* [Qemu-devel] [PULL 01/13] target-arm: Add missing 'static' attribute
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
@ 2015-10-16 13:57 ` Peter Maydell
2015-10-16 13:57 ` [Qemu-devel] [PULL 02/13] target-arm: Break the TB after ISB to execute self-modified code correctly Peter Maydell
` (12 subsequent siblings)
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:57 UTC (permalink / raw)
To: qemu-devel
From: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1443213733-9807-1-git-send-email-sw@weilnetz.de
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 8367997..584f6df 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -5194,7 +5194,7 @@ void switch_mode(CPUARMState *env, int mode)
* BIT IRQ IMO Non-secure Secure
* EL3 FIQ RW FMO EL0 EL1 EL2 EL3 EL0 EL1 EL2 EL3
*/
-const int8_t target_el_table[2][2][2][2][2][4] = {
+static const int8_t target_el_table[2][2][2][2][2][4] = {
{{{{/* 0 0 0 0 */{ 1, 1, 2, -1 },{ 3, -1, -1, 3 },},
{/* 0 0 0 1 */{ 2, 2, 2, -1 },{ 3, -1, -1, 3 },},},
{{/* 0 0 1 0 */{ 1, 1, 2, -1 },{ 3, -1, -1, 3 },},
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 02/13] target-arm: Break the TB after ISB to execute self-modified code correctly
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
2015-10-16 13:57 ` [Qemu-devel] [PULL 01/13] target-arm: Add missing 'static' attribute Peter Maydell
@ 2015-10-16 13:57 ` Peter Maydell
2015-10-16 13:57 ` [Qemu-devel] [PULL 03/13] target-arm: Avoid calling arm_el_is_aa64() function for unimplemented EL Peter Maydell
` (11 subsequent siblings)
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:57 UTC (permalink / raw)
To: qemu-devel
From: Sergey Sorokin <afarallax@yandex.ru>
If any store instruction writes the code inside the same TB
after this store insn, the execution of the TB must be stopped
to execute new code correctly.
As described in ARMv8 manual D3.4.6 self-modifying code must do an
IC invalidation to be valid, and an ISB after it. So it's enough to end
the TB after ISB instruction on the code translation.
Also this TB break is necessary to take any pending interrupts immediately
after an ISB (as required by ARMv8 ARM D1.14.4).
Signed-off-by: Sergey Sorokin <afarallax@yandex.ru>
[PMM: tweaked commit message and comments slightly]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/helper.c | 6 +++++-
target-arm/translate-a64.c | 8 +++++++-
target-arm/translate.c | 17 +++++++++++++++--
3 files changed, 27 insertions(+), 4 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 584f6df..b498670 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -657,8 +657,12 @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
{ .name = "MVA_prefetch",
.cp = 15, .crn = 7, .crm = 13, .opc1 = 0, .opc2 = 1,
.access = PL1_W, .type = ARM_CP_NOP },
+ /* We need to break the TB after ISB to execute self-modifying code
+ * correctly and also to take any pending interrupts immediately.
+ * So use arm_cp_write_ignore() function instead of ARM_CP_NOP flag.
+ */
{ .name = "ISB", .cp = 15, .crn = 7, .crm = 5, .opc1 = 0, .opc2 = 4,
- .access = PL0_W, .type = ARM_CP_NOP },
+ .access = PL0_W, .type = ARM_CP_NO_RAW, .writefn = arm_cp_write_ignore },
{ .name = "DSB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 4,
.access = PL0_W, .type = ARM_CP_NOP },
{ .name = "DMB", .cp = 15, .crn = 7, .crm = 10, .opc1 = 0, .opc2 = 5,
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index e65e309..a4580c0 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -1230,9 +1230,15 @@ static void handle_sync(DisasContext *s, uint32_t insn,
return;
case 4: /* DSB */
case 5: /* DMB */
- case 6: /* ISB */
/* We don't emulate caches so barriers are no-ops */
return;
+ case 6: /* ISB */
+ /* We need to break the TB after this insn to execute
+ * a self-modified code correctly and also to take
+ * any pending interrupts immediately.
+ */
+ s->is_jmp = DISAS_UPDATE;
+ return;
default:
unallocated_encoding(s);
return;
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 22c3587..1273000 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -7720,10 +7720,16 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
return;
case 4: /* dsb */
case 5: /* dmb */
- case 6: /* isb */
ARCH(7);
/* We don't emulate caches so these are a no-op. */
return;
+ case 6: /* isb */
+ /* We need to break the TB after this insn to execute
+ * self-modifying code correctly and also to take
+ * any pending interrupts immediately.
+ */
+ gen_lookup_tb(s);
+ return;
default:
goto illegal_op;
}
@@ -10030,9 +10036,16 @@ static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw
break;
case 4: /* dsb */
case 5: /* dmb */
- case 6: /* isb */
/* These execute as NOPs. */
break;
+ case 6: /* isb */
+ /* We need to break the TB after this insn
+ * to execute self-modifying code correctly
+ * and also to take any pending interrupts
+ * immediately.
+ */
+ gen_lookup_tb(s);
+ break;
default:
goto illegal_op;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 03/13] target-arm: Avoid calling arm_el_is_aa64() function for unimplemented EL
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
2015-10-16 13:57 ` [Qemu-devel] [PULL 01/13] target-arm: Add missing 'static' attribute Peter Maydell
2015-10-16 13:57 ` [Qemu-devel] [PULL 02/13] target-arm: Break the TB after ISB to execute self-modified code correctly Peter Maydell
@ 2015-10-16 13:57 ` Peter Maydell
2015-10-16 13:57 ` [Qemu-devel] [PULL 04/13] hw/arm/virt: smbios: inform guest of kvm Peter Maydell
` (10 subsequent siblings)
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:57 UTC (permalink / raw)
To: qemu-devel
From: Sergey Sorokin <afarallax@yandex.ru>
It is incorrect to call arm_el_is_aa64() function for unimplemented EL.
