary NULL check
7121170 target/openrisc: Remove dead code attempting to check "is timer disabled"
1050683 hw/input/ps2.c: Remove remnants of printf debug
c48562a exynos: Fix bad printf format specifiers
a560a57 hw/arm/virt: ARM_VIRT must select ARM_GIC
=== OUTPUT BEGIN ===
1/9 Checking commit a560a57bb83f (hw/arm/virt: ARM_VIRT must select ARM_GIC)
2/9 Checking commit c48562a90681 (exynos: Fix bad printf format specifiers)
3/9 Checking commit 105068325cdf (hw/input/ps2.c: Remove remnants of printf debug)
4/9 Checking commit 7121170373df (target/openrisc: Remove dead code attempting to check "is timer disabled")
5/9 Checking commit 1ed468af6090 (register: Remove unnecessary NULL check)
6/9 Checking commit 4f56b5ca0f04 (util/cutils: Fix Coverity array overrun in freq_to_str())
7/9 Checking commit 46d5e2f37130 (configure: Make "does libgio work" test pull in some actual functions)
8/9 Checking commit 7dbe228baa01 (hw/misc/tmp105: reset the T_low and T_High registers)
9/9 Checking commit bebbfa874a8a (tmp105: Correct handling of temperature limit checks)
ERROR: spaces required around that '*' (ctx:VxV)
#122: FILE: hw/misc/tmp105.c:263:
+ .subsections = (const VMStateDescription*[]) {
^
total: 1 errors, 0 warnings, 108 lines checked
Patch 9/9 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===
Test command exited with code: 1
The full log is available at
http://patchew.org/logs/20201117134834.31731-1-peter.maydell@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PULL 0/9] target-arm queue
@ 2020-11-17 13:48 Peter Maydell
2020-11-17 14:00 ` no-reply
2020-11-17 21:06 ` Peter Maydell
0 siblings, 2 replies; 18+ messages in thread
From: Peter Maydell @ 2020-11-17 13:48 UTC (permalink / raw)
To: qemu-devel
Arm queue; bugfixes only.
thanks
-- PMM
The following changes since commit 48aa8f0ac536db3550a35c295ff7de94e4c33739:
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2020-11-16' into staging (2020-11-17 11:07:00 +0000)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20201117
for you to fetch changes up to ab135622cf478585bdfcb68b85e4a817d74a0c42:
tmp105: Correct handling of temperature limit checks (2020-11-17 12:56:33 +0000)
----------------------------------------------------------------
target-arm queue:
* hw/arm/virt: ARM_VIRT must select ARM_GIC
* exynos: Fix bad printf format specifiers
* hw/input/ps2.c: Remove remnants of printf debug
* target/openrisc: Remove dead code attempting to check "is timer disabled"
* register: Remove unnecessary NULL check
* util/cutils: Fix Coverity array overrun in freq_to_str()
* configure: Make "does libgio work" test pull in some actual functions
* tmp105: reset the T_low and T_High registers
* tmp105: Correct handling of temperature limit checks
----------------------------------------------------------------
Alex Chen (1):
exynos: Fix bad printf format specifiers
Alistair Francis (1):
register: Remove unnecessary NULL check
Andrew Jones (1):
hw/arm/virt: ARM_VIRT must select ARM_GIC
Peter Maydell (5):
hw/input/ps2.c: Remove remnants of printf debug
target/openrisc: Remove dead code attempting to check "is timer disabled"
configure: Make "does libgio work" test pull in some actual functions
hw/misc/tmp105: reset the T_low and T_High registers
tmp105: Correct handling of temperature limit checks
Philippe Mathieu-Daudé (1):
util/cutils: Fix Coverity array overrun in freq_to_str()
configure | 11 +++++--
hw/misc/tmp105.h | 7 +++++
hw/core/register.c | 4 ---
hw/input/ps2.c | 9 ------
hw/misc/tmp105.c | 73 ++++++++++++++++++++++++++++++++++++++------
hw/timer/exynos4210_mct.c | 4 +--
hw/timer/exynos4210_pwm.c | 8 ++---
target/openrisc/sys_helper.c | 3 --
util/cutils.c | 3 +-
hw/arm/Kconfig | 1 +
10 files changed, 89 insertions(+), 34 deletions(-)
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PULL 0/9] target-arm queue
2019-09-27 14:42 Peter Maydell
@ 2019-09-30 10:45 ` Peter Maydell
0 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2019-09-30 10:45 UTC (permalink / raw)
To: QEMU Developers
On Fri, 27 Sep 2019 at 15:42, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> target-arm queue: nothing major here, but no point
> sitting on them waiting for more stuff to come along.
