* [Qemu-devel] [PATCH 1/3] target-arm: Don't use cpu_single_env in bank_number()
2012-01-05 16:44 [Qemu-devel] [PULL 0/3] target-arm queue Peter Maydell
@ 2012-01-05 16:44 ` Peter Maydell
2012-01-05 16:44 ` [Qemu-devel] [PATCH 2/3] target-arm: Ignore attempts to set invalid modes in CPSR Peter Maydell
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2012-01-05 16:44 UTC (permalink / raw)
To: Andrzej Zaborowski; +Cc: Anthony Liguori, Paul Brook, qemu-devel
Avoid using cpu_single_env in bank_number() -- if we were
called via the gdb stub reading or writing the CPSR then
it is NULL and we will segfault if we take the cpu_abort().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/helper.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 65f4fbf..5b994d5 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -642,7 +642,7 @@ uint32_t HELPER(get_r13_banked)(CPUState *env, uint32_t mode)
extern int semihosting_enabled;
/* Map CPU modes onto saved register banks. */
-static inline int bank_number (int mode)
+static inline int bank_number(CPUState *env, int mode)
{
switch (mode) {
case ARM_CPU_MODE_USR:
@@ -659,7 +659,7 @@ static inline int bank_number (int mode)
case ARM_CPU_MODE_FIQ:
return 5;
}
- cpu_abort(cpu_single_env, "Bad mode %x\n", mode);
+ cpu_abort(env, "Bad mode %x\n", mode);
return -1;
}
@@ -680,12 +680,12 @@ void switch_mode(CPUState *env, int mode)
memcpy (env->regs + 8, env->fiq_regs, 5 * sizeof(uint32_t));
}
- i = bank_number(old_mode);
+ i = bank_number(env, old_mode);
env->banked_r13[i] = env->regs[13];
env->banked_r14[i] = env->regs[14];
env->banked_spsr[i] = env->spsr;
- i = bank_number(mode);
+ i = bank_number(env, mode);
env->regs[13] = env->banked_r13[i];
env->regs[14] = env->banked_r14[i];
env->spsr = env->banked_spsr[i];
@@ -2125,7 +2125,7 @@ void HELPER(set_r13_banked)(CPUState *env, uint32_t mode, uint32_t val)
if ((env->uncached_cpsr & CPSR_M) == mode) {
env->regs[13] = val;
} else {
- env->banked_r13[bank_number(mode)] = val;
+ env->banked_r13[bank_number(env, mode)] = val;
}
}
@@ -2134,7 +2134,7 @@ uint32_t HELPER(get_r13_banked)(CPUState *env, uint32_t mode)
if ((env->uncached_cpsr & CPSR_M) == mode) {
return env->regs[13];
} else {
- return env->banked_r13[bank_number(mode)];
+ return env->banked_r13[bank_number(env, mode)];
}
}
--
1.7.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Qemu-devel] [PATCH 2/3] target-arm: Ignore attempts to set invalid modes in CPSR
2012-01-05 16:44 [Qemu-devel] [PULL 0/3] target-arm queue Peter Maydell
2012-01-05 16:44 ` [Qemu-devel] [PATCH 1/3] target-arm: Don't use cpu_single_env in bank_number() Peter Maydell
@ 2012-01-05 16:44 ` Peter Maydell
2012-01-05 16:44 ` [Qemu-devel] [PATCH 3/3] arm: add dummy A9-specific cp15 registers Peter Maydell
2012-01-07 21:24 ` [Qemu-devel] [PULL 0/3] target-arm queue Aurelien Jarno
3 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2012-01-05 16:44 UTC (permalink / raw)
To: Andrzej Zaborowski; +Cc: Anthony Liguori, Paul Brook, qemu-devel
Ignore attempts to set the CPSR mode field to an invalid value.
This is UNPREDICTABLE, but we should not cpu_abort() for things
a malicious guest (or a confused user on the gdbstub interface)
can provoke.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/helper.c | 30 +++++++++++++++++++++++++++++-
1 files changed, 29 insertions(+), 1 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 5b994d5..261d547 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -463,6 +463,26 @@ void cpu_arm_close(CPUARMState *env)
g_free(env);
}
+static int bad_mode_switch(CPUState *env, int mode)
+{
+ /* Return true if it is not valid for us to switch to
+ * this CPU mode (ie all the UNPREDICTABLE cases in
+ * the ARM ARM CPSRWriteByInstr pseudocode).