This patch fixes several attempts to do so.
Signed-off-by: Sergey Sorokin <afarallax@yandex.ru>
[PMM: Reworked several of the comments to be more verbose.]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/cpu.h | 11 ++++++++---
target-arm/helper.c | 15 +++++++++++++--
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 493f9d0..5fb0479 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -1016,11 +1016,11 @@ static inline bool access_secure_reg(CPUARMState *env)
*/
#define A32_BANKED_CURRENT_REG_GET(_env, _regname) \
A32_BANKED_REG_GET((_env), _regname, \
- ((!arm_el_is_aa64((_env), 3) && arm_is_secure(_env))))
+ (arm_is_secure(_env) && !arm_el_is_aa64((_env), 3)))
#define A32_BANKED_CURRENT_REG_SET(_env, _regname, _val) \
A32_BANKED_REG_SET((_env), _regname, \
- ((!arm_el_is_aa64((_env), 3) && arm_is_secure(_env))), \
+ (arm_is_secure(_env) && !arm_el_is_aa64((_env), 3)), \
(_val))
void arm_cpu_list(FILE *f, fprintf_function cpu_fprintf);
@@ -1587,7 +1587,12 @@ static inline bool arm_excp_unmasked(CPUState *cs, unsigned int excp_idx,
* interrupt.
*/
if ((target_el > cur_el) && (target_el != 1)) {
- if (arm_el_is_aa64(env, 3) || ((scr || hcr) && (!secure))) {
+ /* ARM_FEATURE_AARCH64 enabled means the highest EL is AArch64.
+ * This code currently assumes that EL2 is not implemented
+ * (and so that highest EL will be 3 and the target_el also 3).
+ */
+ if (arm_feature(env, ARM_FEATURE_AARCH64) ||
+ ((scr || hcr) && (!secure))) {
unmasked = 1;
}
}
diff --git a/target-arm/helper.c b/target-arm/helper.c
index b498670..b2d78b0 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -5224,11 +5224,22 @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t excp_idx,
uint32_t cur_el, bool secure)
{
CPUARMState *env = cs->env_ptr;
- int rw = ((env->cp15.scr_el3 & SCR_RW) == SCR_RW);
+ int rw;
int scr;
int hcr;
int target_el;
- int is64 = arm_el_is_aa64(env, 3);
+ /* Is the highest EL AArch64? */
+ int is64 = arm_feature(env, ARM_FEATURE_AARCH64);
+
+ if (arm_feature(env, ARM_FEATURE_EL3)) {
+ rw = ((env->cp15.scr_el3 & SCR_RW) == SCR_RW);
+ } else {
+ /* Either EL2 is the highest EL (and so the EL2 register width
+ * is given by is64); or there is no EL2 or EL3, in which case
+ * the value of 'rw' does not affect the table lookup anyway.
+ */
+ rw = is64;
+ }
switch (excp_idx) {
case EXCP_IRQ:
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 04/13] hw/arm/virt: smbios: inform guest of kvm
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
` (2 preceding siblings ...)
2015-10-16 13:57 ` [Qemu-devel] [PULL 03/13] target-arm: Avoid calling arm_el_is_aa64() function for unimplemented EL Peter Maydell
@ 2015-10-16 13:57 ` Peter Maydell
2015-10-16 13:57 ` [Qemu-devel] [PULL 05/13] target-arm: Implement AArch64 OSLAR/OSLSR_EL1 sysregs Peter Maydell
` (9 subsequent siblings)
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:57 UTC (permalink / raw)
To: qemu-devel
From: Andrew Jones <drjones@redhat.com>
ARM/AArch64 KVM guests don't have any way to identify
themselves as KVM guests (x86 guests use a CPUID leaf). Now, we
could discuss all sorts of reasons why guests shouldn't need to
know that, but then there's always some case where it'd be
nice... Anyway, now that we have SMBIOS tables in ARM guests,
it's easy for the guest to know that it's a QEMU instance. This
patch takes that one step further, also identifying KVM, when
appropriate. Again, we could debate why generally nothing
should care whether it's of type QEMU or QEMU/KVM, but again,
sometimes it's nice to know...
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Wei Huang <wei@redhat.com>
Message-id: 1443017892-15567-1-git-send-email-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/virt.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index d25d6cf..5ac5178 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -884,12 +884,17 @@ static void virt_build_smbios(VirtGuestInfo *guest_info)
FWCfgState *fw_cfg = guest_info->fw_cfg;
uint8_t *smbios_tables, *smbios_anchor;
size_t smbios_tables_len, smbios_anchor_len;
+ const char *product = "QEMU Virtual Machine";
if (!fw_cfg) {
return;
}
- smbios_set_defaults("QEMU", "QEMU Virtual Machine",
+ if (kvm_enabled()) {
+ product = "KVM Virtual Machine";
+ }
+
+ smbios_set_defaults("QEMU", product,
"1.0", false, true, SMBIOS_ENTRY_POINT_30);
smbios_get_tables(NULL, 0, &smbios_tables, &smbios_tables_len,
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 05/13] target-arm: Implement AArch64 OSLAR/OSLSR_EL1 sysregs
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
` (3 preceding siblings ...)
