* [Qemu-devel] [PULL 00/10] target-arm queue @ 2018-03-23 18:49 Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 01/10] arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT Peter Maydell ` (11 more replies) 0 siblings, 12 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-23 18:49 UTC (permalink / raw) To: qemu-devel Ten arm-related bug fixes for 2.12... thanks -- PMM The following changes since commit 4c2c1015905fa1d616750dfe024b4c0b35875950: Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20180323' into staging (2018-03-23 10:20:54 +0000) are available in the Git repository at: git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180323 for you to fetch changes up to 548f514cf89dd9ab39c0cb4c063097bccf141fdd: target/arm: Always set FAR to a known unknown value for debug exceptions (2018-03-23 18:26:46 +0000) ---------------------------------------------------------------- target-arm queue: * arm/translate-a64: don't lose interrupts after unmasking via write to DAIF * sdhci: fix incorrect use of Error * * hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses * hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 * i.MX: Support serial RS-232 break properly * mach-virt: Set VM's SMBIOS system version to mc->name * target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK * target/arm: Factor out code to calculate FSR for debug exceptions * target/arm: Set FSR for BKPT, BRK when raising exception * target/arm: Always set FAR to a known unknown value for debug exceptions ---------------------------------------------------------------- Paolo Bonzini (1): sdhci: fix incorrect use of Error * Peter Maydell (6): hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK target/arm: Factor out code to calculate FSR for debug exceptions target/arm: Set FSR for BKPT, BRK when raising exception target/arm: Always set FAR to a known unknown value for debug exceptions Trent Piepho (1): i.MX: Support serial RS-232 break properly Victor Kamensky (1): arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT Wei Huang (1): mach-virt: Set VM's SMBIOS system version to mc->name include/hw/arm/virt.h | 1 + include/hw/char/imx_serial.h | 1 + target/arm/helper.h | 1 + target/arm/internals.h | 25 +++++++++++++++++++++++++ hw/arm/bcm2836.c | 2 +- hw/arm/raspi.c | 2 +- hw/arm/virt.c | 8 +++++++- hw/char/imx_serial.c | 5 ++++- hw/intc/arm_gicv3_cpuif.c | 6 +++--- hw/sd/sdhci.c | 4 ++-- target/arm/helper.c | 1 - target/arm/op_helper.c | 33 ++++++++++++++++++++++----------- target/arm/translate-a64.c | 21 ++++++++++++++++----- target/arm/translate.c | 19 ++++++++++++++----- 14 files changed, 98 insertions(+), 31 deletions(-) ^ permalink raw reply [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 01/10] arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell @ 2018-03-23 18:49 ` Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 02/10] sdhci: fix incorrect use of Error * Peter Maydell ` (10 subsequent siblings) 11 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-23 18:49 UTC (permalink / raw) To: qemu-devel From: Victor Kamensky <kamensky@cisco.com> In OE project 4.15 linux kernel boot hang was observed under single cpu aarch64 qemu. Kernel code was in a loop waiting for vtimer arrival, spinning in TC generated blocks, while interrupt was pending unprocessed. This happened because when qemu tried to handle vtimer interrupt target had interrupts disabled, as result flag indicating TCG exit, cpu->icount_decr.u16.high, was cleared but arm_cpu_exec_interrupt function did not call arm_cpu_do_interrupt to process interrupt. Later when target reenabled interrupts, it happened without exit into main loop, so following code that waited for result of interrupt execution run in infinite loop. To solve the problem instructions that operate on CPU sys state (i.e enable/disable interrupt), and marked as DISAS_UPDATE, should be considered as DISAS_EXIT variant, and should be forced to exit back to main loop so qemu will have a chance processing pending CPU state updates, including pending interrupts. This change brings consistency with how DISAS_UPDATE is treated in aarch32 case. CC: Peter Maydell <peter.maydell@linaro.org> CC: Alex Bennée <alex.bennee@linaro.org> CC: qemu-stable@nongnu.org Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Victor Kamensky <kamensky@cisco.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 1521526368-1996-1-git-send-email-kamensky@cisco.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/translate-a64.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 31ff0479e6..327513ef40 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -13378,12 +13378,12 @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) case DISAS_UPDATE: gen_a64_set_pc_im(dc->pc); /* fall through */ - case DISAS_JUMP: - tcg_gen_lookup_and_goto_ptr(); - break; case DISAS_EXIT: tcg_gen_exit_tb(0); break; + case DISAS_JUMP: + tcg_gen_lookup_and_goto_ptr(); + break; case DISAS_NORETURN: case DISAS_SWI: break; -- 2.16.2 ^ permalink raw reply related [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 02/10] sdhci: fix incorrect use of Error * 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 01/10] arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT Peter Maydell @ 2018-03-23 18:49 ` Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 03/10] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses Peter Maydell ` (9 subsequent siblings) 11 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-23 18:49 UTC (permalink / raw) To: qemu-devel From: Paolo Bonzini <pbonzini@redhat.com> Detected by Coverity (CID 1386072, 1386073, 1386076, 1386077). local_err was unused, and this made the static analyzer unhappy. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20180320151355.25854-1-pbonzini@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/sd/sdhci.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index 1b828b104d..63c44a4ee8 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -1474,7 +1474,7 @@ static void sdhci_pci_realize(PCIDevice *dev, Error **errp) Error *local_err = NULL; sdhci_initfn(s); - sdhci_common_realize(s, errp); + sdhci_common_realize(s, &local_err); if (local_err) { error_propagate(errp, local_err); return; @@ -1556,7 +1556,7 @@ static void sdhci_sysbus_realize(DeviceState *dev, Error ** errp) SysBusDevice *sbd = SYS_BUS_DEVICE(dev); Error *local_err = NULL; - sdhci_common_realize(s, errp); + sdhci_common_realize(s, &local_err); if (local_err) { error_propagate(errp, local_err); return; -- 2.16.2 ^ permalink raw reply related [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 03/10] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 01/10] arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 02/10] sdhci: fix incorrect use of Error * Peter Maydell @ 2018-03-23 18:49 ` Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 04/10] hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 Peter Maydell ` (8 subsequent siblings) 11 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-23 18:49 UTC (permalink / raw) To: qemu-devel If the GIC has the security extension support enabled, then a non-secure access to ICC_PMR must take account of the non-secure view of interrupt priorities, where real priorities 0x00..0x7f are secure-only and not visible to the non-secure guest, and priorities 0x80..0xff are shown to the guest as if they were 0x00..0xff. We had the logic here wrong: * on reads, the priority is in the secure range if bit 7 is clear, not if it is set * on writes, we want to set bit 7, not mask everything else Our ICC_RPR read code had the same error as ICC_PMR. (Compare the GICv3 spec pseudocode functions ICC_RPR_EL1 and ICC_PMR_EL1.) Fixes: https://bugs.launchpad.net/qemu/+bug/1748434 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 20180315133441.24149-1-peter.maydell@linaro.org --- hw/intc/arm_gicv3_cpuif.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c index 5cbafaf497..26f5eeda94 100644 --- a/hw/intc/arm_gicv3_cpuif.c +++ b/hw/intc/arm_gicv3_cpuif.c @@ -836,7 +836,7 @@ static uint64_t icc_pmr_read(CPUARMState *env, const ARMCPRegInfo *ri) /* NS access and Group 0 is inaccessible to NS: return the * NS view of the current priority */ - if (value & 0x80) { + if ((value & 0x80) == 0) { /* Secure priorities not visible to NS */ value = 0; } else if (value != 0xff) { @@ -871,7 +871,7 @@ static void icc_pmr_write(CPUARMState *env, const ARMCPRegInfo *ri, /* Current PMR in the secure range, don't allow NS to change it */ return; } - value = (value >> 1) & 0x80; + value = (value >> 1) | 0x80; } cs->icc_pmr_el1 = value; gicv3_cpuif_update(cs); @@ -1609,7 +1609,7 @@ static uint64_t icc_rpr_read(CPUARMState *env, const ARMCPRegInfo *ri) if (arm_feature(env, ARM_FEATURE_EL3) && !arm_is_secure(env) && (env->cp15.scr_el3 & SCR_FIQ)) { /* NS GIC access and Group 0 is inaccessible to NS */ - if (prio & 0x80) { + if ((prio & 0x80) == 0) { /* NS mustn't see priorities in the Secure half of the range */ prio = 0; } else if (prio != 0xff) { -- 2.16.2 ^ permalink raw reply related [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 04/10] hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell ` (2 preceding siblings ...) 