+ */
+ switch (mode) {
+ case ARM_CPU_MODE_USR:
+ case ARM_CPU_MODE_SYS:
+ case ARM_CPU_MODE_SVC:
+ case ARM_CPU_MODE_ABT:
+ case ARM_CPU_MODE_UND:
+ case ARM_CPU_MODE_IRQ:
+ case ARM_CPU_MODE_FIQ:
+ return 0;
+ default:
+ return 1;
+ }
+}
+
uint32_t cpsr_read(CPUARMState *env)
{
int ZF;
@@ -499,7 +519,15 @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t mask)
}
if ((env->uncached_cpsr ^ val) & mask & CPSR_M) {
- switch_mode(env, val & CPSR_M);
+ if (bad_mode_switch(env, val & CPSR_M)) {
+ /* Attempt to switch to an invalid mode: this is UNPREDICTABLE.
+ * We choose to ignore the attempt and leave the CPSR M field
+ * untouched.
+ */
+ mask &= ~CPSR_M;
+ } else {
+ switch_mode(env, val & CPSR_M);
+ }
}
mask &= ~CACHED_CPSR_BITS;
env->uncached_cpsr = (env->uncached_cpsr & ~mask) | (val & mask);
--
1.7.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Qemu-devel] [PATCH 3/3] arm: add dummy A9-specific cp15 registers
2012-01-05 16:44 [Qemu-devel] [PULL 0/3] target-arm queue Peter Maydell
2012-01-05 16:44 ` [Qemu-devel] [PATCH 1/3] target-arm: Don't use cpu_single_env in bank_number() Peter Maydell
2012-01-05 16:44 ` [Qemu-devel] [PATCH 2/3] target-arm: Ignore attempts to set invalid modes in CPSR Peter Maydell
@ 2012-01-05 16:44 ` Peter Maydell
2012-01-07 21:24 ` [Qemu-devel] [PULL 0/3] target-arm queue Aurelien Jarno
3 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2012-01-05 16:44 UTC (permalink / raw)
To: Andrzej Zaborowski; +Cc: Anthony Liguori, Paul Brook, qemu-devel
From: Mark Langsdorf <mark.langsdorf@calxeda.com>
Add dummy register support for the cp15, CRn=c15 registers.
config_base_register and power_control_register currently
default to 0, but may have improved support after the QOM
CPU patches are finished.
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target-arm/cpu.h | 6 +++++-
target-arm/helper.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
target-arm/machine.c | 6 ++++++
3 files changed, 59 insertions(+), 1 deletions(-)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index c4d742f..26b4981 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -149,6 +149,10 @@ typedef struct CPUARMState {
uint32_t c15_i_max; /* Maximum D-cache dirty line index. */
uint32_t c15_i_min; /* Minimum D-cache dirty line index. */
uint32_t c15_threadid; /* TI debugger thread-ID. */
+ uint32_t c15_config_base_address; /* SCU base address. */
+ uint32_t c15_diagnostic; /* diagnostic register */
+ uint32_t c15_power_diagnostic;
+ uint32_t c15_power_control; /* power control */
} cp15;
struct {
@@ -448,7 +452,7 @@ void cpu_arm_set_cp_io(CPUARMState *env, int cpnum,
#define cpu_signal_handler cpu_arm_signal_handler
#define cpu_list arm_cpu_list
-#define CPU_SAVE_VERSION 4
+#define CPU_SAVE_VERSION 5
/* MMU modes definitions */
#define MMU_MODE0_SUFFIX _kernel
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 261d547..fa42c64 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1796,6 +1796,20 @@ void HELPER(set_cp15)(CPUState *env, uint32_t insn, uint32_t val)
goto bad_reg;
}
}
+ if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
+ switch (crm) {
+ case 0:
+ if ((op1 == 0) && (op2 == 0)) {
+ env->cp15.c15_power_control = val;
+ } else if ((op1 == 0) && (op2 == 1)) {
+ env->cp15.c15_diagnostic = val;
+ } else if ((op1 == 0) && (op2 == 2)) {
+ env->cp15.c15_power_diagnostic = val;
+ }
+ default:
+ break;
+ }
+ }
break;
}
return;
@@ -2139,6 +2153,40 @@ uint32_t HELPER(get_cp15)(CPUState *env, uint32_t insn)