2015-10-16 13:57 ` [Qemu-devel] [PULL 04/13] hw/arm/virt: smbios: inform guest of kvm Peter Maydell
@ 2015-10-16 13:57 ` Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 06/13] target-arm: Provide model numbers for Sharp PDAs Peter Maydell
` (8 subsequent siblings)
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:57 UTC (permalink / raw)
To: qemu-devel
From: Davorin Mista <davorin.mista@aggios.com>
Added oslar_write function to OSLAR_EL1 sysreg, using a status variable
in ARMCPUState.cp15 struct (oslsr_el1). This variable is also linked
to the newly added read-only OSLSR_EL1 register.
Linux reads from this register during its suspend/resume procedure.
Signed-off-by: Davorin Mista <davorin.mista@aggios.com>
[PMM: folded a long line and tweaked a comment]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/cpu.h | 1 +
target-arm/helper.c | 25 +++++++++++++++++++++++--
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 5fb0479..d1b5bc1 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -379,6 +379,7 @@ typedef struct CPUARMState {
uint64_t dbgwvr[16]; /* watchpoint value registers */
uint64_t dbgwcr[16]; /* watchpoint control registers */
uint64_t mdscr_el1;
+ uint64_t oslsr_el1; /* OS Lock Status */
/* If the counter is enabled, this stores the last time the counter
* was reset. Otherwise it stores the counter value
*/
diff --git a/target-arm/helper.c b/target-arm/helper.c
index b2d78b0..403a30e 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3568,6 +3568,23 @@ static CPAccessResult ctr_el0_access(CPUARMState *env, const ARMCPRegInfo *ri)
return CP_ACCESS_OK;
}
+static void oslar_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ uint64_t value)
+{
+ /* Writes to OSLAR_EL1 may update the OS lock status, which can be
+ * read via a bit in OSLSR_EL1.
+ */
+ int oslock;
+
+ if (ri->state == ARM_CP_STATE_AA32) {
+ oslock = (value == 0xC5ACCE55);
+ } else {
+ oslock = value & 1;
+ }
+
+ env->cp15.oslsr_el1 = deposit32(env->cp15.oslsr_el1, 1, 1, oslock);
+}
+
static const ARMCPRegInfo debug_cp_reginfo[] = {
/* DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
* debug components. The AArch64 version of DBGDRAR is named MDRAR_EL1;
@@ -3596,10 +3613,14 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
.type = ARM_CP_ALIAS,
.access = PL1_R,
.fieldoffset = offsetof(CPUARMState, cp15.mdscr_el1), },
- /* We define a dummy WI OSLAR_EL1, because Linux writes to it. */
{ .name = "OSLAR_EL1", .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 4,
- .access = PL1_W, .type = ARM_CP_NOP },
+ .access = PL1_W, .type = ARM_CP_NO_RAW,
+ .writefn = oslar_write },
+ { .name = "OSLSR_EL1", .state = ARM_CP_STATE_BOTH,
+ .cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 1, .opc2 = 4,
+ .access = PL1_R, .resetvalue = 10,
+ .fieldoffset = offsetof(CPUARMState, cp15.oslsr_el1) },
/* Dummy OSDLR_EL1: 32-bit Linux will read this */
{ .name = "OSDLR_EL1", .state = ARM_CP_STATE_BOTH,
.cp = 14, .opc0 = 2, .opc1 = 0, .crn = 1, .crm = 3, .opc2 = 4,
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 06/13] target-arm: Provide model numbers for Sharp PDAs
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
` (4 preceding siblings ...)
2015-10-16 13:57 ` [Qemu-devel] [PULL 05/13] target-arm: Implement AArch64 OSLAR/OSLSR_EL1 sysregs Peter Maydell
@ 2015-10-16 13:58 ` Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 07/13] arm: imx25-pdk: Fix machine name Peter Maydell
` (7 subsequent siblings)
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:58 UTC (permalink / raw)
To: qemu-devel
From: Ryo ONODERA <ryo_on@yk.rim.or.jp>
* For Collie, Akita, Spitz, Borzoi, Terrier and Tosa PDAs, provide
model numbers and manufacturer (Sharp) information.
Signed-off-by: Ryo ONODERA <ryo_on@yk.rim.or.jp>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/collie.c | 2 +-
hw/arm/spitz.c | 8 ++++----
hw/arm/tosa.c | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/hw/arm/collie.c b/hw/arm/collie.c
index 4e6541e..9991c0c 100644
--- a/hw/arm/collie.c
+++ b/hw/arm/collie.c
@@ -60,7 +60,7 @@ static void collie_init(MachineState *machine)
static void collie_machine_init(MachineClass *mc)
{
- mc->desc = "Collie PDA (SA-1110)";
+ mc->desc = "Sharp SL-5500 (Collie) PDA (SA-1110)";
mc->init = collie_init;
}
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
index 2af03be..8d3cc0b 100644
--- a/hw/arm/spitz.c
+++ b/hw/arm/spitz.c
@@ -976,7 +976,7 @@ static void akitapda_class_init(ObjectClass *oc, void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
- mc->desc = "Akita PDA (PXA270)";
+ mc->desc = "Sharp SL-C1000 (Akita) PDA (PXA270)";
mc->init = akita_init;
}
@@ -990,7 +990,7 @@ static void spitzpda_class_init(ObjectClass *oc, void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
- mc->desc = "Spitz PDA (PXA270)";
+ mc->desc = "Sharp SL-C3000 (Spitz) PDA (PXA270)";
mc->init = spitz_init;
}
@@ -1004,7 +1004,7 @@ static void borzoipda_class_init(ObjectClass *oc, void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
- mc->desc = "Borzoi PDA (PXA270)";
+ mc->desc = "Sharp SL-C3100 (Borzoi) PDA (PXA270)";
mc->init = borzoi_init;
}
@@ -1018,7 +1018,7 @@ static void terrierpda_class_init(ObjectClass *oc, void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
- mc->desc = "Terrier PDA (PXA270)";
+ mc->desc = "Sharp SL-C3200 (Terrier) PDA (PXA270)";
mc->init = terrier_init;
}
diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
index 51d0b89..02814d7 100644
--- a/hw/arm/tosa.c
+++ b/hw/arm/tosa.c
@@ -254,7 +254,7 @@ static void tosa_init(MachineState *machine)
static void tosapda_machine_init(MachineClass *mc)
{
- mc->desc = "Tosa PDA (PXA255)";
+ mc->desc = "Sharp SL-6000 (Tosa) PDA (PXA255)";
mc->init = tosa_init;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 07/13] arm: imx25-pdk: Fix machine name
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
` (5 preceding siblings ...)