2018-03-23 18:49 ` [Qemu-devel] [PULL 03/10] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses Peter Maydell @ 2018-03-23 18:49 ` Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 05/10] i.MX: Support serial RS-232 break properly Peter Maydell ` (7 subsequent siblings) 11 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-23 18:49 UTC (permalink / raw) To: qemu-devel The BCM2836 uses a Cortex-A7, not a Cortex-A15. Update the device to use the correct CPU. https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf When the BCM2836 was introduced (bad5623690b) the Cortex-A7 was not available, so the very similar Cortex-A15 was used. Since dcf578ed8ce we can model the correct core. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair@alistair23.me> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180319110215.16755-1-peter.maydell@linaro.org --- hw/arm/bcm2836.c | 2 +- hw/arm/raspi.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c index 3e7e8ca791..3c4b44a53e 100644 --- a/hw/arm/bcm2836.c +++ b/hw/arm/bcm2836.c @@ -32,7 +32,7 @@ struct BCM283XInfo { static const BCM283XInfo bcm283x_socs[] = { { .name = TYPE_BCM2836, - .cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"), + .cpu_type = ARM_CPU_TYPE_NAME("cortex-a7"), .clusterid = 0xf, }, #ifdef TARGET_AARCH64 diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c index 06f1e08ca9..955a7c4e80 100644 --- a/hw/arm/raspi.c +++ b/hw/arm/raspi.c @@ -226,7 +226,7 @@ static void raspi2_machine_init(MachineClass *mc) mc->no_parallel = 1; mc->no_floppy = 1; mc->no_cdrom = 1; - mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a15"); + mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a7"); mc->max_cpus = BCM283X_NCPUS; mc->min_cpus = BCM283X_NCPUS; mc->default_cpus = BCM283X_NCPUS; -- 2.16.2 ^ permalink raw reply related [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 05/10] i.MX: Support serial RS-232 break properly 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell ` (3 preceding siblings ...) 2018-03-23 18:49 ` [Qemu-devel] [PULL 04/10] hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 Peter Maydell @ 2018-03-23 18:49 ` Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 06/10] mach-virt: Set VM's SMBIOS system version to mc->name Peter Maydell ` (6 subsequent siblings) 11 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-23 18:49 UTC (permalink / raw) To: qemu-devel From: Trent Piepho <tpiepho@impinj.com> Linux does not detect a break from this IMX serial driver as a magic sysrq. Nor does it note a break in the port error counts. The former is because the Linux driver uses the BRCD bit in the USR2 register to trigger the RS-232 break handler in the kernel, which is where sysrq hooks in. The emulated UART was not setting this status bit. The latter is because the Linux driver expects, in addition to the BRK bit, that the ERR bit is set when a break is read in the FIFO. A break should also count as a frame error, so add that bit too. Cc: Andrey Smirnov <andrew.smirnov@gmail.com> Signed-off-by: Trent Piepho <tpiepho@impinj.com> Message-id: 20180320013657.25038-1-tpiepho@impinj.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/char/imx_serial.h | 1 + hw/char/imx_serial.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/hw/char/imx_serial.h b/include/hw/char/imx_serial.h index 5b99cee7cf..ee80da12e6 100644 --- a/include/hw/char/imx_serial.h +++ b/include/hw/char/imx_serial.h @@ -26,6 +26,7 @@ #define URXD_CHARRDY (1<<15) /* character read is valid */ #define URXD_ERR (1<<14) /* Character has error */ +#define URXD_FRMERR (1<<12) /* Character has frame error */ #define URXD_BRK (1<<11) /* Break received */ #define USR1_PARTYER (1<<15) /* Parity Error */ diff --git a/hw/char/imx_serial.c b/hw/char/imx_serial.c index 1e5540472b..0747db9f2b 100644 --- a/hw/char/imx_serial.c +++ b/hw/char/imx_serial.c @@ -308,6 +308,9 @@ static void imx_put_data(void *opaque, uint32_t value) s->usr2 |= USR2_RDR; s->uts1 &= ~UTS1_RXEMPTY; s->readbuff = value; + if (value & URXD_BRK) { + s->usr2 |= USR2_BRCD; + } imx_update(s); } @@ -319,7 +322,7 @@ static void imx_receive(void *opaque, const uint8_t *buf, int size) static void imx_event(void *opaque, int event) { if (event == CHR_EVENT_BREAK) { - imx_put_data(opaque, URXD_BRK); + imx_put_data(opaque, URXD_BRK | URXD_FRMERR | URXD_ERR); } } -- 2.16.2 ^ permalink raw reply related [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 06/10] mach-virt: Set VM's SMBIOS system version to mc->name 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell ` (4 preceding siblings ...) 2018-03-23 18:49 ` [Qemu-devel] [PULL 05/10] i.MX: Support serial RS-232 break properly Peter Maydell @ 2018-03-23 18:49 ` Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 07/10] target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK Peter Maydell ` (5 subsequent siblings) 11 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-23 18:49 UTC (permalink / raw) To: qemu-devel From: Wei Huang <wei@redhat.com> Instead of using "1.0" as the system version of SMBIOS, we should use mc->name for mach-virt machine type to be consistent other architectures. With this patch, "dmidecode -t 1" (e.g., "-M virt-2.12,accel=kvm") will show: Handle 0x0100, DMI type 1, 27 bytes System Information Manufacturer: QEMU Product Name: KVM Virtual Machine Version: virt-2.12 Serial Number: Not Specified ... instead of: Handle 0x0100, DMI type 1, 27 bytes System Information Manufacturer: QEMU Product Name: KVM Virtual Machine Version: 1.0 Serial Number: Not Specified ... For backward compatibility, we allow older machine types to keep "1.0" as the default system version. Signed-off-by: Wei Huang <wei@redhat.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 20180322212318.7182-1-wei@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- include/hw/arm/virt.h | 1 + hw/arm/virt.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h index 33b0ff3892..ba0c1a4faa 100644 --- a/include/hw/arm/virt.h +++ b/include/hw/arm/virt.h @@ -85,6 +85,7 @@ typedef struct { bool no_its; bool no_pmu; bool claim_edge_triggered_timers; + bool smbios_old_sys_ver; } VirtMachineClass; typedef struct { diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 2c07245047..94dcb125d3 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -1132,6 +1132,8 @@ static void *machvirt_dtb(const struct arm_boot_info *binfo, int *fdt_size) static void virt_build_smbios(VirtMachineState *vms) { + MachineClass *mc = MACHINE_GET_CLASS(vms); + VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms); uint8_t *smbios_tables, *smbios_anchor; size_t smbios_tables_len, smbios_anchor_len; const char *product = "QEMU Virtual Machine"; @@ -1145,7 +1147,8 @@ static void virt_build_smbios(VirtMachineState *vms) } smbios_set_defaults("QEMU", product, - "1.0", false, true, SMBIOS_ENTRY_POINT_30); + vmc->smbios_old_sys_ver ? "1.0" : mc->name, false, + true, SMBIOS_ENTRY_POINT_30); smbios_get_tables(NULL, 0, &smbios_tables, &smbios_tables_len, &smbios_anchor, &smbios_anchor_len); @@ -1646,8 +1649,11 @@ static void virt_2_11_instance_init(Object *obj) static void virt_machine_2_11_options(MachineClass *mc) { + VirtMachineClass *vmc = VIRT_MACHINE_CLASS(OBJECT_CLASS(mc)); + virt_machine_2_12_options(mc); SET_MACHINE_COMPAT(mc, VIRT_COMPAT_2_11); + vmc->smbios_old_sys_ver = true; } DEFINE_VIRT_MACHINE(2, 11) -- 2.16.2 ^ permalink raw reply related [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 07/10] target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell ` (5 preceding siblings ...) 2018-03-23 18:49 ` [Qemu-devel] [PULL 06/10] mach-virt: Set VM's SMBIOS system version to mc->name Peter Maydell @ 2018-03-23 18:49 ` Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 08/10] target/arm: Factor out code to calculate FSR for debug exceptions Peter Maydell ` (4 subsequent siblings) 11 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-23 18:49 UTC (permalink / raw) To: qemu-devel The MDCR_EL2.TDE bit allows the exception level targeted by debug exceptions to be set to EL2 for code executing at EL0. We handle this in the arm_debug_target_el() function, but this is only used for hardware breakpoint and watchpoint exceptions, not for the exception generated when the guest executes an AArch32 BKPT or AArch64 BRK instruction. We don't have enough information for a translate-time equivalent of arm_debug_target_el(), so instead make BKPT and BRK call a special purpose helper which can do the routing, rather than the generic exception_with_syndrome helper. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180320134114.30418-2-peter.maydell@linaro.org --- target/arm/helper.h | 1 + target/arm/op_helper.c | 8 ++++++++ target/arm/translate-a64.c | 15 +++++++++++++-- target/arm/translate.c | 19 ++++++++++++++----- 4 files changed, 36 insertions(+), 7 deletions(-) diff --git a/target/arm/helper.h b/target/arm/helper.h index 0d2094f2be..34e8cc8904 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -47,6 +47,7 @@ DEF_HELPER_FLAGS_3(sel_flags, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32) DEF_HELPER_2(exception_internal, void, env, i32) DEF_HELPER_4(exception_with_syndrome, void, env, i32, i32, i32) +DEF_HELPER_2(exception_bkpt_insn, void, env, i32) DEF_HELPER_1(setend, void, env) DEF_HELPER_2(wfi, void, env, i32) DEF_HELPER_1(wfe, void, env) diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index 7a88fd2c92..4b123d2bd6 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -483,6 +483,14 @@ void HELPER(exception_with_syndrome)(CPUARMState *env, uint32_t excp, raise_exception(env, excp, syndrome, target_el); } +/* Raise an EXCP_BKPT with the specified syndrome register value, + * targeting the correct exception level for debug exceptions. + */ +void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome) +{ + raise_exception(env, EXCP_BKPT, syndrome, arm_debug_target_el(env)); +} + uint32_t HELPER(cpsr_read)(CPUARMState *env) { return cpsr_read(env) & ~(CPSR_EXEC | CPSR_RESERVED); diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 327513ef40..c91329249d 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -321,6 +321,18 @@ static void gen_exception_insn(DisasContext *s, int offset, int excp, s->base.is_jmp = DISAS_NORETURN; } +static void gen_exception_bkpt_insn(DisasContext *s, int offset, + uint32_t syndrome) +{ + TCGv_i32 tcg_syn; + + gen_a64_set_pc_im(s->pc - offset); + tcg_syn = tcg_const_i32(syndrome); + gen_helper_exception_bkpt_insn(cpu_env, tcg_syn); + tcg_temp_free_i32(tcg_syn); + s->base.is_jmp = DISAS_NORETURN; +} + static void gen_ss_advance(DisasContext *s) { /* If the singlestep state is Active-not-pending, advance to @@ -1839,8 +1851,7 @@ static void disas_exc(DisasContext *s, uint32_t insn) break; } /* BRK */ - gen_exception_insn(s, 4, EXCP_BKPT, syn_aa64_bkpt(imm16), - default_exception_el(s)); + gen_exception_bkpt_insn(s, 4, syn_aa64_bkpt(imm16)); break; case 2: if (op2_ll != 0) { diff --git a/target/arm/translate.c b/target/arm/translate.c index ba6ab7d287..fc03b5b8c8 100644 --- a/target/arm/translate.c +++ b/target/arm/translate.c @@ -1248,6 +1248,18 @@ static void gen_exception_insn(DisasContext *s, int offset, int excp, s->base.is_jmp = DISAS_NORETURN; } +static void gen_exception_bkpt_insn(DisasContext *s, int offset, uint32_t syn) +{ + TCGv_i32 tcg_syn; + + gen_set_condexec(s); + gen_set_pc_im(s, s->pc - offset); + tcg_syn = tcg_const_i32(syn); + gen_helper_exception_bkpt_insn(cpu_env, tcg_syn); + tcg_temp_free_i32(tcg_syn); + s->base.is_jmp = DISAS_NORETURN; +} + /* Force a TB lookup after an instruction that changes the CPU state. */ static inline void gen_lookup_tb(DisasContext *s) { @@ -8774,9 +8786,7 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn) case 1: /* bkpt */ ARCH(5); - gen_exception_insn(s, 4, EXCP_BKPT, - syn_aa32_bkpt(imm16, false), - default_exception_el(s)); + gen_exception_bkpt_insn(s, 4, syn_aa32_bkpt(imm16, false)); break; case 2: /* Hypervisor call (v7) */ @@ -11983,8 +11993,7 @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn) { int imm8 = extract32(insn, 0, 8); ARCH(5); - gen_exception_insn(s, 2, EXCP_BKPT, syn_aa32_bkpt(imm8, true), - default_exception_el(s)); + gen_exception_bkpt_insn(s, 2, syn_aa32_bkpt(imm8, true)); break; } -- 2.16.2 ^ permalink raw reply related [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 08/10] target/arm: Factor out code to calculate FSR for debug exceptions 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell ` (6 preceding siblings ...) 2018-03-23 18:49 ` [Qemu-devel] [PULL 07/10] target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK Peter Maydell @ 2018-03-23 18:49 ` Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 09/10] target/arm: Set FSR for BKPT, BRK when raising exception Peter Maydell ` (3 subsequent siblings) 11 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-23 18:49 UTC (permalink / raw) To: qemu-devel When a debug exception is taken to AArch32, it appears as a Prefetch Abort, and the Instruction Fault Status Register (IFSR) must be set. The IFSR has two possible formats, depending on whether LPAE is in use. Factor out the code in arm_debug_excp_handler() which picks an FSR value into its own utility function, update it to use arm_fi_to_lfsc() and arm_fi_to_sfsc() rather than hard-coded constants, and use the correct condition to select long or short format. In particular this fixes a bug where we could select the short format because we're at EL0 and the EL1 translation regime is not using LPAE, but then route the debug exception to EL2 because of MDCR_EL2.TDE and hand EL2 the wrong format FSR. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180320134114.30418-3-peter.maydell@linaro.org --- target/arm/internals.h | 25 +++++++++++++++++++++++++ target/arm/op_helper.c | 12 ++---------- 2 files changed, 27 insertions(+), 10 deletions(-) diff --git a/target/arm/internals.h b/target/arm/internals.h index 47cc224a46..8ce944b7a0 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -763,4 +763,29 @@ static inline bool regime_is_secure(CPUARMState *env, ARMMMUIdx mmu_idx) } } +/* Return the FSR value for a debug exception (watchpoint, hardware + * breakpoint or BKPT insn) targeting the specified exception level. + */ +static inline uint32_t arm_debug_exception_fsr(CPUARMState *env) +{ + ARMMMUFaultInfo fi = { .type = ARMFault_Debug }; + int target_el = arm_debug_target_el(env); + bool using_lpae = false; + + if (target_el == 2 || arm_el_is_aa64(env, target_el)) { + using_lpae = true; + } else { + if (arm_feature(env, ARM_FEATURE_LPAE) && + (env->cp15.tcr_el[target_el].raw_tcr & TTBCR_EAE)) { + using_lpae = true; + } + } + + if (using_lpae) { + return arm_fi_to_lfsc(&fi); + } else { + return arm_fi_to_sfsc(&fi); + } +} + #endif diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index 4b123d2bd6..75efff9edf 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -1330,11 +1330,7 @@ void arm_debug_excp_handler(CPUState *cs) cs->watchpoint_hit = NULL; - if (extended_addresses_enabled(env)) { - env->exception.fsr = (1 << 9) | 0x22; - } else { - env->exception.fsr = 0x2; - } + env->exception.fsr = arm_debug_exception_fsr(env); env->exception.vaddress = wp_hit->hitaddr; raise_exception(env, EXCP_DATA_ABORT, syn_watchpoint(same_el, 0, wnr), @@ -1354,11 +1350,7 @@ void arm_debug_excp_handler(CPUState *cs) return; } - if (extended_addresses_enabled(env)) { - env->exception.fsr = (1 << 9) | 0x22; - } else { - env->exception.fsr = 0x2; - } + env->exception.fsr = arm_debug_exception_fsr(env); /* FAR is UNKNOWN, so doesn't need setting */ raise_exception(env, EXCP_PREFETCH_ABORT, syn_breakpoint(same_el), -- 2.16.2 ^ permalink raw reply related [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 09/10] target/arm: Set FSR for BKPT, BRK when raising exception 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell ` (7 preceding siblings ...) 2018-03-23 18:49 ` [Qemu-devel] [PULL 08/10] target/arm: Factor out code to calculate FSR for debug exceptions Peter Maydell @ 2018-03-23 18:49 ` Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 10/10] target/arm: Always set FAR to a known unknown value for debug exceptions Peter Maydell ` (2 subsequent siblings) 11 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-23 18:49 UTC (permalink / raw) To: qemu-devel Now that we have a helper function specifically for the BRK and BKPT instructions, we can set the exception.fsr there rather than in arm_cpu_do_interrupt_aarch32(). This allows us to use our new arm_debug_exception_fsr() helper. In particular this fixes a bug where we were hardcoding the short-form IFSR value, which is wrong if the target exception level has LPAE enabled. Fixes: https://bugs.launchpad.net/qemu/+bug/1756927 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180320134114.30418-4-peter.maydell@linaro.org --- target/arm/helper.c | 1 - target/arm/op_helper.c | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index 09893e3f72..dcb8476d9e 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -7910,7 +7910,6 @@ static void arm_cpu_do_interrupt_aarch32(CPUState *cs) offset = 0; break; case EXCP_BKPT: - env->exception.fsr = 2; /* Fall through to prefetch abort. */ case EXCP_PREFETCH_ABORT: A32_BANKED_CURRENT_REG_SET(env, ifsr, env->exception.fsr); diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index 75efff9edf..8e1e521193 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -488,6 +488,8 @@ void HELPER(exception_with_syndrome)(CPUARMState *env, uint32_t excp, */ void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome) { + /* FSR will only be used if the debug target EL is AArch32. */ + env->exception.fsr = arm_debug_exception_fsr(env); raise_exception(env, EXCP_BKPT, syndrome, arm_debug_target_el(env)); } -- 2.16.2 ^ permalink raw reply related [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 10/10] target/arm: Always set FAR to a known unknown value for debug exceptions 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell ` (8 preceding siblings ...) 