>
> thanks
> -- PMM
>
> The following changes since commit 1329132d28bf14b9508f7a1f04a2c63422bc3f99:
>
> Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2019-09-26 16:14:03 +0100)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190927
>
> for you to fetch changes up to e4e34855e658b78ecac50a651cc847662ff02cfd:
>
> hw/arm/boot: Use the IEC binary prefix definitions (2019-09-27 11:44:39 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
> * Fix the CBAR register implementation for Cortex-A53,
> Cortex-A57, Cortex-A72
> * Fix direct booting of Linux kernels on emulated CPUs
> which have an AArch32 EL3 (incorrect NSACR settings
> meant they could not access the FPU)
> * semihosting cleanup: do more work at translate time
> and less work at runtime
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/4.2
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PULL 0/9] target-arm queue
@ 2019-09-27 14:42 Peter Maydell
2019-09-30 10:45 ` Peter Maydell
0 siblings, 1 reply; 18+ messages in thread
From: Peter Maydell @ 2019-09-27 14:42 UTC (permalink / raw)
To: qemu-devel
target-arm queue: nothing major here, but no point
sitting on them waiting for more stuff to come along.
thanks
-- PMM
The following changes since commit 1329132d28bf14b9508f7a1f04a2c63422bc3f99:
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2019-09-26 16:14:03 +0100)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190927
for you to fetch changes up to e4e34855e658b78ecac50a651cc847662ff02cfd:
hw/arm/boot: Use the IEC binary prefix definitions (2019-09-27 11:44:39 +0100)
----------------------------------------------------------------
target-arm queue:
* Fix the CBAR register implementation for Cortex-A53,
Cortex-A57, Cortex-A72
* Fix direct booting of Linux kernels on emulated CPUs
which have an AArch32 EL3 (incorrect NSACR settings
meant they could not access the FPU)
* semihosting cleanup: do more work at translate time
and less work at runtime
----------------------------------------------------------------
Alex Bennée (6):
tests/tcg: clean-up some comments after the de-tangling
target/arm: handle M-profile semihosting at translate time
target/arm: handle A-profile semihosting at translate time
target/arm: remove run time semihosting checks
target/arm: remove run-time semihosting checks for linux-user
tests/tcg: add linux-user semihosting smoke test for ARM
Luc Michel (1):
target/arm: fix CBAR register for AArch64 CPUs
Peter Maydell (1):
hw/arm/boot.c: Set NSACR.{CP11,CP10} for NS kernel boots
Philippe Mathieu-Daudé (1):
hw/arm/boot: Use the IEC binary prefix definitions
tests/tcg/Makefile.target | 7 ++-
tests/tcg/aarch64/Makefile.target | 8 ++-
tests/tcg/arm/Makefile.target | 20 ++++---
linux-user/arm/target_syscall.h | 3 -
hw/arm/boot.c | 12 ++--
linux-user/arm/cpu_loop.c | 3 -
target/arm/helper.c | 115 +++++++++++++-------------------------
target/arm/m_helper.c | 18 ++----
target/arm/translate.c | 30 ++++++++--
tests/tcg/arm/semihosting.c | 45 +++++++++++++++
10 files changed, 146 insertions(+), 115 deletions(-)
create mode 100644 tests/tcg/arm/semihosting.c
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2022-07-26 18:39 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-07 12:27 [PULL 0/9] target-arm queue Peter Maydell
2022-07-07 12:27 ` [PULL 1/9] hw/arm/virt: dt: add rng-seed property Peter Maydell
2022-07-07 12:27 ` [PULL 2/9] target/arm: Fix MTE check in sve_ldnfff1_r Peter Maydell
2022-07-07 12:27 ` [PULL 3/9] target/arm: Record tagged bit for user-only in sve_probe_page Peter Maydell
2022-07-07 12:27 ` [PULL 4/9] target/arm: Fix code style issues in debug helper functions Peter Maydell
2022-07-07 12:27 ` [PULL 5/9] target/arm: Move define_debug_regs() to debug_helper.c Peter Maydell
2022-07-07 12:27 ` [PULL 6/9] target/arm: Suppress debug exceptions when OS Lock set Peter Maydell
2022-07-07 12:27 ` [PULL 7/9] target/arm: Implement AArch32 DBGDEVID, DBGDEVID1, DBGDEVID2 Peter Maydell
2022-07-07 12:27 ` [PULL 8/9] target/arm: Correctly implement Feat_DoubleLock Peter Maydell
2022-07-07 12:27 ` [PULL 9/9] target/arm: Fix qemu-system-arm handling of LPAE block descriptors for highmem Peter Maydell
2022-07-08 2:32 ` [PULL 0/9] target-arm queue Richard Henderson
-- strict thread matches above, loose matches on Subject: below --
2022-07-26 15:20 Peter Maydell
2022-07-26 18:36 ` Richard Henderson
2020-11-17 13:48 Peter Maydell
2020-11-17 14:00 ` no-reply
2020-11-17 21:06 ` Peter Maydell
2019-09-27 14:42 Peter Maydell
2019-09-30 10:45 ` Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.