2015-10-16 13:58 ` [Qemu-devel] [PULL 06/13] target-arm: Provide model numbers for Sharp PDAs Peter Maydell
@ 2015-10-16 13:58 ` Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 08/13] misc: zynq_slcr: Fix MMIO writes Peter Maydell
` (6 subsequent siblings)
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:58 UTC (permalink / raw)
To: qemu-devel
From: Peter Crosthwaite <crosthwaitepeter@gmail.com>
ARM uses dashes instead of underscores for machine names. Fix imx25_pdk
which has not seen a release yet (so there is no legacy yet).
Cc: Jean-Christophe Dubois <jcd@tribudubois.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1444445785-3648-1-git-send-email-crosthwaite.peter@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: Added change to tests/ds1338-test.c to use new machine name]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/imx25_pdk.c | 2 +-
tests/ds1338-test.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/arm/imx25_pdk.c b/hw/arm/imx25_pdk.c
index 4250114..59a4c11 100644
--- a/hw/arm/imx25_pdk.c
+++ b/hw/arm/imx25_pdk.c
@@ -151,4 +151,4 @@ static void imx25_pdk_machine_init(MachineClass *mc)
mc->init = imx25_pdk_init;
}
-DEFINE_MACHINE("imx25_pdk", imx25_pdk_machine_init)
+DEFINE_MACHINE("imx25-pdk", imx25_pdk_machine_init)
diff --git a/tests/ds1338-test.c b/tests/ds1338-test.c
index a7fb415..7d513d8 100644
--- a/tests/ds1338-test.c
+++ b/tests/ds1338-test.c
@@ -61,7 +61,7 @@ int main(int argc, char **argv)
g_test_init(&argc, &argv, NULL);
- s = qtest_start("-display none -machine imx25_pdk");
+ s = qtest_start("-display none -machine imx25-pdk");
i2c = imx_i2c_create(IMX25_I2C_0_BASE);
addr = DS1338_ADDR;
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 08/13] misc: zynq_slcr: Fix MMIO writes
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
` (6 preceding siblings ...)
2015-10-16 13:58 ` [Qemu-devel] [PULL 07/13] arm: imx25-pdk: Fix machine name Peter Maydell
@ 2015-10-16 13:58 ` Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 09/13] target-arm: Add MDCR_EL2 Peter Maydell
` (5 subsequent siblings)
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:58 UTC (permalink / raw)
To: qemu-devel
From: Peter Crosthwaite <crosthwaitepeter@gmail.com>
The /4 for offset calculation in MMIO writes was happening twice giving
wrong write offsets. Fix.
While touching the code, change the if-else to be a short returning if
and convert the debug message to a GUEST_ERROR, which is more accurate
for this condition.
Cc: qemu-stable@nongnu.org
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/misc/zynq_slcr.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/hw/misc/zynq_slcr.c b/hw/misc/zynq_slcr.c
index 964f253..3d78708 100644
--- a/hw/misc/zynq_slcr.c
+++ b/hw/misc/zynq_slcr.c
@@ -393,12 +393,12 @@ static void zynq_slcr_write(void *opaque, hwaddr offset,
return;
}
- if (!s->regs[LOCKSTA]) {
- s->regs[offset / 4] = val;
- } else {
- DB_PRINT("SCLR registers are locked. Unlock them first\n");
+ if (s->regs[LOCKSTA]) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "SCLR registers are locked. Unlock them first\n");
return;
}
+ s->regs[offset] = val;
switch (offset) {
case PSS_RST_CTRL:
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 09/13] target-arm: Add MDCR_EL2
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
` (7 preceding siblings ...)
2015-10-16 13:58 ` [Qemu-devel] [PULL 08/13] misc: zynq_slcr: Fix MMIO writes Peter Maydell
@ 2015-10-16 13:58 ` Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 10/13] hw/arm/virt: Allow zero address for PCI IO space Peter Maydell
` (4 subsequent siblings)
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:58 UTC (permalink / raw)
To: qemu-devel
From: Sergey Fedorov <serge.fdrv@gmail.com>
Add the MDCR_EL2 register. We don't implement any of
the debug-related traps this register controls yet, so
currently it simply reads back as written.
Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Message-id: 1444383794-16767-1-git-send-email-serge.fdrv@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: tweaked commit message; moved non-dummy definition from
debug_cp_reginfo to el2_cp_reginfo.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/cpu.h | 1 +
target-arm/helper.c | 12 ++++++++++++
2 files changed, 13 insertions(+)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index d1b5bc1..e555122 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -380,6 +380,7 @@ typedef struct CPUARMState {
uint64_t dbgwcr[16]; /* watchpoint control registers */
uint64_t mdscr_el1;
uint64_t oslsr_el1; /* OS Lock Status */
+ uint64_t mdcr_el2;
/* If the counter is enabled, this stores the last time the counter
* was reset. Otherwise it stores the counter value
*/
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 403a30e..e7fda37 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3227,6 +3227,9 @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
{ .name = "CNTHP_CTL_EL2", .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 4, .crn = 14, .crm = 2, .opc2 = 1,
.access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "MDCR_EL2", .state = ARM_CP_STATE_BOTH,
+ .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 1,
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
REGINFO_SENTINEL
};
@@ -3448,6 +3451,15 @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
.resetvalue = 0,
.writefn = gt_hyp_ctl_write, .raw_writefn = raw_write },
#endif
+ /* The only field of MDCR_EL2 that has a defined architectural reset value
+ * is MDCR_EL2.HPMN which should reset to the value of PMCR_EL0.N; but we
+ * don't impelment any PMU event counters, so using zero as a reset
+ * value for MDCR_EL2 is okay
+ */
+ { .name = "MDCR_EL2", .state = ARM_CP_STATE_BOTH,
+ .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 1,
+ .access = PL2_RW, .resetvalue = 0,
+ .fieldoffset = offsetof(CPUARMState, cp15.mdcr_el2), },
REGINFO_SENTINEL
};
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 10/13] hw/arm/virt: Allow zero address for PCI IO space
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
` (8 preceding siblings ...)
2015-10-16 13:58 ` [Qemu-devel] [PULL 09/13] target-arm: Add MDCR_EL2 Peter Maydell
@ 2015-10-16 13:58 ` Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 11/13] target-arm: implement arm_debug_target_el() Peter Maydell
` (3 subsequent siblings)
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:58 UTC (permalink / raw)
To: qemu-devel
From: Alexander Gordeev <agordeev@redhat.com>
Currently PCI IO address 0 is not allowed even though
the IO space starts from 0. This update makes PCI IO
address 0 usable.
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Andrew Jones <drjones@redhat.com>
Signed-off-by: Alexander Gordeev <agordeev@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/virt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 5ac5178..4e7160c 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1162,6 +1162,7 @@ static void virt_class_init(ObjectClass *oc, void *data)
mc->has_dynamic_sysbus = true;
mc->block_default_type = IF_VIRTIO;
mc->no_cdrom = 1;
+ mc->pci_allow_0_address = true;
}
static const TypeInfo machvirt_info = {
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 11/13] target-arm: implement arm_debug_target_el()
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
` (9 preceding siblings ...)
2015-10-16 13:58 ` [Qemu-devel] [PULL 10/13] hw/arm/virt: Allow zero address for PCI IO space Peter Maydell
@ 2015-10-16 13:58 ` Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 12/13] target-arm: Fix GDB breakpoint handling Peter Maydell
` (2 subsequent siblings)
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:58 UTC (permalink / raw)
To: qemu-devel
From: Sergey Fedorov <serge.fdrv@gmail.com>
Implement debug exception routing according to ARM ARM D2.3.1 Pseudocode
description of routing debug exceptions.
Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/cpu.h | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index e555122..3daa7f5 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -1702,7 +1702,22 @@ static inline int cpu_mmu_index(CPUARMState *env, bool ifetch)
*/
static inline int arm_debug_target_el(CPUARMState *env)
{
- return 1;
+ bool secure = arm_is_secure(env);
+ bool route_to_el2 = false;
+
+ if (arm_feature(env, ARM_FEATURE_EL2) && !secure) {
+ route_to_el2 = env->cp15.hcr_el2 & HCR_TGE ||
+ env->cp15.mdcr_el2 & (1 << 8);
+ }
+
+ if (route_to_el2) {
+ return 2;
+ } else if (arm_feature(env, ARM_FEATURE_EL3) &&
+ !arm_el_is_aa64(env, 3) && secure) {
+ return 3;
+ } else {
+ return 1;
+ }
}
static inline bool aa64_generate_debug_exceptions(CPUARMState *env)
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 12/13] target-arm: Fix GDB breakpoint handling
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
` (10 preceding siblings ...)
2015-10-16 13:58 ` [Qemu-devel] [PULL 11/13] target-arm: implement arm_debug_target_el() Peter Maydell
@ 2015-10-16 13:58 ` Peter Maydell
2015-10-16 13:58 ` [Qemu-devel] [PULL 13/13] target-arm: Fix CPU " Peter Maydell
2015-10-17 14:05 ` [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:58 UTC (permalink / raw)
To: qemu-devel
From: Sergey Fedorov <serge.fdrv@gmail.com>
GDB breakpoints have higher priority so they have to be checked first.
Should GDB breakpoint match, just return from the debug exception
handler.
Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/op_helper.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index 1425a1d..67b18c0 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -897,6 +897,12 @@ void arm_debug_excp_handler(CPUState *cs)
}
}
} else {
+ uint64_t pc = is_a64(env) ? env->pc : env->regs[15];
+
+ if (cpu_breakpoint_test(cs, pc, BP_GDB)) {
+ return;
+ }
+
if (check_breakpoints(cpu)) {
bool same_el = (arm_debug_target_el(env) == arm_current_el(env));
if (extended_addresses_enabled(env)) {
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [Qemu-devel] [PULL 13/13] target-arm: Fix CPU breakpoint handling
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
` (11 preceding siblings ...)