2018-03-23 18:49 ` [Qemu-devel] [PULL 09/10] target/arm: Set FSR for BKPT, BRK when raising exception Peter Maydell @ 2018-03-23 18:49 ` Peter Maydell 2018-03-23 21:45 ` [Qemu-devel] [PULL 00/10] target-arm queue no-reply 2018-03-25 15:04 ` Peter Maydell 11 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-23 18:49 UTC (permalink / raw) To: qemu-devel For debug exceptions due to breakpoints or the BKPT instruction which are taken to AArch32, the Fault Address Register is architecturally UNKNOWN. We were using that as license to simply not set env->exception.vaddress, but this isn't correct, because it will expose to the guest whatever old value was in that field when arm_cpu_do_interrupt_aarch32() writes it to the guest IFSR. That old value might be a FAR for a previous guest EL2 or secure exception, in which case we shouldn't show it to an EL1 or non-secure exception handler. It might also be a non-deterministic value, which is bad for record-and-replay. Clear env->exception.vaddress before taking breakpoint debug exceptions, to avoid this minor information leak. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180320134114.30418-5-peter.maydell@linaro.org --- target/arm/op_helper.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index 8e1e521193..a266cc0116 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -490,6 +490,11 @@ void HELPER(exception_bkpt_insn)(CPUARMState *env, uint32_t syndrome) { /* FSR will only be used if the debug target EL is AArch32. */ env->exception.fsr = arm_debug_exception_fsr(env); + /* FAR is UNKNOWN: clear vaddress to avoid potentially exposing + * values to the guest that it shouldn't be able to see at its + * exception/security level. + */ + env->exception.vaddress = 0; raise_exception(env, EXCP_BKPT, syndrome, arm_debug_target_el(env)); } @@ -1353,7 +1358,11 @@ void arm_debug_excp_handler(CPUState *cs) } env->exception.fsr = arm_debug_exception_fsr(env); - /* FAR is UNKNOWN, so doesn't need setting */ + /* FAR is UNKNOWN: clear vaddress to avoid potentially exposing + * values to the guest that it shouldn't be able to see at its + * exception/security level. + */ + env->exception.vaddress = 0; raise_exception(env, EXCP_PREFETCH_ABORT, syn_breakpoint(same_el), arm_debug_target_el(env)); -- 2.16.2 ^ permalink raw reply related [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell ` (9 preceding siblings ...) 2018-03-23 18:49 ` [Qemu-devel] [PULL 10/10] target/arm: Always set FAR to a known unknown value for debug exceptions Peter Maydell @ 2018-03-23 21:45 ` no-reply 2018-03-25 15:04 ` Peter Maydell 11 siblings, 0 replies; 32+ messages in thread From: no-reply @ 2018-03-23 21:45 UTC (permalink / raw) To: peter.maydell; +Cc: famz, qemu-devel Hi, This series seems to have some coding style problems. See output below for more information: Type: series Message-id: 20180323184958.14252-1-peter.maydell@linaro.org Subject: [Qemu-devel] [PULL 00/10] target-arm queue === TEST SCRIPT BEGIN === #!/bin/bash BASE=base n=1 total=$(git log --oneline $BASE.. | wc -l) failed=0 git config --local diff.renamelimit 0 git config --local diff.renames True git config --local diff.algorithm histogram commits="$(git log --format=%H --reverse $BASE..)" for c in $commits; do echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..." if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then failed=1 echo fi n=$((n+1)) done exit $failed === TEST SCRIPT END === Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384 Switched to a new branch 'test' e4250a6575 target/arm: Always set FAR to a known unknown value for debug exceptions 5f8ad1e5dc target/arm: Set FSR for BKPT, BRK when raising exception 1f8698e782 target/arm: Factor out code to calculate FSR for debug exceptions 01c3c783a2 target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK 6fdd8ed47e mach-virt: Set VM's SMBIOS system version to mc->name 4c27421e3d i.MX: Support serial RS-232 break properly 541bf9ad10 hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 4ba4d6edd9 hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses c5d1bc28c0 sdhci: fix incorrect use of Error * c8c419d13c arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT === OUTPUT BEGIN === Checking PATCH 1/10: arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT... Checking PATCH 2/10: sdhci: fix incorrect use of Error *... Checking PATCH 3/10: hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses... Checking PATCH 4/10: hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15... Checking PATCH 5/10: i.MX: Support serial RS-232 break properly... ERROR: spaces required around that '<<' (ctx:VxV) #56: FILE: include/hw/char/imx_serial.h:29: +#define URXD_FRMERR (1<<12) /* Character has frame error */ ^ total: 1 errors, 0 warnings, 24 lines checked Your patch has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. Checking PATCH 6/10: mach-virt: Set VM's SMBIOS system version to mc->name... Checking PATCH 7/10: target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK... Checking PATCH 8/10: target/arm: Factor out code to calculate FSR for debug exceptions... Checking PATCH 9/10: target/arm: Set FSR for BKPT, BRK when raising exception... Checking PATCH 10/10: target/arm: Always set FAR to a known unknown value for debug exceptions... === OUTPUT END === Test command exited with code: 1 --- Email generated automatically by Patchew [http://patchew.org/]. Please send your feedback to patchew-devel@freelists.org ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell ` (10 preceding siblings ...) 2018-03-23 21:45 ` [Qemu-devel] [PULL 00/10] target-arm queue no-reply @ 2018-03-25 15:04 ` Peter Maydell 11 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-03-25 15:04 UTC (permalink / raw) To: QEMU Developers On 23 March 2018 at 18:49, Peter Maydell <peter.maydell@linaro.org> wrote: > Ten arm-related bug fixes for 2.12... > > thanks > -- PMM > > The following changes since commit 4c2c1015905fa1d616750dfe024b4c0b35875950: > > Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20180323' into staging (2018-03-23 10:20:54 +0000) > > are available in the Git repository at: > > git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180323 > > for you to fetch changes up to 548f514cf89dd9ab39c0cb4c063097bccf141fdd: > > target/arm: Always set FAR to a known unknown value for debug exceptions (2018-03-23 18:26:46 +0000) > > ---------------------------------------------------------------- > target-arm queue: > * arm/translate-a64: don't lose interrupts after unmasking via write to DAIF > * sdhci: fix incorrect use of Error * > * hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses > * hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 > * i.MX: Support serial RS-232 break properly > * mach-virt: Set VM's SMBIOS system version to mc->name > * target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK > * target/arm: Factor out code to calculate FSR for debug exceptions > * target/arm: Set FSR for BKPT, BRK when raising exception > * target/arm: Always set FAR to a known unknown value for debug exceptions > Applied, thanks. -- PMM ^ permalink raw reply [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 00/10] target-arm queue @ 2019-07-15 13:42 Peter Maydell 2019-07-15 14:18 ` Peter Maydell ` (2 more replies) 0 siblings, 3 replies; 32+ messages in thread From: Peter Maydell @ 2019-07-15 13:42 UTC (permalink / raw) To: qemu-devel target-arm queue for rc1 -- these are all bug fixes. thanks -- PMM The following changes since commit b9404bf592e7ba74180e1a54ed7a266ec6ee67f2: Merge remote-tracking branch 'remotes/dgilbert/tags/pull-hmp-20190715' into staging (2019-07-15 12:22:07 +0100) are available in the Git repository at: https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190715 for you to fetch changes up to 51c9122e92b776a3f16af0b9282f1dc5012e2a19: target/arm: NS BusFault on vector table fetch escalates to NS HardFault (2019-07-15 14:17:04 +0100) ---------------------------------------------------------------- target-arm queue: * report ARMv8-A FP support for AArch32 -cpu max * hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory * hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[] * hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO * hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO * hw/arm/virt: Fix non-secure flash mode * pl031: Correctly migrate state when using -rtc clock=host * fix regression that meant arm926 and arm1026 lost VFP double-precision support * v8M: NS BusFault on vector table fetch escalates to NS HardFault ---------------------------------------------------------------- Alex Bennée (1): target/arm: report ARMv8-A FP support for AArch32 -cpu max David Engraf (1): hw/arm/virt: Fix non-secure flash mode Peter Maydell (3): pl031: Correctly migrate state when using -rtc clock=host target/arm: Set VFP-related MVFR0 fields for arm926 and arm1026 target/arm: NS BusFault on vector table fetch escalates to NS HardFault Philippe Mathieu-Daudé (5): hw/ssi/xilinx_spips: Convert lqspi_read() to read_with_attrs hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[] hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO include/hw/timer/pl031.h | 2 ++ hw/arm/virt.c | 2 +- hw/core/machine.c | 1 + hw/display/xlnx_dp.c | 15 +++++--- hw/ssi/mss-spi.c | 8 ++++- hw/ssi/xilinx_spips.c | 43 +++++++++++++++------- hw/timer/pl031.c | 92 +++++++++++++++++++++++++++++++++++++++++++++--- target/arm/cpu.c | 16 +++++++++ target/arm/m_helper.c | 21 ++++++++--- 9 files changed, 174 insertions(+), 26 deletions(-) ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2019-07-15 13:42 Peter Maydell @ 2019-07-15 14:18 ` Peter Maydell 2019-07-15 17:03 ` no-reply 2019-07-16 8:55 ` no-reply 2 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2019-07-15 14:18 UTC (permalink / raw) To: QEMU Developers On Mon, 15 Jul 2019 at 14:42, Peter Maydell <peter.maydell@linaro.org> wrote: > > target-arm queue for rc1 -- these are all bug fixes. > > thanks > -- PMM > > The following changes since commit b9404bf592e7ba74180e1a54ed7a266ec6ee67f2: > > Merge remote-tracking branch 'remotes/dgilbert/tags/pull-hmp-20190715' into staging (2019-07-15 12:22:07 +0100) > > are available in the Git repository at: > > https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190715 > > for you to fetch changes up to 51c9122e92b776a3f16af0b9282f1dc5012e2a19: > > target/arm: NS BusFault on vector table fetch escalates to NS HardFault (2019-07-15 14:17:04 +0100) > > ---------------------------------------------------------------- > target-arm queue: > * report ARMv8-A FP support for AArch32 -cpu max > * hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory > * hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[] > * hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO > * hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO > * hw/arm/virt: Fix non-secure flash mode > * pl031: Correctly migrate state when using -rtc clock=host > * fix regression that meant arm926 and arm1026 lost VFP > double-precision support > * v8M: NS BusFault on vector table fetch escalates to NS HardFault > Applied, thanks. Please update the changelog at https://wiki.qemu.org/ChangeLog/4.1 for any user-visible changes. -- PMM ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2019-07-15 13:42 Peter Maydell 2019-07-15 14:18 ` Peter Maydell @ 2019-07-15 17:03 ` no-reply 2019-07-16 8:55 ` no-reply 2 siblings, 0 replies; 32+ messages in thread From: no-reply @ 2019-07-15 17:03 UTC (permalink / raw) To: peter.maydell; +Cc: qemu-devel Patchew URL: https://patchew.org/QEMU/20190715134211.23063-1-peter.maydell@linaro.org/ Hi, This series seems to have some coding style problems. See output below for more information: Message-id: 20190715134211.23063-1-peter.maydell@linaro.org Type: series Subject: [Qemu-devel] [PULL 00/10] target-arm queue === TEST SCRIPT BEGIN === #!/bin/bash git rev-parse base > /dev/null || exit 0 git config --local diff.renamelimit 0 git config --local diff.renames True git config --local diff.algorithm histogram ./scripts/checkpatch.pl --mailback base.. === TEST SCRIPT END === From https://github.com/patchew-project/qemu * [new tag] patchew/20190715134211.23063-1-peter.maydell@linaro.org -> patchew/20190715134211.23063-1-peter.maydell@linaro.org Switched to a new branch 'test' 374fdb936e target/arm: NS BusFault on vector table fetch escalates to NS HardFault a30b1dad81 target/arm: Set VFP-related MVFR0 fields for arm926 and arm1026 6d7051773f pl031: Correctly migrate state when using -rtc clock=host 93d58455ba hw/arm/virt: Fix non-secure flash mode 08594d9831 hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO d4bfee6403 hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO 521dcfc621 hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[] 28dc994a87 hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory 33d10d39bd hw/ssi/xilinx_spips: Convert lqspi_read() to read_with_attrs 4ad540cb00 target/arm: report ARMv8-A FP support for AArch32 -cpu max === OUTPUT BEGIN === 1/10 Checking commit 4ad540cb003f (target/arm: report ARMv8-A FP support for AArch32 -cpu max) 2/10 Checking commit 33d10d39bd1e (hw/ssi/xilinx_spips: Convert lqspi_read() to read_with_attrs) 3/10 Checking commit 28dc994a8771 (hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory) 4/10 Checking commit 521dcfc62131 (hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[]) 5/10 Checking commit d4bfee6403a6 (hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO) 6/10 Checking commit 08594d9831b4 (hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO) 7/10 Checking commit 93d58455baf6 (hw/arm/virt: Fix non-secure flash mode) 8/10 Checking commit 6d7051773f27 (pl031: Correctly migrate state when using -rtc clock=host) ERROR: spaces required around that '*' (ctx:VxV) #158: FILE: hw/timer/pl031.c:300: + .subsections = (const VMStateDescription*[]) { ^ total: 1 errors, 0 warnings, 146 lines checked Patch 8/10 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 9/10 Checking commit a30b1dad815c (target/arm: Set VFP-related MVFR0 fields for arm926 and arm1026) 10/10 Checking commit 374fdb936ee9 (target/arm: NS BusFault on vector table fetch escalates to NS HardFault) === OUTPUT END === Test command exited with code: 1 The full log is available at http://patchew.org/logs/20190715134211.23063-1-peter.maydell@linaro.org/testing.checkpatch/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-devel@redhat.com ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2019-07-15 13:42 Peter Maydell 2019-07-15 14:18 ` Peter Maydell 2019-07-15 17:03 ` no-reply @ 2019-07-16 8:55 ` no-reply 2 siblings, 0 replies; 32+ messages in thread From: no-reply @ 2019-07-16 8:55 UTC (permalink / raw) To: peter.maydell; +Cc: qemu-devel Patchew URL: https://patchew.org/QEMU/20190715134211.23063-1-peter.maydell@linaro.org/ Hi, This series seems to have some coding style problems. See output below for more information: Type: series Subject: [Qemu-devel] [PULL 00/10] target-arm queue Message-id: 20190715134211.23063-1-peter.maydell@linaro.org === TEST SCRIPT BEGIN === #!/bin/bash git rev-parse base > /dev/null || exit 0 git config --local diff.renamelimit 0 git config --local diff.renames True git config --local diff.algorithm histogram ./scripts/checkpatch.pl --mailback base.. === TEST SCRIPT END === From https://github.com/patchew-project/qemu * [new tag] patchew/20190715134211.23063-1-peter.maydell@linaro.org -> patchew/20190715134211.23063-1-peter.maydell@linaro.org Switched to a new branch 'test' 374fdb9 target/arm: NS BusFault on vector table fetch escalates to NS HardFault a30b1da target/arm: Set VFP-related MVFR0 fields for arm926 and arm1026 6d70517 pl031: Correctly migrate state when using -rtc clock=host 93d5845 hw/arm/virt: Fix non-secure flash mode 08594d9 hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO d4bfee6 hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO 521dcfc hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[] 28dc994 hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory 33d10d3 hw/ssi/xilinx_spips: Convert lqspi_read() to read_with_attrs 4ad540c target/arm: report ARMv8-A FP support for AArch32 -cpu max === OUTPUT BEGIN === 1/10 Checking commit 4ad540cb003f (target/arm: report ARMv8-A FP support for AArch32 -cpu max) 2/10 Checking commit 33d10d39bd1e (hw/ssi/xilinx_spips: Convert lqspi_read() to read_with_attrs) 3/10 Checking commit 28dc994a8771 (hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory) 4/10 Checking commit 521dcfc62131 (hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[]) 5/10 Checking commit d4bfee6403a6 (hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO) 6/10 Checking commit 08594d9831b4 (hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO) 7/10 Checking commit 93d58455baf6 (hw/arm/virt: Fix non-secure flash mode) 8/10 Checking commit 6d7051773f27 (pl031: Correctly migrate state when using -rtc clock=host) ERROR: spaces required around that '*' (ctx:VxV) #158: FILE: hw/timer/pl031.c:300: + .subsections = (const VMStateDescription*[]) { ^ total: 1 errors, 0 warnings, 146 lines checked Patch 8/10 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 9/10 Checking commit a30b1dad815c (target/arm: Set VFP-related MVFR0 fields for arm926 and arm1026) 10/10 Checking commit 374fdb936ee9 (target/arm: NS BusFault on vector table fetch escalates to NS HardFault) === OUTPUT END === Test command exited with code: 1 The full log is available at http://patchew.org/logs/20190715134211.23063-1-peter.maydell@linaro.org/testing.checkpatch/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-devel@redhat.com ^ permalink raw reply [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 00/10] target-arm queue @ 2018-11-19 15:57 Peter Maydell 2018-11-19 18:10 ` Peter Maydell 0 siblings, 1 reply; 32+ messages in thread From: Peter Maydell @ 2018-11-19 15:57 UTC (permalink / raw) To: qemu-devel Some Arm bugfixes for rc2... thanks -- PMM The following changes since commit e6ebbd46b6e539f3613136111977721d212c2812: Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2018-11-19 14:31:48 +0000) are available in the Git repository at: https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181119 for you to fetch changes up to a00d7f2048c2a1a6a4487ac195c804c78adcf60e: MAINTAINERS: list myself as maintainer for various Arm boards (2018-11-19 15:55:11 +0000) ---------------------------------------------------------------- target-arm queue: * various MAINTAINERS file updates * hw/block/onenand: use qemu_log_mask() for reporting * hw/block/onenand: Fix off-by-one error allowing out-of-bounds read on the n800 and n810 machine models * target/arm: fix smc incorrectly trapping to EL3 when secure is off * hw/arm/stm32f205: Fix the UART and Timer region size * target/arm: read ID registers for KVM guests so they can be used to gate "is feature X present" checks ---------------------------------------------------------------- Luc Michel (1): target/arm: fix smc incorrectly trapping to EL3 when secure is off Peter Maydell (3): hw/block/onenand: Fix off-by-one error allowing out-of-bounds read hw/block/onenand: use qemu_log_mask() for reporting MAINTAINERS: list myself as maintainer for various Arm boards Richard Henderson (4): target/arm: Install ARMISARegisters from kvm host target/arm: Fill in ARMISARegisters for kvm64 target/arm: Introduce read_sys_reg32 for kvm32 target/arm: Fill in ARMISARegisters for kvm32 Seth Kintigh (1): hw/arm/stm32f205: Fix the UART and Timer region size Thomas Huth (1): MAINTAINERS: Add entries for missing ARM boards target/arm/kvm_arm.h | 1 + hw/block/onenand.c | 24 +++++----- hw/char/stm32f2xx_usart.c | 2 +- hw/timer/stm32f2xx_timer.c | 2 +- target/arm/kvm.c | 1 + target/arm/kvm32.c | 77 ++++++++++++++++++++------------ target/arm/kvm64.c | 90 +++++++++++++++++++++++++++++++++++++- target/arm/op_helper.c | 54 +++++++++++++++++++---- MAINTAINERS | 106 +++++++++++++++++++++++++++++++++++++++------ 9 files changed, 293 insertions(+), 64 deletions(-) ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2018-11-19 15:57 Peter Maydell @ 2018-11-19 18:10 ` Peter Maydell 0 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2018-11-19 18:10 UTC (permalink / raw) To: QEMU Developers On 19 November 2018 at 15:57, Peter Maydell <peter.maydell@linaro.org> wrote: > Some Arm bugfixes for rc2... > > thanks > -- PMM > > The following changes since commit e6ebbd46b6e539f3613136111977721d212c2812: > > Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2018-11-19 14:31:48 +0000) > > are available in the Git repository at: > > https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20181119 > > for you to fetch changes up to a00d7f2048c2a1a6a4487ac195c804c78adcf60e: > > MAINTAINERS: list myself as maintainer for various Arm boards (2018-11-19 15:55:11 +0000) > > ---------------------------------------------------------------- > target-arm queue: > * various MAINTAINERS file updates > * hw/block/onenand: use qemu_log_mask() for reporting > * hw/block/onenand: Fix off-by-one error allowing out-of-bounds read > on the n800 and n810 machine models > * target/arm: fix smc incorrectly trapping to EL3 when secure is off > * hw/arm/stm32f205: Fix the UART and Timer region size > * target/arm: read ID registers for KVM guests so they can be > used to gate "is feature X present" checks > > ---------------------------------------------------------------- Applied, thanks. -- PMM ^ permalink raw reply [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 00/10] target-arm queue @ 2015-03-11 14:18 Peter Maydell 2015-03-11 18:21 ` Peter Maydell 0 siblings, 1 reply; 32+ messages in thread From: Peter Maydell @ 2015-03-11 14:18 UTC (permalink / raw) To: qemu-devel target-arm queue: mostly bug fixes, but also the Netduino 2 machine model. I'm letting that in (even though it's nearly hardfreeze) since a new board model isn't going to impact other existing uses, and the patches were posted well before softfreeze deadline. -- PMM The following changes since commit 48412371415a260d00fc7fdcdb400da55f268828: Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging (2015-03-11 11:12:35 +0000) are available in the git repository at: git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20150311 for you to fetch changes up to 4f9950520a115acf9c0a209f0befa45758ad0215: bitops.h: sextract64() return type should be int64_t, not uint64_t (2015-03-11 13:21:06 +0000) ---------------------------------------------------------------- target-arm queue: * fix a bug in bitops.h * implement SD card support on integratorcp * add a missing 'compatible' property for Cortex-A57 * add Netduino 2 machine model * fix command line parsing bug for CPU options with multiple CPUs ---------------------------------------------------------------- Alistair Francis (5): stm32f2xx_timer: Add the stm32f2xx Timer stm32f2xx_USART: Add the stm32f2xx USART Controller stm32f2xx_SYSCFG: Add the stm32f2xx SYSCFG stm32f205: Add the stm32f205 SoC netduino2: Add the Netduino 2 Machine Ard Biesheuvel (1): hw/arm/virt: fix cmdline parsing bug with CPU options and smp > 1 Jan Kiszka (2): integrator/cp: Model CP control registers as sysbus device integrator/cp: Implement CARDIN and WPROT signals Peter Maydell (1): bitops.h: sextract64() return type should be int64_t, not uint64_t Ryota Ozaki (1): target-arm: Add missing compatible property to A57 default-configs/arm-softmmu.mak | 4 + hw/arm/Makefile.objs | 2 + hw/arm/integratorcp.c | 95 +++++++++-- hw/arm/netduino2.c | 57 +++++++ hw/arm/stm32f205_soc.c | 160 ++++++++++++++++++ hw/arm/virt.c | 4 +- hw/char/Makefile.objs | 1 + hw/char/stm32f2xx_usart.c | 229 ++++++++++++++++++++++++++ hw/misc/Makefile.objs | 1 + hw/misc/stm32f2xx_syscfg.c | 160 ++++++++++++++++++ hw/timer/Makefile.objs | 2 + hw/timer/stm32f2xx_timer.c | 328 +++++++++++++++++++++++++++++++++++++ include/hw/arm/stm32f205_soc.h | 57 +++++++ include/hw/char/stm32f2xx_usart.h | 73 +++++++++ include/hw/misc/stm32f2xx_syscfg.h | 61 +++++++ include/hw/timer/stm32f2xx_timer.h | 101 ++++++++++++ include/qemu/bitops.h | 2 +- target-arm/cpu64.c | 1 + 18 files changed, 1323 insertions(+), 15 deletions(-) create mode 100644 hw/arm/netduino2.c create mode 100644 hw/arm/stm32f205_soc.c create mode 100644 hw/char/stm32f2xx_usart.c create mode 100644 hw/misc/stm32f2xx_syscfg.c create mode 100644 hw/timer/stm32f2xx_timer.c create mode 100644 include/hw/arm/stm32f205_soc.h create mode 100644 include/hw/char/stm32f2xx_usart.h create mode 100644 include/hw/misc/stm32f2xx_syscfg.h create mode 100644 include/hw/timer/stm32f2xx_timer.h ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2015-03-11 14:18 Peter Maydell @ 2015-03-11 18:21 ` Peter Maydell 0 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2015-03-11 18:21 UTC (permalink / raw) To: QEMU Developers On 11 March 2015 at 14:18, Peter Maydell <peter.maydell@linaro.org> wrote: > target-arm queue: mostly bug fixes, but also the Netduino 2 > machine model. I'm letting that in (even though it's nearly > hardfreeze) since a new board model isn't going to impact > other existing uses, and the patches were posted well before > softfreeze deadline. Applied, thanks. PS: if you see "unknown device" failures in make check, this is a bug in our makefile/dependency generation stuff (currently being worked on). The workaround is to rm $BUILD_TREE/*/config-devices.mak -- PMM ^ permalink raw reply [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 00/10] target-arm queue @ 2014-05-01 14:54 Peter Maydell 2014-05-02 11:11 ` Peter Maydell 2014-05-04 18:30 ` Richard W.M. Jones 0 siblings, 2 replies; 32+ messages in thread From: Peter Maydell @ 2014-05-01 14:54 UTC (permalink / raw) To: Anthony Liguori; +Cc: qemu-devel Nothing earthshattering here, but it does have the patch which actually lets us boot an emulated AArch64 CPU on a board... thanks -- PMM The following changes since commit 051b9980b99dbfba22ea5f79bd3708d513ae121d: Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-6' into staging (2014-05-01 14:17:33 +0100) are available in the git repository at: git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140501 for you to fetch changes up to f42c5c8ec8aa0e15583487ffee62964830751623: hw/arm/virt: Add support for Cortex-A57 (2014-05-01 15:25:52 +0100) ---------------------------------------------------------------- target-arm queue: * implement XScale cache lockdown cp15 ops * fix v7M CPUID base register * implement WFE and YIELD as yields for A64 * fix A64 "BLR LR" * support Cortex-A57 in virt machine model * a few other minor AArch64 bugfixes ---------------------------------------------------------------- Edgar E. Iglesias (4): target-arm: Make vbar_write 64bit friendly on 32bit hosts target-arm: A64: Handle blr lr target-arm: A64: Fix a typo when declaring TLBI ops target-arm: Correct a comment refering to EL0 Peter Maydell (4): target-arm: Implement XScale cache lockdown operations