* 0x200 << ($rn & 0xfff), when MMU is off. */
goto bad_reg;
}
+ if (ARM_CPUID(env) == ARM_CPUID_CORTEXA9) {
+ switch (crm) {
+ case 0:
+ if ((op1 == 4) && (op2 == 0)) {
+ /* The config_base_address should hold the value of
+ * the peripheral base. ARM should get this from a CPU
+ * object property, but that support isn't available in
+ * December 2011. Default to 0 for now and board models
+ * that care can set it by a private hook */
+ return env->cp15.c15_config_base_address;
+ } else if ((op1 == 0) && (op2 == 0)) {
+ /* power_control should be set to maximum latency. Again,
+ default to 0 and set by private hook */
+ return env->cp15.c15_power_control;
+ } else if ((op1 == 0) && (op2 == 1)) {
+ return env->cp15.c15_diagnostic;
+ } else if ((op1 == 0) && (op2 == 2)) {
+ return env->cp15.c15_power_diagnostic;
+ }
+ break;
+ case 1: /* NEON Busy */
+ return 0;
+ case 5: /* tlb lockdown */
+ case 6:
+ case 7:
+ if ((op1 == 5) && (op2 == 2)) {
+ return 0;
+ }
+ break;
+ default:
+ break;
+ }
+ goto bad_reg;
+ }
return 0;
}
bad_reg:
diff --git a/target-arm/machine.c b/target-arm/machine.c
index aaee9b9..8984775 100644
--- a/target-arm/machine.c
+++ b/target-arm/machine.c
@@ -56,6 +56,9 @@ void cpu_save(QEMUFile *f, void *opaque)
qemu_put_be32(f, env->cp15.c13_tls2);
qemu_put_be32(f, env->cp15.c13_tls3);
qemu_put_be32(f, env->cp15.c15_cpar);
+ qemu_put_be32(f, env->cp15.c15_power_control);
+ qemu_put_be32(f, env->cp15.c15_diagnostic);
+ qemu_put_be32(f, env->cp15.c15_power_diagnostic);
qemu_put_be32(f, env->features);
@@ -170,6 +173,9 @@ int cpu_load(QEMUFile *f, void *opaque, int version_id)
env->cp15.c13_tls2 = qemu_get_be32(f);
env->cp15.c13_tls3 = qemu_get_be32(f);
env->cp15.c15_cpar = qemu_get_be32(f);
+ env->cp15.c15_power_control = qemu_get_be32(f);
+ env->cp15.c15_diagnostic = qemu_get_be32(f);
+ env->cp15.c15_power_diagnostic = qemu_get_be32(f);
env->features = qemu_get_be32(f);
--
1.7.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PULL 0/3] target-arm queue
2012-01-05 16:44 [Qemu-devel] [PULL 0/3] target-arm queue Peter Maydell
` (2 preceding siblings ...)
2012-01-05 16:44 ` [Qemu-devel] [PATCH 3/3] arm: add dummy A9-specific cp15 registers Peter Maydell
@ 2012-01-07 21:24 ` Aurelien Jarno
3 siblings, 0 replies; 5+ messages in thread
From: Aurelien Jarno @ 2012-01-07 21:24 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel
On Thu, Jan 05, 2012 at 04:44:31PM +0000, Peter Maydell wrote:
> Pending target-arm patches; not very many, but seems better to
> commit them now, since there might be further trustzone related
> patches that would have to sit on top of these. Please pull.
>
> The following changes since commit c47f3223658119219bbe0b8d09da733d1c06e76f:
>
> Merge remote-tracking branch 'pmaydell/arm-devs.for-upstream' into staging (2012-01-04 10:06:25 -0600)
>
> are available in the git repository at:
>
> git://git.linaro.org/people/pmaydell/qemu-arm.git target-arm.for-upstream
>
> Mark Langsdorf (1):
> arm: add dummy A9-specific cp15 registers
>
> Peter Maydell (2):
> target-arm: Don't use cpu_single_env in bank_number()
> target-arm: Ignore attempts to set invalid modes in CPSR
>
> target-arm/cpu.h | 6 +++-
> target-arm/helper.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++----
> target-arm/machine.c | 6 +++
> 3 files changed, 94 insertions(+), 8 deletions(-)
>
>
Thanks, pulled.
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurelien@aurel32.net http://www.aurel32.net
^ permalink raw reply [flat|nested] 5+ messages in thread