2015-10-16 13:58 ` [Qemu-devel] [PULL 12/13] target-arm: Fix GDB breakpoint handling Peter Maydell
@ 2015-10-16 13:58 ` Peter Maydell
2015-10-21 18:15 ` Sergey Fedorov
2015-10-17 14:05 ` [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
13 siblings, 1 reply; 27+ messages in thread
From: Peter Maydell @ 2015-10-16 13:58 UTC (permalink / raw)
To: qemu-devel
From: Sergey Fedorov <serge.fdrv@gmail.com>
A QEMU breakpoint match is not definitely an architectural breakpoint
match. If an exception is generated unconditionally during translation,
it is hardly possible to ignore it in the debug exception handler.
Generate a call to a helper to check CPU breakpoints and raise an
exception only if any breakpoint matches architecturally.
Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/helper.h | 2 ++
target-arm/op_helper.c | 29 ++++++++++++++++++-----------
target-arm/translate-a64.c | 17 ++++++++++++-----
target-arm/translate.c | 19 ++++++++++++++-----
4 files changed, 46 insertions(+), 21 deletions(-)
diff --git a/target-arm/helper.h b/target-arm/helper.h
index 827b33d..c2a85c7 100644
--- a/target-arm/helper.h
+++ b/target-arm/helper.h
@@ -54,6 +54,8 @@ DEF_HELPER_1(yield, void, env)
DEF_HELPER_1(pre_hvc, void, env)
DEF_HELPER_2(pre_smc, void, env, i32)
+DEF_HELPER_1(check_breakpoints, void, env)
+
DEF_HELPER_3(cpsr_write, void, env, i32, i32)
DEF_HELPER_1(cpsr_read, i32, env)
diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
index 67b18c0..7929c71 100644
--- a/target-arm/op_helper.c
+++ b/target-arm/op_helper.c
@@ -867,6 +867,15 @@ static bool check_breakpoints(ARMCPU *cpu)
return false;
}
+void HELPER(check_breakpoints)(CPUARMState *env)
+{
+ ARMCPU *cpu = arm_env_get_cpu(env);
+
+ if (check_breakpoints(cpu)) {
+ HELPER(exception_internal(env, EXCP_DEBUG));
+ }
+}
+
void arm_debug_excp_handler(CPUState *cs)
{
/* Called by core code when a watchpoint or breakpoint fires;
@@ -898,23 +907,21 @@ void arm_debug_excp_handler(CPUState *cs)
}
} else {
uint64_t pc = is_a64(env) ? env->pc : env->regs[15];
+ bool same_el = (arm_debug_target_el(env) == arm_current_el(env));
if (cpu_breakpoint_test(cs, pc, BP_GDB)) {
return;
}
- if (check_breakpoints(cpu)) {
- bool same_el = (arm_debug_target_el(env) == arm_current_el(env));
- if (extended_addresses_enabled(env)) {
- env->exception.fsr = (1 << 9) | 0x22;
- } else {
- env->exception.fsr = 0x2;
- }
- /* FAR is UNKNOWN, so doesn't need setting */
- raise_exception(env, EXCP_PREFETCH_ABORT,
- syn_breakpoint(same_el),
- arm_debug_target_el(env));
+ if (extended_addresses_enabled(env)) {
+ env->exception.fsr = (1 << 9) | 0x22;
+ } else {
+ env->exception.fsr = 0x2;
}
+ /* FAR is UNKNOWN, so doesn't need setting */
+ raise_exception(env, EXCP_PREFETCH_ABORT,
+ syn_breakpoint(same_el),
+ arm_debug_target_el(env));
}
}
diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index a4580c0..19f9d8d 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -11090,11 +11090,18 @@ void gen_intermediate_code_a64(ARMCPU *cpu, TranslationBlock *tb)
CPUBreakpoint *bp;
QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
if (bp->pc == dc->pc) {
- gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
- /* Advance PC so that clearing the breakpoint will
- invalidate this TB. */
- dc->pc += 2;
- goto done_generating;
+ if (bp->flags & BP_CPU) {
+ gen_helper_check_breakpoints(cpu_env);
+ /* End the TB early; it likely won't be executed */
+ dc->is_jmp = DISAS_UPDATE;
+ } else {
+ gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
+ /* Advance PC so that clearing the breakpoint will
+ invalidate this TB. */
+ dc->pc += 4;
+ goto done_generating;
+ }
+ break;
}
}
}
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 1273000..9f1d740 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -11342,11 +11342,20 @@ void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
CPUBreakpoint *bp;
QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
if (bp->pc == dc->pc) {
- gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
- /* Advance PC so that clearing the breakpoint will
- invalidate this TB. */
- dc->pc += 2;
- goto done_generating;
+ if (bp->flags & BP_CPU) {
+ gen_helper_check_breakpoints(cpu_env);
+ /* End the TB early; it's likely not going to be executed */
+ dc->is_jmp = DISAS_UPDATE;
+ } else {
+ gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
+ /* Advance PC so that clearing the breakpoint will
+ invalidate this TB. */
+ /* TODO: Advance PC by correct instruction length to
+ * avoid disassembler error messages */
+ dc->pc += 2;
+ goto done_generating;
+ }
+ break;
}
}
}
--
1.9.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* Re: [Qemu-devel] [PULL 13/13] target-arm: Fix CPU breakpoint handling
2015-10-16 13:58 ` [Qemu-devel] [PULL 13/13] target-arm: Fix CPU " Peter Maydell
@ 2015-10-21 18:15 ` Sergey Fedorov
2015-11-02 11:09 ` Peter Maydell
0 siblings, 1 reply; 27+ messages in thread
From: Sergey Fedorov @ 2015-10-21 18:15 UTC (permalink / raw)
To: Peter Maydell, qemu-devel
On 16.10.2015 16:58, Peter Maydell wrote:
> From: Sergey Fedorov <serge.fdrv@gmail.com>
>
> A QEMU breakpoint match is not definitely an architectural breakpoint
> match. If an exception is generated unconditionally during translation,
> it is hardly possible to ignore it in the debug exception handler.