as NOPs hw/arm/virt: Create the GIC ourselves rather than (ab)using a15mpcore_priv hw/arm/virt: Put GIC register banks on 64K boundaries hw/arm/virt: Add support for Cortex-A57 Rabin Vincent (1): armv7m_nvic: fix CPUID Base Register Rob Herring (1): target-arm: implement WFE/YIELD as a yield for AArch64 hw/arm/virt.c | 93 ++++++++++++++++++++++++++++++---------------- hw/intc/armv7m_nvic.c | 2 +- target-arm/helper.c | 41 +++++++++++++------- target-arm/op_helper.c | 2 +- target-arm/translate-a64.c | 9 ++++- 5 files changed, 99 insertions(+), 48 deletions(-) ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2014-05-01 14:54 Peter Maydell @ 2014-05-02 11:11 ` Peter Maydell 2014-05-04 18:30 ` Richard W.M. Jones 1 sibling, 0 replies; 32+ messages in thread From: Peter Maydell @ 2014-05-02 11:11 UTC (permalink / raw) To: Anthony Liguori; +Cc: QEMU Developers On 1 May 2014 15:54, Peter Maydell <peter.maydell@linaro.org> wrote: > Nothing earthshattering here, but it does have the patch which > actually lets us boot an emulated AArch64 CPU on a board... > > thanks > -- PMM > > The following changes since commit 051b9980b99dbfba22ea5f79bd3708d513ae121d: > > Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-6' into staging (2014-05-01 14:17:33 +0100) > > are available in the git repository at: > > > git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20140501 > > for you to fetch changes up to f42c5c8ec8aa0e15583487ffee62964830751623: > > hw/arm/virt: Add support for Cortex-A57 (2014-05-01 15:25:52 +0100) Applied, thanks. -- PMM ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2014-05-01 14:54 Peter Maydell 2014-05-02 11:11 ` Peter Maydell @ 2014-05-04 18:30 ` Richard W.M. Jones 2014-05-04 18:48 ` Peter Maydell 1 sibling, 1 reply; 32+ messages in thread From: Richard W.M. Jones @ 2014-05-04 18:30 UTC (permalink / raw) To: Peter Maydell; +Cc: qemu-devel, Anthony Liguori On Thu, May 01, 2014 at 03:54:57PM +0100, Peter Maydell wrote: > Nothing earthshattering here, but it does have the patch which > actually lets us boot an emulated AArch64 CPU on a board... Hi Peter, I have real aarch64 hardware, and I'm trying to find a version of qemu-system-aarch64 which will boot a KVM guest in some form. Upstream qemu fails with a bizarre thread-local storage problem (yes, I've patched glibc to fix the makecontext problem). Is there a qemu tree I should be looking at? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2014-05-04 18:30 ` Richard W.M. Jones @ 2014-05-04 18:48 ` Peter Maydell 2014-05-04 18:58 ` Richard W.M. Jones 2014-05-04 19:29 ` Richard W.M. Jones 0 siblings, 2 replies; 32+ messages in thread From: Peter Maydell @ 2014-05-04 18:48 UTC (permalink / raw) To: Richard W.M. Jones; +Cc: QEMU Developers, Anthony Liguori On 4 May 2014 19:30, Richard W.M. Jones <rjones@redhat.com> wrote: > I have real aarch64 hardware, and I'm trying to find a version of > qemu-system-aarch64 which will boot a KVM guest in some form. > > Upstream qemu fails with a bizarre thread-local storage problem (yes, > I've patched glibc to fix the makecontext problem). > > Is there a qemu tree I should be looking at? Upstream is it. I haven't been testing it for a while though; it's possible it bitrotted while I wasn't looking. thanks -- PMM ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2014-05-04 18:48 ` Peter Maydell @ 2014-05-04 18:58 ` Richard W.M. Jones 2014-05-04 19:36 ` Peter Maydell 2014-05-04 19:29 ` Richard W.M. Jones 1 sibling, 1 reply; 32+ messages in thread From: Richard W.M. Jones @ 2014-05-04 18:58 UTC (permalink / raw) To: Peter Maydell; +Cc: QEMU Developers, Anthony Liguori On Sun, May 04, 2014 at 07:48:38PM +0100, Peter Maydell wrote: > On 4 May 2014 19:30, Richard W.M. Jones <rjones@redhat.com> wrote: > > I have real aarch64 hardware, and I'm trying to find a version of > > qemu-system-aarch64 which will boot a KVM guest in some form. > > > > Upstream qemu fails with a bizarre thread-local storage problem (yes, > > I've patched glibc to fix the makecontext problem). > > > > Is there a qemu tree I should be looking at? > > Upstream is it. I haven't been testing it for a while though; it's possible > it bitrotted while I wasn't looking. OK, it might be a kernel problem then. This was the issue I was having before: /home/rjones/d/qemu/aarch64-softmmu/qemu-system-aarch64 \ -global virtio-blk-device.scsi=off \ -nodefconfig \ -enable-fips \ -nodefaults \ -display none \ -M virt \ -machine accel=kvm:tcg \ -m 500 \ -no-reboot \ -rtc driftfix=slew \ -global kvm-pit.lost_tick_policy=discard \ -kernel /home/rjones/d/libguestfs/tmp/.guestfs-1000/appliance.d/kernel \ -initrd /home/rjones/d/libguestfs/tmp/.guestfs-1000/appliance.d/initrd \ -device virtio-scsi-device,id=scsi \ -drive file=/home/rjones/d/libguestfs/tmp/libguestfsHRi4Tt/scratch.1,cache=unsafe,format=raw,id=hd0,if=none \ -device scsi-hd,drive=hd0 \ -drive file=/home/rjones/d/libguestfs/tmp/.guestfs-1000/appliance.d/root,snapshot=on,id=appliance,cache=unsafe,if=none \ -device scsi-hd,drive=appliance \ -device virtio-serial-device \ -serial stdio \ -chardev socket,path=/home/rjones/d/libguestfs/tmp/libguestfsHRi4Tt/guestfsd.sock,id=channel0 \ -device virtserialport,chardev=channel0,name=org.libguestfs.channel.0 \ -append 'panic=1 console=ttyS0 udevtimeout=600 no_timer_check acpi=off printk.time=1 cgroup_disable=memory root=/dev/sdb selinux=0 guestfs_verbose=1 TERM=screen' Could not access KVM kernel module: Permission denied failed to initialize KVM: Permission denied Back to tcg accelerator. libguestfs: error: appliance closed the connection unexpectedly, see earlier error messages libguestfs: child_cleanup: 0x3b5a1770: child process died libguestfs: sending SIGTERM to process 12438 libguestfs: error: /home/rjones/d/qemu/aarch64-softmmu/qemu-system-aarch64 killed by signal 11 (Segmentation fault), see debug messages above The stack trace in qemu when the segfault occurs is: Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000002aae2f17394 in cpu_arm_exec (env=0x3ff8401eed0, env@entry=0x2ab1c978440) at /home/rjones/d/qemu/cpu-exec.c:241 241 current_cpu = cpu; (gdb) print tls__current_cpu Cannot find thread-local storage for LWP 12922, executable file /home/rjones/d/qemu/aarch64-softmmu/qemu-system-aarch64: TLS not supported on this target ... and ^^^ that's the part that makes no sense to me. TLS must surely be supported, so there must be something odd about the compile-time environment. Linux ***.redhat.com 3.13.0-0.rc7.31.***.aarch64.debug #1 SMP Fri May 2 16:55:22 EDT 2014 aarch64 aarch64 aarch64 GNU/Linux glibc-2.19.90-11.fc21.aarch64 gcc-4.9.0-1.fc21.aarch64 Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/ ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2014-05-04 18:58 ` Richard W.M. Jones @ 2014-05-04 19:36 ` Peter Maydell 2014-05-04 19:45 ` Richard W.M. Jones 0 siblings, 1 reply; 32+ messages in thread From: Peter Maydell @ 2014-05-04 19:36 UTC (permalink / raw) To: Richard W.M. Jones; +Cc: QEMU Developers, Anthony Liguori On 4 May 2014 19:58, Richard W.M. Jones <rjones@redhat.com> wrote: > On Sun, May 04, 2014 at 07:48:38PM +0100, Peter Maydell wrote: >> On 4 May 2014 19:30, Richard W.M. Jones <rjones@redhat.com> wrote: >> > I have real aarch64 hardware, and I'm trying to find a version of >> > qemu-system-aarch64 which will boot a KVM guest in some form. >> > >> > Upstream qemu fails with a bizarre thread-local storage problem (yes, >> > I've patched glibc to fix the makecontext problem). >> > >> > Is there a qemu tree I should be looking at? >> >> Upstream is it. I haven't been testing it for a while though; it's possible >> it bitrotted while I wasn't looking. > > OK, it might be a kernel problem then. > > This was the issue I was having before: > > /home/rjones/d/qemu/aarch64-softmmu/qemu-system-aarch64 \ > -global virtio-blk-device.scsi=off \ > -nodefconfig \ > -enable-fips \ > -nodefaults \ > -display none \ > -M virt \ > -machine accel=kvm:tcg \ > -m 500 \ > -no-reboot \ > -rtc driftfix=slew \ > -global kvm-pit.lost_tick_policy=discard \ > -kernel /home/rjones/d/libguestfs/tmp/.guestfs-1000/appliance.d/kernel \ > -initrd /home/rjones/d/libguestfs/tmp/.guestfs-1000/appliance.d/initrd \ > -device virtio-scsi-device,id=scsi \ > -drive file=/home/rjones/d/libguestfs/tmp/libguestfsHRi4Tt/scratch.1,cache=unsafe,format=raw,id=hd0,if=none \ > -device scsi-hd,drive=hd0 \ > -drive file=/home/rjones/d/libguestfs/tmp/.guestfs-1000/appliance.d/root,snapshot=on,id=appliance,cache=unsafe,if=none \ > -device scsi-hd,drive=appliance \ > -device virtio-serial-device \ > -serial stdio \ > -chardev socket,path=/home/rjones/d/libguestfs/tmp/libguestfsHRi4Tt/guestfsd.sock,id=channel0 \ > -device virtserialport,chardev=channel0,name=org.libguestfs.channel.0 \ > -append 'panic=1 console=ttyS0 udevtimeout=600 no_timer_check acpi=off printk.time=1 cgroup_disable=memory root=/dev/sdb selinux=0 guestfs_verbose=1 TERM=screen' > Could not access KVM kernel module: Permission denied > failed to initialize KVM: Permission denied > Back