>
> Generate a call to a helper to check CPU breakpoints and raise an
> exception only if any breakpoint matches architecturally.
>
> Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> target-arm/helper.h | 2 ++
> target-arm/op_helper.c | 29 ++++++++++++++++++-----------
> target-arm/translate-a64.c | 17 ++++++++++++-----
> target-arm/translate.c | 19 ++++++++++++++-----
> 4 files changed, 46 insertions(+), 21 deletions(-)
>
(snip)
> diff --git a/target-arm/translate.c b/target-arm/translate.c
> index 1273000..9f1d740 100644
> --- a/target-arm/translate.c
> +++ b/target-arm/translate.c
> @@ -11342,11 +11342,20 @@ void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
> CPUBreakpoint *bp;
> QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
> if (bp->pc == dc->pc) {
> - gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
> - /* Advance PC so that clearing the breakpoint will
> - invalidate this TB. */
> - dc->pc += 2;
> - goto done_generating;
> + if (bp->flags & BP_CPU) {
> + gen_helper_check_breakpoints(cpu_env);
> + /* End the TB early; it's likely not going to be executed */
> + dc->is_jmp = DISAS_UPDATE;
> + } else {
> + gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
> + /* Advance PC so that clearing the breakpoint will
> + invalidate this TB. */
> + /* TODO: Advance PC by correct instruction length to
> + * avoid disassembler error messages */
> + dc->pc += 2;
> + goto done_generating;
> + }
> + break;
> }
> }
> }
It turns out that this change introduced an issue which can be
illustrated by the following test:
cat >test.s <<EOF
.text
.global _start
_start:
adr r0, bp
mcr p14, 0, r0, c0, c0, 4 // DBGBVR0
mov r0, #1
orr r0, r0, #(0xf << 5)
mcr p14, 0, r0, c0, c0, 5 // DBGBCR0
bp:
nop
wfi
b .
EOF
arm-linux-gnueabi-as -o test.o test.s
arm-linux-gnueabi-ld -Ttext=0x40000000 -o test.elf test.o
./qemu-system-arm -nographic -machine virt -cpu cortex-a15 -kernel \
test.elf -D qemu.log -d in_asm,exec -singlestep
Actually, that is the same test as in
https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02715.html but
for AArch32.
Running this test QEMU hangs executing code at the address where
breakpoint is set:
----------------
IN:
0x40000000: e28f000c add r0, pc, #12 ; 0xc
Trace 0x7f7c8bdc0028 [40000000]
----------------
IN:
0x40000004: ee000e90 mcr 14, 0, r0, cr0, cr0, {4}
Trace 0x7f7c8bdc0070 [40000004]
----------------
IN:
0x40000008: e3a00001 mov r0, #1 ; 0x1
Trace 0x7f7c8bdc00b0 [40000008]
----------------
IN:
0x4000000c: e3800e1e orr r0, r0, #480 ; 0x1e0
Trace 0x7f7c8bdc00f0 [4000000c]
----------------
IN:
0x40000010: ee000eb0 mcr 14, 0, r0, cr0, cr0, {5}
Trace 0x7f7c8bdc0140 [40000010]
----------------
IN:
0x40000014: e1a00000 nop (mov r0,r0)
Trace 0x7f7c8bdc0180 [40000014]
Trace 0x7f7c8bdc0180 [40000014]
Trace 0x7f7c8bdc0180 [40000014]
Trace 0x7f7c8bdc0180 [40000014]
...
I can conclude that it is due to 'dc->is_jmp = DISAS_UPDATE'. With the
following patch everything is okay:
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 9f1d740..b55c5c2 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -11345,7 +11345,6 @@ void gen_intermediate_code(CPUARMState *env,
TranslationBlock *tb)
if (bp->flags & BP_CPU) {
gen_helper_check_breakpoints(cpu_env);
/* End the TB early; it's likely not going to
be executed */
- dc->is_jmp = DISAS_UPDATE;
} else {
gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
/* Advance PC so that clearing the breakpoint will
As far as I understand, we can't do this in target-arm/translate.c
before dc->pc is advanced properly because CPU state's PC doesn't get
updated as in target-arm/translate-a64.c. Compare:
target-arm/translate.c:
case
DISAS_JUMP:
case
DISAS_UPDATE:
/* indicate that the hash table must be used to find the
next TB */
tcg_gen_exit_tb(0);
break;
target-arm/translate-a64.c:
case DISAS_UPDATE:
gen_a64_set_pc_im(dc->pc);
/* fall through */
case DISAS_JUMP:
/* indicate that the hash table must be used to find the
next TB */
tcg_gen_exit_tb(0);
break;
I think we could fix this problem by cleaning up DISAS_UPDATE usage in
target-arm/translate.c and implementing PC update as in
target-arm/translate-a64.c. I could prepare a patch for that.
Another problem, I think, is that we should somehow restore the CPU
state before raising an exception from check_breakpoints() helper. But
so far I have no idea how to fix this...