to tcg accelerator. OK, so you have a kernel (possibly just kernel config) problem here -- this means QEMU got EPERM trying to open /dev/kvm. This isn't going to work for aarch64 at the moment because: * KVM aarch64 currently requires '-cpu host' * '-cpu host' is a KVM only thing that won't work with TCG If you don't enable KVM we don't put 'host' in the CPU list so usually the TCG code can't see it -- however "use KVM but have the init fail" is a path I hadn't considered for getting into TCG with -cpu host. Does this happen if you start with accel=tcg so we're using TCG all the way through? You can also ignore all this in favour of just figuring out why your kernel didn't let us open /dev/kvm... PS: I didn't see a "-cpu something" in your command line; I forget what the default is but it's probably not what you want. > libguestfs: error: appliance closed the connection unexpectedly, see earlier error messages > libguestfs: child_cleanup: 0x3b5a1770: child process died > libguestfs: sending SIGTERM to process 12438 > libguestfs: error: /home/rjones/d/qemu/aarch64-softmmu/qemu-system-aarch64 killed by signal 11 (Segmentation fault), see debug messages above > > The stack trace in qemu when the segfault occurs is: > > Program terminated with signal SIGSEGV, Segmentation fault. > #0 0x000002aae2f17394 in cpu_arm_exec (env=0x3ff8401eed0, > env@entry=0x2ab1c978440) at /home/rjones/d/qemu/cpu-exec.c:241 > 241 current_cpu = cpu; > > (gdb) print tls__current_cpu > Cannot find thread-local storage for LWP 12922, executable file /home/rjones/d/qemu/aarch64-softmmu/qemu-system-aarch64: > TLS not supported on this target > > ... and ^^^ that's the part that makes no sense to me. TLS must > surely be supported, so there must be something odd about the > compile-time environment. I think that message is gdb saying that it doesn't support TLS, not that the target architecture doesn't support TLS. How ancient is your gdb? Google suggests that TLS support went into the aarch64 target somewhat after the initial architecture support (though still a year or so ago, so I would have expected it to get in...) thanks -- PMM ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2014-05-04 19:36 ` Peter Maydell @ 2014-05-04 19:45 ` Richard W.M. Jones 2014-05-04 19:55 ` Peter Maydell 0 siblings, 1 reply; 32+ messages in thread From: Richard W.M. Jones @ 2014-05-04 19:45 UTC (permalink / raw) To: Peter Maydell; +Cc: QEMU Developers, Anthony Liguori On Sun, May 04, 2014 at 08:36:20PM +0100, Peter Maydell wrote: > OK, so you have a kernel (possibly just kernel config) problem > here -- this means QEMU got EPERM trying to open /dev/kvm. Yes for some reason it was 0600. I set it to 0666. > This isn't going to work for aarch64 at the moment because: > * KVM aarch64 currently requires '-cpu host' OK -- I will play with libguestfs to make sure it passes this flag, and try again. Currently waiting for the host (which has panicked again) to be rebooted manually. Thanks again, Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/ ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2014-05-04 19:45 ` Richard W.M. Jones @ 2014-05-04 19:55 ` Peter Maydell 0 siblings, 0 replies; 32+ messages in thread From: Peter Maydell @ 2014-05-04 19:55 UTC (permalink / raw) To: Richard W.M. Jones; +Cc: QEMU Developers, Anthony Liguori On 4 May 2014 20:45, Richard W.M. Jones <rjones@redhat.com> wrote: > On Sun, May 04, 2014 at 08:36:20PM +0100, Peter Maydell wrote: >> OK, so you have a kernel (possibly just kernel config) problem >> here -- this means QEMU got EPERM trying to open /dev/kvm. > > Yes for some reason it was 0600. I set it to 0666. > >> This isn't going to work for aarch64 at the moment because: >> * KVM aarch64 currently requires '-cpu host' > > OK -- I will play with libguestfs to make sure it passes this flag, > and try again. It should in theory be possible to get -cpu cortex-a57 to work (though I haven't tried it so it's likely missing something trivial); however that will only work if your host CPU is actually a Cortex-A57. For any other host you'll need -cpu host. > Currently waiting for the host (which has panicked > again) to be rebooted manually. If your host has panicked that's a kernel bug :-) (or possibly a hardware bug if you're unlucky). If it does so reproducibly when you prod it with QEMU then you should probably retest with a recent kernel and report it to the kvm-arm mailing list. thanks -- PMM ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2014-05-04 18:48 ` Peter Maydell 2014-05-04 18:58 ` Richard W.M. Jones @ 2014-05-04 19:29 ` Richard W.M. Jones 1 sibling, 0 replies; 32+ messages in thread From: Richard W.M. Jones @ 2014-05-04 19:29 UTC (permalink / raw) To: Peter Maydell; +Cc: QEMU Developers, Anthony Liguori I think this problem comes from my environment adding -fPIE. In any case, without that flag it doesn't crash in qemu (it kernel panics instead ..) Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org ^ permalink raw reply [flat|nested] 32+ messages in thread
* [Qemu-devel] [PULL 00/10] target-arm queue @ 2011-12-13 18:30 Peter Maydell 2011-12-14 20:41 ` andrzej zaborowski 0 siblings, 1 reply; 32+ messages in thread From: Peter Maydell @ 2011-12-13 18:30 UTC (permalink / raw) To: Anthony Liguori; +Cc: Paul Brook, qemu-devel Current target-arm pending patches; mostly these are Andreas' inference series, plus one from Jean-Christophe that's been waiting since before the 1.0 release. Please pull. -- PMM The following changes since commit da5361cc685c004d8bb4e7c5e7b3a52c7aca2c56: ccid: make threads joinable (2011-12-12 17:06:22 -0600) are available in the git repository at: git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.for-upstream Andreas Färber (9): target-arm: Infer ARMv4T feature from ARMv5 target-arm: Infer ARMv5 feature from ARMv6 target-arm: Infer ARMv6 feature from v6K target-arm: Infer ARMv6(K) feature from ARMv7 target-arm: Infer AUXCR feature from ARMv6 target-arm: Infer Thumb2 feature from ARMv7 target-arm: Infer Thumb division feature from M profile target-arm: Infer VFP feature from VFPv3 target-arm: Infer VFPv3 feature from VFPv4 Jean-Christophe DUBOIS (1): arm: Fix CP15 FSR (C5) domain setting target-arm/helper.c | 95 ++++++++++++++++++++++---------------------------- 1 files changed, 42 insertions(+), 53 deletions(-) ^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [Qemu-devel] [PULL 00/10] target-arm queue 2011-12-13 18:30 Peter Maydell @ 2011-12-14 20:41 ` andrzej zaborowski 0 siblings, 0 replies; 32+ messages in thread From: andrzej zaborowski @ 2011-12-14 20:41 UTC (permalink / raw) To: Peter Maydell; +Cc: Anthony Liguori, Paul Brook, qemu-devel On 13 December 2011 19:30, Peter Maydell <peter.maydell@linaro.org> wrote: > Current target-arm pending patches; mostly these are Andreas' > inference series, plus one from Jean-Christophe that's been > waiting since before the 1.0 release. > > Please pull. Thanks, pulled (and pushed) Cheers ^ permalink raw reply [flat|nested] 32+ messages in thread
end of thread, other threads:[~2019-07-16 8:56 UTC | newest] Thread overview: 32+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-03-23 18:49 [Qemu-devel] [PULL 00/10] target-arm queue Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 01/10] arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 02/10] sdhci: fix incorrect use of Error * Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 03/10] hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 04/10] hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 05/10] i.MX: Support serial RS-232 break properly Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 06/10] mach-virt: Set VM's SMBIOS system version to mc->name Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 07/10] target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 08/10] target/arm: Factor out code to calculate FSR for debug exceptions Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 09/10] target/arm: Set FSR for BKPT, BRK when raising exception Peter Maydell 2018-03-23 18:49 ` [Qemu-devel] [PULL 10/10] target/arm: Always set FAR to a known unknown value for debug exceptions Peter Maydell 2018-03-23 21:45 ` [Qemu-devel] [PULL 00/10] target-arm queue no-reply 2018-03-25 15:04 ` Peter Maydell -- strict thread matches above, loose matches on Subject: below -- 2019-07-15 13:42 Peter Maydell 2019-07-15 14:18 ` Peter Maydell 2019-07-15 17:03 ` no-reply 2019-07-16 8:55 ` no-reply 2018-11-19 15:57 Peter Maydell 2018-11-19 18:10 ` Peter Maydell 2015-03-11 14:18 Peter Maydell 2015-03-11 18:21 ` Peter Maydell 2014-05-01 14:54 Peter Maydell 2014-05-02 11:11 ` Peter Maydell 2014-05-04 18:30 ` Richard W.M. Jones 2014-05-04 18:48 ` Peter Maydell 2014-05-04 18:58 ` Richard W.M. Jones 2014-05-04 19:36 ` Peter Maydell 2014-05-04 19:45 ` Richard W.M. Jones 2014-05-04 19:55 ` Peter Maydell 2014-05-04 19:29 ` Richard W.M. Jones 2011-12-13 18:30 Peter Maydell 2011-12-14 20:41 ` andrzej zaborowski
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.