Any suggestions are highly appreciated :)
Best regards,
Sergey
^ permalink raw reply related [flat|nested] 27+ messages in thread
* Re: [Qemu-devel] [PULL 13/13] target-arm: Fix CPU breakpoint handling
2015-10-21 18:15 ` Sergey Fedorov
@ 2015-11-02 11:09 ` Peter Maydell
2015-11-02 13:38 ` Sergey Fedorov
0 siblings, 1 reply; 27+ messages in thread
From: Peter Maydell @ 2015-11-02 11:09 UTC (permalink / raw)
To: Sergey Fedorov; +Cc: QEMU Developers
On 21 October 2015 at 19:15, Sergey Fedorov <serge.fdrv@gmail.com> wrote:
> On 16.10.2015 16:58, Peter Maydell wrote:
>> From: Sergey Fedorov <serge.fdrv@gmail.com>
>>
>> A QEMU breakpoint match is not definitely an architectural breakpoint
>> match. If an exception is generated unconditionally during translation,
>> it is hardly possible to ignore it in the debug exception handler.
>>
>> Generate a call to a helper to check CPU breakpoints and raise an
>> exception only if any breakpoint matches architecturally.
>>
>> Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
>> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>> ---
> It turns out that this change introduced an issue which can be
> illustrated by the following test:
> I think we could fix this problem by cleaning up DISAS_UPDATE usage in
> target-arm/translate.c and implementing PC update as in
> target-arm/translate-a64.c. I could prepare a patch for that.
>
> Another problem, I think, is that we should somehow restore the CPU
> state before raising an exception from check_breakpoints() helper. But
> so far I have no idea how to fix this...
Hi, Sergey -- how are you doing with the fix for this? It would
be good to get it in and tested soon, because hardfreeze is next
week.
I've also had a report that this patch broke gdbstub single-stepping,
which might be the same underlying cause.
thanks
-- PMM
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [Qemu-devel] [PULL 13/13] target-arm: Fix CPU breakpoint handling
2015-11-02 11:09 ` Peter Maydell
@ 2015-11-02 13:38 ` Sergey Fedorov
0 siblings, 0 replies; 27+ messages in thread
From: Sergey Fedorov @ 2015-11-02 13:38 UTC (permalink / raw)
To: Peter Maydell; +Cc: QEMU Developers
On 02.11.2015 14:09, Peter Maydell wrote:
> On 21 October 2015 at 19:15, Sergey Fedorov <serge.fdrv@gmail.com> wrote:
>> On 16.10.2015 16:58, Peter Maydell wrote:
>>> From: Sergey Fedorov <serge.fdrv@gmail.com>
>>>
>>> A QEMU breakpoint match is not definitely an architectural breakpoint
>>> match. If an exception is generated unconditionally during translation,
>>> it is hardly possible to ignore it in the debug exception handler.
>>>
>>> Generate a call to a helper to check CPU breakpoints and raise an
>>> exception only if any breakpoint matches architecturally.
>>>
>>> Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com>
>>> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
>>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>>> ---
>> It turns out that this change introduced an issue which can be
>> illustrated by the following test:
>> I think we could fix this problem by cleaning up DISAS_UPDATE usage in
>> target-arm/translate.c and implementing PC update as in
>> target-arm/translate-a64.c. I could prepare a patch for that.
>>
>> Another problem, I think, is that we should somehow restore the CPU
>> state before raising an exception from check_breakpoints() helper. But
>> so far I have no idea how to fix this...
> Hi, Sergey -- how are you doing with the fix for this? It would
> be good to get it in and tested soon, because hardfreeze is next
> week.
>
> I've also had a report that this patch broke gdbstub single-stepping,
> which might be the same underlying cause.
Hi Peter,
The patch for DISAS_UPDATE is almost ready. Basically, all I need is to
prepare a commit message. But I'm not sure how to deal with CPU state
restoring issue. Also it's a strange thing about gdbstub single-stepping
I'm going to look at it.
Best,
Sergey
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [Qemu-devel] [PULL 00/13] target-arm queue
2015-10-16 13:57 [Qemu-devel] [PULL 00/13] target-arm queue Peter Maydell
` (12 preceding siblings ...)
2015-10-16 13:58 ` [Qemu-devel] [PULL 13/13] target-arm: Fix CPU " Peter Maydell
@ 2015-10-17 14:05 ` Peter Maydell
13 siblings, 0 replies; 27+ messages in thread
From: Peter Maydell @ 2015-10-17 14:05 UTC (permalink / raw)
To: QEMU Developers
On 16 October 2015 at 14:57, Peter Maydell <peter.maydell@linaro.org> wrote:
> Flushing the target-arm queue for softfreeze. I still have stuff
> in my to-review queue but it mostly looked too RFC-ish/otherwise
> not really 2.5 material, or just needs a bit more time on list for
> review.
>
> thanks
> -- PMM
>
>
>
> The following changes since commit c49d3411faae8ffaab8f7e5db47405a008411c10:
>
> Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-10-12' into staging (2015-10-13 10:42:06 +0100)
>
> are available in the git repository at:
>
>
> git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20151016
>
> for you to fetch changes up to 5d98bf8f38c17a348ab6e8af196088cd4953acd0:
>
> target-arm: Fix CPU breakpoint handling (2015-10-16 14:48:56 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
> * break TBs after ISB instructions
> * more support code for future implementation of EL2 and 64-bit EL3
> * tell guest if KVM is enabled in SMBIOS version string
> * implement OSLAR/OSLSR system registers
> * provide better help text for Sharp PDA machine names
> * rename imx25_pdk to imx25-pdk (since it has never been released
> with the underscore-version name)
> * fix MMIO writes in zynq_slcr
> * implement MDCR_EL2
> * virt: allow the guest to configure PCI BARs with zero PCI addresses
> * fix breakpoint handling code
>
> ----------------------------------------------------------------
Applied, thanks.
-- PMM
^ permalink raw reply [flat|nested] 27+ messages in thread